From 805b768535580c5f0ecb0bad16951b91c6bb0662 Mon Sep 17 00:00:00 2001 From: Packit Bot Date: May 05 2021 22:21:33 +0000 Subject: Prepare for a new update Reverting patches so we can apply the latest update and changes can be seen in the spec file and sources. --- diff --git a/60kerberos.ldif b/60kerberos.ldif deleted file mode 100644 index cc77b83..0000000 --- a/60kerberos.ldif +++ /dev/null @@ -1,540 +0,0 @@ -# This is a variation on kerberos.ldif which 389 Directory Server will like. -dn: cn=schema -# Novell Kerberos Schema Definitions -# Novell Inc. -# 1800 South Novell Place -# Provo, UT 84606 -# -# VeRsIoN=1.0 -# CoPyRiGhT=(c) Copyright 2006, Novell, Inc. All rights reserved -# -# OIDs: -# joint-iso-ccitt(2) -# country(16) -# us(840) -# organization(1) -# Novell(113719) -# applications(1) -# kerberos(301) -# Kerberos Attribute Type(4) attr# version# -# specific attribute definitions -# Kerberos Attribute Syntax(5) -# specific syntax definitions -# Kerberos Object Class(6) class# version# -# specific class definitions -# -# iso(1) -# member-body(2) -# United States(840) -# mit (113554) -# infosys(1) -# ldap(4) -# attributeTypes(1) -# Kerberos(6) -######################################################################## -######################################################################## -# Attribute Type Definitions # -######################################################################## -##### This is the principal name in the RFC 1964 specified format -attributetypes: ( 2.16.840.1.113719.1.301.4.1.1 - NAME 'krbPrincipalName' - EQUALITY caseExactIA5Match - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -##### If there are multiple krbPrincipalName values for an entry, this -##### is the canonical principal name in the RFC 1964 specified -##### format. (If this attribute does not exist, then all -##### krbPrincipalName values are treated as canonical.) -attributetypes: ( 1.2.840.113554.1.4.1.6.1 - NAME 'krbCanonicalName' - EQUALITY caseExactIA5Match - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) -##### This specifies the type of the principal, the types could be any of -##### the types mentioned in section 6.2 of RFC 4120 -attributetypes: ( 2.16.840.1.113719.1.301.4.3.1 - NAME 'krbPrincipalType' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### This flag is used to find whether directory User Password has to be used -##### as kerberos password. -##### TRUE, if User Password is to be used as the kerberos password. -##### FALSE, if User Password and the kerberos password are different. -attributetypes: ( 2.16.840.1.113719.1.301.4.5.1 - NAME 'krbUPEnabled' - DESC 'Boolean' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) -##### The time at which the principal expires -attributetypes: ( 2.16.840.1.113719.1.301.4.6.1 - NAME 'krbPrincipalExpiration' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -##### The krbTicketFlags attribute holds information about the kerberos flags for a principal -##### The values (0x00000001 - 0x00800000) are reserved for standards and -##### values (0x01000000 - 0x80000000) can be used for proprietary extensions. -##### The flags and values as per RFC 4120 and MIT implementation are, -##### DISALLOW_POSTDATED 0x00000001 -##### DISALLOW_FORWARDABLE 0x00000002 -##### DISALLOW_TGT_BASED 0x00000004 -##### DISALLOW_RENEWABLE 0x00000008 -##### DISALLOW_PROXIABLE 0x00000010 -##### DISALLOW_DUP_SKEY 0x00000020 -##### DISALLOW_ALL_TIX 0x00000040 -##### REQUIRES_PRE_AUTH 0x00000080 -##### REQUIRES_HW_AUTH 0x00000100 -##### REQUIRES_PWCHANGE 0x00000200 -##### DISALLOW_SVR 0x00001000 -##### PWCHANGE_SERVICE 0x00002000 -attributetypes: ( 2.16.840.1.113719.1.301.4.8.1 - NAME 'krbTicketFlags' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### The maximum ticket lifetime for a principal in seconds -attributetypes: ( 2.16.840.1.113719.1.301.4.9.1 - NAME 'krbMaxTicketLife' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Maximum renewable lifetime for a principal's ticket in seconds -attributetypes: ( 2.16.840.1.113719.1.301.4.10.1 - NAME 'krbMaxRenewableAge' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Forward reference to the Realm object. -##### (FDN of the krbRealmContainer object). -##### Example: cn=ACME.COM, cn=Kerberos, cn=Security -attributetypes: ( 2.16.840.1.113719.1.301.4.14.1 - NAME 'krbRealmReferences' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### List of LDAP servers that kerberos servers can contact. -##### The attribute holds data in the ldap uri format, -##### Example: ldaps://acme.com:636 -##### -##### The values of this attribute need to be updated, when -##### the LDAP servers listed here are renamed, moved or deleted. -attributetypes: ( 2.16.840.1.113719.1.301.4.15.1 - NAME 'krbLdapServers' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -##### A set of forward references to the KDC Service objects. -##### (FDNs of the krbKdcService objects). -##### Example: cn=kdc - server 1, ou=uvw, o=xyz -attributetypes: ( 2.16.840.1.113719.1.301.4.17.1 - NAME 'krbKdcServers' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### A set of forward references to the Password Service objects. -##### (FDNs of the krbPwdService objects). -##### Example: cn=kpasswdd - server 1, ou=uvw, o=xyz -attributetypes: ( 2.16.840.1.113719.1.301.4.18.1 - NAME 'krbPwdServers' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### This attribute holds the Host Name or the ip address, -##### transport protocol and ports of the kerberos service host -##### The format is host_name-or-ip_address#protocol#port -##### Protocol can be 0 or 1. 0 is for UDP. 1 is for TCP. -attributetypes: ( 2.16.840.1.113719.1.301.4.24.1 - NAME 'krbHostServer' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -##### This attribute holds the scope for searching the principals -##### under krbSubTree attribute of krbRealmContainer -##### The value can either be 1 (ONE) or 2 (SUB_TREE). -attributetypes: ( 2.16.840.1.113719.1.301.4.25.1 - NAME 'krbSearchScope' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### FDNs pointing to Kerberos principals -attributetypes: ( 2.16.840.1.113719.1.301.4.26.1 - NAME 'krbPrincipalReferences' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### This attribute specifies which attribute of the user objects -##### be used as the principal name component for Kerberos. -##### The allowed values are cn, sn, uid, givenname, fullname. -attributetypes: ( 2.16.840.1.113719.1.301.4.28.1 - NAME 'krbPrincNamingAttr' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) -##### A set of forward references to the Administration Service objects. -##### (FDNs of the krbAdmService objects). -##### Example: cn=kadmindd - server 1, ou=uvw, o=xyz -attributetypes: ( 2.16.840.1.113719.1.301.4.29.1 - NAME 'krbAdmServers' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### Maximum lifetime of a principal's password -attributetypes: ( 2.16.840.1.113719.1.301.4.30.1 - NAME 'krbMaxPwdLife' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Minimum lifetime of a principal's password -attributetypes: ( 2.16.840.1.113719.1.301.4.31.1 - NAME 'krbMinPwdLife' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Minimum number of character clases allowed in a password -attributetypes: ( 2.16.840.1.113719.1.301.4.32.1 - NAME 'krbPwdMinDiffChars' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Minimum length of the password -attributetypes: ( 2.16.840.1.113719.1.301.4.33.1 - NAME 'krbPwdMinLength' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Number of previous versions of passwords that are stored -attributetypes: ( 2.16.840.1.113719.1.301.4.34.1 - NAME 'krbPwdHistoryLength' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Number of consecutive pre-authentication failures before lockout -attributetypes: ( 1.3.6.1.4.1.5322.21.2.1 - NAME 'krbPwdMaxFailure' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Period after which bad preauthentication count will be reset -attributetypes: ( 1.3.6.1.4.1.5322.21.2.2 - NAME 'krbPwdFailureCountInterval' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Period in which lockout is enforced -attributetypes: ( 1.3.6.1.4.1.5322.21.2.3 - NAME 'krbPwdLockoutDuration' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Policy attribute flags -attributetypes: ( 1.2.840.113554.1.4.1.6.2 - NAME 'krbPwdAttributes' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Policy maximum ticket lifetime -attributetypes: ( 1.2.840.113554.1.4.1.6.3 - NAME 'krbPwdMaxLife' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Policy maximum ticket renewable lifetime -attributetypes: ( 1.2.840.113554.1.4.1.6.4 - NAME 'krbPwdMaxRenewableLife' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### Allowed enctype:salttype combinations for key changes -attributetypes: ( 1.2.840.113554.1.4.1.6.5 - NAME 'krbPwdAllowedKeysalts' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) -##### FDN pointing to a Kerberos Password Policy object -attributetypes: ( 2.16.840.1.113719.1.301.4.36.1 - NAME 'krbPwdPolicyReference' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 - SINGLE-VALUE ) -##### The time at which the principal's password expires -attributetypes: ( 2.16.840.1.113719.1.301.4.37.1 - NAME 'krbPasswordExpiration' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -##### This attribute holds the principal's key (krbPrincipalKey) that is encrypted with -##### the master key (krbMKey). -##### The attribute is ASN.1 encoded. -##### -##### The format of the value for this attribute is explained below, -##### KrbKeySet ::= SEQUENCE { -##### attribute-major-vno [0] UInt16, -##### attribute-minor-vno [1] UInt16, -##### kvno [2] UInt32, -##### mkvno [3] UInt32 OPTIONAL, -##### keys [4] SEQUENCE OF KrbKey, -##### ... -##### } -##### -##### KrbKey ::= SEQUENCE { -##### salt [0] KrbSalt OPTIONAL, -##### key [1] EncryptionKey, -##### s2kparams [2] OCTET STRING OPTIONAL, -##### ... -##### } -##### -##### KrbSalt ::= SEQUENCE { -##### type [0] Int32, -##### salt [1] OCTET STRING OPTIONAL -##### } -##### -##### EncryptionKey ::= SEQUENCE { -##### keytype [0] Int32, -##### keyvalue [1] OCTET STRING -##### } -attributetypes: ( 2.16.840.1.113719.1.301.4.39.1 - NAME 'krbPrincipalKey' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -##### FDN pointing to a Kerberos Ticket Policy object. -attributetypes: ( 2.16.840.1.113719.1.301.4.40.1 - NAME 'krbTicketPolicyReference' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 - SINGLE-VALUE ) -##### Forward reference to an entry that starts sub-trees -##### where principals and other kerberos objects in the realm are configured. -##### Example: ou=acme, ou=pq, o=xyz -attributetypes: ( 2.16.840.1.113719.1.301.4.41.1 - NAME 'krbSubTrees' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### Holds the default encryption/salt type combinations of principals for -##### the Realm. Stores in the form of key:salt strings. -##### Example: aes256-cts-hmac-sha384-192:normal -attributetypes: ( 2.16.840.1.113719.1.301.4.42.1 - NAME 'krbDefaultEncSaltTypes' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -##### Holds the Supported encryption/salt type combinations of principals for -##### the Realm. Stores in the form of key:salt strings. -##### The supported encryption types are mentioned in RFC 3961 -##### The supported salt types are, -##### NORMAL -##### V4 -##### NOREALM -##### ONLYREALM -##### SPECIAL -##### AFS3 -##### Example: aes256-cts-hmac-sha384-192:normal -##### -##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes -##### attributes. -attributetypes: ( 2.16.840.1.113719.1.301.4.43.1 - NAME 'krbSupportedEncSaltTypes' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -##### This attribute holds the principal's old keys (krbPwdHistory) that is encrypted with -##### the kadmin/history key. -##### The attribute is ASN.1 encoded. -##### -##### The format of the value for this attribute is explained below, -##### KrbKeySet ::= SEQUENCE { -##### attribute-major-vno [0] UInt16, -##### attribute-minor-vno [1] UInt16, -##### kvno [2] UInt32, -##### mkvno [3] UInt32 OPTIONAL -- actually kadmin/history key, -##### keys [4] SEQUENCE OF KrbKey, -##### ... -##### } -##### -##### KrbKey ::= SEQUENCE { -##### salt [0] KrbSalt OPTIONAL, -##### key [1] EncryptionKey, -##### s2kparams [2] OCTET STRING OPTIONAL, -##### ... -##### } -##### -##### KrbSalt ::= SEQUENCE { -##### type [0] Int32, -##### salt [1] OCTET STRING OPTIONAL -##### } -##### -##### EncryptionKey ::= SEQUENCE { -##### keytype [0] Int32, -##### keyvalue [1] OCTET STRING -##### } -attributetypes: ( 2.16.840.1.113719.1.301.4.44.1 - NAME 'krbPwdHistory' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -##### The time at which the principal's password last password change happened. -attributetypes: ( 2.16.840.1.113719.1.301.4.45.1 - NAME 'krbLastPwdChange' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -##### The time at which the principal was last administratively unlocked. -attributetypes: ( 1.3.6.1.4.1.5322.21.2.5 - NAME 'krbLastAdminUnlock' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -##### This attribute holds the kerberos master key. -##### This can be used to encrypt principal keys. -##### This attribute has to be secured in directory. -##### -##### This attribute is ASN.1 encoded. -##### The format of the value for this attribute is explained below, -##### KrbMKey ::= SEQUENCE { -##### kvno [0] UInt32, -##### key [1] MasterKey -##### } -##### -##### MasterKey ::= SEQUENCE { -##### keytype [0] Int32, -##### keyvalue [1] OCTET STRING -##### } -attributetypes: ( 2.16.840.1.113719.1.301.4.46.1 - NAME 'krbMKey' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -##### This stores the alternate principal names for the principal in the RFC 1961 specified format -attributetypes: ( 2.16.840.1.113719.1.301.4.47.1 - NAME 'krbPrincipalAliases' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -##### The time at which the principal's last successful authentication happened. -attributetypes: ( 2.16.840.1.113719.1.301.4.48.1 - NAME 'krbLastSuccessfulAuth' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -##### The time at which the principal's last failed authentication happened. -attributetypes: ( 2.16.840.1.113719.1.301.4.49.1 - NAME 'krbLastFailedAuth' - EQUALITY generalizedTimeMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) -##### This attribute stores the number of failed authentication attempts -##### happened for the principal since the last successful authentication. -attributetypes: ( 2.16.840.1.113719.1.301.4.50.1 - NAME 'krbLoginFailedCount' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) -##### This attribute holds the application specific data. -attributetypes: ( 2.16.840.1.113719.1.301.4.51.1 - NAME 'krbExtraData' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -##### This attributes holds references to the set of directory objects. -##### This stores the DNs of the directory objects to which the -##### principal object belongs to. -attributetypes: ( 2.16.840.1.113719.1.301.4.52.1 - NAME 'krbObjectReferences' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### This attribute holds references to a Container object where -##### the additional principal objects and stand alone principal -##### objects (krbPrincipal) can be created. -attributetypes: ( 2.16.840.1.113719.1.301.4.53.1 - NAME 'krbPrincContainerRef' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -##### A list of authentication indicator strings, one of which must be satisfied -##### to authenticate to the principal as a service. -##### FreeIPA OID: -##### joint-iso-ccitt(3) country(16) us(840) organization(1) netscape(113730) -##### ldap(3) freeipa(8) krb5(15) attributes(2) -attributetypes: ( 2.16.840.1.113730.3.8.15.2.1 - NAME 'krbPrincipalAuthInd' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) -##### A list of services to which a service principal can delegate. -attributetypes: ( 1.3.6.1.4.1.5322.21.2.4 - NAME 'krbAllowedToDelegateTo' - EQUALITY caseExactIA5Match - SUBSTR caseExactSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -######################################################################## -######################################################################## -# Object Class Definitions # -######################################################################## -#### This is a kerberos container for all the realms in a tree. -objectClasses: ( 2.16.840.1.113719.1.301.6.1.1 - NAME 'krbContainer' - SUP top - MUST ( cn ) ) -##### The krbRealmContainer is created per realm and holds realm specific data. -objectClasses: ( 2.16.840.1.113719.1.301.6.2.1 - NAME 'krbRealmContainer' - SUP top - MUST ( cn ) - MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $krbPwdPolicyReference $ krbPrincContainerRef ) ) -##### An instance of a class derived from krbService is created per -##### kerberos authentication or administration server in an realm and holds -##### references to the realm objects. These references is used to further read -##### realm specific data to service AS/TGS requests. Additionally this object -##### contains some server specific data like pathnames and ports that the -##### server uses. This is the identity the kerberos server logs in with. A key -##### pair for the same is created and the kerberos server logs in with the same. -##### -##### krbKdcService, krbAdmService and krbPwdService derive from this class. -objectClasses: ( 2.16.840.1.113719.1.301.6.3.1 - NAME 'krbService' - ABSTRACT - SUP ( top ) - MUST ( cn ) - MAY ( krbHostServer $ krbRealmReferences ) ) -##### Representative object for the KDC server to bind into a LDAP directory -##### and have a connection to access Kerberos data with the required -##### access rights. -objectClasses: ( 2.16.840.1.113719.1.301.6.4.1 - NAME 'krbKdcService' - SUP ( krbService ) ) -##### Representative object for the Kerberos Password server to bind into a LDAP directory -##### and have a connection to access Kerberos data with the required -##### access rights. -objectClasses: ( 2.16.840.1.113719.1.301.6.5.1 - NAME 'krbPwdService' - SUP ( krbService ) ) -###### The principal data auxiliary class. Holds principal information -###### and is used to store principal information for Person, Service objects. -objectClasses: ( 2.16.840.1.113719.1.301.6.8.1 - NAME 'krbPrincipalAux' - AUXILIARY - MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbLastAdminUnlock $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo $ krbPrincipalAuthInd ) ) -###### This class is used to create additional principals and stand alone principals. -objectClasses: ( 2.16.840.1.113719.1.301.6.9.1 - NAME 'krbPrincipal' - SUP ( top ) - MUST ( krbPrincipalName ) - MAY ( krbObjectReferences ) ) -###### The principal references auxiliary class. Holds all principals referred -###### from a service -objectClasses: ( 2.16.840.1.113719.1.301.6.11.1 - NAME 'krbPrincRefAux' - SUP top - AUXILIARY - MAY krbPrincipalReferences ) -##### Representative object for the Kerberos Administration server to bind into a LDAP directory -##### and have a connection Id to access Kerberos data with the required access rights. -objectClasses: ( 2.16.840.1.113719.1.301.6.13.1 - NAME 'krbAdmService' - SUP ( krbService ) ) -##### The krbPwdPolicy object is a template password policy that -##### can be applied to principals when they are created. -##### These policy attributes will be in effect, when the Kerberos -##### passwords are different from users' passwords (UP). -objectClasses: ( 2.16.840.1.113719.1.301.6.14.1 - NAME 'krbPwdPolicy' - SUP top - MUST ( cn ) - MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) ) -##### The krbTicketPolicyAux holds Kerberos ticket policy attributes. -##### This class can be attached to a principal object or realm object. -objectClasses: ( 2.16.840.1.113719.1.301.6.16.1 - NAME 'krbTicketPolicyAux' - AUXILIARY - MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) ) -##### The krbTicketPolicy object is an effective ticket policy that is associated with a realm or a principal -objectClasses: ( 2.16.840.1.113719.1.301.6.17.1 - NAME 'krbTicketPolicy' - SUP top - MUST ( cn ) ) diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 17f7146..0000000 --- a/LICENSE +++ /dev/null @@ -1,1361 +0,0 @@ -Copyright (C) 1985-2020 by the Massachusetts Institute of Technology. - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -* Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -Downloading of this software may constitute an export of cryptographic -software from the United States of America that is subject to the -United States Export Administration Regulations (EAR), 15 CFR 730-774. -Additional laws or regulations may apply. It is the responsibility of -the person or entity contemplating export to comply with all -applicable export laws and regulations, including obtaining any -required license from the U.S. government. - -The U.S. government prohibits export of encryption source code to -certain countries and individuals, including, but not limited to, the -countries of Cuba, Iran, North Korea, Sudan, Syria, and residents and -nationals of those countries. - -Documentation components of this software distribution are licensed -under a Creative Commons Attribution-ShareAlike 3.0 Unported License. -(https://creativecommons.org/licenses/by-sa/3.0/) - -Individual source code files are copyright MIT, Cygnus Support, -Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems, -FundsXpress, and others. - -Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, -and Zephyr are trademarks of the Massachusetts Institute of Technology -(MIT). No commercial use of these trademarks may be made without -prior written permission of MIT. - -"Commercial use" means use of a name in a product or other for-profit -manner. It does NOT prevent a commercial firm from referring to the -MIT trademarks in order to convey information (although in doing so, -recognition of their trademark status should be given). - -====================================================================== - -The following copyright and permission notice applies to the -OpenVision Kerberos Administration system located in "kadmin/create", -"kadmin/dbutil", "kadmin/passwd", "kadmin/server", "lib/kadm5", and -portions of "lib/rpc": - - Copyright, OpenVision Technologies, Inc., 1993-1996, All Rights - Reserved - - WARNING: Retrieving the OpenVision Kerberos Administration system - source code, as described below, indicates your acceptance of the - following terms. If you do not agree to the following terms, do - not retrieve the OpenVision Kerberos administration system. - - You may freely use and distribute the Source Code and Object Code - compiled from it, with or without modification, but this Source - Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, - INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR - FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER - EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY - FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR - CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, - WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE - CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY - OTHER REASON. - - OpenVision retains all copyrights in the donated Source Code. - OpenVision also retains copyright to derivative works of the Source - Code, whether created by OpenVision or by a third party. The - OpenVision copyright notice must be preserved if derivative works - are made based on the donated Source Code. - - OpenVision Technologies, Inc. has donated this Kerberos - Administration system to MIT for inclusion in the standard Kerberos - 5 distribution. This donation underscores our commitment to - continuing Kerberos technology development and our gratitude for - the valuable work which has been performed by MIT and the Kerberos - community. - -====================================================================== - - Portions contributed by Matt Crawford "crawdad@fnal.gov" were work - performed at Fermi National Accelerator Laboratory, which is - operated by Universities Research Association, Inc., under contract - DE-AC02-76CHO3000 with the U.S. Department of Energy. - -====================================================================== - -Portions of "src/lib/crypto" have the following copyright: - - Copyright (C) 1998 by the FundsXpress, INC. - - All rights reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization - contemplating export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of FundsXpress. not be used in advertising or publicity - pertaining to distribution of the software without specific, - written prior permission. FundsXpress makes no representations - about the suitability of this software for any purpose. It is - provided "as is" without express or implied warranty. - - THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR - IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -====================================================================== - -The implementation of the AES encryption algorithm in -"src/lib/crypto/builtin/aes" has the following copyright: - - Copyright (C) 2001, Dr Brian Gladman "brg@gladman.uk.net", - Worcester, UK. - All rights reserved. - - LICENSE TERMS - - The free distribution and use of this software in both source and - binary form is allowed (with or without changes) provided that: - - 1. distributions of this source code include the above copyright - notice, this list of conditions and the following disclaimer; - - 2. distributions in binary form include the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other associated materials; - - 3. the copyright holder's name is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explcit or implied - warranties in respect of any properties, including, but not limited - to, correctness and fitness for purpose. - -====================================================================== - -Portions contributed by Red Hat, including the pre-authentication -plug-in framework and the NSS crypto implementation, contain the -following copyright: - - Copyright (C) 2006 Red Hat, Inc. - Portions copyright (C) 2006 Massachusetts Institute of Technology - All Rights Reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - * Neither the name of Red Hat, Inc., nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - -The bundled verto source code is subject to the following license: - - Copyright 2011 Red Hat, Inc. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation - files (the "Software"), to deal in the Software without - restriction, including without limitation the rights to use, copy, - modify, merge, publish, distribute, sublicense, and/or sell copies - of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - DEALINGS IN THE SOFTWARE. - -====================================================================== - -The MS-KKDCP client implementation has the following copyright: - - Copyright 2013,2014 Red Hat, Inc. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - -The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in -"src/lib/gssapi", including the following files: - - lib/gssapi/generic/gssapi_err_generic.et - lib/gssapi/mechglue/g_accept_sec_context.c - lib/gssapi/mechglue/g_acquire_cred.c - lib/gssapi/mechglue/g_canon_name.c - lib/gssapi/mechglue/g_compare_name.c - lib/gssapi/mechglue/g_context_time.c - lib/gssapi/mechglue/g_delete_sec_context.c - lib/gssapi/mechglue/g_dsp_name.c - lib/gssapi/mechglue/g_dsp_status.c - lib/gssapi/mechglue/g_dup_name.c - lib/gssapi/mechglue/g_exp_sec_context.c - lib/gssapi/mechglue/g_export_name.c - lib/gssapi/mechglue/g_glue.c - lib/gssapi/mechglue/g_imp_name.c - lib/gssapi/mechglue/g_imp_sec_context.c - lib/gssapi/mechglue/g_init_sec_context.c - lib/gssapi/mechglue/g_initialize.c - lib/gssapi/mechglue/g_inquire_context.c - lib/gssapi/mechglue/g_inquire_cred.c - lib/gssapi/mechglue/g_inquire_names.c - lib/gssapi/mechglue/g_process_context.c - lib/gssapi/mechglue/g_rel_buffer.c - lib/gssapi/mechglue/g_rel_cred.c - lib/gssapi/mechglue/g_rel_name.c - lib/gssapi/mechglue/g_rel_oid_set.c - lib/gssapi/mechglue/g_seal.c - lib/gssapi/mechglue/g_sign.c - lib/gssapi/mechglue/g_store_cred.c - lib/gssapi/mechglue/g_unseal.c - lib/gssapi/mechglue/g_userok.c - lib/gssapi/mechglue/g_utils.c - lib/gssapi/mechglue/g_verify.c - lib/gssapi/mechglue/gssd_pname_to_uid.c - lib/gssapi/mechglue/mglueP.h - lib/gssapi/mechglue/oid_ops.c - lib/gssapi/spnego/gssapiP_spnego.h - lib/gssapi/spnego/spnego_mech.c - -and the initial implementation of incremental propagation, including -the following new or changed files: - - include/iprop_hdr.h - kadmin/server/ipropd_svc.c - lib/kdb/iprop.x - lib/kdb/kdb_convert.c - lib/kdb/kdb_log.c - lib/kdb/kdb_log.h - lib/krb5/error_tables/kdb5_err.et - kprop/kpropd_rpc.c - kprop/kproplog.c - -are subject to the following license: - - Copyright (C) 2004 Sun Microsystems, Inc. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation - files (the "Software"), to deal in the Software without - restriction, including without limitation the rights to use, copy, - modify, merge, publish, distribute, sublicense, and/or sell copies - of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - -====================================================================== - -Kerberos V5 includes documentation and software developed at the -University of California at Berkeley, which includes this copyright -notice: - - Copyright (C) 1983 Regents of the University of California. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -====================================================================== - -Portions contributed by Novell, Inc., including the LDAP database -backend, are subject to the following license: - - Copyright (C) 2004-2005, Novell, Inc. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - * The copyright holder's name is not used to endorse or promote - products derived from this software without specific prior - written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - -Portions funded by Sandia National Laboratory and developed by the -University of Michigan's Center for Information Technology -Integration, including the PKINIT implementation, are subject to the -following license: - - COPYRIGHT (C) 2006-2007 - THE REGENTS OF THE UNIVERSITY OF MICHIGAN - ALL RIGHTS RESERVED - - Permission is granted to use, copy, create derivative works and - redistribute this software and such derivative works for any - purpose, so long as the name of The University of Michigan is not - used in any advertising or publicity pertaining to the use of - distribution of this software without specific, written prior - authorization. If the above copyright notice or any other - identification of the University of Michigan is included in any - copy of any portion of this software, then the disclaimer below - must also be included. - - THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE - UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY PURPOSE, AND - WITHOUT WARRANTY BY THE UNIVERSITY OF MICHIGAN OF ANY KIND, EITHER - EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - THE REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE FOR - ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR - CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING OUT OF OR - IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF IT HAS BEEN OR - IS HEREAFTER ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -====================================================================== - -The pkcs11.h file included in the PKINIT code has the following -license: - - Copyright 2006 g10 Code GmbH - Copyright 2006 Andreas Jellinghaus - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. - -====================================================================== - -Portions contributed by Apple Inc. are subject to the following -license: - - Copyright 2004-2008 Apple Inc. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization - contemplating export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of Apple Inc. not be used in advertising or publicity - pertaining to distribution of the software without specific, - written prior permission. Apple Inc. makes no representations - about the suitability of this software for any purpose. It is - provided "as is" without express or implied warranty. - - THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR - IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -====================================================================== - -The implementations of UTF-8 string handling in src/util/support and -src/lib/krb5/unicode are subject to the following copyright and -permission notice: - - The OpenLDAP Public License - Version 2.8, 17 August 2003 - - Redistribution and use of this software and associated - documentation ("Software"), with or without modification, are - permitted provided that the following conditions are met: - - 1. Redistributions in source form must retain copyright - statements and notices, - - 2. Redistributions in binary form must reproduce applicable - copyright statements and notices, this list of conditions, and - the following disclaimer in the documentation and/or other - materials provided with the distribution, and - - 3. Redistributions must contain a verbatim copy of this - document. - - The OpenLDAP Foundation may revise this license from time to time. - Each revision is distinguished by a version number. You may use - this Software under terms of this license revision or under the - terms of any subsequent revision of the license. - - THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS - CONTRIBUTORS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS - CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - DAMAGE. - - The names of the authors and copyright holders must not be used in - advertising or otherwise to promote the sale, use or other dealing - in this Software without specific, written prior permission. Title - to copyright in this Software shall at all times remain with - copyright holders. - - OpenLDAP is a registered trademark of the OpenLDAP Foundation. - - Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, - California, USA. All Rights Reserved. Permission to copy and - distribute verbatim copies of this document is granted. - -====================================================================== - -Marked test programs in src/lib/krb5/krb have the following copyright: - - Copyright (C) 2006 Kungliga Tekniska Högskola - (Royal Institute of Technology, Stockholm, Sweden). - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of KTH nor the names of its contributors may - be used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS - CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -====================================================================== - -The KCM Mach RPC definition file used on macOS has the following -copyright: - - Copyright (C) 2009 Kungliga Tekniska Högskola - (Royal Institute of Technology, Stockholm, Sweden). - All rights reserved. - - Portions Copyright (C) 2009 Apple Inc. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of the Institute nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -====================================================================== - -Portions of the RPC implementation in src/lib/rpc and -src/include/gssrpc have the following copyright and permission notice: - - Copyright (C) 2010, Oracle America, Inc. - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of the "Oracle America, Inc." nor the names - of its contributors may be used to endorse or promote products - derived from this software without specific prior written - permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - - Copyright (C) 2006,2007,2009 NTT (Nippon Telegraph and Telephone - Corporation). All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - THIS SOFTWARE IS PROVIDED BY NTT "AS IS" AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - - Copyright 2000 by Carnegie Mellon University - - All Rights Reserved - - Permission to use, copy, modify, and distribute this software and - its documentation for any purpose and without fee is hereby - granted, provided that the above copyright notice appear in all - copies and that both that copyright notice and this permission - notice appear in supporting documentation, and that the name of - Carnegie Mellon University not be used in advertising or publicity - pertaining to distribution of the software without specific, - written prior permission. - - CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - SOFTWARE. - -====================================================================== - - Copyright (C) 2002 Naval Research Laboratory (NRL/CCS) - - Permission to use, copy, modify and distribute this software and - its documentation is hereby granted, provided that both the - copyright notice and this permission notice appear in all copies of - the software, derivative works or modified versions, and any - portions thereof. - - NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND - DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER - RESULTING FROM THE USE OF THIS SOFTWARE. - -====================================================================== - - Copyright (C) 1991, 1992, 1994 by Cygnus Support. - - Permission to use, copy, modify, and distribute this software and - its documentation for any purpose and without fee is hereby - granted, provided that the above copyright notice appear in all - copies and that both that copyright notice and this permission - notice appear in supporting documentation. Cygnus Support makes no - representations about the suitability of this software for any - purpose. It is provided "as is" without express or implied - warranty. - -====================================================================== - - Copyright (C) 2006 Secure Endpoints Inc. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation - files (the "Software"), to deal in the Software without - restriction, including without limitation the rights to use, copy, - modify, merge, publish, distribute, sublicense, and/or sell copies - of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - -====================================================================== - -Portions of the implementation of the Fortuna-like PRNG are subject to -the following notice: - - Copyright (C) 2005 Marko Kreen - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR - CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - - Copyright (C) 1994 by the University of Southern California - - EXPORT OF THIS SOFTWARE from the United States of America may - require a specific license from the United States Government. It - is the responsibility of any person or organization - contemplating export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute - this software and its documentation in source and binary forms is - hereby granted, provided that any documentation or other materials - related to such distribution or use acknowledge that the software - was developed by the University of Southern California. - - DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED "AS IS". The - University of Southern California MAKES NO REPRESENTATIONS OR - WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - limitation, the University of Southern California MAKES NO - REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY - PARTICULAR PURPOSE. The University of Southern California shall not - be held liable for any liability nor for any direct, indirect, or - consequential damages with respect to any claim by the user or - distributor of the ksu software. - -====================================================================== - - Copyright (C) 1995 - The President and Fellows of Harvard University - - This code is derived from software contributed to Harvard by Jeremy - Rassen. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. All advertising materials mentioning features or use of this - software must display the following acknowledgement: - - This product includes software developed by the University of - California, Berkeley and its contributors. - - 4. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -====================================================================== - - Copyright (C) 2008 by the Massachusetts Institute of Technology. - Copyright 1995 by Richard P. Basch. All Rights Reserved. - Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. It - is the responsibility of any person or organization - contemplating export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of Richard P. Basch, Lehman Brothers and M.I.T. not be - used in advertising or publicity pertaining to distribution of the - software without specific, written prior permission. Richard P. - Basch, Lehman Brothers and M.I.T. make no representations about the - suitability of this software for any purpose. It is provided "as - is" without express or implied warranty. - -====================================================================== - -The following notice applies to "src/lib/krb5/krb/strptime.c" and -"src/include/k5-queue.h". - - Copyright (C) 1997, 1998 The NetBSD Foundation, Inc. - All rights reserved. - - This code was contributed to The NetBSD Foundation by Klaus Klein. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. All advertising materials mentioning features or use of this - software must display the following acknowledgement: - - This product includes software developed by the NetBSD - Foundation, Inc. and its contributors. - - 4. Neither the name of The NetBSD Foundation nor the names of - its contributors may be used to endorse or promote products - derived from this software without specific prior written - permission. - - THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - DAMAGE. - -====================================================================== - -The following notice applies to Unicode library files in -"src/lib/krb5/unicode": - - Copyright 1997, 1998, 1999 Computing Research Labs, - New Mexico State University - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation - files (the "Software"), to deal in the Software without - restriction, including without limitation the rights to use, copy, - modify, merge, publish, distribute, sublicense, and/or sell copies - of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE COMPUTING RESEARCH LAB OR - NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY CLAIM, DAMAGES OR - OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR - OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE - OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -====================================================================== - -The following notice applies to "src/util/support/strlcpy.c": - - Copyright (C) 1998 Todd C. Miller "Todd.Miller@courtesan.com" - - Permission to use, copy, modify, and distribute this software for - any purpose with or without fee is hereby granted, provided that - the above copyright notice and this permission notice appear in all - copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL - WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED - WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR - CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS - OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -====================================================================== - -The following notice applies to "src/util/profile/argv_parse.c" and -"src/util/profile/argv_parse.h": - - Copyright 1999 by Theodore Ts'o. - - Permission to use, copy, modify, and distribute this software for - any purpose with or without fee is hereby granted, provided that - the above copyright notice and this permission notice appear in all - copies. THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE - AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN - NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER - RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR - IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. (Isn't - it sick that the U.S. culture of lawsuit-happy lawyers requires - this kind of disclaimer?) - -====================================================================== - -The following notice applies to SWIG-generated code in -"src/util/profile/profile_tcl.c": - - Copyright (C) 1999-2000, The University of Chicago - - This file may be freely redistributed without license or fee - provided this copyright message remains intact. - -====================================================================== - -The following notice applies to portiions of "src/lib/rpc" and -"src/include/gssrpc": - - Copyright (C) 2000 The Regents of the University of Michigan. All - rights reserved. - - Copyright (C) 2000 Dug Song "dugsong@UMICH.EDU". All rights - reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT - OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - DAMAGE. - -====================================================================== - -Implementations of the MD4 algorithm are subject to the following -notice: - - Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. - - License to copy and use this software is granted provided that it - is identified as the "RSA Data Security, Inc. MD4 Message Digest - Algorithm" in all material mentioning or referencing this software - or this function. - - License is also granted to make and use derivative works provided - that such works are identified as "derived from the RSA Data - Security, Inc. MD4 Message Digest Algorithm" in all material - mentioning or referencing the derived work. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - -====================================================================== - -Implementations of the MD5 algorithm are subject to the following -notice: - - Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. - - License to copy and use this software is granted provided that it - is identified as the "RSA Data Security, Inc. MD5 Message- Digest - Algorithm" in all material mentioning or referencing this software - or this function. - - License is also granted to make and use derivative works provided - that such works are identified as "derived from the RSA Data - Security, Inc. MD5 Message-Digest Algorithm" in all material - mentioning or referencing the derived work. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - -====================================================================== - -The following notice applies to -"src/lib/crypto/crypto_tests/t_mddriver.c": - - Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" without - express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - -====================================================================== - -Portions of "src/lib/krb5" are subject to the following notice: - - Copyright (C) 1994 CyberSAFE Corporation. - Copyright 1990,1991,2007,2008 by the Massachusetts - Institute of Technology. - All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. It - is the responsibility of any person or organization - contemplating export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of M.I.T. not be used in advertising or publicity - pertaining to distribution of the software without specific, - written prior permission. Furthermore if you modify this software - you must label your software as modified software and not - distribute it in such a fashion that it might be confused with the - original M.I.T. software. Neither M.I.T., the Open Computing - Security Group, nor CyberSAFE Corporation make any representations - about the suitability of this software for any purpose. It is - provided "as is" without express or implied warranty. - -====================================================================== - -Portions contributed by PADL Software are subject to the following -license: - - Copyright (c) 2011, PADL Software Pty Ltd. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - 2. Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - 3. Neither the name of PADL Software nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -====================================================================== - -The bundled libev source code is subject to the following license: - - All files in libev are Copyright (C)2007,2008,2009 Marc Alexander - Lehmann. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - - Alternatively, the contents of this package may be used under the - terms of the GNU General Public License ("GPL") version 2 or any - later version, in which case the provisions of the GPL are - applicable instead of the above. If you wish to allow the use of - your version of this package only under the terms of the GPL and - not to allow others to use your version of this file under the BSD - license, indicate your decision by deleting the provisions above - and replace them with the notice and other provisions required by - the GPL in this and the other files of this package. If you do not - delete the provisions above, a recipient may use your version of - this file under either the BSD or the GPL. - -====================================================================== - -Files copied from the Intel AESNI Sample Library are subject to the -following license: - - Copyright (C) 2010, Intel Corporation All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - * Neither the name of Intel Corporation nor the names of its - contributors may be used to endorse or promote products - derived from this software without specific prior written - permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - -The following notice applies to -"src/ccapi/common/win/OldCC/autolock.hxx": - - Copyright (C) 1998 by Danilo Almeida. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -====================================================================== - -The following notice applies to portions of -"src/plugins/preauth/spake/edwards25519.c" and -"src/plugins/preauth/spake/edwards25519_tables.h": - -The MIT License (MIT) - -Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS -file). - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -====================================================================== - -The following notice applies to portions of -"src/plugins/preauth/spake/edwards25519.c": - -Copyright (c) 2015-2016, Google Inc. - -Permission to use, copy, modify, and/or distribute this software for -any purpose with or without fee is hereby granted, provided that the -above copyright notice and this permission notice appear in all -copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL -WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE -AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER -TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. diff --git a/doc/admin/advanced/retiring-des.rst b/doc/admin/advanced/retiring-des.rst index cb6258d..4a964c1 100644 --- a/doc/admin/advanced/retiring-des.rst +++ b/doc/admin/advanced/retiring-des.rst @@ -10,13 +10,6 @@ ability have rendered DES vulnerable to brute force attacks on its 56-bit keyspace. As such, it is now considered insecure and should not be used (:rfc:`6649`). -In 1999, MIT krb5 added support for Triple-DES (3DES) encryption types. -However, due to weakenings of DES and other security concerns, it is now also -considered insecure and should not be used (:rfc:`8429`). AES encryption -types were added to MIT in 2003, meaning that the number of deployments with -3DES as the strongest encryption type is hopefully small. The rotation -procedure described herein works for both DES and 3DES. - History ------- @@ -34,10 +27,6 @@ and removed DES (single-DES) support in release 1.18. As a consequence, a release prior to 1.18 is required to perform these migrations. -3DES (a flagged deprecated encryption type) was also removed downstream by -rharwood@redhat.com starting in 1.18; likewise, a pre-1.18 release is required -to perform these migrations. - Types of keys ------------- diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst index cf8a125..9759756 100644 --- a/doc/admin/conf_files/kdc_conf.rst +++ b/doc/admin/conf_files/kdc_conf.rst @@ -843,6 +843,8 @@ Encryption types marked as "weak" are available for compatibility but not recommended for use. ==================================================== ========================================================= +des3-cbc-raw Triple DES cbc mode raw (weak) +des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1 aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC @@ -851,6 +853,7 @@ arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC +des3 The triple DES family: des3-cbc-sha1 aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128 rc4 The RC4 family: arcfour-hmac camellia The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac @@ -862,8 +865,8 @@ from the current list by prefixing them with a minus sign ("-"). Types or families can be prefixed with a plus sign ("+") for symmetry; it has the same meaning as just listing the type or family. For example, "``DEFAULT -rc4``" would be the default set of encryption -types with RC4 types removed, and "``aes128-sha2 DEFAULT``" would be -the default set of encryption types with aes128-sha2 moved to the +types with RC4 types removed, and "``des3 DEFAULT``" would be the +default set of encryption types with triple DES types moved to the front. While **aes128-cts** and **aes256-cts** are supported for all Kerberos diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index 315253e..1d2aa7f 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -331,12 +331,6 @@ The libdefaults section may contain any of the following relations: qualification of shortnames, set this relation to the empty string with ``qualify_shortname = ""``. (New in release 1.18.) -**radius_md5_fips_override** - Downstream-only option to enable use of MD5 in RADIUS - communication (libkrad). This allows for local (or protected - tunnel) communication with a RADIUS server that doesn't use krad - (e.g., freeradius) while in FIPS mode. - **rdns** If this flag is true, reverse name lookup will be used in addition to forward name lookup to canonicalizing hostnames for use in @@ -389,12 +383,6 @@ The libdefaults section may contain any of the following relations: credentials will fail if the client machine does not have a keytab. The default value is false. -**client_aware_channel_bindings** - If this flag is true, then all application protocol authentication - requests will be flagged to indicate that the application supports - channel bindings when operating over a secure channel. The - default value is false. - .. _realms: [realms] diff --git a/doc/admin/enctypes.rst b/doc/admin/enctypes.rst index 65b55cd..caf6d92 100644 --- a/doc/admin/enctypes.rst +++ b/doc/admin/enctypes.rst @@ -129,7 +129,7 @@ enctype weak? krb5 Windows des-cbc-crc weak <1.18 >=2000 des-cbc-md4 weak <1.18 ? des-cbc-md5 weak <1.18 >=2000 -des3-cbc-sha1 <1.18 none +des3-cbc-sha1 >=1.1 none arcfour-hmac >=1.3 >=2000 arcfour-hmac-exp weak >=1.3 >=2000 aes128-cts-hmac-sha1-96 >=1.3 >=Vista @@ -140,10 +140,7 @@ camellia128-cts-cmac >=1.9 none camellia256-cts-cmac >=1.9 none ========================== ===== ======== ======= -krb5 releases 1.8 and later disable the single-DES enctypes by -default. Microsoft Windows releases Windows 7 and later disable -single-DES enctypes by default. - -krb5 releases 1.18 and later remove single-DES and 3DES -(downstream-only patch) enctype support. Microsoft Windows never -supported 3DES. +krb5 releases 1.18 and later do not support single-DES. krb5 releases +1.8 and later disable the single-DES enctypes by default. Microsoft +Windows releases Windows 7 and later disable single-DES enctypes by +default. diff --git a/doc/admin/troubleshoot.rst b/doc/admin/troubleshoot.rst index 263fc9c..6a0c7f8 100644 --- a/doc/admin/troubleshoot.rst +++ b/doc/admin/troubleshoot.rst @@ -73,10 +73,11 @@ credential verification failed: KDC has no support for encryption type ...................................................................... This most commonly happens when trying to use a principal with only -DES/3DES keys, in a release (MIT krb5 1.7 or later) which disables DES -by default. DES encryption is considered weak due to its inadequate -key size and has been removed upstream; 3DES is not recommended, and -has been removed downstream by rharwood@redhat.com. +DES keys, in a release (MIT krb5 1.7 or later) which disables DES by +default. DES encryption is considered weak due to its inadequate key +size. If you cannot migrate away from its use, you can re-enable DES +by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` +section of :ref:`krb5.conf(5)`. .. _err_cert_chain_cert_expired: diff --git a/doc/appdev/refs/macros/index.rst b/doc/appdev/refs/macros/index.rst index 788d094..68debe7 100644 --- a/doc/appdev/refs/macros/index.rst +++ b/doc/appdev/refs/macros/index.rst @@ -36,6 +36,7 @@ Public CKSUMTYPE_HMAC_SHA1_96_AES256.rst CKSUMTYPE_HMAC_SHA256_128_AES128.rst CKSUMTYPE_HMAC_SHA384_192_AES256.rst + CKSUMTYPE_HMAC_SHA1_DES3.rst CKSUMTYPE_MD5_HMAC_ARCFOUR.rst CKSUMTYPE_NIST_SHA.rst CKSUMTYPE_RSA_MD4.rst diff --git a/doc/conf.py b/doc/conf.py index 5eeafc3..c32b288 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -272,7 +272,7 @@ else: rst_epilog += ''' .. |krb5conf| replace:: ``/etc/krb5.conf`` .. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` -.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` +.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` .. |defmkey| replace:: ``aes256-cts-hmac-sha1-96`` .. |copy| unicode:: U+000A9 ''' diff --git a/doc/formats/ccache_file_format.rst b/doc/formats/ccache_file_format.rst index 6138c1b..6349e0d 100644 --- a/doc/formats/ccache_file_format.rst +++ b/doc/formats/ccache_file_format.rst @@ -174,9 +174,3 @@ refresh_time decimal representation of a timestamp at which the GSS mechanism should attempt to refresh the credential cache from the client keytab. - -start_realm - This key indicates the realm of the ticket-granting ticket to be - used for TGS requests, when making a referrals request or - beginning a cross-realm request. If it is not present, the client - realm is used. diff --git a/doc/mitK5features.rst b/doc/mitK5features.rst index f4594ed..5d286b6 100644 --- a/doc/mitK5features.rst +++ b/doc/mitK5features.rst @@ -37,7 +37,7 @@ Database backends: LDAP, DB2, LMDB krb4 support: Kerberos 5 release < 1.8 -DES/3DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) +DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) Interoperability ---------------- diff --git a/doc/plugindev/certauth.rst b/doc/plugindev/certauth.rst index 3b715f7..8a7f7c5 100644 --- a/doc/plugindev/certauth.rst +++ b/doc/plugindev/certauth.rst @@ -15,11 +15,8 @@ principal. **authorize** receives the DER-encoded certificate, the requested client principal, and a pointer to the client's krb5_db_entry (for modules that link against libkdb5). It returns the authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket. Beginning in release -1.19, the authorize method can request that the hardware -authentication bit be set in the ticket by returning -**KRB5_CERTAUTH_HWAUTH**. A module must use its own internal or -library-provided ASN.1 certificate decoder. +indicator strings to be added to the ticket. A module must use its +own internal or library-provided ASN.1 certificate decoder. A module can optionally create and destroy module data with the **init** and **fini** methods. Module data objects last for the diff --git a/doc/user/user_commands/ksu.rst b/doc/user/user_commands/ksu.rst index 9337382..8d6c7ef 100644 --- a/doc/user/user_commands/ksu.rst +++ b/doc/user/user_commands/ksu.rst @@ -155,7 +155,7 @@ wrong password is typed in, ksu fails. .. note:: During authentication, only the tickets that could be - obtained without providing a password are cached in the + obtained without providing a password are cached in in the source cache. diff --git a/doc/user/user_commands/kvno.rst b/doc/user/user_commands/kvno.rst index 93a5132..3892f0c 100644 --- a/doc/user/user_commands/kvno.rst +++ b/doc/user/user_commands/kvno.rst @@ -9,11 +9,14 @@ SYNOPSIS **kvno** [**-c** *ccache*] [**-e** *etype*] -[**-k** *keytab*] [**-q**] -[**-u** | **-S** *sname*] +[**-h**] [**-P**] -[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*] +[**-S** *sname*] +[**-I** *for_user*] +[**-U** *for_user*] +[**-F** *cert_file*] +[**--u2u** *ccache*] *service1 service2* ... @@ -36,18 +39,13 @@ OPTIONS of all the services named on the command line. This is useful in certain backward compatibility situations. -**-k** *keytab* - Decrypt the acquired tickets using *keytab* to confirm their - validity. - **-q** Suppress printing output when successful. If a service ticket cannot be obtained, an error message will still be printed and kvno will exit with nonzero status. -**-u** - Use the unknown name type in requested service principal names. - This option Cannot be used with *-S*. +**-h** + Prints a usage statement and exits. **-P** Specifies that the *service1 service2* ... arguments are to be @@ -76,20 +74,6 @@ OPTIONS client principal with the X.509 certificate in *cert_file*. The certificate file must be in PEM format. -**--cached-only** - Only retrieve credentials already present in the cache, not from - the KDC. (Added in release 1.19.) - -**--no-store** - Do not store retrieved credentials in the cache. If - **--out-cache** is also specified, credentials will still be - stored into the output credential cache. (Added in release 1.19.) - -**--out-cache** *ccache* - Initialize *ccache* and store all retrieved credentials into it. - Do not store acquired credentials in the input cache. (Added in - release 1.19.) - **--u2u** *ccache* Requests a user-to-user ticket. *ccache* must contain a local krbtgt ticket for the server principal. The reported version diff --git a/src/Makefile.in b/src/Makefile.in index 70db82a..56c7a4e 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -130,7 +130,7 @@ WINMAKEFILES=Makefile \ lib\Makefile lib\crypto\Makefile lib\crypto\krb\Makefile \ lib\crypto\builtin\Makefile lib\crypto\builtin\aes\Makefile \ lib\crypto\builtin\enc_provider\Makefile \ - lib\crypto\builtin\md5\Makefile \ + lib\crypto\builtin\des\Makefile lib\crypto\builtin\md5\Makefile \ lib\crypto\builtin\camellia\Makefile lib\crypto\builtin\md4\Makefile \ lib\crypto\builtin\hash_provider\Makefile \ lib\crypto\builtin\sha2\Makefile lib\crypto\builtin\sha1\Makefile \ @@ -202,6 +202,8 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\enc_provider\Makefile: lib\crypto\builtin\enc_provider\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##lib\crypto\builtin\des\Makefile: lib\crypto\builtin\des\Makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\md5\Makefile: lib\crypto\builtin\md5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\builtin\camellia\Makefile: lib\crypto\builtin\camellia\Makefile.in $(MKFDEP) diff --git a/src/aclocal.m4 b/src/aclocal.m4 index c435898..2394f7e 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -89,7 +89,6 @@ AC_SUBST_FILE(libnodeps_frag) dnl KRB5_AC_PRAGMA_WEAK_REF WITH_LDAP -KRB5_WITH_SELINUX KRB5_LIB_PARAMS KRB5_AC_INITFINI KRB5_AC_ENABLE_THREADS @@ -724,7 +723,6 @@ AC_HELP_STRING([--with-netlib=LIBS], use user defined resolver library), LIBS="$LIBS $withval" AC_MSG_RESULT("netlib will use \'$withval\'") fi - KRB5_AC_ENABLE_DNS ],dnl [AC_LIBRARY_NET] )])dnl @@ -1677,119 +1675,3 @@ if test "$with_ldap" = yes; then OPENLDAP_PLUGIN=yes fi ])dnl -dnl -dnl -dnl Use PAM instead of local crypt() compare for checking local passwords, -dnl and perform PAM account, session management, and password-changing where -dnl appropriate. -dnl -AC_DEFUN(KRB5_WITH_PAM,[ -AC_ARG_WITH(pam,[AC_HELP_STRING(--with-pam,[compile with PAM support])], - withpam="$withval",withpam=auto) -AC_ARG_WITH(pam-ksu-service,[AC_HELP_STRING(--with-ksu-service,[PAM service name for ksu ["ksu"]])], - withksupamservice="$withval",withksupamservice=ksu) -old_LIBS="$LIBS" -if test "$withpam" != no ; then - AC_MSG_RESULT([checking for PAM...]) - PAM_LIBS= - - AC_CHECK_HEADERS(security/pam_appl.h) - if test "x$ac_cv_header_security_pam_appl_h" != xyes ; then - if test "$withpam" = auto ; then - AC_MSG_RESULT([Unable to locate security/pam_appl.h.]) - withpam=no - else - AC_MSG_ERROR([Unable to locate security/pam_appl.h.]) - fi - fi - - LIBS= - unset ac_cv_func_pam_start - AC_CHECK_FUNCS(putenv pam_start) - if test "x$ac_cv_func_pam_start" = xno ; then - unset ac_cv_func_pam_start - AC_CHECK_LIB(dl,dlopen) - AC_CHECK_FUNCS(pam_start) - if test "x$ac_cv_func_pam_start" = xno ; then - AC_CHECK_LIB(pam,pam_start) - unset ac_cv_func_pam_start - unset ac_cv_func_pam_getenvlist - AC_CHECK_FUNCS(pam_start pam_getenvlist) - if test "x$ac_cv_func_pam_start" = xyes ; then - PAM_LIBS="$LIBS" - else - if test "$withpam" = auto ; then - AC_MSG_RESULT([Unable to locate libpam.]) - withpam=no - else - AC_MSG_ERROR([Unable to locate libpam.]) - fi - fi - fi - fi - if test "$withpam" != no ; then - AC_MSG_NOTICE([building with PAM support]) - AC_DEFINE(USE_PAM,1,[Define if Kerberos-aware tools should support PAM]) - AC_DEFINE_UNQUOTED(KSU_PAM_SERVICE,"$withksupamservice", - [Define to the name of the PAM service name to be used by ksu.]) - PAM_LIBS="$LIBS" - NON_PAM_MAN=".\\\" " - PAM_MAN= - else - PAM_MAN=".\\\" " - NON_PAM_MAN= - fi -fi -LIBS="$old_LIBS" -AC_SUBST(PAM_LIBS) -AC_SUBST(PAM_MAN) -AC_SUBST(NON_PAM_MAN) -])dnl -dnl -dnl Use libselinux to set file contexts on newly-created files. -dnl -AC_DEFUN(KRB5_WITH_SELINUX,[ -AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])], - withselinux="$withval",withselinux=auto) -old_LIBS="$LIBS" -if test "$withselinux" != no ; then - AC_MSG_RESULT([checking for libselinux...]) - SELINUX_LIBS= - AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h) - if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then - if test "$withselinux" = auto ; then - AC_MSG_RESULT([Unable to locate selinux/selinux.h.]) - withselinux=no - else - AC_MSG_ERROR([Unable to locate selinux/selinux.h.]) - fi - fi - - LIBS= - unset ac_cv_func_setfscreatecon - AC_CHECK_FUNCS(setfscreatecon selabel_open) - if test "x$ac_cv_func_setfscreatecon" = xno ; then - AC_CHECK_LIB(selinux,setfscreatecon) - unset ac_cv_func_setfscreatecon - AC_CHECK_FUNCS(setfscreatecon selabel_open) - if test "x$ac_cv_func_setfscreatecon" = xyes ; then - SELINUX_LIBS="$LIBS" - else - if test "$withselinux" = auto ; then - AC_MSG_RESULT([Unable to locate libselinux.]) - withselinux=no - else - AC_MSG_ERROR([Unable to locate libselinux.]) - fi - fi - fi - if test "$withselinux" != no ; then - AC_MSG_NOTICE([building with SELinux labeling support]) - AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.]) - SELINUX_LIBS="$LIBS" - EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" - fi -fi -LIBS="$old_LIBS" -AC_SUBST(SELINUX_LIBS) -])dnl diff --git a/src/autom4te.cache/output.0 b/src/autom4te.cache/output.0 deleted file mode 100644 index f6de7d3..0000000 --- a/src/autom4te.cache/output.0 +++ /dev/null @@ -1,16135 +0,0 @@ -@%:@! /bin/sh -@%:@ Guess values for system-dependent variables and create Makefiles. -@%:@ Generated by GNU Autoconf 2.69 for Kerberos 5 1.18.2. -@%:@ -@%:@ Report bugs to . -@%:@ -@%:@ Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009 -@%:@ Massachusetts Institute of Technology. -@%:@ -@%:@ -@%:@ -@%:@ Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. -@%:@ -@%:@ -@%:@ This configure script is free software; the Free Software Foundation -@%:@ gives unlimited permission to copy, distribute and modify it. -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in @%:@( - *posix*) : - set -o posix ;; @%:@( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in @%:@( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in @%:@(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -# Use a proper internal environment variable to ensure we don't fall - # into an infinite loop, continuously re-executing ourselves. - if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then - _as_can_reexec=no; export _as_can_reexec; - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in @%:@ (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 - fi - # We don't want this to propagate to other subprocesses. - { _as_can_reexec=; unset _as_can_reexec;} -if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in @%:@( - *posix*) : - set -o posix ;; @%:@( - *) : - ;; -esac -fi -" - as_required="as_fn_return () { (exit \$1); } -as_fn_success () { as_fn_return 0; } -as_fn_failure () { as_fn_return 1; } -as_fn_ret_success () { return 0; } -as_fn_ret_failure () { return 1; } - -exitcode=0 -as_fn_success || { exitcode=1; echo as_fn_success failed.; } -as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } -as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } -as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : - -else - exitcode=1; echo positional parameters were not saved. -fi -test x\$exitcode = x0 || exit 1 -test -x / || exit 1" - as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO - as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO - eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && - test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 -test \$(( 1 + 1 )) = 2 || exit 1" - if (eval "$as_required") 2>/dev/null; then : - as_have_required=yes -else - as_have_required=no -fi - if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : - -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_found=false -for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - as_found=: - case $as_dir in @%:@( - /*) - for as_base in sh bash ksh sh5; do - # Try only shells that exist, to save several forks. - as_shell=$as_dir/$as_base - if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : - CONFIG_SHELL=$as_shell as_have_required=yes - if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : - break 2 -fi -fi - done;; - esac - as_found=false -done -$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : - CONFIG_SHELL=$SHELL as_have_required=yes -fi; } -IFS=$as_save_IFS - - - if test "x$CONFIG_SHELL" != x; then : - export CONFIG_SHELL - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in @%:@ (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -exit 255 -fi - - if test x$as_have_required = xno; then : - $as_echo "$0: This script requires a shell more modern than all" - $as_echo "$0: the shells that I found on your system." - if test x${ZSH_VERSION+set} = xset ; then - $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" - $as_echo "$0: be upgraded to zsh 4.3.4 or later." - else - $as_echo "$0: Please tell bug-autoconf@gnu.org and krb5-bugs@mit.edu -$0: about your system, including any error possibly output -$0: before this message. Then install a modern shell, or -$0: manually run the script under such a shell if you do -$0: have one." - fi - exit 1 -fi -fi -fi -SHELL=${CONFIG_SHELL-/bin/sh} -export SHELL -# Unset more variables known to interfere with behavior of common tools. -CLICOLOR_FORCE= GREP_OPTIONS= -unset CLICOLOR_FORCE GREP_OPTIONS - -## --------------------- ## -## M4sh Shell Functions. ## -## --------------------- ## -@%:@ as_fn_unset VAR -@%:@ --------------- -@%:@ Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset - -@%:@ as_fn_set_status STATUS -@%:@ ----------------------- -@%:@ Set @S|@? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} @%:@ as_fn_set_status - -@%:@ as_fn_exit STATUS -@%:@ ----------------- -@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} @%:@ as_fn_exit - -@%:@ as_fn_mkdir_p -@%:@ ------------- -@%:@ Create "@S|@as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} @%:@ as_fn_mkdir_p - -@%:@ as_fn_executable_p FILE -@%:@ ----------------------- -@%:@ Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} @%:@ as_fn_executable_p -@%:@ as_fn_append VAR VALUE -@%:@ ---------------------- -@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take -@%:@ advantage of any shell optimizations that allow amortized linear growth over -@%:@ repeated appends, instead of the typical quadratic growth present in naive -@%:@ implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -@%:@ as_fn_arith ARG... -@%:@ ------------------ -@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the -@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments -@%:@ must be portable across @S|@(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD] -@%:@ ---------------------------------------- -@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are -@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the -@%:@ script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} @%:@ as_fn_error - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - - - as_lineno_1=$LINENO as_lineno_1a=$LINENO - as_lineno_2=$LINENO as_lineno_2a=$LINENO - eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && - test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { - # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } - - # If we had to re-execute with $CONFIG_SHELL, we're ensured to have - # already done that, so ensure we don't try to do so again and fall - # in an infinite loop. This has already happened in practice. - _as_can_reexec=no; export _as_can_reexec - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in @%:@((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -test -n "$DJDIR" || exec 7<&0 &1 - -# Name of the host. -# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, -# so uname gets run too. -ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` - -# -# Initializations. -# -ac_default_prefix=/usr/local -ac_clean_files= -ac_config_libobj_dir=. -LIB@&t@OBJS= -cross_compiling=no -subdirs= -MFLAGS= -MAKEFLAGS= - -# Identity of this package. -PACKAGE_NAME='Kerberos 5' -PACKAGE_TARNAME='krb5' -PACKAGE_VERSION='1.18.2' -PACKAGE_STRING='Kerberos 5 1.18.2' -PACKAGE_BUGREPORT='krb5-bugs@mit.edu' -PACKAGE_URL='' - -ac_unique_file="aclocal.m4" -# Factoring default headers for most tests. -ac_includes_default="\ -#include -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef STDC_HEADERS -# include -# include -#else -# ifdef HAVE_STDLIB_H -# include -# endif -#endif -#ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include -# endif -# include -#endif -#ifdef HAVE_STRINGS_H -# include -#endif -#ifdef HAVE_INTTYPES_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#ifdef HAVE_UNISTD_H -# include -#endif" - -ac_subst_vars='LTLIBOBJS -DEFCKTNAME -DEFKTNAME -DEFCCNAME -OSX -NON_PAM_MAN -PAM_MAN -PAM_LIBS -GROFF -VERTO_VERSION -VERTO_LIBS -VERTO_CFLAGS -RL_LIBS -RL_CFLAGS -LIBEDIT_LIBS -LIBEDIT_CFLAGS -lmdb_plugin_dir -LMDB_LIBS -HAVE_LMDB -sam2_plugin -LDAP -ldap_plugin_dir -HAVE_SASL -LDAP_LIBS -SUPPORTLIB_MAJOR -DB_EXTRA_LIBS -HAVE_RESOLV_WRAPPER -CMOCKA_LIBS -HAVE_CMOCKA -HAVE_PYTHON -PYTHON -PYTHON_MINVERSION -HAVE_RUNTEST -LIB@&t@OBJS -PKINIT -PASS -GSSRPC__BSD_TYPEALIASES -GSSRPC__NETDB_H -GSSRPC__SYS_PARAM_H -GSSRPC__UNISTD_H -GSSRPC__SYS_TIME_H -GSSRPC__SYS_SELECT_H -rpcent_define -include_xom -RUNTEST -PRIOCNTL_HACK -DO_ALL -EXPECT -S_TOP -RBUILD -DO_TEST -have_PERL -have_RUNTEST -YFLAGS -YACC -NSLOOKUP -DIG -FCTSH -BASH -SH5 -SH -DO_TCL -KRB5_RCTMPDIR -SIZEOF_TIME_T -SETENVOBJ -KSU_LIBS -EXTRA_SUPPORT_SYMS -GETTIMEOFDAY_ST_OBJ -GETTIMEOFDAY_OBJ -MKSTEMP_ST_OBJ -MKSTEMP_OBJ -LEXLIB -LEX_OUTPUT_ROOT -LEX -ASAN -ASAN_FLAGS -KRB5_RUN_VARS -KRB5_RUN_ENV -AESNI_FLAGS -AESNI_OBJ -YASM -SPAKE_OPENSSL_LIBS -HAVE_SPAKE_OPENSSL -TLS_IMPL_LIBS -TLS_IMPL_CFLAGS -TLS_IMPL -PRNG_ALG -CRYPTO_IMPL_LIBS -CRYPTO_IMPL_CFLAGS -CRYPTO_IMPL -audit_plugin -AUDIT_IMPL_LIBS -AWK -SECURE_GETENV_INIT -SECURE_GETENV_ST_OBJ -SECURE_GETENV_OBJ -PRINTF_ST_OBJ -PRINTF_OBJ -FNMATCH_ST_OBJ -FNMATCH_OBJ -GETOPT_LONG_ST_OBJ -GETOPT_LONG_OBJ -GETOPT_ST_OBJ -GETOPT_OBJ -STRLCPY_ST_OBJ -STRLCPY_OBJ -po -MSGFMT -LIBUTIL -PROG_RPATH_FLAGS -RPATH_FLAG -CXX_LINK -CC_LINK -GEN_LIB -UNDEF_CHECK -MAKE_DYNOBJ_COMMAND -DYNOBJEXT -LIBINSTLIST -PFLIBEXT -DEPLIBEXT -SHLIBSEXT -SHLIBVEXT -SHLIBEXT -STLIBEXT -INSTALL_SHLIB -DYNOBJ_EXPFLAGS -DYNOBJ_EXPDEPS -SHLIB_EXPORT_FILE_DEP -SHLIB_EXPFLAGS -SHLIB_RPATH_FLAGS -MAKE_SHLIB_COMMAND -KDB5_PLUGIN_LIBS -KDB5_PLUGIN_DEPLIBS -PLUGININST -PLUGINLINK -PLUGIN -LIBLINKS -LIBLIST -PERL -AR -INSTALL_DATA -INSTALL_SCRIPT -INSTALL_PROGRAM -ARADD -ARCHIVE -RANLIB -LN_S -PROFFLAGS -PICFLAGS -PFOBJEXT -SHOBJEXT -STOBJEXT -OBJLISTS -TCL_MAYBE_RPATH -TCL_RPATH -TCL_LIBPATH -TCL_LIBS -TCL_INCLUDES -PKG_CONFIG_LIBDIR -PKG_CONFIG_PATH -PKG_CONFIG -KRB5_VERSION -DL_LIB -THREAD_SUPPORT -PTHREAD_CFLAGS -PTHREAD_LIBS -PTHREAD_CC -ax_pthread_config -SED -krb5_cv_host -host_os -host_vendor -host_cpu -host -build_os -build_vendor -build_cpu -build -SELINUX_LIBS -EGREP -GREP -CONFIG_RELTOPDIR -MAINT -MAINTAINER_MODE_FALSE -MAINTAINER_MODE_TRUE -HESIOD_LIBS -HESIOD_DEFS -KDB5_DB_LIB -DB_HEADER_VERSION -DB_VERSION -DB_LIB -DB_HEADER -SS_VERSION -SS_LIB -COM_ERR_VERSION -compile_et -LD -CPP -WARN_CXXFLAGS -WARN_CFLAGS -HAVE_GCC -ac_ct_CXX -CXXFLAGS -CXX -OBJEXT -EXEEXT -ac_ct_CC -CPPFLAGS -LDFLAGS -CFLAGS -CC -EXTRA_FILES -SYSCONFCONF -runstatedir -target_alias -host_alias -build_alias -LIBS -ECHO_T -ECHO_N -ECHO_C -DEFS -mandir -localedir -libdir -psdir -pdfdir -dvidir -htmldir -infodir -docdir -oldincludedir -includedir -localstatedir -sharedstatedir -sysconfdir -datadir -datarootdir -libexecdir -sbindir -bindir -program_transform_name -prefix -exec_prefix -PACKAGE_URL -PACKAGE_BUGREPORT -PACKAGE_STRING -PACKAGE_VERSION -PACKAGE_TARNAME -PACKAGE_NAME -PATH_SEPARATOR -SHELL' -ac_subst_files='lib_frag -libobj_frag -libnover_frag -libpriv_frag -libnodeps_frag' -ac_user_opts=' -enable_option_checking -with_size_optimizations -with_system_et -with_system_ss -with_system_db -with_netlib -enable_dns_for_realm -with_hesiod -enable_maintainer_mode -with_ldap -with_selinux -enable_delayed_initialization -enable_thread_support -enable_static -enable_shared -enable_rpath -enable_profiled -with_tcl -enable_athena -enable_nls -with_vague_errors -enable_audit_plugin -with_crypto_impl -with_prng_alg -with_tls_impl -with_keyutils -with_spake_openssl -enable_aesni -enable_kdc_lookaside_cache -enable_asan -enable_pkinit -with_lmdb -with_libedit -with_readline -with_system_verto -with_pam -with_pam_ksu_service -with_krb5_config -' - ac_precious_vars='build_alias -host_alias -target_alias -CC -CFLAGS -LDFLAGS -LIBS -CPPFLAGS -CXX -CXXFLAGS -CCC -CPP -LD -SS_LIB -DB_HEADER -DB_LIB -PKG_CONFIG -PKG_CONFIG_PATH -PKG_CONFIG_LIBDIR -YACC -YFLAGS -LIBEDIT_CFLAGS -LIBEDIT_LIBS -VERTO_CFLAGS -VERTO_LIBS -DEFCCNAME -DEFKTNAME -DEFCKTNAME' - - -# Initialize some variables set by options. -ac_init_help= -ac_init_version=false -ac_unrecognized_opts= -ac_unrecognized_sep= -# The variables have the same names as the options, with -# dashes changed to underlines. -cache_file=/dev/null -exec_prefix=NONE -no_create= -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -verbose= -x_includes=NONE -x_libraries=NONE - -# Installation directory options. -# These are left unexpanded so users can "make install exec_prefix=/foo" -# and all the variables that are supposed to be based on exec_prefix -# by default will actually change. -# Use braces instead of parens because sh, perl, etc. also accept them. -# (The list follows the same order as the GNU Coding Standards.) -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datarootdir='${prefix}/share' -datadir='${datarootdir}' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -includedir='${prefix}/include' -oldincludedir='/usr/include' -docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' -infodir='${datarootdir}/info' -htmldir='${docdir}' -dvidir='${docdir}' -pdfdir='${docdir}' -psdir='${docdir}' -libdir='${exec_prefix}/lib' -localedir='${datarootdir}/locale' -mandir='${datarootdir}/man' - -ac_prev= -ac_dashdash= -for ac_option -do - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval $ac_prev=\$ac_option - ac_prev= - continue - fi - - case $ac_option in - *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *=) ac_optarg= ;; - *) ac_optarg=yes ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case $ac_dashdash$ac_option in - --) - ac_dashdash=yes ;; - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir=$ac_optarg ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build_alias ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build_alias=$ac_optarg ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file=$ac_optarg ;; - - --config-cache | -C) - cache_file=config.cache ;; - - -datadir | --datadir | --datadi | --datad) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=*) - datadir=$ac_optarg ;; - - -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ - | --dataroo | --dataro | --datar) - ac_prev=datarootdir ;; - -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ - | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) - datarootdir=$ac_optarg ;; - - -disable-* | --disable-*) - ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"enable_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval enable_$ac_useropt=no ;; - - -docdir | --docdir | --docdi | --doc | --do) - ac_prev=docdir ;; - -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) - docdir=$ac_optarg ;; - - -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) - ac_prev=dvidir ;; - -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) - dvidir=$ac_optarg ;; - - -enable-* | --enable-*) - ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"enable_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval enable_$ac_useropt=\$ac_optarg ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix=$ac_optarg ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he | -h) - ac_init_help=long ;; - -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) - ac_init_help=recursive ;; - -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) - ac_init_help=short ;; - - -host | --host | --hos | --ho) - ac_prev=host_alias ;; - -host=* | --host=* | --hos=* | --ho=*) - host_alias=$ac_optarg ;; - - -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) - ac_prev=htmldir ;; - -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ - | --ht=*) - htmldir=$ac_optarg ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir=$ac_optarg ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir=$ac_optarg ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir=$ac_optarg ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir=$ac_optarg ;; - - -localedir | --localedir | --localedi | --localed | --locale) - ac_prev=localedir ;; - -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) - localedir=$ac_optarg ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst | --locals) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) - localstatedir=$ac_optarg ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir=$ac_optarg ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c | -n) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir=$ac_optarg ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix=$ac_optarg ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix=$ac_optarg ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix=$ac_optarg ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name=$ac_optarg ;; - - -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) - ac_prev=pdfdir ;; - -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) - pdfdir=$ac_optarg ;; - - -psdir | --psdir | --psdi | --psd | --ps) - ac_prev=psdir ;; - -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) - psdir=$ac_optarg ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir=$ac_optarg ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir=$ac_optarg ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site=$ac_optarg ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir=$ac_optarg ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir=$ac_optarg ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target_alias ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target_alias=$ac_optarg ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers | -V) - ac_init_version=: ;; - - -with-* | --with-*) - ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"with_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval with_$ac_useropt=\$ac_optarg ;; - - -without-* | --without-*) - ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"with_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval with_$ac_useropt=no ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes=$ac_optarg ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries=$ac_optarg ;; - - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" - ;; - - *=*) - ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` - # Reject names that are not valid shell variable names. - case $ac_envvar in #( - '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; - esac - eval $ac_envvar=\$ac_optarg - export $ac_envvar ;; - - *) - # FIXME: should be removed in autoconf 3.0. - $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 - expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 - : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" - ;; - - esac -done - -if test -n "$ac_prev"; then - ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error $? "missing argument to $ac_option" -fi - -if test -n "$ac_unrecognized_opts"; then - case $enable_option_checking in - no) ;; - fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; - *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; - esac -fi - -# Check all directory arguments for consistency. -for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir -do - eval ac_val=\$$ac_var - # Remove trailing slashes. - case $ac_val in - */ ) - ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` - eval $ac_var=\$ac_val;; - esac - # Be sure to have absolute directory names. - case $ac_val in - [\\/$]* | ?:[\\/]* ) continue;; - NONE | '' ) case $ac_var in *prefix ) continue;; esac;; - esac - as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" -done - -# There might be people who depend on the old broken behavior: `$host' -# used to hold the argument of --host etc. -# FIXME: To remove some day. -build=$build_alias -host=$host_alias -target=$target_alias - -# FIXME: To remove some day. -if test "x$host_alias" != x; then - if test "x$build_alias" = x; then - cross_compiling=maybe - elif test "x$build_alias" != "x$host_alias"; then - cross_compiling=yes - fi -fi - -ac_tool_prefix= -test -n "$host_alias" && ac_tool_prefix=$host_alias- - -test "$silent" = yes && exec 6>/dev/null - - -ac_pwd=`pwd` && test -n "$ac_pwd" && -ac_ls_di=`ls -di .` && -ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error $? "working directory cannot be determined" -test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error $? "pwd does not report name of working directory" - - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then the parent directory. - ac_confdir=`$as_dirname -- "$as_myself" || -$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_myself" : 'X\(//\)[^/]' \| \ - X"$as_myself" : 'X\(//\)$' \| \ - X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_myself" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - srcdir=$ac_confdir - if test ! -r "$srcdir/$ac_unique_file"; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r "$srcdir/$ac_unique_file"; then - test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" -fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" -ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" - pwd)` -# When building in place, set srcdir=. -if test "$ac_abs_confdir" = "$ac_pwd"; then - srcdir=. -fi -# Remove unnecessary trailing slashes from srcdir. -# Double slashes in file names in object file debugging info -# mess up M-x gdb in Emacs. -case $srcdir in -*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; -esac -for ac_var in $ac_precious_vars; do - eval ac_env_${ac_var}_set=\${${ac_var}+set} - eval ac_env_${ac_var}_value=\$${ac_var} - eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} - eval ac_cv_env_${ac_var}_value=\$${ac_var} -done - -# -# Report the --help message. -# -if test "$ac_init_help" = "long"; then - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF -\`configure' configures Kerberos 5 1.18.2 to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - -To assign environment variables (e.g., CC, CFLAGS...), specify them as -VAR=VALUE. See below for descriptions of some of the useful variables. - -Defaults for the options are specified in brackets. - -Configuration: - -h, --help display this help and exit - --help=short display options specific to this package - --help=recursive display the short help of all the included packages - -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages - --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' - -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] - -Installation directories: - --prefix=PREFIX install architecture-independent files in PREFIX - @<:@@S|@ac_default_prefix@:>@ - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - @<:@PREFIX@:>@ - -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. - -For better control, use the options below. - -Fine tuning of the installation directories: - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] - --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] - --datadir=DIR read-only architecture-independent data [DATAROOTDIR] - --infodir=DIR info documentation [DATAROOTDIR/info] - --localedir=DIR locale-dependent data [DATAROOTDIR/locale] - --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root @<:@DATAROOTDIR/doc/krb5@:>@ - --htmldir=DIR html documentation [DOCDIR] - --dvidir=DIR dvi documentation [DOCDIR] - --pdfdir=DIR pdf documentation [DOCDIR] - --psdir=DIR ps documentation [DOCDIR] -_ACEOF - - cat <<\_ACEOF - -Program names: - --program-prefix=PREFIX prepend PREFIX to installed program names - --program-suffix=SUFFIX append SUFFIX to installed program names - --program-transform-name=PROGRAM run sed PROGRAM on installed program names - -System types: - --build=BUILD configure for building on BUILD [guessed] - --host=HOST cross-compile to build programs to run on HOST [BUILD] -_ACEOF -fi - -if test -n "$ac_init_help"; then - case $ac_init_help in - short | recursive ) echo "Configuration of Kerberos 5 1.18.2:";; - esac - cat <<\_ACEOF - -Optional Features: - --disable-option-checking ignore unrecognized --enable/--with options - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-dns-for-realm enable DNS lookups of Kerberos realm names - --enable-maintainer-mode - enable rebuilding of source files, Makefiles, etc - --disable-delayed-initialization - initialize library code when loaded @<:@delay until - first use@:>@ - --disable-thread-support - don't enable thread support @<:@enabled@:>@ - - --disable-rpath suppress run path flags in link lines - --enable-athena build with MIT Project Athena configuration - --disable-nls disable native language support - --enable-audit-plugin=IMPL - use audit plugin @<:@ do not use audit @:>@ - --disable-aesni Do not build with AES-NI support - --disable-kdc-lookaside-cache - Disable the cache which detects client retransmits - --enable-asan Build with asan memory checking - --disable-pkinit disable PKINIT plugin support - -Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-size-optimizations enable a few optimizations to reduce code size - possibly at some run-time cost - --with-system-et use system compile_et and -lcom_err @<:@default: build - and install a local version@:>@ - --with-system-ss use system -lss and mk_cmds @<:@private version@:>@ - --with-system-db use system Berkeley db @<:@private version@:>@ - --with-netlib=LIBS use user defined resolver library - --with-hesiod=path compile with hesiod support @<:@omitted@:>@ - --with-ldap compile OpenLDAP database backend module - --with-selinux compile with SELinux labeling support - --with-tcl=path where Tcl resides - --with-vague-errors Do not @<:@do@:>@ send helpful errors to client - --with-crypto-impl=IMPL use specified crypto implementation @<:@builtin@:>@ - --with-prng-alg=ALG use specified PRNG algorithm. @<:@fortuna@:>@ - --with-tls-impl=IMPL use specified TLS implementation @<:@auto@:>@ - --without-keyutils do not link with libkeyutils - --with-spake-openssl use OpenSSL for SPAKE preauth @<:@auto@:>@ - --with-lmdb compile LMDB database backend module @<:@auto@:>@ - --without-libedit do not compile with libedit - --with-readline compile with GNU Readline - --with-system-verto always use system verto library - --with-pam compile with PAM support - --with-ksu-service PAM service name for ksu @<:@"ksu"@:>@ - --with-krb5-config=PATH path to existing krb5-config program for defaults - -Some influential environment variables: - CC C compiler command - CFLAGS C compiler flags - LDFLAGS linker flags, e.g. -L if you have libraries in a - nonstandard directory - LIBS libraries to pass to the linker, e.g. -l - CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if - you have headers in a nonstandard directory - CXX C++ compiler command - CXXFLAGS C++ compiler flags - CPP C preprocessor - LD linker command @<:@CC@:>@ - SS_LIB system libraries for 'ss' package @<:@-lss@:>@ - DB_HEADER header file for system Berkeley db package @<:@db.h@:>@ - DB_LIB library for system Berkeley db package @<:@-ldb@:>@ - PKG_CONFIG path to pkg-config utility - PKG_CONFIG_PATH - directories to add to pkg-config's search path - PKG_CONFIG_LIBDIR - path overriding pkg-config's built-in search path - YACC The `Yet Another Compiler Compiler' implementation to use. - Defaults to the first program found out of: `bison -y', `byacc', - `yacc'. - YFLAGS The list of arguments that will be passed by default to @S|@YACC. - This script will default YFLAGS to the empty string to avoid a - default value of `-d' given by some make applications. - LIBEDIT_CFLAGS - C compiler flags for LIBEDIT, overriding pkg-config - LIBEDIT_LIBS - linker flags for LIBEDIT, overriding pkg-config - VERTO_CFLAGS - C compiler flags for VERTO, overriding pkg-config - VERTO_LIBS linker flags for VERTO, overriding pkg-config - DEFCCNAME Default ccache name - DEFKTNAME Default keytab name - DEFCKTNAME Default client keytab name - -Use these variables to override the choices made by `configure' or to help -it to find libraries and programs with nonstandard names/locations. - -Report bugs to . -_ACEOF -ac_status=$? -fi - -if test "$ac_init_help" = "recursive"; then - # If there are subdirs, report their specific --help. - for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue - test -d "$ac_dir" || - { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || - continue - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. - if test -f "$ac_srcdir/configure.gnu"; then - echo && - $SHELL "$ac_srcdir/configure.gnu" --help=recursive - elif test -f "$ac_srcdir/configure"; then - echo && - $SHELL "$ac_srcdir/configure" --help=recursive - else - $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 - fi || ac_status=$? - cd "$ac_pwd" || { ac_status=$?; break; } - done -fi - -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF -Kerberos 5 configure 1.18.2 -generated by GNU Autoconf 2.69 - -Copyright (C) 2012 Free Software Foundation, Inc. -This configure script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it. - -Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009 -Massachusetts Institute of Technology. - -_ACEOF - exit -fi - -## ------------------------ ## -## Autoconf initialization. ## -## ------------------------ ## - -@%:@ ac_fn_c_try_compile LINENO -@%:@ -------------------------- -@%:@ Try to compile conftest.@S|@ac_ext, and return whether this succeeded. -ac_fn_c_try_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext - if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} @%:@ ac_fn_c_try_compile - -@%:@ ac_fn_cxx_try_compile LINENO -@%:@ ---------------------------- -@%:@ Try to compile conftest.@S|@ac_ext, and return whether this succeeded. -ac_fn_cxx_try_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext - if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_cxx_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} @%:@ ac_fn_cxx_try_compile - -@%:@ ac_fn_c_try_cpp LINENO -@%:@ ---------------------- -@%:@ Try to preprocess conftest.@S|@ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} @%:@ ac_fn_c_try_cpp - -@%:@ ac_fn_c_try_link LINENO -@%:@ ----------------------- -@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} @%:@ ac_fn_c_try_link - -@%:@ ac_fn_c_try_run LINENO -@%:@ ---------------------- -@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded. Assumes -@%:@ that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} @%:@ ac_fn_c_try_run - -@%:@ ac_fn_c_check_func LINENO FUNC VAR -@%:@ ---------------------------------- -@%:@ Tests whether FUNC exists, setting the cache variable VAR accordingly -ac_fn_c_check_func () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Define $2 to an innocuous variant, in case declares $2. - For example, HP-UX 11i declares gettimeofday. */ -#define $2 innocuous_$2 - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $2 - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $2 (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$2 || defined __stub___$2 -choke me -#endif - -int -main () -{ -return $2 (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} @%:@ ac_fn_c_check_func - -@%:@ ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -@%:@ ------------------------------------------------------- -@%:@ Tests whether HEADER exists, giving a warning if it cannot be compiled using -@%:@ the include files in INCLUDES and setting the cache variable VAR -@%:@ accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -@%:@include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -@%:@include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## -------------------------------- ## -## Report this to krb5-bugs@mit.edu ## -## -------------------------------- ##" - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} @%:@ ac_fn_c_check_header_mongrel - -@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -@%:@ ------------------------------------------------------- -@%:@ Tests whether HEADER exists and can be compiled using the include files in -@%:@ INCLUDES, setting the cache variable VAR accordingly. -ac_fn_c_check_header_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -@%:@include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} @%:@ ac_fn_c_check_header_compile - -@%:@ ac_fn_c_check_type LINENO TYPE VAR INCLUDES -@%:@ ------------------------------------------- -@%:@ Tests whether TYPE exists after having included INCLUDES, setting cache -@%:@ variable VAR accordingly. -ac_fn_c_check_type () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=no" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -if (sizeof ($2)) - return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -if (sizeof (($2))) - return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - eval "$3=yes" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} @%:@ ac_fn_c_check_type - -@%:@ ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES -@%:@ ---------------------------------------------------- -@%:@ Tries to find if the field MEMBER exists in type AGGR, after including -@%:@ INCLUDES, setting cache variable VAR accordingly. -ac_fn_c_check_member () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$5 -int -main () -{ -static $2 ac_aggr; -if (ac_aggr.$3) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$5 -int -main () -{ -static $2 ac_aggr; -if (sizeof ac_aggr.$3) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else - eval "$4=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$4 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} @%:@ ac_fn_c_check_member - -@%:@ ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -@%:@ --------------------------------------------- -@%:@ Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -@%:@ accordingly. -ac_fn_c_check_decl () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - as_decl_name=`echo $2|sed 's/ *(.*//'` - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -@%:@ifndef $as_decl_name -@%:@ifdef __cplusplus - (void) $as_decl_use; -@%:@else - (void) $as_decl_name; -@%:@endif -@%:@endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} @%:@ ac_fn_c_check_decl - -@%:@ ac_fn_c_compute_int LINENO EXPR VAR INCLUDES -@%:@ -------------------------------------------- -@%:@ Tries to find the compile-time value of EXPR in a program that includes -@%:@ INCLUDES, setting VAR accordingly. Returns whether the value could be -@%:@ computed -ac_fn_c_compute_int () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array @<:@1 - 2 * !(($2) >= 0)@:>@; -test_array @<:@0@:>@ = 0; -return test_array @<:@0@:>@; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=0 ac_mid=0 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array @<:@1 - 2 * !(($2) <= $ac_mid)@:>@; -test_array @<:@0@:>@ = 0; -return test_array @<:@0@:>@; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid; break -else - as_fn_arith $ac_mid + 1 && ac_lo=$as_val - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array @<:@1 - 2 * !(($2) < 0)@:>@; -test_array @<:@0@:>@ = 0; -return test_array @<:@0@:>@; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=-1 ac_mid=-1 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array @<:@1 - 2 * !(($2) >= $ac_mid)@:>@; -test_array @<:@0@:>@ = 0; -return test_array @<:@0@:>@; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=$ac_mid; break -else - as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - ac_lo= ac_hi= -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array @<:@1 - 2 * !(($2) <= $ac_mid)@:>@; -test_array @<:@0@:>@ = 0; -return test_array @<:@0@:>@; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid -else - as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in @%:@(( -?*) eval "$3=\$ac_lo"; ac_retval=0 ;; -'') ac_retval=1 ;; -esac - else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -static long int longval () { return $2; } -static unsigned long int ulongval () { return $2; } -@%:@include -@%:@include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (($2) < 0) - { - long int i = longval (); - if (i != ($2)) - return 1; - fprintf (f, "%ld", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ($2)) - return 1; - fprintf (f, "%lu", i); - } - /* Do not output a trailing newline, as this causes \r\n confusion - on some platforms. */ - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - echo >>conftest.val; read $3 config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - -It was created by Kerberos 5 $as_me 1.18.2, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ - -_ACEOF -exec 5>>config.log -{ -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - -hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` - -/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` -/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` -/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` -/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` - -_ASUNAME - -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" - done -IFS=$as_save_IFS - -} >&5 - -cat >&5 <<_ACEOF - - -## ----------- ## -## Core tests. ## -## ----------- ## - -_ACEOF - - -# Keep a trace of the command line. -# Strip out --no-create and --no-recursion so they do not pile up. -# Strip out --silent because we don't want to record it for future runs. -# Also quote any args containing shell meta-characters. -# Make two passes to allow for proper duplicate-argument suppression. -ac_configure_args= -ac_configure_args0= -ac_configure_args1= -ac_must_keep_next=false -for ac_pass in 1 2 -do - for ac_arg - do - case $ac_arg in - -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - continue ;; - *\'*) - ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - case $ac_pass in - 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; - 2) - as_fn_append ac_configure_args1 " '$ac_arg'" - if test $ac_must_keep_next = true; then - ac_must_keep_next=false # Got value, back to normal. - else - case $ac_arg in - *=* | --config-cache | -C | -disable-* | --disable-* \ - | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ - | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ - | -with-* | --with-* | -without-* | --without-* | --x) - case "$ac_configure_args0 " in - "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; - esac - ;; - -* ) ac_must_keep_next=true ;; - esac - fi - as_fn_append ac_configure_args " '$ac_arg'" - ;; - esac - done -done -{ ac_configure_args0=; unset ac_configure_args0;} -{ ac_configure_args1=; unset ac_configure_args1;} - -# When interrupted or exit'd, cleanup temporary files, and complete -# config.log. We remove comments because anyway the quotes in there -# would cause problems or look ugly. -# WARNING: Use '\'' to represent an apostrophe within the trap. -# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. -trap 'exit_status=$? - # Save into config.log some information that might help in debugging. - { - echo - - $as_echo "## ---------------- ## -## Cache variables. ## -## ---------------- ##" - echo - # The following way of writing the cache mishandles newlines in values, -( - for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done - (set) 2>&1 | - case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - sed -n \ - "s/'\''/'\''\\\\'\'''\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" - ;; #( - *) - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) - echo - - $as_echo "## ----------------- ## -## Output variables. ## -## ----------------- ##" - echo - for ac_var in $ac_subst_vars - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - - if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## -## File substitutions. ## -## ------------------- ##" - echo - for ac_var in $ac_subst_files - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - fi - - if test -s confdefs.h; then - $as_echo "## ----------- ## -## confdefs.h. ## -## ----------- ##" - echo - cat confdefs.h - echo - fi - test "$ac_signal" != 0 && - $as_echo "$as_me: caught signal $ac_signal" - $as_echo "$as_me: exit $exit_status" - } >&5 - rm -f core *.core core.conftest.* && - rm -f -r conftest* confdefs* conf$$* $ac_clean_files && - exit $exit_status -' 0 -for ac_signal in 1 2 13 15; do - trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal -done -ac_signal=0 - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -f -r conftest* confdefs.h - -$as_echo "/* confdefs.h */" > confdefs.h - -# Predefined preprocessor variables. - -cat >>confdefs.h <<_ACEOF -@%:@define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF - -cat >>confdefs.h <<_ACEOF -@%:@define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF - -cat >>confdefs.h <<_ACEOF -@%:@define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF - -cat >>confdefs.h <<_ACEOF -@%:@define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF - -cat >>confdefs.h <<_ACEOF -@%:@define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF - -cat >>confdefs.h <<_ACEOF -@%:@define PACKAGE_URL "$PACKAGE_URL" -_ACEOF - - -# Let the site file select an alternate cache file if it wants to. -# Prefer an explicitly selected file to automatically selected ones. -ac_site_file1=NONE -ac_site_file2=NONE -if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in @%:@(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac -elif test "x$prefix" != xNONE; then - ac_site_file1=$prefix/share/config.site - ac_site_file2=$prefix/etc/config.site -else - ac_site_file1=$ac_default_prefix/share/config.site - ac_site_file2=$ac_default_prefix/etc/config.site -fi -for ac_site_file in "$ac_site_file1" "$ac_site_file2" -do - test "x$ac_site_file" = xNONE && continue - if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -$as_echo "$as_me: loading site script $ac_site_file" >&6;} - sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } - fi -done - -if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special files - # actually), so we avoid doing that. DJGPP emulates it as a regular file. - if test /dev/null != "$cache_file" && test -f "$cache_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -$as_echo "$as_me: loading cache $cache_file" >&6;} - case $cache_file in - [\\/]* | ?:[\\/]* ) . "$cache_file";; - *) . "./$cache_file";; - esac - fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -$as_echo "$as_me: creating cache $cache_file" >&6;} - >$cache_file -fi - -# Check that the precious variables saved in the cache have kept the same -# value. -ac_cache_corrupted=false -for ac_var in $ac_precious_vars; do - eval ac_old_set=\$ac_cv_env_${ac_var}_set - eval ac_new_set=\$ac_env_${ac_var}_set - eval ac_old_val=\$ac_cv_env_${ac_var}_value - eval ac_new_val=\$ac_env_${ac_var}_value - case $ac_old_set,$ac_new_set in - set,) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,set) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,);; - *) - if test "x$ac_old_val" != "x$ac_new_val"; then - # differences in whitespace do not lead to failure. - ac_old_val_w=`echo x $ac_old_val` - ac_new_val_w=`echo x $ac_new_val` - if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} - ac_cache_corrupted=: - else - { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} - eval $ac_var=\$ac_old_val - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} - fi;; - esac - # Pass precious variables to config.status. - if test "$ac_new_set" = set; then - case $ac_new_val in - *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; - *) ac_arg=$ac_var=$ac_new_val ;; - esac - case " $ac_configure_args " in - *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. - *) as_fn_append ac_configure_args " '$ac_arg'" ;; - esac - fi -done -if $ac_cache_corrupted; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 -fi -## -------------------- ## -## Main body of script. ## -## -------------------- ## - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - -build_dynobj=no - -# If $runstatedir isn't set by autoconf (<2.70), set it manually. -if test x"$runstatedir" = x; then - runstatedir=$localstatedir/run -fi - - -# Don't make duplicate profile path entries for /etc/krb5.conf if -# $sysconfdir is /etc -if test "$sysconfdir" = /etc; then - SYSCONFCONF="" -else - SYSCONFCONF=":${sysconfdir}/krb5.conf" -fi - - -ac_reltopdir="." -if test ! -r "$srcdir/./aclocal.m4"; then - as_fn_error $? "Configure could not determine the relative topdir" "$LINENO" 5 -fi -ac_topdir=$srcdir/$ac_reltopdir -ac_config_fragdir=$ac_reltopdir/config -# echo "Looking for $srcdir/$ac_config_fragdir" -if test -d "$srcdir/$ac_config_fragdir"; then - ac_aux_dir= -for ac_dir in ./config "$srcdir"/./config; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in ./config \"$srcdir\"/./config" "$LINENO" 5 -fi - -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. - - -else - as_fn_error $? "can not find config/ directory in $ac_reltopdir" "$LINENO" 5 -fi - - - - -krb5_ac_cflags_set=${CFLAGS+set} -krb5_ac_cxxflags_set=${CXXFLAGS+set} -krb5_ac_warn_cflags_set=${WARN_CFLAGS+set} -krb5_ac_warn_cxxflags_set=${WARN_CXXFLAGS+set} - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $@%:@ != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi - -fi - - -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" -# Try to create an executable without -o first, disregard a.out. -# It will help us diagnose broken compilers, and finding out an intuition -# of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` - -# The possible output files: -ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" - -ac_rmfiles= -for ac_file in $ac_files -do - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac -done -rm -f $ac_rmfiles - -if { { ac_try="$ac_link_default" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' -# in a Makefile. We should not override ac_cv_exeext if it was cached, -# so that the user can short-circuit this test for compilers unknown to -# Autoconf. -for ac_file in $ac_files '' -do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - fi - # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' - # argument, so we may need to know it at that point already. - # Even if this section looks crufty: it has the advantage of - # actually working. - break;; - * ) - break;; - esac -done -test "$ac_cv_exeext" = no && ac_cv_exeext= - -else - ac_file='' -fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } -ac_exeext=$ac_cv_exeext - -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } -if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. -for ac_file in conftest.exe conftest conftest.*; do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - break;; - * ) break;; - esac -done -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } - -rm -f conftest.$ac_ext -EXEEXT=$ac_cv_exeext -ac_exeext=$EXEEXT -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -@%:@include -int -main () -{ -FILE *f = fopen ("conftest.out", "w"); - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -ac_clean_files="$ac_clean_files conftest.out" -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } -if test "$cross_compiling" != yes; then - { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if { ac_try='./conftest$ac_cv_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } - fi - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } - -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.o conftest.obj -if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac -done -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } -OBJEXT=$ac_cv_objext -ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes -else - GCC= -fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -ac_ext=cpp -ac_cpp='$CXXCPP $CPPFLAGS' -ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_cxx_compiler_gnu -if test -z "$CXX"; then - if test -n "$CCC"; then - CXX=$CCC - else - if test -n "$ac_tool_prefix"; then - for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CXX+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CXX"; then - ac_cv_prog_CXX="$CXX" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CXX=$ac_cv_prog_CXX -if test -n "$CXX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5 -$as_echo "$CXX" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CXX" && break - done -fi -if test -z "$CXX"; then - ac_ct_CXX=$CXX - for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CXX+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CXX"; then - ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CXX="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CXX=$ac_cv_prog_ac_ct_CXX -if test -n "$ac_ct_CXX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5 -$as_echo "$ac_ct_CXX" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_CXX" && break -done - - if test "x$ac_ct_CXX" = x; then - CXX="g++" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CXX=$ac_ct_CXX - fi -fi - - fi -fi -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5 -$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; } -if ${ac_cv_cxx_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_cxx_compiler_gnu=$ac_compiler_gnu - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5 -$as_echo "$ac_cv_cxx_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GXX=yes -else - GXX= -fi -ac_test_CXXFLAGS=${CXXFLAGS+set} -ac_save_CXXFLAGS=$CXXFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5 -$as_echo_n "checking whether $CXX accepts -g... " >&6; } -if ${ac_cv_prog_cxx_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_cxx_werror_flag=$ac_cxx_werror_flag - ac_cxx_werror_flag=yes - ac_cv_prog_cxx_g=no - CXXFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - ac_cv_prog_cxx_g=yes -else - CXXFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - -else - ac_cxx_werror_flag=$ac_save_cxx_werror_flag - CXXFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - ac_cv_prog_cxx_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cxx_werror_flag=$ac_save_cxx_werror_flag -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5 -$as_echo "$ac_cv_prog_cxx_g" >&6; } -if test "$ac_test_CXXFLAGS" = set; then - CXXFLAGS=$ac_save_CXXFLAGS -elif test $ac_cv_prog_cxx_g = yes; then - if test "$GXX" = yes; then - CXXFLAGS="-g -O2" - else - CXXFLAGS="-g" - fi -else - if test "$GXX" = yes; then - CXXFLAGS="-O2" - else - CXXFLAGS= - fi -fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - cflags_warning_test_flags= - cachevar=`echo "krb5_cv_cc_flag_-Werror=unknown-warning-option" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror=unknown-warning-option" >&5 -$as_echo_n "checking if C compiler supports -Werror=unknown-warning-option... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror=unknown-warning-option" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -Werror=unknown-warning-option" - fi - eval flag_supported='${'$cachevar'}' - - if test $flag_supported = yes; then - cflags_warning_test_flags=-Werror=unknown-warning-option - fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -@%:@ifdef __STDC__ -@%:@ include -@%:@else -@%:@ include -@%:@endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -@%:@include -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -@%:@ifdef __STDC__ -@%:@ include -@%:@else -@%:@ include -@%:@endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -@%:@include -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -test "$program_prefix" != NONE && - program_transform_name="s&^&$program_prefix&;$program_transform_name" -# Use a double $ so make ignores it. -test "$program_suffix" != NONE && - program_transform_name="s&\$&$program_suffix&;$program_transform_name" -# Double any \ or $. -# By default was `s,x,x', remove it if useless. -ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' -program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "@%:@define STDC_HEADERS 1" >>confdefs.h - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_build_alias=$build_alias -test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` -test "x$ac_build_alias" = x && - as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } -case $ac_cv_build in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; -esac -build=$ac_cv_build -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_build -shift -build_cpu=$1 -build_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -build_os=$* -IFS=$ac_save_IFS -case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "x$host_alias" = x; then - ac_cv_host=$ac_cv_build -else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } -case $ac_cv_host in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; -esac -host=$ac_cv_host -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_host -shift -host_cpu=$1 -host_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -host_os=$* -IFS=$ac_save_IFS -case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ - for ac_i in 1 2 3 4 5 6 7; do - ac_script="$ac_script$as_nl$ac_script" - done - echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed - { ac_script=; unset ac_script;} - if test -z "$SED"; then - ac_path_SED_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_SED" || continue -# Check for GNU ac_path_SED and select it if it is found. - # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in -*GNU*) - ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" - "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_SED_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_SED="$ac_path_SED" - ac_path_SED_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_SED_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_SED"; then - as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 - fi -else - ac_cv_path_SED=$SED -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } - SED="$ac_cv_path_SED" - rm -f conftest.sed - - EXTRA_FILES="" - - -$as_echo "@%:@define _GNU_SOURCE 1" >>confdefs.h - - -$as_echo "@%:@define __STDC_WANT_LIB_EXT1__ 1" >>confdefs.h - - -if test $ac_cv_c_compiler_gnu = yes ; then - HAVE_GCC=yes - else HAVE_GCC= -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU linker" >&5 -$as_echo_n "checking for GNU linker... " >&6; } -if ${krb5_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else - krb5_cv_prog_gnu_ld=no -if test "$GCC" = yes; then - if { ac_try='$CC -Wl,-v 2>&1 | grep "GNU ld" > /dev/null' - { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 - (eval $ac_try) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - krb5_cv_prog_gnu_ld=yes - fi -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_prog_gnu_ld" >&5 -$as_echo "$krb5_cv_prog_gnu_ld" >&6; } - -@%:@ Check whether --with-size-optimizations was given. -if test "${with_size_optimizations+set}" = set; then : - withval=$with_size_optimizations; -else - withval=no -fi - -if test "$withval" = yes; then - -$as_echo "@%:@define CONFIG_SMALL 1" >>confdefs.h - -fi -# -Wno-long-long, if needed, for k5-platform.h without inttypes.h etc. -extra_gcc_warn_opts="-Wall -Wcast-align -Wshadow" -# -Wmissing-prototypes -if test "$GCC" = yes ; then - # Putting this here means we get -Os after -O2, which works. - if test "$with_size_optimizations" = yes && test "x$krb5_ac_cflags_set" != xset; then - { $as_echo "$as_me:${as_lineno-$LINENO}: adding -Os optimization option" >&5 -$as_echo "$as_me: adding -Os optimization option" >&6;} - case "$CFLAGS" in - "-g -O2") CFLAGS="-g -Os" ;; - "-O2") CFLAGS="-Os" ;; - *) CFLAGS="$CFLAGS -Os" ;; - esac - fi - if test "x$krb5_ac_warn_cflags_set" = xset ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: not adding extra gcc warning flags because WARN_CFLAGS was set" >&5 -$as_echo "$as_me: not adding extra gcc warning flags because WARN_CFLAGS was set" >&6;} - else - { $as_echo "$as_me:${as_lineno-$LINENO}: adding extra warning flags for gcc" >&5 -$as_echo "$as_me: adding extra warning flags for gcc" >&6;} - WARN_CFLAGS="$WARN_CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes" - if test "`uname -s`" = Darwin ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: skipping pedantic warnings on Darwin" >&5 -$as_echo "$as_me: skipping pedantic warnings on Darwin" >&6;} - elif test "`uname -s`" = Linux ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: skipping pedantic warnings on Linux" >&5 -$as_echo "$as_me: skipping pedantic warnings on Linux" >&6;} - else - WARN_CFLAGS="$WARN_CFLAGS -pedantic" - fi - if test "$ac_cv_cxx_compiler_gnu" = yes; then - if test "x$krb5_ac_warn_cxxflags_set" = xset ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: not adding extra g++ warnings because WARN_CXXFLAGS was set" >&5 -$as_echo "$as_me: not adding extra g++ warnings because WARN_CXXFLAGS was set" >&6;} - else - { $as_echo "$as_me:${as_lineno-$LINENO}: adding extra warning flags for g++" >&5 -$as_echo "$as_me: adding extra warning flags for g++" >&6;} - WARN_CXXFLAGS="$WARN_CXXFLAGS $extra_gcc_warn_opts" - fi - fi - # Currently, G++ does not support -Wno-format-zero-length. - cachevar=`echo "krb5_cv_cc_flag_-Wno-format-zero-length" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Wno-format-zero-length" >&5 -$as_echo_n "checking if C compiler supports -Wno-format-zero-length... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -Wno-format-zero-length" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -Wno-format-zero-length" - fi - eval flag_supported='${'$cachevar'}' - - # Other flags here may not be supported on some versions of - # gcc that people want to use. - for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized no-maybe-uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers error=implicit-int ; do - cachevar=`echo "krb5_cv_cc_flag_-W$flag" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -W$flag" >&5 -$as_echo_n "checking if C compiler supports -W$flag... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -W$flag" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -W$flag" - fi - eval flag_supported='${'$cachevar'}' - - done - # old-style-definition? generates many, many warnings - # - # Warnings that we'd like to turn into errors on versions of gcc - # that support promoting only specific warnings to errors, but - # we'll take as warnings on older compilers. (If such a warning - # is added after the -Werror=foo feature, you can just put - # error=foo in the above list, and skip the test for the - # warning-only form.) At least in some versions, -Werror= doesn't - # seem to make the conditions actual errors, but still issues - # warnings; I guess we'll take what we can get. - # - # We're currently targeting C89+, not C99, so disallow some - # constructs. - for flag in declaration-after-statement ; do - cachevar=`echo "krb5_cv_cc_flag_-Werror=$flag" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror=$flag" >&5 -$as_echo_n "checking if C compiler supports -Werror=$flag... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror=$flag" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -Werror=$flag" - fi - eval flag_supported='${'$cachevar'}' - - if test "$flag_supported" = no; then - cachevar=`echo "krb5_cv_cc_flag_-W$flag" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -W$flag" >&5 -$as_echo_n "checking if C compiler supports -W$flag... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -W$flag" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -W$flag" - fi - eval flag_supported='${'$cachevar'}' - - fi - done - # We require function declarations now. - # - # In some compiler versions -- e.g., "gcc version 4.2.1 (Apple - # Inc. build 5664)" -- the -Werror- option works, but the -Werror= - # version doesn't cause implicitly declared functions to be - # flagged as errors. If neither works, -Wall implies - # -Wimplicit-function-declaration so don't bother. - cachevar=`echo "krb5_cv_cc_flag_-Werror-implicit-function-declaration" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror-implicit-function-declaration" >&5 -$as_echo_n "checking if C compiler supports -Werror-implicit-function-declaration... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror-implicit-function-declaration" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -Werror-implicit-function-declaration" - fi - eval flag_supported='${'$cachevar'}' - - if test "implicit-function-declaration_supported" = no; then - cachevar=`echo "krb5_cv_cc_flag_-Werror=implicit-function-declaration" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror=implicit-function-declaration" >&5 -$as_echo_n "checking if C compiler supports -Werror=implicit-function-declaration... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - # first try without, then with - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - old_cflags="$CFLAGS" - CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror=implicit-function-declaration" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS="$old_cflags" -else - as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test '"${'$cachevar'}"' = yes; then - WARN_CFLAGS="$WARN_CFLAGS -Werror=implicit-function-declaration" - fi - eval flag_supported='${'$cachevar'}' - - fi - # - fi - if test "`uname -s`" = Darwin ; then - # Someday this should be a feature test. - # One current (Jaguar = OS 10.2) problem: - # Archive library with foo.o undef sym X and bar.o common sym X, - # if foo.o is pulled in at link time, bar.o may not be, causing - # the linker to complain. - # Dynamic library problems too? - case "$CC $CFLAGS" in - *-fcommon*) ;; # why someone would do this, I don't know - *-fno-common*) ;; # okay, they're already doing the right thing - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: disabling the use of common storage on Darwin" >&5 -$as_echo "$as_me: disabling the use of common storage on Darwin" >&6;} - CFLAGS="$CFLAGS -fno-common" - ;; - esac - case "$LD $LDFLAGS" in - *-Wl,-search_paths_first*) ;; - *) LDFLAGS="${LDFLAGS} -Wl,-search_paths_first" ;; - esac - fi -else - if test "`uname -s`" = AIX ; then - # Using AIX but not GCC, assume native compiler. - # The native compiler appears not to give a nonzero exit - # status for certain classes of errors, like missing arguments - # in function calls. Let's try to fix that with -qhalt=e. - case "$CC $CFLAGS" in - *-qhalt=*) ;; - *) - CFLAGS="$CFLAGS -qhalt=e" - { $as_echo "$as_me:${as_lineno-$LINENO}: adding -qhalt=e for better error reporting" >&5 -$as_echo "$as_me: adding -qhalt=e for better error reporting" >&6;} - ;; - esac - # Also, the optimizer isn't turned on by default, which means - # the static inline functions get left in random object files, - # leading to references to pthread_mutex_lock from anything that - # includes k5-int.h whether it uses threads or not. - case "$CC $CFLAGS" in - *-O*) ;; - *) - CFLAGS="$CFLAGS -O" - { $as_echo "$as_me:${as_lineno-$LINENO}: adding -O for inline thread-support function elimination" >&5 -$as_echo "$as_me: adding -O for inline thread-support function elimination" >&6;} - ;; - esac - fi - if test "`uname -s`" = SunOS ; then - # Using Solaris but not GCC, assume Sunsoft compiler. - # We have some error-out-on-warning options available. - # Sunsoft 12 compiler defaults to -xc99=all, it appears, so "inline" - # works, but it also means that declaration-in-code warnings won't - # be issued. - # -v -fd -errwarn=E_DECLARATION_IN_CODE ... - if test "x$krb5_ac_warn_cflags_set" = xset ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: not adding extra warning flags because WARN_CFLAGS was set" >&5 -$as_echo "$as_me: not adding extra warning flags because WARN_CFLAGS was set" >&6;} - else - WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED,E_ATTRIBUTE_PARAM_UNDEFINED" - fi - if test "x$krb5_ac_warn_cxxflags_set" = xset ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: not adding extra warning flags because WARN_CXXFLAGS was set" >&5 -$as_echo "$as_me: not adding extra warning flags because WARN_CXXFLAGS was set" >&6;} - else - WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" - fi - fi -fi - - - -if test -z "$LD" ; then LD=$CC; fi - - - -@%:@ Check whether --with-system-et was given. -if test "${with_system_et+set}" = set; then : - withval=$with_system_et; -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which version of com_err to use" >&5 -$as_echo_n "checking which version of com_err to use... " >&6; } -if test "x$with_system_et" = xyes ; then - # This will be changed to "intlsys" if textdomain support is present. - COM_ERR_VERSION=sys - { $as_echo "$as_me:${as_lineno-$LINENO}: result: system" >&5 -$as_echo "system" >&6; } -else - COM_ERR_VERSION=k5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5" >&5 -$as_echo "krb5" >&6; } -fi -if test $COM_ERR_VERSION = sys; then - # check for various functions we need - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for add_error_table in -lcom_err" >&5 -$as_echo_n "checking for add_error_table in -lcom_err... " >&6; } -if ${ac_cv_lib_com_err_add_error_table+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcom_err $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char add_error_table (); -int -main () -{ -return add_error_table (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_com_err_add_error_table=yes -else - ac_cv_lib_com_err_add_error_table=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_add_error_table" >&5 -$as_echo "$ac_cv_lib_com_err_add_error_table" >&6; } -if test "x$ac_cv_lib_com_err_add_error_table" = xyes; then : - : -else - as_fn_error $? "cannot find add_error_table in com_err library" "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for remove_error_table in -lcom_err" >&5 -$as_echo_n "checking for remove_error_table in -lcom_err... " >&6; } -if ${ac_cv_lib_com_err_remove_error_table+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcom_err $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char remove_error_table (); -int -main () -{ -return remove_error_table (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_com_err_remove_error_table=yes -else - ac_cv_lib_com_err_remove_error_table=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_remove_error_table" >&5 -$as_echo "$ac_cv_lib_com_err_remove_error_table" >&6; } -if test "x$ac_cv_lib_com_err_remove_error_table" = xyes; then : - : -else - as_fn_error $? "cannot find remove_error_table in com_err library" "$LINENO" 5 -fi - - # make sure compile_et provides "et_foo" name - cat >> conf$$e.et <&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_compile_et+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$compile_et"; then - ac_cv_prog_compile_et="$compile_et" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_compile_et="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -compile_et=$ac_cv_prog_compile_et -if test -n "$compile_et"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $compile_et" >&5 -$as_echo "$compile_et" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$compile_et" && break -done -test -n "$compile_et" || compile_et="false" - - if test "$compile_et" = false; then - as_fn_error $? "cannot find compile_et" "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compile_et is useful" >&5 -$as_echo_n "checking whether compile_et is useful... " >&6; } -if ${krb5_cv_compile_et_useful+:} false; then : - $as_echo_n "(cached) " >&6 -else - - if compile_et conf$$e.et >/dev/null 2>&1 ; then true ; else - as_fn_error $? "execution failed" "$LINENO" 5 - fi - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include "conf$$e.h" - -int -main () -{ - &et_foo_error_table; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - : -else - as_fn_error $? "cannot use et_foo_error_table" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - # Anything else we need to test for? - rm -f conf$$e.c conf$$e.h - krb5_cv_compile_et_useful=yes - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_compile_et_useful" >&5 -$as_echo "$krb5_cv_compile_et_useful" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compile_et supports --textdomain" >&5 -$as_echo_n "checking whether compile_et supports --textdomain... " >&6; } -if ${krb5_cv_compile_et_textdomain+:} false; then : - $as_echo_n "(cached) " >&6 -else - - krb5_cv_compile_et_textdomain=no - if compile_et --textdomain=xyzw conf$$e.et >/dev/null 2>&1 ; then - if grep -q xyzw conf$$e.c; then - krb5_cv_compile_et_textdomain=yes - fi - fi - rm -f conf$$e.c conf$$e.h - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_compile_et_textdomain" >&5 -$as_echo "$krb5_cv_compile_et_textdomain" >&6; } - if test "$krb5_cv_compile_et_textdomain" = yes; then - COM_ERR_VERSION=intlsys - fi - rm -f conf$$e.et -fi - -if test "$COM_ERR_VERSION" = k5 -o "$COM_ERR_VERSION" = intlsys; then - -$as_echo "@%:@define HAVE_COM_ERR_INTL 1" >>confdefs.h - -fi - - -@%:@ Check whether --with-system-ss was given. -if test "${with_system_ss+set}" = set; then : - withval=$with_system_ss; -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which version of subsystem package to use" >&5 -$as_echo_n "checking which version of subsystem package to use... " >&6; } -if test "x$with_system_ss" = xyes ; then - SS_VERSION=sys - { $as_echo "$as_me:${as_lineno-$LINENO}: result: system" >&5 -$as_echo "system" >&6; } - # todo: check for various libraries we might need - # in the meantime... - test "x${SS_LIB+set}" = xset || SS_LIB=-lss - old_LIBS="$LIBS" - LIBS="$LIBS $SS_LIB" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system ss package works" >&5 -$as_echo_n "checking whether system ss package works... " >&6; } -if ${krb5_cv_system_ss_okay+:} false; then : - $as_echo_n "(cached) " >&6 -else - - if test "$cross_compiling" = yes; then : - krb5_cv_system_ss_okay="assumed" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -int main(int argc, char *argv[]) { - if (argc == 42) { - int i, err; - i = ss_create_invocation("foo","foo","",0,&err); - ss_listen(i); - } - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - krb5_cv_system_ss_okay=yes -else - as_fn_error $? "cannot run test program" "$LINENO" 5 -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_system_ss_okay" >&5 -$as_echo "$krb5_cv_system_ss_okay" >&6; } - LIBS="$old_LIBS" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ss_execute_command needs a prototype provided" >&5 -$as_echo_n "checking if ss_execute_command needs a prototype provided... " >&6; } -if ${krb5_cv_func_ss_execute_command_noproto+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -#undef ss_execute_command -struct k5foo {int foo; } xx; -extern int ss_execute_command (struct k5foo*); -ss_execute_command(&xx); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_func_ss_execute_command_noproto=yes -else - krb5_cv_func_ss_execute_command_noproto=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_ss_execute_command_noproto" >&5 -$as_echo "$krb5_cv_func_ss_execute_command_noproto" >&6; } -if test $krb5_cv_func_ss_execute_command_noproto = yes; then - -$as_echo "@%:@define NEED_SS_EXECUTE_COMMAND_PROTO 1" >>confdefs.h - -fi - - -else - SS_VERSION=k5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: krb5" >&5 -$as_echo "krb5" >&6; } -fi - - - - -@%:@ Check whether --with-system-db was given. -if test "${with_system_db+set}" = set; then : - withval=$with_system_db; -fi - - - -if test "x$with_system_db" = xyes ; then - DB_VERSION=sys - # TODO: Do we have specific routines we should check for? - # How about known, easily recognizable bugs? - # We want to use bt_rseq in some cases, but no other version but - # ours has it right now. - # - # Okay, check the variables. - test "x${DB_HEADER+set}" = xset || DB_HEADER=db.h - test "x${DB_LIB+set}" = xset || DB_LIB=-ldb - # - if test "x${DB_HEADER}" = xdb.h ; then - DB_HEADER_VERSION=sys - else - DB_HEADER_VERSION=redirect - fi - KDB5_DB_LIB="$DB_LIB" -else - DB_VERSION=k5 - -$as_echo "@%:@define HAVE_BT_RSEQ 1" >>confdefs.h - - DB_HEADER=db.h - DB_HEADER_VERSION=k5 - # libdb gets sucked into libkdb - KDB5_DB_LIB= - # needed for a couple of things that need libdb for its own sake - DB_LIB=-ldb -fi - - - - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - -#ifndef __cplusplus - /* Ultrix mips cc rejects this sort of thing. */ - typedef int charset[2]; - const charset cs = { 0, 0 }; - /* SunOS 4.1.1 cc rejects this. */ - char const *const *pcpcc; - char **ppc; - /* NEC SVR4.0.2 mips cc rejects this. */ - struct point {int x, y;}; - static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in - an arm of an if-expression whose if-part is not a constant - expression */ - const char *g = "string"; - pcpcc = &g + (g ? g-g : 0); - /* HPUX 7.0 cc rejects these. */ - ++pcpcc; - ppc = (char**) pcpcc; - pcpcc = (char const *const *) ppc; - { /* SCO 3.2v4 cc rejects this sort of thing. */ - char tx; - char *t = &tx; - char const *s = 0 ? (char *) 0 : (char const *) 0; - - *t++ = 0; - if (s) return 0; - } - { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; - } - { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; - } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; } bx; - struct s *b = &bx; b->j = 5; - } - { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; - if (!foo) return 0; - } - return !cs[0] && !zero.x; -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_const=yes -else - ac_cv_c_const=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } -if test $ac_cv_c_const = no; then - -$as_echo "@%:@define const /**/" >>confdefs.h - -fi - - -@%:@ Check whether --with-netlib was given. -if test "${with_netlib+set}" = set; then : - withval=$with_netlib; if test "$withval" = yes -o "$withval" = no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"netlib will link with C library resolver only\"" >&5 -$as_echo "\"netlib will link with C library resolver only\"" >&6; } - else - LIBS="$LIBS $withval" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"netlib will use \'$withval\'\"" >&5 -$as_echo "\"netlib will use \'$withval\'\"" >&6; } - fi - -enable_dns=yes - @%:@ Check whether --enable-dns-for-realm was given. -if test "${enable_dns_for_realm+set}" = set; then : - enableval=$enable_dns_for_realm; -else - enable_dns_for_realm=no -fi - - if test "$enable_dns_for_realm" = yes; then - -$as_echo "@%:@define KRB5_DNS_LOOKUP_REALM 1" >>confdefs.h - - fi - - -$as_echo "@%:@define KRB5_DNS_LOOKUP 1" >>confdefs.h - - - - -else - - # Most operating systems have gethostbyname() in the default searched - # libraries (i.e. libc): - ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" -if test "x$ac_cv_func_gethostbyname" = xyes; then : - -else - - # Some OSes (eg. Solaris) place it in libnsl: - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 -$as_echo_n "checking for gethostbyname in -lnsl... " >&6; } -if ${ac_cv_lib_nsl_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnsl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gethostbyname (); -int -main () -{ -return gethostbyname (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nsl_gethostbyname=yes -else - ac_cv_lib_nsl_gethostbyname=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 -$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } -if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBNSL 1 -_ACEOF - - LIBS="-lnsl $LIBS" - -else - - # Some strange OSes (SINIX) have it in libsocket: - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lsocket" >&5 -$as_echo_n "checking for gethostbyname in -lsocket... " >&6; } -if ${ac_cv_lib_socket_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsocket $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gethostbyname (); -int -main () -{ -return gethostbyname (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_socket_gethostbyname=yes -else - ac_cv_lib_socket_gethostbyname=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_gethostbyname" >&5 -$as_echo "$ac_cv_lib_socket_gethostbyname" >&6; } -if test "x$ac_cv_lib_socket_gethostbyname" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBSOCKET 1 -_ACEOF - - LIBS="-lsocket $LIBS" - -else - - # Unfortunately libsocket sometimes depends on libnsl. - # AC_CHECK_LIB's API is essentially broken so the following - # ugliness is necessary: - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lsocket" >&5 -$as_echo_n "checking for gethostbyname in -lsocket... " >&6; } -if ${ac_cv_lib_socket_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsocket -lnsl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gethostbyname (); -int -main () -{ -return gethostbyname (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_socket_gethostbyname=yes -else - ac_cv_lib_socket_gethostbyname=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_gethostbyname" >&5 -$as_echo "$ac_cv_lib_socket_gethostbyname" >&6; } -if test "x$ac_cv_lib_socket_gethostbyname" = xyes; then : - LIBS="-lsocket -lnsl $LIBS" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lresolv" >&5 -$as_echo_n "checking for gethostbyname in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gethostbyname (); -int -main () -{ -return gethostbyname (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolv_gethostbyname=yes -else - ac_cv_lib_resolv_gethostbyname=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_gethostbyname" >&5 -$as_echo "$ac_cv_lib_resolv_gethostbyname" >&6; } -if test "x$ac_cv_lib_resolv_gethostbyname" = xyes; then : - LIBS="-lresolv $LIBS" -fi - -fi - - -fi - - -fi - - -fi - - ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" -if test "x$ac_cv_func_socket" = xyes; then : - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 -$as_echo_n "checking for socket in -lsocket... " >&6; } -if ${ac_cv_lib_socket_socket+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsocket $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char socket (); -int -main () -{ -return socket (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_socket_socket=yes -else - ac_cv_lib_socket_socket=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 -$as_echo "$ac_cv_lib_socket_socket" >&6; } -if test "x$ac_cv_lib_socket_socket" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBSOCKET 1 -_ACEOF - - LIBS="-lsocket $LIBS" - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 -$as_echo_n "checking for socket in -lsocket... " >&6; } -if ${ac_cv_lib_socket_socket+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsocket -lnsl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char socket (); -int -main () -{ -return socket (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_socket_socket=yes -else - ac_cv_lib_socket_socket=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 -$as_echo "$ac_cv_lib_socket_socket" >&6; } -if test "x$ac_cv_lib_socket_socket" = xyes; then : - LIBS="-lsocket -lnsl $LIBS" -fi - -fi - -fi - - -enable_dns=yes - @%:@ Check whether --enable-dns-for-realm was given. -if test "${enable_dns_for_realm+set}" = set; then : - enableval=$enable_dns_for_realm; -else - enable_dns_for_realm=no -fi - - if test "$enable_dns_for_realm" = yes; then - -$as_echo "@%:@define KRB5_DNS_LOOKUP_REALM 1" >>confdefs.h - - fi - - -$as_echo "@%:@define KRB5_DNS_LOOKUP 1" >>confdefs.h - - - - if test "$enable_dns" = yes ; then - # We assume that if libresolv exists we can link against it. - # This may get us a gethostby* that doesn't respect nsswitch. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5 -$as_echo_n "checking for main in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_main+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -int -main () -{ -return main (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolv_main=yes -else - ac_cv_lib_resolv_main=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_main" >&5 -$as_echo "$ac_cv_lib_resolv_main" >&6; } -if test "x$ac_cv_lib_resolv_main" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBRESOLV 1 -_ACEOF - - LIBS="-lresolv $LIBS" - -fi - - -for krb5_func in res_ninit res_nclose res_ndestroy res_nsearch ns_initparse ns_name_uncompress dn_skipname res_search; do - -# Solaris 9 prototypes ns_name_uncompress() in arpa/nameser.h, but -# doesn't export it from libresolv.so, so we use extreme paranoia here -# and check both for the declaration and that we can link against the -# function. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $krb5_func" >&5 -$as_echo_n "checking for $krb5_func... " >&6; } -if eval \${krb5_cv_func_$krb5_func+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -@%:@include -int -main () -{ -/* - * Use volatile, or else optimization can cause false positives. - */ -void (* volatile p)() = (void (*)())$krb5_func; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - eval "krb5_cv_func_$krb5_func=yes" -else - eval "krb5_cv_func_$krb5_func=no" -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -eval ac_res=\$krb5_cv_func_$krb5_func - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if test `eval 'as_val=${'krb5_cv_func_$krb5_func'};$as_echo "$as_val"'` = yes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$krb5_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test $krb5_cv_func_res_nsearch = no \ - && test $krb5_cv_func_res_search = no; then - # Attempt to link with res_search(), in case it's not prototyped. - ac_fn_c_check_func "$LINENO" "res_search" "ac_cv_func_res_search" -if test "x$ac_cv_func_res_search" = xyes; then : - -$as_echo "@%:@define HAVE_RES_SEARCH 1" >>confdefs.h - -else - as_fn_error $? "cannot find res_nsearch or res_search" "$LINENO" 5 -fi - - fi - fi - - -fi - -@%:@ Check whether --with-hesiod was given. -if test "${with_hesiod+set}" = set; then : - withval=$with_hesiod; hesiod=$with_hesiod -else - with_hesiod=no -fi - -if test "$with_hesiod" != "no"; then - HESIOD_DEFS=-DHESIOD - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_send in -lresolv" >&5 -$as_echo_n "checking for res_send in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_res_send+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char res_send (); -int -main () -{ -return res_send (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolv_res_send=yes -else - ac_cv_lib_resolv_res_send=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_send" >&5 -$as_echo "$ac_cv_lib_resolv_res_send" >&6; } -if test "x$ac_cv_lib_resolv_res_send" = xyes; then : - res_lib=-lresolv -fi - - if test "$hesiod" != "yes"; then - HESIOD_LIBS="-L${hesiod}/lib -lhesiod $res_lib" - else - HESIOD_LIBS="-lhesiod $res_lib" - fi -else - HESIOD_DEFS= - HESIOD_LIBS= -fi - - @%:@ Check whether --enable-maintainer-mode was given. -if test "${enable_maintainer_mode+set}" = set; then : - enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval -else - USE_MAINTAINER_MODE=no -fi - -if test "$USE_MAINTAINER_MODE" = yes; then - MAINTAINER_MODE_TRUE= - MAINTAINER_MODE_FALSE='#' - { $as_echo "$as_me:${as_lineno-$LINENO}: enabling maintainer mode" >&5 -$as_echo "$as_me: enabling maintainer mode" >&6;} -else - MAINTAINER_MODE_TRUE='#' - MAINTAINER_MODE_FALSE= -fi -MAINT=$MAINTAINER_MODE_TRUE - - - - CONFIG_RELTOPDIR=$ac_reltopdir - -lib_frag=$srcdir/$ac_config_fragdir/lib.in - -libobj_frag=$srcdir/$ac_config_fragdir/libobj.in - -libnover_frag=$srcdir/$ac_config_fragdir/libnover.in - -libpriv_frag=$srcdir/$ac_config_fragdir/libpriv.in - -libnodeps_frag=$srcdir/$ac_config_fragdir/libnodeps.in - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pragma weak references are supported" >&5 -$as_echo_n "checking whether pragma weak references are supported... " >&6; } -if ${krb5_cv_pragma_weak_ref+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#pragma weak flurbl -extern int flurbl(void); -int -main () -{ -if (&flurbl != 0) return flurbl(); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_pragma_weak_ref=yes -else - krb5_cv_pragma_weak_ref=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_pragma_weak_ref" >&5 -$as_echo "$krb5_cv_pragma_weak_ref" >&6; } -if test $krb5_cv_pragma_weak_ref = yes ; then - -$as_echo "@%:@define HAVE_PRAGMA_WEAK_REF 1" >>confdefs.h - -fi - - -@%:@ Check whether --with-ldap was given. -if test "${with_ldap+set}" = set; then : - withval=$with_ldap; case "$withval" in - OPENLDAP) with_ldap=yes ;; - yes | no) ;; - *) as_fn_error $? "Invalid option value --with-ldap=\"$withval\"" "$LINENO" 5 ;; -esac -else - with_ldap=no -fi - -if test "$with_ldap" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: enabling OpenLDAP database backend module support" >&5 -$as_echo "$as_me: enabling OpenLDAP database backend module support" >&6;} - OPENLDAP_PLUGIN=yes -fi - - - -@%:@ Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then : - withval=$with_selinux; withselinux="$withval" -else - withselinux=auto -fi - -old_LIBS="$LIBS" -if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for libselinux..." >&5 -$as_echo "checking for libselinux..." >&6; } - SELINUX_LIBS= - for ac_header in selinux/selinux.h selinux/label.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate selinux/selinux.h." >&5 -$as_echo "Unable to locate selinux/selinux.h." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate selinux/selinux.h." "$LINENO" 5 - fi - fi - - LIBS= - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xno ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setfscreatecon in -lselinux" >&5 -$as_echo_n "checking for setfscreatecon in -lselinux... " >&6; } -if ${ac_cv_lib_selinux_setfscreatecon+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lselinux $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setfscreatecon (); -int -main () -{ -return setfscreatecon (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_selinux_setfscreatecon=yes -else - ac_cv_lib_selinux_setfscreatecon=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setfscreatecon" >&5 -$as_echo "$ac_cv_lib_selinux_setfscreatecon" >&6; } -if test "x$ac_cv_lib_selinux_setfscreatecon" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBSELINUX 1 -_ACEOF - - LIBS="-lselinux $LIBS" - -fi - - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xyes ; then - SELINUX_LIBS="$LIBS" - else - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate libselinux." >&5 -$as_echo "Unable to locate libselinux." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate libselinux." "$LINENO" 5 - fi - fi - fi - if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: building with SELinux labeling support" >&5 -$as_echo "$as_me: building with SELinux labeling support" >&6;} - -$as_echo "@%:@define USE_SELINUX 1" >>confdefs.h - - SELINUX_LIBS="$LIBS" - EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" - fi -fi -LIBS="$old_LIBS" - - -krb5_cv_host=$host - -. $ac_topdir/config/shlib.conf - -@%:@ Check whether --enable-delayed-initialization was given. -if test "${enable_delayed_initialization+set}" = set; then : - enableval=$enable_delayed_initialization; -else - enable_delayed_initialization=yes -fi - -case "$enable_delayed_initialization" in - yes) - -$as_echo "@%:@define DELAY_INITIALIZER 1" >>confdefs.h - ;; - no) ;; - *) as_fn_error $? "invalid option $enable_delayed_initialization for delayed-initialization" "$LINENO" 5 ;; -esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for constructor/destructor attribute support" >&5 -$as_echo_n "checking for constructor/destructor attribute support... " >&6; } -if ${krb5_cv_attr_constructor_destructor+:} false; then : - $as_echo_n "(cached) " >&6 -else - rm -f conftest.1 conftest.2 -if test -r conftest.1 || test -r conftest.2 ; then - as_fn_error $? "write error in local file system?" "$LINENO" 5 -fi -true > conftest.1 -true > conftest.2 -if test -r conftest.1 && test -r conftest.2 ; then true ; else - as_fn_error $? "write error in local file system?" "$LINENO" 5 -fi -a=no -b=no -# blindly assume we have 'unlink'... -if test "$cross_compiling" = yes; then : - as_fn_error $? "Cannot test for constructor/destructor support when cross compiling" "$LINENO" 5 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -void foo1() __attribute__((constructor)); -void foo1() { unlink("conftest.1"); } -void foo2() __attribute__((destructor)); -void foo2() { unlink("conftest.2"); } -int main () { return 0; } -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - test -r conftest.1 || a=yes -test -r conftest.2 || b=yes -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -case $krb5_cv_host in -*-*-aix4.*) - # Under AIX 4.3.3, at least, shared library destructor functions - # appear to get executed in reverse link order (right to left), - # so that a library's destructor function may run after that of - # libraries it depends on, and may still have to access in the - # destructor. - # - # That counts as "not working", for me, but it's a much more - # complicated test case to set up. - b=no - ;; -esac -krb5_cv_attr_constructor_destructor="$a,$b" - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_attr_constructor_destructor" >&5 -$as_echo "$krb5_cv_attr_constructor_destructor" >&6; } -# Okay, krb5_cv_... should be set now. -case $krb5_cv_attr_constructor_destructor in - yes,*) - -$as_echo "@%:@define CONSTRUCTOR_ATTR_WORKS 1" >>confdefs.h - ;; -esac -case $krb5_cv_attr_constructor_destructor in - *,yes) - -$as_echo "@%:@define DESTRUCTOR_ATTR_WORKS 1" >>confdefs.h - ;; -esac - -if test -z "$use_linker_init_option" ; then - as_fn_error $? "ran INITFINI before checking shlib.conf?" "$LINENO" 5 -fi -if test "$use_linker_init_option" = yes; then - -$as_echo "@%:@define USE_LINKER_INIT_OPTION 1" >>confdefs.h - -fi -if test "$use_linker_fini_option" = yes; then - -$as_echo "@%:@define USE_LINKER_FINI_OPTION 1" >>confdefs.h - -fi - - -@%:@ Check whether --enable-thread-support was given. -if test "${enable_thread_support+set}" = set; then : - enableval=$enable_thread_support; -else - enable_thread_support=yes -fi - -if test "$enable_thread_support" = yes ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: enabling thread support" >&5 -$as_echo "$as_me: enabling thread support" >&6;} - -$as_echo "@%:@define ENABLE_THREADS 1" >>confdefs.h - -fi -if test "$enable_thread_support" = yes; then - - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -ax_pthread_ok=no - -# We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on Tru64 or Sequent). -# It gets checked for in the link test anyway. - -# First of all, check if the user has set any of the PTHREAD_LIBS, -# etcetera environment variables, and if threads linking works using -# them: -if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then - ax_pthread_save_CC="$CC" - ax_pthread_save_CFLAGS="$CFLAGS" - ax_pthread_save_LIBS="$LIBS" - if test "x$PTHREAD_CC" != "x"; then : - CC="$PTHREAD_CC" -fi - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS" >&5 -$as_echo_n "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pthread_join (); -int -main () -{ -return pthread_join (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_pthread_ok=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } - if test "x$ax_pthread_ok" = "xno"; then - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" - fi - CC="$ax_pthread_save_CC" - CFLAGS="$ax_pthread_save_CFLAGS" - LIBS="$ax_pthread_save_LIBS" -fi - -# We must check for the threads library under a number of different -# names; the ordering is very important because some systems -# (e.g. DEC) have both -lpthread and -lpthreads, where one of the -# libraries is broken (non-POSIX). - -# Create a list of thread flags to try. Items starting with a "-" are -# C compiler flags, and other items are library names, except for "none" -# which indicates that we try without any flags at all, and "pthread-config" -# which is a program returning the flags for the Pth emulation library. - -ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" - -# The ordering *is* (sometimes) important. Some notes on the -# individual items follow: - -# pthreads: AIX (must check this before -lpthread) -# none: in case threads are in libc; should be tried before -Kthread and -# other compiler flags to prevent continual compiler warnings -# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64 -# (Note: HP C rejects this with "bad form for `-t' option") -# -pthreads: Solaris/gcc (Note: HP C also rejects) -# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads and -# -D_REENTRANT too), HP C (must be checked before -lpthread, which -# is present but should not be used directly; and before -mthreads, -# because the compiler interprets this as "-mt" + "-hreads") -# -mthreads: Mingw32/gcc, Lynx/gcc -# pthread: Linux, etcetera -# --thread-safe: KAI C++ -# pthread-config: use pthread-config program (for GNU Pth library) - -case $host_os in - - freebsd*) - - # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) - # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) - - ax_pthread_flags="-kthread lthread $ax_pthread_flags" - ;; - - hpux*) - - # From the cc(1) man page: "[-mt] Sets various -D flags to enable - # multi-threading and also sets -lpthread." - - ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags" - ;; - - openedition*) - - # IBM z/OS requires a feature-test macro to be defined in order to - # enable POSIX threads at all, so give the user a hint if this is - # not set. (We don't define these ourselves, as they can affect - # other portions of the system API in unpredictable ways.) - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS) - AX_PTHREAD_ZOS_MISSING -# endif - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5 -$as_echo "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;} -fi -rm -f conftest* - - ;; - - solaris*) - - # On Solaris (at least, for some versions), libc contains stubbed - # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (N.B.: The stubs are missing - # pthread_cleanup_push, or rather a function called by this macro, - # so we could check for that, but who knows whether they'll stub - # that too in a future libc.) So we'll check first for the - # standard Solaris way of linking pthreads (-mt -lpthread). - - ax_pthread_flags="-mt,pthread pthread $ax_pthread_flags" - ;; -esac - -# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) - -if test "x$GCC" = "xyes"; then : - ax_pthread_flags="-pthread -pthreads $ax_pthread_flags" -fi - -# The presence of a feature test macro requesting re-entrant function -# definitions is, on some systems, a strong hint that pthreads support is -# correctly enabled - -case $host_os in - darwin* | hpux* | linux* | osf* | solaris*) - ax_pthread_check_macro="_REENTRANT" - ;; - - aix*) - ax_pthread_check_macro="_THREAD_SAFE" - ;; - - *) - ax_pthread_check_macro="--" - ;; -esac -if test "x$ax_pthread_check_macro" = "x--"; then : - ax_pthread_check_cond=0 -else - ax_pthread_check_cond="!defined($ax_pthread_check_macro)" -fi - -# Are we compiling with Clang? - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC is Clang" >&5 -$as_echo_n "checking whether $CC is Clang... " >&6; } -if ${ax_cv_PTHREAD_CLANG+:} false; then : - $as_echo_n "(cached) " >&6 -else - ax_cv_PTHREAD_CLANG=no - # Note that Autoconf sets GCC=yes for Clang as well as GCC - if test "x$GCC" = "xyes"; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ -# if defined(__clang__) && defined(__llvm__) - AX_PTHREAD_CC_IS_CLANG -# endif - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1; then : - ax_cv_PTHREAD_CLANG=yes -fi -rm -f conftest* - - fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5 -$as_echo "$ax_cv_PTHREAD_CLANG" >&6; } -ax_pthread_clang="$ax_cv_PTHREAD_CLANG" - -ax_pthread_clang_warning=no - -# Clang needs special handling, because older versions handle the -pthread -# option in a rather... idiosyncratic way - -if test "x$ax_pthread_clang" = "xyes"; then - - # Clang takes -pthread; it has never supported any other flag - - # (Note 1: This will need to be revisited if a system that Clang - # supports has POSIX threads in a separate library. This tends not - # to be the way of modern systems, but it's conceivable.) - - # (Note 2: On some systems, notably Darwin, -pthread is not needed - # to get POSIX threads support; the API is always present and - # active. We could reasonably leave PTHREAD_CFLAGS empty. But - # -pthread does define _REENTRANT, and while the Darwin headers - # ignore this macro, third-party headers might not.) - - PTHREAD_CFLAGS="-pthread" - PTHREAD_LIBS= - - ax_pthread_ok=yes - - # However, older versions of Clang make a point of warning the user - # that, in an invocation where only linking and no compilation is - # taking place, the -pthread option has no effect ("argument unused - # during compilation"). They expect -pthread to be passed in only - # when source code is being compiled. - # - # Problem is, this is at odds with the way Automake and most other - # C build frameworks function, which is that the same flags used in - # compilation (CFLAGS) are also used in linking. Many systems - # supported by AX_PTHREAD require exactly this for POSIX threads - # support, and in fact it is often not straightforward to specify a - # flag that is used only in the compilation phase and not in - # linking. Such a scenario is extremely rare in practice. - # - # Even though use of the -pthread flag in linking would only print - # a warning, this can be a nuisance for well-run software projects - # that build with -Werror. So if the active version of Clang has - # this misfeature, we search for an option to squash it. - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread" >&5 -$as_echo_n "checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread... " >&6; } -if ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+:} false; then : - $as_echo_n "(cached) " >&6 -else - ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown - # Create an alternate version of $ac_link that compiles and - # links in two steps (.c -> .o, .o -> exe) instead of one - # (.c -> exe), because the warning occurs only in the second - # step - ax_pthread_save_ac_link="$ac_link" - ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' - ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"` - ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" - ax_pthread_save_CFLAGS="$CFLAGS" - for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do - if test "x$ax_pthread_try" = "xunknown"; then : - break -fi - CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" - ac_link="$ax_pthread_save_ac_link" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void){return 0;} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_link="$ax_pthread_2step_ac_link" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void){return 0;} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - break -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - done - ac_link="$ax_pthread_save_ac_link" - CFLAGS="$ax_pthread_save_CFLAGS" - if test "x$ax_pthread_try" = "x"; then : - ax_pthread_try=no -fi - ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5 -$as_echo "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; } - - case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in - no | unknown) ;; - *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;; - esac - -fi # $ax_pthread_clang = yes - -if test "x$ax_pthread_ok" = "xno"; then -for ax_pthread_try_flag in $ax_pthread_flags; do - - case $ax_pthread_try_flag in - none) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 -$as_echo_n "checking whether pthreads work without any flags... " >&6; } - ;; - - -mt,pthread) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with -mt -lpthread" >&5 -$as_echo_n "checking whether pthreads work with -mt -lpthread... " >&6; } - PTHREAD_CFLAGS="-mt" - PTHREAD_LIBS="-lpthread" - ;; - - -*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $ax_pthread_try_flag" >&5 -$as_echo_n "checking whether pthreads work with $ax_pthread_try_flag... " >&6; } - PTHREAD_CFLAGS="$ax_pthread_try_flag" - ;; - - pthread-config) - # Extract the first word of "pthread-config", so it can be a program name with args. -set dummy pthread-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ax_pthread_config+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ax_pthread_config"; then - ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ax_pthread_config="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no" -fi -fi -ax_pthread_config=$ac_cv_prog_ax_pthread_config -if test -n "$ax_pthread_config"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 -$as_echo "$ax_pthread_config" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test "x$ax_pthread_config" = "xno"; then : - continue -fi - PTHREAD_CFLAGS="`pthread-config --cflags`" - PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" - ;; - - *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$ax_pthread_try_flag" >&5 -$as_echo_n "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } - PTHREAD_LIBS="-l$ax_pthread_try_flag" - ;; - esac - - ax_pthread_save_CFLAGS="$CFLAGS" - ax_pthread_save_LIBS="$LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - - # Check for various functions. We must include pthread.h, - # since some functions may be macros. (On the Sequent, we - # need a special flag -Kthread to make this header compile.) - # We check for pthread_join because it is in -lpthread on IRIX - # while pthread_create is in libc. We check for pthread_attr_init - # due to DEC craziness with -lpthreads. We check for - # pthread_cleanup_push because it is one of the few pthread - # functions on Solaris that doesn't have a non-functional libc stub. - # We try pthread_create on general principles. - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -# if $ax_pthread_check_cond -# error "$ax_pthread_check_macro must be defined" -# endif - static void routine(void *a) { a = 0; } - static void *start_routine(void *a) { return a; } -int -main () -{ -pthread_t th; pthread_attr_t attr; - pthread_create(&th, 0, start_routine, 0); - pthread_join(th, 0); - pthread_attr_init(&attr); - pthread_cleanup_push(routine, 0); - pthread_cleanup_pop(0) /* ; */ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_pthread_ok=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - CFLAGS="$ax_pthread_save_CFLAGS" - LIBS="$ax_pthread_save_LIBS" - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } - if test "x$ax_pthread_ok" = "xyes"; then : - break -fi - - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" -done -fi - -# Various other checks: -if test "x$ax_pthread_ok" = "xyes"; then - ax_pthread_save_CFLAGS="$CFLAGS" - ax_pthread_save_LIBS="$LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - - # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 -$as_echo_n "checking for joinable pthread attribute... " >&6; } -if ${ax_cv_PTHREAD_JOINABLE_ATTR+:} false; then : - $as_echo_n "(cached) " >&6 -else - ax_cv_PTHREAD_JOINABLE_ATTR=unknown - for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int attr = $ax_pthread_attr; return attr /* ; */ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - done - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5 -$as_echo "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; } - if test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ - test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ - test "x$ax_pthread_joinable_attr_defined" != "xyes"; then : - -cat >>confdefs.h <<_ACEOF -@%:@define PTHREAD_CREATE_JOINABLE $ax_cv_PTHREAD_JOINABLE_ATTR -_ACEOF - - ax_pthread_joinable_attr_defined=yes - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether more special flags are required for pthreads" >&5 -$as_echo_n "checking whether more special flags are required for pthreads... " >&6; } -if ${ax_cv_PTHREAD_SPECIAL_FLAGS+:} false; then : - $as_echo_n "(cached) " >&6 -else - ax_cv_PTHREAD_SPECIAL_FLAGS=no - case $host_os in - solaris*) - ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" - ;; - esac - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5 -$as_echo "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; } - if test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ - test "x$ax_pthread_special_flags_added" != "xyes"; then : - PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" - ax_pthread_special_flags_added=yes -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 -$as_echo_n "checking for PTHREAD_PRIO_INHERIT... " >&6; } -if ${ax_cv_PTHREAD_PRIO_INHERIT+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int i = PTHREAD_PRIO_INHERIT; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ax_cv_PTHREAD_PRIO_INHERIT=yes -else - ax_cv_PTHREAD_PRIO_INHERIT=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 -$as_echo "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } - if test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ - test "x$ax_pthread_prio_inherit_defined" != "xyes"; then : - -$as_echo "@%:@define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h - - ax_pthread_prio_inherit_defined=yes - -fi - - CFLAGS="$ax_pthread_save_CFLAGS" - LIBS="$ax_pthread_save_LIBS" - - # More AIX lossage: compile with *_r variant - if test "x$GCC" != "xyes"; then - case $host_os in - aix*) - case "x/$CC" in @%:@( - x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6) : - #handle absolute path differently from PATH based program lookup - case "x$CC" in @%:@( - x/*) : - if as_fn_executable_p ${CC}_r; then : - PTHREAD_CC="${CC}_r" -fi ;; @%:@( - *) : - for ac_prog in ${CC}_r -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$PTHREAD_CC"; then - ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_PTHREAD_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -PTHREAD_CC=$ac_cv_prog_PTHREAD_CC -if test -n "$PTHREAD_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 -$as_echo "$PTHREAD_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$PTHREAD_CC" && break -done -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - ;; -esac ;; @%:@( - *) : - ;; -esac - ;; - esac - fi -fi - -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - - - - - -# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test "x$ax_pthread_ok" = "xyes"; then - -$as_echo "@%:@define HAVE_PTHREAD 1" >>confdefs.h - - : -else - ax_pthread_ok=no - as_fn_error $? "cannot determine options for enabling thread support; try --disable-thread-support" "$LINENO" 5 -fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD_CC = $PTHREAD_CC" >&5 -$as_echo "$as_me: PTHREAD_CC = $PTHREAD_CC" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD_CFLAGS = $PTHREAD_CFLAGS" >&5 -$as_echo "$as_me: PTHREAD_CFLAGS = $PTHREAD_CFLAGS" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD_LIBS = $PTHREAD_LIBS" >&5 -$as_echo "$as_me: PTHREAD_LIBS = $PTHREAD_LIBS" >&6;} - # AIX and Tru64 don't support weak references, and don't have - # stub versions of the pthread code in libc. - case "${host_os}" in - aix* | osf*) - # On these platforms, we'll always pull in the thread support. - LIBS="$LIBS $PTHREAD_LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - # We don't need to sometimes add the flags we've just folded in... - PTHREAD_LIBS= - PTHREAD_CFLAGS= - ;; - hpux*) - # These are the flags that "gcc -pthread" adds. But we don't - # want "-pthread" because that has link-time effects, and we - # don't exclude CFLAGS when linking. *sigh* - PTHREAD_CFLAGS="-D_REENTRANT -D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L" - ;; - solaris2.[1-9]) - # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't - # get the right result. XXX What about Solaris 9 and earlier? - if test "$GCC" = yes ; then - PTHREAD_CFLAGS="-D_REENTRANT -pthreads" - fi - ;; - solaris*) - # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't - # get the right result. - if test "$GCC" = yes ; then - PTHREAD_CFLAGS="-D_REENTRANT -pthreads" - fi - # On Solaris 10, the thread support is always available in libc. - -$as_echo "@%:@define NO_WEAK_PTHREADS 1" >>confdefs.h - - ;; - esac - THREAD_SUPPORT=1 -else - PTHREAD_CC="$CC" - PTHREAD_CFLAGS="" - PTHREAD_LIBS="" - THREAD_SUPPORT=0 -fi - -for ac_func in pthread_once pthread_rwlock_init -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -old_CC="$CC" -test "$PTHREAD_CC" != "" && test "$ac_cv_c_compiler_gnu" = no && CC=$PTHREAD_CC -old_CFLAGS="$CFLAGS" -# On Solaris, -pthreads is added to CFLAGS, no extra explicit libraries. -CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - -old_LIBS="$LIBS" -LIBS="$PTHREAD_LIBS $LIBS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: rechecking with PTHREAD_... options" >&5 -$as_echo "$as_me: rechecking with PTHREAD_... options" >&6;} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_rwlock_init in -lc" >&5 -$as_echo_n "checking for pthread_rwlock_init in -lc... " >&6; } -if ${ac_cv_lib_c_pthread_rwlock_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lc $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pthread_rwlock_init (); -int -main () -{ -return pthread_rwlock_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_c_pthread_rwlock_init=yes -else - ac_cv_lib_c_pthread_rwlock_init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_pthread_rwlock_init" >&5 -$as_echo "$ac_cv_lib_c_pthread_rwlock_init" >&6; } -if test "x$ac_cv_lib_c_pthread_rwlock_init" = xyes; then : - -$as_echo "@%:@define HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB 1" >>confdefs.h - -fi - -LIBS="$old_LIBS" -CC="$old_CC" -CFLAGS="$old_CFLAGS" - - -old_LIBS="$LIBS" -DL_LIB= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 -$as_echo_n "checking for library containing dlopen... " >&6; } -if ${ac_cv_search_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dlopen=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dlopen+:} false; then : - break -fi -done -if ${ac_cv_search_dlopen+:} false; then : - -else - ac_cv_search_dlopen=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 -$as_echo "$ac_cv_search_dlopen" >&6; } -ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -if test "$ac_cv_search_dlopen" != "none required"; then - DL_LIB=$ac_cv_search_dlopen -fi -LIBS="$old_LIBS" - -$as_echo "@%:@define USE_DLOPEN 1" >>confdefs.h - -fi - - - - -KRB5_VERSION=1.18.2 - - - - - - - - - - - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi - -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi -fi - -ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" -if test "x$ac_cv_header_stdint_h" = xyes; then : - -else - as_fn_error $? "stdint.h is required" "$LINENO" 5 -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether integers are two's complement" >&5 -$as_echo_n "checking whether integers are two's complement... " >&6; } -if ${krb5_cv_ints_twos_compl+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -int -main () -{ -static int test_array @<:@1 - 2 * !(/* Basic two's complement check */ - ~(-1) == 0 && ~(-1L) == 0L && - /* Check that values with sign bit 1 and value bits 0 are valid */ - -(INT_MIN + 1) == INT_MAX && -(LONG_MIN + 1) == LONG_MAX && - /* Check that unsigned-to-signed conversions preserve bit patterns */ - (int)((unsigned int)INT_MAX + 1) == INT_MIN && - (long)((unsigned long)LONG_MAX + 1) == LONG_MIN)@:>@; -test_array @<:@0@:>@ = 0; -return test_array @<:@0@:>@; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_ints_twos_compl=yes -else - krb5_cv_ints_twos_compl=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_ints_twos_compl" >&5 -$as_echo "$krb5_cv_ints_twos_compl" >&6; } - -if test "$krb5_cv_ints_twos_compl" = "no"; then - as_fn_error $? "integers are not two's complement" "$LINENO" 5 -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether CHAR_BIT is 8" >&5 -$as_echo_n "checking whether CHAR_BIT is 8... " >&6; } -if ${krb5_cv_char_bit_8+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#if CHAR_BIT != 8 - #error CHAR_BIT != 8 -#endif - -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - krb5_cv_char_bit_8=yes -else - krb5_cv_char_bit_8=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_char_bit_8" >&5 -$as_echo "$krb5_cv_char_bit_8" >&6; } - -if test "$krb5_cv_char_bit_8" = "no"; then - as_fn_error $? "CHAR_BIT is not 8" "$LINENO" 5 -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if va_copy is available" >&5 -$as_echo_n "checking if va_copy is available... " >&6; } -if ${krb5_cv_va_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -void f(va_list ap) { - va_list ap2; - va_copy(ap2, ap); - va_end(ap2); -} -va_list x; -int main() -{ - f(x); - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_va_copy=yes -else - krb5_cv_va_copy=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_va_copy" >&5 -$as_echo "$krb5_cv_va_copy" >&6; } -if test "$krb5_cv_va_copy" = yes; then - -$as_echo "@%:@define HAS_VA_COPY 1" >>confdefs.h - -fi - -# Note that this isn't checking if the copied value *works*, just -# whether the C language constraints permit the copying. If -# va_list is defined as an array type, it can't be assigned. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if va_list objects can be copied by assignment" >&5 -$as_echo_n "checking if va_list objects can be copied by assignment... " >&6; } -if ${krb5_cv_va_simple_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -void f(va_list va2) { - va_list va1; - va1 = va2; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_va_simple_copy=yes -else - krb5_cv_va_simple_copy=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_va_simple_copy" >&5 -$as_echo "$krb5_cv_va_simple_copy" >&6; } -if test "$krb5_cv_va_simple_copy" = yes; then - -$as_echo "@%:@define CAN_COPY_VA_LIST 1" >>confdefs.h - -fi - -# The following lines are so that configure --help gives some global -# configuration options. - - -@%:@ Check whether --enable-static was given. -if test "${enable_static+set}" = set; then : - enableval=$enable_static; -else - enable_static=no -fi - -@%:@ Check whether --enable-shared was given. -if test "${enable_shared+set}" = set; then : - enableval=$enable_shared; -else - enable_shared=yes -fi - - -if test "x$enable_static" = "x$enable_shared"; then - as_fn_error $? "--enable-static must be specified with --disable-shared" "$LINENO" 5 -fi - -@%:@ Check whether --enable-rpath was given. -if test "${enable_rpath+set}" = set; then : - enableval=$enable_rpath; -else - enable_rpath=yes -fi - - -if test "x$enable_rpath" != xyes ; then - # Unset the rpath flag values set by shlib.conf - SHLIB_RPATH_FLAGS= - RPATH_FLAG= - PROG_RPATH_FLAGS= -fi - -if test "$SHLIBEXT" = ".so-nobuild"; then - as_fn_error $? "Shared libraries are not yet supported on this platform." "$LINENO" 5 -fi - -DEPLIBEXT=$SHLIBEXT - -if test "x$enable_static" = xyes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: using static libraries" >&5 -$as_echo "$as_me: using static libraries" >&6;} - LIBLIST='lib$(LIBBASE)$(STLIBEXT)' - LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)' - PLUGIN='libkrb5_$(LIBBASE)$(STLIBEXT)' - PLUGINLINK='$(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT)' - PLUGININST=install-static - OBJLISTS=OBJS.ST - LIBINSTLIST=install-static - DEPLIBEXT=$STLIBEXT - -$as_echo "@%:@define STATIC_PLUGINS 1" >>confdefs.h - - - KDB5_PLUGIN_DEPLIBS='$(TOPLIBD)/libkrb5_db2$(DEPLIBEXT)' - KDB5_PLUGIN_LIBS='-lkrb5_db2' - if test "x$OPENLDAP_PLUGIN" = xyes; then - KDB5_PLUGIN_DEBLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkrb5_ldap$(DEPLIBEXT) $(TOPLIBD)/libkdb_ldap$(DEPLIBEXT)' - KDB5_PLUGIN_LIBS=$KDB5_PLUGIN_LIBS' -lkrb5_kldap -lkdb_ldap $(LDAP_LIBS)' - fi - # kadm5srv_mit normally comes before kdb on the link line. Add it - # again after the KDB plugins, since they depend on it for XDR stuff. - KDB5_PLUGIN_DEPLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkadm5srv_mit$(DEPLIBEXT)' - KDB5_PLUGIN_LIBS=$KDB5_PLUGIN_LIBS' -lkadm5srv_mit' - - # avoid duplicate rules generation for AIX and such - SHLIBEXT=.so-nobuild - SHLIBVEXT=.so.v-nobuild - SHLIBSEXT=.so.s-nobuild -else - { $as_echo "$as_me:${as_lineno-$LINENO}: using shared libraries" >&5 -$as_echo "$as_me: using shared libraries" >&6;} - - # Clear some stuff in case of AIX, etc. - if test "$STLIBEXT" = "$SHLIBEXT" ; then - STLIBEXT=.a-nobuild - fi - case "$SHLIBSEXT" in - .so.s-nobuild) - LIBLIST='lib$(LIBBASE)$(SHLIBEXT)' - LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT)' - LIBINSTLIST="install-shared" - ;; - *) - LIBLIST='lib$(LIBBASE)$(SHLIBEXT) lib$(LIBBASE)$(SHLIBSEXT)' - LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT)' - LIBINSTLIST="install-shlib-soname" - ;; - esac - OBJLISTS="OBJS.SH" - PLUGIN='$(LIBBASE)$(DYNOBJEXT)' - PLUGINLINK='../$(PLUGIN)' - PLUGININST=install-plugin - KDB5_PLUGIN_DEPLIBS= - KDB5_PLUGIN_LIBS= -fi -CC_LINK="$CC_LINK_SHARED" -CXX_LINK="$CXX_LINK_SHARED" - -if test -z "$LIBLIST"; then - as_fn_error $? "must enable one of shared or static libraries" "$LINENO" 5 -fi - -# Check whether to build profiled libraries. -@%:@ Check whether --enable-profiled was given. -if test "${enable_profiled+set}" = set; then : - enableval=$enable_profiled; if test "$enableval" = yes; then - as_fn_error $? "Sorry, profiled libraries do not work in this release." "$LINENO" 5 -fi -fi - - -TCL_INCLUDES= -TCL_LIBPATH= -TCL_RPATH= -TCL_LIBS= -TCL_WITH= -tcl_dir= - -@%:@ Check whether --with-tcl was given. -if test "${with_tcl+set}" = set; then : - withval=$with_tcl; -else - with_tcl=try -fi - -if test "$with_tcl" = no ; then - true -elif test "$with_tcl" = yes -o "$with_tcl" = try ; then - tcl_dir=/usr - if test ! -r /usr/lib/tclConfig.sh; then - cat >> conftest <<\EOF -puts "tcl_dir=$tcl_library" -EOF - if tclsh conftest >conftest.out 2>/dev/null; then - if grep tcl_dir= conftest.out >/dev/null 2>&1; then - t=`sed s/tcl_dir=// conftest.out` - tcl_dir=$t - fi - fi # tclsh ran script okay - rm -f conftest conftest.out - fi # no /usr/lib/tclConfig.sh -else - tcl_dir=$with_tcl -fi -if test "$with_tcl" != no ; then - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tclConfig.sh" >&5 -$as_echo_n "checking for tclConfig.sh... " >&6; } -if test -r "$tcl_dir/lib/tclConfig.sh" ; then - tcl_conf="$tcl_dir/lib/tclConfig.sh" -elif test -r "$tcl_dir/tclConfig.sh" ; then - tcl_conf="$tcl_dir/tclConfig.sh" -elif test -r "$tcl_dir/../tclConfig.sh" ; then - tcl_conf="$tcl_dir/../tclConfig.sh" -else - tcl_conf= - lib="$tcl_dir/lib" - for d in "$lib" "$lib"/tcl7.[0-9] "$lib"/tcl8.[0-9] ; do - if test -r "$d/tclConfig.sh" ; then - tcl_conf="$tcl_conf $d/tclConfig.sh" - fi - done - fi -if test -n "$tcl_conf" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $tcl_conf" >&5 -$as_echo "$tcl_conf" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } -fi -tcl_ok_conf= -tcl_vers_maj= -tcl_vers_min= -old_CPPFLAGS=$CPPFLAGS -old_LIBS=$LIBS -old_LDFLAGS=$LDFLAGS -if test -n "$tcl_conf" ; then - for file in $tcl_conf ; do - TCL_MAJOR_VERSION=x ; TCL_MINOR_VERSION=x - { $as_echo "$as_me:${as_lineno-$LINENO}: checking Tcl info in $file" >&5 -$as_echo_n "checking Tcl info in $file... " >&6; } - . $file - v=$TCL_MAJOR_VERSION.$TCL_MINOR_VERSION - if test -z "$tcl_vers_maj" \ - || test "$tcl_vers_maj" -lt "$TCL_MAJOR_VERSION" \ - || test "$tcl_vers_maj" = "$TCL_MAJOR_VERSION" -a "$tcl_vers_min" -lt "$TCL_MINOR_VERSION" ; then - for incdir in "$TCL_PREFIX/include/tcl$v" "$TCL_PREFIX/include" ; do - if test -r "$incdir/tcl.h" -o -r "$incdir/tcl/tcl.h" ; then - CPPFLAGS="$old_CPPFLAGS -I$incdir" - break - fi - done - LIBS="$old_LIBS `eval echo x $TCL_LIB_SPEC $TCL_LIBS | sed 's/^x//'`" - LDFLAGS="$old_LDFLAGS $TCL_LD_FLAGS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -Tcl_CreateInterp (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - tcl_ok_conf=$file - tcl_vers_maj=$TCL_MAJOR_VERSION - tcl_vers_min=$TCL_MINOR_VERSION - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $v - working" >&5 -$as_echo "$v - working" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $v - compilation failed" >&5 -$as_echo "$v - compilation failed" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: older version $v" >&5 -$as_echo "older version $v" >&6; } - fi - done -fi -CPPFLAGS=$old_CPPFLAGS -LIBS=$old_LIBS -LDFLAGS=$old_LDFLAGS -tcl_header=no -tcl_lib=no -if test -n "$tcl_ok_conf" ; then - . $tcl_ok_conf - TCL_INCLUDES= - for incdir in "$TCL_PREFIX/include/tcl$v" "$TCL_PREFIX/include" ; do - if test -r "$incdir/tcl.h" -o -r "$incdir/tcl/tcl.h" ; then - if test "$incdir" != "/usr/include" ; then - TCL_INCLUDES=-I$incdir - fi - break - fi - done - # Need eval because the first-level expansion could reference - # variables like ${TCL_DBGX}. - eval TCL_LIBS='"'$TCL_LIB_SPEC $TCL_LIBS $TCL_DL_LIBS'"' - TCL_LIBPATH="-L$TCL_EXEC_PREFIX/lib" - TCL_RPATH=":$TCL_EXEC_PREFIX/lib" - if test "$DEPLIBEXT" != "$SHLIBEXT" && test -n "$RPATH_FLAG"; then - TCL_MAYBE_RPATH='$(RPATH_FLAG)'"$TCL_EXEC_PREFIX/lib$RPATH_TAIL" - else - TCL_MAYBE_RPATH= - fi - CPPFLAGS="$old_CPPFLAGS $TCL_INCLUDES" - ac_fn_c_check_header_mongrel "$LINENO" "tcl.h" "ac_cv_header_tcl_h" "$ac_includes_default" -if test "x$ac_cv_header_tcl_h" = xyes; then : - -$as_echo "@%:@define HAVE_TCL_H 1" >>confdefs.h - tcl_header=yes -fi - - - if test $tcl_header=no; then - ac_fn_c_check_header_mongrel "$LINENO" "tcl/tcl.h" "ac_cv_header_tcl_tcl_h" "$ac_includes_default" -if test "x$ac_cv_header_tcl_tcl_h" = xyes; then : - -$as_echo "@%:@define HAVE_TCL_TCL_H 1" >>confdefs.h - tcl_header=yes -fi - - - fi - CPPFLAGS="$old_CPPFLAGS" - tcl_lib=yes -else - # If we read a tclConfig.sh file, it probably set this. - TCL_LIBS= -fi - - - - - - - if test $tcl_lib = no ; then - if test "$with_tcl" != try ; then - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: trying old tcl search code" >&5 -$as_echo "$as_me: WARNING: trying old tcl search code" >&2;} -if test "$with_tcl" != yes -a "$with_tcl" != no; then - TCL_INCLUDES=-I$with_tcl/include - TCL_LIBPATH=-L$with_tcl/lib - TCL_RPATH=:$with_tcl/lib -fi -if test "$with_tcl" != no ; then - krb5_save_CPPFLAGS="$CPPFLAGS" - krb5_save_LDFLAGS="$LDFLAGS" - CPPFLAGS="$CPPFLAGS $TCL_INCLUDES" - LDFLAGS="$LDFLAGS $TCL_LIBPATH" - tcl_header=no - ac_fn_c_check_header_mongrel "$LINENO" "tcl.h" "ac_cv_header_tcl_h" "$ac_includes_default" -if test "x$ac_cv_header_tcl_h" = xyes; then : - -$as_echo "@%:@define HAVE_TCL_H 1" >>confdefs.h - tcl_header=yes -fi - - - if test $tcl_header=no; then - ac_fn_c_check_header_mongrel "$LINENO" "tcl/tcl.h" "ac_cv_header_tcl_tcl_h" "$ac_includes_default" -if test "x$ac_cv_header_tcl_tcl_h" = xyes; then : - -$as_echo "@%:@define HAVE_TCL_TCL_H 1" >>confdefs.h - tcl_header=yes -fi - - - fi - - if test $tcl_header = yes ; then - tcl_lib=no - - if test $tcl_lib = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Tcl_CreateCommand in -ltcl8.0" >&5 -$as_echo_n "checking for Tcl_CreateCommand in -ltcl8.0... " >&6; } -if ${ac_cv_lib_tcl8_0_Tcl_CreateCommand+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ltcl8.0 -lm $DL_LIB $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char Tcl_CreateCommand (); -int -main () -{ -return Tcl_CreateCommand (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_tcl8_0_Tcl_CreateCommand=yes -else - ac_cv_lib_tcl8_0_Tcl_CreateCommand=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tcl8_0_Tcl_CreateCommand" >&5 -$as_echo "$ac_cv_lib_tcl8_0_Tcl_CreateCommand" >&6; } -if test "x$ac_cv_lib_tcl8_0_Tcl_CreateCommand" = xyes; then : - TCL_LIBS="$TCL_LIBS -ltcl8.0 -lm $DL_LIB $LIBS" - tcl_lib=yes -fi - - fi - if test $tcl_lib = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Tcl_CreateCommand in -ltcl7.6" >&5 -$as_echo_n "checking for Tcl_CreateCommand in -ltcl7.6... " >&6; } -if ${ac_cv_lib_tcl7_6_Tcl_CreateCommand+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ltcl7.6 -lm $DL_LIB $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char Tcl_CreateCommand (); -int -main () -{ -return Tcl_CreateCommand (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_tcl7_6_Tcl_CreateCommand=yes -else - ac_cv_lib_tcl7_6_Tcl_CreateCommand=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tcl7_6_Tcl_CreateCommand" >&5 -$as_echo "$ac_cv_lib_tcl7_6_Tcl_CreateCommand" >&6; } -if test "x$ac_cv_lib_tcl7_6_Tcl_CreateCommand" = xyes; then : - TCL_LIBS="$TCL_LIBS -ltcl7.6 -lm $DL_LIB $LIBS" - tcl_lib=yes -fi - - fi - if test $tcl_lib = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Tcl_CreateCommand in -ltcl7.5" >&5 -$as_echo_n "checking for Tcl_CreateCommand in -ltcl7.5... " >&6; } -if ${ac_cv_lib_tcl7_5_Tcl_CreateCommand+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ltcl7.5 -lm $DL_LIB $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char Tcl_CreateCommand (); -int -main () -{ -return Tcl_CreateCommand (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_tcl7_5_Tcl_CreateCommand=yes -else - ac_cv_lib_tcl7_5_Tcl_CreateCommand=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tcl7_5_Tcl_CreateCommand" >&5 -$as_echo "$ac_cv_lib_tcl7_5_Tcl_CreateCommand" >&6; } -if test "x$ac_cv_lib_tcl7_5_Tcl_CreateCommand" = xyes; then : - TCL_LIBS="$TCL_LIBS -ltcl7.5 -lm $DL_LIB $LIBS" - tcl_lib=yes -fi - - - fi - if test $tcl_lib = no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Tcl_CreateCommand in -ltcl" >&5 -$as_echo_n "checking for Tcl_CreateCommand in -ltcl... " >&6; } -if ${ac_cv_lib_tcl_Tcl_CreateCommand+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ltcl -lm $DL_LIB $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char Tcl_CreateCommand (); -int -main () -{ -return Tcl_CreateCommand (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_tcl_Tcl_CreateCommand=yes -else - ac_cv_lib_tcl_Tcl_CreateCommand=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tcl_Tcl_CreateCommand" >&5 -$as_echo "$ac_cv_lib_tcl_Tcl_CreateCommand" >&6; } -if test "x$ac_cv_lib_tcl_Tcl_CreateCommand" = xyes; then : - TCL_LIBS="$TCL_LIBS -ltcl -lm $DL_LIB $LIBS" - tcl_lib=yes -fi - - - fi - if test $tcl_lib = no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \"tcl.h found but not library\"" >&5 -$as_echo "$as_me: WARNING: \"tcl.h found but not library\"" >&2;} - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Could not find Tcl which is needed for the kadm5 tests" >&5 -$as_echo "$as_me: WARNING: Could not find Tcl which is needed for the kadm5 tests" >&2;} - TCL_LIBS= - fi - CPPFLAGS="$krb5_save_CPPFLAGS" - LDFLAGS="$krb5_save_LDFLAGS" - - - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"Not looking for Tcl library\"" >&5 -$as_echo "\"Not looking for Tcl library\"" >&6; } -fi - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Could not find Tcl which is needed for some tests" >&5 -$as_echo "$as_me: WARNING: Could not find Tcl which is needed for some tests" >&2;} - fi - fi -fi -# If "yes" or pathname, error out if not found. -if test "$with_tcl" != no -a "$with_tcl" != try ; then - if test "$tcl_header $tcl_lib" != "yes yes" ; then - as_fn_error $? "Could not find Tcl" "$LINENO" 5 - fi -fi - -@%:@ Check whether --enable-athena was given. -if test "${enable_athena+set}" = set; then : - enableval=$enable_athena; -fi - - -# Begin autoconf tests for the Makefiles generated out of the top-level -# configure.in... - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 -$as_echo_n "checking whether ln -s works... " >&6; } -LN_S=$as_ln_s -if test "$LN_S" = "ln -s"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 -$as_echo "no, using $LN_S" >&6; } -fi - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -$as_echo "$RANLIB" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -$as_echo "$ac_ct_RANLIB" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi - -# Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ARCHIVE+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ARCHIVE"; then - ac_cv_prog_ARCHIVE="$ARCHIVE" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ARCHIVE="ar cqv" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_ARCHIVE" && ac_cv_prog_ARCHIVE="false" -fi -fi -ARCHIVE=$ac_cv_prog_ARCHIVE -if test -n "$ARCHIVE"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ARCHIVE" >&5 -$as_echo "$ARCHIVE" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ARADD+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ARADD"; then - ac_cv_prog_ARADD="$ARADD" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ARADD="ar cruv" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_ARADD" && ac_cv_prog_ARADD="false" -fi -fi -ARADD=$ac_cv_prog_ARADD -if test -n "$ARADD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ARADD" >&5 -$as_echo "$ARADD" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AmigaOS /C/install, which installs bootblocks on floppy discs -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# OS/2's system install, which has a completely different semantic -# ./install, which can be erroneously created by make from ./install.sh. -# Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } -if test -z "$INSTALL"; then -if ${ac_cv_path_install+:} false; then : - $as_echo_n "(cached) " >&6 -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in @%:@(( - ./ | .// | /[cC]/* | \ - /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ - /usr/ucb/* ) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then - if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # program-specific install script used by HP pwplus--don't use. - : - else - rm -rf conftest.one conftest.two conftest.dir - echo one > conftest.one - echo two > conftest.two - mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && - test -s conftest.one && test -s conftest.two && - test -s conftest.dir/conftest.one && - test -s conftest.dir/conftest.two - then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 - fi - fi - fi - done - done - ;; -esac - - done -IFS=$as_save_IFS - -rm -rf conftest.one conftest.two conftest.dir - -fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL=$ac_cv_path_install - else - # As a last resort, use the slow shell script. Don't cache a - # value for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - INSTALL=$ac_install_sh - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } - -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - -# Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_AR="ar" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_AR" && ac_cv_prog_AR="false" -fi -fi -AR=$ac_cv_prog_AR -if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test "$AR" = "false"; then - as_fn_error $? "ar not found in PATH" "$LINENO" 5 -fi -# Extract the first word of "perl", so it can be a program name with args. -set dummy perl; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PERL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$PERL"; then - ac_cv_prog_PERL="$PERL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_PERL="perl" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_PERL" && ac_cv_prog_PERL="false" -fi -fi -PERL=$ac_cv_prog_PERL -if test -n "$PERL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 -$as_echo "$PERL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test "$ac_cv_prog_PERL" = "false"; then - as_fn_error $? "Perl is now required for Kerberos builds." "$LINENO" 5 -fi - - - - - - - - - - - - - - - - - - - - - - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working regcomp" >&5 -$as_echo_n "checking for working regcomp... " >&6; } -if ${ac_cv_func_regcomp+:} false; then : - $as_echo_n "(cached) " >&6 -else - -if test "$cross_compiling" = yes; then : - as_fn_error $? "Cannot test regcomp when cross compiling" "$LINENO" 5 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -regex_t x; regmatch_t m; -int main() { return regcomp(&x,"pat.*",0) || regexec(&x,"pattern",1,&m,0); } - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_regcomp=yes -else - ac_cv_func_regcomp=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_regcomp" >&5 -$as_echo "$ac_cv_func_regcomp" >&6; } -test $ac_cv_func_regcomp = yes && -$as_echo "@%:@define HAVE_REGCOMP 1" >>confdefs.h - -if test $ac_cv_func_regcomp = no; then - save_LIBS="$LIBS" - LIBS=-lgen - for ac_func in compile step -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - LIBS="$save_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compile in -lgen" >&5 -$as_echo_n "checking for compile in -lgen... " >&6; } -if ${ac_cv_lib_gen_compile+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgen $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char compile (); -int -main () -{ -return compile (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gen_compile=yes -else - ac_cv_lib_gen_compile=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_compile" >&5 -$as_echo "$ac_cv_lib_gen_compile" >&6; } -if test "x$ac_cv_lib_gen_compile" = xyes; then : - GEN_LIB=-lgen -else - GEN_LIB= -fi - - -fi - - - - - - -# for kprop -ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default" -if test "x$ac_cv_type_mode_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -@%:@define mode_t int -_ACEOF - -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if daemon needs a prototype provided" >&5 -$as_echo_n "checking if daemon needs a prototype provided... " >&6; } -if ${krb5_cv_func_daemon_noproto+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef HAVE_UNISTD_H -#include -#endif -int -main () -{ -#undef daemon -struct k5foo {int foo; } xx; -extern int daemon (struct k5foo*); -daemon(&xx); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_func_daemon_noproto=yes -else - krb5_cv_func_daemon_noproto=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_daemon_noproto" >&5 -$as_echo "$krb5_cv_func_daemon_noproto" >&6; } -if test $krb5_cv_func_daemon_noproto = yes; then - -$as_echo "@%:@define NEED_DAEMON_PROTO 1" >>confdefs.h - -fi - - - -sock_set=no -for sock_arg1 in "struct sockaddr *" "void *" -do - for sock_arg2 in "size_t *" "int *" "socklen_t *" - do - if test $sock_set = no; then - -krb5_lib_var=`echo "$sock_arg1 $sock_arg2" | sed 'y% ./+-*%___p_p%'` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if getsockname() takes arguments $sock_arg1 and $sock_arg2" >&5 -$as_echo_n "checking if getsockname() takes arguments $sock_arg1 and $sock_arg2... " >&6; } -if eval \${krb5_cv_getsockname_proto_$krb5_lib_var+:} false; then : - $as_echo_n "(cached) " >&6 -else - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -extern int getsockname(int, $sock_arg1, $sock_arg2); - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "krb5_cv_getsockname_proto_$krb5_lib_var=yes" -else - eval "krb5_cv_getsockname_proto_$krb5_lib_var=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if eval "test \"`echo '$krb5_cv_getsockname_proto_'$krb5_lib_var`\" = yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - sock_set=yes; res1="$sock_arg1"; res2="$sock_arg2" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - fi - done -done -if test "$sock_set" = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: assuming struct sockaddr and socklen_t for getsockname args" >&5 -$as_echo "$as_me: assuming struct sockaddr and socklen_t for getsockname args" >&6;} - res1="struct sockaddr *" - res2="socklen_t *" -fi -res1=`echo "$res1" | tr -d '*' | sed -e 's/ *$//'` -res2=`echo "$res2" | tr -d '*' | sed -e 's/ *$//'` - -cat >>confdefs.h <<_ACEOF -@%:@define GETSOCKNAME_ARG3_TYPE $res2 -_ACEOF - - - - -$as_echo "@%:@define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE" >>confdefs.h - - -LIBUTIL= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lutil" >&5 -$as_echo_n "checking for main in -lutil... " >&6; } -if ${ac_cv_lib_util_main+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lutil $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -int -main () -{ -return main (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_util_main=yes -else - ac_cv_lib_util_main=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_main" >&5 -$as_echo "$ac_cv_lib_util_main" >&6; } -if test "x$ac_cv_lib_util_main" = xyes; then : - -$as_echo "@%:@define HAVE_LIBUTIL 1" >>confdefs.h - -LIBUTIL=-lutil - -fi - - - -# Determine if NLS is desired and supported. -po= -@%:@ Check whether --enable-nls was given. -if test "${enable_nls+set}" = set; then : - enableval=$enable_nls; -else - enable_nls=check -fi - -if test "$enable_nls" != no; then - ac_fn_c_check_header_mongrel "$LINENO" "libintl.h" "ac_cv_header_libintl_h" "$ac_includes_default" -if test "x$ac_cv_header_libintl_h" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dgettext" >&5 -$as_echo_n "checking for library containing dgettext... " >&6; } -if ${ac_cv_search_dgettext+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dgettext (); -int -main () -{ -return dgettext (); - ; - return 0; -} -_ACEOF -for ac_lib in '' intl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dgettext=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dgettext+:} false; then : - break -fi -done -if ${ac_cv_search_dgettext+:} false; then : - -else - ac_cv_search_dgettext=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dgettext" >&5 -$as_echo "$ac_cv_search_dgettext" >&6; } -ac_res=$ac_cv_search_dgettext -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - - -$as_echo "@%:@define ENABLE_NLS 1" >>confdefs.h - - nls_enabled=yes -fi - -fi - - - - # Extract the first word of "msgfmt", so it can be a program name with args. -set dummy msgfmt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_MSGFMT+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$MSGFMT"; then - ac_cv_prog_MSGFMT="$MSGFMT" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_MSGFMT="msgfmt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -MSGFMT=$ac_cv_prog_MSGFMT -if test -n "$MSGFMT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 -$as_echo "$MSGFMT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test x"$MSGFMT" != x; then - ac_config_files="$ac_config_files po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in" - - - - po=po - fi - - # Error out if --enable-nls was explicitly requested but can't be enabled. - if test "$enable_nls" = yes; then - if test "$nls_enabled" != yes -o "x$po" = x; then - as_fn_error $? "NLS support requested but cannot be built" "$LINENO" 5 - fi - fi -fi - - -# for kdc -for ac_header in sys/sockio.h ifaddrs.h unistd.h fnmatch.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -for ac_func in vsprintf vasprintf vsnprintf strlcpy fnmatch secure_getenv -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -EXTRA_SUPPORT_SYMS= -ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" -if test "x$ac_cv_func_strlcpy" = xyes; then : - STRLCPY_ST_OBJ= -STRLCPY_OBJ= -else - STRLCPY_ST_OBJ=strlcpy.o -STRLCPY_OBJ='$(OUTPRE)strlcpy.$(OBJEXT)' -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_strlcpy krb5int_strlcat" -fi - - - - -ac_fn_c_check_func "$LINENO" "getopt" "ac_cv_func_getopt" -if test "x$ac_cv_func_getopt" = xyes; then : - GETOPT_ST_OBJ= -GETOPT_OBJ= - -$as_echo "@%:@define HAVE_GETOPT 1" >>confdefs.h - -else - GETOPT_ST_OBJ='getopt.o' -GETOPT_OBJ='$(OUTPRE)getopt.$(OBJEXT)' -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_optind k5_optarg k5_opterr k5_optopt k5_getopt" -fi - - - - -ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long" -if test "x$ac_cv_func_getopt_long" = xyes; then : - GETOPT_LONG_ST_OBJ= -GETOPT_LONG_OBJ= - -$as_echo "@%:@define HAVE_GETOPT_LONG 1" >>confdefs.h - -else - GETOPT_LONG_ST_OBJ='getopt_long.o' -GETOPT_LONG_OBJ='$(OUTPRE)getopt_long.$(OBJEXT)' -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_getopt_long" -fi - - - - -ac_fn_c_check_func "$LINENO" "fnmatch" "ac_cv_func_fnmatch" -if test "x$ac_cv_func_fnmatch" = xyes; then : - FNMATCH_ST_OBJ= -FNMATCH_OBJ= -else - FNMATCH_ST_OBJ=fnmatch.o -FNMATCH_OBJ='$(OUTPRE)fnmatch.$(OBJEXT)' -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_fnmatch" -fi - - - - -ac_fn_c_check_func "$LINENO" "vasprintf" "ac_cv_func_vasprintf" -if test "x$ac_cv_func_vasprintf" = xyes; then : - PRINTF_ST_OBJ= -PRINTF_OBJ= -else - PRINTF_ST_OBJ=printf.o -PRINTF_OBJ='$(OUTPRE)printf.$(OBJEXT)' -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_asprintf krb5int_vasprintf" -fi - - - - -if test "x$ac_cv_func_vasprintf" = xyes; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if vasprintf needs a prototype provided" >&5 -$as_echo_n "checking if vasprintf needs a prototype provided... " >&6; } -if ${krb5_cv_func_vasprintf_noproto+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -#undef vasprintf -struct k5foo {int foo; } xx; -extern int vasprintf (struct k5foo*); -vasprintf(&xx); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_func_vasprintf_noproto=yes -else - krb5_cv_func_vasprintf_noproto=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_vasprintf_noproto" >&5 -$as_echo "$krb5_cv_func_vasprintf_noproto" >&6; } -if test $krb5_cv_func_vasprintf_noproto = yes; then - -$as_echo "@%:@define NEED_VASPRINTF_PROTO 1" >>confdefs.h - -fi -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if swab needs a prototype provided" >&5 -$as_echo_n "checking if swab needs a prototype provided... " >&6; } -if ${krb5_cv_func_swab_noproto+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#ifdef HAVE_UNISTD_H -#include -#endif -/* Solaris 8 declares swab in stdlib.h. */ -#include - -int -main () -{ -#undef swab -struct k5foo {int foo; } xx; -extern int swab (struct k5foo*); -swab(&xx); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_func_swab_noproto=yes -else - krb5_cv_func_swab_noproto=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_swab_noproto" >&5 -$as_echo "$krb5_cv_func_swab_noproto" >&6; } -if test $krb5_cv_func_swab_noproto = yes; then - -$as_echo "@%:@define NEED_SWAB_PROTO 1" >>confdefs.h - -fi - - - -ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv" -if test "x$ac_cv_func_secure_getenv" = xyes; then : - SECURE_GETENV_ST_OBJ= -SECURE_GETENV_OBJ= -SECURE_GETENV_INIT= -else - SECURE_GETENV_ST_OBJ=secure_getenv.o -SECURE_GETENV_OBJ='$(OUTPRE)secure_getenv.$(OBJEXT)' -SECURE_GETENV_INIT=k5_secure_getenv_init -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_secure_getenv" -fi - - - - - -for ac_prog in gawk mawk nawk awk -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$AWK"; then - ac_cv_prog_AWK="$AWK" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -AWK=$ac_cv_prog_AWK -if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$AWK" && break -done - - ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" "#include -#include -" -if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes; then : - -$as_echo "@%:@define HAVE_SA_LEN 1" >>confdefs.h - - -fi - - -for ac_header in sys/types.h sys/socket.h netinet/in.h netdb.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -for ac_func in inet_ntop inet_pton getnameinfo -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 -$as_echo_n "checking for getaddrinfo... " >&6; } -if ${ac_cv_func_getaddrinfo+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef HAVE_NETDB_H -#include -#endif -int -main () -{ - -struct addrinfo *ai; -getaddrinfo("kerberos.mit.edu", "echo", 0, &ai); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_func_getaddrinfo=yes -else - ac_cv_func_getaddrinfo=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5 -$as_echo "$ac_cv_func_getaddrinfo" >&6; } -if test $ac_cv_func_getaddrinfo = yes; then - -$as_echo "@%:@define HAVE_GETADDRINFO 1" >>confdefs.h - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv6 compile-time support without -DINET6" >&5 -$as_echo_n "checking for IPv6 compile-time support without -DINET6... " >&6; } -if ${krb5_cv_inet6+:} false; then : - $as_echo_n "(cached) " >&6 -else - -if test "$ac_cv_func_inet_ntop" != "yes" ; then - krb5_cv_inet6=no -else -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include -#include -#include - -int -main () -{ - - struct sockaddr_in6 in; - AF_INET6; - IN6_IS_ADDR_LINKLOCAL (&in.sin6_addr); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_inet6=yes -else - krb5_cv_inet6=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_inet6" >&5 -$as_echo "$krb5_cv_inet6" >&6; } -if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv6 compile-time support with -DINET6" >&5 -$as_echo_n "checking for IPv6 compile-time support with -DINET6... " >&6; } -if ${krb5_cv_inet6_with_dinet6+:} false; then : - $as_echo_n "(cached) " >&6 -else - -old_CC="$CC" -CC="$CC -DINET6" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include -#include -#include - -int -main () -{ - - struct sockaddr_in6 in; - AF_INET6; - IN6_IS_ADDR_LINKLOCAL (&in.sin6_addr); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_inet6_with_dinet6=yes -else - krb5_cv_inet6_with_dinet6=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -CC="$old_CC" -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_inet6_with_dinet6" >&5 -$as_echo "$krb5_cv_inet6_with_dinet6" >&6; } -fi -if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes; then - if test "$krb5_cv_inet6_with_dinet6" = yes; then - -$as_echo "@%:@define INET6 1" >>confdefs.h - - fi -fi - - ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" "#include -#include -" -if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes; then : - -$as_echo "@%:@define HAVE_SA_LEN 1" >>confdefs.h - - -fi - - -ac_fn_c_check_func "$LINENO" "sigprocmask" "ac_cv_func_sigprocmask" -if test "x$ac_cv_func_sigprocmask" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sigset_t and POSIX_SIGNALS" >&5 -$as_echo_n "checking for sigset_t and POSIX_SIGNALS... " >&6; } -if ${krb5_cv_type_sigset_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -sigset_t x - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_type_sigset_t=yes -else - krb5_cv_type_sigset_t=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_type_sigset_t" >&5 -$as_echo "$krb5_cv_type_sigset_t" >&6; } -if test $krb5_cv_type_sigset_t = yes; then - -$as_echo "@%:@define POSIX_SIGNALS 1" >>confdefs.h - -fi - -fi - - -# --with-vague-errors disables useful error messages. - - -@%:@ Check whether --with-vague-errors was given. -if test "${with_vague_errors+set}" = set; then : - withval=$with_vague_errors; -else - withval=no -fi - -if test "$withval" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Supplying vague error messages to KDC clients" >&5 -$as_echo "$as_me: Supplying vague error messages to KDC clients" >&6;} - -$as_echo "@%:@define KRBCONF_VAGUE_ERRORS 1" >>confdefs.h - -fi - -# Check which (if any) audit plugin to build -audit_plugin="" -@%:@ Check whether --enable-audit-plugin was given. -if test "${enable_audit_plugin+set}" = set; then : - enableval=$enable_audit_plugin; -else - enableval=no -fi - -if test "$enableval" != no; then - case "$enableval" in - simple) - # if audit_log_user_message is found, we assume - # that audit_open and audit_close are also defined. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for audit_log_user_message in -laudit" >&5 -$as_echo_n "checking for audit_log_user_message in -laudit... " >&6; } -if ${ac_cv_lib_audit_audit_log_user_message+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-laudit $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char audit_log_user_message (); -int -main () -{ -return audit_log_user_message (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_audit_audit_log_user_message=yes -else - ac_cv_lib_audit_audit_log_user_message=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_audit_audit_log_user_message" >&5 -$as_echo "$ac_cv_lib_audit_audit_log_user_message" >&6; } -if test "x$ac_cv_lib_audit_audit_log_user_message" = xyes; then : - AUDIT_IMPL_LIBS=-laudit - ac_config_files="$ac_config_files plugins/audit/simple/Makefile:$srcdir/./config/pre.in:plugins/audit/simple/Makefile.in:plugins/audit/simple/deps:$srcdir/./config/post.in" - - - - audit_plugin=plugins/audit/simple -else - as_fn_error $? "libaudit not found or undefined symbol audit_log_user_message" "$LINENO" 5 -fi - - ;; - *) - as_fn_error $? "Unknown audit plugin implementation $enableval." "$LINENO" 5 - ;; - esac -fi - - - -# WITH_CRYPTO_IMPL - -CRYPTO_IMPL="builtin" - -@%:@ Check whether --with-crypto-impl was given. -if test "${with_crypto_impl+set}" = set; then : - withval=$with_crypto_impl; CRYPTO_IMPL=$withval -{ $as_echo "$as_me:${as_lineno-$LINENO}: k5crypto will use '$withval'" >&5 -$as_echo "$as_me: k5crypto will use '$withval'" >&6;} - -else - withval=builtin -fi - -case "$withval" in -builtin) - ;; -openssl) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS7_get_signer_info in -lcrypto" >&5 -$as_echo_n "checking for PKCS7_get_signer_info in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_PKCS7_get_signer_info+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char PKCS7_get_signer_info (); -int -main () -{ -return PKCS7_get_signer_info (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_PKCS7_get_signer_info=yes -else - ac_cv_lib_crypto_PKCS7_get_signer_info=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_PKCS7_get_signer_info" >&5 -$as_echo "$ac_cv_lib_crypto_PKCS7_get_signer_info" >&6; } -if test "x$ac_cv_lib_crypto_PKCS7_get_signer_info" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBCRYPTO 1 -_ACEOF - - LIBS="-lcrypto $LIBS" - -fi - - ;; -*) - as_fn_error $? "Unknown crypto implementation $withval" "$LINENO" 5 - ;; -esac -ac_config_commands="$ac_config_commands CRYPTO_IMPL" - - - - - -for ac_func in EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_derive -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -$as_echo "@%:@define OSSL_KDFS 1" >>confdefs.h - -else - as_fn_error $? "backported OpenSSL KDFs not found" "$LINENO" 5 -fi -done - - - -@%:@ Check whether --with-prng-alg was given. -if test "${with_prng_alg+set}" = set; then : - withval=$with_prng_alg; PRNG_ALG=$withval -{ $as_echo "$as_me:${as_lineno-$LINENO}: k5crypto will use '$withval'" >&5 -$as_echo "$as_me: k5crypto will use '$withval'" >&6;} - -else - PRNG_ALG=fortuna -fi - -ac_config_commands="$ac_config_commands PRNG_ALG" - - -if test "$PRNG_ALG" = fortuna; then - -$as_echo "@%:@define FORTUNA 1" >>confdefs.h - -fi - -# WITH_TLS_IMPL - - -@%:@ Check whether --with-tls-impl was given. -if test "${with_tls_impl+set}" = set; then : - withval=$with_tls_impl; TLS_IMPL=$withval -else - TLS_IMPL=auto -fi - -case "$TLS_IMPL" in -openssl|auto) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5 -$as_echo_n "checking for SSL_CTX_new in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_CTX_new+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_new (); -int -main () -{ -return SSL_CTX_new (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_CTX_new=yes -else - ac_cv_lib_ssl_SSL_CTX_new=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_CTX_new" >&6; } -if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes; then : - have_lib_ssl=true -else - have_lib_ssl=false -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5 -$as_echo_n "checking for OpenSSL... " >&6; } - if test x$have_lib_ssl = xtrue ; then - -$as_echo "@%:@define TLS_IMPL_OPENSSL 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - TLS_IMPL_LIBS="-lssl -lcrypto" - TLS_IMPL=openssl - { $as_echo "$as_me:${as_lineno-$LINENO}: TLS module will use OpenSSL" >&5 -$as_echo "$as_me: TLS module will use OpenSSL" >&6;} - else - if test "$TLS_IMPL" = openssl ; then - as_fn_error $? "OpenSSL not found!" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL not found!" >&5 -$as_echo "$as_me: WARNING: OpenSSL not found!" >&2;} - fi - TLS_IMPL=no - { $as_echo "$as_me:${as_lineno-$LINENO}: building without TLS support" >&5 -$as_echo "$as_me: building without TLS support" >&6;} - fi - ;; -no) - { $as_echo "$as_me:${as_lineno-$LINENO}: building without TLS support" >&5 -$as_echo "$as_me: building without TLS support" >&6;} - ;; -*) - as_fn_error $? "Unsupported TLS implementation $withval" "$LINENO" 5 - ;; -esac - -if test "$TLS_IMPL" = no; then - -$as_echo "@%:@define TLS_IMPL_NONE 1" >>confdefs.h - -fi - - - - - - -@%:@ Check whether --with-keyutils was given. -if test "${with_keyutils+set}" = set; then : - withval=$with_keyutils; -else - with_keyutils=check -fi - -if test "$with_keyutils" != no; then - have_keyutils=false - for ac_header in keyutils.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "keyutils.h" "ac_cv_header_keyutils_h" "$ac_includes_default" -if test "x$ac_cv_header_keyutils_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_KEYUTILS_H 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for add_key in -lkeyutils" >&5 -$as_echo_n "checking for add_key in -lkeyutils... " >&6; } -if ${ac_cv_lib_keyutils_add_key+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lkeyutils $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char add_key (); -int -main () -{ -return add_key (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_keyutils_add_key=yes -else - ac_cv_lib_keyutils_add_key=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_add_key" >&5 -$as_echo "$ac_cv_lib_keyutils_add_key" >&6; } -if test "x$ac_cv_lib_keyutils_add_key" = xyes; then : - have_keyutils=true -fi - -fi - -done - - if test "$have_keyutils" = true; then - -$as_echo "@%:@define USE_KEYRING_CCACHE 1" >>confdefs.h - - LIBS="-lkeyutils $LIBS" - # If libkeyutils supports persistent keyrings, use them. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for keyctl_get_persistent in -lkeyutils" >&5 -$as_echo_n "checking for keyctl_get_persistent in -lkeyutils... " >&6; } -if ${ac_cv_lib_keyutils_keyctl_get_persistent+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lkeyutils $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char keyctl_get_persistent (); -int -main () -{ -return keyctl_get_persistent (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_keyutils_keyctl_get_persistent=yes -else - ac_cv_lib_keyutils_keyctl_get_persistent=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_keyctl_get_persistent" >&5 -$as_echo "$ac_cv_lib_keyutils_keyctl_get_persistent" >&6; } -if test "x$ac_cv_lib_keyutils_keyctl_get_persistent" = xyes; then : - -$as_echo "@%:@define HAVE_PERSISTENT_KEYRING 1" >>confdefs.h - - -fi - - elif test "$with_keyutils" = yes; then - as_fn_error $? "libkeyutils not found" "$LINENO" 5 - fi -fi - -# The SPAKE preauth plugin currently supports edwards25519 natively, -# and can support three NIST groups using OpenSSL. -HAVE_SPAKE_OPENSSL=no - -@%:@ Check whether --with-spake-openssl was given. -if test "${with_spake_openssl+set}" = set; then : - withval=$with_spake_openssl; -else - withval=auto -fi - -if test "$withval" = auto -o "$withval" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EC_POINT_new in -lcrypto" >&5 -$as_echo_n "checking for EC_POINT_new in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_EC_POINT_new+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char EC_POINT_new (); -int -main () -{ -return EC_POINT_new (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_EC_POINT_new=yes -else - ac_cv_lib_crypto_EC_POINT_new=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EC_POINT_new" >&5 -$as_echo "$ac_cv_lib_crypto_EC_POINT_new" >&6; } -if test "x$ac_cv_lib_crypto_EC_POINT_new" = xyes; then : - have_crypto=true -else - have_crypto=false -fi - - if test "$have_crypto" = true; then - -$as_echo "@%:@define SPAKE_OPENSSL 1" >>confdefs.h - - SPAKE_OPENSSL_LIBS=-lcrypto - HAVE_SPAKE_OPENSSL=yes - elif test "$withval" = yes; then - as_fn_error $? "OpenSSL libcrypto not found" "$LINENO" 5 - fi -fi - - - -@%:@ Check whether --enable-aesni was given. -if test "${enable_aesni+set}" = set; then : - enableval=$enable_aesni; -else - enable_aesni=check -fi - -if test "$CRYPTO_IMPL" = builtin -a "x$enable_aesni" != xno; then - case "$host" in - i686-*) - aesni_obj=iaesx86.o - aesni_machine=x86 - ;; - x86_64-*) - aesni_obj=iaesx64.o - aesni_machine=amd64 - ;; - esac - case "$host" in - *-*-linux* | *-*-gnu* | *-*-*bsd* | *-*-solaris*) - # All Unix-like platforms need -D__linux__ for iaesx64.s to - # use the System V x86-64 calling convention. - aesni_flags="-D__linux__ -f elf -m $aesni_machine" - ;; - esac - if test "x$aesni_obj" != x && test "x$aesni_flags" != x; then - # Extract the first word of "yasm", so it can be a program name with args. -set dummy yasm; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_YASM+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$YASM"; then - ac_cv_prog_YASM="$YASM" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_YASM="yasm" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -YASM=$ac_cv_prog_YASM -if test -n "$YASM"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YASM" >&5 -$as_echo "$YASM" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - for ac_header in cpuid.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "cpuid.h" "ac_cv_header_cpuid_h" "$ac_includes_default" -if test "x$ac_cv_header_cpuid_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_CPUID_H 1 -_ACEOF - -fi - -done - - if test x"$YASM" != x -a "x$ac_cv_header_cpuid_h" = xyes; then - AESNI_OBJ=$aesni_obj - AESNI_FLAGS=$aesni_flags - -$as_echo "@%:@define AESNI 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: Building with AES-NI support" >&5 -$as_echo "$as_me: Building with AES-NI support" >&6;} - fi - fi - if test "x$enable_aesni" = xyes -a "x$AESNI_OBJ" = x; then - as_fn_error $? "AES-NI support requested but cannot be built" "$LINENO" 5 - fi -fi - - - -@%:@ Check whether --enable-kdc-lookaside-cache was given. -if test "${enable_kdc_lookaside_cache+set}" = set; then : - enableval=$enable_kdc_lookaside_cache; -else - enableval=yes -fi - -if test "$enableval" = no ; then - -$as_echo "@%:@define NOCACHE 1" >>confdefs.h - -fi -KRB5_RUN_ENV="$RUN_ENV" -KRB5_RUN_VARS="$RUN_VARS" - - - -# asan is a gcc and clang facility to instrument the code with memory -# error checking. To use it, we compile C and C++ source files with -# -fsanitize=address, and set ASAN=yes to suppress the undefined -# symbols check when building shared libraries. -@%:@ Check whether --enable-asan was given. -if test "${enable_asan+set}" = set; then : - enableval=$enable_asan; -else - enable_asan=no -fi - -if test "$enable_asan" != no; then - if test "$enable_asan" = yes; then - enable_asan=address - fi - ASAN_FLAGS="$DEFS -fsanitize=$enable_asan" - ASAN=yes - UNDEF_CHECK= -else - ASAN_FLAGS= - ASAN=no -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -$as_echo_n "checking return type of signal handlers... " >&6; } -if ${ac_cv_type_signal+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_type_signal=int -else - ac_cv_type_signal=void -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -$as_echo "$ac_cv_type_signal" >&6; } - -cat >>confdefs.h <<_ACEOF -@%:@define RETSIGTYPE $ac_cv_type_signal -_ACEOF - - - -# from old include/configure.in - - -ac_config_headers="$ac_config_headers include/autoconf.h" - -for ac_prog in flex lex -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_LEX+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$LEX"; then - ac_cv_prog_LEX="$LEX" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_LEX="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -LEX=$ac_cv_prog_LEX -if test -n "$LEX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5 -$as_echo "$LEX" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$LEX" && break -done -test -n "$LEX" || LEX=":" - -if test "x$LEX" != "x:"; then - cat >conftest.l <<_ACEOF -%% -a { ECHO; } -b { REJECT; } -c { yymore (); } -d { yyless (1); } -e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */ - yyless ((input () != 0)); } -f { unput (yytext[0]); } -. { BEGIN INITIAL; } -%% -#ifdef YYTEXT_POINTER -extern char *yytext; -#endif -int -main (void) -{ - return ! yylex () + ! yywrap (); -} -_ACEOF -{ { ac_try="$LEX conftest.l" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$LEX conftest.l") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5 -$as_echo_n "checking lex output file root... " >&6; } -if ${ac_cv_prog_lex_root+:} false; then : - $as_echo_n "(cached) " >&6 -else - -if test -f lex.yy.c; then - ac_cv_prog_lex_root=lex.yy -elif test -f lexyy.c; then - ac_cv_prog_lex_root=lexyy -else - as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5 -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 -$as_echo "$ac_cv_prog_lex_root" >&6; } -LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root - -if test -z "${LEXLIB+set}"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5 -$as_echo_n "checking lex library... " >&6; } -if ${ac_cv_lib_lex+:} false; then : - $as_echo_n "(cached) " >&6 -else - - ac_save_LIBS=$LIBS - ac_cv_lib_lex='none needed' - for ac_lib in '' -lfl -ll; do - LIBS="$ac_lib $ac_save_LIBS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -`cat $LEX_OUTPUT_ROOT.c` -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lex=$ac_lib -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - test "$ac_cv_lib_lex" != 'none needed' && break - done - LIBS=$ac_save_LIBS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5 -$as_echo "$ac_cv_lib_lex" >&6; } - test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5 -$as_echo_n "checking whether yytext is a pointer... " >&6; } -if ${ac_cv_prog_lex_yytext_pointer+:} false; then : - $as_echo_n "(cached) " >&6 -else - # POSIX says lex can declare yytext either as a pointer or an array; the -# default is implementation-dependent. Figure out which it is, since -# not all implementations provide the %pointer and %array declarations. -ac_cv_prog_lex_yytext_pointer=no -ac_save_LIBS=$LIBS -LIBS="$LEXLIB $ac_save_LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #define YYTEXT_POINTER 1 -`cat $LEX_OUTPUT_ROOT.c` -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_prog_lex_yytext_pointer=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_save_LIBS - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5 -$as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; } -if test $ac_cv_prog_lex_yytext_pointer = yes; then - -$as_echo "@%:@define YYTEXT_POINTER 1" >>confdefs.h - -fi -rm -f conftest.l $LEX_OUTPUT_ROOT.c - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - -#ifndef __cplusplus - /* Ultrix mips cc rejects this sort of thing. */ - typedef int charset[2]; - const charset cs = { 0, 0 }; - /* SunOS 4.1.1 cc rejects this. */ - char const *const *pcpcc; - char **ppc; - /* NEC SVR4.0.2 mips cc rejects this. */ - struct point {int x, y;}; - static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in - an arm of an if-expression whose if-part is not a constant - expression */ - const char *g = "string"; - pcpcc = &g + (g ? g-g : 0); - /* HPUX 7.0 cc rejects these. */ - ++pcpcc; - ppc = (char**) pcpcc; - pcpcc = (char const *const *) ppc; - { /* SCO 3.2v4 cc rejects this sort of thing. */ - char tx; - char *t = &tx; - char const *s = 0 ? (char *) 0 : (char const *) 0; - - *t++ = 0; - if (s) return 0; - } - { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; - } - { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; - } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; } bx; - struct s *b = &bx; b->j = 5; - } - { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; - if (!foo) return 0; - } - return !cs[0] && !zero.x; -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_const=yes -else - ac_cv_c_const=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } -if test $ac_cv_c_const = no; then - -$as_echo "@%:@define const /**/" >>confdefs.h - -fi - -ac_header_dirent=no -for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do - as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 -$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } -if eval \${$as_ac_Header+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include <$ac_hdr> - -int -main () -{ -if ((DIR *) 0) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_ac_Header=yes" -else - eval "$as_ac_Header=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$as_ac_Header - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 -_ACEOF - -ac_header_dirent=$ac_hdr; break -fi - -done -# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. -if test $ac_header_dirent = dirent.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char opendir (); -int -main () -{ -return opendir (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dir; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_opendir=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : - break -fi -done -if ${ac_cv_search_opendir+:} false; then : - -else - ac_cv_search_opendir=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } -ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char opendir (); -int -main () -{ -return opendir (); - ; - return 0; -} -_ACEOF -for ac_lib in '' x; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_opendir=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : - break -fi -done -if ${ac_cv_search_opendir+:} false; then : - -else - ac_cv_search_opendir=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } -ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -fi - -ac_fn_c_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default" -if test "x$ac_cv_have_decl_strerror_r" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_DECL_STRERROR_R $ac_have_decl -_ACEOF - -for ac_func in strerror_r -do : - ac_fn_c_check_func "$LINENO" "strerror_r" "ac_cv_func_strerror_r" -if test "x$ac_cv_func_strerror_r" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRERROR_R 1 -_ACEOF - -fi -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strerror_r returns char *" >&5 -$as_echo_n "checking whether strerror_r returns char *... " >&6; } -if ${ac_cv_func_strerror_r_char_p+:} false; then : - $as_echo_n "(cached) " >&6 -else - - ac_cv_func_strerror_r_char_p=no - if test $ac_cv_have_decl_strerror_r = yes; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ - - char buf[100]; - char x = *strerror_r (0, buf, sizeof buf); - char *p = strerror_r (0, buf, sizeof buf); - return !p || x; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_func_strerror_r_char_p=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - else - # strerror_r is not declared. Choose between - # systems that have relatively inaccessible declarations for the - # function. BeOS and DEC UNIX 4.0 fall in this category, but the - # former has a strerror_r that returns char*, while the latter - # has a strerror_r that returns `int'. - # This test should segfault on the DEC system. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default - extern char *strerror_r (); -int -main () -{ -char buf[100]; - char x = *strerror_r (0, buf, sizeof buf); - return ! isalpha (x); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_strerror_r_char_p=yes -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_char_p" >&5 -$as_echo "$ac_cv_func_strerror_r_char_p" >&6; } -if test $ac_cv_func_strerror_r_char_p = yes; then - -$as_echo "@%:@define STRERROR_R_CHAR_P 1" >>confdefs.h - -fi - -for ac_func in strdup setvbuf seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strptime geteuid setenv unsetenv getenv gmtime_r localtime_r bswap16 bswap64 mkstemp getusershell access getcwd srand48 srand srandom stat strchr strerror timegm explicit_bzero explicit_memset getresuid getresgid -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -ac_fn_c_check_func "$LINENO" "mkstemp" "ac_cv_func_mkstemp" -if test "x$ac_cv_func_mkstemp" = xyes; then : - MKSTEMP_ST_OBJ= -MKSTEMP_OBJ= -else - MKSTEMP_ST_OBJ='mkstemp.o' -MKSTEMP_OBJ='$(OUTPRE)mkstemp.$(OBJEXT)' -EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_mkstemp" -fi - - - - -ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday" -if test "x$ac_cv_func_gettimeofday" = xyes; then : - GETTIMEOFDAY_ST_OBJ= - GETTIMEOFDAY_OBJ= - -$as_echo "@%:@define HAVE_GETTIMEOFDAY 1" >>confdefs.h - - -else - GETTIMEOFDAY_ST_OBJ='gettimeofday.o' - GETTIMEOFDAY_OBJ='$(OUTPRE)gettimeofday.$(OBJEXT)' - EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_gettimeofday" -fi - - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys_errlist declaration" >&5 -$as_echo_n "checking for sys_errlist declaration... " >&6; } -if ${krb5_cv_decl_sys_errlist+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -int -main () -{ -1+sys_nerr; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_decl_sys_errlist=yes -else - krb5_cv_decl_sys_errlist=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_decl_sys_errlist" >&5 -$as_echo "$krb5_cv_decl_sys_errlist" >&6; } -# assume sys_nerr won't be declared w/o being in libc -if test $krb5_cv_decl_sys_errlist = yes; then - -$as_echo "@%:@define SYS_ERRLIST_DECLARED 1" >>confdefs.h - - -$as_echo "@%:@define HAVE_SYS_ERRLIST 1" >>confdefs.h - -else - # This means that sys_errlist is not declared in errno.h, but may still - # be in libc. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys_errlist in libc" >&5 -$as_echo_n "checking for sys_errlist in libc... " >&6; } -if ${krb5_cv_var_sys_errlist+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -extern int sys_nerr; -int -main () -{ -if (1+sys_nerr < 0) return 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_var_sys_errlist=yes -else - krb5_cv_var_sys_errlist=no; -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_var_sys_errlist" >&5 -$as_echo "$krb5_cv_var_sys_errlist" >&6; } - if test $krb5_cv_var_sys_errlist = yes; then - -$as_echo "@%:@define HAVE_SYS_ERRLIST 1" >>confdefs.h - - # Do this cruft for backwards compatibility for now. - -$as_echo "@%:@define NEED_SYS_ERRLIST 1" >>confdefs.h - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: sys_errlist is neither in errno.h nor in libc" >&5 -$as_echo "$as_me: WARNING: sys_errlist is neither in errno.h nor in libc" >&2;} - fi -fi -for ac_header in unistd.h paths.h regex.h regexpr.h fcntl.h memory.h ifaddrs.h sys/filio.h byteswap.h machine/endian.h machine/byte_order.h sys/bswap.h endian.h pwd.h arpa/inet.h alloca.h dlfcn.h limits.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -ac_fn_c_check_header_compile "$LINENO" "regexp.h" "ac_cv_header_regexp_h" "#define INIT char *sp = instring; -#define GETC() (*sp++) -#define PEEKC() (*sp) -#define UNGETC(c) (--sp) -#define RETURN(c) return(c) -#define ERROR(c) - -" -if test "x$ac_cv_header_regexp_h" = xyes; then : - -fi - - -ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimensec" "ac_cv_member_struct_stat_st_mtimensec" "#include -#include -" -if test "x$ac_cv_member_struct_stat_st_mtimensec" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_STAT_ST_MTIMENSEC 1 -_ACEOF - - -fi -ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimespec.tv_nsec" "ac_cv_member_struct_stat_st_mtimespec_tv_nsec" "#include -#include -" -if test "x$ac_cv_member_struct_stat_st_mtimespec_tv_nsec" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC 1 -_ACEOF - - -fi -ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim.tv_nsec" "ac_cv_member_struct_stat_st_mtim_tv_nsec" "#include -#include -" -if test "x$ac_cv_member_struct_stat_st_mtim_tv_nsec" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC 1 -_ACEOF - - -fi - - -for ac_func in re_comp re_exec regexec -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" -if test "x$ac_cv_type_off_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -@%:@define off_t long int -_ACEOF - -fi - - -# Fancy caching of perror result... -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for perror declaration" >&5 -$as_echo_n "checking for perror declaration... " >&6; } -if ${krb5_cv_decl_perror+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "perror" >/dev/null 2>&1; then : - krb5_cv_decl_perror=yes -else - krb5_cv_decl_perror=no -fi -rm -f conftest* - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_decl_perror" >&5 -$as_echo "$krb5_cv_decl_perror" >&6; } -if test $krb5_cv_decl_perror = yes; then - -$as_echo "@%:@define HDR_HAS_PERROR 1" >>confdefs.h - -fi - - -if test "x$ac_cv_func_strptime" = xyes; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if strptime needs a prototype provided" >&5 -$as_echo_n "checking if strptime needs a prototype provided... " >&6; } -if ${krb5_cv_func_strptime_noproto+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -#undef strptime -struct k5foo {int foo; } xx; -extern int strptime (struct k5foo*); -strptime(&xx); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_func_strptime_noproto=yes -else - krb5_cv_func_strptime_noproto=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_strptime_noproto" >&5 -$as_echo "$krb5_cv_func_strptime_noproto" >&6; } -if test $krb5_cv_func_strptime_noproto = yes; then - -$as_echo "@%:@define NEED_STRPTIME_PROTO 1" >>confdefs.h - -fi -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if argument to wait is int *" >&5 -$as_echo_n "checking if argument to wait is int *... " >&6; } -if ${krb5_cv_struct_wait+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -extern pid_t wait(int *); -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_struct_wait=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -union wait i; -#ifdef WEXITSTATUS - WEXITSTATUS (i); -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_struct_wait=yes -else - krb5_cv_struct_wait=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_struct_wait" >&5 -$as_echo "$krb5_cv_struct_wait" >&6; } -if test $krb5_cv_struct_wait = no; then - -$as_echo "@%:@define WAIT_USES_INT 1" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for use of sigprocmask" >&5 -$as_echo_n "checking for use of sigprocmask... " >&6; } -if ${krb5_cv_func_sigprocmask_use+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -sigprocmask(SIG_SETMASK,0,0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_func_sigprocmask_use=yes -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -sigmask(1); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_func_sigprocmask_use=no -else - krb5_cv_func_sigprocmask_use=yes -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_sigprocmask_use" >&5 -$as_echo "$krb5_cv_func_sigprocmask_use" >&6; } -if test $krb5_cv_func_sigprocmask_use = yes; then - -$as_echo "@%:@define USE_SIGPROCMASK 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 -$as_echo_n "checking for uid_t in sys/types.h... " >&6; } -if ${ac_cv_type_uid_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1; then : - ac_cv_type_uid_t=yes -else - ac_cv_type_uid_t=no -fi -rm -f conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 -$as_echo "$ac_cv_type_uid_t" >&6; } -if test $ac_cv_type_uid_t = no; then - -$as_echo "@%:@define uid_t int" >>confdefs.h - - -$as_echo "@%:@define gid_t int" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 -$as_echo_n "checking type of array argument to getgroups... " >&6; } -if ${ac_cv_type_getgroups+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_type_getgroups=cross -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Thanks to Mike Rendell for this test. */ -$ac_includes_default -#define NGID 256 -#undef MAX -#define MAX(x, y) ((x) > (y) ? (x) : (y)) - -int -main () -{ - gid_t gidset[NGID]; - int i, n; - union { gid_t gval; long int lval; } val; - - val.lval = -1; - for (i = 0; i < NGID; i++) - gidset[i] = val.gval; - n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, - gidset); - /* Exit non-zero if getgroups seems to require an array of ints. This - happens when gid_t is short int but getgroups modifies an array - of ints. */ - return n > 0 && gidset[n] != val.gval; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_type_getgroups=gid_t -else - ac_cv_type_getgroups=int -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -if test $ac_cv_type_getgroups = cross; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : - ac_cv_type_getgroups=gid_t -else - ac_cv_type_getgroups=int -fi -rm -f conftest* - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 -$as_echo "$ac_cv_type_getgroups" >&6; } - -cat >>confdefs.h <<_ACEOF -@%:@define GETGROUPS_T $ac_cv_type_getgroups -_ACEOF - - - -ac_fn_c_check_func "$LINENO" "sigsetjmp" "ac_cv_func_sigsetjmp" -if test "x$ac_cv_func_sigsetjmp" = xyes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sigjmp_buf" >&5 -$as_echo_n "checking for sigjmp_buf... " >&6; } -if ${krb5_cv_struct_sigjmp_buf+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -sigjmp_buf x - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_struct_sigjmp_buf=yes -else - krb5_cv_struct_sigjmp_buf=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_struct_sigjmp_buf" >&5 -$as_echo "$krb5_cv_struct_sigjmp_buf" >&6; } -if test $krb5_cv_struct_sigjmp_buf = yes; then - -$as_echo "@%:@define POSIX_SETJMP 1" >>confdefs.h - -fi - -fi - - -# *rpcent return types needed for lib/rpc - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of setrpcent" >&5 -$as_echo_n "checking return type of setrpcent... " >&6; } -if ${k5_cv_type_setrpcent+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#ifdef __cplusplus -extern "C" -#endif -extern void setrpcent(); -int -main () -{ -int i; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - k5_cv_type_setrpcent=void -else - k5_cv_type_setrpcent=int -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_setrpcent" >&5 -$as_echo "$k5_cv_type_setrpcent" >&6; } - -cat >>confdefs.h <<_ACEOF -@%:@define SETRPCENT_TYPE $k5_cv_type_setrpcent -_ACEOF - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of endrpcent" >&5 -$as_echo_n "checking return type of endrpcent... " >&6; } -if ${k5_cv_type_endrpcent+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#ifdef __cplusplus -extern "C" -#endif -extern void endrpcent(); -int -main () -{ -int i; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - k5_cv_type_endrpcent=void -else - k5_cv_type_endrpcent=int -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_endrpcent" >&5 -$as_echo "$k5_cv_type_endrpcent" >&6; } - -cat >>confdefs.h <<_ACEOF -@%:@define ENDRPCENT_TYPE $k5_cv_type_endrpcent -_ACEOF - - - -# bswap_16 is a macro in byteswap.h under GNU libc -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bswap_16" >&5 -$as_echo_n "checking for bswap_16... " >&6; } -if ${krb5_cv_bswap_16+:} false; then : - $as_echo_n "(cached) " >&6 -else - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if HAVE_BYTESWAP_H -#include -#endif -int -main () -{ -bswap_16(37); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_bswap_16=yes -else - krb5_cv_bswap_16=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_bswap_16" >&5 -$as_echo "$krb5_cv_bswap_16" >&6; } -if test "$krb5_cv_bswap_16" = yes; then - -$as_echo "@%:@define HAVE_BSWAP_16 1" >>confdefs.h - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bswap_64" >&5 -$as_echo_n "checking for bswap_64... " >&6; } -if ${krb5_cv_bswap_64+:} false; then : - $as_echo_n "(cached) " >&6 -else - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if HAVE_BYTESWAP_H -#include -#endif -int -main () -{ -bswap_64(37); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_bswap_64=yes -else - krb5_cv_bswap_64=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_bswap_64" >&5 -$as_echo "$krb5_cv_bswap_64" >&6; } -if test "$krb5_cv_bswap_64" = yes; then - -$as_echo "@%:@define HAVE_BSWAP_64 1" >>confdefs.h - -fi - -# Needed for ksu and some appl stuff. - -case $krb5_cv_host in -alpha*-dec-osf*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setluid in -lsecurity" >&5 -$as_echo_n "checking for setluid in -lsecurity... " >&6; } -if ${ac_cv_lib_security_setluid+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsecurity $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setluid (); -int -main () -{ -return setluid (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_security_setluid=yes -else - ac_cv_lib_security_setluid=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_security_setluid" >&5 -$as_echo "$ac_cv_lib_security_setluid" >&6; } -if test "x$ac_cv_lib_security_setluid" = xyes; then : - -$as_echo "@%:@define HAVE_SETLUID 1" >>confdefs.h - - KSU_LIBS="-lsecurity" - -fi - - ;; -esac - - -if test $ac_cv_func_setenv = no || test $ac_cv_func_unsetenv = no \ - || test $ac_cv_func_getenv = no; then - SETENVOBJ=setenv.o -else - SETENVOBJ= -fi - - -# Check what the return types for gethostbyname_r and getservbyname_r are. - -ac_fn_c_check_func "$LINENO" "gethostbyname_r" "ac_cv_func_gethostbyname_r" -if test "x$ac_cv_func_gethostbyname_r" = xyes; then : - -ac_cv_func_gethostbyname_r=yes -if test "$ac_cv_func_gethostbyname_r" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyname_r returns an int" >&5 -$as_echo_n "checking if gethostbyname_r returns an int... " >&6; } - if ${krb5_cv_gethostbyname_r_returns_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern int gethostbyname_r (); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_gethostbyname_r_returns_int=yes -else - krb5_cv_gethostbyname_r_returns_int=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_gethostbyname_r_returns_int" >&5 -$as_echo "$krb5_cv_gethostbyname_r_returns_int" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gethostbyname_r returns a pointer" >&5 -$as_echo_n "checking if gethostbyname_r returns a pointer... " >&6; } - if ${krb5_cv_gethostbyname_r_returns_ptr+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern struct hostent *gethostbyname_r (); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_gethostbyname_r_returns_ptr=yes -else - krb5_cv_gethostbyname_r_returns_ptr=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_gethostbyname_r_returns_ptr" >&5 -$as_echo "$krb5_cv_gethostbyname_r_returns_ptr" >&6; } - - if test "$krb5_cv_gethostbyname_r_returns_int" = "$krb5_cv_gethostbyname_r_returns_ptr"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine return type of gethostbyname_r -- disabling" >&5 -$as_echo "$as_me: WARNING: cannot determine return type of gethostbyname_r -- disabling" >&2;} - ac_cv_func_gethostbyname_r=no - fi - if test "$krb5_cv_gethostbyname_r_returns_int" = yes; then - -$as_echo "@%:@define GETHOSTBYNAME_R_RETURNS_INT 1" >>confdefs.h - - fi -fi -if test "$ac_cv_func_gethostbyname_r" = yes; then - -$as_echo "@%:@define HAVE_GETHOSTBYNAME_R 1" >>confdefs.h - - ac_fn_c_check_func "$LINENO" "gethostbyaddr_r" "ac_cv_func_gethostbyaddr_r" -if test "x$ac_cv_func_gethostbyaddr_r" = xyes; then : - -fi - -fi - -fi - - - -# PTHREAD_CFLAGS changes which variant of these functions is declared -# on Solaris 11, so use it for these tests. -old_CFLAGS=$CFLAGS -CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -ac_fn_c_check_func "$LINENO" "getpwnam_r" "ac_cv_func_getpwnam_r" -if test "x$ac_cv_func_getpwnam_r" = xyes; then : - ac_cv_func_getpwnam_r=yes -else - ac_cv_func_getpwnam_r=no -fi - -ac_fn_c_check_func "$LINENO" "getpwuid_r" "ac_cv_func_getpwuid_r" -if test "x$ac_cv_func_getpwuid_r" = xyes; then : - ac_cv_func_getpwuid_r=yes -else - ac_cv_func_getpwuid_r=no -fi - -if test "$ac_cv_func_getpwnam_r" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of getpwnam_r" >&5 -$as_echo_n "checking return type of getpwnam_r... " >&6; } - if ${krb5_cv_getpwnam_r_return_type+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern int getpwnam_r(); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - getpwnam_r_returns_int=yes -else - getpwnam_r_returns_int=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern struct passwd *getpwnam_r(); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - getpwnam_r_returns_ptr=yes -else - getpwnam_r_returns_ptr=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - case "$getpwnam_r_returns_int/$getpwnam_r_returns_ptr" in - yes/no) krb5_cv_getpwnam_r_return_type=int ;; - no/yes) krb5_cv_getpwnam_r_return_type=ptr ;; - *) krb5_cv_getpwnam_r_return_type=unknown ;; - esac -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getpwnam_r_return_type" >&5 -$as_echo "$krb5_cv_getpwnam_r_return_type" >&6; } - if test $krb5_cv_getpwnam_r_return_type = int; then - -$as_echo "@%:@define GETPWNAM_R_RETURNS_INT 1" >>confdefs.h - - elif test $krb5_cv_getpwnam_r_return_type = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine getpwnam_r return type, disabling getpwnam_r" >&5 -$as_echo "$as_me: WARNING: Cannot determine getpwnam_r return type, disabling getpwnam_r" >&2;} - ac_cv_func_getpwnam_r=no - fi -fi -if test "$ac_cv_func_getpwnam_r" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking number of arguments to getpwnam_r" >&5 -$as_echo_n "checking number of arguments to getpwnam_r... " >&6; } - if ${krb5_cv_getpwnam_r_args+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - struct passwd pwx; char buf[1024]; -int -main () -{ -getpwnam_r("", &pwx, buf, sizeof(buf)); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - args4=yes -else - args4=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - struct passwd pwx, *p; char buf[1024]; -int -main () -{ -getpwnam_r("", &pwx, buf, sizeof(buf), &p); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - args5=yes -else - args5=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - case $args4/$args5 in - yes/no) krb5_cv_getpwnam_r_args=4 ;; - no/yes) krb5_cv_getpwnam_r_args=5 ;; - *) krb5_cv_getpwnam_r_args=unknown ;; - esac -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getpwnam_r_args" >&5 -$as_echo "$krb5_cv_getpwnam_r_args" >&6; } - if test "$krb5_cv_getpwnam_r_args" = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine number of arguments to getpwnam_r, disabling its use." >&5 -$as_echo "$as_me: WARNING: Cannot determine number of arguments to getpwnam_r, disabling its use." >&2;} - ac_cv_func_getpwnam_r=no - else - -$as_echo "@%:@define HAVE_GETPWNAM_R 1" >>confdefs.h - - if test "$krb5_cv_getpwnam_r_args" = 4; then - -$as_echo "@%:@define GETPWNAM_R_4_ARGS 1" >>confdefs.h - - fi - fi -fi -CFLAGS=$old_CFLAGS - -if test "$ac_cv_func_getpwnam_r" = no && test "$ac_cv_func_getpwuid_r" = yes; then - # Actually, we could do this check, and the corresponding checks - # for return type and number of arguments, but I doubt we'll run - # into a system where we'd get to use getpwuid_r but not getpwnam_r. - { $as_echo "$as_me:${as_lineno-$LINENO}: getpwnam_r not useful, so disabling getpwuid_r too" >&5 -$as_echo "$as_me: getpwnam_r not useful, so disabling getpwuid_r too" >&6;} - ac_cv_func_getpwuid_r=no -fi -if test "$ac_cv_func_getpwuid_r" = yes; then - -$as_echo "@%:@define HAVE_GETPWUID_R 1" >>confdefs.h - - # Hack: Assume getpwuid_r is the shorter form if getpwnam_r is. - if test "$krb5_cv_getpwnam_r_args" = 4; then - -$as_echo "@%:@define GETPWUID_R_4_ARGS 1" >>confdefs.h - - fi -fi - -if test "$ac_cv_func_gmtime_r" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether gmtime_r returns int" >&5 -$as_echo_n "checking whether gmtime_r returns int... " >&6; } - if ${krb5_cv_gmtime_r_returns_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern int gmtime_r (); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - return_int=yes -else - return_int=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern struct tm *gmtime_r (); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - return_ptr=yes -else - return_ptr=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - case $return_int/$return_ptr in - yes/no) krb5_cv_gmtime_r_returns_int=yes ;; - no/yes) krb5_cv_gmtime_r_returns_int=no ;; - *) # Can't figure it out, punt the function. - ac_cv_func_gmtime_r=no ;; - esac -fi - - if test "$ac_cv_func_gmtime_r" = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown -- ignoring gmtime_r" >&5 -$as_echo "unknown -- ignoring gmtime_r" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_gmtime_r_returns_int" >&5 -$as_echo "$krb5_cv_gmtime_r_returns_int" >&6; } - if test "$krb5_cv_gmtime_r_returns_int" = yes; then - -$as_echo "@%:@define GMTIME_R_RETURNS_INT 1" >>confdefs.h - - fi - fi -fi - -ac_fn_c_check_func "$LINENO" "getservbyname_r" "ac_cv_func_getservbyname_r" -if test "x$ac_cv_func_getservbyname_r" = xyes; then : - -ac_cv_func_getservbyname_r=yes -if test "$ac_cv_func_getservbyname_r" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getservbyname_r returns an int" >&5 -$as_echo_n "checking if getservbyname_r returns an int... " >&6; } - if ${krb5_cv_getservbyname_r_returns_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern int getservbyname_r (); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_getservbyname_r_returns_int=yes -else - krb5_cv_getservbyname_r_returns_int=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getservbyname_r_returns_int" >&5 -$as_echo "$krb5_cv_getservbyname_r_returns_int" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getservbyname_r returns a pointer" >&5 -$as_echo_n "checking if getservbyname_r returns a pointer... " >&6; } - if ${krb5_cv_getservbyname_r_returns_ptr+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - extern struct servent *getservbyname_r (); -int -main () -{ -1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_getservbyname_r_returns_ptr=yes -else - krb5_cv_getservbyname_r_returns_ptr=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getservbyname_r_returns_ptr" >&5 -$as_echo "$krb5_cv_getservbyname_r_returns_ptr" >&6; } - - if test "$krb5_cv_getservbyname_r_returns_int" = "$krb5_cv_getservbyname_r_returns_ptr"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine return type of getservbyname_r -- disabling" >&5 -$as_echo "$as_me: WARNING: cannot determine return type of getservbyname_r -- disabling" >&2;} - ac_cv_func_getservbyname_r=no - fi - if test "$krb5_cv_getservbyname_r_returns_int" = yes; then - -$as_echo "@%:@define GETSERVBYNAME_R_RETURNS_INT 1" >>confdefs.h - - fi -fi -if test "$ac_cv_func_getservbyname_r" = yes; then - -$as_echo "@%:@define HAVE_GETSERVBYNAME_R 1" >>confdefs.h - - ac_fn_c_check_func "$LINENO" "getservbyport_r" "ac_cv_func_getservbyport_r" -if test "x$ac_cv_func_getservbyport_r" = xyes; then : - -fi - -fi - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for yylineno declaration" >&5 -$as_echo_n "checking for yylineno declaration... " >&6; } -if ${krb5_cv_type_yylineno+:} false; then : - $as_echo_n "(cached) " >&6 -else - # some systems have yylineno, others don't... - echo '%% -%%' | ${LEX} -t > conftest.out - if egrep yylineno conftest.out >/dev/null 2>&1; then - krb5_cv_type_yylineno=yes - else - krb5_cv_type_yylineno=no - fi - rm -f conftest.out -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_type_yylineno" >&5 -$as_echo "$krb5_cv_type_yylineno" >&6; } - if test $krb5_cv_type_yylineno = no; then - -$as_echo "@%:@define NO_YYLINENO 1" >>confdefs.h - - fi - - -ac_fn_c_check_header_mongrel "$LINENO" "dirent.h" "ac_cv_header_dirent_h" "$ac_includes_default" -if test "x$ac_cv_header_dirent_h" = xyes; then : - -$as_echo "@%:@define USE_DIRENT_H 1" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 -$as_echo_n "checking for uid_t in sys/types.h... " >&6; } -if ${ac_cv_type_uid_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1; then : - ac_cv_type_uid_t=yes -else - ac_cv_type_uid_t=no -fi -rm -f conftest* - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 -$as_echo "$ac_cv_type_uid_t" >&6; } -if test $ac_cv_type_uid_t = no; then - -$as_echo "@%:@define uid_t int" >>confdefs.h - - -$as_echo "@%:@define gid_t int" >>confdefs.h - -fi - - -ac_fn_c_check_header_mongrel "$LINENO" "termios.h" "ac_cv_header_termios_h" "$ac_includes_default" -if test "x$ac_cv_header_termios_h" = xyes; then : - ac_fn_c_check_func "$LINENO" "tcsetattr" "ac_cv_func_tcsetattr" -if test "x$ac_cv_func_tcsetattr" = xyes; then : - -$as_echo "@%:@define POSIX_TERMIOS 1" >>confdefs.h - -fi - -fi - - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking POSIX signal handlers" >&5 -$as_echo_n "checking POSIX signal handlers... " >&6; } -if ${krb5_cv_has_posix_signals+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#ifdef signal -#undef signal -#endif -extern void (*signal ()) (); -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_has_posix_signals=yes -else - krb5_cv_has_posix_signals=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_posix_signals" >&5 -$as_echo "$krb5_cv_has_posix_signals" >&6; } -if test $krb5_cv_has_posix_signals = yes; then - stype=void - -$as_echo "@%:@define POSIX_SIGTYPE 1" >>confdefs.h - -else - if test $ac_cv_type_signal = void; then - stype=void - else - stype=int - fi -fi - -cat >>confdefs.h <<_ACEOF -@%:@define krb5_sigtype $stype -_ACEOF - -for ac_header in poll.h stdlib.h string.h stddef.h sys/types.h sys/file.h sys/param.h sys/stat.h sys/time.h netinet/in.h sys/uio.h sys/filio.h sys/select.h time.h paths.h errno.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# If compiling with IPv6 support, test if in6addr_any functions. -# Irix 6.5.16 defines it, but lacks support in the C library. -if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes ; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for in6addr_any definition in library" >&5 -$as_echo_n "checking for in6addr_any definition in library... " >&6; } -if ${krb5_cv_var_in6addr_any+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include -#include -#include - -int -main () -{ - - struct sockaddr_in6 in; - in.sin6_addr = in6addr_any; - printf("%x", &in); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - krb5_cv_var_in6addr_any=yes -else - krb5_cv_var_in6addr_any=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_var_in6addr_any" >&5 -$as_echo "$krb5_cv_var_in6addr_any" >&6; } - if test $krb5_cv_var_in6addr_any = no; then - -$as_echo "@%:@define NEED_INSIXADDR_ANY 1" >>confdefs.h - - fi -fi - -# then from osconf.h, we have - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 -$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } -if ${ac_cv_header_time+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include - -int -main () -{ -if ((struct tm *) 0) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_time=yes -else - ac_cv_header_time=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 -$as_echo "$ac_cv_header_time" >&6; } -if test $ac_cv_header_time = yes; then - -$as_echo "@%:@define TIME_WITH_SYS_TIME 1" >>confdefs.h - -fi - -ac_fn_c_check_type "$LINENO" "time_t" "ac_cv_type_time_t" "$ac_includes_default" -if test "x$ac_cv_type_time_t" = xyes; then : - -else - -cat >>confdefs.h <<_ACEOF -@%:@define time_t long -_ACEOF - -fi - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 -$as_echo_n "checking size of time_t... " >&6; } -if ${ac_cv_sizeof_time_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_time_t" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (time_t) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_time_t=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 -$as_echo "$ac_cv_sizeof_time_t" >&6; } - - - -cat >>confdefs.h <<_ACEOF -@%:@define SIZEOF_TIME_T $ac_cv_sizeof_time_t -_ACEOF - - -SIZEOF_TIME_T=$ac_cv_sizeof_time_t - - -# Determine where to put the replay cache. - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for replay cache directory" >&5 -$as_echo_n "checking for replay cache directory... " >&6; } -if ${krb5_cv_sys_rcdir+:} false; then : - $as_echo_n "(cached) " >&6 -else - -if test $cross_compiling = yes; then - krb5_cv_sys_rcdir=/var/tmp -else - for t_dir in /var/tmp /usr/tmp /var/usr/tmp /tmp ; do - test -d $t_dir || continue - krb5_cv_sys_rcdir=$t_dir - break - done -fi -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_sys_rcdir" >&5 -$as_echo "$krb5_cv_sys_rcdir" >&6; } -KRB5_RCTMPDIR=$krb5_cv_sys_rcdir - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 -$as_echo_n "checking for socklen_t... " >&6; } -if ${krb5_cv_has_type_socklen_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -sizeof (socklen_t); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_has_type_socklen_t=yes -else - krb5_cv_has_type_socklen_t=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_type_socklen_t" >&5 -$as_echo "$krb5_cv_has_type_socklen_t" >&6; } -if test $krb5_cv_has_type_socklen_t = yes; then - -$as_echo "@%:@define HAVE_SOCKLEN_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct lifconf" >&5 -$as_echo_n "checking for struct lifconf... " >&6; } -if ${krb5_cv_has_struct_lifconf+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -sizeof (struct lifconf); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_has_struct_lifconf=yes -else - krb5_cv_has_struct_lifconf=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_struct_lifconf" >&5 -$as_echo "$krb5_cv_has_struct_lifconf" >&6; } -if test $krb5_cv_has_struct_lifconf = yes; then - -$as_echo "@%:@define HAVE_STRUCT_LIFCONF 1" >>confdefs.h - -fi -# HP-UX 11 uses stuct if_laddrconf -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct if_laddrconf" >&5 -$as_echo_n "checking for struct if_laddrconf... " >&6; } -if ${krb5_cv_has_struct_if_laddrconf+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include - -int -main () -{ -sizeof (struct if_laddrconf); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_has_struct_if_laddrconf=yes -else - krb5_cv_has_struct_if_laddrconf=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_struct_if_laddrconf" >&5 -$as_echo "$krb5_cv_has_struct_if_laddrconf" >&6; } -if test $krb5_cv_has_struct_if_laddrconf = yes; then - -$as_echo "@%:@define HAVE_STRUCT_IF_LADDRCONF 1" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for h_errno in netdb.h" >&5 -$as_echo_n "checking for h_errno in netdb.h... " >&6; } -if ${krb5_cv_header_netdb_h_h_errno+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int x = h_errno; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_header_netdb_h_h_errno=yes -else - krb5_cv_header_netdb_h_h_errno=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_header_netdb_h_h_errno" >&5 -$as_echo "$krb5_cv_header_netdb_h_h_errno" >&6; } -if test $krb5_cv_header_netdb_h_h_errno = yes; then - -$as_echo "@%:@define HAVE_NETDB_H_H_ERRNO 1" >>confdefs.h - -fi - - -@%:@ Check whether --enable-athena was given. -if test "${enable_athena+set}" = set; then : - enableval=$enable_athena; -$as_echo "@%:@define KRB5_ATHENA_COMPAT 1" >>confdefs.h - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 -$as_echo_n "checking for inline... " >&6; } -if ${ac_cv_c_inline+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_inline=no -for ac_kw in inline __inline__ __inline; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifndef __cplusplus -typedef int foo_t; -static $ac_kw foo_t static_foo () {return 0; } -$ac_kw foo_t foo () {return 0; } -#endif - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_inline=$ac_kw -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - test "$ac_cv_c_inline" != no && break -done - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 -$as_echo "$ac_cv_c_inline" >&6; } - -case $ac_cv_c_inline in - inline | yes) ;; - *) - case $ac_cv_c_inline in - no) ac_val=;; - *) ac_val=$ac_cv_c_inline;; - esac - cat >>confdefs.h <<_ACEOF -#ifndef __cplusplus -#define inline $ac_val -#endif -_ACEOF - ;; -esac - - - - -ac_fn_c_check_type "$LINENO" "struct cmsghdr" "ac_cv_type_struct_cmsghdr" " -#include -#include -#include - -" -if test "x$ac_cv_type_struct_cmsghdr" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_CMSGHDR 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "struct in_pktinfo" "ac_cv_type_struct_in_pktinfo" " -#include -#include -#include - -" -if test "x$ac_cv_type_struct_in_pktinfo" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_IN_PKTINFO 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "struct in6_pktinfo" "ac_cv_type_struct_in6_pktinfo" " -#include -#include -#include - -" -if test "x$ac_cv_type_struct_in6_pktinfo" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_IN6_PKTINFO 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " -#include -#include -#include - -" -if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_SOCKADDR_STORAGE 1 -_ACEOF - - -fi - -ac_fn_c_check_type "$LINENO" "struct rt_msghdr" "ac_cv_type_struct_rt_msghdr" " -#include -#include -#include - -" -if test "x$ac_cv_type_struct_rt_msghdr" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_STRUCT_RT_MSGHDR 1 -_ACEOF - - -fi - - -# Tests for 64-bit edwards25519 code. -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 -$as_echo_n "checking size of size_t... " >&6; } -if ${ac_cv_sizeof_size_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_size_t" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (size_t) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_size_t=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 -$as_echo "$ac_cv_sizeof_size_t" >&6; } - - - -cat >>confdefs.h <<_ACEOF -@%:@define SIZEOF_SIZE_T $ac_cv_sizeof_size_t -_ACEOF - - -ac_fn_c_check_type "$LINENO" "__int128_t" "ac_cv_type___int128_t" "$ac_includes_default" -if test "x$ac_cv_type___int128_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE___INT128_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "__uint128_t" "ac_cv_type___uint128_t" "$ac_includes_default" -if test "x$ac_cv_type___uint128_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE___UINT128_T 1 -_ACEOF - - -fi - - -# stuff for util/profile - -# AC_KRB5_TCL already done -DO_TCL= -test "$TCL_LIBS" != "" && DO_TCL=ok - - -# types libdb2 wants - -ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" -if test "x$ac_cv_type_ssize_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_SSIZE_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "u_char" "ac_cv_type_u_char" "$ac_includes_default" -if test "x$ac_cv_type_u_char" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_U_CHAR 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "u_int" "ac_cv_type_u_int" "$ac_includes_default" -if test "x$ac_cv_type_u_int" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_U_INT 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "u_long" "ac_cv_type_u_long" "$ac_includes_default" -if test "x$ac_cv_type_u_long" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_U_LONG 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "u_int8_t" "ac_cv_type_u_int8_t" "$ac_includes_default" -if test "x$ac_cv_type_u_int8_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_U_INT8_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "u_int16_t" "ac_cv_type_u_int16_t" "$ac_includes_default" -if test "x$ac_cv_type_u_int16_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_U_INT16_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "u_int32_t" "ac_cv_type_u_int32_t" "$ac_includes_default" -if test "x$ac_cv_type_u_int32_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_U_INT32_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" -if test "x$ac_cv_type_int8_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_INT8_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default" -if test "x$ac_cv_type_int16_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_INT16_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" -if test "x$ac_cv_type_int32_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -@%:@define HAVE_INT32_T 1 -_ACEOF - - -fi - - -# Some libdb2 test programs want a shell that supports functions. -FCTSH=false -# Extract the first word of "sh", so it can be a program name with args. -set dummy sh; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_SH+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_SH="$SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_SH" && ac_cv_path_SH="false" - ;; -esac -fi -SH=$ac_cv_path_SH -if test -n "$SH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 -$as_echo "$SH" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "sh5", so it can be a program name with args. -set dummy sh5; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_SH5+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $SH5 in - [\\/]* | ?:[\\/]*) - ac_cv_path_SH5="$SH5" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_SH5="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_SH5" && ac_cv_path_SH5="false" - ;; -esac -fi -SH5=$ac_cv_path_SH5 -if test -n "$SH5"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH5" >&5 -$as_echo "$SH5" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "bash", so it can be a program name with args. -set dummy bash; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_BASH+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $BASH in - [\\/]* | ?:[\\/]*) - ac_cv_path_BASH="$BASH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_BASH="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_BASH" && ac_cv_path_BASH="false" - ;; -esac -fi -BASH=$ac_cv_path_BASH -if test -n "$BASH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BASH" >&5 -$as_echo "$BASH" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -for prog in $SH $SH5 $BASH; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $prog supports functions" >&5 -$as_echo_n "checking if $prog supports functions... " >&6; } - if $prog -c 'foo() { true; }; foo' >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - FCTSH=$prog - break - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi -done - - -# Test for POSIX 2001 *printf support (X/Open System Interfaces extension -# to ANSI/ISO C 1999 specification). Specifically, positional -# specifications; not checking for other features like %zx at present. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for POSIX printf positional specification support" >&5 -$as_echo_n "checking for POSIX printf positional specification support... " >&6; } -if ${ac_cv_printf_positional+:} false; then : - $as_echo_n "(cached) " >&6 -else - -if test "$cross_compiling" = yes; then : - as_fn_error $? "Cannot test for printf positional argument support when cross compiling" "$LINENO" 5 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -const char expected[] = "200 100"; -int main () { - char buf[30]; - sprintf(buf, "%2\$x %1\$d", 100, 512); - if (strcmp(expected, buf)) { - fprintf(stderr,"bad result: <%s> wanted: <%s>\n", buf, expected); - return 1; - } - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_printf_positional=yes -else - ac_cv_printf_positional=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -# Nothing for autoconf.h for now. -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_printf_positional" >&5 -$as_echo "$ac_cv_printf_positional" >&6; } - - -# for t_locate_kdc test - -# Extract the first word of "dig", so it can be a program name with args. -set dummy dig; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_DIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $DIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_DIG="$DIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_DIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_DIG" && ac_cv_path_DIG="false" - ;; -esac -fi -DIG=$ac_cv_path_DIG -if test -n "$DIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DIG" >&5 -$as_echo "$DIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "nslookup", so it can be a program name with args. -set dummy nslookup; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_NSLOOKUP+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $NSLOOKUP in - [\\/]* | ?:[\\/]*) - ac_cv_path_NSLOOKUP="$NSLOOKUP" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_NSLOOKUP="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_NSLOOKUP" && ac_cv_path_NSLOOKUP="false" - ;; -esac -fi -NSLOOKUP=$ac_cv_path_NSLOOKUP -if test -n "$NSLOOKUP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NSLOOKUP" >&5 -$as_echo "$NSLOOKUP" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - -# for kadmin - -for ac_prog in 'bison -y' byacc -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_YACC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$YACC"; then - ac_cv_prog_YACC="$YACC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_YACC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -YACC=$ac_cv_prog_YACC -if test -n "$YACC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 -$as_echo "$YACC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$YACC" && break -done -test -n "$YACC" || YACC="yacc" - -ath_compat= -@%:@ Check whether --enable-athena was given. -if test "${enable_athena+set}" = set; then : - enableval=$enable_athena; ath_compat=compat -fi - -# The following are tests for the presence of programs required for -# kadmin testing. -# Extract the first word of "runtest", so it can be a program name with args. -set dummy runtest; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_have_RUNTEST+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$have_RUNTEST"; then - ac_cv_prog_have_RUNTEST="$have_RUNTEST" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_have_RUNTEST="runtest" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -have_RUNTEST=$ac_cv_prog_have_RUNTEST -if test -n "$have_RUNTEST"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_RUNTEST" >&5 -$as_echo "$have_RUNTEST" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "perl", so it can be a program name with args. -set dummy perl; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_have_PERL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$have_PERL"; then - ac_cv_prog_have_PERL="$have_PERL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_have_PERL="perl" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -have_PERL=$ac_cv_prog_have_PERL -if test -n "$have_PERL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_PERL" >&5 -$as_echo "$have_PERL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then - DO_TEST=ok -fi - - -# The following are substituted into kadmin/testing/scripts/env-setup.sh -RBUILD=`pwd` - -case "$srcdir" in -/*) S_TOP=$srcdir ;; -*) S_TOP=`pwd`/$srcdir ;; -esac - -# Extract the first word of "expect", so it can be a program name with args. -set dummy expect; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_EXPECT+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $EXPECT in - [\\/]* | ?:[\\/]*) - ac_cv_path_EXPECT="$EXPECT" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_EXPECT="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -EXPECT=$ac_cv_path_EXPECT -if test -n "$EXPECT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EXPECT" >&5 -$as_echo "$EXPECT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# For kadmin/testing/util/Makefile.in -if test "$TCL_LIBS" != "" ; then - DO_ALL=tcl -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use priocntl hack" >&5 -$as_echo_n "checking whether to use priocntl hack... " >&6; } -if ${krb5_cv_priocntl_hack+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $krb5_cv_host in -*-*-solaris2.9*) - if test "$cross_compiling" = yes; then - krb5_cv_priocntl_hack=yes - else - # Solaris patch 117171-11 (sparc) or 117172-11 (x86) - # fixes the Solaris 9 bug where final pty output - # gets lost on close. - if showrev -p | $AWK 'BEGIN { e = 1 } -/Patch: 11717[12]/ { x = index($2, "-"); -if (substr($2, x + 1, length($2) - x) >= 11) -{ e = 0 } else { e = 1 } } -END { exit e; }'; then - krb5_cv_priocntl_hack=no - else - krb5_cv_priocntl_hack=yes - fi - fi - ;; -*) - krb5_cv_priocntl_hack=no - ;; -esac -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_priocntl_hack" >&5 -$as_echo "$krb5_cv_priocntl_hack" >&6; } -if test "$krb5_cv_priocntl_hack" = yes; then - PRIOCNTL_HACK=1 -else - PRIOCNTL_HACK=0 -fi - -ac_config_files="$ac_config_files kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin" - -# for lib/kadm5 -# Extract the first word of "runtest", so it can be a program name with args. -set dummy runtest; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RUNTEST+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$RUNTEST"; then - ac_cv_prog_RUNTEST="$RUNTEST" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_RUNTEST="runtest" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -RUNTEST=$ac_cv_prog_RUNTEST -if test -n "$RUNTEST"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUNTEST" >&5 -$as_echo "$RUNTEST" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "perl", so it can be a program name with args. -set dummy perl; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PERL+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$PERL"; then - ac_cv_prog_PERL="$PERL" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_PERL="perl" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -PERL=$ac_cv_prog_PERL -if test -n "$PERL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 -$as_echo "$PERL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - -# lib/gssapi -ac_fn_c_check_header_mongrel "$LINENO" "xom.h" "ac_cv_header_xom_h" "$ac_includes_default" -if test "x$ac_cv_header_xom_h" = xyes; then : - - include_xom='awk '\''END{printf("%cinclude \n", 35);}'\'' < /dev/null' -else - - include_xom='echo "/* no xom.h */"' -fi - - - - - -# lib/rpc -### Check where struct rpcent is declared. - -# This is necessary to determine: -# 1. If /usr/include/netdb.h declares struct rpcent -# 2. If /usr/include/rpc/netdb.h declares struct rpcent - -# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes -# rpc/netdb.h, then nastiness could happen. - -# Logic: If /usr/include/netdb.h declares struct rpcent, then check -# rpc/netdb.h. If /usr/include/rpc/netdb.h declares struct rpcent, -# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not. If -# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define -# STRUCT_RPCENT_IN_RPC_NETDB_H anyway. - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking where struct rpcent is declared" >&5 -$as_echo_n "checking where struct rpcent is declared... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -struct rpcent e; -char c = e.r_name[0]; -int i = e.r_number; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -struct rpcent e; -char c = e.r_name[0]; -int i = e.r_number; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: rpc/netdb.h" >&5 -$as_echo "rpc/netdb.h" >&6; } -rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H' -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: netdb.h" >&5 -$as_echo "netdb.h" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: nowhere" >&5 -$as_echo "nowhere" >&6; } -rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H' -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - -for ac_header in sys/select.h sys/time.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -if test $ac_cv_header_sys_select_h = yes; then - GSSRPC__SYS_SELECT_H='#include ' -else - GSSRPC__SYS_SELECT_H='/* #include */' -fi - -if test $ac_cv_header_sys_time_h = yes; then - GSSRPC__SYS_TIME_H='#include ' -else - GSSRPC__SYS_TIME_H='/* #include */' -fi - -if test $ac_cv_header_unistd_h = yes; then - GSSRPC__UNISTD_H='#include ' -else - GSSRPC__UNISTD_H='/* #include */' -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MAXHOSTNAMELEN in sys/param.h" >&5 -$as_echo_n "checking for MAXHOSTNAMELEN in sys/param.h... " >&6; } -if ${krb5_cv_header_sys_param_h_maxhostnamelen+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int i = MAXHOSTNAMELEN; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_header_sys_param_h_maxhostnamelen=yes -else - krb5_cv_header_sys_param_h_maxhostnamelen=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_header_sys_param_h_maxhostnamelen" >&5 -$as_echo "$krb5_cv_header_sys_param_h_maxhostnamelen" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MAXHOSTNAMELEN in netdb.h" >&5 -$as_echo_n "checking for MAXHOSTNAMELEN in netdb.h... " >&6; } -if ${krb5_cv_header_netdb_h_maxhostnamelen+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -int i = MAXHOSTNAMELEN; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_header_netdb_h_maxhostnamelen=yes -else - krb5_cv_header_netdb_h_maxhostnamelen=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_header_netdb_h_maxhostnamelen" >&5 -$as_echo "$krb5_cv_header_netdb_h_maxhostnamelen" >&6; } - -GSSRPC__SYS_PARAM_H='/* #include */' -GSSRPC__NETDB_H='/* #include */' -if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then - GSSRPC__SYS_PARAM_H='#include ' -else - if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then - GSSRPC__NETDB_H='#include ' - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find MAXHOSTNAMELEN definition; faking it" >&5 -$as_echo "$as_me: WARNING: can't find MAXHOSTNAMELEN definition; faking it" >&2;} - fi -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD type aliases" >&5 -$as_echo_n "checking for BSD type aliases... " >&6; } -if ${krb5_cv_type_bsdaliases+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#if HAVE_UNISTD_H -#include -#endif -int -main () -{ -u_char c; -u_int i; -u_long l; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - krb5_cv_type_bsdaliases=yes -else - krb5_cv_type_bsdaliases=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_type_bsdaliases" >&5 -$as_echo "$krb5_cv_type_bsdaliases" >&6; } -if test $krb5_cv_type_bsdaliases = yes; then - GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */' -else - GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1' -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of setrpcent" >&5 -$as_echo_n "checking return type of setrpcent... " >&6; } -if ${k5_cv_type_setrpcent+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#ifdef __cplusplus -extern "C" -#endif -extern void setrpcent(); -int -main () -{ -int i; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - k5_cv_type_setrpcent=void -else - k5_cv_type_setrpcent=int -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_setrpcent" >&5 -$as_echo "$k5_cv_type_setrpcent" >&6; } - -cat >>confdefs.h <<_ACEOF -@%:@define SETRPCENT_TYPE $k5_cv_type_setrpcent -_ACEOF - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of endrpcent" >&5 -$as_echo_n "checking return type of endrpcent... " >&6; } -if ${k5_cv_type_endrpcent+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#ifdef __cplusplus -extern "C" -#endif -extern void endrpcent(); -int -main () -{ -int i; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - k5_cv_type_endrpcent=void -else - k5_cv_type_endrpcent=int -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_endrpcent" >&5 -$as_echo "$k5_cv_type_endrpcent" >&6; } - -cat >>confdefs.h <<_ACEOF -@%:@define ENDRPCENT_TYPE $k5_cv_type_endrpcent -_ACEOF - -ac_config_files="$ac_config_files include/gssrpc/types.h:include/gssrpc/types.hin" - -PASS=tcp - - -# for pkinit -@%:@ Check whether --enable-pkinit was given. -if test "${enable_pkinit+set}" = set; then : - enableval=$enable_pkinit; -else - enable_pkinit=try -fi - -if test "$enable_pkinit" = yes || test "$enable_pkinit" = try; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a recent enough OpenSSL" >&5 -$as_echo_n "checking for a recent enough OpenSSL... " >&6; } -if ${k5_cv_openssl_version_okay+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#if OPENSSL_VERSION_NUMBER < 0x10000000L -# error openssl is too old, need 1.0.0 -#endif -int i = 1; - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - k5_cv_openssl_version_okay=yes -else - k5_cv_openssl_version_okay=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $k5_cv_openssl_version_okay" >&5 -$as_echo "$k5_cv_openssl_version_okay" >&6; } - old_LIBS="$LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS7_get_signer_info in -lcrypto" >&5 -$as_echo_n "checking for PKCS7_get_signer_info in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_PKCS7_get_signer_info+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char PKCS7_get_signer_info (); -int -main () -{ -return PKCS7_get_signer_info (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_PKCS7_get_signer_info=yes -else - ac_cv_lib_crypto_PKCS7_get_signer_info=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_PKCS7_get_signer_info" >&5 -$as_echo "$ac_cv_lib_crypto_PKCS7_get_signer_info" >&6; } -if test "x$ac_cv_lib_crypto_PKCS7_get_signer_info" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBCRYPTO 1 -_ACEOF - - LIBS="-lcrypto $LIBS" - -fi - - LIBS="$old_LIBS" -fi -if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then - ac_config_files="$ac_config_files plugins/preauth/pkinit/Makefile:$srcdir/./config/pre.in:plugins/preauth/pkinit/Makefile.in:plugins/preauth/pkinit/deps:$srcdir/./config/post.in" - - - - ac_config_files="$ac_config_files tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in" - - - - PKINIT=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CMS_get0_content in -lcrypto" >&5 -$as_echo_n "checking for CMS_get0_content in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_CMS_get0_content+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char CMS_get0_content (); -int -main () -{ -return CMS_get0_content (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_CMS_get0_content=yes -else - ac_cv_lib_crypto_CMS_get0_content=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_CMS_get0_content" >&5 -$as_echo "$ac_cv_lib_crypto_CMS_get0_content" >&6; } -if test "x$ac_cv_lib_crypto_CMS_get0_content" = xyes; then : - -$as_echo "@%:@define HAVE_OPENSSL_CMS 1" >>confdefs.h - -fi - -elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then - as_fn_error $? "Version of OpenSSL is too old; cannot enable PKINIT." "$LINENO" 5 -else - -$as_echo "@%:@define DISABLE_PKINIT 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: Disabling PKINIT support." >&5 -$as_echo "$as_me: Disabling PKINIT support." >&6;} - PKINIT=no -fi - - -# for lib/apputils -ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" -if test "x$ac_cv_func_daemon" = xyes; then : - $as_echo "@%:@define HAVE_DAEMON 1" >>confdefs.h - -else - case " $LIB@&t@OBJS " in - *" daemon.$ac_objext "* ) ;; - *) LIB@&t@OBJS="$LIB@&t@OBJS daemon.$ac_objext" - ;; -esac - -fi - - - -# for tests/ -if test x"$RUNTEST" != x; then - HAVE_RUNTEST=yes -else - HAVE_RUNTEST=no -fi - - -# For Python tests. Python version 3.2.4 is required as prior -# versions do not accept string input to subprocess.Popen.communicate -# when universal_newlines is set. -PYTHON_MINVERSION=3.2.4 - -# Extract the first word of "python3", so it can be a program name with args. -set dummy python3; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$PYTHON"; then - ac_cv_prog_PYTHON="$PYTHON" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_PYTHON="python3" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -PYTHON=$ac_cv_prog_PYTHON -if test -n "$PYTHON"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 -$as_echo "$PYTHON" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test x"$PYTHON" = x; then - # Extract the first word of "python", so it can be a program name with args. -set dummy python; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PYTHON+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$PYTHON"; then - ac_cv_prog_PYTHON="$PYTHON" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_PYTHON="python" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -PYTHON=$ac_cv_prog_PYTHON -if test -n "$PYTHON"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 -$as_echo "$PYTHON" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -HAVE_PYTHON=no -if test x"$PYTHON" != x; then - wantver="(sys.hexversion >= 0x30204F0)" - if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then - HAVE_PYTHON=yes - fi -fi - - -# For cmocka tests. -CMOCKA_LIBS= -HAVE_CMOCKA=no -HAVE_CMOCKA_H=no -HAVE_CMOCKA_LIB=no -ac_fn_c_check_header_compile "$LINENO" "cmocka.h" "ac_cv_header_cmocka_h" " -#include -#include -#include -" -if test "x$ac_cv_header_cmocka_h" = xyes; then : - HAVE_CMOCKA_H=yes -else - : -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _cmocka_run_group_tests in -lcmocka" >&5 -$as_echo_n "checking for _cmocka_run_group_tests in -lcmocka... " >&6; } -if ${ac_cv_lib_cmocka__cmocka_run_group_tests+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcmocka $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char _cmocka_run_group_tests (); -int -main () -{ -return _cmocka_run_group_tests (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_cmocka__cmocka_run_group_tests=yes -else - ac_cv_lib_cmocka__cmocka_run_group_tests=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cmocka__cmocka_run_group_tests" >&5 -$as_echo "$ac_cv_lib_cmocka__cmocka_run_group_tests" >&6; } -if test "x$ac_cv_lib_cmocka__cmocka_run_group_tests" = xyes; then : - HAVE_CMOCKA_LIB=yes -fi - -if test "$HAVE_CMOCKA_LIB" = yes && test "$HAVE_CMOCKA_H" = yes; then - HAVE_CMOCKA=yes - CMOCKA_LIBS='-lcmocka' - -$as_echo "@%:@define HAVE_CMOCKA 1" >>confdefs.h - -fi - - - -# For URI lookup tests. Requires resolv_wrapper >= 1.1.5 for URI -# support. -HAVE_RESOLV_WRAPPER=0 -if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"resolv_wrapper >= 1.1.5\""; } >&5 - ($PKG_CONFIG --exists --print-errors "resolv_wrapper >= 1.1.5") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - HAVE_RESOLV_WRAPPER=1 -fi - - -# for plugins/kdb/db2 - -# AIX is unusual in that it wants all symbols resolved at link time -# Fortunately, it will allow us to link the kdb library now, even if -# it is linked again later. -case $krb5_cv_host in -*-*-aix*) - DB_EXTRA_LIBS=-ldb - ;; -*) - DB_EXTRA_LIBS= - ;; -esac - - - - -# Check for thread safety issues. -# (Is there a better place for this?) -# tsfuncs="getpwnam_r getpwuid_r gethostbyname_r getservbyname_r gmtime_r localtime_r" -# Removed getpwnam_r and getpwuid_r because include/configure.in has some -# more careful checks, and may decide to pretend that they're not found if -# the function signatures can't be figured out. -tsfuncs="gethostbyname_r getservbyname_r gmtime_r localtime_r" -for ac_func in $tsfuncs -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -if test "$enable_thread_support" = yes; then - tsmissing="" - for ts in $tsfuncs; do - if eval "test \"\${ac_cv_func_$ts}\" != yes"; then - tsmissing="$tsmissing $ts" - fi - done - if test "$ac_cv_func_res_nsearch/$ac_cv_lib_resolv_res_nsearch" = "no/no"; then - tsmissing="$tsmissing res_nsearch" - fi - if test "$tsmissing" != ""; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Some functions that are needed for library thread" >&5 -$as_echo "$as_me: WARNING: Some functions that are needed for library thread" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: safety appear to be missing." >&5 -$as_echo "$as_me: WARNING: safety appear to be missing." >&2;} - for ts in $tsmissing; do - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: missing thread-safe function: $ts" >&5 -$as_echo "$as_me: WARNING: missing thread-safe function: $ts" >&2;} - done - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Without these functions, the installed libraries" >&5 -$as_echo "$as_me: WARNING: Without these functions, the installed libraries" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: may not be thread-safe." >&5 -$as_echo "$as_me: WARNING: may not be thread-safe." >&2;} - fi # tsmissing not empty -fi # enable_thread_support - -# Sadly, we seem to have accidentally committed ourselves in 1.4 to -# an ABI that includes the existence of libkrb5support.0 even -# though random apps should never use anything from it. And on -# the Mac, to which that didn't apply, we can't use major version 0. - -case $krb5_cv_host in -*-*-darwin* | *-*-rhapsody*) SUPPORTLIB_MAJOR=1 ;; -*) SUPPORTLIB_MAJOR=0 ;; -esac - - - -if test "$COM_ERR_VERSION" = k5 ; then - ac_config_files="$ac_config_files util/et/Makefile:$srcdir/./config/pre.in:util/et/Makefile.in:util/et/deps:$srcdir/./config/post.in" - - - -fi -if test "$SS_VERSION" = k5 ; then - ac_config_files="$ac_config_files util/ss/Makefile:$srcdir/./config/pre.in:util/ss/Makefile.in:util/ss/deps:$srcdir/./config/post.in" - - - -fi - - -ldap_plugin_dir="" -ldap_lib="" -if test -n "$OPENLDAP_PLUGIN"; then - for ac_header in ldap.h lber.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - : -else - as_fn_error $? "$ac_header not found" "$LINENO" 5 -fi - -done - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_str2dn in -lldap" >&5 -$as_echo_n "checking for ldap_str2dn in -lldap... " >&6; } -if ${ac_cv_lib_ldap_ldap_str2dn+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lldap $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ldap_str2dn (); -int -main () -{ -return ldap_str2dn (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ldap_ldap_str2dn=yes -else - ac_cv_lib_ldap_ldap_str2dn=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_str2dn" >&5 -$as_echo "$ac_cv_lib_ldap_ldap_str2dn" >&6; } -if test "x$ac_cv_lib_ldap_ldap_str2dn" = xyes; then : - : -else - as_fn_error $? "libldap not found or missing ldap_str2dn" "$LINENO" 5 -fi - - - BER_OKAY=0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_init in -lldap" >&5 -$as_echo_n "checking for ber_init in -lldap... " >&6; } -if ${ac_cv_lib_ldap_ber_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lldap $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ber_init (); -int -main () -{ -return ber_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ldap_ber_init=yes -else - ac_cv_lib_ldap_ber_init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ber_init" >&5 -$as_echo "$ac_cv_lib_ldap_ber_init" >&6; } -if test "x$ac_cv_lib_ldap_ber_init" = xyes; then : - BER_OKAY=1 -fi - - if test "$BER_OKAY" = "1"; then - LDAP_LIBS='-lldap' - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_init in -llber" >&5 -$as_echo_n "checking for ber_init in -llber... " >&6; } -if ${ac_cv_lib_lber_ber_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llber $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ber_init (); -int -main () -{ -return ber_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lber_ber_init=yes -else - ac_cv_lib_lber_ber_init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_ber_init" >&5 -$as_echo "$ac_cv_lib_lber_ber_init" >&6; } -if test "x$ac_cv_lib_lber_ber_init" = xyes; then : - BER_OKAY=1 -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libber not found" >&5 -$as_echo "$as_me: WARNING: libber not found" >&2;} -fi - - if test "$BER_OKAY" = "1"; then - LDAP_LIBS='-lldap -llber' - else - as_fn_error $? "\"BER library missing - cannot build LDAP database module\"" "$LINENO" 5 - fi - fi - -$as_echo "@%:@define ENABLE_LDAP 1" >>confdefs.h - - - - for ac_header in sasl/sasl.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sasl/sasl.h" "ac_cv_header_sasl_sasl_h" "$ac_includes_default" -if test "x$ac_cv_header_sasl_sasl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_SASL_SASL_H 1 -_ACEOF - HAVE_SASL=yes -else - HAVE_SASL=no -fi - -done - - - if test "$HAVE_SASL" = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: not building LDAP SASL support" >&5 -$as_echo "$as_me: WARNING: not building LDAP SASL support" >&2;} - fi - - ac_config_files="$ac_config_files plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:plugins/kdb/ldap/deps:$srcdir/./config/post.in" - - - - ac_config_files="$ac_config_files plugins/kdb/ldap/ldap_util/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/ldap_util/Makefile.in:plugins/kdb/ldap/ldap_util/deps:$srcdir/./config/post.in" - - - - ac_config_files="$ac_config_files plugins/kdb/ldap/libkdb_ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/libkdb_ldap/Makefile.in:plugins/kdb/ldap/libkdb_ldap/deps:$srcdir/./config/post.in" - - - - ldap_plugin_dir='plugins/kdb/ldap plugins/kdb/ldap/ldap_util' - LDAP=yes -else - LDAP=no -fi - - -# This check is for plugins/preauth/securid_sam2 -sam2_plugin="" -old_CFLAGS=$CFLAGS -CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SD_Init in -laceclnt" >&5 -$as_echo_n "checking for SD_Init in -laceclnt... " >&6; } -if ${ac_cv_lib_aceclnt_SD_Init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-laceclnt $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SD_Init (); -int -main () -{ -return SD_Init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_aceclnt_SD_Init=yes -else - ac_cv_lib_aceclnt_SD_Init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_aceclnt_SD_Init" >&5 -$as_echo "$ac_cv_lib_aceclnt_SD_Init" >&6; } -if test "x$ac_cv_lib_aceclnt_SD_Init" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: Enabling RSA securID support" >&5 -$as_echo "$as_me: Enabling RSA securID support" >&6;} - ac_config_files="$ac_config_files plugins/preauth/securid_sam2/Makefile:$srcdir/./config/pre.in:plugins/preauth/securid_sam2/Makefile.in:plugins/preauth/securid_sam2/deps:$srcdir/./config/post.in" - - - - sam2_plugin=plugins/preauth/securid_sam2 - -fi - - -CFLAGS=$old_CFLAGS - -lmdb_plugin_dir="" -HAVE_LMDB=no - -@%:@ Check whether --with-lmdb was given. -if test "${with_lmdb+set}" = set; then : - withval=$with_lmdb; -else - withval=auto -fi - -if test "$withval" = auto -o "$withval" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mdb_env_create in -llmdb" >&5 -$as_echo_n "checking for mdb_env_create in -llmdb... " >&6; } -if ${ac_cv_lib_lmdb_mdb_env_create+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-llmdb $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char mdb_env_create (); -int -main () -{ -return mdb_env_create (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_lmdb_mdb_env_create=yes -else - ac_cv_lib_lmdb_mdb_env_create=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lmdb_mdb_env_create" >&5 -$as_echo "$ac_cv_lib_lmdb_mdb_env_create" >&6; } -if test "x$ac_cv_lib_lmdb_mdb_env_create" = xyes; then : - have_lmdb=true -else - have_lmdb=false -fi - - if test "$have_lmdb" = true; then - LMDB_LIBS=-llmdb - HAVE_LMDB=yes - lmdb_plugin_dir='plugins/kdb/lmdb' - ac_config_files="$ac_config_files plugins/kdb/lmdb/Makefile:$srcdir/./config/pre.in:plugins/kdb/lmdb/Makefile.in:plugins/kdb/lmdb/deps:$srcdir/./config/post.in" - - - - elif test "$withval" = yes; then - as_fn_error $? "liblmdb not found" "$LINENO" 5 - fi -fi - - - - -# Kludge for simple server --- FIXME is this the best way to do this? - -if test "$ac_cv_lib_socket" = "yes" -a "$ac_cv_lib_nsl" = "yes"; then - -$as_echo "@%:@define BROKEN_STREAMS_SOCKETS 1" >>confdefs.h - -fi - -# Compile with libedit support in ss by default if available. Compile -# with readline only if asked, to avoid a default GPL dependency. -# Building with readline also breaks the dejagnu test suite. - -@%:@ Check whether --with-libedit was given. -if test "${with_libedit+set}" = set; then : - withval=$with_libedit; -else - with_libedit=default -fi - - -@%:@ Check whether --with-readline was given. -if test "${with_readline+set}" = set; then : - withval=$with_readline; -else - with_readline=no -fi - -if test "x$with_readline" = xyes; then - with_libedit=no -fi -RL_CFLAGS= -RL_LIBS= -if test "x$with_libedit" != xno; then - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libedit" >&5 -$as_echo_n "checking for libedit... " >&6; } - -if test -n "$LIBEDIT_CFLAGS"; then - pkg_cv_LIBEDIT_CFLAGS="$LIBEDIT_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libedit\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libedit") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_LIBEDIT_CFLAGS=`$PKG_CONFIG --cflags "libedit" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$LIBEDIT_LIBS"; then - pkg_cv_LIBEDIT_LIBS="$LIBEDIT_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libedit\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libedit") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_LIBEDIT_LIBS=`$PKG_CONFIG --libs "libedit" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - LIBEDIT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libedit" 2>&1` - else - LIBEDIT_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libedit" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$LIBEDIT_PKG_ERRORS" >&5 - - have_libedit=no -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - have_libedit=no -else - LIBEDIT_CFLAGS=$pkg_cv_LIBEDIT_CFLAGS - LIBEDIT_LIBS=$pkg_cv_LIBEDIT_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - have_libedit=yes -fi - if test "x$have_libedit" = xyes; then - RL_CFLAGS=$LIBEDIT_CFLAGS - RL_LIBS=$LIBEDIT_LIBS - -$as_echo "@%:@define HAVE_LIBEDIT 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: Using libedit for readline support" >&5 -$as_echo "$as_me: Using libedit for readline support" >&6;} - elif test "x$with_libedit" = xyes; then - # We were explicitly asked for libedit and couldn't find it. - as_fn_error $? "Could not detect libedit with pkg-config" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: Not using any readline support" >&5 -$as_echo "$as_me: Not using any readline support" >&6;} - fi -elif test "x$with_readline" = xyes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Using GNU Readline" >&5 -$as_echo "$as_me: Using GNU Readline" >&6;} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lreadline" >&5 -$as_echo_n "checking for main in -lreadline... " >&6; } -if ${ac_cv_lib_readline_main+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lreadline $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -int -main () -{ -return main (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_readline_main=yes -else - ac_cv_lib_readline_main=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_readline_main" >&5 -$as_echo "$ac_cv_lib_readline_main" >&6; } -if test "x$ac_cv_lib_readline_main" = xyes; then : - : -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "Cannot find readline library. -See \`config.log' for more details" "$LINENO" 5; } -fi - - -$as_echo "@%:@define HAVE_READLINE 1" >>confdefs.h - - RL_LIBS='-lreadline' -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Not using any readline support" >&5 -$as_echo "Not using any readline support" >&6; } -fi - - - - -@%:@ Check whether --with-system-verto was given. -if test "${with_system_verto+set}" = set; then : - withval=$with_system_verto; -else - with_system_verto=default -fi - -VERTO_VERSION=k5 -if test "x$with_system_verto" != xno; then - -pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libverto" >&5 -$as_echo_n "checking for libverto... " >&6; } - -if test -n "$VERTO_CFLAGS"; then - pkg_cv_VERTO_CFLAGS="$VERTO_CFLAGS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libverto\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libverto") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_VERTO_CFLAGS=`$PKG_CONFIG --cflags "libverto" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi -if test -n "$VERTO_LIBS"; then - pkg_cv_VERTO_LIBS="$VERTO_LIBS" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libverto\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libverto") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_VERTO_LIBS=`$PKG_CONFIG --libs "libverto" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - - - -if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi - if test $_pkg_short_errors_supported = yes; then - VERTO_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libverto" 2>&1` - else - VERTO_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libverto" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$VERTO_PKG_ERRORS" >&5 - - have_sysverto=no -elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - have_sysverto=no -else - VERTO_CFLAGS=$pkg_cv_VERTO_CFLAGS - VERTO_LIBS=$pkg_cv_VERTO_LIBS - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - have_sysverto=yes -fi - if test "x$have_sysverto" = xyes; then - VERTO_VERSION=sys - elif test "x$with_system_verto" = xyes; then - as_fn_error $? "cannot detect system libverto" "$LINENO" 5 - fi -fi -if test "x$VERTO_VERSION" = xsys; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Using system libverto" >&5 -$as_echo "$as_me: Using system libverto" >&6;} -else - VERTO_CFLAGS= - VERTO_LIBS="-lverto" - { $as_echo "$as_me:${as_lineno-$LINENO}: Using built-in libverto" >&5 -$as_echo "$as_me: Using built-in libverto" >&6;} -fi - - - - -# Extract the first word of "groff", so it can be a program name with args. -set dummy groff; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_GROFF+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $GROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -GROFF=$ac_cv_path_GROFF -if test -n "$GROFF"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 -$as_echo "$GROFF" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - - - -@%:@ Check whether --with-pam was given. -if test "${with_pam+set}" = set; then : - withval=$with_pam; withpam="$withval" -else - withpam=auto -fi - - -@%:@ Check whether --with-pam-ksu-service was given. -if test "${with_pam_ksu_service+set}" = set; then : - withval=$with_pam_ksu_service; withksupamservice="$withval" -else - withksupamservice=ksu -fi - -old_LIBS="$LIBS" -if test "$withpam" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for PAM..." >&5 -$as_echo "checking for PAM..." >&6; } - PAM_LIBS= - - for ac_header in security/pam_appl.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "security/pam_appl.h" "ac_cv_header_security_pam_appl_h" "$ac_includes_default" -if test "x$ac_cv_header_security_pam_appl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_SECURITY_PAM_APPL_H 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_security_pam_appl_h" != xyes ; then - if test "$withpam" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate security/pam_appl.h." >&5 -$as_echo "Unable to locate security/pam_appl.h." >&6; } - withpam=no - else - as_fn_error $? "Unable to locate security/pam_appl.h." "$LINENO" 5 - fi - fi - - LIBS= - unset ac_cv_func_pam_start - for ac_func in putenv pam_start -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_pam_start" = xno ; then - unset ac_cv_func_pam_start - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dl_dlopen=yes -else - ac_cv_lib_dl_dlopen=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBDL 1 -_ACEOF - - LIBS="-ldl $LIBS" - -fi - - for ac_func in pam_start -do : - ac_fn_c_check_func "$LINENO" "pam_start" "ac_cv_func_pam_start" -if test "x$ac_cv_func_pam_start" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_PAM_START 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_pam_start" = xno ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 -$as_echo_n "checking for pam_start in -lpam... " >&6; } -if ${ac_cv_lib_pam_pam_start+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lpam $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pam_start (); -int -main () -{ -return pam_start (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_pam_pam_start=yes -else - ac_cv_lib_pam_pam_start=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 -$as_echo "$ac_cv_lib_pam_pam_start" >&6; } -if test "x$ac_cv_lib_pam_pam_start" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBPAM 1 -_ACEOF - - LIBS="-lpam $LIBS" - -fi - - unset ac_cv_func_pam_start - unset ac_cv_func_pam_getenvlist - for ac_func in pam_start pam_getenvlist -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_pam_start" = xyes ; then - PAM_LIBS="$LIBS" - else - if test "$withpam" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate libpam." >&5 -$as_echo "Unable to locate libpam." >&6; } - withpam=no - else - as_fn_error $? "Unable to locate libpam." "$LINENO" 5 - fi - fi - fi - fi - if test "$withpam" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: building with PAM support" >&5 -$as_echo "$as_me: building with PAM support" >&6;} - -$as_echo "@%:@define USE_PAM 1" >>confdefs.h - - -cat >>confdefs.h <<_ACEOF -@%:@define KSU_PAM_SERVICE "$withksupamservice" -_ACEOF - - PAM_LIBS="$LIBS" - NON_PAM_MAN=".\\\" " - PAM_MAN= - else - PAM_MAN=".\\\" " - NON_PAM_MAN= - fi -fi -LIBS="$old_LIBS" - - - - - - - -@%:@ Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then : - withval=$with_selinux; withselinux="$withval" -else - withselinux=auto -fi - -old_LIBS="$LIBS" -if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for libselinux..." >&5 -$as_echo "checking for libselinux..." >&6; } - SELINUX_LIBS= - for ac_header in selinux/selinux.h selinux/label.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate selinux/selinux.h." >&5 -$as_echo "Unable to locate selinux/selinux.h." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate selinux/selinux.h." "$LINENO" 5 - fi - fi - - LIBS= - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xno ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setfscreatecon in -lselinux" >&5 -$as_echo_n "checking for setfscreatecon in -lselinux... " >&6; } -if ${ac_cv_lib_selinux_setfscreatecon+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lselinux $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setfscreatecon (); -int -main () -{ -return setfscreatecon (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_selinux_setfscreatecon=yes -else - ac_cv_lib_selinux_setfscreatecon=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setfscreatecon" >&5 -$as_echo "$ac_cv_lib_selinux_setfscreatecon" >&6; } -if test "x$ac_cv_lib_selinux_setfscreatecon" = xyes; then : - cat >>confdefs.h <<_ACEOF -@%:@define HAVE_LIBSELINUX 1 -_ACEOF - - LIBS="-lselinux $LIBS" - -fi - - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xyes ; then - SELINUX_LIBS="$LIBS" - else - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate libselinux." >&5 -$as_echo "Unable to locate libselinux." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate libselinux." "$LINENO" 5 - fi - fi - fi - if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: building with SELinux labeling support" >&5 -$as_echo "$as_me: building with SELinux labeling support" >&6;} - -$as_echo "@%:@define USE_SELINUX 1" >>confdefs.h - - SELINUX_LIBS="$LIBS" - EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" - fi -fi -LIBS="$old_LIBS" - - - -# Make localedir work in autoconf 2.5x. -if test "${localedir+set}" != set; then - localedir='$(datadir)/locale' -fi - - -# For KCM lib/krb5/ccache to build KCM Mach RPC support for macOS only. -case $host in -*-*-darwin* | *-*-rhapsody*) OSX=osx ;; -*) OSX=no ;; -esac - - -# Build-time default ccache, keytab, and client keytab names. These -# can be given as variable arguments DEFCCNAME, DEFKTNAME, and -# DEFCKTNAME. Otherwise, we try to get the OS defaults from -# krb5-config if we can, or fall back to hardcoded defaults. - - - - -@%:@ Check whether --with-krb5-config was given. -if test "${with_krb5_config+set}" = set; then : - withval=$with_krb5_config; -else - with_krb5_config=krb5-config -fi - -if test "x$with_krb5_config" != xno; then - if test "x$with_krb5_config" = xyes; then - with_krb5_config=krb5-config - fi - if $with_krb5_config --help 2>&1 | grep defccname >/dev/null; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Using $with_krb5_config for build defaults" >&5 -$as_echo "$as_me: Using $with_krb5_config for build defaults" >&6;} - : "${DEFCCNAME=`$with_krb5_config --defccname`}" - : "${DEFKTNAME=`$with_krb5_config --defktname`}" - : "${DEFCKTNAME=`$with_krb5_config --defcktname`}" - fi -fi -if test "${DEFCCNAME+set}" != set; then - case $host in - *-*-darwin[0-9].* | *-*-darwin10.*) - # Use the normal default for macOS 10.6 (Darwin 10) and prior. - ;; - *-*-darwin*) - # For macOS 10.7 (Darwin 11) and later, the native ccache uses - # the KCM daemon. - DEFCCNAME=KCM: - ;; - esac - if test "${DEFCCNAME+set}" != set; then - DEFCCNAME=FILE:/tmp/krb5cc_%{uid} - fi -fi -if test "${DEFKTNAME+set}" != set; then - DEFKTNAME=FILE:/etc/krb5.keytab -fi -if test "${DEFCKTNAME+set}" != set; then - _lcl_receval="$localstatedir" -exp_localstatedir=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix" - test "x$exec_prefix" = xNONE && exec_prefix="${prefix}" - _lcl_receval_old='' - while test "$_lcl_receval_old" != "$_lcl_receval"; do - _lcl_receval_old="$_lcl_receval" - eval _lcl_receval="\"$_lcl_receval\"" - done - echo "$_lcl_receval")` - DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: Default ccache name: $DEFCCNAME" >&5 -$as_echo "$as_me: Default ccache name: $DEFCCNAME" >&6;} -{ $as_echo "$as_me:${as_lineno-$LINENO}: Default keytab name: $DEFKTNAME" >&5 -$as_echo "$as_me: Default keytab name: $DEFKTNAME" >&6;} -{ $as_echo "$as_me:${as_lineno-$LINENO}: Default client keytab name: $DEFCKTNAME" >&5 -$as_echo "$as_me: Default client keytab name: $DEFCKTNAME" >&6;} - -cat >>confdefs.h <<_ACEOF -@%:@define DEFCCNAME "$DEFCCNAME" -_ACEOF - - -cat >>confdefs.h <<_ACEOF -@%:@define DEFKTNAME "$DEFKTNAME" -_ACEOF - - -cat >>confdefs.h <<_ACEOF -@%:@define DEFCKTNAME "$DEFCKTNAME" -_ACEOF - - -ac_config_files="$ac_config_files build-tools/krb5-config" - -ac_config_files="$ac_config_files build-tools/kadm-server.pc build-tools/kadm-client.pc build-tools/kdb.pc build-tools/krb5.pc build-tools/krb5-gssapi.pc build-tools/mit-krb5.pc build-tools/mit-krb5-gssapi.pc build-tools/gssrpc.pc" - - - ac_config_files="$ac_config_files ./Makefile:$srcdir/./config/pre.in:./Makefile.in:./deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files util/Makefile:$srcdir/./config/pre.in:util/Makefile.in:util/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files util/support/Makefile:$srcdir/./config/pre.in:util/support/Makefile.in:util/support/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files util/profile/Makefile:$srcdir/./config/pre.in:util/profile/Makefile.in:util/profile/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files util/profile/testmod/Makefile:$srcdir/./config/pre.in:util/profile/testmod/Makefile.in:util/profile/testmod/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files util/verto/Makefile:$srcdir/./config/pre.in:util/verto/Makefile.in:util/verto/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/Makefile:$srcdir/./config/pre.in:lib/Makefile.in:lib/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/kdb/Makefile:$srcdir/./config/pre.in:lib/kdb/Makefile.in:lib/kdb/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/Makefile:$srcdir/./config/pre.in:lib/crypto/Makefile.in:lib/crypto/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/krb/Makefile:$srcdir/./config/pre.in:lib/crypto/krb/Makefile.in:lib/crypto/krb/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/Makefile.in:lib/crypto/$CRYPTO_IMPL/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/enc_provider/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/hash_provider/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md4/Makefile.in:lib/crypto/$CRYPTO_IMPL/md4/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md5/Makefile.in:lib/crypto/$CRYPTO_IMPL/md5/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha1/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha1/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/sha2/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha2/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha2/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/aes/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/aes/Makefile.in:lib/crypto/$CRYPTO_IMPL/aes/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/camellia/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/camellia/Makefile.in:lib/crypto/$CRYPTO_IMPL/camellia/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/crypto/crypto_tests/Makefile:$srcdir/./config/pre.in:lib/crypto/crypto_tests/Makefile.in:lib/crypto/crypto_tests/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/Makefile:$srcdir/./config/pre.in:lib/krb5/Makefile.in:lib/krb5/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/error_tables/Makefile:$srcdir/./config/pre.in:lib/krb5/error_tables/Makefile.in:lib/krb5/error_tables/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/asn.1/Makefile:$srcdir/./config/pre.in:lib/krb5/asn.1/Makefile.in:lib/krb5/asn.1/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/ccache/Makefile:$srcdir/./config/pre.in:lib/krb5/ccache/Makefile.in:lib/krb5/ccache/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/keytab/Makefile:$srcdir/./config/pre.in:lib/krb5/keytab/Makefile.in:lib/krb5/keytab/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/krb/Makefile:$srcdir/./config/pre.in:lib/krb5/krb/Makefile.in:lib/krb5/krb/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/rcache/Makefile:$srcdir/./config/pre.in:lib/krb5/rcache/Makefile.in:lib/krb5/rcache/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/os/Makefile:$srcdir/./config/pre.in:lib/krb5/os/Makefile.in:lib/krb5/os/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krb5/unicode/Makefile:$srcdir/./config/pre.in:lib/krb5/unicode/Makefile.in:lib/krb5/unicode/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/gssapi/Makefile:$srcdir/./config/pre.in:lib/gssapi/Makefile.in:lib/gssapi/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/gssapi/generic/Makefile:$srcdir/./config/pre.in:lib/gssapi/generic/Makefile.in:lib/gssapi/generic/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/gssapi/krb5/Makefile:$srcdir/./config/pre.in:lib/gssapi/krb5/Makefile.in:lib/gssapi/krb5/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/gssapi/spnego/Makefile:$srcdir/./config/pre.in:lib/gssapi/spnego/Makefile.in:lib/gssapi/spnego/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/gssapi/mechglue/Makefile:$srcdir/./config/pre.in:lib/gssapi/mechglue/Makefile.in:lib/gssapi/mechglue/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/rpc/Makefile:$srcdir/./config/pre.in:lib/rpc/Makefile.in:lib/rpc/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/rpc/unit-test/Makefile:$srcdir/./config/pre.in:lib/rpc/unit-test/Makefile.in:lib/rpc/unit-test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/kadm5/Makefile:$srcdir/./config/pre.in:lib/kadm5/Makefile.in:lib/kadm5/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/kadm5/clnt/Makefile:$srcdir/./config/pre.in:lib/kadm5/clnt/Makefile.in:lib/kadm5/clnt/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/kadm5/srv/Makefile:$srcdir/./config/pre.in:lib/kadm5/srv/Makefile.in:lib/kadm5/srv/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/kadm5/unit-test/Makefile:$srcdir/./config/pre.in:lib/kadm5/unit-test/Makefile.in:lib/kadm5/unit-test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/krad/Makefile:$srcdir/./config/pre.in:lib/krad/Makefile.in:lib/krad/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files lib/apputils/Makefile:$srcdir/./config/pre.in:lib/apputils/Makefile.in:lib/apputils/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kdc/Makefile:$srcdir/./config/pre.in:kdc/Makefile.in:kdc/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kprop/Makefile:$srcdir/./config/pre.in:kprop/Makefile.in:kprop/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files config-files/Makefile:$srcdir/./config/pre.in:config-files/Makefile.in:config-files/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files build-tools/Makefile:$srcdir/./config/pre.in:build-tools/Makefile.in:build-tools/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files man/Makefile:$srcdir/./config/pre.in:man/Makefile.in:man/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kadm5_auth/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_auth/test/Makefile.in:plugins/kadm5_auth/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/pwqual/test/Makefile:$srcdir/./config/pre.in:plugins/pwqual/test/Makefile.in:plugins/pwqual/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/audit/Makefile:$srcdir/./config/pre.in:plugins/audit/Makefile.in:plugins/audit/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/audit/test/Makefile:$srcdir/./config/pre.in:plugins/audit/test/Makefile.in:plugins/audit/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/Makefile.in:plugins/kdb/db2/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/Makefile.in:plugins/kdb/db2/libdb2/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/hash/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/hash/Makefile.in:plugins/kdb/db2/libdb2/hash/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/btree/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/btree/Makefile.in:plugins/kdb/db2/libdb2/btree/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/db/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/db/Makefile.in:plugins/kdb/db2/libdb2/db/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/mpool/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/mpool/Makefile.in:plugins/kdb/db2/libdb2/mpool/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/recno/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/recno/Makefile.in:plugins/kdb/db2/libdb2/recno/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/test/Makefile.in:plugins/kdb/db2/libdb2/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdb/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/test/Makefile.in:plugins/kdb/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/kdcpolicy/test/Makefile:$srcdir/./config/pre.in:plugins/kdcpolicy/test/Makefile.in:plugins/kdcpolicy/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/preauth/otp/Makefile:$srcdir/./config/pre.in:plugins/preauth/otp/Makefile.in:plugins/preauth/otp/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/preauth/spake/Makefile:$srcdir/./config/pre.in:plugins/preauth/spake/Makefile.in:plugins/preauth/spake/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/preauth/test/Makefile:$srcdir/./config/pre.in:plugins/preauth/test/Makefile.in:plugins/preauth/test/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/authdata/greet_client/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_client/Makefile.in:plugins/authdata/greet_client/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/authdata/greet_server/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_server/Makefile.in:plugins/authdata/greet_server/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files plugins/tls/k5tls/Makefile:$srcdir/./config/pre.in:plugins/tls/k5tls/Makefile.in:plugins/tls/k5tls/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/Makefile:$srcdir/./config/pre.in:clients/Makefile.in:clients/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/klist/Makefile:$srcdir/./config/pre.in:clients/klist/Makefile.in:clients/klist/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/kinit/Makefile:$srcdir/./config/pre.in:clients/kinit/Makefile.in:clients/kinit/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/kvno/Makefile:$srcdir/./config/pre.in:clients/kvno/Makefile.in:clients/kvno/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/kdestroy/Makefile:$srcdir/./config/pre.in:clients/kdestroy/Makefile.in:clients/kdestroy/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/kpasswd/Makefile:$srcdir/./config/pre.in:clients/kpasswd/Makefile.in:clients/kpasswd/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/ksu/Makefile:$srcdir/./config/pre.in:clients/ksu/Makefile.in:clients/ksu/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files clients/kswitch/Makefile:$srcdir/./config/pre.in:clients/kswitch/Makefile.in:clients/kswitch/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/Makefile:$srcdir/./config/pre.in:kadmin/Makefile.in:kadmin/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/cli/Makefile:$srcdir/./config/pre.in:kadmin/cli/Makefile.in:kadmin/cli/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/dbutil/Makefile:$srcdir/./config/pre.in:kadmin/dbutil/Makefile.in:kadmin/dbutil/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/ktutil/Makefile:$srcdir/./config/pre.in:kadmin/ktutil/Makefile.in:kadmin/ktutil/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/server/Makefile:$srcdir/./config/pre.in:kadmin/server/Makefile.in:kadmin/server/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/testing/Makefile:$srcdir/./config/pre.in:kadmin/testing/Makefile.in:kadmin/testing/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/testing/scripts/Makefile:$srcdir/./config/pre.in:kadmin/testing/scripts/Makefile.in:kadmin/testing/scripts/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files kadmin/testing/util/Makefile:$srcdir/./config/pre.in:kadmin/testing/util/Makefile.in:kadmin/testing/util/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/Makefile:$srcdir/./config/pre.in:appl/Makefile.in:appl/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/sample/Makefile:$srcdir/./config/pre.in:appl/sample/Makefile.in:appl/sample/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/sample/sclient/Makefile:$srcdir/./config/pre.in:appl/sample/sclient/Makefile.in:appl/sample/sclient/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/sample/sserver/Makefile:$srcdir/./config/pre.in:appl/sample/sserver/Makefile.in:appl/sample/sserver/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/simple/Makefile:$srcdir/./config/pre.in:appl/simple/Makefile.in:appl/simple/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/simple/client/Makefile:$srcdir/./config/pre.in:appl/simple/client/Makefile.in:appl/simple/client/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/simple/server/Makefile:$srcdir/./config/pre.in:appl/simple/server/Makefile.in:appl/simple/server/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/gss-sample/Makefile:$srcdir/./config/pre.in:appl/gss-sample/Makefile.in:appl/gss-sample/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files appl/user_user/Makefile:$srcdir/./config/pre.in:appl/user_user/Makefile.in:appl/user_user/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/Makefile:$srcdir/./config/pre.in:tests/Makefile.in:tests/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/resolve/Makefile:$srcdir/./config/pre.in:tests/resolve/Makefile.in:tests/resolve/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/asn.1/Makefile:$srcdir/./config/pre.in:tests/asn.1/Makefile.in:tests/asn.1/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/create/Makefile:$srcdir/./config/pre.in:tests/create/Makefile.in:tests/create/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/hammer/Makefile:$srcdir/./config/pre.in:tests/hammer/Makefile.in:tests/hammer/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/verify/Makefile:$srcdir/./config/pre.in:tests/verify/Makefile.in:tests/verify/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/gssapi/Makefile:$srcdir/./config/pre.in:tests/gssapi/Makefile.in:tests/gssapi/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/dejagnu/Makefile:$srcdir/./config/pre.in:tests/dejagnu/Makefile.in:tests/dejagnu/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/threads/Makefile:$srcdir/./config/pre.in:tests/threads/Makefile.in:tests/threads/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in" - ac_config_files="$ac_config_files tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in" - -cat >confcache <<\_ACEOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs, see configure's option --config-cache. -# It is not useful on other systems. If it contains results you don't -# want to keep, you may remove or edit it. -# -# config.status only pays attention to the cache file if you give it -# the --recheck option to rerun configure. -# -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the -# following values. - -_ACEOF - -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, we kill variables containing newlines. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -( - for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done - - (set) 2>&1 | - case $as_nl`(ac_space=' '; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote - # substitution turns \\\\ into \\, and sed turns \\ into \. - sed -n \ - "s/'/'\\\\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" - ;; #( - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) | - sed ' - /^ac_cv_env_/b end - t clear - :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ - t end - s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ - :end' >>confcache -if diff "$cache_file" confcache >/dev/null 2>&1; then :; else - if test -w "$cache_file"; then - if test "x$cache_file" != "x/dev/null"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -$as_echo "$as_me: updating cache $cache_file" >&6;} - if test ! -f "$cache_file" || test -h "$cache_file"; then - cat confcache >"$cache_file" - else - case $cache_file in #( - */* | ?:*) - mv -f confcache "$cache_file"$$ && - mv -f "$cache_file"$$ "$cache_file" ;; #( - *) - mv -f confcache "$cache_file" ;; - esac - fi - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} - fi -fi -rm -f confcache - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -DEFS=-DHAVE_CONFIG_H - -ac_libobjs= -ac_ltlibobjs= -U= -for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue - # 1. Remove the extension, and $U if already installed. - ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`$as_echo "$ac_i" | sed "$ac_script"` - # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR - # will be set to the directory where LIBOBJS objects are built. - as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" - as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' -done -LIB@&t@OBJS=$ac_libobjs - -LTLIBOBJS=$ac_ltlibobjs - - - -: "${CONFIG_STATUS=./config.status}" -ac_write_fail=0 -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} -as_write_fail=0 -cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 -#! $SHELL -# Generated by $as_me. -# Run this file to recreate the current configuration. -# Compiler output produced by configure, useful for debugging -# configure, is in config.log if it exists. - -debug=false -ac_cs_recheck=false -ac_cs_silent=false - -SHELL=\${CONFIG_SHELL-$SHELL} -export SHELL -_ASEOF -cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in @%:@( - *posix*) : - set -o posix ;; @%:@( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in @%:@( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in @%:@(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - - -@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD] -@%:@ ---------------------------------------- -@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are -@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the -@%:@ script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} @%:@ as_fn_error - - -@%:@ as_fn_set_status STATUS -@%:@ ----------------------- -@%:@ Set @S|@? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} @%:@ as_fn_set_status - -@%:@ as_fn_exit STATUS -@%:@ ----------------- -@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} @%:@ as_fn_exit - -@%:@ as_fn_unset VAR -@%:@ --------------- -@%:@ Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset -@%:@ as_fn_append VAR VALUE -@%:@ ---------------------- -@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take -@%:@ advantage of any shell optimizations that allow amortized linear growth over -@%:@ repeated appends, instead of the typical quadratic growth present in naive -@%:@ implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -@%:@ as_fn_arith ARG... -@%:@ ------------------ -@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the -@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments -@%:@ must be portable across @S|@(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in @%:@((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - - -@%:@ as_fn_mkdir_p -@%:@ ------------- -@%:@ Create "@S|@as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} @%:@ as_fn_mkdir_p -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - - -@%:@ as_fn_executable_p FILE -@%:@ ----------------------- -@%:@ Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} @%:@ as_fn_executable_p -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -exec 6>&1 -## ----------------------------------- ## -## Main body of $CONFIG_STATUS script. ## -## ----------------------------------- ## -_ASEOF -test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# Save the log message, to keep $0 and so on meaningful, and to -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" -This file was extended by Kerberos 5 $as_me 1.18.2, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES - CONFIG_HEADERS = $CONFIG_HEADERS - CONFIG_LINKS = $CONFIG_LINKS - CONFIG_COMMANDS = $CONFIG_COMMANDS - $ $0 $@ - -on `(hostname || uname -n) 2>/dev/null | sed 1q` -" - -_ACEOF - -case $ac_config_files in *" -"*) set x $ac_config_files; shift; ac_config_files=$*;; -esac - -case $ac_config_headers in *" -"*) set x $ac_config_headers; shift; ac_config_headers=$*;; -esac - - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -# Files that config.status was made for. -config_files="$ac_config_files" -config_headers="$ac_config_headers" -config_commands="$ac_config_commands" - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions -from templates according to the current configuration. Unless the files -and actions are specified as TAGs, all are instantiated by default. - -Usage: $0 [OPTION]... [TAG]... - - -h, --help print this help, then exit - -V, --version print version number and configuration settings, then exit - --config print configuration, then exit - -q, --quiet, --silent - do not print progress messages - -d, --debug don't remove temporary files - --recheck update $as_me by reconfiguring in the same conditions - --file=FILE[:TEMPLATE] - instantiate the configuration file FILE - --header=FILE[:TEMPLATE] - instantiate the configuration header FILE - -Configuration files: -$config_files - -Configuration headers: -$config_headers - -Configuration commands: -$config_commands - -Report bugs to ." - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" -ac_cs_version="\\ -Kerberos 5 config.status 1.18.2 -configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - -Copyright (C) 2012 Free Software Foundation, Inc. -This config.status script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it." - -ac_pwd='$ac_pwd' -srcdir='$srcdir' -INSTALL='$INSTALL' -AWK='$AWK' -test -n "\$AWK" || AWK=awk -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# The default lists apply if the user does not specify any file. -ac_need_defaults=: -while test $# != 0 -do - case $1 in - --*=?*) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` - ac_shift=: - ;; - --*=) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg= - ac_shift=: - ;; - *) - ac_option=$1 - ac_optarg=$2 - ac_shift=shift - ;; - esac - - case $ac_option in - # Handling of the options. - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - ac_cs_recheck=: ;; - --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; - --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; - --debug | --debu | --deb | --de | --d | -d ) - debug=: ;; - --file | --fil | --fi | --f ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - '') as_fn_error $? "missing file argument" ;; - esac - as_fn_append CONFIG_FILES " '$ac_optarg'" - ac_need_defaults=false;; - --header | --heade | --head | --hea ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - as_fn_append CONFIG_HEADERS " '$ac_optarg'" - ac_need_defaults=false;; - --he | --h) - # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' -Try \`$0 --help' for more information.";; - --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil | --si | --s) - ac_cs_silent=: ;; - - # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; - - *) as_fn_append ac_config_targets " $1" - ac_need_defaults=false ;; - - esac - shift -done - -ac_configure_extra_args= - -if $ac_cs_silent; then - exec 6>/dev/null - ac_configure_extra_args="$ac_configure_extra_args --silent" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -if \$ac_cs_recheck; then - set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion - shift - \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 - CONFIG_SHELL='$SHELL' - export CONFIG_SHELL - exec "\$@" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -exec 5>>config.log -{ - echo - sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX -@%:@@%:@ Running $as_me. @%:@@%:@ -_ASBOX - $as_echo "$ac_log" -} >&5 - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -# -# INIT-COMMANDS -# -CRYPTO_IMPL=$CRYPTO_IMPL -PRNG_ALG=$PRNG_ALG - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - -# Handling of arguments. -for ac_config_target in $ac_config_targets -do - case $ac_config_target in - "po/Makefile") CONFIG_FILES="$CONFIG_FILES po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in" ;; - "plugins/audit/simple/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/simple/Makefile:$srcdir/./config/pre.in:plugins/audit/simple/Makefile.in:plugins/audit/simple/deps:$srcdir/./config/post.in" ;; - "CRYPTO_IMPL") CONFIG_COMMANDS="$CONFIG_COMMANDS CRYPTO_IMPL" ;; - "PRNG_ALG") CONFIG_COMMANDS="$CONFIG_COMMANDS PRNG_ALG" ;; - "include/autoconf.h") CONFIG_HEADERS="$CONFIG_HEADERS include/autoconf.h" ;; - "kadmin/testing/scripts/env-setup.sh") CONFIG_FILES="$CONFIG_FILES kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin" ;; - "include/gssrpc/types.h") CONFIG_FILES="$CONFIG_FILES include/gssrpc/types.h:include/gssrpc/types.hin" ;; - "plugins/preauth/pkinit/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/pkinit/Makefile:$srcdir/./config/pre.in:plugins/preauth/pkinit/Makefile.in:plugins/preauth/pkinit/deps:$srcdir/./config/post.in" ;; - "tests/softpkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in" ;; - "util/et/Makefile") CONFIG_FILES="$CONFIG_FILES util/et/Makefile:$srcdir/./config/pre.in:util/et/Makefile.in:util/et/deps:$srcdir/./config/post.in" ;; - "util/ss/Makefile") CONFIG_FILES="$CONFIG_FILES util/ss/Makefile:$srcdir/./config/pre.in:util/ss/Makefile.in:util/ss/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:plugins/kdb/ldap/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/ldap/ldap_util/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/ldap_util/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/ldap_util/Makefile.in:plugins/kdb/ldap/ldap_util/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/ldap/libkdb_ldap/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/libkdb_ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/libkdb_ldap/Makefile.in:plugins/kdb/ldap/libkdb_ldap/deps:$srcdir/./config/post.in" ;; - "plugins/preauth/securid_sam2/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/securid_sam2/Makefile:$srcdir/./config/pre.in:plugins/preauth/securid_sam2/Makefile.in:plugins/preauth/securid_sam2/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/lmdb/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/lmdb/Makefile:$srcdir/./config/pre.in:plugins/kdb/lmdb/Makefile.in:plugins/kdb/lmdb/deps:$srcdir/./config/post.in" ;; - "build-tools/krb5-config") CONFIG_FILES="$CONFIG_FILES build-tools/krb5-config" ;; - "build-tools/kadm-server.pc") CONFIG_FILES="$CONFIG_FILES build-tools/kadm-server.pc" ;; - "build-tools/kadm-client.pc") CONFIG_FILES="$CONFIG_FILES build-tools/kadm-client.pc" ;; - "build-tools/kdb.pc") CONFIG_FILES="$CONFIG_FILES build-tools/kdb.pc" ;; - "build-tools/krb5.pc") CONFIG_FILES="$CONFIG_FILES build-tools/krb5.pc" ;; - "build-tools/krb5-gssapi.pc") CONFIG_FILES="$CONFIG_FILES build-tools/krb5-gssapi.pc" ;; - "build-tools/mit-krb5.pc") CONFIG_FILES="$CONFIG_FILES build-tools/mit-krb5.pc" ;; - "build-tools/mit-krb5-gssapi.pc") CONFIG_FILES="$CONFIG_FILES build-tools/mit-krb5-gssapi.pc" ;; - "build-tools/gssrpc.pc") CONFIG_FILES="$CONFIG_FILES build-tools/gssrpc.pc" ;; - "./Makefile") CONFIG_FILES="$CONFIG_FILES ./Makefile:$srcdir/./config/pre.in:./Makefile.in:./deps:$srcdir/./config/post.in" ;; - "util/Makefile") CONFIG_FILES="$CONFIG_FILES util/Makefile:$srcdir/./config/pre.in:util/Makefile.in:util/deps:$srcdir/./config/post.in" ;; - "util/support/Makefile") CONFIG_FILES="$CONFIG_FILES util/support/Makefile:$srcdir/./config/pre.in:util/support/Makefile.in:util/support/deps:$srcdir/./config/post.in" ;; - "util/profile/Makefile") CONFIG_FILES="$CONFIG_FILES util/profile/Makefile:$srcdir/./config/pre.in:util/profile/Makefile.in:util/profile/deps:$srcdir/./config/post.in" ;; - "util/profile/testmod/Makefile") CONFIG_FILES="$CONFIG_FILES util/profile/testmod/Makefile:$srcdir/./config/pre.in:util/profile/testmod/Makefile.in:util/profile/testmod/deps:$srcdir/./config/post.in" ;; - "util/verto/Makefile") CONFIG_FILES="$CONFIG_FILES util/verto/Makefile:$srcdir/./config/pre.in:util/verto/Makefile.in:util/verto/deps:$srcdir/./config/post.in" ;; - "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile:$srcdir/./config/pre.in:lib/Makefile.in:lib/deps:$srcdir/./config/post.in" ;; - "lib/kdb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kdb/Makefile:$srcdir/./config/pre.in:lib/kdb/Makefile.in:lib/kdb/deps:$srcdir/./config/post.in" ;; - "lib/crypto/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/Makefile:$srcdir/./config/pre.in:lib/crypto/Makefile.in:lib/crypto/deps:$srcdir/./config/post.in" ;; - "lib/crypto/krb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/krb/Makefile:$srcdir/./config/pre.in:lib/crypto/krb/Makefile.in:lib/crypto/krb/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/Makefile.in:lib/crypto/$CRYPTO_IMPL/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/enc_provider/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/hash_provider/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/md4/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md4/Makefile.in:lib/crypto/$CRYPTO_IMPL/md4/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/md5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md5/Makefile.in:lib/crypto/$CRYPTO_IMPL/md5/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/sha1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha1/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha1/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/sha2/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/sha2/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha2/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha2/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/aes/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/aes/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/aes/Makefile.in:lib/crypto/$CRYPTO_IMPL/aes/deps:$srcdir/./config/post.in" ;; - "lib/crypto/$CRYPTO_IMPL/camellia/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/camellia/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/camellia/Makefile.in:lib/crypto/$CRYPTO_IMPL/camellia/deps:$srcdir/./config/post.in" ;; - "lib/crypto/crypto_tests/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/crypto_tests/Makefile:$srcdir/./config/pre.in:lib/crypto/crypto_tests/Makefile.in:lib/crypto/crypto_tests/deps:$srcdir/./config/post.in" ;; - "lib/krb5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile:$srcdir/./config/pre.in:lib/krb5/Makefile.in:lib/krb5/deps:$srcdir/./config/post.in" ;; - "lib/krb5/error_tables/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/error_tables/Makefile:$srcdir/./config/pre.in:lib/krb5/error_tables/Makefile.in:lib/krb5/error_tables/deps:$srcdir/./config/post.in" ;; - "lib/krb5/asn.1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/asn.1/Makefile:$srcdir/./config/pre.in:lib/krb5/asn.1/Makefile.in:lib/krb5/asn.1/deps:$srcdir/./config/post.in" ;; - "lib/krb5/ccache/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/ccache/Makefile:$srcdir/./config/pre.in:lib/krb5/ccache/Makefile.in:lib/krb5/ccache/deps:$srcdir/./config/post.in" ;; - "lib/krb5/keytab/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/keytab/Makefile:$srcdir/./config/pre.in:lib/krb5/keytab/Makefile.in:lib/krb5/keytab/deps:$srcdir/./config/post.in" ;; - "lib/krb5/krb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/krb/Makefile:$srcdir/./config/pre.in:lib/krb5/krb/Makefile.in:lib/krb5/krb/deps:$srcdir/./config/post.in" ;; - "lib/krb5/rcache/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/rcache/Makefile:$srcdir/./config/pre.in:lib/krb5/rcache/Makefile.in:lib/krb5/rcache/deps:$srcdir/./config/post.in" ;; - "lib/krb5/os/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/os/Makefile:$srcdir/./config/pre.in:lib/krb5/os/Makefile.in:lib/krb5/os/deps:$srcdir/./config/post.in" ;; - "lib/krb5/unicode/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/unicode/Makefile:$srcdir/./config/pre.in:lib/krb5/unicode/Makefile.in:lib/krb5/unicode/deps:$srcdir/./config/post.in" ;; - "lib/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile:$srcdir/./config/pre.in:lib/gssapi/Makefile.in:lib/gssapi/deps:$srcdir/./config/post.in" ;; - "lib/gssapi/generic/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/generic/Makefile:$srcdir/./config/pre.in:lib/gssapi/generic/Makefile.in:lib/gssapi/generic/deps:$srcdir/./config/post.in" ;; - "lib/gssapi/krb5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/krb5/Makefile:$srcdir/./config/pre.in:lib/gssapi/krb5/Makefile.in:lib/gssapi/krb5/deps:$srcdir/./config/post.in" ;; - "lib/gssapi/spnego/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/spnego/Makefile:$srcdir/./config/pre.in:lib/gssapi/spnego/Makefile.in:lib/gssapi/spnego/deps:$srcdir/./config/post.in" ;; - "lib/gssapi/mechglue/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/mechglue/Makefile:$srcdir/./config/pre.in:lib/gssapi/mechglue/Makefile.in:lib/gssapi/mechglue/deps:$srcdir/./config/post.in" ;; - "lib/rpc/Makefile") CONFIG_FILES="$CONFIG_FILES lib/rpc/Makefile:$srcdir/./config/pre.in:lib/rpc/Makefile.in:lib/rpc/deps:$srcdir/./config/post.in" ;; - "lib/rpc/unit-test/Makefile") CONFIG_FILES="$CONFIG_FILES lib/rpc/unit-test/Makefile:$srcdir/./config/pre.in:lib/rpc/unit-test/Makefile.in:lib/rpc/unit-test/deps:$srcdir/./config/post.in" ;; - "lib/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile:$srcdir/./config/pre.in:lib/kadm5/Makefile.in:lib/kadm5/deps:$srcdir/./config/post.in" ;; - "lib/kadm5/clnt/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/clnt/Makefile:$srcdir/./config/pre.in:lib/kadm5/clnt/Makefile.in:lib/kadm5/clnt/deps:$srcdir/./config/post.in" ;; - "lib/kadm5/srv/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/srv/Makefile:$srcdir/./config/pre.in:lib/kadm5/srv/Makefile.in:lib/kadm5/srv/deps:$srcdir/./config/post.in" ;; - "lib/kadm5/unit-test/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/unit-test/Makefile:$srcdir/./config/pre.in:lib/kadm5/unit-test/Makefile.in:lib/kadm5/unit-test/deps:$srcdir/./config/post.in" ;; - "lib/krad/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krad/Makefile:$srcdir/./config/pre.in:lib/krad/Makefile.in:lib/krad/deps:$srcdir/./config/post.in" ;; - "lib/apputils/Makefile") CONFIG_FILES="$CONFIG_FILES lib/apputils/Makefile:$srcdir/./config/pre.in:lib/apputils/Makefile.in:lib/apputils/deps:$srcdir/./config/post.in" ;; - "kdc/Makefile") CONFIG_FILES="$CONFIG_FILES kdc/Makefile:$srcdir/./config/pre.in:kdc/Makefile.in:kdc/deps:$srcdir/./config/post.in" ;; - "kprop/Makefile") CONFIG_FILES="$CONFIG_FILES kprop/Makefile:$srcdir/./config/pre.in:kprop/Makefile.in:kprop/deps:$srcdir/./config/post.in" ;; - "config-files/Makefile") CONFIG_FILES="$CONFIG_FILES config-files/Makefile:$srcdir/./config/pre.in:config-files/Makefile.in:config-files/deps:$srcdir/./config/post.in" ;; - "build-tools/Makefile") CONFIG_FILES="$CONFIG_FILES build-tools/Makefile:$srcdir/./config/pre.in:build-tools/Makefile.in:build-tools/deps:$srcdir/./config/post.in" ;; - "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile:$srcdir/./config/pre.in:man/Makefile.in:man/deps:$srcdir/./config/post.in" ;; - "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in" ;; - "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in" ;; - "plugins/certauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in" ;; - "plugins/gssapi/negoextest/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in" ;; - "plugins/hostrealm/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in" ;; - "plugins/localauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in" ;; - "plugins/kadm5_hook/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in" ;; - "plugins/kadm5_auth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kadm5_auth/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_auth/test/Makefile.in:plugins/kadm5_auth/test/deps:$srcdir/./config/post.in" ;; - "plugins/pwqual/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/pwqual/test/Makefile:$srcdir/./config/pre.in:plugins/pwqual/test/Makefile.in:plugins/pwqual/test/deps:$srcdir/./config/post.in" ;; - "plugins/audit/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/Makefile:$srcdir/./config/pre.in:plugins/audit/Makefile.in:plugins/audit/deps:$srcdir/./config/post.in" ;; - "plugins/audit/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/test/Makefile:$srcdir/./config/pre.in:plugins/audit/test/Makefile.in:plugins/audit/test/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/Makefile.in:plugins/kdb/db2/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/Makefile.in:plugins/kdb/db2/libdb2/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/hash/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/hash/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/hash/Makefile.in:plugins/kdb/db2/libdb2/hash/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/btree/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/btree/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/btree/Makefile.in:plugins/kdb/db2/libdb2/btree/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/db/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/db/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/db/Makefile.in:plugins/kdb/db2/libdb2/db/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/mpool/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/mpool/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/mpool/Makefile.in:plugins/kdb/db2/libdb2/mpool/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/recno/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/recno/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/recno/Makefile.in:plugins/kdb/db2/libdb2/recno/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/db2/libdb2/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/test/Makefile.in:plugins/kdb/db2/libdb2/test/deps:$srcdir/./config/post.in" ;; - "plugins/kdb/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/test/Makefile.in:plugins/kdb/test/deps:$srcdir/./config/post.in" ;; - "plugins/kdcpolicy/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdcpolicy/test/Makefile:$srcdir/./config/pre.in:plugins/kdcpolicy/test/Makefile.in:plugins/kdcpolicy/test/deps:$srcdir/./config/post.in" ;; - "plugins/preauth/otp/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/otp/Makefile:$srcdir/./config/pre.in:plugins/preauth/otp/Makefile.in:plugins/preauth/otp/deps:$srcdir/./config/post.in" ;; - "plugins/preauth/spake/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/spake/Makefile:$srcdir/./config/pre.in:plugins/preauth/spake/Makefile.in:plugins/preauth/spake/deps:$srcdir/./config/post.in" ;; - "plugins/preauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/test/Makefile:$srcdir/./config/pre.in:plugins/preauth/test/Makefile.in:plugins/preauth/test/deps:$srcdir/./config/post.in" ;; - "plugins/authdata/greet_client/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/authdata/greet_client/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_client/Makefile.in:plugins/authdata/greet_client/deps:$srcdir/./config/post.in" ;; - "plugins/authdata/greet_server/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/authdata/greet_server/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_server/Makefile.in:plugins/authdata/greet_server/deps:$srcdir/./config/post.in" ;; - "plugins/tls/k5tls/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/tls/k5tls/Makefile:$srcdir/./config/pre.in:plugins/tls/k5tls/Makefile.in:plugins/tls/k5tls/deps:$srcdir/./config/post.in" ;; - "clients/Makefile") CONFIG_FILES="$CONFIG_FILES clients/Makefile:$srcdir/./config/pre.in:clients/Makefile.in:clients/deps:$srcdir/./config/post.in" ;; - "clients/klist/Makefile") CONFIG_FILES="$CONFIG_FILES clients/klist/Makefile:$srcdir/./config/pre.in:clients/klist/Makefile.in:clients/klist/deps:$srcdir/./config/post.in" ;; - "clients/kinit/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kinit/Makefile:$srcdir/./config/pre.in:clients/kinit/Makefile.in:clients/kinit/deps:$srcdir/./config/post.in" ;; - "clients/kvno/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kvno/Makefile:$srcdir/./config/pre.in:clients/kvno/Makefile.in:clients/kvno/deps:$srcdir/./config/post.in" ;; - "clients/kdestroy/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kdestroy/Makefile:$srcdir/./config/pre.in:clients/kdestroy/Makefile.in:clients/kdestroy/deps:$srcdir/./config/post.in" ;; - "clients/kpasswd/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kpasswd/Makefile:$srcdir/./config/pre.in:clients/kpasswd/Makefile.in:clients/kpasswd/deps:$srcdir/./config/post.in" ;; - "clients/ksu/Makefile") CONFIG_FILES="$CONFIG_FILES clients/ksu/Makefile:$srcdir/./config/pre.in:clients/ksu/Makefile.in:clients/ksu/deps:$srcdir/./config/post.in" ;; - "clients/kswitch/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kswitch/Makefile:$srcdir/./config/pre.in:clients/kswitch/Makefile.in:clients/kswitch/deps:$srcdir/./config/post.in" ;; - "kadmin/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/Makefile:$srcdir/./config/pre.in:kadmin/Makefile.in:kadmin/deps:$srcdir/./config/post.in" ;; - "kadmin/cli/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/cli/Makefile:$srcdir/./config/pre.in:kadmin/cli/Makefile.in:kadmin/cli/deps:$srcdir/./config/post.in" ;; - "kadmin/dbutil/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/dbutil/Makefile:$srcdir/./config/pre.in:kadmin/dbutil/Makefile.in:kadmin/dbutil/deps:$srcdir/./config/post.in" ;; - "kadmin/ktutil/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/ktutil/Makefile:$srcdir/./config/pre.in:kadmin/ktutil/Makefile.in:kadmin/ktutil/deps:$srcdir/./config/post.in" ;; - "kadmin/server/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/server/Makefile:$srcdir/./config/pre.in:kadmin/server/Makefile.in:kadmin/server/deps:$srcdir/./config/post.in" ;; - "kadmin/testing/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/testing/Makefile:$srcdir/./config/pre.in:kadmin/testing/Makefile.in:kadmin/testing/deps:$srcdir/./config/post.in" ;; - "kadmin/testing/scripts/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/testing/scripts/Makefile:$srcdir/./config/pre.in:kadmin/testing/scripts/Makefile.in:kadmin/testing/scripts/deps:$srcdir/./config/post.in" ;; - "kadmin/testing/util/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/testing/util/Makefile:$srcdir/./config/pre.in:kadmin/testing/util/Makefile.in:kadmin/testing/util/deps:$srcdir/./config/post.in" ;; - "appl/Makefile") CONFIG_FILES="$CONFIG_FILES appl/Makefile:$srcdir/./config/pre.in:appl/Makefile.in:appl/deps:$srcdir/./config/post.in" ;; - "appl/sample/Makefile") CONFIG_FILES="$CONFIG_FILES appl/sample/Makefile:$srcdir/./config/pre.in:appl/sample/Makefile.in:appl/sample/deps:$srcdir/./config/post.in" ;; - "appl/sample/sclient/Makefile") CONFIG_FILES="$CONFIG_FILES appl/sample/sclient/Makefile:$srcdir/./config/pre.in:appl/sample/sclient/Makefile.in:appl/sample/sclient/deps:$srcdir/./config/post.in" ;; - "appl/sample/sserver/Makefile") CONFIG_FILES="$CONFIG_FILES appl/sample/sserver/Makefile:$srcdir/./config/pre.in:appl/sample/sserver/Makefile.in:appl/sample/sserver/deps:$srcdir/./config/post.in" ;; - "appl/simple/Makefile") CONFIG_FILES="$CONFIG_FILES appl/simple/Makefile:$srcdir/./config/pre.in:appl/simple/Makefile.in:appl/simple/deps:$srcdir/./config/post.in" ;; - "appl/simple/client/Makefile") CONFIG_FILES="$CONFIG_FILES appl/simple/client/Makefile:$srcdir/./config/pre.in:appl/simple/client/Makefile.in:appl/simple/client/deps:$srcdir/./config/post.in" ;; - "appl/simple/server/Makefile") CONFIG_FILES="$CONFIG_FILES appl/simple/server/Makefile:$srcdir/./config/pre.in:appl/simple/server/Makefile.in:appl/simple/server/deps:$srcdir/./config/post.in" ;; - "appl/gss-sample/Makefile") CONFIG_FILES="$CONFIG_FILES appl/gss-sample/Makefile:$srcdir/./config/pre.in:appl/gss-sample/Makefile.in:appl/gss-sample/deps:$srcdir/./config/post.in" ;; - "appl/user_user/Makefile") CONFIG_FILES="$CONFIG_FILES appl/user_user/Makefile:$srcdir/./config/pre.in:appl/user_user/Makefile.in:appl/user_user/deps:$srcdir/./config/post.in" ;; - "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile:$srcdir/./config/pre.in:tests/Makefile.in:tests/deps:$srcdir/./config/post.in" ;; - "tests/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES tests/resolve/Makefile:$srcdir/./config/pre.in:tests/resolve/Makefile.in:tests/resolve/deps:$srcdir/./config/post.in" ;; - "tests/asn.1/Makefile") CONFIG_FILES="$CONFIG_FILES tests/asn.1/Makefile:$srcdir/./config/pre.in:tests/asn.1/Makefile.in:tests/asn.1/deps:$srcdir/./config/post.in" ;; - "tests/create/Makefile") CONFIG_FILES="$CONFIG_FILES tests/create/Makefile:$srcdir/./config/pre.in:tests/create/Makefile.in:tests/create/deps:$srcdir/./config/post.in" ;; - "tests/hammer/Makefile") CONFIG_FILES="$CONFIG_FILES tests/hammer/Makefile:$srcdir/./config/pre.in:tests/hammer/Makefile.in:tests/hammer/deps:$srcdir/./config/post.in" ;; - "tests/verify/Makefile") CONFIG_FILES="$CONFIG_FILES tests/verify/Makefile:$srcdir/./config/pre.in:tests/verify/Makefile.in:tests/verify/deps:$srcdir/./config/post.in" ;; - "tests/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gssapi/Makefile:$srcdir/./config/pre.in:tests/gssapi/Makefile.in:tests/gssapi/deps:$srcdir/./config/post.in" ;; - "tests/dejagnu/Makefile") CONFIG_FILES="$CONFIG_FILES tests/dejagnu/Makefile:$srcdir/./config/pre.in:tests/dejagnu/Makefile.in:tests/dejagnu/deps:$srcdir/./config/post.in" ;; - "tests/threads/Makefile") CONFIG_FILES="$CONFIG_FILES tests/threads/Makefile:$srcdir/./config/pre.in:tests/threads/Makefile.in:tests/threads/deps:$srcdir/./config/post.in" ;; - "tests/shlib/Makefile") CONFIG_FILES="$CONFIG_FILES tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in" ;; - "tests/gss-threads/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in" ;; - "tests/misc/Makefile") CONFIG_FILES="$CONFIG_FILES tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in" ;; - - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; - esac -done - - -# If the user did not use the arguments to specify the items to instantiate, -# then the envvar interface is used. Set only those that are not. -# We use the long form for the default assignment because of an extremely -# bizarre bug on SunOS 4.1.3. -if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers - test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands -fi - -# Have a temporary directory for convenience. Make it in the build tree -# simply because there is no reason against having it here, and in addition, -# creating and moving files from /tmp can sometimes cause problems. -# Hook for its removal unless debugging. -# Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. -$debug || -{ - tmp= ac_tmp= - trap 'exit_status=$? - : "${ac_tmp:=$tmp}" - { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status -' 0 - trap 'as_fn_exit 1' 1 2 13 15 -} -# Create a (secure) tmp directory for tmp files. - -{ - tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && - test -d "$tmp" -} || -{ - tmp=./conf$$-$RANDOM - (umask 077 && mkdir "$tmp") -} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 -ac_tmp=$tmp - -# Set up the scripts for CONFIG_FILES section. -# No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. -if test -n "$CONFIG_FILES"; then - -if $AWK 'BEGIN { getline <"/dev/null" }' /dev/null; then - ac_cs_awk_getline=: - ac_cs_awk_pipe_init= - ac_cs_awk_read_file=' - while ((getline aline < (F[key])) > 0) - print(aline) - close(F[key])' - ac_cs_awk_pipe_fini= -else - ac_cs_awk_getline=false - ac_cs_awk_pipe_init="print \"cat <<'|#_!!_#|' &&\"" - ac_cs_awk_read_file=' - print "|#_!!_#|" - print "cat " F[key] " &&" - '$ac_cs_awk_pipe_init - # The final `:' finishes the AND list. - ac_cs_awk_pipe_fini='END { print "|#_!!_#|"; print ":" }' -fi -ac_cr=`echo X | tr X '\015'` -# On cygwin, bash can eat \r inside `` if the user requested igncr. -# But we know of no other shell where ac_cr would be empty at this -# point, so we can use a bashism as a fallback. -if test "x$ac_cr" = x; then - eval ac_cr=\$\'\\r\' -fi -ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` -if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\\r' -else - ac_cs_awk_cr=$ac_cr -fi - -echo 'BEGIN {' >"$ac_tmp/subs1.awk" && -_ACEOF - -# Create commands to substitute file output variables. -{ - echo "cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1" && - echo 'cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&' && - echo "$ac_subst_files" | sed 's/.*/F@<:@"&"@:>@="$&"/' && - echo "_ACAWK" && - echo "_ACEOF" -} >conf$$files.sh && -. ./conf$$files.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -rm -f conf$$files.sh - -{ - echo "cat >conf$$subs.awk <<_ACEOF" && - echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && - echo "_ACEOF" -} >conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - . ./conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - - ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` - if test $ac_delim_n = $ac_delim_num; then - break - elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done -rm -f conf$$subs.sh - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && -_ACEOF -sed -n ' -h -s/^/S["/; s/!.*/"]=/ -p -g -s/^[^!]*!// -:repl -t repl -s/'"$ac_delim"'$// -t delim -:nl -h -s/\(.\{148\}\)..*/\1/ -t more1 -s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ -p -n -b repl -:more1 -s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -p -g -s/.\{148\}// -t nl -:delim -h -s/\(.\{148\}\)..*/\1/ -t more2 -s/["\\]/\\&/g; s/^/"/; s/$/"/ -p -b -:more2 -s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -p -g -s/.\{148\}// -t delim -' >$CONFIG_STATUS || ac_write_fail=1 -rm -f conf$$subs.awk -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -_ACAWK -cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && - for (key in S) S_is_set[key] = 1 - FS = "" - \$ac_cs_awk_pipe_init -} -{ - line = $ 0 - nfields = split(line, field, "@") - substed = 0 - len = length(field[1]) - for (i = 2; i < nfields; i++) { - key = field[i] - keylen = length(key) - if (S_is_set[key]) { - value = S[key] - line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) - len += length(value) + length(field[++i]) - substed = 1 - } else - len += 1 + keylen - } - if (nfields == 3 && !substed) { - key = field[2] - if (F[key] != "" && line ~ /^[ ]*@.*@[ ]*$/) { - \$ac_cs_awk_read_file - next - } - } - print line -} -\$ac_cs_awk_pipe_fini -_ACAWK -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then - sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" -else - cat -fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ - || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 -_ACEOF - -# VPATH may cause trouble with some makes, so we remove sole $(srcdir), -# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and -# trailing colons and then remove the whole line if VPATH becomes empty -# (actually we leave an empty line to preserve line numbers). -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ -h -s/// -s/^/:/ -s/[ ]*$/:/ -s/:\$(srcdir):/:/g -s/:\${srcdir}:/:/g -s/:@srcdir@:/:/g -s/^:*// -s/:*$// -x -s/\(=[ ]*\).*/\1/ -G -s/\n// -s/^[^=]*=[ ]*$// -}' -fi - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -fi # test -n "$CONFIG_FILES" - -# Set up the scripts for CONFIG_HEADERS section. -# No need to generate them if there are no CONFIG_HEADERS. -# This happens for instance with `./config.status Makefile'. -if test -n "$CONFIG_HEADERS"; then -cat >"$ac_tmp/defines.awk" <<\_ACAWK || -BEGIN { -_ACEOF - -# Transform confdefs.h into an awk script `defines.awk', embedded as -# here-document in config.status, that substitutes the proper values into -# config.h.in to produce config.h. - -# Create a delimiter string that does not exist in confdefs.h, to ease -# handling of long lines. -ac_delim='%!_!# ' -for ac_last_try in false false :; do - ac_tt=`sed -n "/$ac_delim/p" confdefs.h` - if test -z "$ac_tt"; then - break - elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -# For the awk script, D is an array of macro values keyed by name, -# likewise P contains macro parameters if any. Preserve backslash -# newline sequences. - -ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* -sed -n ' -s/.\{148\}/&'"$ac_delim"'/g -t rset -:rset -s/^[ ]*#[ ]*define[ ][ ]*/ / -t def -d -:def -s/\\$// -t bsnl -s/["\\]/\\&/g -s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ -D["\1"]=" \3"/p -s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p -d -:bsnl -s/["\\]/\\&/g -s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ -D["\1"]=" \3\\\\\\n"\\/p -t cont -s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p -t cont -d -:cont -n -s/.\{148\}/&'"$ac_delim"'/g -t clear -:clear -s/\\$// -t bsnlc -s/["\\]/\\&/g; s/^/"/; s/$/"/p -d -:bsnlc -s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p -b cont -' >$CONFIG_STATUS || ac_write_fail=1 - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - for (key in D) D_is_set[key] = 1 - FS = "" -} -/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { - line = \$ 0 - split(line, arg, " ") - if (arg[1] == "#") { - defundef = arg[2] - mac1 = arg[3] - } else { - defundef = substr(arg[1], 2) - mac1 = arg[2] - } - split(mac1, mac2, "(") #) - macro = mac2[1] - prefix = substr(line, 1, index(line, defundef) - 1) - if (D_is_set[macro]) { - # Preserve the white space surrounding the "#". - print prefix "define", macro P[macro] D[macro] - next - } else { - # Replace #undef with comments. This is necessary, for example, - # in the case of _POSIX_SOURCE, which is predefined and required - # on some systems where configure will not decide to define it. - if (defundef == "undef") { - print "/*", prefix defundef, macro, "*/" - next - } - } -} -{ print } -_ACAWK -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 -fi # test -n "$CONFIG_HEADERS" - - -eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" -shift -for ac_tag -do - case $ac_tag in - :[FHLC]) ac_mode=$ac_tag; continue;; - esac - case $ac_mode$ac_tag in - :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; - :[FH]-) ac_tag=-:-;; - :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; - esac - ac_save_IFS=$IFS - IFS=: - set x $ac_tag - IFS=$ac_save_IFS - shift - ac_file=$1 - shift - - case $ac_mode in - :L) ac_source=$1;; - :[FH]) - ac_file_inputs= - for ac_f - do - case $ac_f in - -) ac_f="$ac_tmp/stdin";; - *) # Look for the file first in the build tree, then in the source tree - # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. - test -f "$ac_f" || - case $ac_f in - [\\/$]*) false;; - *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; - esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; - esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac - as_fn_append ac_file_inputs " '$ac_f'" - done - - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ - configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' - `' by configure.' - if test x"$ac_file" != x-; then - configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} - fi - # Neutralize special characters interpreted by sed in replacement strings. - case $configure_input in #( - *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | - sed 's/[\\\\&|]/\\\\&/g'`;; #( - *) ac_sed_conf_input=$configure_input;; - esac - - case $ac_tag in - *:-:* | *:-) cat >"$ac_tmp/stdin" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; - esac - ;; - esac - - ac_dir=`$as_dirname -- "$ac_file" || -$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$ac_file" : 'X\(//\)[^/]' \| \ - X"$ac_file" : 'X\(//\)$' \| \ - X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - as_dir="$ac_dir"; as_fn_mkdir_p - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - - case $ac_mode in - :F) - # - # CONFIG_FILE - # - - case $INSTALL in - [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; - *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; - esac -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# If the template does not know about datarootdir, expand it. -# FIXME: This hack should be removed a few years after 2.60. -ac_datarootdir_hack=; ac_datarootdir_seen= -ac_sed_dataroot=' -/datarootdir/ { - p - q -} -/@datadir@/p -/@docdir@/p -/@infodir@/p -/@localedir@/p -/@mandir@/p' -case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in -*datarootdir*) ac_datarootdir_seen=yes;; -*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - ac_datarootdir_hack=' - s&@datadir@&$datadir&g - s&@docdir@&$docdir&g - s&@infodir@&$infodir&g - s&@localedir@&$localedir&g - s&@mandir@&$mandir&g - s&\\\${datarootdir}&$datarootdir&g' ;; -esac -_ACEOF - -# Neutralize VPATH when `$srcdir' = `.'. -# Shell code in configure.ac might set extrasub. -# FIXME: do we really want to maintain this feature? -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_sed_extra="$ac_vpsub -$extrasub -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -:t -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -s|@configure_input@|$ac_sed_conf_input|;t t -s&@top_builddir@&$ac_top_builddir_sub&;t t -s&@top_build_prefix@&$ac_top_build_prefix&;t t -s&@srcdir@&$ac_srcdir&;t t -s&@abs_srcdir@&$ac_abs_srcdir&;t t -s&@top_srcdir@&$ac_top_srcdir&;t t -s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t -s&@builddir@&$ac_builddir&;t t -s&@abs_builddir@&$ac_abs_builddir&;t t -s&@abs_top_builddir@&$ac_abs_top_builddir&;t t -s&@INSTALL@&$ac_INSTALL&;t t -$ac_datarootdir_hack -" -eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | -if $ac_cs_awk_getline; then - $AWK -f "$ac_tmp/subs.awk" -else - $AWK -f "$ac_tmp/subs.awk" | $SHELL -fi \ - >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - -test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ - "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&2;} - - rm -f "$ac_tmp/stdin" - case $ac_file in - -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; - *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; - esac \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - ;; - :H) - # - # CONFIG_HEADER - # - if test x"$ac_file" != x-; then - { - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" - } >"$ac_tmp/config.h" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} - else - rm -f "$ac_file" - mv "$ac_tmp/config.h" "$ac_file" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - fi - else - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ - || as_fn_error $? "could not create -" "$LINENO" 5 - fi - ;; - - :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 -$as_echo "$as_me: executing $ac_file commands" >&6;} - ;; - esac - - - case $ac_file$ac_mode in - "include/autoconf.h":H) echo timestamp > include/autoconf.stamp ;; - "build-tools/krb5-config":F) chmod +x build-tools/krb5-config ;; - - esac -done # for ac_tag - - -as_fn_exit 0 -_ACEOF -ac_clean_files=$ac_clean_files_save - -test $ac_write_fail = 0 || - as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 - - -# configure is writing to config.log, and then calls config.status. -# config.status does its own redirection, appending to config.log. -# Unfortunately, on DOS this fails, as config.log is still kept open -# by configure, so config.status won't be able to write to it; its -# output is simply discarded. So we exec the FD to /dev/null, -# effectively closing config.log, so it can be properly (re)opened and -# appended to by config.status. When coming back to configure, we -# need to make the FD available again. -if test "$no_create" != yes; then - ac_cs_success=: - ac_config_status_args= - test "$silent" = yes && - ac_config_status_args="$ac_config_status_args --quiet" - exec 5>/dev/null - $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false - exec 5>>config.log - # Use ||, not &&, to avoid exiting from the if with $? = 1, which - # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit 1 -fi -if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} -fi - diff --git a/src/autom4te.cache/requests b/src/autom4te.cache/requests deleted file mode 100644 index a15f723..0000000 --- a/src/autom4te.cache/requests +++ /dev/null @@ -1,78 +0,0 @@ -# This file was generated. -# It contains the lists of macros which have been traced. -# It can be safely removed. - -@request = ( - bless( [ - '0', - 1, - [ - '/usr/share/autoconf' - ], - [ - '/usr/share/autoconf/autoconf/autoconf.m4f', - 'aclocal.m4', - 'configure.ac' - ], - { - 'm4_include' => 1, - '_AM_MAKEFILE_INCLUDE' => 1, - 'AM_POT_TOOLS' => 1, - 'AM_PROG_AR' => 1, - 'AC_CANONICAL_TARGET' => 1, - '_AM_COND_ENDIF' => 1, - 'AM_GNU_GETTEXT' => 1, - 'AC_CONFIG_LINKS' => 1, - 'AC_CANONICAL_BUILD' => 1, - 'AM_SILENT_RULES' => 1, - 'm4_pattern_allow' => 1, - 'm4_sinclude' => 1, - 'AM_PROG_F77_C_O' => 1, - 'AC_FC_FREEFORM' => 1, - 'AC_CONFIG_FILES' => 1, - 'AM_PROG_MOC' => 1, - '_AM_COND_IF' => 1, - '_LT_AC_TAGCONFIG' => 1, - 'AM_ENABLE_MULTILIB' => 1, - '_AM_SUBST_NOTMAKE' => 1, - 'AM_AUTOMAKE_VERSION' => 1, - 'AC_FC_PP_SRCEXT' => 1, - '_m4_warn' => 1, - 'AM_CONDITIONAL' => 1, - 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1, - 'AC_LIBSOURCE' => 1, - 'AM_MAKEFILE_INCLUDE' => 1, - 'AC_INIT' => 1, - 'AM_PROG_FC_C_O' => 1, - 'AM_PATH_GUILE' => 1, - 'LT_INIT' => 1, - 'include' => 1, - 'AM_INIT_AUTOMAKE' => 1, - 'AC_SUBST' => 1, - 'AC_CONFIG_HEADERS' => 1, - 'AC_SUBST_TRACE' => 1, - 'AM_XGETTEXT_OPTION' => 1, - 'AH_OUTPUT' => 1, - 'sinclude' => 1, - 'LT_SUPPORTED_TAG' => 1, - 'AM_NLS' => 1, - 'LT_CONFIG_LTDL_DIR' => 1, - 'AC_FC_SRCEXT' => 1, - '_AM_COND_ELSE' => 1, - 'AC_PROG_LIBTOOL' => 1, - 'AC_CONFIG_LIBOBJ_DIR' => 1, - 'm4_pattern_forbid' => 1, - 'AC_CONFIG_SUBDIRS' => 1, - 'AC_CANONICAL_SYSTEM' => 1, - 'AC_CONFIG_AUX_DIR' => 1, - 'AM_MAINTAINER_MODE' => 1, - 'AC_FC_PP_DEFINE' => 1, - 'AM_PROG_CC_C_O' => 1, - 'AC_CANONICAL_HOST' => 1, - 'AC_DEFINE_TRACE_LITERAL' => 1, - 'AC_REQUIRE_AUX_FILE' => 1, - 'AM_PROG_CXX_C_O' => 1 - } - ], 'Autom4te::Request' ) - ); - diff --git a/src/autom4te.cache/traces.0 b/src/autom4te.cache/traces.0 deleted file mode 100644 index b37a4ee..0000000 --- a/src/autom4te.cache/traces.0 +++ /dev/null @@ -1,2630 +0,0 @@ -m4trace:aclocal.m4:1658: -1- m4_include([config/ac-archive/ax_pthread.m4]) -m4trace:aclocal.m4:1659: -1- m4_include([config/ac-archive/ax_recursive_eval.m4]) -m4trace:aclocal.m4:1660: -1- m4_include([config/pkg.m4]) -m4trace:configure.ac:1: -1- AC_INIT([Kerberos 5], [1.18.2], [krb5-bugs@mit.edu], [krb5]) -m4trace:configure.ac:1: -1- m4_pattern_forbid([^_?A[CHUM]_]) -m4trace:configure.ac:1: -1- m4_pattern_forbid([_AC_]) -m4trace:configure.ac:1: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS']) -m4trace:configure.ac:1: -1- m4_pattern_allow([^AS_FLAGS$]) -m4trace:configure.ac:1: -1- m4_pattern_forbid([^_?m4_]) -m4trace:configure.ac:1: -1- m4_pattern_forbid([^dnl$]) -m4trace:configure.ac:1: -1- m4_pattern_forbid([^_?AS_]) -m4trace:configure.ac:1: -1- AC_SUBST([SHELL]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([SHELL]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^SHELL$]) -m4trace:configure.ac:1: -1- AC_SUBST([PATH_SEPARATOR]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PATH_SEPARATOR]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PATH_SEPARATOR$]) -m4trace:configure.ac:1: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PACKAGE_NAME]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_NAME$]) -m4trace:configure.ac:1: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PACKAGE_TARNAME]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_TARNAME$]) -m4trace:configure.ac:1: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PACKAGE_VERSION]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_VERSION$]) -m4trace:configure.ac:1: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PACKAGE_STRING]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_STRING$]) -m4trace:configure.ac:1: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$]) -m4trace:configure.ac:1: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([PACKAGE_URL]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_URL$]) -m4trace:configure.ac:1: -1- AC_SUBST([exec_prefix], [NONE]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([exec_prefix]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^exec_prefix$]) -m4trace:configure.ac:1: -1- AC_SUBST([prefix], [NONE]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([prefix]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^prefix$]) -m4trace:configure.ac:1: -1- AC_SUBST([program_transform_name], [s,x,x,]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([program_transform_name]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^program_transform_name$]) -m4trace:configure.ac:1: -1- AC_SUBST([bindir], ['${exec_prefix}/bin']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([bindir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^bindir$]) -m4trace:configure.ac:1: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([sbindir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^sbindir$]) -m4trace:configure.ac:1: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([libexecdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^libexecdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([datarootdir], ['${prefix}/share']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([datarootdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^datarootdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([datadir], ['${datarootdir}']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([datadir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^datadir$]) -m4trace:configure.ac:1: -1- AC_SUBST([sysconfdir], ['${prefix}/etc']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([sysconfdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^sysconfdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([sharedstatedir], ['${prefix}/com']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([sharedstatedir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^sharedstatedir$]) -m4trace:configure.ac:1: -1- AC_SUBST([localstatedir], ['${prefix}/var']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([localstatedir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^localstatedir$]) -m4trace:configure.ac:1: -1- AC_SUBST([includedir], ['${prefix}/include']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([includedir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^includedir$]) -m4trace:configure.ac:1: -1- AC_SUBST([oldincludedir], ['/usr/include']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([oldincludedir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^oldincludedir$]) -m4trace:configure.ac:1: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME], - ['${datarootdir}/doc/${PACKAGE_TARNAME}'], - ['${datarootdir}/doc/${PACKAGE}'])]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([docdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^docdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([infodir], ['${datarootdir}/info']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([infodir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^infodir$]) -m4trace:configure.ac:1: -1- AC_SUBST([htmldir], ['${docdir}']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([htmldir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^htmldir$]) -m4trace:configure.ac:1: -1- AC_SUBST([dvidir], ['${docdir}']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([dvidir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^dvidir$]) -m4trace:configure.ac:1: -1- AC_SUBST([pdfdir], ['${docdir}']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([pdfdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^pdfdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([psdir], ['${docdir}']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([psdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^psdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([libdir], ['${exec_prefix}/lib']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([libdir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^libdir$]) -m4trace:configure.ac:1: -1- AC_SUBST([localedir], ['${datarootdir}/locale']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([localedir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^localedir$]) -m4trace:configure.ac:1: -1- AC_SUBST([mandir], ['${datarootdir}/man']) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([mandir]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^mandir$]) -m4trace:configure.ac:1: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_NAME$]) -m4trace:configure.ac:1: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */ -@%:@undef PACKAGE_NAME]) -m4trace:configure.ac:1: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_TARNAME$]) -m4trace:configure.ac:1: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */ -@%:@undef PACKAGE_TARNAME]) -m4trace:configure.ac:1: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_VERSION$]) -m4trace:configure.ac:1: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */ -@%:@undef PACKAGE_VERSION]) -m4trace:configure.ac:1: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_STRING$]) -m4trace:configure.ac:1: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */ -@%:@undef PACKAGE_STRING]) -m4trace:configure.ac:1: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$]) -m4trace:configure.ac:1: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */ -@%:@undef PACKAGE_BUGREPORT]) -m4trace:configure.ac:1: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^PACKAGE_URL$]) -m4trace:configure.ac:1: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */ -@%:@undef PACKAGE_URL]) -m4trace:configure.ac:1: -1- AC_SUBST([DEFS]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([DEFS]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^DEFS$]) -m4trace:configure.ac:1: -1- AC_SUBST([ECHO_C]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([ECHO_C]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^ECHO_C$]) -m4trace:configure.ac:1: -1- AC_SUBST([ECHO_N]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([ECHO_N]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^ECHO_N$]) -m4trace:configure.ac:1: -1- AC_SUBST([ECHO_T]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([ECHO_T]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^ECHO_T$]) -m4trace:configure.ac:1: -1- AC_SUBST([LIBS]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([LIBS]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^LIBS$]) -m4trace:configure.ac:1: -1- AC_SUBST([build_alias]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([build_alias]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^build_alias$]) -m4trace:configure.ac:1: -1- AC_SUBST([host_alias]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([host_alias]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^host_alias$]) -m4trace:configure.ac:1: -1- AC_SUBST([target_alias]) -m4trace:configure.ac:1: -1- AC_SUBST_TRACE([target_alias]) -m4trace:configure.ac:1: -1- m4_pattern_allow([^target_alias$]) -m4trace:configure.ac:7: -1- AC_SUBST([runstatedir]) -m4trace:configure.ac:7: -1- AC_SUBST_TRACE([runstatedir]) -m4trace:configure.ac:7: -1- m4_pattern_allow([^runstatedir$]) -m4trace:configure.ac:16: -1- AC_SUBST([SYSCONFCONF]) -m4trace:configure.ac:16: -1- AC_SUBST_TRACE([SYSCONFCONF]) -m4trace:configure.ac:16: -1- m4_pattern_allow([^SYSCONFCONF$]) -m4trace:configure.ac:18: -1- AC_CONFIG_AUX_DIR([./config]) -m4trace:configure.ac:18: -1- AC_SUBST([EXTRA_FILES]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([EXTRA_FILES]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^EXTRA_FILES$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([_GNU_SOURCE]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^_GNU_SOURCE$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([_GNU_SOURCE], [/* Define to enable extensions in glibc */ -@%:@undef _GNU_SOURCE]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([__STDC_WANT_LIB_EXT1__]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^__STDC_WANT_LIB_EXT1__$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([__STDC_WANT_LIB_EXT1__], [/* Define to enable C11 extensions */ -@%:@undef __STDC_WANT_LIB_EXT1__]) -m4trace:configure.ac:18: -1- AC_SUBST([CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([CFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([LDFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([LDFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^LDFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([LIBS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([LIBS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^LIBS$]) -m4trace:configure.ac:18: -1- AC_SUBST([CPPFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CPPFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CPPFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([ac_ct_CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([ac_ct_CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^ac_ct_CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([EXEEXT]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^EXEEXT$]) -m4trace:configure.ac:18: -1- AC_SUBST([OBJEXT], [$ac_cv_objext]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([OBJEXT]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^OBJEXT$]) -m4trace:configure.ac:18: -1- AC_SUBST([CXX]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CXX]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CXX$]) -m4trace:configure.ac:18: -1- AC_SUBST([CXXFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CXXFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CXXFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([LDFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([LDFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^LDFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([LIBS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([LIBS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^LIBS$]) -m4trace:configure.ac:18: -1- AC_SUBST([CPPFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CPPFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CPPFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([CXX]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CXX]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CXX$]) -m4trace:configure.ac:18: -1- AC_SUBST([ac_ct_CXX]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([ac_ct_CXX]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^ac_ct_CXX$]) -m4trace:configure.ac:18: -1- AC_SUBST([HAVE_GCC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([HAVE_GCC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_GCC$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([CONFIG_SMALL]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CONFIG_SMALL$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([CONFIG_SMALL], [/* Define to reduce code size even if it means more cpu usage */ -@%:@undef CONFIG_SMALL]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:470: CHECK_CC_WARNING_TEST_FLAGS is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:470: CHECK_CC_WARNING_TEST_FLAGS is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:452: TRY_WARN_CC_FLAG_1 is expanded from... -aclocal.m4:478: TRY_WARN_CC_FLAG is expanded from... -aclocal.m4:483: WITH_CC is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([WARN_CFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([WARN_CFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^WARN_CFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([WARN_CXXFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([WARN_CXXFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^WARN_CXXFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([CPP]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CPP]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CPP$]) -m4trace:configure.ac:18: -1- AC_SUBST([CPPFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CPPFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CPPFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([CPP]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CPP]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CPP$]) -m4trace:configure.ac:18: -1- AC_SUBST([LD]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([LD]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^LD$]) -m4trace:configure.ac:18: -1- AC_SUBST([LDFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([LDFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^LDFLAGS$]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:1426: KRB5_AC_CHOOSE_ET is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([compile_et]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([compile_et]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^compile_et$]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:1426: KRB5_AC_CHOOSE_ET is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([COM_ERR_VERSION]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([COM_ERR_VERSION]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^COM_ERR_VERSION$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_COM_ERR_INTL]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_COM_ERR_INTL$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_COM_ERR_INTL], [/* Define if com_err has compatible gettext support */ -@%:@undef HAVE_COM_ERR_INTL]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:1484: KRB5_AC_CHOOSE_SS is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([SS_LIB]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([SS_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^SS_LIB$]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_RUN' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2764: AC_TRY_RUN is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:1484: KRB5_AC_CHOOSE_SS is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -aclocal.m4:1357: KRB5_NEED_PROTO is expanded from... -aclocal.m4:1484: KRB5_AC_CHOOSE_SS is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([NEED_SS_EXECUTE_COMMAND_PROTO]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^NEED_SS_EXECUTE_COMMAND_PROTO$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([NEED_SS_EXECUTE_COMMAND_PROTO], [/* define if the system header files are missing prototype for - ss_execute_command() */ -@%:@undef NEED_SS_EXECUTE_COMMAND_PROTO]) -m4trace:configure.ac:18: -1- AC_SUBST([SS_LIB]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([SS_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^SS_LIB$]) -m4trace:configure.ac:18: -1- AC_SUBST([SS_VERSION]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([SS_VERSION]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^SS_VERSION$]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:1519: KRB5_AC_CHOOSE_DB is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([DB_HEADER]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DB_HEADER]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DB_HEADER$]) -m4trace:configure.ac:18: -1- AC_SUBST([DB_LIB]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DB_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DB_LIB$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BT_RSEQ]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_BT_RSEQ$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_BT_RSEQ], [/* Define if bt_rseq is available, for recursive btree traversal. */ -@%:@undef HAVE_BT_RSEQ]) -m4trace:configure.ac:18: -1- AC_SUBST([DB_VERSION]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DB_VERSION]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DB_VERSION$]) -m4trace:configure.ac:18: -1- AC_SUBST([DB_HEADER]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DB_HEADER]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DB_HEADER$]) -m4trace:configure.ac:18: -1- AC_SUBST([DB_HEADER_VERSION]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DB_HEADER_VERSION]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DB_HEADER_VERSION$]) -m4trace:configure.ac:18: -1- AC_SUBST([DB_LIB]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DB_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DB_LIB$]) -m4trace:configure.ac:18: -1- AC_SUBST([KDB5_DB_LIB]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([KDB5_DB_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^KDB5_DB_LIB$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([const]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^const$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([const], [/* Define to empty if `const\' does not conform to ANSI C. */ -@%:@undef const]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:718: WITH_NETLIB is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([KRB5_DNS_LOOKUP_REALM]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^KRB5_DNS_LOOKUP_REALM$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([KRB5_DNS_LOOKUP_REALM], [/* Define to enable DNS lookups of Kerberos realm names */ -@%:@undef KRB5_DNS_LOOKUP_REALM]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([KRB5_DNS_LOOKUP]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^KRB5_DNS_LOOKUP$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([KRB5_DNS_LOOKUP], [/* Define for DNS support of locating realms and KDCs */ -@%:@undef KRB5_DNS_LOOKUP]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the `nsl\' library (-lnsl). */ -@%:@undef HAVE_LIBNSL]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_LIBNSL$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the `socket\' library (-lsocket). */ -@%:@undef HAVE_LIBSOCKET]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_LIBSOCKET$]) -m4trace:configure.ac:18: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the `socket\' library (-lsocket). */ -@%:@undef HAVE_LIBSOCKET]) -m4trace:configure.ac:18: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) -m4trace:configure.ac:18: -2- m4_pattern_allow([^HAVE_LIBSOCKET$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([KRB5_DNS_LOOKUP_REALM]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^KRB5_DNS_LOOKUP_REALM$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([KRB5_DNS_LOOKUP_REALM], [/* Define to enable DNS lookups of Kerberos realm names */ -@%:@undef KRB5_DNS_LOOKUP_REALM]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([KRB5_DNS_LOOKUP]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^KRB5_DNS_LOOKUP$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([KRB5_DNS_LOOKUP], [/* Define for DNS support of locating realms and KDCs */ -@%:@undef KRB5_DNS_LOOKUP]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the `resolv\' library (-lresolv). */ -@%:@undef HAVE_LIBRESOLV]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_LIBRESOLV$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_RES_NINIT], [/* Define to 1 if you have the `res_ninit\' function. */ -@%:@undef HAVE_RES_NINIT]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_RES_NCLOSE], [/* Define to 1 if you have the `res_nclose\' function. */ -@%:@undef HAVE_RES_NCLOSE]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_RES_NDESTROY], [/* Define to 1 if you have the `res_ndestroy\' function. */ -@%:@undef HAVE_RES_NDESTROY]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_RES_NSEARCH], [/* Define to 1 if you have the `res_nsearch\' function. */ -@%:@undef HAVE_RES_NSEARCH]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_NS_INITPARSE], [/* Define to 1 if you have the `ns_initparse\' function. */ -@%:@undef HAVE_NS_INITPARSE]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_NS_NAME_UNCOMPRESS], [/* Define to 1 if you have the `ns_name_uncompress\' function. */ -@%:@undef HAVE_NS_NAME_UNCOMPRESS]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_DN_SKIPNAME], [/* Define to 1 if you have the `dn_skipname\' function. */ -@%:@undef HAVE_DN_SKIPNAME]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_RES_SEARCH], [/* Define to 1 if you have the `res_search\' function. */ -@%:@undef HAVE_RES_SEARCH]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_FOREACH' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:194: AC_FOREACH is expanded from... -aclocal.m4:1302: _KRB5_AC_CHECK_RES_FUNCS is expanded from... -aclocal.m4:1263: AC_LIBRARY_NET is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -aclocal.m4:718: WITH_NETLIB is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:1310: _KRB5_AC_CHECK_RES_FUNC is expanded from... -aclocal.m4:1302: _KRB5_AC_CHECK_RES_FUNCS is expanded from... -aclocal.m4:1263: AC_LIBRARY_NET is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -aclocal.m4:718: WITH_NETLIB is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_RES_SEARCH]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_RES_SEARCH$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_RES_SEARCH], [/* Define to 1 if you have the `res_search\' function */ -@%:@undef HAVE_RES_SEARCH]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_ERROR' is obsolete. -You should run autoupdate.], [../../lib/autoconf/oldnames.m4:34: AC_ERROR is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/functions.m4:59: AC_CHECK_FUNC is expanded from... -aclocal.m4:1263: AC_LIBRARY_NET is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -aclocal.m4:718: WITH_NETLIB is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:1012: WITH_HESIOD is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([HESIOD_DEFS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([HESIOD_DEFS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HESIOD_DEFS$]) -m4trace:configure.ac:18: -1- AC_SUBST([HESIOD_LIBS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([HESIOD_LIBS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HESIOD_LIBS$]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:101: KRB5_AC_MAINTAINER_MODE is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_SUBST([MAINTAINER_MODE_TRUE]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([MAINTAINER_MODE_TRUE]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^MAINTAINER_MODE_TRUE$]) -m4trace:configure.ac:18: -1- AC_SUBST([MAINTAINER_MODE_FALSE]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([MAINTAINER_MODE_FALSE]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^MAINTAINER_MODE_FALSE$]) -m4trace:configure.ac:18: -1- AC_SUBST([MAINT]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([MAINT]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^MAINT$]) -m4trace:configure.ac:18: -1- AC_SUBST([CONFIG_RELTOPDIR]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([CONFIG_RELTOPDIR]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CONFIG_RELTOPDIR$]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^lib_frag$]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^libobj_frag$]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^libnover_frag$]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^libpriv_frag$]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^libnodeps_frag$]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:1647: KRB5_AC_PRAGMA_WEAK_REF is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PRAGMA_WEAK_REF]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_PRAGMA_WEAK_REF$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_PRAGMA_WEAK_REF], [/* Define if @%:@pragma weak references work */ -@%:@undef HAVE_PRAGMA_WEAK_REF]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -aclocal.m4:1751: KRB5_WITH_SELINUX is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SELINUX_SELINUX_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SELINUX_SELINUX_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SELINUX_LABEL_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SELINUX_LABEL_H]) -m4trace:configure.ac:18: -1- AC_SUBST([GREP]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([GREP]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^GREP$]) -m4trace:configure.ac:18: -1- AC_SUBST([EGREP]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([EGREP]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^EGREP$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^STDC_HEADERS$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ -@%:@undef STDC_HEADERS]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_TYPES_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_STAT_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STDLIB_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STRING_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_MEMORY_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STRINGS_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_INTTYPES_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STDINT_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_UNISTD_H]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SETFSCREATECON], [/* Define to 1 if you have the `setfscreatecon\' function. */ -@%:@undef HAVE_SETFSCREATECON]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SELABEL_OPEN], [/* Define to 1 if you have the `selabel_open\' function. */ -@%:@undef HAVE_SELABEL_OPEN]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_LIBSELINUX], [/* Define to 1 if you have the `selinux\' library (-lselinux). */ -@%:@undef HAVE_LIBSELINUX]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSELINUX]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_LIBSELINUX$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SETFSCREATECON], [/* Define to 1 if you have the `setfscreatecon\' function. */ -@%:@undef HAVE_SETFSCREATECON]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_SELABEL_OPEN], [/* Define to 1 if you have the `selabel_open\' function. */ -@%:@undef HAVE_SELABEL_OPEN]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([USE_SELINUX]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^USE_SELINUX$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([USE_SELINUX], [/* Define if Kerberos-aware tools should set SELinux file contexts when - creating files. */ -@%:@undef USE_SELINUX]) -m4trace:configure.ac:18: -1- AC_SUBST([SELINUX_LIBS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([SELINUX_LIBS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^SELINUX_LIBS$]) -m4trace:configure.ac:18: -1- AC_CANONICAL_HOST -m4trace:configure.ac:18: -1- AC_CANONICAL_BUILD -m4trace:configure.ac:18: -1- AC_REQUIRE_AUX_FILE([config.sub]) -m4trace:configure.ac:18: -1- AC_REQUIRE_AUX_FILE([config.guess]) -m4trace:configure.ac:18: -1- AC_SUBST([build], [$ac_cv_build]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([build]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^build$]) -m4trace:configure.ac:18: -1- AC_SUBST([build_cpu], [$[1]]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([build_cpu]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^build_cpu$]) -m4trace:configure.ac:18: -1- AC_SUBST([build_vendor], [$[2]]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([build_vendor]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^build_vendor$]) -m4trace:configure.ac:18: -1- AC_SUBST([build_os]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([build_os]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^build_os$]) -m4trace:configure.ac:18: -1- AC_SUBST([host], [$ac_cv_host]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([host]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^host$]) -m4trace:configure.ac:18: -1- AC_SUBST([host_cpu], [$[1]]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([host_cpu]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^host_cpu$]) -m4trace:configure.ac:18: -1- AC_SUBST([host_vendor], [$[2]]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([host_vendor]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^host_vendor$]) -m4trace:configure.ac:18: -1- AC_SUBST([host_os]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([host_os]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^host_os$]) -m4trace:configure.ac:18: -1- AC_SUBST([krb5_cv_host]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([krb5_cv_host]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^krb5_cv_host$]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:121: KRB5_AC_INITFINI is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([DELAY_INITIALIZER]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DELAY_INITIALIZER$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([DELAY_INITIALIZER], [/* Define if library initialization should be delayed until first use */ -@%:@undef DELAY_INITIALIZER]) -m4trace:configure.ac:18: -1- _m4_warn([obsolete], [The macro `AC_TRY_RUN' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2764: AC_TRY_RUN is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:1597: KRB5_AC_GCC_ATTRS is expanded from... -aclocal.m4:121: KRB5_AC_INITFINI is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([CONSTRUCTOR_ATTR_WORKS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^CONSTRUCTOR_ATTR_WORKS$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([CONSTRUCTOR_ATTR_WORKS], [/* Define if __attribute__((constructor)) works */ -@%:@undef CONSTRUCTOR_ATTR_WORKS]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([DESTRUCTOR_ATTR_WORKS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DESTRUCTOR_ATTR_WORKS$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([DESTRUCTOR_ATTR_WORKS], [/* Define if __attribute__((destructor)) works */ -@%:@undef DESTRUCTOR_ATTR_WORKS]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([USE_LINKER_INIT_OPTION]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^USE_LINKER_INIT_OPTION$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([USE_LINKER_INIT_OPTION], [/* Define if link-time options for library initialization will be used */ -@%:@undef USE_LINKER_INIT_OPTION]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([USE_LINKER_FINI_OPTION]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^USE_LINKER_FINI_OPTION$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([USE_LINKER_FINI_OPTION], [/* Define if link-time options for library finalization will be used */ -@%:@undef USE_LINKER_FINI_OPTION]) -m4trace:configure.ac:18: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:162: KRB5_AC_ENABLE_THREADS is expanded from... -aclocal.m4:49: CONFIG_RULES is expanded from... -configure.ac:18: the top level]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_THREADS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^ENABLE_THREADS$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([ENABLE_THREADS], [/* Define if thread support enabled */ -@%:@undef ENABLE_THREADS]) -m4trace:configure.ac:18: -1- AC_SUBST([SED]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([SED]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^SED$]) -m4trace:configure.ac:18: -1- AC_SUBST([ax_pthread_config]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([ax_pthread_config]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^ax_pthread_config$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([PTHREAD_CREATE_JOINABLE]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^PTHREAD_CREATE_JOINABLE$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([PTHREAD_CREATE_JOINABLE], [/* Define to necessary symbol if this constant uses a non-standard name on - your system. */ -@%:@undef PTHREAD_CREATE_JOINABLE]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTHREAD_PRIO_INHERIT]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_PTHREAD_PRIO_INHERIT$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_PTHREAD_PRIO_INHERIT], [/* Have PTHREAD_PRIO_INHERIT. */ -@%:@undef HAVE_PTHREAD_PRIO_INHERIT]) -m4trace:configure.ac:18: -1- AC_SUBST([PTHREAD_CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([PTHREAD_CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^PTHREAD_CC$]) -m4trace:configure.ac:18: -1- AC_SUBST([PTHREAD_LIBS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([PTHREAD_LIBS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^PTHREAD_LIBS$]) -m4trace:configure.ac:18: -1- AC_SUBST([PTHREAD_CFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([PTHREAD_CFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^PTHREAD_CFLAGS$]) -m4trace:configure.ac:18: -1- AC_SUBST([PTHREAD_CC]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([PTHREAD_CC]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^PTHREAD_CC$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTHREAD]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_PTHREAD$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_PTHREAD], [/* Define if you have POSIX threads libraries and header files. */ -@%:@undef HAVE_PTHREAD]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([NO_WEAK_PTHREADS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^NO_WEAK_PTHREADS$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([NO_WEAK_PTHREADS], [/* Define if references to pthread routines should be non-weak. */ -@%:@undef NO_WEAK_PTHREADS]) -m4trace:configure.ac:18: -1- AC_SUBST([THREAD_SUPPORT]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([THREAD_SUPPORT]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^THREAD_SUPPORT$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_PTHREAD_ONCE], [/* Define to 1 if you have the `pthread_once\' function. */ -@%:@undef HAVE_PTHREAD_ONCE]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_PTHREAD_RWLOCK_INIT], [/* Define to 1 if you have the `pthread_rwlock_init\' function. */ -@%:@undef HAVE_PTHREAD_RWLOCK_INIT]) -m4trace:configure.ac:18: -1- AC_SUBST([PTHREAD_CFLAGS]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([PTHREAD_CFLAGS]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^PTHREAD_CFLAGS$]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB], [/* Define if pthread_rwlock_init is provided in the thread library. */ -@%:@undef HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB]) -m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([USE_DLOPEN]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^USE_DLOPEN$]) -m4trace:configure.ac:18: -1- AH_OUTPUT([USE_DLOPEN], [/* Define if dlopen should be used */ -@%:@undef USE_DLOPEN]) -m4trace:configure.ac:18: -1- AC_SUBST([DL_LIB]) -m4trace:configure.ac:18: -1- AC_SUBST_TRACE([DL_LIB]) -m4trace:configure.ac:18: -1- m4_pattern_allow([^DL_LIB$]) -m4trace:configure.ac:20: -1- AC_SUBST([KRB5_VERSION]) -m4trace:configure.ac:20: -1- AC_SUBST_TRACE([KRB5_VERSION]) -m4trace:configure.ac:20: -1- m4_pattern_allow([^KRB5_VERSION$]) -m4trace:configure.ac:25: -1- m4_pattern_forbid([^_?PKG_[A-Z_]+$]) -m4trace:configure.ac:25: -1- m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) -m4trace:configure.ac:25: -1- m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) -m4trace:configure.ac:25: -1- AC_SUBST([PKG_CONFIG]) -m4trace:configure.ac:25: -1- AC_SUBST_TRACE([PKG_CONFIG]) -m4trace:configure.ac:25: -1- m4_pattern_allow([^PKG_CONFIG$]) -m4trace:configure.ac:25: -1- AC_SUBST([PKG_CONFIG_PATH]) -m4trace:configure.ac:25: -1- AC_SUBST_TRACE([PKG_CONFIG_PATH]) -m4trace:configure.ac:25: -1- m4_pattern_allow([^PKG_CONFIG_PATH$]) -m4trace:configure.ac:25: -1- AC_SUBST([PKG_CONFIG_LIBDIR]) -m4trace:configure.ac:25: -1- AC_SUBST_TRACE([PKG_CONFIG_LIBDIR]) -m4trace:configure.ac:25: -1- m4_pattern_allow([^PKG_CONFIG_LIBDIR$]) -m4trace:configure.ac:25: -1- AC_SUBST([PKG_CONFIG]) -m4trace:configure.ac:25: -1- AC_SUBST_TRACE([PKG_CONFIG]) -m4trace:configure.ac:25: -1- m4_pattern_allow([^PKG_CONFIG$]) -m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([HAS_VA_COPY]) -m4trace:configure.ac:79: -1- m4_pattern_allow([^HAS_VA_COPY$]) -m4trace:configure.ac:79: -1- AH_OUTPUT([HAS_VA_COPY], [/* Define if va_copy macro or function is available. */ -@%:@undef HAS_VA_COPY]) -m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([CAN_COPY_VA_LIST]) -m4trace:configure.ac:94: -1- m4_pattern_allow([^CAN_COPY_VA_LIST$]) -m4trace:configure.ac:94: -1- AH_OUTPUT([CAN_COPY_VA_LIST], [/* Define if va_list objects can be simply copied by assignment. */ -@%:@undef CAN_COPY_VA_LIST]) -m4trace:configure.ac:100: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -aclocal.m4:1122: KRB5_LIB_AUX is expanded from... -configure.ac:100: the top level]) -m4trace:configure.ac:100: -1- AC_DEFINE_TRACE_LITERAL([STATIC_PLUGINS]) -m4trace:configure.ac:100: -1- m4_pattern_allow([^STATIC_PLUGINS$]) -m4trace:configure.ac:100: -1- AH_OUTPUT([STATIC_PLUGINS], [/* Define for static plugin linkage */ -@%:@undef STATIC_PLUGINS]) -m4trace:configure.ac:101: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -aclocal.m4:786: AC_KRB5_TCL_FIND_CONFIG is expanded from... -aclocal.m4:963: AC_KRB5_TCL is expanded from... -configure.ac:101: the top level]) -m4trace:configure.ac:101: -2- AC_DEFINE_TRACE_LITERAL([HAVE_TCL_H]) -m4trace:configure.ac:101: -2- m4_pattern_allow([^HAVE_TCL_H$]) -m4trace:configure.ac:101: -2- AH_OUTPUT([HAVE_TCL_H], [/* Define if tcl.h is available */ -@%:@undef HAVE_TCL_H]) -m4trace:configure.ac:101: -2- AC_DEFINE_TRACE_LITERAL([HAVE_TCL_TCL_H]) -m4trace:configure.ac:101: -2- m4_pattern_allow([^HAVE_TCL_TCL_H$]) -m4trace:configure.ac:101: -2- AH_OUTPUT([HAVE_TCL_TCL_H], [/* Define if tcl/tcl.h is available */ -@%:@undef HAVE_TCL_TCL_H]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_INCLUDES]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_INCLUDES]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_INCLUDES$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_LIBS]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_LIBS]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_LIBS$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_LIBPATH]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_LIBPATH]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_LIBPATH$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_RPATH]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_RPATH]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_RPATH$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_MAYBE_RPATH]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_MAYBE_RPATH]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_MAYBE_RPATH$]) -m4trace:configure.ac:101: -2- AC_DEFINE_TRACE_LITERAL([HAVE_TCL_H]) -m4trace:configure.ac:101: -2- m4_pattern_allow([^HAVE_TCL_H$]) -m4trace:configure.ac:101: -2- AH_OUTPUT([HAVE_TCL_H], [/* Define if tcl.h found */ -@%:@undef HAVE_TCL_H]) -m4trace:configure.ac:101: -2- AC_DEFINE_TRACE_LITERAL([HAVE_TCL_TCL_H]) -m4trace:configure.ac:101: -2- m4_pattern_allow([^HAVE_TCL_TCL_H$]) -m4trace:configure.ac:101: -2- AH_OUTPUT([HAVE_TCL_TCL_H], [/* Define if tcl/tcl.h found */ -@%:@undef HAVE_TCL_TCL_H]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_INCLUDES]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_INCLUDES]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_INCLUDES$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_LIBS]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_LIBS]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_LIBS$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_LIBPATH]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_LIBPATH]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_LIBPATH$]) -m4trace:configure.ac:101: -1- AC_SUBST([TCL_RPATH]) -m4trace:configure.ac:101: -1- AC_SUBST_TRACE([TCL_RPATH]) -m4trace:configure.ac:101: -1- m4_pattern_allow([^TCL_RPATH$]) -m4trace:configure.ac:108: -1- AC_SUBST([OBJLISTS]) -m4trace:configure.ac:108: -1- AC_SUBST_TRACE([OBJLISTS]) -m4trace:configure.ac:108: -1- m4_pattern_allow([^OBJLISTS$]) -m4trace:configure.ac:108: -1- AC_SUBST([STOBJEXT]) -m4trace:configure.ac:108: -1- AC_SUBST_TRACE([STOBJEXT]) -m4trace:configure.ac:108: -1- m4_pattern_allow([^STOBJEXT$]) -m4trace:configure.ac:108: -1- AC_SUBST([SHOBJEXT]) -m4trace:configure.ac:108: -1- AC_SUBST_TRACE([SHOBJEXT]) -m4trace:configure.ac:108: -1- m4_pattern_allow([^SHOBJEXT$]) -m4trace:configure.ac:108: -1- AC_SUBST([PFOBJEXT]) -m4trace:configure.ac:108: -1- AC_SUBST_TRACE([PFOBJEXT]) -m4trace:configure.ac:108: -1- m4_pattern_allow([^PFOBJEXT$]) -m4trace:configure.ac:108: -1- AC_SUBST([PICFLAGS]) -m4trace:configure.ac:108: -1- AC_SUBST_TRACE([PICFLAGS]) -m4trace:configure.ac:108: -1- m4_pattern_allow([^PICFLAGS$]) -m4trace:configure.ac:108: -1- AC_SUBST([PROFFLAGS]) -m4trace:configure.ac:108: -1- AC_SUBST_TRACE([PROFFLAGS]) -m4trace:configure.ac:108: -1- m4_pattern_allow([^PROFFLAGS$]) -m4trace:configure.ac:109: -1- AC_SUBST([LN_S], [$as_ln_s]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([LN_S]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^LN_S$]) -m4trace:configure.ac:109: -1- AC_SUBST([RANLIB]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([RANLIB]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^RANLIB$]) -m4trace:configure.ac:109: -1- AC_SUBST([ARCHIVE]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([ARCHIVE]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^ARCHIVE$]) -m4trace:configure.ac:109: -1- AC_SUBST([ARADD]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([ARADD]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^ARADD$]) -m4trace:configure.ac:109: -1- AC_REQUIRE_AUX_FILE([install-sh]) -m4trace:configure.ac:109: -1- AC_SUBST([INSTALL_PROGRAM]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([INSTALL_PROGRAM]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^INSTALL_PROGRAM$]) -m4trace:configure.ac:109: -1- AC_SUBST([INSTALL_SCRIPT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([INSTALL_SCRIPT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^INSTALL_SCRIPT$]) -m4trace:configure.ac:109: -1- AC_SUBST([INSTALL_DATA]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([INSTALL_DATA]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^INSTALL_DATA$]) -m4trace:configure.ac:109: -1- AC_SUBST([AR]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([AR]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^AR$]) -m4trace:configure.ac:109: -1- AC_SUBST([PERL]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([PERL]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^PERL$]) -m4trace:configure.ac:109: -1- AC_SUBST([LIBLIST]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([LIBLIST]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^LIBLIST$]) -m4trace:configure.ac:109: -1- AC_SUBST([LIBLINKS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([LIBLINKS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^LIBLINKS$]) -m4trace:configure.ac:109: -1- AC_SUBST([PLUGIN]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([PLUGIN]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^PLUGIN$]) -m4trace:configure.ac:109: -1- AC_SUBST([PLUGINLINK]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([PLUGINLINK]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^PLUGINLINK$]) -m4trace:configure.ac:109: -1- AC_SUBST([PLUGININST]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([PLUGININST]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^PLUGININST$]) -m4trace:configure.ac:109: -1- AC_SUBST([KDB5_PLUGIN_DEPLIBS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([KDB5_PLUGIN_DEPLIBS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^KDB5_PLUGIN_DEPLIBS$]) -m4trace:configure.ac:109: -1- AC_SUBST([KDB5_PLUGIN_LIBS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([KDB5_PLUGIN_LIBS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^KDB5_PLUGIN_LIBS$]) -m4trace:configure.ac:109: -1- AC_SUBST([MAKE_SHLIB_COMMAND]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([MAKE_SHLIB_COMMAND]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^MAKE_SHLIB_COMMAND$]) -m4trace:configure.ac:109: -1- AC_SUBST([SHLIB_RPATH_FLAGS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([SHLIB_RPATH_FLAGS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^SHLIB_RPATH_FLAGS$]) -m4trace:configure.ac:109: -1- AC_SUBST([SHLIB_EXPFLAGS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([SHLIB_EXPFLAGS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^SHLIB_EXPFLAGS$]) -m4trace:configure.ac:109: -1- AC_SUBST([SHLIB_EXPORT_FILE_DEP]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([SHLIB_EXPORT_FILE_DEP]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^SHLIB_EXPORT_FILE_DEP$]) -m4trace:configure.ac:109: -1- AC_SUBST([DYNOBJ_EXPDEPS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([DYNOBJ_EXPDEPS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^DYNOBJ_EXPDEPS$]) -m4trace:configure.ac:109: -1- AC_SUBST([DYNOBJ_EXPFLAGS]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([DYNOBJ_EXPFLAGS]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^DYNOBJ_EXPFLAGS$]) -m4trace:configure.ac:109: -1- AC_SUBST([INSTALL_SHLIB]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([INSTALL_SHLIB]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^INSTALL_SHLIB$]) -m4trace:configure.ac:109: -1- AC_SUBST([STLIBEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([STLIBEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^STLIBEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([SHLIBEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([SHLIBEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^SHLIBEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([SHLIBVEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([SHLIBVEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^SHLIBVEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([SHLIBSEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([SHLIBSEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^SHLIBSEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([DEPLIBEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([DEPLIBEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^DEPLIBEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([PFLIBEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([PFLIBEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^PFLIBEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([LIBINSTLIST]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([LIBINSTLIST]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^LIBINSTLIST$]) -m4trace:configure.ac:109: -1- AC_SUBST([DYNOBJEXT]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([DYNOBJEXT]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^DYNOBJEXT$]) -m4trace:configure.ac:109: -1- AC_SUBST([MAKE_DYNOBJ_COMMAND]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([MAKE_DYNOBJ_COMMAND]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^MAKE_DYNOBJ_COMMAND$]) -m4trace:configure.ac:109: -1- AC_SUBST([UNDEF_CHECK]) -m4trace:configure.ac:109: -1- AC_SUBST_TRACE([UNDEF_CHECK]) -m4trace:configure.ac:109: -1- m4_pattern_allow([^UNDEF_CHECK$]) -m4trace:configure.ac:110: -1- _m4_warn([obsolete], [The macro `AC_TRY_RUN' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2764: AC_TRY_RUN is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:743: KRB5_AC_NEED_LIBGEN is expanded from... -aclocal.m4:1096: KRB5_BUILD_PROGRAM is expanded from... -configure.ac:110: the top level]) -m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REGCOMP]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^HAVE_REGCOMP$]) -m4trace:configure.ac:110: -1- AH_OUTPUT([HAVE_REGCOMP], [/* Define if regcomp exists and functions */ -@%:@undef HAVE_REGCOMP]) -m4trace:configure.ac:110: -1- AH_OUTPUT([HAVE_COMPILE], [/* Define to 1 if you have the `compile\' function. */ -@%:@undef HAVE_COMPILE]) -m4trace:configure.ac:110: -1- AH_OUTPUT([HAVE_STEP], [/* Define to 1 if you have the `step\' function. */ -@%:@undef HAVE_STEP]) -m4trace:configure.ac:110: -1- AC_SUBST([GEN_LIB]) -m4trace:configure.ac:110: -1- AC_SUBST_TRACE([GEN_LIB]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^GEN_LIB$]) -m4trace:configure.ac:110: -1- AC_SUBST([CC_LINK]) -m4trace:configure.ac:110: -1- AC_SUBST_TRACE([CC_LINK]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^CC_LINK$]) -m4trace:configure.ac:110: -1- AC_SUBST([CXX_LINK]) -m4trace:configure.ac:110: -1- AC_SUBST_TRACE([CXX_LINK]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^CXX_LINK$]) -m4trace:configure.ac:110: -1- AC_SUBST([RPATH_FLAG]) -m4trace:configure.ac:110: -1- AC_SUBST_TRACE([RPATH_FLAG]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^RPATH_FLAG$]) -m4trace:configure.ac:110: -1- AC_SUBST([PROG_RPATH_FLAGS]) -m4trace:configure.ac:110: -1- AC_SUBST_TRACE([PROG_RPATH_FLAGS]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^PROG_RPATH_FLAGS$]) -m4trace:configure.ac:110: -1- AC_SUBST([DEPLIBEXT]) -m4trace:configure.ac:110: -1- AC_SUBST_TRACE([DEPLIBEXT]) -m4trace:configure.ac:110: -1- m4_pattern_allow([^DEPLIBEXT$]) -m4trace:configure.ac:112: -1- AC_DEFINE_TRACE_LITERAL([mode_t]) -m4trace:configure.ac:112: -1- m4_pattern_allow([^mode_t$]) -m4trace:configure.ac:112: -1- AH_OUTPUT([mode_t], [/* Define to `int\' if does not define. */ -@%:@undef mode_t]) -m4trace:configure.ac:114: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -aclocal.m4:1357: KRB5_NEED_PROTO is expanded from... -aclocal.m4:733: KRB5_AC_NEED_DAEMON is expanded from... -configure.ac:114: the top level]) -m4trace:configure.ac:114: -1- AC_DEFINE_TRACE_LITERAL([NEED_DAEMON_PROTO]) -m4trace:configure.ac:114: -1- m4_pattern_allow([^NEED_DAEMON_PROTO$]) -m4trace:configure.ac:114: -1- AH_OUTPUT([NEED_DAEMON_PROTO], [/* define if the system header files are missing prototype for daemon() */ -@%:@undef NEED_DAEMON_PROTO]) -m4trace:configure.ac:115: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:1384: TRY_GETSOCK_INT is expanded from... -aclocal.m4:1404: KRB5_GETSOCKNAME_ARGS is expanded from... -configure.ac:115: the top level]) -m4trace:configure.ac:115: -1- AC_DEFINE_TRACE_LITERAL([GETSOCKNAME_ARG3_TYPE]) -m4trace:configure.ac:115: -1- m4_pattern_allow([^GETSOCKNAME_ARG3_TYPE$]) -m4trace:configure.ac:115: -1- AH_OUTPUT([GETSOCKNAME_ARG3_TYPE], [/* Type of pointer target for argument 3 to getsockname */ -@%:@undef GETSOCKNAME_ARG3_TYPE]) -m4trace:configure.ac:116: -1- AC_DEFINE_TRACE_LITERAL([GETPEERNAME_ARG3_TYPE]) -m4trace:configure.ac:116: -1- m4_pattern_allow([^GETPEERNAME_ARG3_TYPE$]) -m4trace:configure.ac:116: -1- AH_OUTPUT([GETPEERNAME_ARG3_TYPE], [/* Type of getpeername second argument. */ -@%:@undef GETPEERNAME_ARG3_TYPE]) -m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBUTIL]) -m4trace:configure.ac:118: -1- m4_pattern_allow([^HAVE_LIBUTIL$]) -m4trace:configure.ac:118: -1- AH_OUTPUT([HAVE_LIBUTIL], [/* Define if the util library is available */ -@%:@undef HAVE_LIBUTIL]) -m4trace:configure.ac:121: -1- AC_SUBST([LIBUTIL]) -m4trace:configure.ac:121: -1- AC_SUBST_TRACE([LIBUTIL]) -m4trace:configure.ac:121: -1- m4_pattern_allow([^LIBUTIL$]) -m4trace:configure.ac:126: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:126: the top level]) -m4trace:configure.ac:129: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_NLS]) -m4trace:configure.ac:129: -1- m4_pattern_allow([^ENABLE_NLS$]) -m4trace:configure.ac:129: -1- AH_OUTPUT([ENABLE_NLS], [/* Define if translation functions should be used. */ -@%:@undef ENABLE_NLS]) -m4trace:configure.ac:135: -1- AC_SUBST([MSGFMT]) -m4trace:configure.ac:135: -1- AC_SUBST_TRACE([MSGFMT]) -m4trace:configure.ac:135: -1- m4_pattern_allow([^MSGFMT$]) -m4trace:configure.ac:137: -1- AC_CONFIG_FILES([po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:148: -1- AC_SUBST([po]) -m4trace:configure.ac:148: -1- AC_SUBST_TRACE([po]) -m4trace:configure.ac:148: -1- m4_pattern_allow([^po$]) -m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_SYS_SOCKIO_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_SOCKIO_H]) -m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_IFADDRS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_IFADDRS_H]) -m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_UNISTD_H]) -m4trace:configure.ac:151: -1- AH_OUTPUT([HAVE_FNMATCH_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_FNMATCH_H]) -m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_VSPRINTF], [/* Define to 1 if you have the `vsprintf\' function. */ -@%:@undef HAVE_VSPRINTF]) -m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_VASPRINTF], [/* Define to 1 if you have the `vasprintf\' function. */ -@%:@undef HAVE_VASPRINTF]) -m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the `vsnprintf\' function. */ -@%:@undef HAVE_VSNPRINTF]) -m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the `strlcpy\' function. */ -@%:@undef HAVE_STRLCPY]) -m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_FNMATCH], [/* Define to 1 if you have the `fnmatch\' function. */ -@%:@undef HAVE_FNMATCH]) -m4trace:configure.ac:152: -1- AH_OUTPUT([HAVE_SECURE_GETENV], [/* Define to 1 if you have the `secure_getenv\' function. */ -@%:@undef HAVE_SECURE_GETENV]) -m4trace:configure.ac:161: -1- AC_SUBST([STRLCPY_OBJ]) -m4trace:configure.ac:161: -1- AC_SUBST_TRACE([STRLCPY_OBJ]) -m4trace:configure.ac:161: -1- m4_pattern_allow([^STRLCPY_OBJ$]) -m4trace:configure.ac:162: -1- AC_SUBST([STRLCPY_ST_OBJ]) -m4trace:configure.ac:162: -1- AC_SUBST_TRACE([STRLCPY_ST_OBJ]) -m4trace:configure.ac:162: -1- m4_pattern_allow([^STRLCPY_ST_OBJ$]) -m4trace:configure.ac:164: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT]) -m4trace:configure.ac:164: -1- m4_pattern_allow([^HAVE_GETOPT$]) -m4trace:configure.ac:164: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define if system getopt should be used. */ -@%:@undef HAVE_GETOPT]) -m4trace:configure.ac:171: -1- AC_SUBST([GETOPT_OBJ]) -m4trace:configure.ac:171: -1- AC_SUBST_TRACE([GETOPT_OBJ]) -m4trace:configure.ac:171: -1- m4_pattern_allow([^GETOPT_OBJ$]) -m4trace:configure.ac:172: -1- AC_SUBST([GETOPT_ST_OBJ]) -m4trace:configure.ac:172: -1- AC_SUBST_TRACE([GETOPT_ST_OBJ]) -m4trace:configure.ac:172: -1- m4_pattern_allow([^GETOPT_ST_OBJ$]) -m4trace:configure.ac:174: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_LONG]) -m4trace:configure.ac:174: -1- m4_pattern_allow([^HAVE_GETOPT_LONG$]) -m4trace:configure.ac:174: -1- AH_OUTPUT([HAVE_GETOPT_LONG], [/* Define if system getopt_long should be used. */ -@%:@undef HAVE_GETOPT_LONG]) -m4trace:configure.ac:181: -1- AC_SUBST([GETOPT_LONG_OBJ]) -m4trace:configure.ac:181: -1- AC_SUBST_TRACE([GETOPT_LONG_OBJ]) -m4trace:configure.ac:181: -1- m4_pattern_allow([^GETOPT_LONG_OBJ$]) -m4trace:configure.ac:182: -1- AC_SUBST([GETOPT_LONG_ST_OBJ]) -m4trace:configure.ac:182: -1- AC_SUBST_TRACE([GETOPT_LONG_ST_OBJ]) -m4trace:configure.ac:182: -1- m4_pattern_allow([^GETOPT_LONG_ST_OBJ$]) -m4trace:configure.ac:190: -1- AC_SUBST([FNMATCH_OBJ]) -m4trace:configure.ac:190: -1- AC_SUBST_TRACE([FNMATCH_OBJ]) -m4trace:configure.ac:190: -1- m4_pattern_allow([^FNMATCH_OBJ$]) -m4trace:configure.ac:191: -1- AC_SUBST([FNMATCH_ST_OBJ]) -m4trace:configure.ac:191: -1- AC_SUBST_TRACE([FNMATCH_ST_OBJ]) -m4trace:configure.ac:191: -1- m4_pattern_allow([^FNMATCH_ST_OBJ$]) -m4trace:configure.ac:199: -1- AC_SUBST([PRINTF_OBJ]) -m4trace:configure.ac:199: -1- AC_SUBST_TRACE([PRINTF_OBJ]) -m4trace:configure.ac:199: -1- m4_pattern_allow([^PRINTF_OBJ$]) -m4trace:configure.ac:200: -1- AC_SUBST([PRINTF_ST_OBJ]) -m4trace:configure.ac:200: -1- AC_SUBST_TRACE([PRINTF_ST_OBJ]) -m4trace:configure.ac:200: -1- m4_pattern_allow([^PRINTF_ST_OBJ$]) -m4trace:configure.ac:201: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -aclocal.m4:1357: KRB5_NEED_PROTO is expanded from... -configure.ac:201: the top level]) -m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([NEED_VASPRINTF_PROTO]) -m4trace:configure.ac:201: -1- m4_pattern_allow([^NEED_VASPRINTF_PROTO$]) -m4trace:configure.ac:201: -1- AH_OUTPUT([NEED_VASPRINTF_PROTO], [/* define if the system header files are missing prototype for vasprintf() */ -@%:@undef NEED_VASPRINTF_PROTO]) -m4trace:configure.ac:204: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -aclocal.m4:1357: KRB5_NEED_PROTO is expanded from... -configure.ac:204: the top level]) -m4trace:configure.ac:204: -1- AC_DEFINE_TRACE_LITERAL([NEED_SWAB_PROTO]) -m4trace:configure.ac:204: -1- m4_pattern_allow([^NEED_SWAB_PROTO$]) -m4trace:configure.ac:204: -1- AH_OUTPUT([NEED_SWAB_PROTO], [/* define if the system header files are missing prototype for swab() */ -@%:@undef NEED_SWAB_PROTO]) -m4trace:configure.ac:220: -1- AC_SUBST([SECURE_GETENV_OBJ]) -m4trace:configure.ac:220: -1- AC_SUBST_TRACE([SECURE_GETENV_OBJ]) -m4trace:configure.ac:220: -1- m4_pattern_allow([^SECURE_GETENV_OBJ$]) -m4trace:configure.ac:221: -1- AC_SUBST([SECURE_GETENV_ST_OBJ]) -m4trace:configure.ac:221: -1- AC_SUBST_TRACE([SECURE_GETENV_ST_OBJ]) -m4trace:configure.ac:221: -1- m4_pattern_allow([^SECURE_GETENV_ST_OBJ$]) -m4trace:configure.ac:222: -1- AC_SUBST([SECURE_GETENV_INIT]) -m4trace:configure.ac:222: -1- AC_SUBST_TRACE([SECURE_GETENV_INIT]) -m4trace:configure.ac:222: -1- m4_pattern_allow([^SECURE_GETENV_INIT$]) -m4trace:configure.ac:224: -1- AC_SUBST([AWK]) -m4trace:configure.ac:224: -1- AC_SUBST_TRACE([AWK]) -m4trace:configure.ac:224: -1- m4_pattern_allow([^AWK$]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_TYPES_H]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_SYS_SOCKET_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_SOCKET_H]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_NETINET_IN_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_NETINET_IN_H]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_NETDB_H]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the `inet_ntop\' function. */ -@%:@undef HAVE_INET_NTOP]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_INET_PTON], [/* Define to 1 if you have the `inet_pton\' function. */ -@%:@undef HAVE_INET_PTON]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the `getnameinfo\' function. */ -@%:@undef HAVE_GETNAMEINFO]) -m4trace:configure.ac:225: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:377: KRB5_AC_INET6 is expanded from... -configure.ac:225: the top level]) -m4trace:configure.ac:225: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETADDRINFO]) -m4trace:configure.ac:225: -1- m4_pattern_allow([^HAVE_GETADDRINFO$]) -m4trace:configure.ac:225: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define if you have the getaddrinfo function */ -@%:@undef HAVE_GETADDRINFO]) -m4trace:configure.ac:225: -2- AC_DEFINE_TRACE_LITERAL([HAVE_SA_LEN]) -m4trace:configure.ac:225: -2- m4_pattern_allow([^HAVE_SA_LEN$]) -m4trace:configure.ac:225: -2- AH_OUTPUT([HAVE_SA_LEN], [/* Define if struct sockaddr contains sa_len */ -@%:@undef HAVE_SA_LEN]) -m4trace:configure.ac:225: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:377: KRB5_AC_INET6 is expanded from... -configure.ac:225: the top level]) -m4trace:configure.ac:225: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:377: KRB5_AC_INET6 is expanded from... -configure.ac:225: the top level]) -m4trace:configure.ac:225: -1- AC_DEFINE_TRACE_LITERAL([INET6]) -m4trace:configure.ac:225: -1- m4_pattern_allow([^INET6$]) -m4trace:configure.ac:225: -1- AH_OUTPUT([INET6], [/* May need to be defined to enable IPv6 support, for example on IRIX */ -@%:@undef INET6]) -m4trace:configure.ac:226: -2- AC_DEFINE_TRACE_LITERAL([HAVE_SA_LEN]) -m4trace:configure.ac:226: -2- m4_pattern_allow([^HAVE_SA_LEN$]) -m4trace:configure.ac:226: -2- AH_OUTPUT([HAVE_SA_LEN], [/* Define if struct sockaddr contains sa_len */ -@%:@undef HAVE_SA_LEN]) -m4trace:configure.ac:227: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:318: CHECK_SIGNALS is expanded from... -configure.ac:227: the top level]) -m4trace:configure.ac:227: -2- AC_DEFINE_TRACE_LITERAL([POSIX_SIGNALS]) -m4trace:configure.ac:227: -2- m4_pattern_allow([^POSIX_SIGNALS$]) -m4trace:configure.ac:227: -2- AH_OUTPUT([POSIX_SIGNALS], [/* Define if POSIX signal handling is used */ -@%:@undef POSIX_SIGNALS]) -m4trace:configure.ac:232: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:232: the top level]) -m4trace:configure.ac:235: -1- AC_DEFINE_TRACE_LITERAL([KRBCONF_VAGUE_ERRORS]) -m4trace:configure.ac:235: -1- m4_pattern_allow([^KRBCONF_VAGUE_ERRORS$]) -m4trace:configure.ac:235: -1- AH_OUTPUT([KRBCONF_VAGUE_ERRORS], [/* Define if the KDC should return only vague error codes to clients */ -@%:@undef KRBCONF_VAGUE_ERRORS]) -m4trace:configure.ac:241: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:241: the top level]) -m4trace:configure.ac:248: -1- AC_CONFIG_FILES([plugins/audit/simple/Makefile:$srcdir/./config/pre.in:plugins/audit/simple/Makefile.in:plugins/audit/simple/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:259: -1- AC_SUBST([AUDIT_IMPL_LIBS]) -m4trace:configure.ac:259: -1- AC_SUBST_TRACE([AUDIT_IMPL_LIBS]) -m4trace:configure.ac:259: -1- m4_pattern_allow([^AUDIT_IMPL_LIBS$]) -m4trace:configure.ac:260: -1- AC_SUBST([audit_plugin]) -m4trace:configure.ac:260: -1- AC_SUBST_TRACE([audit_plugin]) -m4trace:configure.ac:260: -1- m4_pattern_allow([^audit_plugin$]) -m4trace:configure.ac:266: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:266: the top level]) -m4trace:configure.ac:274: -1- AH_OUTPUT([HAVE_LIBCRYPTO], [/* Define to 1 if you have the `crypto\' library (-lcrypto). */ -@%:@undef HAVE_LIBCRYPTO]) -m4trace:configure.ac:274: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPTO]) -m4trace:configure.ac:274: -1- m4_pattern_allow([^HAVE_LIBCRYPTO$]) -m4trace:configure.ac:281: -1- AC_SUBST([CRYPTO_IMPL]) -m4trace:configure.ac:281: -1- AC_SUBST_TRACE([CRYPTO_IMPL]) -m4trace:configure.ac:281: -1- m4_pattern_allow([^CRYPTO_IMPL$]) -m4trace:configure.ac:282: -1- AC_SUBST([CRYPTO_IMPL_CFLAGS]) -m4trace:configure.ac:282: -1- AC_SUBST_TRACE([CRYPTO_IMPL_CFLAGS]) -m4trace:configure.ac:282: -1- m4_pattern_allow([^CRYPTO_IMPL_CFLAGS$]) -m4trace:configure.ac:283: -1- AC_SUBST([CRYPTO_IMPL_LIBS]) -m4trace:configure.ac:283: -1- AC_SUBST_TRACE([CRYPTO_IMPL_LIBS]) -m4trace:configure.ac:283: -1- m4_pattern_allow([^CRYPTO_IMPL_LIBS$]) -m4trace:configure.ac:286: -2- AC_DEFINE_TRACE_LITERAL([OSSL_KDFS]) -m4trace:configure.ac:286: -2- m4_pattern_allow([^OSSL_KDFS$]) -m4trace:configure.ac:286: -2- AH_OUTPUT([OSSL_KDFS], [/* Define if using OpenSSL KDFs */ -@%:@undef OSSL_KDFS]) -m4trace:configure.ac:285: -1- AH_OUTPUT([HAVE_EVP_KDF_CTX_NEW_ID], [/* Define to 1 if you have the `EVP_KDF_CTX_new_id\' function. */ -@%:@undef HAVE_EVP_KDF_CTX_NEW_ID]) -m4trace:configure.ac:285: -1- AH_OUTPUT([HAVE_EVP_KDF_CTRL], [/* Define to 1 if you have the `EVP_KDF_ctrl\' function. */ -@%:@undef HAVE_EVP_KDF_CTRL]) -m4trace:configure.ac:285: -1- AH_OUTPUT([HAVE_EVP_KDF_DERIVE], [/* Define to 1 if you have the `EVP_KDF_derive\' function. */ -@%:@undef HAVE_EVP_KDF_DERIVE]) -m4trace:configure.ac:290: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:290: the top level]) -m4trace:configure.ac:295: -1- AC_SUBST([PRNG_ALG]) -m4trace:configure.ac:295: -1- AC_SUBST_TRACE([PRNG_ALG]) -m4trace:configure.ac:295: -1- m4_pattern_allow([^PRNG_ALG$]) -m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([FORTUNA]) -m4trace:configure.ac:297: -1- m4_pattern_allow([^FORTUNA$]) -m4trace:configure.ac:297: -1- AH_OUTPUT([FORTUNA], [/* Define if Fortuna PRNG is selected */ -@%:@undef FORTUNA]) -m4trace:configure.ac:303: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:303: the top level]) -m4trace:configure.ac:312: -1- AC_DEFINE_TRACE_LITERAL([TLS_IMPL_OPENSSL]) -m4trace:configure.ac:312: -1- m4_pattern_allow([^TLS_IMPL_OPENSSL$]) -m4trace:configure.ac:312: -1- AH_OUTPUT([TLS_IMPL_OPENSSL], [/* Define if TLS implementation is OpenSSL */ -@%:@undef TLS_IMPL_OPENSSL]) -m4trace:configure.ac:336: -1- AC_DEFINE_TRACE_LITERAL([TLS_IMPL_NONE]) -m4trace:configure.ac:336: -1- m4_pattern_allow([^TLS_IMPL_NONE$]) -m4trace:configure.ac:336: -1- AH_OUTPUT([TLS_IMPL_NONE], [/* Define if no TLS implementation is selected */ -@%:@undef TLS_IMPL_NONE]) -m4trace:configure.ac:339: -1- AC_SUBST([TLS_IMPL]) -m4trace:configure.ac:339: -1- AC_SUBST_TRACE([TLS_IMPL]) -m4trace:configure.ac:339: -1- m4_pattern_allow([^TLS_IMPL$]) -m4trace:configure.ac:340: -1- AC_SUBST([TLS_IMPL_CFLAGS]) -m4trace:configure.ac:340: -1- AC_SUBST_TRACE([TLS_IMPL_CFLAGS]) -m4trace:configure.ac:340: -1- m4_pattern_allow([^TLS_IMPL_CFLAGS$]) -m4trace:configure.ac:341: -1- AC_SUBST([TLS_IMPL_LIBS]) -m4trace:configure.ac:341: -1- AC_SUBST_TRACE([TLS_IMPL_LIBS]) -m4trace:configure.ac:341: -1- m4_pattern_allow([^TLS_IMPL_LIBS$]) -m4trace:configure.ac:344: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:344: the top level]) -m4trace:configure.ac:348: -1- AH_OUTPUT([HAVE_KEYUTILS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_KEYUTILS_H]) -m4trace:configure.ac:348: -1- AC_DEFINE_TRACE_LITERAL([HAVE_KEYUTILS_H]) -m4trace:configure.ac:348: -1- m4_pattern_allow([^HAVE_KEYUTILS_H$]) -m4trace:configure.ac:351: -1- AC_DEFINE_TRACE_LITERAL([USE_KEYRING_CCACHE]) -m4trace:configure.ac:351: -1- m4_pattern_allow([^USE_KEYRING_CCACHE$]) -m4trace:configure.ac:351: -1- AH_OUTPUT([USE_KEYRING_CCACHE], [/* Define if the keyring ccache should be enabled */ -@%:@undef USE_KEYRING_CCACHE]) -m4trace:configure.ac:355: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PERSISTENT_KEYRING]) -m4trace:configure.ac:355: -1- m4_pattern_allow([^HAVE_PERSISTENT_KEYRING$]) -m4trace:configure.ac:355: -1- AH_OUTPUT([HAVE_PERSISTENT_KEYRING], [/* Define if persistent keyrings are supported */ -@%:@undef HAVE_PERSISTENT_KEYRING]) -m4trace:configure.ac:368: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:368: the top level]) -m4trace:configure.ac:373: -1- AC_DEFINE_TRACE_LITERAL([SPAKE_OPENSSL]) -m4trace:configure.ac:373: -1- m4_pattern_allow([^SPAKE_OPENSSL$]) -m4trace:configure.ac:373: -1- AH_OUTPUT([SPAKE_OPENSSL], [/* Define to use OpenSSL for SPAKE preauth */ -@%:@undef SPAKE_OPENSSL]) -m4trace:configure.ac:380: -1- AC_SUBST([HAVE_SPAKE_OPENSSL]) -m4trace:configure.ac:380: -1- AC_SUBST_TRACE([HAVE_SPAKE_OPENSSL]) -m4trace:configure.ac:380: -1- m4_pattern_allow([^HAVE_SPAKE_OPENSSL$]) -m4trace:configure.ac:381: -1- AC_SUBST([SPAKE_OPENSSL_LIBS]) -m4trace:configure.ac:381: -1- AC_SUBST_TRACE([SPAKE_OPENSSL_LIBS]) -m4trace:configure.ac:381: -1- m4_pattern_allow([^SPAKE_OPENSSL_LIBS$]) -m4trace:configure.ac:384: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:384: the top level]) -m4trace:configure.ac:405: -1- AC_SUBST([YASM]) -m4trace:configure.ac:405: -1- AC_SUBST_TRACE([YASM]) -m4trace:configure.ac:405: -1- m4_pattern_allow([^YASM$]) -m4trace:configure.ac:406: -1- AH_OUTPUT([HAVE_CPUID_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_CPUID_H]) -m4trace:configure.ac:406: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CPUID_H]) -m4trace:configure.ac:406: -1- m4_pattern_allow([^HAVE_CPUID_H$]) -m4trace:configure.ac:410: -1- AC_DEFINE_TRACE_LITERAL([AESNI]) -m4trace:configure.ac:410: -1- m4_pattern_allow([^AESNI$]) -m4trace:configure.ac:410: -1- AH_OUTPUT([AESNI], [/* Define if AES-NI support is enabled */ -@%:@undef AESNI]) -m4trace:configure.ac:418: -1- AC_SUBST([AESNI_OBJ]) -m4trace:configure.ac:418: -1- AC_SUBST_TRACE([AESNI_OBJ]) -m4trace:configure.ac:418: -1- m4_pattern_allow([^AESNI_OBJ$]) -m4trace:configure.ac:419: -1- AC_SUBST([AESNI_FLAGS]) -m4trace:configure.ac:419: -1- AC_SUBST_TRACE([AESNI_FLAGS]) -m4trace:configure.ac:419: -1- m4_pattern_allow([^AESNI_FLAGS$]) -m4trace:configure.ac:422: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:422: the top level]) -m4trace:configure.ac:426: -1- AC_DEFINE_TRACE_LITERAL([NOCACHE]) -m4trace:configure.ac:426: -1- m4_pattern_allow([^NOCACHE$]) -m4trace:configure.ac:426: -1- AH_OUTPUT([NOCACHE], [/* Define if the KDC should use no lookaside cache */ -@%:@undef NOCACHE]) -m4trace:configure.ac:428: -1- AC_SUBST([KRB5_RUN_ENV]) -m4trace:configure.ac:428: -1- AC_SUBST_TRACE([KRB5_RUN_ENV]) -m4trace:configure.ac:428: -1- m4_pattern_allow([^KRB5_RUN_ENV$]) -m4trace:configure.ac:428: -1- AC_SUBST([KRB5_RUN_VARS]) -m4trace:configure.ac:428: -1- AC_SUBST_TRACE([KRB5_RUN_VARS]) -m4trace:configure.ac:428: -1- m4_pattern_allow([^KRB5_RUN_VARS$]) -m4trace:configure.ac:435: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:435: the top level]) -m4trace:configure.ac:448: -1- AC_SUBST([ASAN_FLAGS]) -m4trace:configure.ac:448: -1- AC_SUBST_TRACE([ASAN_FLAGS]) -m4trace:configure.ac:448: -1- m4_pattern_allow([^ASAN_FLAGS$]) -m4trace:configure.ac:449: -1- AC_SUBST([ASAN]) -m4trace:configure.ac:449: -1- AC_SUBST_TRACE([ASAN]) -m4trace:configure.ac:449: -1- m4_pattern_allow([^ASAN$]) -m4trace:configure.ac:451: -1- _m4_warn([obsolete], [The macro `AC_TYPE_SIGNAL' is obsolete. -You should run autoupdate.], [../../lib/autoconf/types.m4:746: AC_TYPE_SIGNAL is expanded from... -configure.ac:451: the top level]) -m4trace:configure.ac:451: -1- AC_DEFINE_TRACE_LITERAL([RETSIGTYPE]) -m4trace:configure.ac:451: -1- m4_pattern_allow([^RETSIGTYPE$]) -m4trace:configure.ac:451: -1- AH_OUTPUT([RETSIGTYPE], [/* Define as the return type of signal handlers (`int\' or `void\'). */ -@%:@undef RETSIGTYPE]) -m4trace:configure.ac:454: -1- AH_OUTPUT([HAVE_STRUCT_SOCKADDR_STORAGE], [/* Define if "struct sockaddr_storage" is available. */ -@%:@undef HAVE_STRUCT_SOCKADDR_STORAGE]) -m4trace:configure.ac:457: -1- AC_CONFIG_HEADERS([include/autoconf.h], [echo timestamp > include/autoconf.stamp]) -m4trace:configure.ac:458: -1- AC_SUBST([LEX]) -m4trace:configure.ac:458: -1- AC_SUBST_TRACE([LEX]) -m4trace:configure.ac:458: -1- m4_pattern_allow([^LEX$]) -m4trace:configure.ac:458: -1- AC_SUBST([LEX_OUTPUT_ROOT], [$ac_cv_prog_lex_root]) -m4trace:configure.ac:458: -1- AC_SUBST_TRACE([LEX_OUTPUT_ROOT]) -m4trace:configure.ac:458: -1- m4_pattern_allow([^LEX_OUTPUT_ROOT$]) -m4trace:configure.ac:458: -1- AC_SUBST([LEXLIB]) -m4trace:configure.ac:458: -1- AC_SUBST_TRACE([LEXLIB]) -m4trace:configure.ac:458: -1- m4_pattern_allow([^LEXLIB$]) -m4trace:configure.ac:458: -1- AC_DEFINE_TRACE_LITERAL([YYTEXT_POINTER]) -m4trace:configure.ac:458: -1- m4_pattern_allow([^YYTEXT_POINTER$]) -m4trace:configure.ac:458: -1- AH_OUTPUT([YYTEXT_POINTER], [/* Define to 1 if `lex\' declares `yytext\' as a `char *\' by default, not a - `char@<:@@:>@\'. */ -@%:@undef YYTEXT_POINTER]) -m4trace:configure.ac:459: -1- AC_DEFINE_TRACE_LITERAL([const]) -m4trace:configure.ac:459: -1- m4_pattern_allow([^const$]) -m4trace:configure.ac:459: -1- AH_OUTPUT([const], [/* Define to empty if `const\' does not conform to ANSI C. */ -@%:@undef const]) -m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_DIRENT_H], [/* Define to 1 if you have the header file, and it defines `DIR\'. - */ -@%:@undef HAVE_DIRENT_H]) -m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_SYS_NDIR_H], [/* Define to 1 if you have the header file, and it defines `DIR\'. - */ -@%:@undef HAVE_SYS_NDIR_H]) -m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_SYS_DIR_H], [/* Define to 1 if you have the header file, and it defines `DIR\'. - */ -@%:@undef HAVE_SYS_DIR_H]) -m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_NDIR_H], [/* Define to 1 if you have the header file, and it defines `DIR\'. */ -@%:@undef HAVE_NDIR_H]) -m4trace:configure.ac:461: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DECL_STRERROR_R]) -m4trace:configure.ac:461: -1- m4_pattern_allow([^HAVE_DECL_STRERROR_R$]) -m4trace:configure.ac:461: -1- AH_OUTPUT([HAVE_DECL_STRERROR_R], [/* Define to 1 if you have the declaration of `strerror_r\', and to 0 if you - don\'t. */ -@%:@undef HAVE_DECL_STRERROR_R]) -m4trace:configure.ac:461: -1- AH_OUTPUT([HAVE_STRERROR_R], [/* Define to 1 if you have the `strerror_r\' function. */ -@%:@undef HAVE_STRERROR_R]) -m4trace:configure.ac:461: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRERROR_R]) -m4trace:configure.ac:461: -1- m4_pattern_allow([^HAVE_STRERROR_R$]) -m4trace:configure.ac:461: -1- AC_DEFINE_TRACE_LITERAL([STRERROR_R_CHAR_P]) -m4trace:configure.ac:461: -1- m4_pattern_allow([^STRERROR_R_CHAR_P$]) -m4trace:configure.ac:461: -1- AH_OUTPUT([STRERROR_R_CHAR_P], [/* Define to 1 if strerror_r returns char *. */ -@%:@undef STRERROR_R_CHAR_P]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_STRDUP], [/* Define to 1 if you have the `strdup\' function. */ -@%:@undef HAVE_STRDUP]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the `setvbuf\' function. */ -@%:@undef HAVE_SETVBUF]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the `seteuid\' function. */ -@%:@undef HAVE_SETEUID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETRESUID], [/* Define to 1 if you have the `setresuid\' function. */ -@%:@undef HAVE_SETRESUID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the `setreuid\' function. */ -@%:@undef HAVE_SETREUID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the `setegid\' function. */ -@%:@undef HAVE_SETEGID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the `setresgid\' function. */ -@%:@undef HAVE_SETRESGID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETREGID], [/* Define to 1 if you have the `setregid\' function. */ -@%:@undef HAVE_SETREGID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the `setsid\' function. */ -@%:@undef HAVE_SETSID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_FLOCK], [/* Define to 1 if you have the `flock\' function. */ -@%:@undef HAVE_FLOCK]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the `fchmod\' function. */ -@%:@undef HAVE_FCHMOD]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_CHMOD], [/* Define to 1 if you have the `chmod\' function. */ -@%:@undef HAVE_CHMOD]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_STRPTIME], [/* Define to 1 if you have the `strptime\' function. */ -@%:@undef HAVE_STRPTIME]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GETEUID], [/* Define to 1 if you have the `geteuid\' function. */ -@%:@undef HAVE_GETEUID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the `setenv\' function. */ -@%:@undef HAVE_SETENV]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_UNSETENV], [/* Define to 1 if you have the `unsetenv\' function. */ -@%:@undef HAVE_UNSETENV]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GETENV], [/* Define to 1 if you have the `getenv\' function. */ -@%:@undef HAVE_GETENV]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GMTIME_R], [/* Define to 1 if you have the `gmtime_r\' function. */ -@%:@undef HAVE_GMTIME_R]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_LOCALTIME_R], [/* Define to 1 if you have the `localtime_r\' function. */ -@%:@undef HAVE_LOCALTIME_R]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_BSWAP16], [/* Define to 1 if you have the `bswap16\' function. */ -@%:@undef HAVE_BSWAP16]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_BSWAP64], [/* Define to 1 if you have the `bswap64\' function. */ -@%:@undef HAVE_BSWAP64]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_MKSTEMP], [/* Define to 1 if you have the `mkstemp\' function. */ -@%:@undef HAVE_MKSTEMP]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GETUSERSHELL], [/* Define to 1 if you have the `getusershell\' function. */ -@%:@undef HAVE_GETUSERSHELL]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_ACCESS], [/* Define to 1 if you have the `access\' function. */ -@%:@undef HAVE_ACCESS]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the `getcwd\' function. */ -@%:@undef HAVE_GETCWD]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SRAND48], [/* Define to 1 if you have the `srand48\' function. */ -@%:@undef HAVE_SRAND48]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SRAND], [/* Define to 1 if you have the `srand\' function. */ -@%:@undef HAVE_SRAND]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_SRANDOM], [/* Define to 1 if you have the `srandom\' function. */ -@%:@undef HAVE_SRANDOM]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_STAT], [/* Define to 1 if you have the `stat\' function. */ -@%:@undef HAVE_STAT]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_STRCHR], [/* Define to 1 if you have the `strchr\' function. */ -@%:@undef HAVE_STRCHR]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the `strerror\' function. */ -@%:@undef HAVE_STRERROR]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_TIMEGM], [/* Define to 1 if you have the `timegm\' function. */ -@%:@undef HAVE_TIMEGM]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_EXPLICIT_BZERO], [/* Define to 1 if you have the `explicit_bzero\' function. */ -@%:@undef HAVE_EXPLICIT_BZERO]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_EXPLICIT_MEMSET], [/* Define to 1 if you have the `explicit_memset\' function. */ -@%:@undef HAVE_EXPLICIT_MEMSET]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GETRESUID], [/* Define to 1 if you have the `getresuid\' function. */ -@%:@undef HAVE_GETRESUID]) -m4trace:configure.ac:462: -1- AH_OUTPUT([HAVE_GETRESGID], [/* Define to 1 if you have the `getresgid\' function. */ -@%:@undef HAVE_GETRESGID]) -m4trace:configure.ac:470: -1- AC_SUBST([MKSTEMP_OBJ]) -m4trace:configure.ac:470: -1- AC_SUBST_TRACE([MKSTEMP_OBJ]) -m4trace:configure.ac:470: -1- m4_pattern_allow([^MKSTEMP_OBJ$]) -m4trace:configure.ac:471: -1- AC_SUBST([MKSTEMP_ST_OBJ]) -m4trace:configure.ac:471: -1- AC_SUBST_TRACE([MKSTEMP_ST_OBJ]) -m4trace:configure.ac:471: -1- m4_pattern_allow([^MKSTEMP_ST_OBJ$]) -m4trace:configure.ac:473: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETTIMEOFDAY]) -m4trace:configure.ac:473: -1- m4_pattern_allow([^HAVE_GETTIMEOFDAY$]) -m4trace:configure.ac:473: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Have the gettimeofday function */ -@%:@undef HAVE_GETTIMEOFDAY]) -m4trace:configure.ac:481: -1- AC_SUBST([GETTIMEOFDAY_OBJ]) -m4trace:configure.ac:481: -1- AC_SUBST_TRACE([GETTIMEOFDAY_OBJ]) -m4trace:configure.ac:481: -1- m4_pattern_allow([^GETTIMEOFDAY_OBJ$]) -m4trace:configure.ac:482: -1- AC_SUBST([GETTIMEOFDAY_ST_OBJ]) -m4trace:configure.ac:482: -1- AC_SUBST_TRACE([GETTIMEOFDAY_ST_OBJ]) -m4trace:configure.ac:482: -1- m4_pattern_allow([^GETTIMEOFDAY_ST_OBJ$]) -m4trace:configure.ac:483: -1- AC_SUBST([EXTRA_SUPPORT_SYMS]) -m4trace:configure.ac:483: -1- AC_SUBST_TRACE([EXTRA_SUPPORT_SYMS]) -m4trace:configure.ac:483: -1- m4_pattern_allow([^EXTRA_SUPPORT_SYMS$]) -m4trace:configure.ac:485: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:244: DECLARE_SYS_ERRLIST is expanded from... -configure.ac:485: the top level]) -m4trace:configure.ac:485: -1- AC_DEFINE_TRACE_LITERAL([SYS_ERRLIST_DECLARED]) -m4trace:configure.ac:485: -1- m4_pattern_allow([^SYS_ERRLIST_DECLARED$]) -m4trace:configure.ac:485: -1- AH_OUTPUT([SYS_ERRLIST_DECLARED], [/* Define if sys_errlist is defined in errno.h */ -@%:@undef SYS_ERRLIST_DECLARED]) -m4trace:configure.ac:485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) -m4trace:configure.ac:485: -1- m4_pattern_allow([^HAVE_SYS_ERRLIST$]) -m4trace:configure.ac:485: -1- AH_OUTPUT([HAVE_SYS_ERRLIST], [/* Define if sys_errlist in libc */ -@%:@undef HAVE_SYS_ERRLIST]) -m4trace:configure.ac:485: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -aclocal.m4:244: DECLARE_SYS_ERRLIST is expanded from... -configure.ac:485: the top level]) -m4trace:configure.ac:485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) -m4trace:configure.ac:485: -1- m4_pattern_allow([^HAVE_SYS_ERRLIST$]) -m4trace:configure.ac:485: -1- AH_OUTPUT([HAVE_SYS_ERRLIST], [/* Define if sys_errlist in libc */ -@%:@undef HAVE_SYS_ERRLIST]) -m4trace:configure.ac:485: -1- AC_DEFINE_TRACE_LITERAL([NEED_SYS_ERRLIST]) -m4trace:configure.ac:485: -1- m4_pattern_allow([^NEED_SYS_ERRLIST$]) -m4trace:configure.ac:485: -1- AH_OUTPUT([NEED_SYS_ERRLIST], [/* Define if need to declare sys_errlist */ -@%:@undef NEED_SYS_ERRLIST]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_UNISTD_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_PATHS_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_REGEX_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_REGEX_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_REGEXPR_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_REGEXPR_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_FCNTL_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_FCNTL_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_MEMORY_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_IFADDRS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_IFADDRS_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_SYS_FILIO_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_FILIO_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_BYTESWAP_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_BYTESWAP_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_MACHINE_ENDIAN_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_MACHINE_ENDIAN_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_MACHINE_BYTE_ORDER_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_MACHINE_BYTE_ORDER_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_SYS_BSWAP_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_BSWAP_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_ENDIAN_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_PWD_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_PWD_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_ARPA_INET_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_ARPA_INET_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_ALLOCA_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_ALLOCA_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_DLFCN_H]) -m4trace:configure.ac:486: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_LIMITS_H]) -m4trace:configure.ac:495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_MTIMENSEC]) -m4trace:configure.ac:495: -1- m4_pattern_allow([^HAVE_STRUCT_STAT_ST_MTIMENSEC$]) -m4trace:configure.ac:495: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_MTIMENSEC], [/* Define to 1 if `st_mtimensec\' is a member of `struct stat\'. */ -@%:@undef HAVE_STRUCT_STAT_ST_MTIMENSEC]) -m4trace:configure.ac:495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC]) -m4trace:configure.ac:495: -1- m4_pattern_allow([^HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC$]) -m4trace:configure.ac:495: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC], [/* Define to 1 if `st_mtimespec.tv_nsec\' is a member of `struct stat\'. */ -@%:@undef HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC]) -m4trace:configure.ac:495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC]) -m4trace:configure.ac:495: -1- m4_pattern_allow([^HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC$]) -m4trace:configure.ac:495: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC], [/* Define to 1 if `st_mtim.tv_nsec\' is a member of `struct stat\'. */ -@%:@undef HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC]) -m4trace:configure.ac:497: -1- AH_OUTPUT([HAVE_RE_COMP], [/* Define to 1 if you have the `re_comp\' function. */ -@%:@undef HAVE_RE_COMP]) -m4trace:configure.ac:497: -1- AH_OUTPUT([HAVE_RE_EXEC], [/* Define to 1 if you have the `re_exec\' function. */ -@%:@undef HAVE_RE_EXEC]) -m4trace:configure.ac:497: -1- AH_OUTPUT([HAVE_REGEXEC], [/* Define to 1 if you have the `regexec\' function. */ -@%:@undef HAVE_REGEXEC]) -m4trace:configure.ac:498: -1- AC_DEFINE_TRACE_LITERAL([off_t]) -m4trace:configure.ac:498: -1- m4_pattern_allow([^off_t$]) -m4trace:configure.ac:498: -1- AH_OUTPUT([off_t], [/* Define to `long int\' if does not define. */ -@%:@undef off_t]) -m4trace:configure.ac:507: -1- AC_DEFINE_TRACE_LITERAL([HDR_HAS_PERROR]) -m4trace:configure.ac:507: -1- m4_pattern_allow([^HDR_HAS_PERROR$]) -m4trace:configure.ac:507: -1- AH_OUTPUT([HDR_HAS_PERROR], [/* Define if errno.h declares perror */ -@%:@undef HDR_HAS_PERROR]) -m4trace:configure.ac:510: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -aclocal.m4:1357: KRB5_NEED_PROTO is expanded from... -configure.ac:510: the top level]) -m4trace:configure.ac:510: -1- AC_DEFINE_TRACE_LITERAL([NEED_STRPTIME_PROTO]) -m4trace:configure.ac:510: -1- m4_pattern_allow([^NEED_STRPTIME_PROTO$]) -m4trace:configure.ac:510: -1- AH_OUTPUT([NEED_STRPTIME_PROTO], [/* define if the system header files are missing prototype for strptime() */ -@%:@undef NEED_STRPTIME_PROTO]) -m4trace:configure.ac:511: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:295: CHECK_WAIT_TYPE is expanded from... -configure.ac:511: the top level]) -m4trace:configure.ac:511: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:295: CHECK_WAIT_TYPE is expanded from... -configure.ac:511: the top level]) -m4trace:configure.ac:511: -1- AC_DEFINE_TRACE_LITERAL([WAIT_USES_INT]) -m4trace:configure.ac:511: -1- m4_pattern_allow([^WAIT_USES_INT$]) -m4trace:configure.ac:511: -1- AH_OUTPUT([WAIT_USES_INT], [/* Define if wait takes int as a argument */ -@%:@undef WAIT_USES_INT]) -m4trace:configure.ac:512: -2- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:271: CHECK_SIGPROCMASK is expanded from... -configure.ac:512: the top level]) -m4trace:configure.ac:512: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:271: CHECK_SIGPROCMASK is expanded from... -configure.ac:512: the top level]) -m4trace:configure.ac:512: -1- AC_DEFINE_TRACE_LITERAL([USE_SIGPROCMASK]) -m4trace:configure.ac:512: -1- m4_pattern_allow([^USE_SIGPROCMASK$]) -m4trace:configure.ac:512: -1- AH_OUTPUT([USE_SIGPROCMASK], [/* Define if sigprocmask should be used */ -@%:@undef USE_SIGPROCMASK]) -m4trace:configure.ac:513: -1- AC_DEFINE_TRACE_LITERAL([uid_t]) -m4trace:configure.ac:513: -1- m4_pattern_allow([^uid_t$]) -m4trace:configure.ac:513: -1- AH_OUTPUT([uid_t], [/* Define to `int\' if doesn\'t define. */ -@%:@undef uid_t]) -m4trace:configure.ac:513: -1- AC_DEFINE_TRACE_LITERAL([gid_t]) -m4trace:configure.ac:513: -1- m4_pattern_allow([^gid_t$]) -m4trace:configure.ac:513: -1- AH_OUTPUT([gid_t], [/* Define to `int\' if doesn\'t define. */ -@%:@undef gid_t]) -m4trace:configure.ac:513: -1- AC_DEFINE_TRACE_LITERAL([GETGROUPS_T]) -m4trace:configure.ac:513: -1- m4_pattern_allow([^GETGROUPS_T$]) -m4trace:configure.ac:513: -1- AH_OUTPUT([GETGROUPS_T], [/* Define to the type of elements in the array set by `getgroups\'. Usually - this is either `int\' or `gid_t\'. */ -@%:@undef GETGROUPS_T]) -m4trace:configure.ac:514: -2- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:362: CHECK_SETJMP is expanded from... -configure.ac:514: the top level]) -m4trace:configure.ac:514: -2- AC_DEFINE_TRACE_LITERAL([POSIX_SETJMP]) -m4trace:configure.ac:514: -2- m4_pattern_allow([^POSIX_SETJMP$]) -m4trace:configure.ac:514: -2- AH_OUTPUT([POSIX_SETJMP], [/* Define if setjmp indicates POSIX interface */ -@%:@undef POSIX_SETJMP]) -m4trace:configure.ac:519: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:519: the top level]) -m4trace:configure.ac:527: -1- AC_DEFINE_TRACE_LITERAL([SETRPCENT_TYPE]) -m4trace:configure.ac:527: -1- m4_pattern_allow([^SETRPCENT_TYPE$]) -m4trace:configure.ac:527: -1- AH_OUTPUT([SETRPCENT_TYPE], [/* Define as return type of setrpcent */ -@%:@undef SETRPCENT_TYPE]) -m4trace:configure.ac:530: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:530: the top level]) -m4trace:configure.ac:538: -1- AC_DEFINE_TRACE_LITERAL([ENDRPCENT_TYPE]) -m4trace:configure.ac:538: -1- m4_pattern_allow([^ENDRPCENT_TYPE$]) -m4trace:configure.ac:538: -1- AH_OUTPUT([ENDRPCENT_TYPE], [/* Define as return type of endrpcent */ -@%:@undef ENDRPCENT_TYPE]) -m4trace:configure.ac:543: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:543: the top level]) -m4trace:configure.ac:549: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BSWAP_16]) -m4trace:configure.ac:549: -1- m4_pattern_allow([^HAVE_BSWAP_16$]) -m4trace:configure.ac:549: -1- AH_OUTPUT([HAVE_BSWAP_16], [/* Define to 1 if bswap_16 is available via byteswap.h */ -@%:@undef HAVE_BSWAP_16]) -m4trace:configure.ac:552: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:552: the top level]) -m4trace:configure.ac:558: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BSWAP_64]) -m4trace:configure.ac:558: -1- m4_pattern_allow([^HAVE_BSWAP_64$]) -m4trace:configure.ac:558: -1- AH_OUTPUT([HAVE_BSWAP_64], [/* Define to 1 if bswap_64 is available via byteswap.h */ -@%:@undef HAVE_BSWAP_64]) -m4trace:configure.ac:566: -2- AC_DEFINE_TRACE_LITERAL([HAVE_SETLUID]) -m4trace:configure.ac:566: -2- m4_pattern_allow([^HAVE_SETLUID$]) -m4trace:configure.ac:566: -2- AH_OUTPUT([HAVE_SETLUID], [/* Define if setluid provided in OSF/1 security library */ -@%:@undef HAVE_SETLUID]) -m4trace:configure.ac:571: -1- AC_SUBST([KSU_LIBS]) -m4trace:configure.ac:571: -1- AC_SUBST_TRACE([KSU_LIBS]) -m4trace:configure.ac:571: -1- m4_pattern_allow([^KSU_LIBS$]) -m4trace:configure.ac:579: -1- AC_SUBST([SETENVOBJ]) -m4trace:configure.ac:579: -1- AC_SUBST_TRACE([SETENVOBJ]) -m4trace:configure.ac:579: -1- m4_pattern_allow([^SETENVOBJ$]) -m4trace:configure.ac:583: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/functions.m4:59: AC_CHECK_FUNC is expanded from... -configure.ac:583: the top level]) -m4trace:configure.ac:583: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/functions.m4:59: AC_CHECK_FUNC is expanded from... -configure.ac:583: the top level]) -m4trace:configure.ac:583: -1- AC_DEFINE_TRACE_LITERAL([GETHOSTBYNAME_R_RETURNS_INT]) -m4trace:configure.ac:583: -1- m4_pattern_allow([^GETHOSTBYNAME_R_RETURNS_INT$]) -m4trace:configure.ac:583: -1- AH_OUTPUT([GETHOSTBYNAME_R_RETURNS_INT], [/* Define if gethostbyname_r returns int rather than struct hostent * */ -@%:@undef GETHOSTBYNAME_R_RETURNS_INT]) -m4trace:configure.ac:583: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETHOSTBYNAME_R]) -m4trace:configure.ac:583: -1- m4_pattern_allow([^HAVE_GETHOSTBYNAME_R$]) -m4trace:configure.ac:583: -1- AH_OUTPUT([HAVE_GETHOSTBYNAME_R], [/* Define if gethostbyname_r exists and its return type is known */ -@%:@undef HAVE_GETHOSTBYNAME_R]) -m4trace:configure.ac:625: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:625: the top level]) -m4trace:configure.ac:625: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:625: the top level]) -m4trace:configure.ac:639: -1- AC_DEFINE_TRACE_LITERAL([GETPWNAM_R_RETURNS_INT]) -m4trace:configure.ac:639: -1- m4_pattern_allow([^GETPWNAM_R_RETURNS_INT$]) -m4trace:configure.ac:639: -1- AH_OUTPUT([GETPWNAM_R_RETURNS_INT], [/* Define if getpwnam_r returns an int */ -@%:@undef GETPWNAM_R_RETURNS_INT]) -m4trace:configure.ac:647: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:647: the top level]) -m4trace:configure.ac:647: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:647: the top level]) -m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPWNAM_R]) -m4trace:configure.ac:664: -1- m4_pattern_allow([^HAVE_GETPWNAM_R$]) -m4trace:configure.ac:664: -1- AH_OUTPUT([HAVE_GETPWNAM_R], [/* Define if getpwnam_r is available and useful. */ -@%:@undef HAVE_GETPWNAM_R]) -m4trace:configure.ac:666: -1- AC_DEFINE_TRACE_LITERAL([GETPWNAM_R_4_ARGS]) -m4trace:configure.ac:666: -1- m4_pattern_allow([^GETPWNAM_R_4_ARGS$]) -m4trace:configure.ac:666: -1- AH_OUTPUT([GETPWNAM_R_4_ARGS], [/* Define if getpwnam_r exists but takes only 4 arguments (e.g., POSIX draft 6 - implementations like some Solaris releases). */ -@%:@undef GETPWNAM_R_4_ARGS]) -m4trace:configure.ac:680: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPWUID_R]) -m4trace:configure.ac:680: -1- m4_pattern_allow([^HAVE_GETPWUID_R$]) -m4trace:configure.ac:680: -1- AH_OUTPUT([HAVE_GETPWUID_R], [/* Define if getpwuid_r is available and useful. */ -@%:@undef HAVE_GETPWUID_R]) -m4trace:configure.ac:683: -1- AC_DEFINE_TRACE_LITERAL([GETPWUID_R_4_ARGS]) -m4trace:configure.ac:683: -1- m4_pattern_allow([^GETPWUID_R_4_ARGS$]) -m4trace:configure.ac:683: -1- AH_OUTPUT([GETPWUID_R_4_ARGS], [/* Define if getpwuid_r exists but takes only 4 arguments (e.g., POSIX draft 6 - implementations like some Solaris releases). */ -@%:@undef GETPWUID_R_4_ARGS]) -m4trace:configure.ac:689: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:689: the top level]) -m4trace:configure.ac:689: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:689: the top level]) -m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([GMTIME_R_RETURNS_INT]) -m4trace:configure.ac:705: -1- m4_pattern_allow([^GMTIME_R_RETURNS_INT$]) -m4trace:configure.ac:705: -1- AH_OUTPUT([GMTIME_R_RETURNS_INT], [/* Define if gmtime_r returns int instead of struct tm pointer, as on old - HP-UX systems. */ -@%:@undef GMTIME_R_RETURNS_INT]) -m4trace:configure.ac:710: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/functions.m4:59: AC_CHECK_FUNC is expanded from... -configure.ac:710: the top level]) -m4trace:configure.ac:710: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/functions.m4:59: AC_CHECK_FUNC is expanded from... -configure.ac:710: the top level]) -m4trace:configure.ac:710: -1- AC_DEFINE_TRACE_LITERAL([GETSERVBYNAME_R_RETURNS_INT]) -m4trace:configure.ac:710: -1- m4_pattern_allow([^GETSERVBYNAME_R_RETURNS_INT$]) -m4trace:configure.ac:710: -1- AH_OUTPUT([GETSERVBYNAME_R_RETURNS_INT], [/* Define if getservbyname_r returns int rather than struct servent * */ -@%:@undef GETSERVBYNAME_R_RETURNS_INT]) -m4trace:configure.ac:710: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETSERVBYNAME_R]) -m4trace:configure.ac:710: -1- m4_pattern_allow([^HAVE_GETSERVBYNAME_R$]) -m4trace:configure.ac:710: -1- AH_OUTPUT([HAVE_GETSERVBYNAME_R], [/* Define if getservbyname_r exists and its return type is known */ -@%:@undef HAVE_GETSERVBYNAME_R]) -m4trace:configure.ac:743: -1- AC_DEFINE_TRACE_LITERAL([NO_YYLINENO]) -m4trace:configure.ac:743: -1- m4_pattern_allow([^NO_YYLINENO$]) -m4trace:configure.ac:743: -1- AH_OUTPUT([NO_YYLINENO], [/* Define if lex produes code with yylineno */ -@%:@undef NO_YYLINENO]) -m4trace:configure.ac:744: -2- AC_DEFINE_TRACE_LITERAL([USE_DIRENT_H]) -m4trace:configure.ac:744: -2- m4_pattern_allow([^USE_DIRENT_H$]) -m4trace:configure.ac:744: -2- AH_OUTPUT([USE_DIRENT_H], [/* Define if you have dirent.h functionality */ -@%:@undef USE_DIRENT_H]) -m4trace:configure.ac:745: -1- AC_DEFINE_TRACE_LITERAL([uid_t]) -m4trace:configure.ac:745: -1- m4_pattern_allow([^uid_t$]) -m4trace:configure.ac:745: -1- AH_OUTPUT([uid_t], [/* Define to `int\' if doesn\'t define. */ -@%:@undef uid_t]) -m4trace:configure.ac:745: -1- AC_DEFINE_TRACE_LITERAL([gid_t]) -m4trace:configure.ac:745: -1- m4_pattern_allow([^gid_t$]) -m4trace:configure.ac:745: -1- AH_OUTPUT([gid_t], [/* Define to `int\' if doesn\'t define. */ -@%:@undef gid_t]) -m4trace:configure.ac:747: -2- AC_DEFINE_TRACE_LITERAL([POSIX_TERMIOS]) -m4trace:configure.ac:747: -2- m4_pattern_allow([^POSIX_TERMIOS$]) -m4trace:configure.ac:747: -2- AH_OUTPUT([POSIX_TERMIOS], [/* Define if termios.h exists and tcsetattr exists */ -@%:@undef POSIX_TERMIOS]) -m4trace:configure.ac:751: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -aclocal.m4:335: KRB5_SIGTYPE is expanded from... -configure.ac:751: the top level]) -m4trace:configure.ac:751: -1- AC_DEFINE_TRACE_LITERAL([POSIX_SIGTYPE]) -m4trace:configure.ac:751: -1- m4_pattern_allow([^POSIX_SIGTYPE$]) -m4trace:configure.ac:751: -1- AH_OUTPUT([POSIX_SIGTYPE], [/* Define if POSIX signal handlers are used */ -@%:@undef POSIX_SIGTYPE]) -m4trace:configure.ac:751: -1- AC_DEFINE_TRACE_LITERAL([krb5_sigtype]) -m4trace:configure.ac:751: -1- m4_pattern_allow([^krb5_sigtype$]) -m4trace:configure.ac:751: -1- AH_OUTPUT([krb5_sigtype], [/* Define krb5_sigtype to type of signal handler */ -@%:@undef krb5_sigtype]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_POLL_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_POLL_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STDLIB_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STRING_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_STDDEF_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_TYPES_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_FILE_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_FILE_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_PARAM_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_PARAM_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_STAT_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_TIME_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_NETINET_IN_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_NETINET_IN_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_UIO_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_UIO_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_FILIO_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_FILIO_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_SELECT_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_TIME_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_PATHS_H]) -m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_ERRNO_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_ERRNO_H]) -m4trace:configure.ac:757: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2687: AC_TRY_LINK is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -configure.ac:757: the top level]) -m4trace:configure.ac:772: -1- AC_DEFINE_TRACE_LITERAL([NEED_INSIXADDR_ANY]) -m4trace:configure.ac:772: -1- m4_pattern_allow([^NEED_INSIXADDR_ANY$]) -m4trace:configure.ac:772: -1- AH_OUTPUT([NEED_INSIXADDR_ANY], [/* Define if in6addr_any is not defined in libc */ -@%:@undef NEED_INSIXADDR_ANY]) -m4trace:configure.ac:778: -1- AC_DEFINE_TRACE_LITERAL([TIME_WITH_SYS_TIME]) -m4trace:configure.ac:778: -1- m4_pattern_allow([^TIME_WITH_SYS_TIME$]) -m4trace:configure.ac:778: -1- AH_OUTPUT([TIME_WITH_SYS_TIME], [/* Define to 1 if you can safely include both and . */ -@%:@undef TIME_WITH_SYS_TIME]) -m4trace:configure.ac:779: -1- AC_DEFINE_TRACE_LITERAL([time_t]) -m4trace:configure.ac:779: -1- m4_pattern_allow([^time_t$]) -m4trace:configure.ac:779: -1- AH_OUTPUT([time_t], [/* Define to `long\' if does not define. */ -@%:@undef time_t]) -m4trace:configure.ac:780: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_TIME_T]) -m4trace:configure.ac:780: -1- m4_pattern_allow([^SIZEOF_TIME_T$]) -m4trace:configure.ac:780: -1- AH_OUTPUT([SIZEOF_TIME_T], [/* The size of `time_t\', as computed by sizeof. */ -@%:@undef SIZEOF_TIME_T]) -m4trace:configure.ac:782: -1- AC_SUBST([SIZEOF_TIME_T]) -m4trace:configure.ac:782: -1- AC_SUBST_TRACE([SIZEOF_TIME_T]) -m4trace:configure.ac:782: -1- m4_pattern_allow([^SIZEOF_TIME_T$]) -m4trace:configure.ac:800: -1- AC_SUBST([KRB5_RCTMPDIR]) -m4trace:configure.ac:800: -1- AC_SUBST_TRACE([KRB5_RCTMPDIR]) -m4trace:configure.ac:800: -1- m4_pattern_allow([^KRB5_RCTMPDIR$]) -m4trace:configure.ac:804: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:804: the top level]) -m4trace:configure.ac:812: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SOCKLEN_T]) -m4trace:configure.ac:812: -1- m4_pattern_allow([^HAVE_SOCKLEN_T$]) -m4trace:configure.ac:812: -1- AH_OUTPUT([HAVE_SOCKLEN_T], [/* Define if there is a socklen_t type. If not, probably use size_t */ -@%:@undef HAVE_SOCKLEN_T]) -m4trace:configure.ac:816: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:816: the top level]) -m4trace:configure.ac:824: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_LIFCONF]) -m4trace:configure.ac:824: -1- m4_pattern_allow([^HAVE_STRUCT_LIFCONF$]) -m4trace:configure.ac:824: -1- AH_OUTPUT([HAVE_STRUCT_LIFCONF], [/* Define if there is a struct lifconf. */ -@%:@undef HAVE_STRUCT_LIFCONF]) -m4trace:configure.ac:828: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:828: the top level]) -m4trace:configure.ac:837: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IF_LADDRCONF]) -m4trace:configure.ac:837: -1- m4_pattern_allow([^HAVE_STRUCT_IF_LADDRCONF$]) -m4trace:configure.ac:837: -1- AH_OUTPUT([HAVE_STRUCT_IF_LADDRCONF], [/* Define if there is a struct if_laddrconf. */ -@%:@undef HAVE_STRUCT_IF_LADDRCONF]) -m4trace:configure.ac:842: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:842: the top level]) -m4trace:configure.ac:849: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NETDB_H_H_ERRNO]) -m4trace:configure.ac:849: -1- m4_pattern_allow([^HAVE_NETDB_H_H_ERRNO$]) -m4trace:configure.ac:849: -1- AH_OUTPUT([HAVE_NETDB_H_H_ERRNO], [/* Define if netdb.h declares h_errno */ -@%:@undef HAVE_NETDB_H_H_ERRNO]) -m4trace:configure.ac:856: -2- AC_DEFINE_TRACE_LITERAL([KRB5_ATHENA_COMPAT]) -m4trace:configure.ac:856: -2- m4_pattern_allow([^KRB5_ATHENA_COMPAT$]) -m4trace:configure.ac:856: -2- AH_OUTPUT([KRB5_ATHENA_COMPAT], [/* Define if MIT Project Athena default configuration should be used */ -@%:@undef KRB5_ATHENA_COMPAT]) -m4trace:configure.ac:859: -1- AH_OUTPUT([inline], [/* Define to `__inline__\' or `__inline\' if that\'s what the C compiler - calls it, or to nothing if \'inline\' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif]) -m4trace:configure.ac:860: -1- AH_OUTPUT([00001], [ -#ifndef KRB5_AUTOCONF_H -#define KRB5_AUTOCONF_H -]) -m4trace:configure.ac:864: -1- AH_OUTPUT([zzzz2], [ -#if defined(__GNUC__) && !defined(inline) -/* Silence gcc pedantic warnings about ANSI C. */ -# define inline __inline__ -#endif -#endif /* KRB5_AUTOCONF_H */ -]) -m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_CMSGHDR]) -m4trace:configure.ac:872: -1- m4_pattern_allow([^HAVE_STRUCT_CMSGHDR$]) -m4trace:configure.ac:872: -1- AH_OUTPUT([HAVE_STRUCT_CMSGHDR], [/* Define to 1 if the system has the type `struct cmsghdr\'. */ -@%:@undef HAVE_STRUCT_CMSGHDR]) -m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN_PKTINFO]) -m4trace:configure.ac:872: -1- m4_pattern_allow([^HAVE_STRUCT_IN_PKTINFO$]) -m4trace:configure.ac:872: -1- AH_OUTPUT([HAVE_STRUCT_IN_PKTINFO], [/* Define to 1 if the system has the type `struct in_pktinfo\'. */ -@%:@undef HAVE_STRUCT_IN_PKTINFO]) -m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_PKTINFO]) -m4trace:configure.ac:872: -1- m4_pattern_allow([^HAVE_STRUCT_IN6_PKTINFO$]) -m4trace:configure.ac:872: -1- AH_OUTPUT([HAVE_STRUCT_IN6_PKTINFO], [/* Define to 1 if the system has the type `struct in6_pktinfo\'. */ -@%:@undef HAVE_STRUCT_IN6_PKTINFO]) -m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) -m4trace:configure.ac:872: -1- m4_pattern_allow([^HAVE_STRUCT_SOCKADDR_STORAGE$]) -m4trace:configure.ac:872: -1- AH_OUTPUT([HAVE_STRUCT_SOCKADDR_STORAGE], [/* Define to 1 if the system has the type `struct sockaddr_storage\'. */ -@%:@undef HAVE_STRUCT_SOCKADDR_STORAGE]) -m4trace:configure.ac:877: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_RT_MSGHDR]) -m4trace:configure.ac:877: -1- m4_pattern_allow([^HAVE_STRUCT_RT_MSGHDR$]) -m4trace:configure.ac:877: -1- AH_OUTPUT([HAVE_STRUCT_RT_MSGHDR], [/* Define to 1 if the system has the type `struct rt_msghdr\'. */ -@%:@undef HAVE_STRUCT_RT_MSGHDR]) -m4trace:configure.ac:884: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SIZE_T]) -m4trace:configure.ac:884: -1- m4_pattern_allow([^SIZEOF_SIZE_T$]) -m4trace:configure.ac:884: -1- AH_OUTPUT([SIZEOF_SIZE_T], [/* The size of `size_t\', as computed by sizeof. */ -@%:@undef SIZEOF_SIZE_T]) -m4trace:configure.ac:885: -1- AC_DEFINE_TRACE_LITERAL([HAVE___INT128_T]) -m4trace:configure.ac:885: -1- m4_pattern_allow([^HAVE___INT128_T$]) -m4trace:configure.ac:885: -1- AH_OUTPUT([HAVE___INT128_T], [/* Define to 1 if the system has the type `__int128_t\'. */ -@%:@undef HAVE___INT128_T]) -m4trace:configure.ac:885: -1- AC_DEFINE_TRACE_LITERAL([HAVE___UINT128_T]) -m4trace:configure.ac:885: -1- m4_pattern_allow([^HAVE___UINT128_T$]) -m4trace:configure.ac:885: -1- AH_OUTPUT([HAVE___UINT128_T], [/* Define to 1 if the system has the type `__uint128_t\'. */ -@%:@undef HAVE___UINT128_T]) -m4trace:configure.ac:892: -1- AC_SUBST([DO_TCL]) -m4trace:configure.ac:892: -1- AC_SUBST_TRACE([DO_TCL]) -m4trace:configure.ac:892: -1- m4_pattern_allow([^DO_TCL$]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_SSIZE_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_SSIZE_T], [/* Define to 1 if the system has the type `ssize_t\'. */ -@%:@undef HAVE_SSIZE_T]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_U_CHAR$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_U_CHAR], [/* Define to 1 if the system has the type `u_char\'. */ -@%:@undef HAVE_U_CHAR]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_U_INT$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_U_INT], [/* Define to 1 if the system has the type `u_int\'. */ -@%:@undef HAVE_U_INT]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_LONG]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_U_LONG$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_U_LONG], [/* Define to 1 if the system has the type `u_long\'. */ -@%:@undef HAVE_U_LONG]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT8_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_U_INT8_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_U_INT8_T], [/* Define to 1 if the system has the type `u_int8_t\'. */ -@%:@undef HAVE_U_INT8_T]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT16_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_U_INT16_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_U_INT16_T], [/* Define to 1 if the system has the type `u_int16_t\'. */ -@%:@undef HAVE_U_INT16_T]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT32_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_U_INT32_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_U_INT32_T], [/* Define to 1 if the system has the type `u_int32_t\'. */ -@%:@undef HAVE_U_INT32_T]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT8_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_INT8_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_INT8_T], [/* Define to 1 if the system has the type `int8_t\'. */ -@%:@undef HAVE_INT8_T]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT16_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_INT16_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_INT16_T], [/* Define to 1 if the system has the type `int16_t\'. */ -@%:@undef HAVE_INT16_T]) -m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT32_T]) -m4trace:configure.ac:896: -1- m4_pattern_allow([^HAVE_INT32_T$]) -m4trace:configure.ac:896: -1- AH_OUTPUT([HAVE_INT32_T], [/* Define to 1 if the system has the type `int32_t\'. */ -@%:@undef HAVE_INT32_T]) -m4trace:configure.ac:900: -1- AC_SUBST([SH]) -m4trace:configure.ac:900: -1- AC_SUBST_TRACE([SH]) -m4trace:configure.ac:900: -1- m4_pattern_allow([^SH$]) -m4trace:configure.ac:901: -1- AC_SUBST([SH5]) -m4trace:configure.ac:901: -1- AC_SUBST_TRACE([SH5]) -m4trace:configure.ac:901: -1- m4_pattern_allow([^SH5$]) -m4trace:configure.ac:902: -1- AC_SUBST([BASH]) -m4trace:configure.ac:902: -1- AC_SUBST_TRACE([BASH]) -m4trace:configure.ac:902: -1- m4_pattern_allow([^BASH$]) -m4trace:configure.ac:913: -1- AC_SUBST([FCTSH]) -m4trace:configure.ac:913: -1- AC_SUBST_TRACE([FCTSH]) -m4trace:configure.ac:913: -1- m4_pattern_allow([^FCTSH$]) -m4trace:configure.ac:919: -1- _m4_warn([obsolete], [The macro `AC_TRY_RUN' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2764: AC_TRY_RUN is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:919: the top level]) -m4trace:configure.ac:942: -1- AC_SUBST([DIG]) -m4trace:configure.ac:942: -1- AC_SUBST_TRACE([DIG]) -m4trace:configure.ac:942: -1- m4_pattern_allow([^DIG$]) -m4trace:configure.ac:943: -1- AC_SUBST([NSLOOKUP]) -m4trace:configure.ac:943: -1- AC_SUBST_TRACE([NSLOOKUP]) -m4trace:configure.ac:943: -1- m4_pattern_allow([^NSLOOKUP$]) -m4trace:configure.ac:947: -1- AC_SUBST([YACC]) -m4trace:configure.ac:947: -1- AC_SUBST_TRACE([YACC]) -m4trace:configure.ac:947: -1- m4_pattern_allow([^YACC$]) -m4trace:configure.ac:947: -1- AC_SUBST([YACC]) -m4trace:configure.ac:947: -1- AC_SUBST_TRACE([YACC]) -m4trace:configure.ac:947: -1- m4_pattern_allow([^YACC$]) -m4trace:configure.ac:947: -1- AC_SUBST([YFLAGS]) -m4trace:configure.ac:947: -1- AC_SUBST_TRACE([YFLAGS]) -m4trace:configure.ac:947: -1- m4_pattern_allow([^YFLAGS$]) -m4trace:configure.ac:954: -1- AC_SUBST([have_RUNTEST]) -m4trace:configure.ac:954: -1- AC_SUBST_TRACE([have_RUNTEST]) -m4trace:configure.ac:954: -1- m4_pattern_allow([^have_RUNTEST$]) -m4trace:configure.ac:955: -1- AC_SUBST([have_PERL]) -m4trace:configure.ac:955: -1- AC_SUBST_TRACE([have_PERL]) -m4trace:configure.ac:955: -1- m4_pattern_allow([^have_PERL$]) -m4trace:configure.ac:959: -1- AC_SUBST([DO_TEST]) -m4trace:configure.ac:959: -1- AC_SUBST_TRACE([DO_TEST]) -m4trace:configure.ac:959: -1- m4_pattern_allow([^DO_TEST$]) -m4trace:configure.ac:963: -1- AC_SUBST([RBUILD]) -m4trace:configure.ac:963: -1- AC_SUBST_TRACE([RBUILD]) -m4trace:configure.ac:963: -1- m4_pattern_allow([^RBUILD$]) -m4trace:configure.ac:968: -1- AC_SUBST([S_TOP]) -m4trace:configure.ac:968: -1- AC_SUBST_TRACE([S_TOP]) -m4trace:configure.ac:968: -1- m4_pattern_allow([^S_TOP$]) -m4trace:configure.ac:969: -1- AC_SUBST([EXPECT]) -m4trace:configure.ac:969: -1- AC_SUBST_TRACE([EXPECT]) -m4trace:configure.ac:969: -1- m4_pattern_allow([^EXPECT$]) -m4trace:configure.ac:974: -1- AC_SUBST([DO_ALL]) -m4trace:configure.ac:974: -1- AC_SUBST_TRACE([DO_ALL]) -m4trace:configure.ac:974: -1- m4_pattern_allow([^DO_ALL$]) -m4trace:configure.ac:975: -1- AC_SUBST([PRIOCNTL_HACK]) -m4trace:configure.ac:975: -1- AC_SUBST_TRACE([PRIOCNTL_HACK]) -m4trace:configure.ac:975: -1- m4_pattern_allow([^PRIOCNTL_HACK$]) -m4trace:configure.ac:976: -1- AC_CONFIG_FILES([kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin]) -m4trace:configure.ac:978: -1- AC_SUBST([RUNTEST]) -m4trace:configure.ac:978: -1- AC_SUBST_TRACE([RUNTEST]) -m4trace:configure.ac:978: -1- m4_pattern_allow([^RUNTEST$]) -m4trace:configure.ac:979: -1- AC_SUBST([PERL]) -m4trace:configure.ac:979: -1- AC_SUBST_TRACE([PERL]) -m4trace:configure.ac:979: -1- m4_pattern_allow([^PERL$]) -m4trace:configure.ac:985: -1- AC_SUBST([include_xom]) -m4trace:configure.ac:985: -1- AC_SUBST_TRACE([include_xom]) -m4trace:configure.ac:985: -1- m4_pattern_allow([^include_xom$]) -m4trace:configure.ac:1005: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -configure.ac:1005: the top level]) -m4trace:configure.ac:1005: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2590: _AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2606: AC_COMPILE_IFELSE is expanded from... -../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -configure.ac:1005: the top level]) -m4trace:configure.ac:1018: -1- AC_SUBST([rpcent_define]) -m4trace:configure.ac:1018: -1- AC_SUBST_TRACE([rpcent_define]) -m4trace:configure.ac:1018: -1- m4_pattern_allow([^rpcent_define$]) -m4trace:configure.ac:1020: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_SELECT_H]) -m4trace:configure.ac:1020: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SYS_TIME_H]) -m4trace:configure.ac:1020: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_UNISTD_H]) -m4trace:configure.ac:1026: -1- AC_SUBST([GSSRPC__SYS_SELECT_H]) -m4trace:configure.ac:1026: -1- AC_SUBST_TRACE([GSSRPC__SYS_SELECT_H]) -m4trace:configure.ac:1026: -1- m4_pattern_allow([^GSSRPC__SYS_SELECT_H$]) -m4trace:configure.ac:1032: -1- AC_SUBST([GSSRPC__SYS_TIME_H]) -m4trace:configure.ac:1032: -1- AC_SUBST_TRACE([GSSRPC__SYS_TIME_H]) -m4trace:configure.ac:1032: -1- m4_pattern_allow([^GSSRPC__SYS_TIME_H$]) -m4trace:configure.ac:1038: -1- AC_SUBST([GSSRPC__UNISTD_H]) -m4trace:configure.ac:1038: -1- AC_SUBST_TRACE([GSSRPC__UNISTD_H]) -m4trace:configure.ac:1038: -1- m4_pattern_allow([^GSSRPC__UNISTD_H$]) -m4trace:configure.ac:1040: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -configure.ac:1040: the top level]) -m4trace:configure.ac:1046: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -configure.ac:1046: the top level]) -m4trace:configure.ac:1064: -1- AC_SUBST([GSSRPC__SYS_PARAM_H]) -m4trace:configure.ac:1064: -1- AC_SUBST_TRACE([GSSRPC__SYS_PARAM_H]) -m4trace:configure.ac:1064: -1- m4_pattern_allow([^GSSRPC__SYS_PARAM_H$]) -m4trace:configure.ac:1065: -1- AC_SUBST([GSSRPC__NETDB_H]) -m4trace:configure.ac:1065: -1- AC_SUBST_TRACE([GSSRPC__NETDB_H]) -m4trace:configure.ac:1065: -1- m4_pattern_allow([^GSSRPC__NETDB_H$]) -m4trace:configure.ac:1067: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -../../lib/autoconf/general.m4:2052: AC_CACHE_CHECK is expanded from... -configure.ac:1067: the top level]) -m4trace:configure.ac:1081: -1- AC_SUBST([GSSRPC__BSD_TYPEALIASES]) -m4trace:configure.ac:1081: -1- AC_SUBST_TRACE([GSSRPC__BSD_TYPEALIASES]) -m4trace:configure.ac:1081: -1- m4_pattern_allow([^GSSRPC__BSD_TYPEALIASES$]) -m4trace:configure.ac:1084: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:1084: the top level]) -m4trace:configure.ac:1092: -1- AC_DEFINE_TRACE_LITERAL([SETRPCENT_TYPE]) -m4trace:configure.ac:1092: -1- m4_pattern_allow([^SETRPCENT_TYPE$]) -m4trace:configure.ac:1092: -1- AH_OUTPUT([SETRPCENT_TYPE], [/* Define as return type of setrpcent */ -@%:@undef SETRPCENT_TYPE]) -m4trace:configure.ac:1095: -1- _m4_warn([obsolete], [The macro `AC_TRY_COMPILE' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:2614: AC_TRY_COMPILE is expanded from... -../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... -../../lib/autoconf/general.m4:2031: AC_CACHE_VAL is expanded from... -configure.ac:1095: the top level]) -m4trace:configure.ac:1103: -1- AC_DEFINE_TRACE_LITERAL([ENDRPCENT_TYPE]) -m4trace:configure.ac:1103: -1- m4_pattern_allow([^ENDRPCENT_TYPE$]) -m4trace:configure.ac:1103: -1- AH_OUTPUT([ENDRPCENT_TYPE], [/* Define as return type of endrpcent */ -@%:@undef ENDRPCENT_TYPE]) -m4trace:configure.ac:1104: -1- AC_CONFIG_FILES([include/gssrpc/types.h:include/gssrpc/types.hin]) -m4trace:configure.ac:1106: -1- AC_SUBST([PASS]) -m4trace:configure.ac:1106: -1- AC_SUBST_TRACE([PASS]) -m4trace:configure.ac:1106: -1- m4_pattern_allow([^PASS$]) -m4trace:configure.ac:1121: -1- AH_OUTPUT([HAVE_LIBCRYPTO], [/* Define to 1 if you have the `crypto\' library (-lcrypto). */ -@%:@undef HAVE_LIBCRYPTO]) -m4trace:configure.ac:1121: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPTO]) -m4trace:configure.ac:1121: -1- m4_pattern_allow([^HAVE_LIBCRYPTO$]) -m4trace:configure.ac:1125: -1- AC_CONFIG_FILES([plugins/preauth/pkinit/Makefile:$srcdir/./config/pre.in:plugins/preauth/pkinit/Makefile.in:plugins/preauth/pkinit/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1126: -1- AC_CONFIG_FILES([tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1128: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL_CMS]) -m4trace:configure.ac:1128: -1- m4_pattern_allow([^HAVE_OPENSSL_CMS$]) -m4trace:configure.ac:1128: -1- AH_OUTPUT([HAVE_OPENSSL_CMS], [/* Define if OpenSSL supports cms. */ -@%:@undef HAVE_OPENSSL_CMS]) -m4trace:configure.ac:1132: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PKINIT]) -m4trace:configure.ac:1132: -1- m4_pattern_allow([^DISABLE_PKINIT$]) -m4trace:configure.ac:1132: -1- AH_OUTPUT([DISABLE_PKINIT], [/* Define to disable PKINIT plugin support */ -@%:@undef DISABLE_PKINIT]) -m4trace:configure.ac:1136: -1- AC_SUBST([PKINIT]) -m4trace:configure.ac:1136: -1- AC_SUBST_TRACE([PKINIT]) -m4trace:configure.ac:1136: -1- m4_pattern_allow([^PKINIT$]) -m4trace:configure.ac:1139: -1- AH_OUTPUT([HAVE_DAEMON], [/* Define to 1 if you have the `daemon\' function. */ -@%:@undef HAVE_DAEMON]) -m4trace:configure.ac:1139: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) -m4trace:configure.ac:1139: -1- m4_pattern_allow([^HAVE_DAEMON$]) -m4trace:configure.ac:1139: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS daemon.$ac_objext"]) -m4trace:configure.ac:1139: -1- AC_SUBST_TRACE([LIB@&t@OBJS]) -m4trace:configure.ac:1139: -1- m4_pattern_allow([^LIB@&t@OBJS$]) -m4trace:configure.ac:1139: -1- AC_LIBSOURCE([daemon.c]) -m4trace:configure.ac:1147: -1- AC_SUBST([HAVE_RUNTEST]) -m4trace:configure.ac:1147: -1- AC_SUBST_TRACE([HAVE_RUNTEST]) -m4trace:configure.ac:1147: -1- m4_pattern_allow([^HAVE_RUNTEST$]) -m4trace:configure.ac:1153: -1- AC_SUBST([PYTHON_MINVERSION]) -m4trace:configure.ac:1153: -1- AC_SUBST_TRACE([PYTHON_MINVERSION]) -m4trace:configure.ac:1153: -1- m4_pattern_allow([^PYTHON_MINVERSION$]) -m4trace:configure.ac:1154: -1- AC_SUBST([PYTHON]) -m4trace:configure.ac:1154: -1- AC_SUBST_TRACE([PYTHON]) -m4trace:configure.ac:1154: -1- m4_pattern_allow([^PYTHON$]) -m4trace:configure.ac:1156: -1- AC_SUBST([PYTHON]) -m4trace:configure.ac:1156: -1- AC_SUBST_TRACE([PYTHON]) -m4trace:configure.ac:1156: -1- m4_pattern_allow([^PYTHON$]) -m4trace:configure.ac:1165: -1- AC_SUBST([HAVE_PYTHON]) -m4trace:configure.ac:1165: -1- AC_SUBST_TRACE([HAVE_PYTHON]) -m4trace:configure.ac:1165: -1- m4_pattern_allow([^HAVE_PYTHON$]) -m4trace:configure.ac:1180: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CMOCKA]) -m4trace:configure.ac:1180: -1- m4_pattern_allow([^HAVE_CMOCKA$]) -m4trace:configure.ac:1180: -1- AH_OUTPUT([HAVE_CMOCKA], [/* Define if cmocka library is available. */ -@%:@undef HAVE_CMOCKA]) -m4trace:configure.ac:1182: -1- AC_SUBST([HAVE_CMOCKA]) -m4trace:configure.ac:1182: -1- AC_SUBST_TRACE([HAVE_CMOCKA]) -m4trace:configure.ac:1182: -1- m4_pattern_allow([^HAVE_CMOCKA$]) -m4trace:configure.ac:1183: -1- AC_SUBST([CMOCKA_LIBS]) -m4trace:configure.ac:1183: -1- AC_SUBST_TRACE([CMOCKA_LIBS]) -m4trace:configure.ac:1183: -1- m4_pattern_allow([^CMOCKA_LIBS$]) -m4trace:configure.ac:1189: -1- AC_SUBST([HAVE_RESOLV_WRAPPER]) -m4trace:configure.ac:1189: -1- AC_SUBST_TRACE([HAVE_RESOLV_WRAPPER]) -m4trace:configure.ac:1189: -1- m4_pattern_allow([^HAVE_RESOLV_WRAPPER$]) -m4trace:configure.ac:1204: -1- AC_SUBST([DB_EXTRA_LIBS]) -m4trace:configure.ac:1204: -1- AC_SUBST_TRACE([DB_EXTRA_LIBS]) -m4trace:configure.ac:1204: -1- m4_pattern_allow([^DB_EXTRA_LIBS$]) -m4trace:configure.ac:1246: -1- AC_SUBST([SUPPORTLIB_MAJOR]) -m4trace:configure.ac:1246: -1- AC_SUBST_TRACE([SUPPORTLIB_MAJOR]) -m4trace:configure.ac:1246: -1- m4_pattern_allow([^SUPPORTLIB_MAJOR$]) -m4trace:configure.ac:1250: -1- AC_CONFIG_FILES([util/et/Makefile:$srcdir/./config/pre.in:util/et/Makefile.in:util/et/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1253: -1- AC_CONFIG_FILES([util/ss/Makefile:$srcdir/./config/pre.in:util/ss/Makefile.in:util/ss/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1260: -1- AH_OUTPUT([HAVE_LDAP_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_LDAP_H]) -m4trace:configure.ac:1260: -1- AH_OUTPUT([HAVE_LBER_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_LBER_H]) -m4trace:configure.ac:1272: -1- _m4_warn([obsolete], [The macro `AC_ERROR' is obsolete. -You should run autoupdate.], [../../lib/autoconf/oldnames.m4:34: AC_ERROR is expanded from... -configure.ac:1272: the top level]) -m4trace:configure.ac:1275: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_LDAP]) -m4trace:configure.ac:1275: -1- m4_pattern_allow([^ENABLE_LDAP$]) -m4trace:configure.ac:1275: -1- AH_OUTPUT([ENABLE_LDAP], [/* Define if LDAP KDB support within the Kerberos library (mainly ASN.1 code) - should be enabled. */ -@%:@undef ENABLE_LDAP]) -m4trace:configure.ac:1276: -1- AC_SUBST([LDAP_LIBS]) -m4trace:configure.ac:1276: -1- AC_SUBST_TRACE([LDAP_LIBS]) -m4trace:configure.ac:1276: -1- m4_pattern_allow([^LDAP_LIBS$]) -m4trace:configure.ac:1278: -1- AH_OUTPUT([HAVE_SASL_SASL_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SASL_SASL_H]) -m4trace:configure.ac:1278: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SASL_SASL_H]) -m4trace:configure.ac:1278: -1- m4_pattern_allow([^HAVE_SASL_SASL_H$]) -m4trace:configure.ac:1279: -1- AC_SUBST([HAVE_SASL]) -m4trace:configure.ac:1279: -1- AC_SUBST_TRACE([HAVE_SASL]) -m4trace:configure.ac:1279: -1- m4_pattern_allow([^HAVE_SASL$]) -m4trace:configure.ac:1284: -1- AC_CONFIG_FILES([plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:plugins/kdb/ldap/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1285: -1- AC_CONFIG_FILES([plugins/kdb/ldap/ldap_util/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/ldap_util/Makefile.in:plugins/kdb/ldap/ldap_util/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1286: -1- AC_CONFIG_FILES([plugins/kdb/ldap/libkdb_ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/libkdb_ldap/Makefile.in:plugins/kdb/ldap/libkdb_ldap/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1292: -1- AC_SUBST([ldap_plugin_dir]) -m4trace:configure.ac:1292: -1- AC_SUBST_TRACE([ldap_plugin_dir]) -m4trace:configure.ac:1292: -1- m4_pattern_allow([^ldap_plugin_dir$]) -m4trace:configure.ac:1293: -1- AC_SUBST([LDAP]) -m4trace:configure.ac:1293: -1- AC_SUBST_TRACE([LDAP]) -m4trace:configure.ac:1293: -1- m4_pattern_allow([^LDAP$]) -m4trace:configure.ac:1298: -1- AC_CONFIG_FILES([plugins/preauth/securid_sam2/Makefile:$srcdir/./config/pre.in:plugins/preauth/securid_sam2/Makefile.in:plugins/preauth/securid_sam2/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1303: -1- AC_SUBST([sam2_plugin]) -m4trace:configure.ac:1303: -1- AC_SUBST_TRACE([sam2_plugin]) -m4trace:configure.ac:1303: -1- m4_pattern_allow([^sam2_plugin$]) -m4trace:configure.ac:1309: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:1309: the top level]) -m4trace:configure.ac:1318: -1- AC_CONFIG_FILES([plugins/kdb/lmdb/Makefile:$srcdir/./config/pre.in:plugins/kdb/lmdb/Makefile.in:plugins/kdb/lmdb/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1323: -1- AC_SUBST([HAVE_LMDB]) -m4trace:configure.ac:1323: -1- AC_SUBST_TRACE([HAVE_LMDB]) -m4trace:configure.ac:1323: -1- m4_pattern_allow([^HAVE_LMDB$]) -m4trace:configure.ac:1324: -1- AC_SUBST([LMDB_LIBS]) -m4trace:configure.ac:1324: -1- AC_SUBST_TRACE([LMDB_LIBS]) -m4trace:configure.ac:1324: -1- m4_pattern_allow([^LMDB_LIBS$]) -m4trace:configure.ac:1325: -1- AC_SUBST([lmdb_plugin_dir]) -m4trace:configure.ac:1325: -1- AC_SUBST_TRACE([lmdb_plugin_dir]) -m4trace:configure.ac:1325: -1- m4_pattern_allow([^lmdb_plugin_dir$]) -m4trace:configure.ac:1330: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_STREAMS_SOCKETS]) -m4trace:configure.ac:1330: -1- m4_pattern_allow([^BROKEN_STREAMS_SOCKETS$]) -m4trace:configure.ac:1330: -1- AH_OUTPUT([BROKEN_STREAMS_SOCKETS], [/* Define if socket can\'t be bound to 0.0.0.0 */ -@%:@undef BROKEN_STREAMS_SOCKETS]) -m4trace:configure.ac:1337: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:1337: the top level]) -m4trace:configure.ac:1340: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:1340: the top level]) -m4trace:configure.ac:1348: -1- AC_SUBST([LIBEDIT_CFLAGS]) -m4trace:configure.ac:1348: -1- AC_SUBST_TRACE([LIBEDIT_CFLAGS]) -m4trace:configure.ac:1348: -1- m4_pattern_allow([^LIBEDIT_CFLAGS$]) -m4trace:configure.ac:1348: -1- AC_SUBST([LIBEDIT_LIBS]) -m4trace:configure.ac:1348: -1- AC_SUBST_TRACE([LIBEDIT_LIBS]) -m4trace:configure.ac:1348: -1- m4_pattern_allow([^LIBEDIT_LIBS$]) -m4trace:configure.ac:1352: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBEDIT]) -m4trace:configure.ac:1352: -1- m4_pattern_allow([^HAVE_LIBEDIT$]) -m4trace:configure.ac:1352: -1- AH_OUTPUT([HAVE_LIBEDIT], [/* Define if building with libedit. */ -@%:@undef HAVE_LIBEDIT]) -m4trace:configure.ac:1364: -1- AC_DEFINE_TRACE_LITERAL([HAVE_READLINE]) -m4trace:configure.ac:1364: -1- m4_pattern_allow([^HAVE_READLINE$]) -m4trace:configure.ac:1364: -1- AH_OUTPUT([HAVE_READLINE], [/* Define if building with GNU Readline. */ -@%:@undef HAVE_READLINE]) -m4trace:configure.ac:1369: -1- AC_SUBST([RL_CFLAGS]) -m4trace:configure.ac:1369: -1- AC_SUBST_TRACE([RL_CFLAGS]) -m4trace:configure.ac:1369: -1- m4_pattern_allow([^RL_CFLAGS$]) -m4trace:configure.ac:1370: -1- AC_SUBST([RL_LIBS]) -m4trace:configure.ac:1370: -1- AC_SUBST_TRACE([RL_LIBS]) -m4trace:configure.ac:1370: -1- m4_pattern_allow([^RL_LIBS$]) -m4trace:configure.ac:1372: -1- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -configure.ac:1372: the top level]) -m4trace:configure.ac:1377: -1- AC_SUBST([VERTO_CFLAGS]) -m4trace:configure.ac:1377: -1- AC_SUBST_TRACE([VERTO_CFLAGS]) -m4trace:configure.ac:1377: -1- m4_pattern_allow([^VERTO_CFLAGS$]) -m4trace:configure.ac:1377: -1- AC_SUBST([VERTO_LIBS]) -m4trace:configure.ac:1377: -1- AC_SUBST_TRACE([VERTO_LIBS]) -m4trace:configure.ac:1377: -1- m4_pattern_allow([^VERTO_LIBS$]) -m4trace:configure.ac:1391: -1- AC_SUBST([VERTO_CFLAGS]) -m4trace:configure.ac:1391: -1- AC_SUBST_TRACE([VERTO_CFLAGS]) -m4trace:configure.ac:1391: -1- m4_pattern_allow([^VERTO_CFLAGS$]) -m4trace:configure.ac:1392: -1- AC_SUBST([VERTO_LIBS]) -m4trace:configure.ac:1392: -1- AC_SUBST_TRACE([VERTO_LIBS]) -m4trace:configure.ac:1392: -1- m4_pattern_allow([^VERTO_LIBS$]) -m4trace:configure.ac:1393: -1- AC_SUBST([VERTO_VERSION]) -m4trace:configure.ac:1393: -1- AC_SUBST_TRACE([VERTO_VERSION]) -m4trace:configure.ac:1393: -1- m4_pattern_allow([^VERTO_VERSION$]) -m4trace:configure.ac:1395: -1- AC_SUBST([GROFF]) -m4trace:configure.ac:1395: -1- AC_SUBST_TRACE([GROFF]) -m4trace:configure.ac:1395: -1- m4_pattern_allow([^GROFF$]) -m4trace:configure.ac:1397: -1- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -aclocal.m4:1686: KRB5_WITH_PAM is expanded from... -configure.ac:1397: the top level]) -m4trace:configure.ac:1397: -1- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -../../lib/autoconf/general.m4:1481: AC_ARG_WITH is expanded from... -aclocal.m4:1686: KRB5_WITH_PAM is expanded from... -configure.ac:1397: the top level]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SECURITY_PAM_APPL_H]) -m4trace:configure.ac:1397: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECURITY_PAM_APPL_H]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^HAVE_SECURITY_PAM_APPL_H$]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_PUTENV], [/* Define to 1 if you have the `putenv\' function. */ -@%:@undef HAVE_PUTENV]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_PAM_START], [/* Define to 1 if you have the `pam_start\' function. */ -@%:@undef HAVE_PAM_START]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the `dl\' library (-ldl). */ -@%:@undef HAVE_LIBDL]) -m4trace:configure.ac:1397: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^HAVE_LIBDL$]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_PAM_START], [/* Define to 1 if you have the `pam_start\' function. */ -@%:@undef HAVE_PAM_START]) -m4trace:configure.ac:1397: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PAM_START]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^HAVE_PAM_START$]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the `pam\' library (-lpam). */ -@%:@undef HAVE_LIBPAM]) -m4trace:configure.ac:1397: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^HAVE_LIBPAM$]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_PAM_START], [/* Define to 1 if you have the `pam_start\' function. */ -@%:@undef HAVE_PAM_START]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the `pam_getenvlist\' function. */ -@%:@undef HAVE_PAM_GETENVLIST]) -m4trace:configure.ac:1397: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^USE_PAM$]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([USE_PAM], [/* Define if Kerberos-aware tools should support PAM */ -@%:@undef USE_PAM]) -m4trace:configure.ac:1397: -1- AC_DEFINE_TRACE_LITERAL([KSU_PAM_SERVICE]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^KSU_PAM_SERVICE$]) -m4trace:configure.ac:1397: -1- AH_OUTPUT([KSU_PAM_SERVICE], [/* Define to the name of the PAM service name to be used by ksu. */ -@%:@undef KSU_PAM_SERVICE]) -m4trace:configure.ac:1397: -1- AC_SUBST([PAM_LIBS]) -m4trace:configure.ac:1397: -1- AC_SUBST_TRACE([PAM_LIBS]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^PAM_LIBS$]) -m4trace:configure.ac:1397: -1- AC_SUBST([PAM_MAN]) -m4trace:configure.ac:1397: -1- AC_SUBST_TRACE([PAM_MAN]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^PAM_MAN$]) -m4trace:configure.ac:1397: -1- AC_SUBST([NON_PAM_MAN]) -m4trace:configure.ac:1397: -1- AC_SUBST_TRACE([NON_PAM_MAN]) -m4trace:configure.ac:1397: -1- m4_pattern_allow([^NON_PAM_MAN$]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_SELINUX_SELINUX_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SELINUX_SELINUX_H]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_SELINUX_LABEL_H], [/* Define to 1 if you have the header file. */ -@%:@undef HAVE_SELINUX_LABEL_H]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_SETFSCREATECON], [/* Define to 1 if you have the `setfscreatecon\' function. */ -@%:@undef HAVE_SETFSCREATECON]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_SELABEL_OPEN], [/* Define to 1 if you have the `selabel_open\' function. */ -@%:@undef HAVE_SELABEL_OPEN]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_LIBSELINUX], [/* Define to 1 if you have the `selinux\' library (-lselinux). */ -@%:@undef HAVE_LIBSELINUX]) -m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSELINUX]) -m4trace:configure.ac:1399: -1- m4_pattern_allow([^HAVE_LIBSELINUX$]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_SETFSCREATECON], [/* Define to 1 if you have the `setfscreatecon\' function. */ -@%:@undef HAVE_SETFSCREATECON]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([HAVE_SELABEL_OPEN], [/* Define to 1 if you have the `selabel_open\' function. */ -@%:@undef HAVE_SELABEL_OPEN]) -m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([USE_SELINUX]) -m4trace:configure.ac:1399: -1- m4_pattern_allow([^USE_SELINUX$]) -m4trace:configure.ac:1399: -1- AH_OUTPUT([USE_SELINUX], [/* Define if Kerberos-aware tools should set SELinux file contexts when - creating files. */ -@%:@undef USE_SELINUX]) -m4trace:configure.ac:1399: -1- AC_SUBST([SELINUX_LIBS]) -m4trace:configure.ac:1399: -1- AC_SUBST_TRACE([SELINUX_LIBS]) -m4trace:configure.ac:1399: -1- m4_pattern_allow([^SELINUX_LIBS$]) -m4trace:configure.ac:1405: -1- AC_SUBST([localedir]) -m4trace:configure.ac:1405: -1- AC_SUBST_TRACE([localedir]) -m4trace:configure.ac:1405: -1- m4_pattern_allow([^localedir$]) -m4trace:configure.ac:1412: -1- AC_SUBST([OSX]) -m4trace:configure.ac:1412: -1- AC_SUBST_TRACE([OSX]) -m4trace:configure.ac:1412: -1- m4_pattern_allow([^OSX$]) -m4trace:configure.ac:1418: -1- AC_SUBST([DEFCCNAME]) -m4trace:configure.ac:1418: -1- AC_SUBST_TRACE([DEFCCNAME]) -m4trace:configure.ac:1418: -1- m4_pattern_allow([^DEFCCNAME$]) -m4trace:configure.ac:1419: -1- AC_SUBST([DEFKTNAME]) -m4trace:configure.ac:1419: -1- AC_SUBST_TRACE([DEFKTNAME]) -m4trace:configure.ac:1419: -1- m4_pattern_allow([^DEFKTNAME$]) -m4trace:configure.ac:1420: -1- AC_SUBST([DEFCKTNAME]) -m4trace:configure.ac:1420: -1- AC_SUBST_TRACE([DEFCKTNAME]) -m4trace:configure.ac:1420: -1- m4_pattern_allow([^DEFCKTNAME$]) -m4trace:configure.ac:1422: -2- _m4_warn([obsolete], [The macro `AC_HELP_STRING' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:207: AC_HELP_STRING is expanded from... -configure.ac:1422: the top level]) -m4trace:configure.ac:1463: -1- AC_DEFINE_TRACE_LITERAL([DEFCCNAME]) -m4trace:configure.ac:1463: -1- m4_pattern_allow([^DEFCCNAME$]) -m4trace:configure.ac:1463: -1- AH_OUTPUT([DEFCCNAME], [/* Define to default ccache name */ -@%:@undef DEFCCNAME]) -m4trace:configure.ac:1464: -1- AC_DEFINE_TRACE_LITERAL([DEFKTNAME]) -m4trace:configure.ac:1464: -1- m4_pattern_allow([^DEFKTNAME$]) -m4trace:configure.ac:1464: -1- AH_OUTPUT([DEFKTNAME], [/* Define to default keytab name */ -@%:@undef DEFKTNAME]) -m4trace:configure.ac:1465: -1- AC_DEFINE_TRACE_LITERAL([DEFCKTNAME]) -m4trace:configure.ac:1465: -1- m4_pattern_allow([^DEFCKTNAME$]) -m4trace:configure.ac:1465: -1- AH_OUTPUT([DEFCKTNAME], [/* Define to default client keytab name */ -@%:@undef DEFCKTNAME]) -m4trace:configure.ac:1468: -1- AC_CONFIG_FILES([build-tools/krb5-config], [chmod +x build-tools/krb5-config]) -m4trace:configure.ac:1469: -1- AC_CONFIG_FILES([build-tools/kadm-server.pc - build-tools/kadm-client.pc - build-tools/kdb.pc - build-tools/krb5.pc - build-tools/krb5-gssapi.pc - build-tools/mit-krb5.pc - build-tools/mit-krb5-gssapi.pc - build-tools/gssrpc.pc -]) -m4trace:configure.ac:1478: -2- AC_CONFIG_FILES([]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([./Makefile:$srcdir/./config/pre.in:./Makefile.in:./deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([util/Makefile:$srcdir/./config/pre.in:util/Makefile.in:util/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([util/support/Makefile:$srcdir/./config/pre.in:util/support/Makefile.in:util/support/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([util/profile/Makefile:$srcdir/./config/pre.in:util/profile/Makefile.in:util/profile/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([util/profile/testmod/Makefile:$srcdir/./config/pre.in:util/profile/testmod/Makefile.in:util/profile/testmod/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([util/verto/Makefile:$srcdir/./config/pre.in:util/verto/Makefile.in:util/verto/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/Makefile:$srcdir/./config/pre.in:lib/Makefile.in:lib/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/kdb/Makefile:$srcdir/./config/pre.in:lib/kdb/Makefile.in:lib/kdb/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/Makefile:$srcdir/./config/pre.in:lib/crypto/Makefile.in:lib/crypto/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/krb/Makefile:$srcdir/./config/pre.in:lib/crypto/krb/Makefile.in:lib/crypto/krb/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/Makefile.in:lib/crypto/$CRYPTO_IMPL/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/enc_provider/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/hash_provider/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md4/Makefile.in:lib/crypto/$CRYPTO_IMPL/md4/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md5/Makefile.in:lib/crypto/$CRYPTO_IMPL/md5/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha1/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha1/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/sha2/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha2/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha2/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/aes/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/aes/Makefile.in:lib/crypto/$CRYPTO_IMPL/aes/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/$CRYPTO_IMPL/camellia/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/camellia/Makefile.in:lib/crypto/$CRYPTO_IMPL/camellia/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/crypto/crypto_tests/Makefile:$srcdir/./config/pre.in:lib/crypto/crypto_tests/Makefile.in:lib/crypto/crypto_tests/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/Makefile:$srcdir/./config/pre.in:lib/krb5/Makefile.in:lib/krb5/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/error_tables/Makefile:$srcdir/./config/pre.in:lib/krb5/error_tables/Makefile.in:lib/krb5/error_tables/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/asn.1/Makefile:$srcdir/./config/pre.in:lib/krb5/asn.1/Makefile.in:lib/krb5/asn.1/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/ccache/Makefile:$srcdir/./config/pre.in:lib/krb5/ccache/Makefile.in:lib/krb5/ccache/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/keytab/Makefile:$srcdir/./config/pre.in:lib/krb5/keytab/Makefile.in:lib/krb5/keytab/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/krb/Makefile:$srcdir/./config/pre.in:lib/krb5/krb/Makefile.in:lib/krb5/krb/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/rcache/Makefile:$srcdir/./config/pre.in:lib/krb5/rcache/Makefile.in:lib/krb5/rcache/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/os/Makefile:$srcdir/./config/pre.in:lib/krb5/os/Makefile.in:lib/krb5/os/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krb5/unicode/Makefile:$srcdir/./config/pre.in:lib/krb5/unicode/Makefile.in:lib/krb5/unicode/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/gssapi/Makefile:$srcdir/./config/pre.in:lib/gssapi/Makefile.in:lib/gssapi/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/gssapi/generic/Makefile:$srcdir/./config/pre.in:lib/gssapi/generic/Makefile.in:lib/gssapi/generic/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/gssapi/krb5/Makefile:$srcdir/./config/pre.in:lib/gssapi/krb5/Makefile.in:lib/gssapi/krb5/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/gssapi/spnego/Makefile:$srcdir/./config/pre.in:lib/gssapi/spnego/Makefile.in:lib/gssapi/spnego/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/gssapi/mechglue/Makefile:$srcdir/./config/pre.in:lib/gssapi/mechglue/Makefile.in:lib/gssapi/mechglue/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/rpc/Makefile:$srcdir/./config/pre.in:lib/rpc/Makefile.in:lib/rpc/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/rpc/unit-test/Makefile:$srcdir/./config/pre.in:lib/rpc/unit-test/Makefile.in:lib/rpc/unit-test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/kadm5/Makefile:$srcdir/./config/pre.in:lib/kadm5/Makefile.in:lib/kadm5/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/kadm5/clnt/Makefile:$srcdir/./config/pre.in:lib/kadm5/clnt/Makefile.in:lib/kadm5/clnt/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/kadm5/srv/Makefile:$srcdir/./config/pre.in:lib/kadm5/srv/Makefile.in:lib/kadm5/srv/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/kadm5/unit-test/Makefile:$srcdir/./config/pre.in:lib/kadm5/unit-test/Makefile.in:lib/kadm5/unit-test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/krad/Makefile:$srcdir/./config/pre.in:lib/krad/Makefile.in:lib/krad/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([lib/apputils/Makefile:$srcdir/./config/pre.in:lib/apputils/Makefile.in:lib/apputils/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kdc/Makefile:$srcdir/./config/pre.in:kdc/Makefile.in:kdc/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kprop/Makefile:$srcdir/./config/pre.in:kprop/Makefile.in:kprop/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([config-files/Makefile:$srcdir/./config/pre.in:config-files/Makefile.in:config-files/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([build-tools/Makefile:$srcdir/./config/pre.in:build-tools/Makefile.in:build-tools/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([man/Makefile:$srcdir/./config/pre.in:man/Makefile.in:man/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kadm5_auth/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_auth/test/Makefile.in:plugins/kadm5_auth/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/pwqual/test/Makefile:$srcdir/./config/pre.in:plugins/pwqual/test/Makefile.in:plugins/pwqual/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/audit/Makefile:$srcdir/./config/pre.in:plugins/audit/Makefile.in:plugins/audit/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/audit/test/Makefile:$srcdir/./config/pre.in:plugins/audit/test/Makefile.in:plugins/audit/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/Makefile.in:plugins/kdb/db2/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/Makefile.in:plugins/kdb/db2/libdb2/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/hash/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/hash/Makefile.in:plugins/kdb/db2/libdb2/hash/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/btree/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/btree/Makefile.in:plugins/kdb/db2/libdb2/btree/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/db/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/db/Makefile.in:plugins/kdb/db2/libdb2/db/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/mpool/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/mpool/Makefile.in:plugins/kdb/db2/libdb2/mpool/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/recno/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/recno/Makefile.in:plugins/kdb/db2/libdb2/recno/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/db2/libdb2/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/test/Makefile.in:plugins/kdb/db2/libdb2/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdb/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/test/Makefile.in:plugins/kdb/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/kdcpolicy/test/Makefile:$srcdir/./config/pre.in:plugins/kdcpolicy/test/Makefile.in:plugins/kdcpolicy/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/preauth/otp/Makefile:$srcdir/./config/pre.in:plugins/preauth/otp/Makefile.in:plugins/preauth/otp/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/preauth/spake/Makefile:$srcdir/./config/pre.in:plugins/preauth/spake/Makefile.in:plugins/preauth/spake/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/preauth/test/Makefile:$srcdir/./config/pre.in:plugins/preauth/test/Makefile.in:plugins/preauth/test/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/authdata/greet_client/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_client/Makefile.in:plugins/authdata/greet_client/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/authdata/greet_server/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_server/Makefile.in:plugins/authdata/greet_server/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([plugins/tls/k5tls/Makefile:$srcdir/./config/pre.in:plugins/tls/k5tls/Makefile.in:plugins/tls/k5tls/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/Makefile:$srcdir/./config/pre.in:clients/Makefile.in:clients/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/klist/Makefile:$srcdir/./config/pre.in:clients/klist/Makefile.in:clients/klist/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/kinit/Makefile:$srcdir/./config/pre.in:clients/kinit/Makefile.in:clients/kinit/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/kvno/Makefile:$srcdir/./config/pre.in:clients/kvno/Makefile.in:clients/kvno/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/kdestroy/Makefile:$srcdir/./config/pre.in:clients/kdestroy/Makefile.in:clients/kdestroy/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/kpasswd/Makefile:$srcdir/./config/pre.in:clients/kpasswd/Makefile.in:clients/kpasswd/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/ksu/Makefile:$srcdir/./config/pre.in:clients/ksu/Makefile.in:clients/ksu/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([clients/kswitch/Makefile:$srcdir/./config/pre.in:clients/kswitch/Makefile.in:clients/kswitch/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/Makefile:$srcdir/./config/pre.in:kadmin/Makefile.in:kadmin/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/cli/Makefile:$srcdir/./config/pre.in:kadmin/cli/Makefile.in:kadmin/cli/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/dbutil/Makefile:$srcdir/./config/pre.in:kadmin/dbutil/Makefile.in:kadmin/dbutil/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/ktutil/Makefile:$srcdir/./config/pre.in:kadmin/ktutil/Makefile.in:kadmin/ktutil/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/server/Makefile:$srcdir/./config/pre.in:kadmin/server/Makefile.in:kadmin/server/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/testing/Makefile:$srcdir/./config/pre.in:kadmin/testing/Makefile.in:kadmin/testing/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/testing/scripts/Makefile:$srcdir/./config/pre.in:kadmin/testing/scripts/Makefile.in:kadmin/testing/scripts/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([kadmin/testing/util/Makefile:$srcdir/./config/pre.in:kadmin/testing/util/Makefile.in:kadmin/testing/util/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/Makefile:$srcdir/./config/pre.in:appl/Makefile.in:appl/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/sample/Makefile:$srcdir/./config/pre.in:appl/sample/Makefile.in:appl/sample/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/sample/sclient/Makefile:$srcdir/./config/pre.in:appl/sample/sclient/Makefile.in:appl/sample/sclient/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/sample/sserver/Makefile:$srcdir/./config/pre.in:appl/sample/sserver/Makefile.in:appl/sample/sserver/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/simple/Makefile:$srcdir/./config/pre.in:appl/simple/Makefile.in:appl/simple/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/simple/client/Makefile:$srcdir/./config/pre.in:appl/simple/client/Makefile.in:appl/simple/client/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/simple/server/Makefile:$srcdir/./config/pre.in:appl/simple/server/Makefile.in:appl/simple/server/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/gss-sample/Makefile:$srcdir/./config/pre.in:appl/gss-sample/Makefile.in:appl/gss-sample/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([appl/user_user/Makefile:$srcdir/./config/pre.in:appl/user_user/Makefile.in:appl/user_user/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/Makefile:$srcdir/./config/pre.in:tests/Makefile.in:tests/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/resolve/Makefile:$srcdir/./config/pre.in:tests/resolve/Makefile.in:tests/resolve/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/asn.1/Makefile:$srcdir/./config/pre.in:tests/asn.1/Makefile.in:tests/asn.1/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/create/Makefile:$srcdir/./config/pre.in:tests/create/Makefile.in:tests/create/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/hammer/Makefile:$srcdir/./config/pre.in:tests/hammer/Makefile.in:tests/hammer/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/verify/Makefile:$srcdir/./config/pre.in:tests/verify/Makefile.in:tests/verify/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/gssapi/Makefile:$srcdir/./config/pre.in:tests/gssapi/Makefile.in:tests/gssapi/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/dejagnu/Makefile:$srcdir/./config/pre.in:tests/dejagnu/Makefile.in:tests/dejagnu/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/threads/Makefile:$srcdir/./config/pre.in:tests/threads/Makefile.in:tests/threads/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- AC_CONFIG_FILES([tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in]) -m4trace:configure.ac:1478: -1- _m4_warn([obsolete], [The macro `AC_FOREACH' is obsolete. -You should run autoupdate.], [../../lib/autoconf/general.m4:194: AC_FOREACH is expanded from... -aclocal.m4:696: V5_AC_OUTPUT_MAKEFILE is expanded from... -configure.ac:1478: the top level]) -m4trace:configure.ac:1478: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([LIB@&t@OBJS]) -m4trace:configure.ac:1478: -1- m4_pattern_allow([^LIB@&t@OBJS$]) -m4trace:configure.ac:1478: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([LTLIBOBJS]) -m4trace:configure.ac:1478: -1- m4_pattern_allow([^LTLIBOBJS$]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([top_builddir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([top_build_prefix]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([srcdir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([abs_srcdir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([top_srcdir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([abs_top_srcdir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([builddir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([abs_builddir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([abs_top_builddir]) -m4trace:configure.ac:1478: -1- AC_SUBST_TRACE([INSTALL]) diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in index 1891dea..f6184da 100755 --- a/src/build-tools/krb5-config.in +++ b/src/build-tools/krb5-config.in @@ -41,7 +41,6 @@ DL_LIB='@DL_LIB@' DEFCCNAME='@DEFCCNAME@' DEFKTNAME='@DEFKTNAME@' DEFCKTNAME='@DEFCKTNAME@' -SELINUX_LIBS='@SELINUX_LIBS@' LIBS='@LIBS@' GEN_LIB=@GEN_LIB@ @@ -226,13 +225,6 @@ if test -n "$do_libs"; then -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ -e 's#\$(CFLAGS)##'` - if test `dirname $libdir` = /usr ; then - lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` - fi - lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"` - lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"` - lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"` - if test $library = 'kdb'; then lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" library=krb5 @@ -263,7 +255,7 @@ if test -n "$do_libs"; then fi # If we ever support a flag to generate output suitable for static - # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB" + # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB" # here. echo $lib_flags diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index e5ebeb8..3fdae28 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -828,7 +828,7 @@ k5_kinit(struct k_opts *opts, struct k5_data *k5) if (opts->verbose) fprintf(stderr, _("Initialized cache\n")); - ret = k5_cc_store_primary_cred(k5->ctx, k5->out_cc, &my_creds); + ret = krb5_cc_store_cred(k5->ctx, k5->out_cc, &my_creds); if (ret) { com_err(progname, ret, _("while storing credentials")); goto cleanup; diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in index 9d58f29..8b4edce 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -3,14 +3,12 @@ BUILDTOP=$(REL)..$(S).. DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' KSU_LIBS=@KSU_LIBS@ -PAM_LIBS=@PAM_LIBS@ SRCS = \ $(srcdir)/krb_auth_su.c \ $(srcdir)/ccache.c \ $(srcdir)/authorization.c \ $(srcdir)/main.c \ - $(srcdir)/pam.c \ $(srcdir)/heuristic.c \ $(srcdir)/xmalloc.c \ $(srcdir)/setenv.c @@ -19,17 +17,13 @@ OBJS = \ ccache.o \ authorization.o \ main.o \ - pam.o \ heuristic.o \ xmalloc.o @SETENVOBJ@ all: ksu ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS) - -pam.o: pam.c - $(CC) $(ALL_CFLAGS) -c $< + $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) clean: $(RM) ksu diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index 508242e..57c3492 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -26,7 +26,6 @@ * KSU was writen by: Ari Medvinsky, ari@isi.edu */ -#include "autoconf.h" #include "ksu.h" #include "adm_proto.h" #include @@ -34,10 +33,6 @@ #include #include -#ifdef USE_PAM -#include "pam.h" -#endif - /* globals */ char * prog_name; int auth_debug =0; @@ -45,7 +40,6 @@ char k5login_path[MAXPATHLEN]; char k5users_path[MAXPATHLEN]; char * gb_err = NULL; int quiet = 0; -int force_fork = 0; /***********/ #define KS_TEMPORARY_CACHE "MEMORY:_ksu" @@ -542,23 +536,6 @@ main (argc, argv) prog_name,target_user,client_name, source_user,ontty()); -#ifdef USE_PAM - if (appl_pam_enabled(ksu_context, "ksu")) { - if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL, - NULL, source_user, - ttyname(STDERR_FILENO)) != 0) { - fprintf(stderr, "Access denied for %s.\n", target_user); - exit(1); - } - if (appl_pam_requires_chauthtok()) { - fprintf(stderr, "Password change required for %s.\n", - target_user); - exit(1); - } - force_fork++; - } -#endif - /* Run authorization as target.*/ if (krb5_seteuid(target_uid)) { com_err(prog_name, errno, _("while switching to target for " @@ -619,24 +596,6 @@ main (argc, argv) exit(1); } -#ifdef USE_PAM - } else { - /* we always do PAM account management, even for root */ - if (appl_pam_enabled(ksu_context, "ksu")) { - if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL, - NULL, source_user, - ttyname(STDERR_FILENO)) != 0) { - fprintf(stderr, "Access denied for %s.\n", target_user); - exit(1); - } - if (appl_pam_requires_chauthtok()) { - fprintf(stderr, "Password change required for %s.\n", - target_user); - exit(1); - } - force_fork++; - } -#endif } if( some_rest_copy){ @@ -694,30 +653,6 @@ main (argc, argv) exit(1); } -#ifdef USE_PAM - if (appl_pam_enabled(ksu_context, "ksu")) { - if (appl_pam_session_open() != 0) { - fprintf(stderr, "Error opening session for %s.\n", target_user); - exit(1); - } -#ifdef DEBUG - if (auth_debug){ - printf(" Opened PAM session.\n"); - } -#endif - if (appl_pam_cred_init()) { - fprintf(stderr, "Error initializing credentials for %s.\n", - target_user); - exit(1); - } -#ifdef DEBUG - if (auth_debug){ - printf(" Initialized PAM credentials.\n"); - } -#endif - } -#endif - /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { perror("ksu: setgid"); @@ -815,7 +750,7 @@ main (argc, argv) fprintf(stderr, "program to be execed %s\n",params[0]); } - if( keep_target_cache && !force_fork ) { + if( keep_target_cache ) { execv(params[0], params); com_err(prog_name, errno, _("while trying to execv %s"), params[0]); sweep_up(ksu_context, cc_target); @@ -845,35 +780,16 @@ main (argc, argv) if (ret_pid == -1) { com_err(prog_name, errno, _("while calling waitpid")); } - if( !keep_target_cache ) { - sweep_up(ksu_context, cc_target); - } + sweep_up(ksu_context, cc_target); exit (statusp); case -1: com_err(prog_name, errno, _("while trying to fork.")); sweep_up(ksu_context, cc_target); exit (1); case 0: -#ifdef USE_PAM - if (appl_pam_enabled(ksu_context, "ksu")) { - if (appl_pam_setenv() != 0) { - fprintf(stderr, "Error setting up environment for %s.\n", - target_user); - exit (1); - } -#ifdef DEBUG - if (auth_debug){ - printf(" Set up PAM environment.\n"); - } -#endif - } -#endif execv(params[0], params); com_err(prog_name, errno, _("while trying to execv %s"), params[0]); - if( keep_target_cache ) { - sweep_up(ksu_context, cc_target); - } exit (1); } } diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c deleted file mode 100644 index cbfe487..0000000 --- a/src/clients/ksu/pam.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - * src/clients/ksu/pam.c - * - * Copyright 2007,2009,2010 Red Hat, Inc. - * - * All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of Red Hat, Inc. nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * Convenience wrappers for using PAM. - */ - -#include "autoconf.h" -#ifdef USE_PAM -#include -#include -#include -#include -#include -#include "k5-int.h" -#include "pam.h" - -#ifndef MAXPWSIZE -#define MAXPWSIZE 128 -#endif - -static int appl_pam_started; -static pid_t appl_pam_starter = -1; -static int appl_pam_session_opened; -static int appl_pam_creds_initialized; -static int appl_pam_pwchange_required; -static pam_handle_t *appl_pamh; -static struct pam_conv appl_pam_conv; -static char *appl_pam_user; -struct appl_pam_non_interactive_args { - const char *user; - const char *password; -}; - -int -appl_pam_enabled(krb5_context context, const char *section) -{ - int enabled = 1; - if ((context != NULL) && (context->profile != NULL)) { - if (profile_get_boolean(context->profile, - section, - USE_PAM_CONFIGURATION_KEYWORD, - NULL, - enabled, &enabled) != 0) { - enabled = 1; - } - } - return enabled; -} - -void -appl_pam_cleanup(void) -{ - if (getpid() != appl_pam_starter) { - return; - } -#ifdef DEBUG - printf("Called to clean up PAM.\n"); -#endif - if (appl_pam_creds_initialized) { -#ifdef DEBUG - printf("Deleting PAM credentials.\n"); -#endif - pam_setcred(appl_pamh, PAM_DELETE_CRED); - appl_pam_creds_initialized = 0; - } - if (appl_pam_session_opened) { -#ifdef DEBUG - printf("Closing PAM session.\n"); -#endif - pam_close_session(appl_pamh, 0); - appl_pam_session_opened = 0; - } - appl_pam_pwchange_required = 0; - if (appl_pam_started) { -#ifdef DEBUG - printf("Shutting down PAM.\n"); -#endif - pam_end(appl_pamh, 0); - appl_pam_started = 0; - appl_pam_starter = -1; - free(appl_pam_user); - appl_pam_user = NULL; - } -} -static int -appl_pam_interactive_converse(int num_msg, const struct pam_message **msg, - struct pam_response **presp, void *appdata_ptr) -{ - const struct pam_message *message; - struct pam_response *resp; - int i, code; - char *pwstring, pwbuf[MAXPWSIZE]; - unsigned int pwsize; - resp = malloc(sizeof(struct pam_response) * num_msg); - if (resp == NULL) { - return PAM_BUF_ERR; - } - memset(resp, 0, sizeof(struct pam_response) * num_msg); - code = PAM_SUCCESS; - for (i = 0; i < num_msg; i++) { - message = &(msg[0][i]); /* XXX */ - message = msg[i]; /* XXX */ - pwstring = NULL; - switch (message->msg_style) { - case PAM_TEXT_INFO: - case PAM_ERROR_MSG: - printf("[%s]\n", message->msg ? message->msg : ""); - fflush(stdout); - resp[i].resp = NULL; - resp[i].resp_retcode = PAM_SUCCESS; - break; - case PAM_PROMPT_ECHO_ON: - case PAM_PROMPT_ECHO_OFF: - if (message->msg_style == PAM_PROMPT_ECHO_ON) { - if (fgets(pwbuf, sizeof(pwbuf), - stdin) != NULL) { - pwbuf[strcspn(pwbuf, "\r\n")] = '\0'; - pwstring = pwbuf; - } - } else { - pwstring = getpass(message->msg ? - message->msg : - ""); - } - if ((pwstring != NULL) && (pwstring[0] != '\0')) { - pwsize = strlen(pwstring); - resp[i].resp = malloc(pwsize + 1); - if (resp[i].resp == NULL) { - resp[i].resp_retcode = PAM_BUF_ERR; - } else { - memcpy(resp[i].resp, pwstring, pwsize); - resp[i].resp[pwsize] = '\0'; - resp[i].resp_retcode = PAM_SUCCESS; - } - } else { - resp[i].resp_retcode = PAM_CONV_ERR; - code = PAM_CONV_ERR; - } - break; - default: - break; - } - } - *presp = resp; - return code; -} -static int -appl_pam_non_interactive_converse(int num_msg, - const struct pam_message **msg, - struct pam_response **presp, - void *appdata_ptr) -{ - const struct pam_message *message; - struct pam_response *resp; - int i, code; - unsigned int pwsize; - struct appl_pam_non_interactive_args *args; - const char *pwstring; - resp = malloc(sizeof(struct pam_response) * num_msg); - if (resp == NULL) { - return PAM_BUF_ERR; - } - args = appdata_ptr; - memset(resp, 0, sizeof(struct pam_response) * num_msg); - code = PAM_SUCCESS; - for (i = 0; i < num_msg; i++) { - message = &((*msg)[i]); - message = msg[i]; - pwstring = NULL; - switch (message->msg_style) { - case PAM_TEXT_INFO: - case PAM_ERROR_MSG: - break; - case PAM_PROMPT_ECHO_ON: - case PAM_PROMPT_ECHO_OFF: - if (message->msg_style == PAM_PROMPT_ECHO_ON) { - /* assume "user" */ - pwstring = args->user; - } else { - /* assume "password" */ - pwstring = args->password; - } - if ((pwstring != NULL) && (pwstring[0] != '\0')) { - pwsize = strlen(pwstring); - resp[i].resp = malloc(pwsize + 1); - if (resp[i].resp == NULL) { - resp[i].resp_retcode = PAM_BUF_ERR; - } else { - memcpy(resp[i].resp, pwstring, pwsize); - resp[i].resp[pwsize] = '\0'; - resp[i].resp_retcode = PAM_SUCCESS; - } - } else { - resp[i].resp_retcode = PAM_CONV_ERR; - code = PAM_CONV_ERR; - } - break; - default: - break; - } - } - *presp = resp; - return code; -} -static int -appl_pam_start(const char *service, int interactive, - const char *login_username, - const char *non_interactive_password, - const char *hostname, - const char *ruser, - const char *tty) -{ - static int exit_handler_registered; - static struct appl_pam_non_interactive_args args; - int ret = 0; - if (appl_pam_started && - (strcmp(login_username, appl_pam_user) != 0)) { - appl_pam_cleanup(); - appl_pam_user = NULL; - } - if (!appl_pam_started) { -#ifdef DEBUG - printf("Starting PAM up (service=\"%s\",user=\"%s\").\n", - service, login_username); -#endif - memset(&appl_pam_conv, 0, sizeof(appl_pam_conv)); - appl_pam_conv.conv = interactive ? - &appl_pam_interactive_converse : - &appl_pam_non_interactive_converse; - memset(&args, 0, sizeof(args)); - args.user = strdup(login_username); - args.password = non_interactive_password ? - strdup(non_interactive_password) : - NULL; - appl_pam_conv.appdata_ptr = &args; - ret = pam_start(service, login_username, - &appl_pam_conv, &appl_pamh); - if (ret == 0) { - if (hostname != NULL) { -#ifdef DEBUG - printf("Setting PAM_RHOST to \"%s\".\n", hostname); -#endif - pam_set_item(appl_pamh, PAM_RHOST, hostname); - } - if (ruser != NULL) { -#ifdef DEBUG - printf("Setting PAM_RUSER to \"%s\".\n", ruser); -#endif - pam_set_item(appl_pamh, PAM_RUSER, ruser); - } - if (tty != NULL) { -#ifdef DEBUG - printf("Setting PAM_TTY to \"%s\".\n", tty); -#endif - pam_set_item(appl_pamh, PAM_TTY, tty); - } - if (!exit_handler_registered && - (atexit(appl_pam_cleanup) != 0)) { - pam_end(appl_pamh, 0); - appl_pamh = NULL; - ret = -1; - } else { - appl_pam_started = 1; - appl_pam_starter = getpid(); - appl_pam_user = strdup(login_username); - exit_handler_registered = 1; - } - } - } - return ret; -} -int -appl_pam_acct_mgmt(const char *service, int interactive, - const char *login_username, - const char *non_interactive_password, - const char *hostname, - const char *ruser, - const char *tty) -{ - int ret; - appl_pam_pwchange_required = 0; - ret = appl_pam_start(service, interactive, login_username, - non_interactive_password, hostname, ruser, tty); - if (ret == 0) { -#ifdef DEBUG - printf("Calling pam_acct_mgmt().\n"); -#endif - ret = pam_acct_mgmt(appl_pamh, 0); - switch (ret) { - case PAM_IGNORE: - ret = 0; - break; - case PAM_NEW_AUTHTOK_REQD: - appl_pam_pwchange_required = 1; - ret = 0; - break; - default: - break; - } - } - return ret; -} -int -appl_pam_requires_chauthtok(void) -{ - return appl_pam_pwchange_required; -} -int -appl_pam_session_open(void) -{ - int ret = 0; - if (appl_pam_started) { -#ifdef DEBUG - printf("Opening PAM session.\n"); -#endif - ret = pam_open_session(appl_pamh, 0); - if (ret == 0) { - appl_pam_session_opened = 1; - } - } - return ret; -} -int -appl_pam_setenv(void) -{ - int ret = 0; -#ifdef HAVE_PAM_GETENVLIST -#ifdef HAVE_PUTENV - int i; - char **list; - if (appl_pam_started) { - list = pam_getenvlist(appl_pamh); - for (i = 0; ((list != NULL) && (list[i] != NULL)); i++) { -#ifdef DEBUG - printf("Setting \"%s\" in environment.\n", list[i]); -#endif - putenv(list[i]); - } - } -#endif -#endif - return ret; -} -int -appl_pam_cred_init(void) -{ - int ret = 0; - if (appl_pam_started) { -#ifdef DEBUG - printf("Initializing PAM credentials.\n"); -#endif - ret = pam_setcred(appl_pamh, PAM_ESTABLISH_CRED); - if (ret == 0) { - appl_pam_creds_initialized = 1; - } - } - return ret; -} -#endif diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h deleted file mode 100644 index 0ab7656..0000000 --- a/src/clients/ksu/pam.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * src/clients/ksu/pam.h - * - * Copyright 2007,2009,2010 Red Hat, Inc. - * - * All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of Red Hat, Inc. nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * Convenience wrappers for using PAM. - */ - -#include -#ifdef HAVE_SECURITY_PAM_APPL_H -#include -#endif - -#define USE_PAM_CONFIGURATION_KEYWORD "use_pam" - -#ifdef USE_PAM -int appl_pam_enabled(krb5_context context, const char *section); -int appl_pam_acct_mgmt(const char *service, int interactive, - const char *local_username, - const char *non_interactive_password, - const char *hostname, - const char *ruser, - const char *tty); -int appl_pam_requires_chauthtok(void); -int appl_pam_session_open(void); -int appl_pam_setenv(void); -int appl_pam_cred_init(void); -void appl_pam_cleanup(void); -#endif diff --git a/src/clients/kvno/Makefile.in b/src/clients/kvno/Makefile.in index 5ba8772..1c3f793 100644 --- a/src/clients/kvno/Makefile.in +++ b/src/clients/kvno/Makefile.in @@ -26,9 +26,6 @@ kvno: kvno.o $(KRB5_BASE_DEPLIBS) ##WIN32## link $(EXE_LINKOPTS) /out:$@ $** ##WIN32## $(_VC_MANIFEST_EMBED_EXE) -check-pytests: kvno - $(RUNPYTEST) $(srcdir)/t_kvno.py $(PYTESTFLAGS) - clean-unix:: $(RM) kvno.o kvno diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c index f83c68a..2472c0c 100644 --- a/src/clients/kvno/kvno.c +++ b/src/clients/kvno/kvno.c @@ -38,26 +38,20 @@ static char *prog; static int quiet = 0; -#define XUSAGE_BREAK "\n\t" - static void xusage() { - fprintf(stderr, _("usage: %s [-c ccache] [-e etype] [-k keytab] [-q] " - "[-u | -S sname]" XUSAGE_BREAK - "[[{-F cert_file | {-I | -U} for_user} [-P]] | " - "--u2u ccache]" XUSAGE_BREAK - "[--cached-only] [--no-store] [--out-cache] " - "service1 service2 ...\n"), - prog); + fprintf(stderr, _("usage: %s [-C] [-u] [-c ccache] [-e etype]\n"), prog); + fprintf(stderr, _("\t[-k keytab] [-S sname] [{-I | -U} for_user | " + "[-F cert_file] [-P]]\n")); + fprintf(stderr, _("\t[--u2u ccache] service1 service2 ...\n")); exit(1); } static void do_v5_kvno(int argc, char *argv[], char *ccachestr, char *etypestr, - char *keytab_name, char *sname, int cached_only, - int canon, int no_store, int unknown, char *for_user, - int for_user_enterprise, char *for_user_cert_file, - int proxy, const char *out_ccname, + char *keytab_name, char *sname, int canon, int unknown, + char *for_user, int for_user_enterprise, + char *for_user_cert_file, int proxy, const char *u2u_ccname); #include @@ -67,21 +61,18 @@ static void extended_com_err_fn(const char *myprog, errcode_t code, int main(int argc, char *argv[]) { - enum { OPTION_U2U = 256, OPTION_OUT_CACHE = 257 }; + enum { OPTION_U2U = 256 }; + struct option lopts[] = { + { "u2u", 1, NULL, OPTION_U2U }, + { NULL, 0, NULL, 0 } + }; const char *shopts = "uCc:e:hk:qPS:I:U:F:"; int option; char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL; char *sname = NULL, *for_user = NULL, *u2u_ccname = NULL; - char *for_user_cert_file = NULL, *out_ccname = NULL; + char *for_user_cert_file = NULL; int canon = 0, unknown = 0, proxy = 0, for_user_enterprise = 0; - int impersonate = 0, cached_only = 0, no_store = 0; - struct option lopts[] = { - { "cached-only", 0, &cached_only, 1 }, - { "no-store", 0, &no_store, 1 }, - { "out-cache", 1, NULL, OPTION_OUT_CACHE }, - { "u2u", 1, NULL, OPTION_U2U }, - { NULL, 0, NULL, 0 } - }; + int impersonate = 0; setlocale(LC_ALL, ""); set_com_err_hook(extended_com_err_fn); @@ -144,12 +135,6 @@ main(int argc, char *argv[]) case OPTION_U2U: u2u_ccname = optarg; break; - case OPTION_OUT_CACHE: - out_ccname = optarg; - break; - case 0: - /* If this option set a flag, do nothing else now. */ - break; default: xusage(); break; @@ -174,9 +159,8 @@ main(int argc, char *argv[]) xusage(); do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name, - sname, cached_only, canon, no_store, unknown, for_user, - for_user_enterprise, for_user_cert_file, proxy, out_ccname, - u2u_ccname); + sname, canon, unknown, for_user, for_user_enterprise, + for_user_cert_file, proxy, u2u_ccname); return 0; } @@ -290,16 +274,14 @@ static krb5_error_code kvno(const char *name, krb5_ccache ccache, krb5_principal me, krb5_enctype etype, krb5_keytab keytab, const char *sname, krb5_flags options, int unknown, krb5_principal for_user_princ, - krb5_data *for_user_cert, int proxy, krb5_data *u2u_ticket, - krb5_creds **creds_out) + krb5_data *for_user_cert, int proxy, krb5_data *u2u_ticket) { krb5_error_code ret; krb5_principal server = NULL; krb5_ticket *ticket = NULL; - krb5_creds in_creds, *creds = NULL; + krb5_creds in_creds, *out_creds = NULL; char *princ = NULL; - *creds_out = NULL; memset(&in_creds, 0, sizeof(in_creds)); if (sname != NULL) { @@ -339,12 +321,13 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, in_creds.client = for_user_princ; in_creds.server = me; ret = krb5_get_credentials_for_user(context, options, ccache, - &in_creds, for_user_cert, &creds); + &in_creds, for_user_cert, + &out_creds); } else { in_creds.client = me; in_creds.server = server; ret = krb5_get_credentials(context, options, ccache, &in_creds, - &creds); + &out_creds); } if (ret) { @@ -353,7 +336,7 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, } /* We need a native ticket. */ - ret = krb5_decode_ticket(&creds->ticket, &ticket); + ret = krb5_decode_ticket(&out_creds->ticket, &ticket); if (ret) { com_err(prog, ret, _("while decoding ticket for %s"), princ); goto cleanup; @@ -379,15 +362,15 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, } if (proxy) { - in_creds.client = creds->client; - creds->client = NULL; - krb5_free_creds(context, creds); - creds = NULL; + in_creds.client = out_creds->client; + out_creds->client = NULL; + krb5_free_creds(context, out_creds); + out_creds = NULL; in_creds.server = server; ret = krb5_get_credentials_for_proxy(context, KRB5_GC_CANONICALIZE, ccache, &in_creds, ticket, - &creds); + &out_creds); krb5_free_principal(context, in_creds.client); if (ret) { com_err(prog, ret, _("%s: constrained delegation failed"), @@ -396,13 +379,10 @@ kvno(const char *name, krb5_ccache ccache, krb5_principal me, } } - *creds_out = creds; - creds = NULL; - cleanup: krb5_free_principal(context, server); krb5_free_ticket(context, ticket); - krb5_free_creds(context, creds); + krb5_free_creds(context, out_creds); krb5_free_unparsed_name(context, princ); return ret; } @@ -448,28 +428,19 @@ cleanup: static void do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, - char *keytab_name, char *sname, int cached_only, int canon, - int no_store, int unknown, char *for_user, int for_user_enterprise, - char *for_user_cert_file, int proxy, const char *out_ccname, - const char *u2u_ccname) + char *keytab_name, char *sname, int canon, int unknown, + char *for_user, int for_user_enterprise, + char *for_user_cert_file, int proxy, const char *u2u_ccname) { krb5_error_code ret; - int i, errors, flags, initialized = 0; + int i, errors, flags; krb5_enctype etype; - krb5_ccache ccache, out_ccache = NULL; + krb5_ccache ccache; krb5_principal me; krb5_keytab keytab = NULL; krb5_principal for_user_princ = NULL; - krb5_flags options = 0; + krb5_flags options = canon ? KRB5_GC_CANONICALIZE : 0; krb5_data cert_data = empty_data(), *user_cert = NULL, *u2u_ticket = NULL; - krb5_creds *creds; - - if (canon) - options |= KRB5_GC_CANONICALIZE; - if (cached_only) - options |= KRB5_GC_CACHED; - if (no_store || out_ccname != NULL) - options |= KRB5_GC_NO_STORE; ret = krb5_init_context(&context); if (ret) { @@ -496,14 +467,6 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, exit(1); } - if (out_ccname != NULL) { - ret = krb5_cc_resolve(context, out_ccname, &out_ccache); - if (ret) { - com_err(prog, ret, _("while resolving output ccache")); - exit(1); - } - } - if (keytab_name != NULL) { ret = krb5_kt_resolve(context, keytab_name, &keytab); if (ret) { @@ -550,28 +513,8 @@ do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr, errors = 0; for (i = 0; i < count; i++) { if (kvno(names[i], ccache, me, etype, keytab, sname, options, unknown, - for_user_princ, user_cert, proxy, u2u_ticket, &creds) != 0) { + for_user_princ, user_cert, proxy, u2u_ticket) != 0) errors++; - } else if (out_ccache != NULL) { - if (!initialized) { - ret = krb5_cc_initialize(context, out_ccache, creds->client); - if (ret) { - com_err(prog, ret, _("while initializing output ccache")); - exit(1); - } - initialized = 1; - } - if (count == 1) - ret = k5_cc_store_primary_cred(context, out_ccache, creds); - else - ret = krb5_cc_store_cred(context, out_ccache, creds); - if (ret) { - com_err(prog, ret, _("while storing creds in output ccache")); - exit(1); - } - } - - krb5_free_creds(context, creds); } if (keytab != NULL) diff --git a/src/clients/kvno/t_kvno.py b/src/clients/kvno/t_kvno.py deleted file mode 100644 index e98b90e..0000000 --- a/src/clients/kvno/t_kvno.py +++ /dev/null @@ -1,75 +0,0 @@ -from k5test import * - -realm = K5Realm() - -def check_cache(ccache, expected_services): - # Fetch the klist output and skip past the header. - lines = realm.run([klist, '-c', ccache]).splitlines() - lines = lines[4:] - - # For each line not beginning with an indent, match against the - # expected service principals. - svcs = {x: True for x in expected_services} - for l in lines: - if not l.startswith('\t'): - svcprinc = l.split()[4] - if svcprinc in svcs: - del svcs[svcprinc] - else: - fail('unexpected service princ ' + svcprinc) - - if svcs: - fail('services not found in klist output: ' + ' '.join(svcs.keys())) - - -mark('no options') -realm.run([kvno, realm.user_princ], expected_msg='user@KRBTEST.COM: kvno = 1') -check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ]) - -mark('-e') -msgs = ('etypes requested in TGS request: camellia128-cts', - '/KDC has no support for encryption type') -realm.run([kvno, '-e', 'camellia128-cts', realm.host_princ], - expected_code=1, expected_trace=msgs) - -mark('--cached-only') -realm.run([kvno, '--cached-only', realm.user_princ], expected_msg='kvno = 1') -realm.run([kvno, '--cached-only', realm.host_princ], - expected_code=1, expected_msg='Matching credential not found') -check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ]) - -mark('--no-store') -realm.run([kvno, '--no-store', realm.host_princ], expected_msg='kvno = 1') -check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ]) - -mark('--out-cache') # and multiple services -out_ccache = os.path.join(realm.testdir, 'ccache.out') -realm.run([kvno, '--out-cache', out_ccache, - realm.host_princ, realm.admin_princ]) -check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ]) -check_cache(out_ccache, [realm.host_princ, realm.admin_princ]) - -mark('--out-cache --cached-only') # tests out-cache overwriting, and -q -realm.run([kvno, '--out-cache', out_ccache, '--cached-only', realm.host_princ], - expected_code=1, expected_msg='Matching credential not found') -out = realm.run([kvno, '-q', '--out-cache', out_ccache, '--cached-only', - realm.user_princ]) -if out: - fail('unexpected kvno output with -q') -check_cache(out_ccache, [realm.user_princ]) - -mark('-U') # and -c -svc_ccache = os.path.join(realm.testdir, 'ccache.svc') -realm.run([kinit, '-k', '-c', svc_ccache, realm.host_princ]) -realm.run([kvno, '-c', svc_ccache, '-U', 'user', realm.host_princ]) -realm.run([klist, '-c', svc_ccache], expected_msg='for client user@') -realm.run([kvno, '-c', svc_ccache, '-U', 'user', '--out-cache', out_ccache, - realm.host_princ]) -out = realm.run([klist, '-c', out_ccache]) -if ('Default principal: user@KRBTEST.COM' not in out): - fail('wrong default principal in klist output') - -# More S4U options are tested in tests/gssapi/t_s4u.py. -# --u2u is tested in tests/t_u2u.py. - -success('kvno tests') diff --git a/src/config/pre.in b/src/config/pre.in index a8540ae..ce87e21 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -177,7 +177,6 @@ LD = $(PURE) @LD@ KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ -SELINUX_LIBS=@SELINUX_LIBS@ INSTALL=@INSTALL@ INSTALL_STRIP= @@ -185,7 +184,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) INSTALL_SCRIPT=@INSTALL_PROGRAM@ INSTALL_DATA=@INSTALL_DATA@ INSTALL_SHLIB=@INSTALL_SHLIB@ -INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 +INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root ## This is needed because autoconf will sometimes define @exec_prefix@ to be ## ${prefix}. prefix=@prefix@ @@ -403,7 +402,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) # HESIOD_LIBS is -lhesiod... HESIOD_LIBS = @HESIOD_LIBS@ -KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB) +KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on macOS! diff --git a/src/config/shlib.conf b/src/config/shlib.conf index 2b20c3f..3e4af6c 100644 --- a/src/config/shlib.conf +++ b/src/config/shlib.conf @@ -423,7 +423,7 @@ mips-*-netbsd*) # Linux ld doesn't default to stuffing the SONAME field... # Use objdump -x to examine the fields of the library # UNDEF_CHECK is suppressed by --enable-asan - LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro -Wl,--warn-shared-textrel' + LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)' UNDEF_CHECK='-Wl,--no-undefined' # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode. LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)' @@ -435,8 +435,7 @@ mips-*-netbsd*) SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' PROFFLAGS=-pg PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)' - INSTALL_SHLIB='${INSTALL} -m755' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' diff --git a/src/configure b/src/configure index af39c80..67b4bbc 100755 --- a/src/configure +++ b/src/configure @@ -631,9 +631,6 @@ DEFCKTNAME DEFKTNAME DEFCCNAME OSX -NON_PAM_MAN -PAM_MAN -PAM_LIBS GROFF VERTO_VERSION VERTO_LIBS @@ -794,6 +791,8 @@ PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC ax_pthread_config +EGREP +GREP SED krb5_cv_host host_os @@ -804,9 +803,6 @@ build_os build_vendor build_cpu build -SELINUX_LIBS -EGREP -GREP CONFIG_RELTOPDIR MAINT MAINTAINER_MODE_FALSE @@ -839,7 +835,6 @@ CFLAGS CC EXTRA_FILES SYSCONFCONF -runstatedir target_alias host_alias build_alias @@ -859,6 +854,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -894,7 +890,6 @@ enable_dns_for_realm with_hesiod enable_maintainer_mode with_ldap -with_selinux enable_delayed_initialization enable_thread_support enable_static @@ -919,8 +914,6 @@ with_lmdb with_libedit with_readline with_system_verto -with_pam -with_pam_ksu_service with_krb5_config ' ac_precious_vars='build_alias @@ -989,6 +982,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1241,6 +1235,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1378,7 +1381,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1531,6 +1534,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1601,7 +1605,6 @@ Optional Packages: --with-netlib=LIBS use user defined resolver library --with-hesiod=path compile with hesiod support [omitted] --with-ldap compile OpenLDAP database backend module - --with-selinux compile with SELinux labeling support --with-tcl=path where Tcl resides --with-vague-errors Do not [do] send helpful errors to client --with-crypto-impl=IMPL use specified crypto implementation [builtin] @@ -1613,8 +1616,6 @@ Optional Packages: --without-libedit do not compile with libedit --with-readline compile with GNU Readline --with-system-verto always use system verto library - --with-pam compile with PAM support - --with-ksu-service PAM service name for ksu ["ksu"] --with-krb5-config=PATH path to existing krb5-config program for defaults Some influential environment variables: @@ -4138,6 +4139,146 @@ test "$program_suffix" != NONE && ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : @@ -4268,317 +4409,48 @@ $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include + EXTRA_FILES="" -int -main () -{ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +$as_echo "#define _GNU_SOURCE 1" >>confdefs.h -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : +$as_echo "#define __STDC_WANT_LIB_EXT1__ 1" >>confdefs.h -else - ac_cv_header_stdc=no -fi -rm -f conftest* +if test $ac_cv_c_compiler_gnu = yes ; then + HAVE_GCC=yes + else HAVE_GCC= fi -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU linker" >&5 +$as_echo_n "checking for GNU linker... " >&6; } +if ${krb5_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 else - ac_cv_header_stdc=no + krb5_cv_prog_gnu_ld=no +if test "$GCC" = yes; then + if { ac_try='$CC -Wl,-v 2>&1 | grep "GNU ld" > /dev/null' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + krb5_cv_prog_gnu_ld=yes + fi fi -rm -f conftest* - fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_prog_gnu_ld" >&5 +$as_echo "$krb5_cv_prog_gnu_ld" >&6; } -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : +# Check whether --with-size-optimizations was given. +if test "${with_size_optimizations+set}" = set; then : + withval=$with_size_optimizations; else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif + withval=no +fi -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "#define STDC_HEADERS 1" >>confdefs.h - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_build_alias=$build_alias -test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` -test "x$ac_build_alias" = x && - as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } -case $ac_cv_build in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; -esac -build=$ac_cv_build -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_build -shift -build_cpu=$1 -build_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -build_os=$* -IFS=$ac_save_IFS -case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "x$host_alias" = x; then - ac_cv_host=$ac_cv_build -else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } -case $ac_cv_host in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; -esac -host=$ac_cv_host -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_host -shift -host_cpu=$1 -host_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -host_os=$* -IFS=$ac_save_IFS -case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ - for ac_i in 1 2 3 4 5 6 7; do - ac_script="$ac_script$as_nl$ac_script" - done - echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed - { ac_script=; unset ac_script;} - if test -z "$SED"; then - ac_path_SED_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_SED" || continue -# Check for GNU ac_path_SED and select it if it is found. - # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in -*GNU*) - ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" - "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_SED_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_SED="$ac_path_SED" - ac_path_SED_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_SED_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_SED"; then - as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 - fi -else - ac_cv_path_SED=$SED -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } - SED="$ac_cv_path_SED" - rm -f conftest.sed - - EXTRA_FILES="" - - -$as_echo "#define _GNU_SOURCE 1" >>confdefs.h - - -$as_echo "#define __STDC_WANT_LIB_EXT1__ 1" >>confdefs.h - - -if test $ac_cv_c_compiler_gnu = yes ; then - HAVE_GCC=yes - else HAVE_GCC= -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU linker" >&5 -$as_echo_n "checking for GNU linker... " >&6; } -if ${krb5_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else - krb5_cv_prog_gnu_ld=no -if test "$GCC" = yes; then - if { ac_try='$CC -Wl,-v 2>&1 | grep "GNU ld" > /dev/null' - { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 - (eval $ac_try) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - krb5_cv_prog_gnu_ld=yes - fi -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_prog_gnu_ld" >&5 -$as_echo "$krb5_cv_prog_gnu_ld" >&6; } - -# Check whether --with-size-optimizations was given. -if test "${with_size_optimizations+set}" = set; then : - withval=$with_size_optimizations; -else - withval=no -fi - -if test "$withval" = yes; then +if test "$withval" = yes; then $as_echo "#define CONFIG_SMALL 1" >>confdefs.h @@ -5496,26 +5368,6 @@ $as_echo "\"netlib will link with C library resolver only\"" >&6; } $as_echo "\"netlib will use \'$withval\'\"" >&6; } fi -enable_dns=yes - # Check whether --enable-dns-for-realm was given. -if test "${enable_dns_for_realm+set}" = set; then : - enableval=$enable_dns_for_realm; -else - enable_dns_for_realm=no -fi - - if test "$enable_dns_for_realm" = yes; then - -$as_echo "#define KRB5_DNS_LOOKUP_REALM 1" >>confdefs.h - - fi - - -$as_echo "#define KRB5_DNS_LOOKUP 1" >>confdefs.h - - - - else # Most operating systems have gethostbyname() in the default searched @@ -6073,141 +5925,6 @@ $as_echo "$as_me: enabling OpenLDAP database backend module support" >&6;} OPENLDAP_PLUGIN=yes fi - - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then : - withval=$with_selinux; withselinux="$withval" -else - withselinux=auto -fi - -old_LIBS="$LIBS" -if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for libselinux..." >&5 -$as_echo "checking for libselinux..." >&6; } - SELINUX_LIBS= - for ac_header in selinux/selinux.h selinux/label.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate selinux/selinux.h." >&5 -$as_echo "Unable to locate selinux/selinux.h." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate selinux/selinux.h." "$LINENO" 5 - fi - fi - - LIBS= - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xno ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setfscreatecon in -lselinux" >&5 -$as_echo_n "checking for setfscreatecon in -lselinux... " >&6; } -if ${ac_cv_lib_selinux_setfscreatecon+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lselinux $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setfscreatecon (); -int -main () -{ -return setfscreatecon (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_selinux_setfscreatecon=yes -else - ac_cv_lib_selinux_setfscreatecon=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setfscreatecon" >&5 -$as_echo "$ac_cv_lib_selinux_setfscreatecon" >&6; } -if test "x$ac_cv_lib_selinux_setfscreatecon" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSELINUX 1 -_ACEOF - - LIBS="-lselinux $LIBS" - -fi - - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xyes ; then - SELINUX_LIBS="$LIBS" - else - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate libselinux." >&5 -$as_echo "Unable to locate libselinux." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate libselinux." "$LINENO" 5 - fi - fi - fi - if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: building with SELinux labeling support" >&5 -$as_echo "$as_me: building with SELinux labeling support" >&6;} - -$as_echo "#define USE_SELINUX 1" >>confdefs.h - - SELINUX_LIBS="$LIBS" - EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" - fi -fi -LIBS="$old_LIBS" - - krb5_cv_host=$host . $ac_topdir/config/shlib.conf @@ -7266,20 +6983,149 @@ else fi fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + fi +done + + ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" if test "x$ac_cv_header_stdint_h" = xyes; then : @@ -9364,23 +9210,6 @@ ac_config_commands="$ac_config_commands CRYPTO_IMPL" -for ac_func in EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_derive -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -$as_echo "#define OSSL_KDFS 1" >>confdefs.h - -else - as_fn_error $? "backported OpenSSL KDFs not found" "$LINENO" 5 -fi -done - - # Check whether --with-prng-alg was given. if test "${with_prng_alg+set}" = set; then : @@ -14102,357 +13931,6 @@ fi - - -# Check whether --with-pam was given. -if test "${with_pam+set}" = set; then : - withval=$with_pam; withpam="$withval" -else - withpam=auto -fi - - -# Check whether --with-pam-ksu-service was given. -if test "${with_pam_ksu_service+set}" = set; then : - withval=$with_pam_ksu_service; withksupamservice="$withval" -else - withksupamservice=ksu -fi - -old_LIBS="$LIBS" -if test "$withpam" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for PAM..." >&5 -$as_echo "checking for PAM..." >&6; } - PAM_LIBS= - - for ac_header in security/pam_appl.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "security/pam_appl.h" "ac_cv_header_security_pam_appl_h" "$ac_includes_default" -if test "x$ac_cv_header_security_pam_appl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SECURITY_PAM_APPL_H 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_security_pam_appl_h" != xyes ; then - if test "$withpam" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate security/pam_appl.h." >&5 -$as_echo "Unable to locate security/pam_appl.h." >&6; } - withpam=no - else - as_fn_error $? "Unable to locate security/pam_appl.h." "$LINENO" 5 - fi - fi - - LIBS= - unset ac_cv_func_pam_start - for ac_func in putenv pam_start -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_pam_start" = xno ; then - unset ac_cv_func_pam_start - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dl_dlopen=yes -else - ac_cv_lib_dl_dlopen=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDL 1 -_ACEOF - - LIBS="-ldl $LIBS" - -fi - - for ac_func in pam_start -do : - ac_fn_c_check_func "$LINENO" "pam_start" "ac_cv_func_pam_start" -if test "x$ac_cv_func_pam_start" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PAM_START 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_pam_start" = xno ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 -$as_echo_n "checking for pam_start in -lpam... " >&6; } -if ${ac_cv_lib_pam_pam_start+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lpam $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pam_start (); -int -main () -{ -return pam_start (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_pam_pam_start=yes -else - ac_cv_lib_pam_pam_start=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 -$as_echo "$ac_cv_lib_pam_pam_start" >&6; } -if test "x$ac_cv_lib_pam_pam_start" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBPAM 1 -_ACEOF - - LIBS="-lpam $LIBS" - -fi - - unset ac_cv_func_pam_start - unset ac_cv_func_pam_getenvlist - for ac_func in pam_start pam_getenvlist -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_pam_start" = xyes ; then - PAM_LIBS="$LIBS" - else - if test "$withpam" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate libpam." >&5 -$as_echo "Unable to locate libpam." >&6; } - withpam=no - else - as_fn_error $? "Unable to locate libpam." "$LINENO" 5 - fi - fi - fi - fi - if test "$withpam" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: building with PAM support" >&5 -$as_echo "$as_me: building with PAM support" >&6;} - -$as_echo "#define USE_PAM 1" >>confdefs.h - - -cat >>confdefs.h <<_ACEOF -#define KSU_PAM_SERVICE "$withksupamservice" -_ACEOF - - PAM_LIBS="$LIBS" - NON_PAM_MAN=".\\\" " - PAM_MAN= - else - PAM_MAN=".\\\" " - NON_PAM_MAN= - fi -fi -LIBS="$old_LIBS" - - - - - - - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then : - withval=$with_selinux; withselinux="$withval" -else - withselinux=auto -fi - -old_LIBS="$LIBS" -if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for libselinux..." >&5 -$as_echo "checking for libselinux..." >&6; } - SELINUX_LIBS= - for ac_header in selinux/selinux.h selinux/label.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate selinux/selinux.h." >&5 -$as_echo "Unable to locate selinux/selinux.h." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate selinux/selinux.h." "$LINENO" 5 - fi - fi - - LIBS= - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xno ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setfscreatecon in -lselinux" >&5 -$as_echo_n "checking for setfscreatecon in -lselinux... " >&6; } -if ${ac_cv_lib_selinux_setfscreatecon+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lselinux $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setfscreatecon (); -int -main () -{ -return setfscreatecon (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_selinux_setfscreatecon=yes -else - ac_cv_lib_selinux_setfscreatecon=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setfscreatecon" >&5 -$as_echo "$ac_cv_lib_selinux_setfscreatecon" >&6; } -if test "x$ac_cv_lib_selinux_setfscreatecon" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSELINUX 1 -_ACEOF - - LIBS="-lselinux $LIBS" - -fi - - unset ac_cv_func_setfscreatecon - for ac_func in setfscreatecon selabel_open -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - if test "x$ac_cv_func_setfscreatecon" = xyes ; then - SELINUX_LIBS="$LIBS" - else - if test "$withselinux" = auto ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Unable to locate libselinux." >&5 -$as_echo "Unable to locate libselinux." >&6; } - withselinux=no - else - as_fn_error $? "Unable to locate libselinux." "$LINENO" 5 - fi - fi - fi - if test "$withselinux" != no ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: building with SELinux labeling support" >&5 -$as_echo "$as_me: building with SELinux labeling support" >&6;} - -$as_echo "#define USE_SELINUX 1" >>confdefs.h - - SELINUX_LIBS="$LIBS" - EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" - fi -fi -LIBS="$old_LIBS" - - - # Make localedir work in autoconf 2.5x. if test "${localedir+set}" != set; then localedir='$(datadir)/locale' @@ -14563,6 +14041,7 @@ ac_config_files="$ac_config_files build-tools/kadm-server.pc build-tools/kadm-cl ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/Makefile.in:lib/crypto/$CRYPTO_IMPL/deps:$srcdir/./config/post.in" ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/enc_provider/deps:$srcdir/./config/post.in" ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/hash_provider/deps:$srcdir/./config/post.in" + ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/des/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/des/Makefile.in:lib/crypto/$CRYPTO_IMPL/des/deps:$srcdir/./config/post.in" ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md4/Makefile.in:lib/crypto/$CRYPTO_IMPL/md4/deps:$srcdir/./config/post.in" ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md5/Makefile.in:lib/crypto/$CRYPTO_IMPL/md5/deps:$srcdir/./config/post.in" ac_config_files="$ac_config_files lib/crypto/$CRYPTO_IMPL/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha1/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha1/deps:$srcdir/./config/post.in" @@ -15401,6 +14880,7 @@ do "lib/crypto/$CRYPTO_IMPL/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/Makefile.in:lib/crypto/$CRYPTO_IMPL/deps:$srcdir/./config/post.in" ;; "lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/enc_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/enc_provider/deps:$srcdir/./config/post.in" ;; "lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/hash_provider/Makefile.in:lib/crypto/$CRYPTO_IMPL/hash_provider/deps:$srcdir/./config/post.in" ;; + "lib/crypto/$CRYPTO_IMPL/des/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/des/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/des/Makefile.in:lib/crypto/$CRYPTO_IMPL/des/deps:$srcdir/./config/post.in" ;; "lib/crypto/$CRYPTO_IMPL/md4/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md4/Makefile.in:lib/crypto/$CRYPTO_IMPL/md4/deps:$srcdir/./config/post.in" ;; "lib/crypto/$CRYPTO_IMPL/md5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/md5/Makefile.in:lib/crypto/$CRYPTO_IMPL/md5/deps:$srcdir/./config/post.in" ;; "lib/crypto/$CRYPTO_IMPL/sha1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/$CRYPTO_IMPL/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/$CRYPTO_IMPL/sha1/Makefile.in:lib/crypto/$CRYPTO_IMPL/sha1/deps:$srcdir/./config/post.in" ;; diff --git a/src/configure.ac b/src/configure.ac index 29be532..234f428 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -282,10 +282,6 @@ AC_SUBST(CRYPTO_IMPL) AC_SUBST(CRYPTO_IMPL_CFLAGS) AC_SUBST(CRYPTO_IMPL_LIBS) -AC_CHECK_FUNCS(EVP_KDF_CTX_new_id EVP_KDF_ctrl EVP_KDF_derive, - AC_DEFINE(OSSL_KDFS, 1, [Define if using OpenSSL KDFs]), - AC_MSG_ERROR([backported OpenSSL KDFs not found])) - AC_ARG_WITH([prng-alg], AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. @<:@fortuna@:>@]), [PRNG_ALG=$withval @@ -1394,10 +1390,6 @@ AC_SUBST([VERTO_VERSION]) AC_PATH_PROG(GROFF, groff) -KRB5_WITH_PAM - -KRB5_WITH_SELINUX - # Make localedir work in autoconf 2.5x. if test "${localedir+set}" != set; then localedir='$(datadir)/locale' @@ -1485,6 +1477,7 @@ V5_AC_OUTPUT_MAKEFILE(. lib/crypto lib/crypto/krb lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/enc_provider lib/crypto/$CRYPTO_IMPL/hash_provider + lib/crypto/$CRYPTO_IMPL/des lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5 lib/crypto/$CRYPTO_IMPL/sha1 lib/crypto/$CRYPTO_IMPL/sha2 lib/crypto/$CRYPTO_IMPL/aes lib/crypto/$CRYPTO_IMPL/camellia diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in index 4bdeb5f..b124b9e 100644 --- a/src/include/autoconf.h.in +++ b/src/include/autoconf.h.in @@ -153,15 +153,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_ERRNO_H -/* Define to 1 if you have the `EVP_KDF_ctrl' function. */ -#undef HAVE_EVP_KDF_CTRL - -/* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */ -#undef HAVE_EVP_KDF_CTX_NEW_ID - -/* Define to 1 if you have the `EVP_KDF_derive' function. */ -#undef HAVE_EVP_KDF_DERIVE - /* Define to 1 if you have the `explicit_bzero' function. */ #undef HAVE_EXPLICIT_BZERO @@ -264,24 +255,15 @@ /* Define to 1 if you have the `crypto' library (-lcrypto). */ #undef HAVE_LIBCRYPTO -/* Define to 1 if you have the `dl' library (-ldl). */ -#undef HAVE_LIBDL - /* Define if building with libedit. */ #undef HAVE_LIBEDIT /* Define to 1 if you have the `nsl' library (-lnsl). */ #undef HAVE_LIBNSL -/* Define to 1 if you have the `pam' library (-lpam). */ -#undef HAVE_LIBPAM - /* Define to 1 if you have the `resolv' library (-lresolv). */ #undef HAVE_LIBRESOLV -/* Define to 1 if you have the `selinux' library (-lselinux). */ -#undef HAVE_LIBSELINUX - /* Define to 1 if you have the `socket' library (-lsocket). */ #undef HAVE_LIBSOCKET @@ -327,12 +309,6 @@ /* Define if OpenSSL supports cms. */ #undef HAVE_OPENSSL_CMS -/* Define to 1 if you have the `pam_getenvlist' function. */ -#undef HAVE_PAM_GETENVLIST - -/* Define to 1 if you have the `pam_start' function. */ -#undef HAVE_PAM_START - /* Define to 1 if you have the header file. */ #undef HAVE_PATHS_H @@ -360,9 +336,6 @@ /* Define if pthread_rwlock_init is provided in the thread library. */ #undef HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB -/* Define to 1 if you have the `putenv' function. */ -#undef HAVE_PUTENV - /* Define to 1 if you have the header file. */ #undef HAVE_PWD_H @@ -411,18 +384,6 @@ /* Define to 1 if you have the `secure_getenv' function. */ #undef HAVE_SECURE_GETENV -/* Define to 1 if you have the header file. */ -#undef HAVE_SECURITY_PAM_APPL_H - -/* Define to 1 if you have the `selabel_open' function. */ -#undef HAVE_SELABEL_OPEN - -/* Define to 1 if you have the header file. */ -#undef HAVE_SELINUX_LABEL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SELINUX_SELINUX_H - /* Define to 1 if you have the `setegid' function. */ #undef HAVE_SETEGID @@ -432,9 +393,6 @@ /* Define to 1 if you have the `seteuid' function. */ #undef HAVE_SETEUID -/* Define to 1 if you have the `setfscreatecon' function. */ -#undef HAVE_SETFSCREATECON - /* Define if setluid provided in OSF/1 security library */ #undef HAVE_SETLUID @@ -653,9 +611,6 @@ /* Define if the KDC should return only vague error codes to clients */ #undef KRBCONF_VAGUE_ERRORS -/* Define to the name of the PAM service name to be used by ksu. */ -#undef KSU_PAM_SERVICE - /* define if the system header files are missing prototype for daemon() */ #undef NEED_DAEMON_PROTO @@ -687,9 +642,6 @@ /* Define if lex produes code with yylineno */ #undef NO_YYLINENO -/* Define if using OpenSSL KDFs */ -#undef OSSL_KDFS - /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT @@ -775,13 +727,6 @@ /* Define if link-time options for library initialization will be used */ #undef USE_LINKER_INIT_OPTION -/* Define if Kerberos-aware tools should support PAM */ -#undef USE_PAM - -/* Define if Kerberos-aware tools should set SELinux file contexts when - creating files. */ -#undef USE_SELINUX - /* Define if sigprocmask should be used */ #undef USE_SIGPROCMASK diff --git a/src/include/autoconf.h.in~ b/src/include/autoconf.h.in~ deleted file mode 100644 index b124b9e..0000000 --- a/src/include/autoconf.h.in~ +++ /dev/null @@ -1,779 +0,0 @@ -/* include/autoconf.h.in. Generated from configure.ac by autoheader. */ - - -#ifndef KRB5_AUTOCONF_H -#define KRB5_AUTOCONF_H - - -/* Define if AES-NI support is enabled */ -#undef AESNI - -/* Define if socket can't be bound to 0.0.0.0 */ -#undef BROKEN_STREAMS_SOCKETS - -/* Define if va_list objects can be simply copied by assignment. */ -#undef CAN_COPY_VA_LIST - -/* Define to reduce code size even if it means more cpu usage */ -#undef CONFIG_SMALL - -/* Define if __attribute__((constructor)) works */ -#undef CONSTRUCTOR_ATTR_WORKS - -/* Define to default ccache name */ -#undef DEFCCNAME - -/* Define to default client keytab name */ -#undef DEFCKTNAME - -/* Define to default keytab name */ -#undef DEFKTNAME - -/* Define if library initialization should be delayed until first use */ -#undef DELAY_INITIALIZER - -/* Define if __attribute__((destructor)) works */ -#undef DESTRUCTOR_ATTR_WORKS - -/* Define to disable PKINIT plugin support */ -#undef DISABLE_PKINIT - -/* Define if LDAP KDB support within the Kerberos library (mainly ASN.1 code) - should be enabled. */ -#undef ENABLE_LDAP - -/* Define if translation functions should be used. */ -#undef ENABLE_NLS - -/* Define if thread support enabled */ -#undef ENABLE_THREADS - -/* Define as return type of endrpcent */ -#undef ENDRPCENT_TYPE - -/* Define if Fortuna PRNG is selected */ -#undef FORTUNA - -/* Define to the type of elements in the array set by `getgroups'. Usually - this is either `int' or `gid_t'. */ -#undef GETGROUPS_T - -/* Define if gethostbyname_r returns int rather than struct hostent * */ -#undef GETHOSTBYNAME_R_RETURNS_INT - -/* Type of getpeername second argument. */ -#undef GETPEERNAME_ARG3_TYPE - -/* Define if getpwnam_r exists but takes only 4 arguments (e.g., POSIX draft 6 - implementations like some Solaris releases). */ -#undef GETPWNAM_R_4_ARGS - -/* Define if getpwnam_r returns an int */ -#undef GETPWNAM_R_RETURNS_INT - -/* Define if getpwuid_r exists but takes only 4 arguments (e.g., POSIX draft 6 - implementations like some Solaris releases). */ -#undef GETPWUID_R_4_ARGS - -/* Define if getservbyname_r returns int rather than struct servent * */ -#undef GETSERVBYNAME_R_RETURNS_INT - -/* Type of pointer target for argument 3 to getsockname */ -#undef GETSOCKNAME_ARG3_TYPE - -/* Define if gmtime_r returns int instead of struct tm pointer, as on old - HP-UX systems. */ -#undef GMTIME_R_RETURNS_INT - -/* Define if va_copy macro or function is available. */ -#undef HAS_VA_COPY - -/* Define to 1 if you have the `access' function. */ -#undef HAVE_ACCESS - -/* Define to 1 if you have the header file. */ -#undef HAVE_ALLOCA_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_ARPA_INET_H - -/* Define to 1 if you have the `bswap16' function. */ -#undef HAVE_BSWAP16 - -/* Define to 1 if you have the `bswap64' function. */ -#undef HAVE_BSWAP64 - -/* Define to 1 if bswap_16 is available via byteswap.h */ -#undef HAVE_BSWAP_16 - -/* Define to 1 if bswap_64 is available via byteswap.h */ -#undef HAVE_BSWAP_64 - -/* Define if bt_rseq is available, for recursive btree traversal. */ -#undef HAVE_BT_RSEQ - -/* Define to 1 if you have the header file. */ -#undef HAVE_BYTESWAP_H - -/* Define to 1 if you have the `chmod' function. */ -#undef HAVE_CHMOD - -/* Define if cmocka library is available. */ -#undef HAVE_CMOCKA - -/* Define to 1 if you have the `compile' function. */ -#undef HAVE_COMPILE - -/* Define if com_err has compatible gettext support */ -#undef HAVE_COM_ERR_INTL - -/* Define to 1 if you have the header file. */ -#undef HAVE_CPUID_H - -/* Define to 1 if you have the `daemon' function. */ -#undef HAVE_DAEMON - -/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you - don't. */ -#undef HAVE_DECL_STRERROR_R - -/* Define to 1 if you have the header file, and it defines `DIR'. - */ -#undef HAVE_DIRENT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_DLFCN_H - -/* Define to 1 if you have the `dn_skipname' function. */ -#undef HAVE_DN_SKIPNAME - -/* Define to 1 if you have the header file. */ -#undef HAVE_ENDIAN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_ERRNO_H - -/* Define to 1 if you have the `explicit_bzero' function. */ -#undef HAVE_EXPLICIT_BZERO - -/* Define to 1 if you have the `explicit_memset' function. */ -#undef HAVE_EXPLICIT_MEMSET - -/* Define to 1 if you have the `fchmod' function. */ -#undef HAVE_FCHMOD - -/* Define to 1 if you have the header file. */ -#undef HAVE_FCNTL_H - -/* Define to 1 if you have the `flock' function. */ -#undef HAVE_FLOCK - -/* Define to 1 if you have the `fnmatch' function. */ -#undef HAVE_FNMATCH - -/* Define to 1 if you have the header file. */ -#undef HAVE_FNMATCH_H - -/* Define if you have the getaddrinfo function */ -#undef HAVE_GETADDRINFO - -/* Define to 1 if you have the `getcwd' function. */ -#undef HAVE_GETCWD - -/* Define to 1 if you have the `getenv' function. */ -#undef HAVE_GETENV - -/* Define to 1 if you have the `geteuid' function. */ -#undef HAVE_GETEUID - -/* Define if gethostbyname_r exists and its return type is known */ -#undef HAVE_GETHOSTBYNAME_R - -/* Define to 1 if you have the `getnameinfo' function. */ -#undef HAVE_GETNAMEINFO - -/* Define if system getopt should be used. */ -#undef HAVE_GETOPT - -/* Define if system getopt_long should be used. */ -#undef HAVE_GETOPT_LONG - -/* Define if getpwnam_r is available and useful. */ -#undef HAVE_GETPWNAM_R - -/* Define if getpwuid_r is available and useful. */ -#undef HAVE_GETPWUID_R - -/* Define to 1 if you have the `getresgid' function. */ -#undef HAVE_GETRESGID - -/* Define to 1 if you have the `getresuid' function. */ -#undef HAVE_GETRESUID - -/* Define if getservbyname_r exists and its return type is known */ -#undef HAVE_GETSERVBYNAME_R - -/* Have the gettimeofday function */ -#undef HAVE_GETTIMEOFDAY - -/* Define to 1 if you have the `getusershell' function. */ -#undef HAVE_GETUSERSHELL - -/* Define to 1 if you have the `gmtime_r' function. */ -#undef HAVE_GMTIME_R - -/* Define to 1 if you have the header file. */ -#undef HAVE_IFADDRS_H - -/* Define to 1 if you have the `inet_ntop' function. */ -#undef HAVE_INET_NTOP - -/* Define to 1 if you have the `inet_pton' function. */ -#undef HAVE_INET_PTON - -/* Define to 1 if the system has the type `int16_t'. */ -#undef HAVE_INT16_T - -/* Define to 1 if the system has the type `int32_t'. */ -#undef HAVE_INT32_T - -/* Define to 1 if the system has the type `int8_t'. */ -#undef HAVE_INT8_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_INTTYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_KEYUTILS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LBER_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LDAP_H - -/* Define to 1 if you have the `crypto' library (-lcrypto). */ -#undef HAVE_LIBCRYPTO - -/* Define if building with libedit. */ -#undef HAVE_LIBEDIT - -/* Define to 1 if you have the `nsl' library (-lnsl). */ -#undef HAVE_LIBNSL - -/* Define to 1 if you have the `resolv' library (-lresolv). */ -#undef HAVE_LIBRESOLV - -/* Define to 1 if you have the `socket' library (-lsocket). */ -#undef HAVE_LIBSOCKET - -/* Define if the util library is available */ -#undef HAVE_LIBUTIL - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIMITS_H - -/* Define to 1 if you have the `localtime_r' function. */ -#undef HAVE_LOCALTIME_R - -/* Define to 1 if you have the header file. */ -#undef HAVE_MACHINE_BYTE_ORDER_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_MACHINE_ENDIAN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the `mkstemp' function. */ -#undef HAVE_MKSTEMP - -/* Define to 1 if you have the header file, and it defines `DIR'. */ -#undef HAVE_NDIR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETDB_H - -/* Define if netdb.h declares h_errno */ -#undef HAVE_NETDB_H_H_ERRNO - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETINET_IN_H - -/* Define to 1 if you have the `ns_initparse' function. */ -#undef HAVE_NS_INITPARSE - -/* Define to 1 if you have the `ns_name_uncompress' function. */ -#undef HAVE_NS_NAME_UNCOMPRESS - -/* Define if OpenSSL supports cms. */ -#undef HAVE_OPENSSL_CMS - -/* Define to 1 if you have the header file. */ -#undef HAVE_PATHS_H - -/* Define if persistent keyrings are supported */ -#undef HAVE_PERSISTENT_KEYRING - -/* Define to 1 if you have the header file. */ -#undef HAVE_POLL_H - -/* Define if #pragma weak references work */ -#undef HAVE_PRAGMA_WEAK_REF - -/* Define if you have POSIX threads libraries and header files. */ -#undef HAVE_PTHREAD - -/* Define to 1 if you have the `pthread_once' function. */ -#undef HAVE_PTHREAD_ONCE - -/* Have PTHREAD_PRIO_INHERIT. */ -#undef HAVE_PTHREAD_PRIO_INHERIT - -/* Define to 1 if you have the `pthread_rwlock_init' function. */ -#undef HAVE_PTHREAD_RWLOCK_INIT - -/* Define if pthread_rwlock_init is provided in the thread library. */ -#undef HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB - -/* Define to 1 if you have the header file. */ -#undef HAVE_PWD_H - -/* Define if building with GNU Readline. */ -#undef HAVE_READLINE - -/* Define if regcomp exists and functions */ -#undef HAVE_REGCOMP - -/* Define to 1 if you have the `regexec' function. */ -#undef HAVE_REGEXEC - -/* Define to 1 if you have the header file. */ -#undef HAVE_REGEXPR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_REGEX_H - -/* Define to 1 if you have the `res_nclose' function. */ -#undef HAVE_RES_NCLOSE - -/* Define to 1 if you have the `res_ndestroy' function. */ -#undef HAVE_RES_NDESTROY - -/* Define to 1 if you have the `res_ninit' function. */ -#undef HAVE_RES_NINIT - -/* Define to 1 if you have the `res_nsearch' function. */ -#undef HAVE_RES_NSEARCH - -/* Define to 1 if you have the `res_search' function */ -#undef HAVE_RES_SEARCH - -/* Define to 1 if you have the `re_comp' function. */ -#undef HAVE_RE_COMP - -/* Define to 1 if you have the `re_exec' function. */ -#undef HAVE_RE_EXEC - -/* Define to 1 if you have the header file. */ -#undef HAVE_SASL_SASL_H - -/* Define if struct sockaddr contains sa_len */ -#undef HAVE_SA_LEN - -/* Define to 1 if you have the `secure_getenv' function. */ -#undef HAVE_SECURE_GETENV - -/* Define to 1 if you have the `setegid' function. */ -#undef HAVE_SETEGID - -/* Define to 1 if you have the `setenv' function. */ -#undef HAVE_SETENV - -/* Define to 1 if you have the `seteuid' function. */ -#undef HAVE_SETEUID - -/* Define if setluid provided in OSF/1 security library */ -#undef HAVE_SETLUID - -/* Define to 1 if you have the `setregid' function. */ -#undef HAVE_SETREGID - -/* Define to 1 if you have the `setresgid' function. */ -#undef HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -#undef HAVE_SETRESUID - -/* Define to 1 if you have the `setreuid' function. */ -#undef HAVE_SETREUID - -/* Define to 1 if you have the `setsid' function. */ -#undef HAVE_SETSID - -/* Define to 1 if you have the `setvbuf' function. */ -#undef HAVE_SETVBUF - -/* Define if there is a socklen_t type. If not, probably use size_t */ -#undef HAVE_SOCKLEN_T - -/* Define to 1 if you have the `srand' function. */ -#undef HAVE_SRAND - -/* Define to 1 if you have the `srand48' function. */ -#undef HAVE_SRAND48 - -/* Define to 1 if you have the `srandom' function. */ -#undef HAVE_SRANDOM - -/* Define to 1 if the system has the type `ssize_t'. */ -#undef HAVE_SSIZE_T - -/* Define to 1 if you have the `stat' function. */ -#undef HAVE_STAT - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDDEF_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the `step' function. */ -#undef HAVE_STEP - -/* Define to 1 if you have the `strchr' function. */ -#undef HAVE_STRCHR - -/* Define to 1 if you have the `strdup' function. */ -#undef HAVE_STRDUP - -/* Define to 1 if you have the `strerror' function. */ -#undef HAVE_STRERROR - -/* Define to 1 if you have the `strerror_r' function. */ -#undef HAVE_STRERROR_R - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the `strlcpy' function. */ -#undef HAVE_STRLCPY - -/* Define to 1 if you have the `strptime' function. */ -#undef HAVE_STRPTIME - -/* Define to 1 if the system has the type `struct cmsghdr'. */ -#undef HAVE_STRUCT_CMSGHDR - -/* Define if there is a struct if_laddrconf. */ -#undef HAVE_STRUCT_IF_LADDRCONF - -/* Define to 1 if the system has the type `struct in6_pktinfo'. */ -#undef HAVE_STRUCT_IN6_PKTINFO - -/* Define to 1 if the system has the type `struct in_pktinfo'. */ -#undef HAVE_STRUCT_IN_PKTINFO - -/* Define if there is a struct lifconf. */ -#undef HAVE_STRUCT_LIFCONF - -/* Define to 1 if the system has the type `struct rt_msghdr'. */ -#undef HAVE_STRUCT_RT_MSGHDR - -/* Define to 1 if the system has the type `struct sockaddr_storage'. */ -#undef HAVE_STRUCT_SOCKADDR_STORAGE - -/* Define to 1 if `st_mtimensec' is a member of `struct stat'. */ -#undef HAVE_STRUCT_STAT_ST_MTIMENSEC - -/* Define to 1 if `st_mtimespec.tv_nsec' is a member of `struct stat'. */ -#undef HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC - -/* Define to 1 if `st_mtim.tv_nsec' is a member of `struct stat'. */ -#undef HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_BSWAP_H - -/* Define to 1 if you have the header file, and it defines `DIR'. - */ -#undef HAVE_SYS_DIR_H - -/* Define if sys_errlist in libc */ -#undef HAVE_SYS_ERRLIST - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_FILE_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_FILIO_H - -/* Define to 1 if you have the header file, and it defines `DIR'. - */ -#undef HAVE_SYS_NDIR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PARAM_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SELECT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SOCKET_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SOCKIO_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TIME_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_UIO_H - -/* Define if tcl.h found */ -#undef HAVE_TCL_H - -/* Define if tcl/tcl.h found */ -#undef HAVE_TCL_TCL_H - -/* Define to 1 if you have the `timegm' function. */ -#undef HAVE_TIMEGM - -/* Define to 1 if you have the header file. */ -#undef HAVE_TIME_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_UNISTD_H - -/* Define to 1 if you have the `unsetenv' function. */ -#undef HAVE_UNSETENV - -/* Define to 1 if the system has the type `u_char'. */ -#undef HAVE_U_CHAR - -/* Define to 1 if the system has the type `u_int'. */ -#undef HAVE_U_INT - -/* Define to 1 if the system has the type `u_int16_t'. */ -#undef HAVE_U_INT16_T - -/* Define to 1 if the system has the type `u_int32_t'. */ -#undef HAVE_U_INT32_T - -/* Define to 1 if the system has the type `u_int8_t'. */ -#undef HAVE_U_INT8_T - -/* Define to 1 if the system has the type `u_long'. */ -#undef HAVE_U_LONG - -/* Define to 1 if you have the `vasprintf' function. */ -#undef HAVE_VASPRINTF - -/* Define to 1 if you have the `vsnprintf' function. */ -#undef HAVE_VSNPRINTF - -/* Define to 1 if you have the `vsprintf' function. */ -#undef HAVE_VSPRINTF - -/* Define to 1 if the system has the type `__int128_t'. */ -#undef HAVE___INT128_T - -/* Define to 1 if the system has the type `__uint128_t'. */ -#undef HAVE___UINT128_T - -/* Define if errno.h declares perror */ -#undef HDR_HAS_PERROR - -/* May need to be defined to enable IPv6 support, for example on IRIX */ -#undef INET6 - -/* Define if MIT Project Athena default configuration should be used */ -#undef KRB5_ATHENA_COMPAT - -/* Define for DNS support of locating realms and KDCs */ -#undef KRB5_DNS_LOOKUP - -/* Define to enable DNS lookups of Kerberos realm names */ -#undef KRB5_DNS_LOOKUP_REALM - -/* Define if the KDC should return only vague error codes to clients */ -#undef KRBCONF_VAGUE_ERRORS - -/* define if the system header files are missing prototype for daemon() */ -#undef NEED_DAEMON_PROTO - -/* Define if in6addr_any is not defined in libc */ -#undef NEED_INSIXADDR_ANY - -/* define if the system header files are missing prototype for - ss_execute_command() */ -#undef NEED_SS_EXECUTE_COMMAND_PROTO - -/* define if the system header files are missing prototype for strptime() */ -#undef NEED_STRPTIME_PROTO - -/* define if the system header files are missing prototype for swab() */ -#undef NEED_SWAB_PROTO - -/* Define if need to declare sys_errlist */ -#undef NEED_SYS_ERRLIST - -/* define if the system header files are missing prototype for vasprintf() */ -#undef NEED_VASPRINTF_PROTO - -/* Define if the KDC should use no lookaside cache */ -#undef NOCACHE - -/* Define if references to pthread routines should be non-weak. */ -#undef NO_WEAK_PTHREADS - -/* Define if lex produes code with yylineno */ -#undef NO_YYLINENO - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the home page for this package. */ -#undef PACKAGE_URL - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* Define if setjmp indicates POSIX interface */ -#undef POSIX_SETJMP - -/* Define if POSIX signal handling is used */ -#undef POSIX_SIGNALS - -/* Define if POSIX signal handlers are used */ -#undef POSIX_SIGTYPE - -/* Define if termios.h exists and tcsetattr exists */ -#undef POSIX_TERMIOS - -/* Define to necessary symbol if this constant uses a non-standard name on - your system. */ -#undef PTHREAD_CREATE_JOINABLE - -/* Define as the return type of signal handlers (`int' or `void'). */ -#undef RETSIGTYPE - -/* Define as return type of setrpcent */ -#undef SETRPCENT_TYPE - -/* The size of `size_t', as computed by sizeof. */ -#undef SIZEOF_SIZE_T - -/* The size of `time_t', as computed by sizeof. */ -#undef SIZEOF_TIME_T - -/* Define to use OpenSSL for SPAKE preauth */ -#undef SPAKE_OPENSSL - -/* Define for static plugin linkage */ -#undef STATIC_PLUGINS - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* Define to 1 if strerror_r returns char *. */ -#undef STRERROR_R_CHAR_P - -/* Define if sys_errlist is defined in errno.h */ -#undef SYS_ERRLIST_DECLARED - -/* Define to 1 if you can safely include both and . */ -#undef TIME_WITH_SYS_TIME - -/* Define if no TLS implementation is selected */ -#undef TLS_IMPL_NONE - -/* Define if TLS implementation is OpenSSL */ -#undef TLS_IMPL_OPENSSL - -/* Define if you have dirent.h functionality */ -#undef USE_DIRENT_H - -/* Define if dlopen should be used */ -#undef USE_DLOPEN - -/* Define if the keyring ccache should be enabled */ -#undef USE_KEYRING_CCACHE - -/* Define if link-time options for library finalization will be used */ -#undef USE_LINKER_FINI_OPTION - -/* Define if link-time options for library initialization will be used */ -#undef USE_LINKER_INIT_OPTION - -/* Define if sigprocmask should be used */ -#undef USE_SIGPROCMASK - -/* Define if wait takes int as a argument */ -#undef WAIT_USES_INT - -/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a - `char[]'. */ -#undef YYTEXT_POINTER - -/* Define to enable extensions in glibc */ -#undef _GNU_SOURCE - -/* Define to enable C11 extensions */ -#undef __STDC_WANT_LIB_EXT1__ - -/* Define to empty if `const' does not conform to ANSI C. */ -#undef const - -/* Define to `int' if doesn't define. */ -#undef gid_t - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif - -/* Define krb5_sigtype to type of signal handler */ -#undef krb5_sigtype - -/* Define to `int' if does not define. */ -#undef mode_t - -/* Define to `long int' if does not define. */ -#undef off_t - -/* Define to `long' if does not define. */ -#undef time_t - -/* Define to `int' if doesn't define. */ -#undef uid_t - - -#if defined(__GNUC__) && !defined(inline) -/* Silence gcc pedantic warnings about ANSI C. */ -# define inline __inline__ -#endif -#endif /* KRB5_AUTOCONF_H */ - diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 912aaed..9616b24 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -128,7 +128,6 @@ typedef unsigned char u_char; #include "k5-platform.h" -#include "k5-label.h" #define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */ #define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */ @@ -299,7 +298,6 @@ typedef unsigned char u_char; #define KRB5_CONF_V4_INSTANCE_CONVERT "v4_instance_convert" #define KRB5_CONF_V4_REALM "v4_realm" #define KRB5_CONF_VERIFY_AP_REQ_NOFAIL "verify_ap_req_nofail" -#define KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS "client_aware_channel_bindings" /* Cache configuration variables */ #define KRB5_CC_CONF_FAST_AVAIL "fast_avail" @@ -307,7 +305,6 @@ typedef unsigned char u_char; #define KRB5_CC_CONF_PA_TYPE "pa_type" #define KRB5_CC_CONF_PROXY_IMPERSONATOR "proxy_impersonator" #define KRB5_CC_CONF_REFRESH_TIME "refresh_time" -#define KRB5_CC_CONF_START_REALM "start_realm" /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table @@ -1911,9 +1908,6 @@ krb5_ser_unpack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *); krb5_error_code KRB5_CALLCONV krb5int_cc_default(krb5_context, krb5_ccache *); -krb5_error_code -k5_cc_store_primary_cred(krb5_context, krb5_ccache, krb5_creds *); - /* Fill in the buffer with random alpha-numeric data. */ krb5_error_code krb5int_random_string(krb5_context, char *string, unsigned int length); diff --git a/src/include/k5-label.h b/src/include/k5-label.h deleted file mode 100644 index dfaaa84..0000000 --- a/src/include/k5-label.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _KRB5_LABEL_H -#define _KRB5_LABEL_H - -#ifdef THREEPARAMOPEN -#undef THREEPARAMOPEN -#endif -#ifdef WRITABLEFOPEN -#undef WRITABLEFOPEN -#endif - -/* Wrapper functions which help us create files and directories with the right - * context labels. */ -#ifdef USE_SELINUX -#include -#include -#include -#include -#include -FILE *krb5int_labeled_fopen(const char *path, const char *mode); -int krb5int_labeled_creat(const char *path, mode_t mode); -int krb5int_labeled_open(const char *path, int flags, ...); -int krb5int_labeled_mkdir(const char *path, mode_t mode); -int krb5int_labeled_mknod(const char *path, mode_t mode, dev_t device); -#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z) -#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y) -void *krb5int_push_fscreatecon_for(const char *pathname); -void krb5int_pop_fscreatecon(void *previous); -#else -#define WRITABLEFOPEN(x,y) fopen(x,y) -#define THREEPARAMOPEN(x,y,z) open(x,y,z) -#endif -#endif diff --git a/src/include/krb5/certauth_plugin.h b/src/include/krb5/certauth_plugin.h index 3466cf3..3074790 100644 --- a/src/include/krb5/certauth_plugin.h +++ b/src/include/krb5/certauth_plugin.h @@ -85,17 +85,14 @@ typedef void (*krb5_certauth_fini_fn)(krb5_context context, krb5_certauth_moddata moddata); /* - * Mandatory: return 0 or KRB5_CERTAUTH_HWAUTH if the DER-encoded cert is - * authorized for PKINIT authentication by princ; otherwise return one of the - * following error codes: + * Mandatory: + * Return 0 if the DER-encoded cert is authorized for PKINIT authentication by + * princ; otherwise return one of the following error codes: * - KRB5KDC_ERR_CLIENT_NAME_MISMATCH - incorrect SAN value * - KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE - incorrect EKU * - KRB5KDC_ERR_CERTIFICATE_MISMATCH - other extension error * - KRB5_PLUGIN_NO_HANDLE - the module has no opinion about cert * - * Returning KRB5_CERTAUTH_HWAUTH will cause the hw-authent flag to be set in - * the issued ticket (new in release 1.19). - * * - opts is used by built-in modules to receive internal data, and must be * ignored by other modules. * - db_entry receives the client principal database entry, and can be ignored diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 9264bed..79761f6 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -87,12 +87,6 @@ #define THREEPARAMOPEN(x,y,z) open(x,y,z) #endif -#if KRB5_PRIVATE -#ifndef WRITABLEFOPEN -#define WRITABLEFOPEN(x,y) fopen(x,y) -#endif -#endif - #define KRB5_OLD_CRYPTO #include @@ -426,8 +420,8 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_DES_CBC_MD4 0x0002 /**< @deprecated no longer supported */ #define ENCTYPE_DES_CBC_MD5 0x0003 /**< @deprecated no longer supported */ #define ENCTYPE_DES_CBC_RAW 0x0004 /**< @deprecated no longer supported */ -#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated no longer supported */ -#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated no longer supported */ +#define ENCTYPE_DES3_CBC_SHA 0x0005 /**< @deprecated DES-3 cbc with SHA1 */ +#define ENCTYPE_DES3_CBC_RAW 0x0006 /**< @deprecated DES-3 cbc mode raw */ #define ENCTYPE_DES_HMAC_SHA1 0x0008 /**< @deprecated no longer supported */ /* PKINIT */ #define ENCTYPE_DSA_SHA1_CMS 0x0009 /**< DSA with SHA1, CMS signature */ @@ -436,9 +430,9 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_RC2_CBC_ENV 0x000c /**< RC2 cbc mode, CMS enveloped data */ #define ENCTYPE_RSA_ENV 0x000d /**< RSA encryption, CMS enveloped data */ #define ENCTYPE_RSA_ES_OAEP_ENV 0x000e /**< RSA w/OEAP encryption, CMS enveloped data */ -#define ENCTYPE_DES3_CBC_ENV 0x000f /**< @deprecated no longer supported */ +#define ENCTYPE_DES3_CBC_ENV 0x000f /**< DES-3 cbc mode, CMS enveloped data */ -#define ENCTYPE_DES3_CBC_SHA1 0x0010 /**< @deprecated removed */ +#define ENCTYPE_DES3_CBC_SHA1 0x0010 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 /**< RFC 3962 */ #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ #define ENCTYPE_AES128_CTS_HMAC_SHA256_128 0x0013 /**< RFC 8009 */ @@ -458,7 +452,7 @@ typedef struct _krb5_crypto_iov { #define CKSUMTYPE_RSA_MD5 0x0007 #define CKSUMTYPE_RSA_MD5_DES 0x0008 #define CKSUMTYPE_NIST_SHA 0x0009 -#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c /* @deprecated removed */ +#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f /**< RFC 3962. Used with ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with @@ -1915,7 +1909,6 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, #define KRB5_AUTHDATA_SIGNTICKET 512 /**< formerly 142 in krb5 1.8 */ #define KRB5_AUTHDATA_FX_ARMOR 71 #define KRB5_AUTHDATA_AUTH_INDICATOR 97 -#define KRB5_AUTHDATA_AP_OPTIONS 143 /** @} */ /* end of KRB5_AUTHDATA group */ /* password change constants */ @@ -7175,10 +7168,11 @@ typedef void * * Set a callback to receive password and account expiration times. * - * @a cb will be invoked if and only if credentials are successfully acquired. - * The callback will receive the @a context from the calling function and the - * @a data argument supplied with this API. The remaining arguments should be - * interpreted as follows: + * This option only applies to krb5_get_init_creds_password(). @a cb will be + * invoked if and only if credentials are successfully acquired. The callback + * will receive the @a context from the krb5_get_init_creds_password() call and + * the @a data argument supplied with this API. The remaining arguments should + * be interpreted as follows: * * If @a is_last_req is true, then the KDC reply contained last-req entries * which unambiguously indicated the password expiration, account expiration, diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in index d1327e4..adfea6e 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -37,8 +37,3 @@ clean-unix:: # CC_LINK is not meant for compilation and this use may break in the future. datetest: getdate.c $(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c - -%.c: %.y - $(RM) y.tab.c $@ - $(YACC.y) $< - $(CP) y.tab.c $@ diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 19f2cc2..301e347 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -148,21 +148,12 @@ create_ofile(char *ofile, char **tmpname) { int fd = -1; FILE *f; -#ifdef USE_SELINUX - void *selabel; -#endif *tmpname = NULL; if (asprintf(tmpname, "%s-XXXXXX", ofile) < 0) goto error; -#ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(ofile); -#endif fd = mkstemp(*tmpname); -#ifdef USE_SELINUX - krb5int_pop_fscreatecon(selabel); -#endif if (fd == -1) goto error; @@ -206,7 +197,7 @@ prep_ok_file(krb5_context context, char *file_name, int *fd_out) goto cleanup; } - fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); + fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd == -1) { com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); goto cleanup; diff --git a/src/kadmin/testing/proto/kdc.conf.proto b/src/kadmin/testing/proto/kdc.conf.proto index 7beb7ca..8a4b87d 100644 --- a/src/kadmin/testing/proto/kdc.conf.proto +++ b/src/kadmin/testing/proto/kdc.conf.proto @@ -1,6 +1,6 @@ [kdcdefaults] - kdc_listen = 1766 - kdc_tcp_listen = 1766 + kdc_listen = 1750 + kdc_tcp_listen = 1750 [realms] __REALM__ = { @@ -9,8 +9,8 @@ key_stash_file = __K5ROOT__/.k5.__REALM__ acl_file = __K5ROOT__/ovsec_adm.acl dict_file = __K5ROOT__/ovsec_adm.dict - kadmind_port = 1767 - kpasswd_port = 1768 - master_key_type = aes256-cts - supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal + kadmind_port = 1751 + kpasswd_port = 1752 + master_key_type = des3-hmac-sha1 + supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal } diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto index 87facc4..e710852 100644 --- a/src/kadmin/testing/proto/krb5.conf.proto +++ b/src/kadmin/testing/proto/krb5.conf.proto @@ -7,8 +7,8 @@ [realms] __REALM__ = { - kdc = __KDCHOST__:1766 - admin_server = __KDCHOST__:1767 + kdc = __KDCHOST__:1750 + admin_server = __KDCHOST__:1751 database_module = foobar_db2_module_blah } diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 463a9c0..241f34e 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -392,8 +392,8 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, } authtime = subject_tkt->times.authtime; - /* Extract and check auth indicators from the subject ticket, except for - * S4U2Self requests (where the client didn't authenticate). */ + /* Extract auth indicators from the subject ticket, except for S4U2Self + * requests (where the client didn't authenticate). */ if (s4u_x509_user == NULL) { errcode = get_auth_indicators(kdc_context, subject_tkt, local_tgt, &local_tgt_key, &auth_indicators); @@ -401,12 +401,12 @@ process_tgs_req(krb5_kdc_req *request, krb5_data *pkt, status = "GET_AUTH_INDICATORS"; goto cleanup; } + } - errcode = check_indicators(kdc_context, server, auth_indicators); - if (errcode) { - status = "HIGHER_AUTHENTICATION_REQUIRED"; - goto cleanup; - } + errcode = check_indicators(kdc_context, server, auth_indicators); + if (errcode) { + status = "HIGHER_AUTHENTICATION_REQUIRED"; + goto cleanup; } if (is_referral) diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e3352f9..ba0ce0b 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1103,6 +1103,8 @@ enctype_name(krb5_enctype ktype, char *buf, size_t buflen) name = "rsaEncryption-EnvOID"; else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV) name = "id-RSAES-OAEP-EnvOID"; + else if (ktype == ENCTYPE_DES3_CBC_ENV) + name = "des-ede3-cbc-EnvOID"; else return krb5_enctype_to_name(ktype, FALSE, buf, buflen); @@ -1824,6 +1826,8 @@ krb5_boolean enctype_requires_etype_info_2(krb5_enctype enctype) { switch(enctype) { + case ENCTYPE_DES3_CBC_SHA1: + case ENCTYPE_DES3_CBC_RAW: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP : return 0; diff --git a/src/kdc/main.c b/src/kdc/main.c index 1ede4bf..fdcd694 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -872,7 +872,7 @@ write_pid_file(const char *path) FILE *file; unsigned long pid; - file = WRITABLEFOPEN(path, "w"); + file = fopen(path, "w"); if (file == NULL) return errno; pid = (unsigned long) getpid(); diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c index 356e3e0..5622d56 100644 --- a/src/kprop/kpropd.c +++ b/src/kprop/kpropd.c @@ -487,9 +487,6 @@ doit(int fd) krb5_enctype etype; int database_fd; char host[INET6_ADDRSTRLEN + 1]; -#ifdef USE_SELINUX - void *selabel; -#endif signal_wrapper(SIGALRM, alarm_handler); alarm(params.iprop_resync_timeout); @@ -545,15 +542,9 @@ doit(int fd) free(name); exit(1); } -#ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(file); -#endif omask = umask(077); lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600); (void)umask(omask); -#ifdef USE_SELINUX - krb5int_pop_fscreatecon(selabel); -#endif retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK); if (retval) { diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index 890d54a..c3fcfd7 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -13,7 +13,7 @@ STOBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ - $(CRYPTO_IMPL)/aes/OBJS.ST \ + $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ $(CRYPTO_IMPL)/OBJS.ST @@ -21,7 +21,7 @@ SUBDIROBJLISTS=$(CRYPTO_IMPL)/enc_provider/OBJS.ST \ $(CRYPTO_IMPL)/hash_provider/OBJS.ST \ $(CRYPTO_IMPL)/md4/OBJS.ST $(CRYPTO_IMPL)/md5/OBJS.ST \ $(CRYPTO_IMPL)/sha1/OBJS.ST $(CRYPTO_IMPL)/sha2/OBJS.ST \ - $(CRYPTO_IMPL)/aes/OBJS.ST \ + $(CRYPTO_IMPL)/aes/OBJS.ST $(CRYPTO_IMPL)/des/OBJS.ST \ $(CRYPTO_IMPL)/camellia/OBJS.ST krb/OBJS.ST \ $(CRYPTO_IMPL)/OBJS.ST @@ -34,8 +34,8 @@ SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB) SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@ ##DOS##LIBNAME=$(OUTPRE)crypto.lib -##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst -##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst +##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst +##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst all-unix: all-liblinks install-unix: install-libs diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in index 82adf1d..baf5d97 100644 --- a/src/lib/crypto/builtin/Makefile.in +++ b/src/lib/crypto/builtin/Makefile.in @@ -1,6 +1,6 @@ mydir=lib$(S)crypto$(S)builtin BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider +SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) ##DOS##BUILDTOP = ..\..\.. @@ -22,7 +22,7 @@ SRCS=\ $(srcdir)/init.c \ $(srcdir)/pbkdf2.c -STOBJLISTS= md4/OBJS.ST \ +STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ @@ -30,7 +30,7 @@ STOBJLISTS= md4/OBJS.ST \ camellia/OBJS.ST \ OBJS.ST -SUBDIROBJLISTS= md4/OBJS.ST \ +SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ diff --git a/src/lib/crypto/builtin/des/ISSUES b/src/lib/crypto/builtin/des/ISSUES new file mode 100644 index 0000000..1578911 --- /dev/null +++ b/src/lib/crypto/builtin/des/ISSUES @@ -0,0 +1,13 @@ +Issues to be addressed for src/lib/crypto/des: -*- text -*- + + +"const" could be used in more places + + +Array types are used in calling interfaces. Under ANSI C, a value of +type "arraytype *" cannot be assigned to a variable of type "const +arraytype *", so we get compilation warnings. + +Possible fix: Rewrite internal interfaces to not use arrays this way. +Provide external routines compatible with old API, but not using +const? diff --git a/src/lib/crypto/builtin/des/Makefile.in b/src/lib/crypto/builtin/des/Makefile.in new file mode 100644 index 0000000..ed25dab --- /dev/null +++ b/src/lib/crypto/builtin/des/Makefile.in @@ -0,0 +1,80 @@ +mydir=lib$(S)crypto$(S)builtin$(S)des +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb + +##DOS##BUILDTOP = ..\..\..\.. +##DOS##PREFIXDIR = builtin\des +##DOS##OBJFILE = ..\..\$(OUTPRE)des.lst + +STLIBOBJS=\ + d3_aead.o \ + d3_kysched.o \ + des_keys.o \ + f_aead.o \ + f_cksum.o \ + f_parity.o \ + f_sched.o \ + f_tables.o \ + key_sched.o \ + weak_key.o + +OBJS= $(OUTPRE)d3_aead.$(OBJEXT) \ + $(OUTPRE)d3_kysched.$(OBJEXT) \ + $(OUTPRE)des_keys.$(OBJEXT) \ + $(OUTPRE)f_aead.$(OBJEXT) \ + $(OUTPRE)f_cksum.$(OBJEXT) \ + $(OUTPRE)f_parity.$(OBJEXT) \ + $(OUTPRE)f_sched.$(OBJEXT) \ + $(OUTPRE)f_tables.$(OBJEXT) \ + $(OUTPRE)key_sched.$(OBJEXT) \ + $(OUTPRE)weak_key.$(OBJEXT) + +SRCS= $(srcdir)/d3_aead.c \ + $(srcdir)/d3_kysched.c \ + $(srcdir)/des_keys.c \ + $(srcdir)/f_aead.c \ + $(srcdir)/f_cksum.c \ + $(srcdir)/f_parity.c \ + $(srcdir)/f_sched.c \ + $(srcdir)/f_tables.c \ + $(srcdir)/key_sched.c \ + $(srcdir)/weak_key.c + +EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c + +##DOS##LIBOBJS = $(OBJS) + +TOBJS = $(OUTPRE)key_sched.$(OBJEXT) $(OUTPRE)f_sched.$(OBJEXT) \ + $(OUTPRE)f_cbc.$(OBJEXT) $(OUTPRE)f_tables.$(OBJEXT) \ + $(OUTPRE)f_cksum.$(OBJEXT) + +verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ + $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) + $(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \ + -lcom_err $(SUPPORT_LIB) + +destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS) $(SUPPORT_DEPLIB) + $(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS) $(SUPPORT_LIB) + +all-unix: all-libobjs + +check-unix: verify destest + $(RUN_TEST) ./verify -z + $(RUN_TEST) ./verify -m + $(RUN_TEST) ./verify + $(RUN_TEST) ./destest < $(srcdir)/keytest.data + +includes: depend + +depend: $(SRCS) + +check-windows: + +clean: + $(RM) destest.$(OBJEXT) destest$(EXEEXT) verify$(EXEEXT) \ + t_verify.$(OBJEXT) $(TOBJS) + +clean-unix:: clean-libobjs + +@libobj_frag@ + diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c new file mode 100644 index 0000000..bddf75a --- /dev/null +++ b/src/lib/crypto/builtin/des/d3_aead.c @@ -0,0 +1,133 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * Copyright 1995 by Richard P. Basch. All Rights Reserved. + * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Richard P. Basch, + * Lehman Brothers and M.I.T. make no representations about the suitability + * of this software for any purpose. It is provided "as is" without + * express or implied warranty. + */ + +#include "crypto_int.h" +#include "des_int.h" +#include "f_tables.h" + +void +krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp1, *kp2, *kp3; + const unsigned char *ip; + struct iov_cursor cursor; + unsigned char block[MIT_DES_BLOCK_LENGTH]; + + /* Get key pointers here. These won't need to be reinitialized. */ + kp1 = (const unsigned DES_INT32 *)ks1; + kp2 = (const unsigned DES_INT32 *)ks2; + kp3 = (const unsigned DES_INT32 *)ks3; + + /* Initialize left and right with the contents of the initial vector. */ + ip = (ivec != NULL) ? ivec : mit_des_zeroblock; + left = load_32_be(ip); + right = load_32_be(ip + 4); + + k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); + while (k5_iov_cursor_get(&cursor, block)) { + /* xor this block with the previous ciphertext. */ + left ^= load_32_be(block); + right ^= load_32_be(block + 4); + + /* Encrypt what we have and store it back into block. */ + DES_DO_ENCRYPT(left, right, kp1); + DES_DO_DECRYPT(left, right, kp2); + DES_DO_ENCRYPT(left, right, kp3); + store_32_be(left, block); + store_32_be(right, block + 4); + + k5_iov_cursor_put(&cursor, block); + } + + if (ivec != NULL) { + store_32_be(left, ivec); + store_32_be(right, ivec + 4); + } +} + +void +krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp1, *kp2, *kp3; + const unsigned char *ip; + unsigned DES_INT32 ocipherl, ocipherr; + unsigned DES_INT32 cipherl, cipherr; + struct iov_cursor cursor; + unsigned char block[MIT_DES_BLOCK_LENGTH]; + + /* Get key pointers here. These won't need to be reinitialized. */ + kp1 = (const unsigned DES_INT32 *)ks1; + kp2 = (const unsigned DES_INT32 *)ks2; + kp3 = (const unsigned DES_INT32 *)ks3; + + /* + * Decrypting is harder than encrypting because of + * the necessity of remembering a lot more things. + * Should think about this a little more... + */ + + /* Prime the old cipher with ivec.*/ + ip = (ivec != NULL) ? ivec : mit_des_zeroblock; + ocipherl = load_32_be(ip); + ocipherr = load_32_be(ip + 4); + + k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); + while (k5_iov_cursor_get(&cursor, block)) { + /* Split this block into left and right. */ + cipherl = left = load_32_be(block); + cipherr = right = load_32_be(block + 4); + + /* Decrypt and xor with the old cipher to get plain text. */ + DES_DO_DECRYPT(left, right, kp3); + DES_DO_ENCRYPT(left, right, kp2); + DES_DO_DECRYPT(left, right, kp1); + left ^= ocipherl; + right ^= ocipherr; + + /* Store the encrypted halves back into block. */ + store_32_be(left, block); + store_32_be(right, block + 4); + + /* Save current cipher block halves. */ + ocipherl = cipherl; + ocipherr = cipherr; + + k5_iov_cursor_put(&cursor, block); + } + + if (ivec != NULL) { + store_32_be(ocipherl, ivec); + store_32_be(ocipherr, ivec + 4); + } +} diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c new file mode 100644 index 0000000..ebd1050 --- /dev/null +++ b/src/lib/crypto/builtin/des/d3_kysched.c @@ -0,0 +1,51 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright 1995 by Richard P. Basch. All Rights Reserved. + * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Richard P. Basch, + * Lehman Brothers and M.I.T. make no representations about the suitability + * of this software for any purpose. It is provided "as is" without + * express or implied warranty. + */ + +#include "k5-int.h" +#include "des_int.h" + +int +mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule) +{ + mit_des_make_key_sched(k[0],schedule[0]); + mit_des_make_key_sched(k[1],schedule[1]); + mit_des_make_key_sched(k[2],schedule[2]); + + if (!mit_des_check_key_parity(k[0])) /* bad parity --> return -1 */ + return(-1); + if (mit_des_is_weak_key(k[0])) + return(-2); + + if (!mit_des_check_key_parity(k[1])) + return(-1); + if (mit_des_is_weak_key(k[1])) + return(-2); + + if (!mit_des_check_key_parity(k[2])) + return(-1); + if (mit_des_is_weak_key(k[2])) + return(-2); + + /* if key was good, return 0 */ + return 0; +} diff --git a/src/lib/crypto/builtin/des/deps b/src/lib/crypto/builtin/des/deps new file mode 100644 index 0000000..df2a31d --- /dev/null +++ b/src/lib/crypto/builtin/des/deps @@ -0,0 +1,148 @@ +# +# Generated makefile dependencies follow. +# +d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + d3_aead.c des_int.h f_tables.h +d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + d3_kysched.c des_int.h +des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../aes/aes.h \ + $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h des_keys.c +f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../sha2/sha2.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h f_aead.c f_tables.h +f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des_int.h f_cksum.c \ + f_tables.h +f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h f_parity.c +f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des_int.h f_sched.c +f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h f_tables.c f_tables.h +key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h key_sched.c +weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h weak_key.c +destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des_int.h destest.c +f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des_int.h f_cbc.c \ + f_tables.h +t_verify.so t_verify.po $(OUTPRE)t_verify.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_int.h t_verify.c diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h new file mode 100644 index 0000000..f8dc6b2 --- /dev/null +++ b/src/lib/crypto/builtin/des/des_int.h @@ -0,0 +1,285 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/des_int.h */ +/* + * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of + * Technology. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* Private include file for the Data Encryption Standard library. */ + +/* only do the whole thing once */ +#ifndef DES_INTERNAL_DEFS +#define DES_INTERNAL_DEFS + +#include "k5-int.h" +/* + * Begin "mit-des.h" + */ +#ifndef KRB5_MIT_DES__ +#define KRB5_MIT_DES__ + +#if defined(__MACH__) && defined(__APPLE__) +#include +#include +#if TARGET_RT_MAC_CFM +#error "Use KfM 4.0 SDK headers for CFM compilation." +#endif +#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) +#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 +#endif +#endif /* defined(__MACH__) && defined(__APPLE__) */ + +/* Macro to add deprecated attribute to DES types and functions */ +/* Currently only defined on macOS 10.5 and later. */ +#ifndef KRB5INT_DES_DEPRECATED +#define KRB5INT_DES_DEPRECATED +#endif + +#include + +#if UINT_MAX >= 0xFFFFFFFFUL +#define DES_INT32 int +#define DES_UINT32 unsigned int +#else +#define DES_INT32 long +#define DES_UINT32 unsigned long +#endif + +typedef unsigned char des_cblock[8] /* crypto-block size */ +KRB5INT_DES_DEPRECATED; + +/* + * Key schedule. + * + * This used to be + * + * typedef struct des_ks_struct { + * union { DES_INT32 pad; des_cblock _;} __; + * } des_key_schedule[16]; + * + * but it would cause trouble if DES_INT32 were ever more than 4 + * bytes. The reason is that all the encryption functions cast it to + * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If + * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the + * caller-allocated des_key_schedule will be overflowed by the key + * scheduling functions. We can't assume that every platform will + * have an exact 32-bit int, and nothing should be looking inside a + * des_key_schedule anyway. + */ +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +KRB5INT_DES_DEPRECATED; + +typedef des_cblock mit_des_cblock; +typedef des_key_schedule mit_des_key_schedule; + +/* Triple-DES structures */ +typedef mit_des_cblock mit_des3_cblock[3]; +typedef mit_des_key_schedule mit_des3_key_schedule[3]; + +#define MIT_DES_ENCRYPT 1 +#define MIT_DES_DECRYPT 0 + +typedef struct mit_des_ran_key_seed { + krb5_encrypt_block eblock; + krb5_data sequence; +} mit_des_random_state; + +/* the first byte of the key is already in the keyblock */ + +#define MIT_DES_BLOCK_LENGTH (8*sizeof(krb5_octet)) +/* This used to be 8*sizeof(krb5_octet) */ +#define MIT_DES_KEYSIZE 8 + +#define MIT_DES_CBC_CKSUM_LENGTH (4*sizeof(krb5_octet)) + +#endif /* KRB5_MIT_DES__ */ +/* + * End "mit-des.h" + */ + +/* afsstring2key.c */ +krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock, + const krb5_data *data, + const krb5_data *salt); +char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf); + +/* f_cksum.c */ +unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *, + unsigned long, const mit_des_key_schedule, + const krb5_octet *); + +/* f_cbc.c (used by test programs) */ +int +mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, + unsigned long length, const mit_des_key_schedule schedule, + const mit_des_cblock ivec, int enc); + +#define mit_des_zeroblock krb5int_c_mit_des_zeroblock +extern const mit_des_cblock mit_des_zeroblock; + +/* fin_rndkey.c */ +krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *, + krb5_pointer *); + +/* finish_key.c */ +krb5_error_code mit_des_finish_key(krb5_encrypt_block *); + +/* init_rkey.c */ +krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *, + const krb5_keyblock *, + krb5_pointer *); + +/* key_parity.c */ +void mit_des_fixup_key_parity(mit_des_cblock); +int mit_des_check_key_parity(mit_des_cblock); + +/* key_sched.c */ +int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule); + +/* process_ky.c */ +krb5_error_code mit_des_process_key(krb5_encrypt_block *, + const krb5_keyblock *); + +/* random_key.c */ +krb5_error_code mit_des_random_key(const krb5_encrypt_block *, + krb5_pointer, krb5_keyblock **); + +/* string2key.c */ +krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *, + krb5_keyblock *, const krb5_data *, + const krb5_data *); +krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *, + const krb5_data *); + +/* weak_key.c */ +int mit_des_is_weak_key(mit_des_cblock); + +/* cmb_keys.c */ +krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *, + const krb5_keyblock *, + krb5_keyblock **); + +/* f_pcbc.c */ +int mit_des_pcbc_encrypt(); + +/* f_sched.c */ +int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule); + + +/* misc.c */ +extern void swap_bits(char *); +extern unsigned long long_swap_bits(unsigned long); +extern unsigned long swap_six_bits_to_ansi(unsigned long); +extern unsigned long swap_four_bits_to_ansi(unsigned long); +extern unsigned long swap_bit_pos_1(unsigned long); +extern unsigned long swap_bit_pos_0(unsigned long); +extern unsigned long swap_bit_pos_0_to_ansi(unsigned long); +extern unsigned long rev_swap_bit_pos_0(unsigned long); +extern unsigned long swap_byte_bits(unsigned long); +extern unsigned long swap_long_bytes_bit_number(unsigned long); +#ifdef FILE +/* XXX depends on FILE being a #define! */ +extern void test_set(FILE *, const char *, int, const char *, int); +#endif + +void +krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec); + +void +krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec); + +void +krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec); + +void +krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec); + +void +krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule schedule, mit_des_cblock ivec, + mit_des_cblock out); + +/* d3_procky.c */ +krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock, + const krb5_keyblock *keyblock); + +/* d3_kysched.c */ +int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule); + +/* d3_str2ky.c */ +krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock, + krb5_keyblock *keyblock, + const krb5_data *data, + const krb5_data *salt); + +/* u_nfold.c */ +krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len, + krb5_octet *output, const size_t out_len); + +/* u_rn_key.c */ +int mit_des_is_weak_keyblock(krb5_keyblock *keyblock); + +void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock); + +krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed, + krb5_pointer random_state); + +krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence, + krb5_pointer random_state); +#endif /*DES_INTERNAL_DEFS*/ diff --git a/src/lib/crypto/builtin/des/des_keys.c b/src/lib/crypto/builtin/des/des_keys.c new file mode 100644 index 0000000..32b119a --- /dev/null +++ b/src/lib/crypto/builtin/des/des_keys.c @@ -0,0 +1,40 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/des_keys.c - Key functions used by Kerberos code */ +/* + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "crypto_int.h" +#include "des_int.h" + +void +k5_des_fixup_key_parity(unsigned char *keybits) +{ + mit_des_fixup_key_parity(keybits); +} + +krb5_boolean +k5_des_is_weak_key(unsigned char *keybits) +{ + return mit_des_is_weak_key(keybits); +} diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c new file mode 100644 index 0000000..5211430 --- /dev/null +++ b/src/lib/crypto/builtin/des/destest.c @@ -0,0 +1,240 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/destest.c */ +/* + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* Test a DES implementation against known inputs & outputs. */ + +#include "des_int.h" +#include +#include + +void convert (char *, unsigned char []); + +void des_cblock_print_file (mit_des_cblock, FILE *); + +krb5_octet zeroblock[8] = {0,0,0,0,0,0,0,0}; + +int +main(argc, argv) + int argc; + char *argv[]; +{ + char block1[17], block2[17], block3[17]; + /* Force tests of unaligned accesses. */ + union { unsigned char c[8*4+3]; long l; } u; + unsigned char *ioblocks = u.c; + unsigned char *input = ioblocks+1; + unsigned char *output = ioblocks+10; + unsigned char *output2 = ioblocks+19; + unsigned char *key = ioblocks+27; + mit_des_key_schedule sched; + int num = 0; + int retval; + + int error = 0; + + while (scanf("%16s %16s %16s", block1, block2, block3) == 3) { + convert(block1, key); + convert(block2, input); + convert(block3, output); + + retval = mit_des_key_sched(key, sched); + if (retval) { + fprintf(stderr, "des test: can't process key: %d\n", retval); + fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3); + exit(1); + } + mit_des_cbc_encrypt((const mit_des_cblock *) input, + (mit_des_cblock *) output2, 8, + sched, zeroblock, 1); + + if (memcmp((char *)output2, (char *)output, 8)) { + fprintf(stderr, + "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n", + block1, block2, block3, + output2[0],output2[1],output2[2],output2[3], + output2[4],output2[5],output2[6],output2[7]); + error++; + } + + /* + * Now try decrypting.... + */ + mit_des_cbc_encrypt((const mit_des_cblock *) output, + (mit_des_cblock *) output2, 8, + sched, zeroblock, 0); + + if (memcmp((char *)output2, (char *)input, 8)) { + fprintf(stderr, + "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n", + block1, block2, block3, + output2[0],output2[1],output2[2],output2[3], + output2[4],output2[5],output2[6],output2[7]); + error++; + } + + num++; + } + + if (error) + printf("destest: failed to pass the test\n"); + else + printf("destest: %d tests passed successfully\n", num); + + exit( (error > 256 && error % 256) ? 1 : error); +} + +int value[128] = { + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + 0, 1, 2, 3, 4, 5, 6, 7, + 8, 9, -1, -1, -1, -1, -1, -1, + -1, 10, 11, 12, 13, 14, 15, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, +}; + +void +convert(text, cblock) + char *text; + unsigned char cblock[]; +{ + int i; + for (i = 0; i < 8; i++) { + if (!isascii((unsigned char)text[i * 2])) + abort (); + if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) { + printf("Bad value byte %d in %s\n", i, text); + exit(1); + } + cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]]; + } + return; +} + +/* + * Fake out the DES library, for the purposes of testing. + */ + +int +mit_des_is_weak_key(key) + mit_des_cblock key; +{ + return 0; /* fake it out for testing */ +} + +void +des_cblock_print_file(x, fp) + mit_des_cblock x; + FILE *fp; +{ + unsigned char *y = (unsigned char *) x; + int i = 0; + fprintf(fp," 0x { "); + + while (i++ < 8) { + fprintf(fp,"%x",*y++); + if (i < 8) + fprintf(fp,", "); + } + fprintf(fp," }"); +} + + +#define smask(step) ((1<>step)&smask(step))) +#define parity_char(x) pstep(pstep(pstep((x),4),2),1) + +/* + * des_check_key_parity: returns true iff key has the correct des parity. + * See des_fix_key_parity for the definition of + * correct des parity. + */ +int +mit_des_check_key_parity(key) + mit_des_cblock key; +{ + unsigned int i; + + for (i=0; i decrypt, else encrypt */ + Key_schedule schedule; /* addr of key schedule */ + +This is the low level routine that encrypts or decrypts a single 8-byte +block in electronic code book mode. Always transforms the input +data into the output data. + +If encrypt is non-zero, the input (cleartext) is encrypted into the +output (ciphertext) using the specified key_schedule, pre-set via "des_set_key". + +If encrypt is zero, the input (now ciphertext) is decrypted into +the output (now cleartext). + +Input and output may be the same space. + +Does not return any meaningful value. Void is not used for compatibility +with other compilers. + +/* -------------------------------------------------------------- */ + +int + cbc_encrypt(input,output,length,schedule,ivec,encrypt) + + C_Block *input; /* ptr to input data */ + C_Block *output; /* ptr to output data */ + int length; /* desired length, in bytes */ + Key_schedule schedule; /* addr of precomputed schedule */ + C_Block *ivec; /* pointer to 8 byte initialization + * vector + */ + int encrypt /* 0 ==> decrypt; else encrypt*/ + + + If encrypt is non-zero, the routine cipher-block-chain encrypts + the INPUT (cleartext) into the OUTPUT (ciphertext) using the provided + key schedule and initialization vector. If the length is not an integral + multiple of eight bytes, the last block is copied to a temp and zero + filled (highest addresses). The output is ALWAYS an integral multiple + of eight bytes. + + If encrypt is zero, the routine cipher-block chain decrypts the INPUT + (ciphertext) into the OUTPUT (cleartext) using the provided key schedule + and initialization vector. Decryption ALWAYS operates on integral + multiples of 8 bytes, so will round the length provided up to the + appropriate multiple. Consequently, it will always produce the rounded-up + number of bytes of output cleartext. The application must determine if + the output cleartext was zero-padded due to cleartext lengths not integral + multiples of 8. + + No errors or meaningful value are returned. Void is not used for + compatibility with other compilers. + + +/* cbc checksum (MAC) only routine ---------------------------------------- */ +int + cbc_cksum(input,output,length,schedule,ivec) + + C_Block *input; /* >= length bytes of inputtext */ + C_Block *output; /* >= length bytes of outputtext */ + int length; /* in bytes */ + Key_schedule schedule; /* precomputed key schedule */ + C_Block *ivec; /* 8 bytes of ivec */ + + + Produces a cryptographic checksum, 8 bytes, by cipher-block-chain + encrypting the input, discarding the ciphertext output, and only retaining + the last ciphertext 8-byte block. Uses the provided key schedule and ivec. + The input is effectively zero-padded to an integral multiple of + eight bytes, though the original input is not modified. + + No meaningful value is returned. Void is not used for compatibility + with other compilers. + + +/* random_key ----------------------------------------*/ +int + random_key(key) + + C_Block *key; + + The start for the random number generated is set from the current time + in microseconds, then the random number generator is invoked + to create an eight byte output key (not a schedule). The key + generated is set to odd parity per FIPS spec. + + The caller must supply space for the output key, pointed to + by "*key", then after getting a new key, call the des_set_key() + routine when needed. + + No meaningfull value is returned. Void is not used for compatibility + with other compilers. + + +/* string_to_key --------------------------------------------*/ + +int + string_to_key(str,key) + char *str; + C_Block *key; + + This routines converts an arbitrary length, null terminated string + to an 8 byte DES key, with each byte parity set to odd, per FIPS spec. + + The algorithm is as follows: + +| Take the first 8 bytes and remove the parity (leaving 56 bits). +| Do the same for the second 8 bytes, and the third, etc. Do this for +| as many sets of 8 bytes as necessary, filling in the remainder of the +| last set with nulls. Fold the second set back on the first (i.e. bit +| 0 over bit 55, and bit 55 over bit 0). Fold the third over the second +| (bit 0 of the third set is now over bit 0 of the first set). Repeat +| until you have done this to all sets. Xor the folded sets. Break the +| result into 8 7 bit bytes, and generate odd parity for each byte. You +| now have 64 bits. Note that DES takes a 64 bit key, and uses only the +| non parity bits. + + +/* read_password -------------------------------------------*/ + +read_password(k,prompt,verify) + C_Block *k; + char *prompt; + int verify; + +This routine issues the supplied prompt, turns off echo, if possible, and +reads an input string. If verify is non-zero, it does it again, for use +in applications such as changing a password. If verify is non-zero, both +versions are compared, and the input is requested repeatedly until they +match. Then, the input string is mapped into a valid DES key, internally +using the string_to_key routine. The newly created key is copied to the +area pointed to by parameter "k". + +No meaningful value is returned. If an error occurs trying to manipulate +the terminal echo, the routine forces the process to exit. + +/* get_line ------------------------*/ +long get_line(p,max) + char *p; + long max; + +Reads input characters from standard input until either a newline appears or +else the max length is reached. The characters read are stuffed into +the string pointed to, which will always be null terminated. The newline +is not inserted in the string. The max parameter includes the byte needed +for the null terminator, so allocate and pass one more than the maximum +string length desired. diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c new file mode 100644 index 0000000..71b8dff --- /dev/null +++ b/src/lib/crypto/builtin/des/f_aead.c @@ -0,0 +1,173 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * Copyright 1995 by Richard P. Basch. All Rights Reserved. + * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Richard P. Basch, + * Lehman Brothers and M.I.T. make no representations about the suitability + * of this software for any purpose. It is provided "as is" without + * express or implied warranty. + */ + +#include "crypto_int.h" +#include "des_int.h" +#include "f_tables.h" + +const mit_des_cblock mit_des_zeroblock /* = all zero */; + +void +krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + struct iov_cursor cursor; + unsigned char block[MIT_DES_BLOCK_LENGTH]; + + /* Get key pointer here. This won't need to be reinitialized. */ + kp = (const unsigned DES_INT32 *)schedule; + + /* Initialize left and right with the contents of the initial vector. */ + ip = (ivec != NULL) ? ivec : mit_des_zeroblock; + left = load_32_be(ip); + right = load_32_be(ip + 4); + + k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); + while (k5_iov_cursor_get(&cursor, block)) { + /* Decompose this block and xor it with the previous ciphertext. */ + left ^= load_32_be(block); + right ^= load_32_be(block + 4); + + /* Encrypt what we have and put back into block. */ + DES_DO_ENCRYPT(left, right, kp); + store_32_be(left, block); + store_32_be(right, block + 4); + + k5_iov_cursor_put(&cursor, block); + } + + if (ivec != NULL) { + store_32_be(left, ivec); + store_32_be(right, ivec + 4); + } +} + +void +krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + unsigned DES_INT32 ocipherl, ocipherr; + unsigned DES_INT32 cipherl, cipherr; + struct iov_cursor cursor; + unsigned char block[MIT_DES_BLOCK_LENGTH]; + + /* Get key pointer here. This won't need to be reinitialized. */ + kp = (const unsigned DES_INT32 *)schedule; + + /* + * Decrypting is harder than encrypting because of + * the necessity of remembering a lot more things. + * Should think about this a little more... + */ + + /* Prime the old cipher with ivec. */ + ip = (ivec != NULL) ? ivec : mit_des_zeroblock; + ocipherl = load_32_be(ip); + ocipherr = load_32_be(ip + 4); + + k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE); + while (k5_iov_cursor_get(&cursor, block)) { + /* Split this block into left and right. */ + cipherl = left = load_32_be(block); + cipherr = right = load_32_be(block + 4); + + /* Decrypt and xor with the old cipher to get plain text. */ + DES_DO_DECRYPT(left, right, kp); + left ^= ocipherl; + right ^= ocipherr; + + /* Store the encrypted halves back into block. */ + store_32_be(left, block); + store_32_be(right, block + 4); + + /* Save current cipher block halves. */ + ocipherl = cipherl; + ocipherr = cipherr; + + k5_iov_cursor_put(&cursor, block); + } + + if (ivec != NULL) { + store_32_be(ocipherl, ivec); + store_32_be(ocipherr, ivec + 4); + } +} + +void +krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data, + const mit_des_key_schedule schedule, mit_des_cblock ivec, + mit_des_cblock out) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + struct iov_cursor cursor; + unsigned char block[MIT_DES_BLOCK_LENGTH]; + + /* Get key pointer here. This won't need to be reinitialized. */ + kp = (const unsigned DES_INT32 *)schedule; + + /* Initialize left and right with the contents of the initial vector. */ + ip = (ivec != NULL) ? ivec : mit_des_zeroblock; + left = load_32_be(ip); + right = load_32_be(ip + 4); + + k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, TRUE); + while (k5_iov_cursor_get(&cursor, block)) { + /* Decompose this block and xor it with the previous ciphertext. */ + left ^= load_32_be(block); + right ^= load_32_be(block + 4); + + /* Encrypt what we have. */ + DES_DO_ENCRYPT(left, right, kp); + } + + /* Output the final ciphertext block. */ + store_32_be(left, out); + store_32_be(right, out + 4); +} + +#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) +void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left, + unsigned DES_INT32 *right, + const unsigned DES_INT32 *kp) +{ + DES_DO_ENCRYPT_1 (*left, *right, kp); +} + +void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left, + unsigned DES_INT32 *right, + const unsigned DES_INT32 *kp) +{ + DES_DO_DECRYPT_1 (*left, *right, kp); +} +#endif diff --git a/src/lib/crypto/builtin/des/f_cbc.c b/src/lib/crypto/builtin/des/f_cbc.c new file mode 100644 index 0000000..84d5382 --- /dev/null +++ b/src/lib/crypto/builtin/des/f_cbc.c @@ -0,0 +1,256 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/f_cbc.c */ +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * CBC functions; used only by the test programs at this time. (krb5 uses the + * functions in f_aead.c instead.) + */ + +/* + * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode + */ +#include "des_int.h" +#include "f_tables.h" + +/* + * des_cbc_encrypt - {en,de}crypt a stream in CBC mode + */ + +/* + * This routine performs DES cipher-block-chaining operation, either + * encrypting from cleartext to ciphertext, if encrypt != 0 or + * decrypting from ciphertext to cleartext, if encrypt == 0. + * + * The key schedule is passed as an arg, as well as the cleartext or + * ciphertext. The cleartext and ciphertext should be in host order. + * + * NOTE-- the output is ALWAYS an multiple of 8 bytes long. If not + * enough space was provided, your program will get trashed. + * + * For encryption, the cleartext string is null padded, at the end, to + * an integral multiple of eight bytes. + * + * For decryption, the ciphertext will be used in integral multiples + * of 8 bytes, but only the first "length" bytes returned into the + * cleartext. + */ + +const mit_des_cblock mit_des_zeroblock /* = all zero */; + +static void +des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, + unsigned long length, const mit_des_key_schedule schedule, + const mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + unsigned char *op; + + /* + * Get key pointer here. This won't need to be reinitialized + */ + kp = (const unsigned DES_INT32 *)schedule; + + /* + * Initialize left and right with the contents of the initial + * vector. + */ + ip = ivec; + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + + /* + * Suitably initialized, now work the length down 8 bytes + * at a time. + */ + ip = *in; + op = *out; + while (length > 0) { + /* + * Get more input, xor it in. If the length is + * greater than or equal to 8 this is straight + * forward. Otherwise we have to fart around. + */ + if (length >= 8) { + unsigned DES_INT32 temp; + GET_HALF_BLOCK(temp, ip); + left ^= temp; + GET_HALF_BLOCK(temp, ip); + right ^= temp; + length -= 8; + } else { + /* + * Oh, shoot. We need to pad the + * end with zeroes. Work backwards + * to do this. + */ + ip += (int) length; + switch(length) { + case 7: + right ^= (*(--ip) & FF_UINT32) << 8; + case 6: + right ^= (*(--ip) & FF_UINT32) << 16; + case 5: + right ^= (*(--ip) & FF_UINT32) << 24; + case 4: + left ^= *(--ip) & FF_UINT32; + case 3: + left ^= (*(--ip) & FF_UINT32) << 8; + case 2: + left ^= (*(--ip) & FF_UINT32) << 16; + case 1: + left ^= (*(--ip) & FF_UINT32) << 24; + break; + } + length = 0; + } + + /* + * Encrypt what we have + */ + DES_DO_ENCRYPT(left, right, kp); + + /* + * Copy the results out + */ + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + } +} + +static void +des_cbc_decrypt(const mit_des_cblock *in, mit_des_cblock *out, + unsigned long length, const mit_des_key_schedule schedule, + const mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + unsigned char *op; + unsigned DES_INT32 ocipherl, ocipherr; + unsigned DES_INT32 cipherl, cipherr; + + /* + * Get key pointer here. This won't need to be reinitialized + */ + kp = (const unsigned DES_INT32 *)schedule; + + /* + * Decrypting is harder than encrypting because of + * the necessity of remembering a lot more things. + * Should think about this a little more... + */ + + if (length <= 0) + return; + + /* + * Prime the old cipher with ivec. + */ + ip = ivec; + GET_HALF_BLOCK(ocipherl, ip); + GET_HALF_BLOCK(ocipherr, ip); + + /* + * Now do this in earnest until we run out of length. + */ + ip = *in; + op = *out; + for (;;) { /* check done inside loop */ + /* + * Read a block from the input into left and + * right. Save this cipher block for later. + */ + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + cipherl = left; + cipherr = right; + + /* + * Decrypt this. + */ + DES_DO_DECRYPT(left, right, kp); + + /* + * Xor with the old cipher to get plain + * text. Output 8 or less bytes of this. + */ + left ^= ocipherl; + right ^= ocipherr; + if (length > 8) { + length -= 8; + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + /* + * Save current cipher block here + */ + ocipherl = cipherl; + ocipherr = cipherr; + } else { + /* + * Trouble here. Start at end of output, + * work backwards. + */ + op += (int) length; + switch(length) { + case 8: + *(--op) = (unsigned char) (right & 0xff); + case 7: + *(--op) = (unsigned char) ((right >> 8) & 0xff); + case 6: + *(--op) = (unsigned char) ((right >> 16) & 0xff); + case 5: + *(--op) = (unsigned char) ((right >> 24) & 0xff); + case 4: + *(--op) = (unsigned char) (left & 0xff); + case 3: + *(--op) = (unsigned char) ((left >> 8) & 0xff); + case 2: + *(--op) = (unsigned char) ((left >> 16) & 0xff); + case 1: + *(--op) = (unsigned char) ((left >> 24) & 0xff); + break; + } + break; /* we're done */ + } + } +} + +int +mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out, + unsigned long length, const mit_des_key_schedule schedule, + const mit_des_cblock ivec, int enc) +{ + /* + * Deal with encryption and decryption separately. + */ + if (enc) + des_cbc_encrypt(in, out, length, schedule, ivec); + else + des_cbc_decrypt(in, out, length, schedule, ivec); + return 0; +} diff --git a/src/lib/crypto/builtin/des/f_cksum.c b/src/lib/crypto/builtin/des/f_cksum.c new file mode 100644 index 0000000..cb482b0 --- /dev/null +++ b/src/lib/crypto/builtin/des/f_cksum.c @@ -0,0 +1,136 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/f_cksum.c */ +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* DES implementation donated by Dennis Ferguson */ + +/* + * des_cbc_cksum.c - compute an 8 byte checksum using DES in CBC mode + */ +#include "des_int.h" +#include "f_tables.h" + +/* + * This routine performs DES cipher-block-chaining checksum operation, + * a.k.a. Message Authentication Code. It ALWAYS encrypts from input + * to a single 64 bit output MAC checksum. + * + * The key schedule is passed as an arg, as well as the cleartext or + * ciphertext. The cleartext and ciphertext should be in host order. + * + * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was + * provided, your program will get trashed. + * + * The input is null padded, at the end (highest addr), to an integral + * multiple of eight bytes. + */ + +unsigned long +mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out, + unsigned long length, const mit_des_key_schedule schedule, + const krb5_octet *ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + unsigned char *op; + DES_INT32 len; + + /* + * Initialize left and right with the contents of the initial + * vector. + */ + ip = ivec; + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + + /* + * Suitably initialized, now work the length down 8 bytes + * at a time. + */ + ip = in; + len = length; + while (len > 0) { + /* + * Get more input, xor it in. If the length is + * greater than or equal to 8 this is straight + * forward. Otherwise we have to fart around. + */ + if (len >= 8) { + unsigned DES_INT32 temp; + GET_HALF_BLOCK(temp, ip); + left ^= temp; + GET_HALF_BLOCK(temp, ip); + right ^= temp; + len -= 8; + } else { + /* + * Oh, shoot. We need to pad the + * end with zeroes. Work backwards + * to do this. + */ + ip += (int) len; + switch(len) { + case 7: + right ^= (*(--ip) & FF_UINT32) << 8; + case 6: + right ^= (*(--ip) & FF_UINT32) << 16; + case 5: + right ^= (*(--ip) & FF_UINT32) << 24; + case 4: + left ^= *(--ip) & FF_UINT32; + case 3: + left ^= (*(--ip) & FF_UINT32) << 8; + case 2: + left ^= (*(--ip) & FF_UINT32) << 16; + case 1: + left ^= (*(--ip) & FF_UINT32) << 24; + break; + } + len = 0; + } + + /* + * Encrypt what we have + */ + kp = (const unsigned DES_INT32 *)schedule; + DES_DO_ENCRYPT(left, right, kp); + } + + /* + * Done. Left and right have the checksum. Put it into + * the output. + */ + op = out; + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + + /* + * Return right. I'll bet the MIT code returns this + * inconsistantly (with the low order byte of the checksum + * not always in the low order byte of the DES_INT32). We won't. + */ + return right & 0xFFFFFFFFUL; +} diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c new file mode 100644 index 0000000..460b506 --- /dev/null +++ b/src/lib/crypto/builtin/des/f_parity.c @@ -0,0 +1,56 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * These routines check and fix parity of encryption keys for the DES + * algorithm. + * + * They are a replacement for routines in key_parity.c, that don't require + * the table building that they do. + * + * Mark Eichin -- Cygnus Support + */ + + +#include "des_int.h" + +/* + * des_fixup_key_parity: Forces odd parity per byte; parity is bits + * 8,16,...64 in des order, implies 0, 8, 16, ... + * vax order. + */ +#define smask(step) ((1<>step)&smask(step))) +#define parity_char(x) pstep(pstep(pstep((x),4),2),1) + +void +mit_des_fixup_key_parity(mit_des_cblock key) +{ + unsigned int i; + for (i=0; i> 29) & 0x7] + | (PC1_CL[(tmp >> 21) & 0x7] << 1) + | (PC1_CL[(tmp >> 13) & 0x7] << 2) + | (PC1_CL[(tmp >> 5) & 0x7] << 3); + d = PC1_DL[(tmp >> 25) & 0xf] + | (PC1_DL[(tmp >> 17) & 0xf] << 1) + | (PC1_DL[(tmp >> 9) & 0xf] << 2) + | (PC1_DL[(tmp >> 1) & 0xf] << 3); + + tmp = load_32_be(k), k += 4; + + c |= PC1_CR[(tmp >> 28) & 0xf] + | (PC1_CR[(tmp >> 20) & 0xf] << 1) + | (PC1_CR[(tmp >> 12) & 0xf] << 2) + | (PC1_CR[(tmp >> 4) & 0xf] << 3); + d |= PC1_DR[(tmp >> 25) & 0x7] + | (PC1_DR[(tmp >> 17) & 0x7] << 1) + | (PC1_DR[(tmp >> 9) & 0x7] << 2) + | (PC1_DR[(tmp >> 1) & 0x7] << 3); + } + + { + /* + * Need several temporaries in here + */ + unsigned DES_INT32 ltmp, rtmp; + unsigned DES_INT32 *k; + int two_bit_shifts; + int i; + /* + * Now iterate to compute the key schedule. Note that we + * record the entire set of subkeys in 6 bit chunks since + * they are used that way. At 6 bits/char, we need + * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes. + * The schedule must be this big. + */ + k = (unsigned DES_INT32 *)schedule; + two_bit_shifts = TWO_BIT_SHIFTS; + for (i = 16; i > 0; i--) { + /* + * Do the rotation. One bit and two bit rotations + * are done separately. Note C and D are 28 bits. + */ + if (two_bit_shifts & 0x1) { + c = ((c << 2) & 0xffffffc) | (c >> 26); + d = ((d << 2) & 0xffffffc) | (d >> 26); + } else { + c = ((c << 1) & 0xffffffe) | (c >> 27); + d = ((d << 1) & 0xffffffe) | (d >> 27); + } + two_bit_shifts >>= 1; + + /* + * Apply permutted choice 2 to C to get the first + * 24 bits worth of keys. Note that bits 9, 18, 22 + * and 25 (using DES numbering) in C are unused. The + * shift-mask stuff is done to delete these bits from + * the indices, since this cuts the table size in half. + * + * The table is torqued, by the way. If the standard + * byte order for this (high to low order) is 1234, + * the table actually gives us 4132. + */ + ltmp = PC2_C[0][((c >> 22) & 0x3f)] + | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)] + | PC2_C[2][((c >> 4) & 0x3) | ((c >> 9) & 0x3c)] + | PC2_C[3][((c ) & 0x7) | ((c >> 4) & 0x38)]; + /* + * Apply permutted choice 2 to D to get the other half. + * Here, bits 7, 10, 15 and 26 go unused. The sqeezing + * actually turns out to be cheaper here. + * + * This table is similarly torqued. If the standard + * byte order is 5678, the table has the bytes permuted + * to give us 7685. + */ + rtmp = PC2_D[0][((d >> 22) & 0x3f)] + | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)] + | PC2_D[2][((d >> 7) & 0x3f)] + | PC2_D[3][((d ) & 0x3) | ((d >> 1) & 0x3c)]; + + /* + * Make up two words of the key schedule, with a + * byte order which is convenient for the DES + * inner loop. The high order (first) word will + * hold bytes 7135 (high to low order) while the + * second holds bytes 4682. + */ + *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff); + *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00); + } + } + return (0); +} diff --git a/src/lib/crypto/builtin/des/f_tables.c b/src/lib/crypto/builtin/des/f_tables.c new file mode 100644 index 0000000..6308cb0 --- /dev/null +++ b/src/lib/crypto/builtin/des/f_tables.c @@ -0,0 +1,370 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/f_tables.c */ +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* DES implementation donated by Dennis Ferguson */ + +/* + * des_tables.c - precomputed tables used for the DES cipher function + */ + +/* + * Include the header file so something will complain if the + * declarations get out of sync + */ +#include "des_int.h" +#include "f_tables.h" + +/* + * These tables may be declared const if you want. Many compilers + * don't support this, though. + */ + +/* + * The DES algorithm which uses these is intended to be fairly speedy + * at the expense of some memory. All the standard hacks are used. + * The S boxes and the P permutation are precomputed into one table. + * The E box never actually appears explicitly since it is easy to apply + * this algorithmically as needed. The initial permutation and final + * (inverse initial) permutation are computed from tables designed to + * permute one byte at a time. This should run pretty fast on machines + * with 32 bit words and bit field/multiple bit shift instructions which + * are fast. + */ + +/* + * The initial permutation array. This is used to compute both the + * left and the right halves of the initial permutation using bytes + * from words made from the following operations: + * + * ((left & 0x55555555) << 1) | (right & 0x55555555) for left half + * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1) for right half + * + * The scheme is that we index into the table using each byte. The + * result from the high order byte is or'd with the result from the + * next byte shifted left once is or'd with the result from the next + * byte shifted left twice if or'd with the result from the low order + * byte shifted left by three. Clear? + */ + +const unsigned DES_INT32 des_IP_table[256] = { + 0x00000000, 0x00000010, 0x00000001, 0x00000011, + 0x00001000, 0x00001010, 0x00001001, 0x00001011, + 0x00000100, 0x00000110, 0x00000101, 0x00000111, + 0x00001100, 0x00001110, 0x00001101, 0x00001111, + 0x00100000, 0x00100010, 0x00100001, 0x00100011, + 0x00101000, 0x00101010, 0x00101001, 0x00101011, + 0x00100100, 0x00100110, 0x00100101, 0x00100111, + 0x00101100, 0x00101110, 0x00101101, 0x00101111, + 0x00010000, 0x00010010, 0x00010001, 0x00010011, + 0x00011000, 0x00011010, 0x00011001, 0x00011011, + 0x00010100, 0x00010110, 0x00010101, 0x00010111, + 0x00011100, 0x00011110, 0x00011101, 0x00011111, + 0x00110000, 0x00110010, 0x00110001, 0x00110011, + 0x00111000, 0x00111010, 0x00111001, 0x00111011, + 0x00110100, 0x00110110, 0x00110101, 0x00110111, + 0x00111100, 0x00111110, 0x00111101, 0x00111111, + 0x10000000, 0x10000010, 0x10000001, 0x10000011, + 0x10001000, 0x10001010, 0x10001001, 0x10001011, + 0x10000100, 0x10000110, 0x10000101, 0x10000111, + 0x10001100, 0x10001110, 0x10001101, 0x10001111, + 0x10100000, 0x10100010, 0x10100001, 0x10100011, + 0x10101000, 0x10101010, 0x10101001, 0x10101011, + 0x10100100, 0x10100110, 0x10100101, 0x10100111, + 0x10101100, 0x10101110, 0x10101101, 0x10101111, + 0x10010000, 0x10010010, 0x10010001, 0x10010011, + 0x10011000, 0x10011010, 0x10011001, 0x10011011, + 0x10010100, 0x10010110, 0x10010101, 0x10010111, + 0x10011100, 0x10011110, 0x10011101, 0x10011111, + 0x10110000, 0x10110010, 0x10110001, 0x10110011, + 0x10111000, 0x10111010, 0x10111001, 0x10111011, + 0x10110100, 0x10110110, 0x10110101, 0x10110111, + 0x10111100, 0x10111110, 0x10111101, 0x10111111, + 0x01000000, 0x01000010, 0x01000001, 0x01000011, + 0x01001000, 0x01001010, 0x01001001, 0x01001011, + 0x01000100, 0x01000110, 0x01000101, 0x01000111, + 0x01001100, 0x01001110, 0x01001101, 0x01001111, + 0x01100000, 0x01100010, 0x01100001, 0x01100011, + 0x01101000, 0x01101010, 0x01101001, 0x01101011, + 0x01100100, 0x01100110, 0x01100101, 0x01100111, + 0x01101100, 0x01101110, 0x01101101, 0x01101111, + 0x01010000, 0x01010010, 0x01010001, 0x01010011, + 0x01011000, 0x01011010, 0x01011001, 0x01011011, + 0x01010100, 0x01010110, 0x01010101, 0x01010111, + 0x01011100, 0x01011110, 0x01011101, 0x01011111, + 0x01110000, 0x01110010, 0x01110001, 0x01110011, + 0x01111000, 0x01111010, 0x01111001, 0x01111011, + 0x01110100, 0x01110110, 0x01110101, 0x01110111, + 0x01111100, 0x01111110, 0x01111101, 0x01111111, + 0x11000000, 0x11000010, 0x11000001, 0x11000011, + 0x11001000, 0x11001010, 0x11001001, 0x11001011, + 0x11000100, 0x11000110, 0x11000101, 0x11000111, + 0x11001100, 0x11001110, 0x11001101, 0x11001111, + 0x11100000, 0x11100010, 0x11100001, 0x11100011, + 0x11101000, 0x11101010, 0x11101001, 0x11101011, + 0x11100100, 0x11100110, 0x11100101, 0x11100111, + 0x11101100, 0x11101110, 0x11101101, 0x11101111, + 0x11010000, 0x11010010, 0x11010001, 0x11010011, + 0x11011000, 0x11011010, 0x11011001, 0x11011011, + 0x11010100, 0x11010110, 0x11010101, 0x11010111, + 0x11011100, 0x11011110, 0x11011101, 0x11011111, + 0x11110000, 0x11110010, 0x11110001, 0x11110011, + 0x11111000, 0x11111010, 0x11111001, 0x11111011, + 0x11110100, 0x11110110, 0x11110101, 0x11110111, + 0x11111100, 0x11111110, 0x11111101, 0x11111111 +}; + +/* + * The final permutation array. Like the IP array, used + * to compute both the left and right results from the bytes + * of words computed from: + * + * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f) for left result + * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4) for right result + * + * The result from the high order byte is shifted left 6 bits and + * or'd with the result from the next byte shifted left 4 bits, which + * is or'd with the result from the next byte shifted left 2 bits, + * which is or'd with the result from the low byte. + */ +const unsigned DES_INT32 des_FP_table[256] = { + 0x00000000, 0x02000000, 0x00020000, 0x02020000, + 0x00000200, 0x02000200, 0x00020200, 0x02020200, + 0x00000002, 0x02000002, 0x00020002, 0x02020002, + 0x00000202, 0x02000202, 0x00020202, 0x02020202, + 0x01000000, 0x03000000, 0x01020000, 0x03020000, + 0x01000200, 0x03000200, 0x01020200, 0x03020200, + 0x01000002, 0x03000002, 0x01020002, 0x03020002, + 0x01000202, 0x03000202, 0x01020202, 0x03020202, + 0x00010000, 0x02010000, 0x00030000, 0x02030000, + 0x00010200, 0x02010200, 0x00030200, 0x02030200, + 0x00010002, 0x02010002, 0x00030002, 0x02030002, + 0x00010202, 0x02010202, 0x00030202, 0x02030202, + 0x01010000, 0x03010000, 0x01030000, 0x03030000, + 0x01010200, 0x03010200, 0x01030200, 0x03030200, + 0x01010002, 0x03010002, 0x01030002, 0x03030002, + 0x01010202, 0x03010202, 0x01030202, 0x03030202, + 0x00000100, 0x02000100, 0x00020100, 0x02020100, + 0x00000300, 0x02000300, 0x00020300, 0x02020300, + 0x00000102, 0x02000102, 0x00020102, 0x02020102, + 0x00000302, 0x02000302, 0x00020302, 0x02020302, + 0x01000100, 0x03000100, 0x01020100, 0x03020100, + 0x01000300, 0x03000300, 0x01020300, 0x03020300, + 0x01000102, 0x03000102, 0x01020102, 0x03020102, + 0x01000302, 0x03000302, 0x01020302, 0x03020302, + 0x00010100, 0x02010100, 0x00030100, 0x02030100, + 0x00010300, 0x02010300, 0x00030300, 0x02030300, + 0x00010102, 0x02010102, 0x00030102, 0x02030102, + 0x00010302, 0x02010302, 0x00030302, 0x02030302, + 0x01010100, 0x03010100, 0x01030100, 0x03030100, + 0x01010300, 0x03010300, 0x01030300, 0x03030300, + 0x01010102, 0x03010102, 0x01030102, 0x03030102, + 0x01010302, 0x03010302, 0x01030302, 0x03030302, + 0x00000001, 0x02000001, 0x00020001, 0x02020001, + 0x00000201, 0x02000201, 0x00020201, 0x02020201, + 0x00000003, 0x02000003, 0x00020003, 0x02020003, + 0x00000203, 0x02000203, 0x00020203, 0x02020203, + 0x01000001, 0x03000001, 0x01020001, 0x03020001, + 0x01000201, 0x03000201, 0x01020201, 0x03020201, + 0x01000003, 0x03000003, 0x01020003, 0x03020003, + 0x01000203, 0x03000203, 0x01020203, 0x03020203, + 0x00010001, 0x02010001, 0x00030001, 0x02030001, + 0x00010201, 0x02010201, 0x00030201, 0x02030201, + 0x00010003, 0x02010003, 0x00030003, 0x02030003, + 0x00010203, 0x02010203, 0x00030203, 0x02030203, + 0x01010001, 0x03010001, 0x01030001, 0x03030001, + 0x01010201, 0x03010201, 0x01030201, 0x03030201, + 0x01010003, 0x03010003, 0x01030003, 0x03030003, + 0x01010203, 0x03010203, 0x01030203, 0x03030203, + 0x00000101, 0x02000101, 0x00020101, 0x02020101, + 0x00000301, 0x02000301, 0x00020301, 0x02020301, + 0x00000103, 0x02000103, 0x00020103, 0x02020103, + 0x00000303, 0x02000303, 0x00020303, 0x02020303, + 0x01000101, 0x03000101, 0x01020101, 0x03020101, + 0x01000301, 0x03000301, 0x01020301, 0x03020301, + 0x01000103, 0x03000103, 0x01020103, 0x03020103, + 0x01000303, 0x03000303, 0x01020303, 0x03020303, + 0x00010101, 0x02010101, 0x00030101, 0x02030101, + 0x00010301, 0x02010301, 0x00030301, 0x02030301, + 0x00010103, 0x02010103, 0x00030103, 0x02030103, + 0x00010303, 0x02010303, 0x00030303, 0x02030303, + 0x01010101, 0x03010101, 0x01030101, 0x03030101, + 0x01010301, 0x03010301, 0x01030301, 0x03030301, + 0x01010103, 0x03010103, 0x01030103, 0x03030103, + 0x01010303, 0x03010303, 0x01030303, 0x03030303 +}; + + +/* + * The SP table is actually the S boxes and the P permutation + * table combined. This table is actually reordered from the + * spec, to match the order of key application we follow. + */ +const unsigned DES_INT32 des_SP_table[8][64] = { + { + 0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */ + 0x00000400, 0x02000401, 0x00100401, 0x02100400, + 0x02100401, 0x00100000, 0x00000000, 0x02000001, + 0x00000001, 0x02000000, 0x02100001, 0x00000401, + 0x02000400, 0x00100401, 0x00100001, 0x02000400, + 0x02000001, 0x02100000, 0x02100400, 0x00100001, + 0x02100000, 0x00000400, 0x00000401, 0x02100401, + 0x00100400, 0x00000001, 0x02000000, 0x00100400, + 0x02000000, 0x00100400, 0x00100000, 0x02000401, + 0x02000401, 0x02100001, 0x02100001, 0x00000001, + 0x00100001, 0x02000000, 0x02000400, 0x00100000, + 0x02100400, 0x00000401, 0x00100401, 0x02100400, + 0x00000401, 0x02000001, 0x02100401, 0x02100000, + 0x00100400, 0x00000000, 0x00000001, 0x02100401, + 0x00000000, 0x00100401, 0x02100000, 0x00000400, + 0x02000001, 0x02000400, 0x00000400, 0x00100001, + }, + { + 0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */ + 0x00808002, 0x00008202, 0x00000002, 0x00008000, + 0x00000200, 0x00808200, 0x00808202, 0x00000200, + 0x00800202, 0x00808002, 0x00800000, 0x00000002, + 0x00000202, 0x00800200, 0x00800200, 0x00008200, + 0x00008200, 0x00808000, 0x00808000, 0x00800202, + 0x00008002, 0x00800002, 0x00800002, 0x00008002, + 0x00000000, 0x00000202, 0x00008202, 0x00800000, + 0x00008000, 0x00808202, 0x00000002, 0x00808000, + 0x00808200, 0x00800000, 0x00800000, 0x00000200, + 0x00808002, 0x00008000, 0x00008200, 0x00800002, + 0x00000200, 0x00000002, 0x00800202, 0x00008202, + 0x00808202, 0x00008002, 0x00808000, 0x00800202, + 0x00800002, 0x00000202, 0x00008202, 0x00808200, + 0x00000202, 0x00800200, 0x00800200, 0x00000000, + 0x00008002, 0x00008200, 0x00000000, 0x00808002, + }, + { + 0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */ + 0x04000100, 0x00000000, 0x00010104, 0x04000100, + 0x00010004, 0x04000004, 0x04000004, 0x00010000, + 0x04010104, 0x00010004, 0x04010000, 0x00000104, + 0x04000000, 0x00000004, 0x04010100, 0x00000100, + 0x00010100, 0x04010000, 0x04010004, 0x00010104, + 0x04000104, 0x00010100, 0x00010000, 0x04000104, + 0x00000004, 0x04010104, 0x00000100, 0x04000000, + 0x04010100, 0x04000000, 0x00010004, 0x00000104, + 0x00010000, 0x04010100, 0x04000100, 0x00000000, + 0x00000100, 0x00010004, 0x04010104, 0x04000100, + 0x04000004, 0x00000100, 0x00000000, 0x04010004, + 0x04000104, 0x00010000, 0x04000000, 0x04010104, + 0x00000004, 0x00010104, 0x00010100, 0x04000004, + 0x04010000, 0x04000104, 0x00000104, 0x04010000, + 0x00010104, 0x00000004, 0x04010004, 0x00010100, + }, + { + 0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */ + 0x00040000, 0x00000080, 0x20000000, 0x01040000, + 0x20040080, 0x00040000, 0x01000080, 0x20040080, + 0x21000080, 0x21040000, 0x00040080, 0x20000000, + 0x01000000, 0x20040000, 0x20040000, 0x00000000, + 0x20000080, 0x21040080, 0x21040080, 0x01000080, + 0x21040000, 0x20000080, 0x00000000, 0x21000000, + 0x01040080, 0x01000000, 0x21000000, 0x00040080, + 0x00040000, 0x21000080, 0x00000080, 0x01000000, + 0x20000000, 0x01040000, 0x21000080, 0x20040080, + 0x01000080, 0x20000000, 0x21040000, 0x01040080, + 0x20040080, 0x00000080, 0x01000000, 0x21040000, + 0x21040080, 0x00040080, 0x21000000, 0x21040080, + 0x01040000, 0x00000000, 0x20040000, 0x21000000, + 0x00040080, 0x01000080, 0x20000080, 0x00040000, + 0x00000000, 0x20040000, 0x01040080, 0x20000080, + }, + { + 0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */ + 0x00401040, 0x80400040, 0x80400000, 0x80001000, + 0x00000000, 0x00401000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00400040, 0x80400000, + 0x80000000, 0x00001000, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x80001000, 0x00001040, + 0x80400040, 0x80000000, 0x00001040, 0x00400040, + 0x00001000, 0x00401040, 0x80401040, 0x80000040, + 0x00400040, 0x80400000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00000000, 0x00401000, + 0x00001040, 0x00400040, 0x80400040, 0x80000000, + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x80401040, 0x80000040, 0x80000000, 0x00001000, + 0x80400000, 0x80001000, 0x00401040, 0x80400040, + 0x80001000, 0x00001040, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x00001000, 0x00401040, + }, + { + 0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */ + 0x10200000, 0x00000008, 0x10202008, 0x00200000, + 0x10002000, 0x00202008, 0x00200000, 0x10000008, + 0x00200008, 0x10002000, 0x10000000, 0x00002008, + 0x00000000, 0x00200008, 0x10002008, 0x00002000, + 0x00202000, 0x10002008, 0x00000008, 0x10200008, + 0x10200008, 0x00000000, 0x00202008, 0x10202000, + 0x00002008, 0x00202000, 0x10202000, 0x10000000, + 0x10002000, 0x00000008, 0x10200008, 0x00202000, + 0x10202008, 0x00200000, 0x00002008, 0x10000008, + 0x00200000, 0x10002000, 0x10000000, 0x00002008, + 0x10000008, 0x10202008, 0x00202000, 0x10200000, + 0x00202008, 0x10202000, 0x00000000, 0x10200008, + 0x00000008, 0x00002000, 0x10200000, 0x00202008, + 0x00002000, 0x00200008, 0x10002008, 0x00000000, + 0x10202000, 0x10000000, 0x00200008, 0x10002008, + }, + { + 0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */ + 0x08000000, 0x08000820, 0x00000020, 0x08000000, + 0x00020020, 0x08020000, 0x08020820, 0x00020800, + 0x08020800, 0x00020820, 0x00000800, 0x00000020, + 0x08020000, 0x08000020, 0x08000800, 0x00000820, + 0x00020800, 0x00020020, 0x08020020, 0x08020800, + 0x00000820, 0x00000000, 0x00000000, 0x08020020, + 0x08000020, 0x08000800, 0x00020820, 0x00020000, + 0x00020820, 0x00020000, 0x08020800, 0x00000800, + 0x00000020, 0x08020020, 0x00000800, 0x00020820, + 0x08000800, 0x00000020, 0x08000020, 0x08020000, + 0x08020020, 0x08000000, 0x00020000, 0x08000820, + 0x00000000, 0x08020820, 0x00020020, 0x08000020, + 0x08020000, 0x08000800, 0x08000820, 0x00000000, + 0x08020820, 0x00020800, 0x00020800, 0x00000820, + 0x00000820, 0x00020020, 0x08000000, 0x08020800, + }, + { + 0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */ + 0x00080000, 0x00000010, 0x40080010, 0x40004010, + 0x40000010, 0x40084010, 0x40084000, 0x40000000, + 0x40004000, 0x00080000, 0x00000010, 0x40080010, + 0x00084000, 0x00080010, 0x40004010, 0x00000000, + 0x40000000, 0x00004000, 0x00084010, 0x40080000, + 0x00080010, 0x40000010, 0x00000000, 0x00084000, + 0x00004010, 0x40084000, 0x40080000, 0x00004010, + 0x00000000, 0x00084010, 0x40080010, 0x00080000, + 0x40004010, 0x40080000, 0x40084000, 0x00004000, + 0x40080000, 0x40004000, 0x00000010, 0x40084010, + 0x00084010, 0x00000010, 0x00004000, 0x40000000, + 0x00004010, 0x40084000, 0x00080000, 0x40000010, + 0x00080010, 0x40004010, 0x40000010, 0x00080010, + 0x00084000, 0x00000000, 0x40004000, 0x00004010, + 0x40000000, 0x40080010, 0x40084010, 0x00084000 + }, +}; diff --git a/src/lib/crypto/builtin/des/f_tables.h b/src/lib/crypto/builtin/des/f_tables.h new file mode 100644 index 0000000..fc91b56 --- /dev/null +++ b/src/lib/crypto/builtin/des/f_tables.h @@ -0,0 +1,285 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/f_tables.h */ +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * DES implementation donated by Dennis Ferguson + */ + +/* + * des_tables.h - declarations to import the DES tables, used internally + * by some of the library routines. + */ +#ifndef __DES_TABLES_H__ +#define __DES_TABLES_H__ /* nothing */ + +#include "k5-platform.h" +/* + * These may be declared const if you wish. Be sure to change the + * declarations in des_tables.c as well. + */ +extern const unsigned DES_INT32 des_IP_table[256]; +extern const unsigned DES_INT32 des_FP_table[256]; +extern const unsigned DES_INT32 des_SP_table[8][64]; + +/* + * Use standard shortforms to reference these to save typing + */ +#define IP des_IP_table +#define FP des_FP_table +#define SP des_SP_table + +#ifdef DEBUG +#define DEB(foofraw) printf foofraw +#else +#define DEB(foofraw) /* nothing */ +#endif + +/* + * Code to do a DES round using the tables. Note that the E expansion + * is easy to compute algorithmically, especially if done out-of-order. + * Take a look at its form and compare it to everything involving temp + * below. Since SP[0-7] don't have any bits in common set it is okay + * to do the successive xor's. + * + * Note too that the SP table has been reordered to match the order of + * the keys (if the original order of SP was 12345678, the reordered + * table is 71354682). This is unnecessary, but was done since some + * compilers seem to like you going through the matrix from beginning + * to end. + * + * There is a difference in the best way to do this depending on whether + * one is encrypting or decrypting. If encrypting we move forward through + * the keys and hence should move forward through the table. If decrypting + * we go back. Part of the need for this comes from trying to emulate + * existing software which generates a single key schedule and uses it + * both for encrypting and decrypting. Generating separate encryption + * and decryption key schedules would allow one to use the same code + * for both. + * + * left, right and temp should be unsigned DES_INT32 values. left and right + * should be the high and low order parts of the cipher block at the + * current stage of processing (this makes sense if you read the spec). + * kp should be an unsigned DES_INT32 pointer which points at the current + * set of subkeys in the key schedule. It is advanced to the next set + * (i.e. by 8 bytes) when this is done. + * + * This occurs in the innermost loop of the DES function. The four + * variables should really be in registers. + * + * When using this, the inner loop of the DES function might look like: + * + * for (i = 0; i < 8; i++) { + * DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp); + * DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp); + * } + * + * Note the trick above. You are supposed to do 16 rounds, swapping + * left and right at the end of each round. By doing two rounds at + * a time and swapping left and right in the code we can avoid the + * swaps altogether. + */ +#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp) do { \ + (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \ + (left) ^= SP[0][((temp) >> 24) & 0x3f] \ + | SP[1][((temp) >> 16) & 0x3f] \ + | SP[2][((temp) >> 8) & 0x3f] \ + | SP[3][((temp) ) & 0x3f]; \ + (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++; \ + (left) ^= SP[4][((temp) >> 24) & 0x3f] \ + | SP[5][((temp) >> 16) & 0x3f] \ + | SP[6][((temp) >> 8) & 0x3f] \ + | SP[7][((temp) ) & 0x3f]; \ + } while(0); + +#define DES_SP_DECRYPT_ROUND(left, right, temp, kp) do { \ + (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp)); \ + (left) ^= SP[7][((temp) ) & 0x3f] \ + | SP[6][((temp) >> 8) & 0x3f] \ + | SP[5][((temp) >> 16) & 0x3f] \ + | SP[4][((temp) >> 24) & 0x3f]; \ + (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp)); \ + (left) ^= SP[3][((temp) ) & 0x3f] \ + | SP[2][((temp) >> 8) & 0x3f] \ + | SP[1][((temp) >> 16) & 0x3f] \ + | SP[0][((temp) >> 24) & 0x3f]; \ + } while (0); + +/* + * Macros to help deal with the initial permutation table. Note + * the IP table only deals with 32 bits at a time, allowing us to + * collect the bits we need to deal with each half into an unsigned + * DES_INT32. By carefully selecting how the bits are ordered we also + * take advantages of symmetries in the table so that we can use a + * single table to compute the permutation of all bytes. This sounds + * complicated, but if you go through the process of designing the + * table you'll find the symmetries fall right out. + * + * The follow macros compute the set of bits used to index the + * table for produce the left and right permuted result. + * + * The inserted cast to unsigned DES_INT32 circumvents a bug in + * the Macintosh MPW 3.2 C compiler which loses the unsignedness and + * propagates the high-order bit in the shift. + */ +#define DES_IP_LEFT_BITS(left, right) \ + ((((left) & 0x55555555) << 1) | ((right) & 0x55555555)) +#define DES_IP_RIGHT_BITS(left, right) \ + (((left) & 0xaaaaaaaa) | \ + ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1)) + +/* + * The following macro does an in-place initial permutation given + * the current left and right parts of the block and a single + * temporary. Use this more as a guide for rolling your own, though. + * The best way to do the IP depends on the form of the data you + * are dealing with. If you use this, though, try to make left, + * right and temp unsigned DES_INT32s. + */ +#define DES_INITIAL_PERM(left, right, temp) do { \ + (temp) = DES_IP_RIGHT_BITS((left), (right)); \ + (right) = DES_IP_LEFT_BITS((left), (right)); \ + (left) = IP[((right) >> 24) & 0xff] \ + | (IP[((right) >> 16) & 0xff] << 1) \ + | (IP[((right) >> 8) & 0xff] << 2) \ + | (IP[(right) & 0xff] << 3); \ + (right) = IP[((temp) >> 24) & 0xff] \ + | (IP[((temp) >> 16) & 0xff] << 1) \ + | (IP[((temp) >> 8) & 0xff] << 2) \ + | (IP[(temp) & 0xff] << 3); \ + } while(0); + +/* + * Now the final permutation stuff. The same comments apply to + * this as to the initial permutation, except that we use different + * bits and shifts. + * + * The inserted cast to unsigned DES_INT32 circumvents a bug in + * the Macintosh MPW 3.2 C compiler which loses the unsignedness and + * propagates the high-order bit in the shift. + */ +#define DES_FP_LEFT_BITS(left, right) \ + ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f)) +#define DES_FP_RIGHT_BITS(left, right) \ + (((left) & 0xf0f0f0f0) | \ + ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4)) + + +/* + * Here is a sample final permutation. Note that there is a trick + * here. DES requires swapping the left and right parts after the + * last cipher round but before the final permutation. We do this + * swapping internally, which is why left and right are confused + * at the beginning. + */ +#define DES_FINAL_PERM(left, right, temp) do { \ + (temp) = DES_FP_RIGHT_BITS((right), (left)); \ + (right) = DES_FP_LEFT_BITS((right), (left)); \ + (left) = (FP[((right) >> 24) & 0xff] << 6) \ + | (FP[((right) >> 16) & 0xff] << 4) \ + | (FP[((right) >> 8) & 0xff] << 2) \ + | FP[(right) & 0xff]; \ + (right) = (FP[((temp) >> 24) & 0xff] << 6) \ + | (FP[((temp) >> 16) & 0xff] << 4) \ + | (FP[((temp) >> 8) & 0xff] << 2) \ + | FP[temp & 0xff]; \ + } while(0); + + +/* + * Finally, as a sample of how all this might be held together, the + * following two macros do in-place encryptions and decryptions. left + * and right are two unsigned DES_INT32 variables which at the beginning + * are expected to hold the clear (encrypted) block in host byte order + * (left the high order four bytes, right the low order). At the end + * they will contain the encrypted (clear) block. temp is an unsigned DES_INT32 + * used as a temporary. kp is an unsigned DES_INT32 pointer pointing at + * the start of the key schedule. All these should be in registers. + * + * You can probably do better than these by rewriting for particular + * situations. These aren't bad, though. + * + * The DEB macros enable debugging when this code breaks (typically + * when a buggy compiler breaks it), by printing the intermediate values + * at each stage of the encryption, so that by comparing the output to + * a known good machine, the location of the first error can be found. + */ +#define DES_DO_ENCRYPT_1(left, right, kp) \ + do { \ + int i; \ + unsigned DES_INT32 temp1; \ + DEB (("do_encrypt %8lX %8lX \n", left, right)); \ + DES_INITIAL_PERM((left), (right), (temp1)); \ + DEB ((" after IP %8lX %8lX\n", left, right)); \ + for (i = 0; i < 8; i++) { \ + DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp)); \ + DEB ((" round %2d %8lX %8lX \n", i*2, left, right)); \ + DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp)); \ + DEB ((" round %2d %8lX %8lX \n", 1+i*2, left, right)); \ + } \ + DES_FINAL_PERM((left), (right), (temp1)); \ + (kp) -= (2 * 16); \ + DEB ((" after FP %8lX %8lX \n", left, right)); \ + } while (0) + +#define DES_DO_DECRYPT_1(left, right, kp) \ + do { \ + int i; \ + unsigned DES_INT32 temp2; \ + DES_INITIAL_PERM((left), (right), (temp2)); \ + (kp) += (2 * 16); \ + for (i = 0; i < 8; i++) { \ + DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp)); \ + DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp)); \ + } \ + DES_FINAL_PERM((left), (right), (temp2)); \ + } while (0) + +#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO) +extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l, + unsigned DES_INT32 *r, + const unsigned DES_INT32 *k); +extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l, + unsigned DES_INT32 *r, + const unsigned DES_INT32 *k); +#define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K)) +#define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K)) +#else +#define DES_DO_ENCRYPT DES_DO_ENCRYPT_1 +#define DES_DO_DECRYPT DES_DO_DECRYPT_1 +#endif + +/* + * These are handy dandy utility thingies for straightening out bytes. + * Included here because they're used a couple of places. + */ +#define GET_HALF_BLOCK(lr, ip) ((lr) = load_32_be(ip), (ip) += 4) +#define PUT_HALF_BLOCK(lr, op) (store_32_be(lr, op), (op) += 4) + +/* Shorthand that we'll need in several places, for creating values that + really can hold 32 bits regardless of the prevailing int size. */ +#define FF_UINT32 ((unsigned DES_INT32) 0xFF) + +#endif /* __DES_TABLES_H__ */ diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c new file mode 100644 index 0000000..87f02b6 --- /dev/null +++ b/src/lib/crypto/builtin/des/key_sched.c @@ -0,0 +1,62 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/key_sched.c */ +/* + * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute + * of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * This routine computes the DES key schedule given a key. The + * permutations and shifts have been done at compile time, resulting + * in a direct one-step mapping from the input key to the key + * schedule. + * + * Also checks parity and weak keys. + * + * Watch out for the subscripts -- most effectively start at 1 instead + * of at zero. Maybe some bugs in that area. + * + * In case the user wants to cache the computed key schedule, it is + * passed as an arg. Also implies that caller has explicit control + * over zeroing both the key schedule and the key. + * + * Originally written 6/85 by Steve Miller, MIT Project Athena. + */ + +#include "k5-int.h" +#include "des_int.h" + +int +mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule) +{ + mit_des_make_key_sched(k,schedule); + + if (!mit_des_check_key_parity(k)) /* bad parity --> return -1 */ + return(-1); + + if (mit_des_is_weak_key(k)) + return(-2); + + /* if key was good, return 0 */ + return 0; +} diff --git a/src/lib/crypto/builtin/des/keytest.data b/src/lib/crypto/builtin/des/keytest.data new file mode 100644 index 0000000..7ff34ee --- /dev/null +++ b/src/lib/crypto/builtin/des/keytest.data @@ -0,0 +1,171 @@ +0101010101010101 95F8A5E5DD31D900 8000000000000000 +0101010101010101 DD7F121CA5015619 4000000000000000 +0101010101010101 2E8653104F3834EA 2000000000000000 +0101010101010101 4BD388FF6CD81D4F 1000000000000000 +0101010101010101 20B9E767B2FB1456 0800000000000000 +0101010101010101 55579380D77138EF 0400000000000000 +0101010101010101 6CC5DEFAAF04512F 0200000000000000 +0101010101010101 0D9F279BA5D87260 0100000000000000 +0101010101010101 D9031B0271BD5A0A 0080000000000000 +0101010101010101 424250B37C3DD951 0040000000000000 +0101010101010101 B8061B7ECD9A21E5 0020000000000000 +0101010101010101 F15D0F286B65BD28 0010000000000000 +0101010101010101 ADD0CC8D6E5DEBA1 0008000000000000 +0101010101010101 E6D5F82752AD63D1 0004000000000000 +0101010101010101 ECBFE3BD3F591A5E 0002000000000000 +0101010101010101 F356834379D165CD 0001000000000000 +0101010101010101 2B9F982F20037FA9 0000800000000000 +0101010101010101 889DE068A16F0BE6 0000400000000000 +0101010101010101 E19E275D846A1298 0000200000000000 +0101010101010101 329A8ED523D71AEC 0000100000000000 +0101010101010101 E7FCE22557D23C97 0000080000000000 +0101010101010101 12A9F5817FF2D65D 0000040000000000 +0101010101010101 A484C3AD38DC9C19 0000020000000000 +0101010101010101 FBE00A8A1EF8AD72 0000010000000000 +0101010101010101 750D079407521363 0000008000000000 +0101010101010101 64FEED9C724C2FAF 0000004000000000 +0101010101010101 F02B263B328E2B60 0000002000000000 +0101010101010101 9D64555A9A10B852 0000001000000000 +0101010101010101 D106FF0BED5255D7 0000000800000000 +0101010101010101 E1652C6B138C64A5 0000000400000000 +0101010101010101 E428581186EC8F46 0000000200000000 +0101010101010101 AEB5F5EDE22D1A36 0000000100000000 +0101010101010101 E943D7568AEC0C5C 0000000080000000 +0101010101010101 DF98C8276F54B04B 0000000040000000 +0101010101010101 B160E4680F6C696F 0000000020000000 +0101010101010101 FA0752B07D9C4AB8 0000000010000000 +0101010101010101 CA3A2B036DBC8502 0000000008000000 +0101010101010101 5E0905517BB59BCF 0000000004000000 +0101010101010101 814EEB3B91D90726 0000000002000000 +0101010101010101 4D49DB1532919C9F 0000000001000000 +0101010101010101 25EB5FC3F8CF0621 0000000000800000 +0101010101010101 AB6A20C0620D1C6F 0000000000400000 +0101010101010101 79E90DBC98F92CCA 0000000000200000 +0101010101010101 866ECEDD8072BB0E 0000000000100000 +0101010101010101 8B54536F2F3E64A8 0000000000080000 +0101010101010101 EA51D3975595B86B 0000000000040000 +0101010101010101 CAFFC6AC4542DE31 0000000000020000 +0101010101010101 8DD45A2DDF90796C 0000000000010000 +0101010101010101 1029D55E880EC2D0 0000000000008000 +0101010101010101 5D86CB23639DBEA9 0000000000004000 +0101010101010101 1D1CA853AE7C0C5F 0000000000002000 +0101010101010101 CE332329248F3228 0000000000001000 +0101010101010101 8405D1ABE24FB942 0000000000000800 +0101010101010101 E643D78090CA4207 0000000000000400 +0101010101010101 48221B9937748A23 0000000000000200 +0101010101010101 DD7C0BBD61FAFD54 0000000000000100 +0101010101010101 2FBC291A570DB5C4 0000000000000080 +0101010101010101 E07C30D7E4E26E12 0000000000000040 +0101010101010101 0953E2258E8E90A1 0000000000000020 +0101010101010101 5B711BC4CEEBF2EE 0000000000000010 +0101010101010101 CC083F1E6D9E85F6 0000000000000008 +0101010101010101 D2FD8867D50D2DFE 0000000000000004 +0101010101010101 06E7EA22CE92708F 0000000000000002 +0101010101010101 166B40B44ABA4BD6 0000000000000001 +8001010101010101 0000000000000000 95A8D72813DAA94D +4001010101010101 0000000000000000 0EEC1487DD8C26D5 +2001010101010101 0000000000000000 7AD16FFB79C45926 +1001010101010101 0000000000000000 D3746294CA6A6CF3 +0801010101010101 0000000000000000 809F5F873C1FD761 +0401010101010101 0000000000000000 C02FAFFEC989D1FC +0201010101010101 0000000000000000 4615AA1D33E72F10 +0180010101010101 0000000000000000 2055123350C00858 +0140010101010101 0000000000000000 DF3B99D6577397C8 +0120010101010101 0000000000000000 31FE17369B5288C9 +0110010101010101 0000000000000000 DFDD3CC64DAE1642 +0108010101010101 0000000000000000 178C83CE2B399D94 +0104010101010101 0000000000000000 50F636324A9B7F80 +0102010101010101 0000000000000000 A8468EE3BC18F06D +0101800101010101 0000000000000000 A2DC9E92FD3CDE92 +0101400101010101 0000000000000000 CAC09F797D031287 +0101200101010101 0000000000000000 90BA680B22AEB525 +0101100101010101 0000000000000000 CE7A24F350E280B6 +0101080101010101 0000000000000000 882BFF0AA01A0B87 +0101040101010101 0000000000000000 25610288924511C2 +0101020101010101 0000000000000000 C71516C29C75D170 +0101018001010101 0000000000000000 5199C29A52C9F059 +0101014001010101 0000000000000000 C22F0A294A71F29F +0101012001010101 0000000000000000 EE371483714C02EA +0101011001010101 0000000000000000 A81FBD448F9E522F +0101010801010101 0000000000000000 4F644C92E192DFED +0101010401010101 0000000000000000 1AFA9A66A6DF92AE +0101010201010101 0000000000000000 B3C1CC715CB879D8 +0101010180010101 0000000000000000 19D032E64AB0BD8B +0101010140010101 0000000000000000 3CFAA7A7DC8720DC +0101010120010101 0000000000000000 B7265F7F447AC6F3 +0101010110010101 0000000000000000 9DB73B3C0D163F54 +0101010108010101 0000000000000000 8181B65BABF4A975 +0101010104010101 0000000000000000 93C9B64042EAA240 +0101010102010101 0000000000000000 5570530829705592 +0101010101800101 0000000000000000 8638809E878787A0 +0101010101400101 0000000000000000 41B9A79AF79AC208 +0101010101200101 0000000000000000 7A9BE42F2009A892 +0101010101100101 0000000000000000 29038D56BA6D2745 +0101010101080101 0000000000000000 5495C6ABF1E5DF51 +0101010101040101 0000000000000000 AE13DBD561488933 +0101010101020101 0000000000000000 024D1FFA8904E389 +0101010101018001 0000000000000000 D1399712F99BF02E +0101010101014001 0000000000000000 14C1D7C1CFFEC79E +0101010101012001 0000000000000000 1DE5279DAE3BED6F +0101010101011001 0000000000000000 E941A33F85501303 +0101010101010801 0000000000000000 DA99DBBC9A03F379 +0101010101010401 0000000000000000 B7FC92F91D8E92E9 +0101010101010201 0000000000000000 AE8E5CAA3CA04E85 +0101010101010180 0000000000000000 9CC62DF43B6EED74 +0101010101010140 0000000000000000 D863DBB5C59A91A0 +0101010101010120 0000000000000000 A1AB2190545B91D7 +0101010101010110 0000000000000000 0875041E64C570F7 +0101010101010108 0000000000000000 5A594528BEBEF1CC +0101010101010104 0000000000000000 FCDB3291DE21F0C0 +0101010101010102 0000000000000000 869EFD7F9F265A09 +1046913489980131 0000000000000000 88D55E54F54C97B4 +1007103489988020 0000000000000000 0C0CC00C83EA48FD +10071034C8980120 0000000000000000 83BC8EF3A6570183 +1046103489988020 0000000000000000 DF725DCAD94EA2E9 +1086911519190101 0000000000000000 E652B53B550BE8B0 +1086911519580101 0000000000000000 AF527120C485CBB0 +5107B01519580101 0000000000000000 0F04CE393DB926D5 +1007B01519190101 0000000000000000 C9F00FFC74079067 +3107915498080101 0000000000000000 7CFD82A593252B4E +3107919498080101 0000000000000000 CB49A2F9E91363E3 +10079115B9080140 0000000000000000 00B588BE70D23F56 +3107911598080140 0000000000000000 406A9A6AB43399AE +1007D01589980101 0000000000000000 6CB773611DCA9ADA +9107911589980101 0000000000000000 67FD21C17DBB5D70 +9107D01589190101 0000000000000000 9592CB4110430787 +1007D01598980120 0000000000000000 A6B7FF68A318DDD3 +1007940498190101 0000000000000000 4D102196C914CA16 +0107910491190401 0000000000000000 2DFA9F4573594965 +0107910491190101 0000000000000000 B46604816C0E0774 +0107940491190401 0000000000000000 6E7E6221A4F34E87 +19079210981A0101 0000000000000000 AA85E74643233199 +1007911998190801 0000000000000000 2E5A19DB4D1962D6 +10079119981A0801 0000000000000000 23A866A809D30894 +1007921098190101 0000000000000000 D812D961F017D320 +100791159819010B 0000000000000000 055605816E58608F +1004801598190101 0000000000000000 ABD88E8B1B7716F1 +1004801598190102 0000000000000000 537AC95BE69DA1E1 +1004801598190108 0000000000000000 AED0F6AE3C25CDD8 +1002911598100104 0000000000000000 B3E35A5EE53E7B8D +1002911598190104 0000000000000000 61C79C71921A2EF8 +1002911598100201 0000000000000000 E2F5728F0995013C +1002911698100101 0000000000000000 1AEAC39A61F0A464 +7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B +0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271 +07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A +3849674C2602319E 51454B582DDF440A 7178876E01F19B2A +04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095 +0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B +0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09 +43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A +07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F +04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088 +37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77 +1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A +584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56 +025816164629B007 480D39006EE762F2 A1F9915541020B56 +49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556 +4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC +49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A +018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41 +1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793 diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c new file mode 100644 index 0000000..f4332f5 --- /dev/null +++ b/src/lib/crypto/builtin/des/t_verify.c @@ -0,0 +1,395 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/t_verify.c */ +/* + * Copyright 1988, 1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* + * + * Program to test the correctness of the DES library + * implementation. + * + * exit returns 0 ==> success + * -1 ==> error + */ + +#include "k5-int.h" +#include "des_int.h" +#include +#include "com_err.h" + +static void do_encrypt(unsigned char *, unsigned char *); +static void do_decrypt(unsigned char *, unsigned char *); + +char *progname; +int nflag = 2; +int vflag; +int mflag; +int zflag; +int pid; +int mit_des_debug; + +unsigned char cipher_text[64]; +unsigned char clear_text[64] = "Now is the time for all " ; +unsigned char clear_text2[64] = "7654321 Now is the time for "; +unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; +unsigned char output[64]; +unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; +unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ +unsigned char *input; + +/* 0x0123456789abcdef */ +unsigned char default_key[8] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef +}; +unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; +unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; +mit_des_cblock s_key; +unsigned char default_ivec[8] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef +}; +unsigned char *ivec; +unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ + +unsigned char cipher1[8] = { + 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 +}; +unsigned char cipher2[8] = { + 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 +}; +unsigned char cipher3[64] = { + 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, + 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, + 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 +}; +unsigned char checksum[8] = { + 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 +}; + +unsigned char zresult[8] = { + 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 +}; + +unsigned char mresult[8] = { + 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 +}; + + +/* + * Can also add : + * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) + */ + +mit_des_key_schedule sched; + +int +main(argc,argv) + int argc; + char *argv[]; +{ + /* Local Declarations */ + size_t in_length; + int retval; + int i, j; + +#ifdef WINDOWS + /* Set screen window buffer to infinite size -- MS default is tiny. */ + _wsetscreenbuf (fileno (stdout), _WINBUFINF); +#endif + progname=argv[0]; /* salt away invoking program */ + + while (--argc > 0 && (*++argv)[0] == '-') + for (i=1; argv[0][i] != '\0'; i++) { + switch (argv[0][i]) { + + /* debug flag */ + case 'd': + mit_des_debug=3; + continue; + + case 'z': + zflag = 1; + continue; + + case 'm': + mflag = 1; + continue; + + default: + printf("%s: illegal flag \"%c\" ", + progname,argv[0][i]); + exit(1); + } + }; + + if (argc) { + fprintf(stderr, "Usage: %s [-dmz]\n", progname); + exit(1); + } + + /* do some initialisation */ + + /* use known input and key */ + + /* ECB zero text zero key */ + if (zflag) { + input = zero_text; + mit_des_key_sched(zero_key, sched); + printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); + do_encrypt(input,cipher_text); + printf("\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) + printf("%02x ",cipher_text[j]); + printf("\n"); + do_decrypt(output,cipher_text); + if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { + printf("verify: error in zero key test\n"); + exit(-1); + } + + exit(0); + } + + if (mflag) { + input = msb_text; + mit_des_key_sched(key3, sched); + printf("plaintext = 0x00 00 00 00 00 00 00 40, "); + printf("key = 0x80 01 01 01 01 01 01 01\n"); + printf(" cipher = 0xa380e02a6be54696\n"); + do_encrypt(input,cipher_text); + printf("\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) { + printf("%02x ",cipher_text[j]); + } + printf("\n"); + do_decrypt(output,cipher_text); + if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { + printf("verify: error in msb test\n"); + exit(-1); + } + exit(0); + } + + /* ECB mode Davies and Price */ + { + input = zero_text; + mit_des_key_sched(key2, sched); + printf("Examples per FIPS publication 81, keys ivs and cipher\n"); + printf("in hex. These are the correct answers, see below for\n"); + printf("the actual answers.\n\n"); + printf("Examples per Davies and Price.\n\n"); + printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); + printf("\tclear = 0\n"); + printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); + printf("ACTUAL ECB\n"); + printf("\tclear \"%s\"\n", input); + do_encrypt(input,cipher_text); + printf("\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) + printf("%02x ",cipher_text[j]); + printf("\n\n"); + do_decrypt(output,cipher_text); + if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { + printf("verify: error in ECB encryption\n"); + exit(-1); + } + else + printf("verify: ECB encryption is correct\n\n"); + } + + /* ECB mode */ + { + mit_des_key_sched(default_key, sched); + input = clear_text; + ivec = default_ivec; + printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); + printf("\tclear = \"Now is the time for all \"\n"); + printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); + printf("ACTUAL ECB\n\tclear \"%s\"",input); + do_encrypt(input,cipher_text); + printf("\n\tcipher = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) { + printf("%02x ",cipher_text[j]); + } + printf("\n\n"); + do_decrypt(output,cipher_text); + if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { + printf("verify: error in ECB encryption\n"); + exit(-1); + } + else + printf("verify: ECB encryption is correct\n\n"); + } + + /* CBC mode */ + printf("EXAMPLE CBC\tkey = 0123456789abcdef"); + printf("\tiv = 1234567890abcdef\n"); + printf("\tclear = \"Now is the time for all \"\n"); + printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); + printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); + printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); + + printf("ACTUAL CBC\n\tclear \"%s\"\n",input); + in_length = strlen((char *)input); + if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input, + (mit_des_cblock *) cipher_text, + (size_t) in_length, + sched, + ivec, + MIT_DES_ENCRYPT))) { + com_err("des verify", retval, "can't encrypt"); + exit(-1); + } + printf("\tciphertext = (low to high bytes)\n"); + for (i = 0; i <= 2; i++) { + printf("\t\t"); + for (j = 0; j <= 7; j++) { + printf("%02x ",cipher_text[i*8+j]); + } + printf("\n"); + } + if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text, + (mit_des_cblock *) clear_text, + (size_t) in_length, + sched, + ivec, + MIT_DES_DECRYPT))) { + com_err("des verify", retval, "can't decrypt"); + exit(-1); + } + printf("\tdecrypted clear_text = \"%s\"\n",clear_text); + + if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) { + printf("verify: error in CBC encryption\n"); + exit(-1); + } + else + printf("verify: CBC encryption is correct\n\n"); + + printf("EXAMPLE CBC checksum"); + printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); + printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); + printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); + printf("or some part thereof\n"); + input = clear_text2; + mit_des_cbc_cksum(input,cipher_text, strlen((char *)input), + sched,ivec); + printf("ACTUAL CBC checksum\n"); + printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); + for (j = 0; j<=7; j++) + printf("%02x ",cipher_text[j]); + printf("\n\n"); + if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { + printf("verify: error in CBC cheksum\n"); + exit(-1); + } + else + printf("verify: CBC checksum is correct\n\n"); + + exit(0); +} + +static void +do_encrypt(in,out) + unsigned char *in; + unsigned char *out; +{ + int i, j; + for (i =1; i<=nflag; i++) { + mit_des_cbc_encrypt((const mit_des_cblock *)in, + (mit_des_cblock *)out, + 8, + sched, + zero_text, + MIT_DES_ENCRYPT); + if (mit_des_debug) { + printf("\nclear %s\n",in); + for (j = 0; j<=7; j++) + printf("%02X ",in[j] & 0xff); + printf("\tcipher "); + for (j = 0; j<=7; j++) + printf("%02X ",out[j] & 0xff); + } + } +} + +static void +do_decrypt(in,out) + unsigned char *out; + unsigned char *in; + /* try to invert it */ +{ + int i, j; + for (i =1; i<=nflag; i++) { + mit_des_cbc_encrypt((const mit_des_cblock *)out, + (mit_des_cblock *)in, + 8, + sched, + zero_text, + MIT_DES_DECRYPT); + if (mit_des_debug) { + printf("clear %s\n",in); + for (j = 0; j<=7; j++) + printf("%02X ",in[j] & 0xff); + printf("\tcipher "); + for (j = 0; j<=7; j++) + printf("%02X ",out[j] & 0xff); + } + } +} + +/* + * Fake out the DES library, for the purposes of testing. + */ + +int +mit_des_is_weak_key(key) + mit_des_cblock key; +{ + return 0; /* fake it out for testing */ +} diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c new file mode 100644 index 0000000..eb41b26 --- /dev/null +++ b/src/lib/crypto/builtin/des/weak_key.c @@ -0,0 +1,86 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/builtin/des/weak_key.c */ +/* + * Copyright 1989,1990 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Under U.S. law, this software may not be exported outside the US + * without license from the U.S. Commerce department. + * + * These routines form the library interface to the DES facilities. + * + * Originally written 8/85 by Steve Miller, MIT Project Athena. + */ + +#include "k5-int.h" +#include "des_int.h" + +/* + * The following are the weak DES keys: + */ +static const mit_des_cblock weak[16] = { + /* weak keys */ + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, + {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe}, + {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e}, + {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1}, + + /* semi-weak */ + {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe}, + {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01}, + + {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1}, + {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e}, + + {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1}, + {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01}, + + {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe}, + {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e}, + + {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e}, + {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01}, + + {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe}, + {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1} +}; + +/* + * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. + * + * Requires: key has correct odd parity. + */ +int +mit_des_is_weak_key(mit_des_cblock key) +{ + unsigned int i; + const mit_des_cblock *weak_p = weak; + + for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) { + if (!memcmp(weak_p++,key,sizeof(mit_des_cblock))) + return 1; + } + + return 0; +} diff --git a/src/lib/crypto/builtin/enc_provider/Makefile.in b/src/lib/crypto/builtin/enc_provider/Makefile.in index af6276b..3459e1d 100644 --- a/src/lib/crypto/builtin/enc_provider/Makefile.in +++ b/src/lib/crypto/builtin/enc_provider/Makefile.in @@ -1,6 +1,7 @@ mydir=lib$(S)crypto$(S)builtin$(S)enc_provider BUILDTOP=$(REL)..$(S)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../aes \ +LOCALINCLUDES = -I$(srcdir)/../des \ + -I$(srcdir)/../aes \ -I$(srcdir)/../camellia \ -I$(srcdir)/../../krb \ -I$(srcdir)/.. @@ -10,16 +11,19 @@ LOCALINCLUDES = -I$(srcdir)/../aes \ ##DOS##OBJFILE = ..\..\$(OUTPRE)enc_provider.lst STLIBOBJS= \ + des3.o \ rc4.o \ aes.o \ camellia.o OBJS= \ + $(OUTPRE)des3.$(OBJEXT) \ $(OUTPRE)aes.$(OBJEXT) \ $(OUTPRE)camellia.$(OBJEXT) \ $(OUTPRE)rc4.$(OBJEXT) SRCS= \ + $(srcdir)/des3.c \ $(srcdir)/aes.c \ $(srcdir)/camellia.c \ $(srcdir)/rc4.c diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps index c1201cc..7a3324c 100644 --- a/src/lib/crypto/builtin/enc_provider/deps +++ b/src/lib/crypto/builtin/enc_provider/deps @@ -1,6 +1,18 @@ # # Generated makefile dependencies follow. # +des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../aes/aes.h $(srcdir)/../crypto_mod.h $(srcdir)/../des/des_int.h \ + $(srcdir)/../sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des3.c aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c new file mode 100644 index 0000000..9b82442 --- /dev/null +++ b/src/lib/crypto/builtin/enc_provider/des3.c @@ -0,0 +1,105 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "crypto_int.h" +#include "des_int.h" + +static krb5_error_code +validate_and_schedule(krb5_key key, const krb5_data *ivec, + const krb5_crypto_iov *data, size_t num_data, + mit_des3_key_schedule *schedule) +{ + if (key->keyblock.length != 24) + return(KRB5_BAD_KEYSIZE); + if (iov_total_length(data, num_data, FALSE) % 8 != 0) + return(KRB5_BAD_MSIZE); + if (ivec && (ivec->length != 8)) + return(KRB5_BAD_MSIZE); + + switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents, + *schedule)) { + case -1: + return(KRB5DES_BAD_KEYPAR); + case -2: + return(KRB5DES_WEAK_KEY); + } + return 0; +} + +static krb5_error_code +k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule(key, ivec, data, num_data, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_encrypt(data, num_data, + schedule[0], schedule[1], schedule[2], + ivec != NULL ? (unsigned char *) ivec->data : + NULL); + + zap(schedule, sizeof(schedule)); + + return(0); +} + +static krb5_error_code +k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule(key, ivec, data, num_data, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_decrypt(data, num_data, + schedule[0], schedule[1], schedule[2], + ivec != NULL ? (unsigned char *) ivec->data : + NULL); + + zap(schedule, sizeof(schedule)); + + return 0; +} + +const struct krb5_enc_provider krb5int_enc_des3 = { + 8, + 21, 24, + k5_des3_encrypt, + k5_des3_decrypt, + NULL, + krb5int_des_init_state, + krb5int_default_free_state +}; diff --git a/src/lib/crypto/crypto_tests/t_cf2.expected b/src/lib/crypto/crypto_tests/t_cf2.expected index bc6aa50..f8251a1 100644 --- a/src/lib/crypto/crypto_tests/t_cf2.expected +++ b/src/lib/crypto/crypto_tests/t_cf2.expected @@ -1,5 +1,6 @@ 97df97e4b798b29eb31ed7280287a92a 4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b +e58f9eb643862c13ad38e529313462a7f73e62834fe54a01 24d7f6b6bae4e5c00d2082c5ebab3672 edd02a39d2dbde31611c16e610be062c 67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584 diff --git a/src/lib/crypto/crypto_tests/t_cf2.in b/src/lib/crypto/crypto_tests/t_cf2.in index c4d23b5..73e2f8f 100644 --- a/src/lib/crypto/crypto_tests/t_cf2.in +++ b/src/lib/crypto/crypto_tests/t_cf2.in @@ -8,6 +8,11 @@ key1 key2 a b +16 +key1 +key2 +a +b 23 key1 key2 diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c index 84408fb..4da14ea 100644 --- a/src/lib/crypto/crypto_tests/t_cksums.c +++ b/src/lib/crypto/crypto_tests/t_cksums.c @@ -60,6 +60,16 @@ struct test { "\xAF\xD8\x07\x09" } }, { + { KV5M_DATA, 9, "six seven" }, + CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2, + { KV5M_DATA, 24, + "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" + "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, + { KV5M_DATA, 20, + "\x0E\xEF\xC9\xC3\xE0\x49\xAA\xBC\x1B\xA5\xC4\x01\x67\x7D\x9A\xB6" + "\x99\x08\x2B\xB4" } + }, + { { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" }, CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3, { KV5M_DATA, 16, diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c index 716f2c3..a40a855 100644 --- a/src/lib/crypto/crypto_tests/t_decrypt.c +++ b/src/lib/crypto/crypto_tests/t_decrypt.c @@ -40,6 +40,62 @@ struct test { krb5_data ciphertext; } test_cases[] = { { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 0, "", }, 0, + { KV5M_DATA, 24, + "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23" + "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" }, + { KV5M_DATA, 28, + "\x54\x8A\xF4\xD5\x04\xF7\xD7\x23\x30\x3F\x12\x17\x5F\xE8\x38\x6B" + "\x7B\x53\x35\xA9\x67\xBA\xD6\x1F\x3B\xF0\xB1\x43" } + }, + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 1, "1", }, 1, + { KV5M_DATA, 24, + "\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6" + "\x40\x45\x23\x85\x32\x29\x62\xB6" }, + { KV5M_DATA, 36, + "\x9C\x3C\x1D\xBA\x47\x47\xD8\x5A\xF2\x91\x6E\x47\x45\xF2\xDC\xE3" + "\x80\x46\x79\x6E\x51\x04\xBC\xCD\xFB\x66\x9A\x91\xD4\x4B\xC3\x56" + "\x66\x09\x45\xC7" } + }, + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 9, "9 bytesss", }, 2, + { KV5M_DATA, 24, + "\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85" + "\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" }, + { KV5M_DATA, 44, + "\xCF\x91\x44\xEB\xC8\x69\x79\x81\x07\x5A\x8B\xAD\x8D\x74\xE5\xD7" + "\xD5\x91\xEB\x7D\x97\x70\xC7\xAD\xA2\x5E\xE8\xC5\xB3\xD6\x94\x44" + "\xDF\xEC\x79\xA5\xB7\xA0\x14\x82\xD9\xAF\x74\xE6" } + }, + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 13, "13 bytes byte", }, 3, + { KV5M_DATA, 24, + "\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51" + "\x76\xE3\x98\x13\x32\xF1\xE5\x98" }, + { KV5M_DATA, 44, + "\x83\x9A\x17\x08\x1E\xCB\xAF\xBC\xDC\x91\xB8\x8C\x69\x55\xDD\x3C" + "\x45\x14\x02\x3C\xF1\x77\xB7\x7B\xF0\xD0\x17\x7A\x16\xF7\x05\xE8" + "\x49\xCB\x77\x81\xD7\x6A\x31\x6B\x19\x3F\x8D\x30" } + }, + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4, + { KV5M_DATA, 24, + "\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20" + "\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" }, + { KV5M_DATA, 60, + "\x89\x43\x3E\x83\xFD\x0E\xA3\x66\x6C\xFF\xCD\x18\xD8\xDE\xEB\xC5" + "\x3B\x9A\x34\xED\xBE\xB1\x59\xD9\xF6\x67\xC6\xC2\xB9\xA9\x64\x40" + "\x1D\x55\xE7\xE9\xC6\x8D\x64\x8D\x65\xC3\xAA\x84\xFF\xA3\x79\x0C" + "\x14\xA8\x64\xDA\x80\x73\xA9\xA9\x5C\x4B\xA2\xBC" } + }, + + { ENCTYPE_ARCFOUR_HMAC, { KV5M_DATA, 0, "", }, 0, { KV5M_DATA, 16, @@ -468,6 +524,7 @@ printhex(const char *head, void *data, size_t len) static krb5_enctype enctypes[] = { + ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES128_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c index 93ce30d..afbf747 100644 --- a/src/lib/crypto/crypto_tests/t_derive.c +++ b/src/lib/crypto/crypto_tests/t_derive.c @@ -38,6 +38,41 @@ struct test { enum deriv_alg alg; krb5_data expected_key; } test_cases[] = { + /* Kc, Ke, Kei for a DES3 key */ + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 24, + "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" + "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, + { KV5M_DATA, 5, "\0\0\0\2\x99" }, + DERIVE_RFC3961, + { KV5M_DATA, 24, + "\xF7\x8C\x49\x6D\x16\xE6\xC2\xDA\xE0\xE0\xB6\xC2\x40\x57\xA8\x4C" + "\x04\x26\xAE\xEF\x26\xFD\x6D\xCE" } + }, + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 24, + "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" + "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, + { KV5M_DATA, 5, "\0\0\0\2\xAA" }, + DERIVE_RFC3961, + { KV5M_DATA, 24, + "\x5B\x57\x23\xD0\xB6\x34\xCB\x68\x4C\x3E\xBA\x52\x64\xE9\xA7\x0D" + "\x52\xE6\x83\x23\x1A\xD3\xC4\xCE" } + }, + { + ENCTYPE_DES3_CBC_SHA1, + { KV5M_DATA, 24, + "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE" + "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, + { KV5M_DATA, 5, "\0\0\0\2\x55" }, + DERIVE_RFC3961, + { KV5M_DATA, 24, + "\xA7\x7C\x94\x98\x0E\x9B\x73\x45\xA8\x15\x25\xC4\x23\xA7\x37\xCE" + "\x67\xF4\xCD\x91\xB6\xB3\xDA\x45" } + }, + /* Kc, Ke, Ki for an AES-128 key */ { ENCTYPE_AES128_CTS_HMAC_SHA1_96, @@ -251,6 +286,7 @@ static const struct krb5_enc_provider * get_enc_provider(krb5_enctype enctype) { switch (enctype) { + case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index 290a72e..bd9b946 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -37,6 +37,7 @@ /* What enctypes should we test?*/ krb5_enctype interesting_enctypes[] = { + ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c index 4466b71..d4c2b97 100644 --- a/src/lib/crypto/crypto_tests/t_short.c +++ b/src/lib/crypto/crypto_tests/t_short.c @@ -34,6 +34,7 @@ #include "k5-int.h" krb5_enctype interesting_enctypes[] = { + ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c index ef4c4a7..cdb1acc 100644 --- a/src/lib/crypto/crypto_tests/t_str2key.c +++ b/src/lib/crypto/crypto_tests/t_str2key.c @@ -35,6 +35,58 @@ struct test { krb5_error_code expected_err; krb5_boolean allow_weak; } test_cases[] = { + /* Test vectors from RFC 3961 appendix A.4. */ + { + ENCTYPE_DES3_CBC_SHA1, + "password", + { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" }, + { KV5M_DATA, 0, NULL }, + { KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C" + "\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" }, + 0, + FALSE + }, + { + ENCTYPE_DES3_CBC_SHA1, + "potatoe", + { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" }, + { KV5M_DATA, 0, NULL }, + { KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37" + "\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" }, + 0, + FALSE + }, + { + ENCTYPE_DES3_CBC_SHA1, + "penny", + { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" }, + { KV5M_DATA, 0, NULL }, + { KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA" + "\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" }, + 0, + FALSE + }, + { + ENCTYPE_DES3_CBC_SHA1, + "\xC3\x9F", + { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" }, + { KV5M_DATA, 0, NULL }, + { KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0" + "\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" }, + 0, + FALSE + }, + { + ENCTYPE_DES3_CBC_SHA1, + "\xF0\x9D\x84\x9E", + { KV5M_DATA, 18, "EXAMPLE.COMpianist" }, + { KV5M_DATA, 0, NULL }, + { KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E" + "\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" }, + 0, + FALSE + }, + /* Test vectors from RFC 3962 appendix B. */ { ENCTYPE_AES128_CTS_HMAC_SHA1_96, diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index 2b0c416..b74e6f7 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -50,6 +50,7 @@ STLIBOBJS=\ prf.o \ prf_aes2.o \ prf_cmac.o \ + prf_des.o \ prf_dk.o \ prf_rc4.o \ prng.o \ @@ -108,6 +109,7 @@ OBJS=\ $(OUTPRE)prf.$(OBJEXT) \ $(OUTPRE)prf_aes2.$(OBJEXT) \ $(OUTPRE)prf_cmac.$(OBJEXT) \ + $(OUTPRE)prf_des.$(OBJEXT) \ $(OUTPRE)prf_dk.$(OBJEXT) \ $(OUTPRE)prf_rc4.$(OBJEXT) \ $(OUTPRE)prng.$(OBJEXT) \ @@ -166,6 +168,7 @@ SRCS=\ $(srcdir)/prf.c \ $(srcdir)/prf_aes2.c \ $(srcdir)/prf_cmac.c \ + $(srcdir)/prf_des.c \ $(srcdir)/prf_dk.c \ $(srcdir)/prf_rc4.c \ $(srcdir)/prng.c \ diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c index f5fbe8a..ecc2e08 100644 --- a/src/lib/crypto/krb/cksumtypes.c +++ b/src/lib/crypto/krb/cksumtypes.c @@ -46,6 +46,12 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { krb5int_unkeyed_checksum, NULL, 20, 20, CKSUM_UNKEYED }, + { CKSUMTYPE_HMAC_SHA1_DES3, + "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key", + &krb5int_enc_des3, &krb5int_hash_sha1, + krb5int_dk_checksum, NULL, + 20, 20, 0 }, + { CKSUMTYPE_HMAC_MD5_ARCFOUR, "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" }, "Microsoft HMAC MD5", diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index 5cc1f8e..ba693f8 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -276,6 +276,10 @@ krb5_error_code krb5int_aes2_string_to_key(const struct krb5_keytypes *enc, /* Random to key */ krb5_error_code k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock); +krb5_error_code k5_rand2key_des(const krb5_data *randombits, + krb5_keyblock *keyblock); +krb5_error_code k5_rand2key_des3(const krb5_data *randombits, + krb5_keyblock *keyblock); /* Pseudo-random function */ krb5_error_code krb5int_des_prf(const struct krb5_keytypes *ktp, @@ -364,6 +368,11 @@ krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage); /* Ensure library initialization has occurred. */ int krb5int_crypto_init(void); +/* DES default state initialization handler (used by module enc providers). */ +krb5_error_code krb5int_des_init_state(const krb5_keyblock *key, + krb5_keyusage keyusage, + krb5_data *state_out); + /* Default state cleanup handler (used by module enc providers). */ void krb5int_default_free_state(krb5_data *state); @@ -416,6 +425,7 @@ void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block); /* Modules must implement the k5_sha256() function prototyped in k5-int.h. */ /* Modules must implement the following enc_providers and hash_providers: */ +extern const struct krb5_enc_provider krb5int_enc_des3; extern const struct krb5_enc_provider krb5int_enc_arcfour; extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; @@ -432,6 +442,12 @@ extern const struct krb5_hash_provider krb5int_hash_sha384; /* Modules must implement the following functions. */ +/* Set the parity bits to the correct values in keybits. */ +void k5_des_fixup_key_parity(unsigned char *keybits); + +/* Return true if keybits is a weak or semi-weak DES key. */ +krb5_boolean k5_des_is_weak_key(unsigned char *keybits); + /* Compute an HMAC using the provided hash function, key, and data, storing the * result into output (caller-allocated). */ krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash, diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c index f89dc79..0757c8b 100644 --- a/src/lib/crypto/krb/default_state.c +++ b/src/lib/crypto/krb/default_state.c @@ -32,6 +32,16 @@ #include "crypto_int.h" +krb5_error_code +krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state_out) +{ + if (alloc_data(state_out, 8)) + return ENOMEM; + + return 0; +} + void krb5int_default_free_state(krb5_data *state) { diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c index 915a173..6707a73 100644 --- a/src/lib/crypto/krb/derive.c +++ b/src/lib/crypto/krb/derive.c @@ -27,13 +27,6 @@ #include "crypto_int.h" -#ifdef OSSL_KDFS -#include -#include -#else -#error "Refusing to build without OpenSSL KDFs!" -#endif - static krb5_key find_cached_dkey(struct derived_key *list, const krb5_data *constant) { @@ -84,193 +77,55 @@ cleanup: return ENOMEM; } -#ifdef OSSL_KDFS -static krb5_error_code -openssl_kbdkf_counter_hmac(const struct krb5_hash_provider *hash, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *label, const krb5_data *context) -{ - krb5_error_code ret = KRB5_CRYPTO_INTERNAL; - EVP_KDF_CTX *ctx = NULL; - const EVP_MD *digest; - - if (!strcmp(hash->hash_name, "SHA1")) - digest = EVP_sha1(); - else if (!strcmp(hash->hash_name, "SHA-256")) - digest = EVP_sha256(); - else if (!strcmp(hash->hash_name, "SHA-384")) - digest = EVP_sha384(); - else - goto done; - - ctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); - if (!ctx) - goto done; - - if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, - EVP_KDF_KB_MAC_TYPE_HMAC) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, - inkey->keyblock.length) != 1 || - (context->length > 0 && - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_INFO, context->data, - context->length) != 1) || - (label->length > 0 && - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SALT, label->data, - label->length) != 1) || - EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, - outrnd->length) != 1) - goto done; - - ret = 0; -done: - if (ret) - zap(outrnd->data, outrnd->length); - EVP_KDF_CTX_free(ctx); - return ret; -} - static krb5_error_code -openssl_kbkdf_feedback_cmac(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) +derive_random_rfc3961(const struct krb5_enc_provider *enc, + krb5_key inkey, krb5_data *outrnd, + const krb5_data *in_constant) { - krb5_error_code ret = KRB5_CRYPTO_INTERNAL; - EVP_KDF_CTX *ctx = NULL; - const EVP_CIPHER *cipher; - static unsigned char zeroes[16]; - - memset(zeroes, 0, sizeof(zeroes)); - - if (enc->keylength == 16) - cipher = EVP_camellia_128_cbc(); - else if (enc->keylength == 32) - cipher = EVP_camellia_256_cbc(); - else - goto done; - - ctx = EVP_KDF_CTX_new_id(EVP_KDF_KB); - if (!ctx) - goto done; - - if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MODE, - EVP_KDF_KB_MODE_FEEDBACK) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, - EVP_KDF_KB_MAC_TYPE_CMAC) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_CIPHER, cipher) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, - inkey->keyblock.length) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SALT, in_constant->data, - in_constant->length) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KB_SEED, zeroes, - sizeof(zeroes)) != 1 || - EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, - outrnd->length) != 1) - goto done; - - ret = 0; -done: - if (ret) - zap(outrnd->data, outrnd->length); - EVP_KDF_CTX_free(ctx); - return ret; -} + size_t blocksize, keybytes, n; + krb5_error_code ret; + krb5_data block = empty_data(); -static krb5_error_code -openssl_krb5kdf(const struct krb5_enc_provider *enc, krb5_key inkey, - krb5_data *outrnd, const krb5_data *in_constant) -{ - krb5_error_code ret = KRB5_CRYPTO_INTERNAL; - EVP_KDF_CTX *ctx = NULL; - const EVP_CIPHER *cipher; + blocksize = enc->block_size; + keybytes = enc->keybytes; - if (inkey->keyblock.length != enc->keylength || - outrnd->length != enc->keybytes) { + if (blocksize == 1) + return KRB5_BAD_ENCTYPE; + if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) return KRB5_CRYPTO_INTERNAL; - } - if (enc->encrypt == krb5int_aes_encrypt && enc->keylength == 16) - cipher = EVP_aes_128_cbc(); - else if (enc->encrypt == krb5int_aes_encrypt && enc->keylength == 32) - cipher = EVP_aes_256_cbc(); - else if (enc->keylength == 24) - cipher = EVP_des_ede3_cbc(); - else - goto done; - - ctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF); - if (ctx == NULL) - goto done; - - if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_CIPHER, cipher) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, inkey->keyblock.contents, - inkey->keyblock.length) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, - in_constant->data, in_constant->length) != 1 || - EVP_KDF_derive(ctx, (unsigned char *)outrnd->data, - outrnd->length) != 1) - goto done; - - ret = 0; -done: + /* Allocate encryption data buffer. */ + ret = alloc_data(&block, blocksize); if (ret) - zap(outrnd->data, outrnd->length); - EVP_KDF_CTX_free(ctx); - return ret; -} - -#else /* OSSL_KDFS */ + return ret; -/* - * NIST SP800-108 KDF in counter mode (section 5.1). - * Parameters: - * - HMAC (with hash as the hash provider) is the PRF. - * - A block counter of four bytes is used. - * - Four bytes are used to encode the output length in the PRF input. - * - * There are no uses requiring more than a single PRF invocation. - */ -static krb5_error_code -builtin_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *label, - const krb5_data *context) -{ - krb5_crypto_iov iov[5]; - krb5_error_code ret; - krb5_data prf; - unsigned char ibuf[4], lbuf[4]; + /* Initialize the input block. */ + if (in_constant->length == blocksize) { + memcpy(block.data, in_constant->data, blocksize); + } else { + krb5int_nfold(in_constant->length * 8, + (unsigned char *) in_constant->data, + blocksize * 8, (unsigned char *) block.data); + } - if (hash == NULL || outrnd->length > hash->hashsize) - return KRB5_CRYPTO_INTERNAL; + /* Loop encrypting the blocks until enough key bytes are generated. */ + n = 0; + while (n < keybytes) { + ret = encrypt_block(enc, inkey, &block); + if (ret) + goto cleanup; - /* Allocate encryption data buffer. */ - ret = alloc_data(&prf, hash->hashsize); - if (ret) - return ret; + if ((keybytes - n) <= blocksize) { + memcpy(outrnd->data + n, block.data, (keybytes - n)); + break; + } - /* [i]2: four-byte big-endian binary string giving the block counter (1) */ - iov[0].flags = KRB5_CRYPTO_TYPE_DATA; - iov[0].data = make_data(ibuf, sizeof(ibuf)); - store_32_be(1, ibuf); - /* Label */ - iov[1].flags = KRB5_CRYPTO_TYPE_DATA; - iov[1].data = *label; - /* 0x00: separator byte */ - iov[2].flags = KRB5_CRYPTO_TYPE_DATA; - iov[2].data = make_data("", 1); - /* Context */ - iov[3].flags = KRB5_CRYPTO_TYPE_DATA; - iov[3].data = *context; - /* [L]2: four-byte big-endian binary string giving the output length */ - iov[4].flags = KRB5_CRYPTO_TYPE_DATA; - iov[4].data = make_data(lbuf, sizeof(lbuf)); - store_32_be(outrnd->length * 8, lbuf); + memcpy(outrnd->data + n, block.data, blocksize); + n += blocksize; + } - ret = krb5int_hmac(hash, inkey, iov, 5, &prf); - if (!ret) - memcpy(outrnd->data, prf.data, outrnd->length); - zapfree(prf.data, prf.length); +cleanup: + zapfree(block.data, blocksize); return ret; } @@ -284,9 +139,9 @@ builtin_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, * - Four bytes are used to encode the output length in the PRF input. */ static krb5_error_code -builtin_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) +derive_random_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, + krb5_key inkey, krb5_data *outrnd, + const krb5_data *in_constant) { size_t blocksize, keybytes, n; krb5_crypto_iov iov[6]; @@ -349,95 +204,57 @@ cleanup: return ret; } -static krb5_error_code -builtin_derive_random_rfc3961(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) +/* + * NIST SP800-108 KDF in counter mode (section 5.1). + * Parameters: + * - HMAC (with hash as the hash provider) is the PRF. + * - A block counter of four bytes is used. + * - Four bytes are used to encode the output length in the PRF input. + * + * There are no uses requiring more than a single PRF invocation. + */ +krb5_error_code +k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, + krb5_key inkey, krb5_data *outrnd, + const krb5_data *label, const krb5_data *context) { - size_t blocksize, keybytes, n; + krb5_crypto_iov iov[5]; krb5_error_code ret; - krb5_data block = empty_data(); - - blocksize = enc->block_size; - keybytes = enc->keybytes; + krb5_data prf; + unsigned char ibuf[4], lbuf[4]; - if (blocksize == 1) - return KRB5_BAD_ENCTYPE; - if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) + if (hash == NULL || outrnd->length > hash->hashsize) return KRB5_CRYPTO_INTERNAL; /* Allocate encryption data buffer. */ - ret = alloc_data(&block, blocksize); + ret = alloc_data(&prf, hash->hashsize); if (ret) return ret; - /* Initialize the input block. */ - if (in_constant->length == blocksize) { - memcpy(block.data, in_constant->data, blocksize); - } else { - krb5int_nfold(in_constant->length * 8, - (unsigned char *) in_constant->data, - blocksize * 8, (unsigned char *) block.data); - } - - /* Loop encrypting the blocks until enough key bytes are generated. */ - n = 0; - while (n < keybytes) { - ret = encrypt_block(enc, inkey, &block); - if (ret) - goto cleanup; - - if ((keybytes - n) <= blocksize) { - memcpy(outrnd->data + n, block.data, (keybytes - n)); - break; - } - - memcpy(outrnd->data + n, block.data, blocksize); - n += blocksize; - } + /* [i]2: four-byte big-endian binary string giving the block counter (1) */ + iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + iov[0].data = make_data(ibuf, sizeof(ibuf)); + store_32_be(1, ibuf); + /* Label */ + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data = *label; + /* 0x00: separator byte */ + iov[2].flags = KRB5_CRYPTO_TYPE_DATA; + iov[2].data = make_data("", 1); + /* Context */ + iov[3].flags = KRB5_CRYPTO_TYPE_DATA; + iov[3].data = *context; + /* [L]2: four-byte big-endian binary string giving the output length */ + iov[4].flags = KRB5_CRYPTO_TYPE_DATA; + iov[4].data = make_data(lbuf, sizeof(lbuf)); + store_32_be(outrnd->length * 8, lbuf); -cleanup: - zapfree(block.data, blocksize); + ret = krb5int_hmac(hash, inkey, iov, 5, &prf); + if (!ret) + memcpy(outrnd->data, prf.data, outrnd->length); + zapfree(prf.data, prf.length); return ret; } -#endif /* OSSL_KDFS */ - -krb5_error_code -k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *label, const krb5_data *context) -{ -#ifdef OSSL_KDFS - return openssl_kbdkf_counter_hmac(hash, inkey, outrnd, label, context); -#else - return builtin_sp800_108_counter_hmac(hash, inkey, outrnd, label, - context); -#endif -} - -static krb5_error_code -k5_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) -{ -#ifdef OSSL_KDFS - return openssl_kbkdf_feedback_cmac(enc, inkey, outrnd, in_constant); -#else - return builtin_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); -#endif -} - -static krb5_error_code -k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, - krb5_key inkey, krb5_data *outrnd, - const krb5_data *in_constant) -{ -#ifdef OSSL_KDFS - return openssl_krb5kdf(enc, inkey, outrnd, in_constant); -#else - return builtin_derive_random_rfc3961(enc, inkey, outrnd, in_constant); -#endif -} krb5_error_code krb5int_derive_random(const struct krb5_enc_provider *enc, @@ -449,9 +266,10 @@ krb5int_derive_random(const struct krb5_enc_provider *enc, switch (alg) { case DERIVE_RFC3961: - return k5_derive_random_rfc3961(enc, inkey, outrnd, in_constant); + return derive_random_rfc3961(enc, inkey, outrnd, in_constant); case DERIVE_SP800_108_CMAC: - return k5_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); + return derive_random_sp800_108_feedback_cmac(enc, inkey, outrnd, + in_constant); case DERIVE_SP800_108_HMAC: return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, &empty); diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c index a003791..1542d40 100644 --- a/src/lib/crypto/krb/enctype_util.c +++ b/src/lib/crypto/krb/enctype_util.c @@ -45,9 +45,6 @@ struct { { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" }, { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" }, - { ENCTYPE_DES3_CBC_SHA, "des3-cbc-sha1" }, - { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw" }, - { ENCTYPE_DES3_CBC_SHA1, "des3-hmac-sha1" }, { ENCTYPE_NULL, NULL } }; diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c index 7635393..fc27878 100644 --- a/src/lib/crypto/krb/etypes.c +++ b/src/lib/crypto/krb/etypes.c @@ -35,6 +35,27 @@ /* Deprecations come from RFC 6649 and RFC 8249. */ const struct krb5_keytypes krb5int_enctypes_list[] = { + { ENCTYPE_DES3_CBC_RAW, + "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", + &krb5int_enc_des3, NULL, + 16, + krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt, + krb5int_dk_string_to_key, k5_rand2key_des3, + NULL, /*PRF*/ + 0, + ETYPE_WEAK | ETYPE_DEPRECATED, 112 }, + + { ENCTYPE_DES3_CBC_SHA1, + "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, + "Triple DES cbc mode with HMAC/sha1", + &krb5int_enc_des3, &krb5int_hash_sha1, + 16, + krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt, + krb5int_dk_string_to_key, k5_rand2key_des3, + krb5int_dk_prf, + CKSUMTYPE_HMAC_SHA1_DES3, + ETYPE_DEPRECATED, 112 }, + /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we * consider its strength degraded and assign it an SSF value of 64. */ { ENCTYPE_ARCFOUR_HMAC, diff --git a/src/lib/crypto/krb/prf_des.c b/src/lib/crypto/krb/prf_des.c new file mode 100644 index 0000000..7a2d719 --- /dev/null +++ b/src/lib/crypto/krb/prf_des.c @@ -0,0 +1,47 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/krb/prf_des.c - RFC 3961 DES-based PRF */ +/* + * Copyright (C) 2004, 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "crypto_int.h" + +krb5_error_code +krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key, + const krb5_data *in, krb5_data *out) +{ + const struct krb5_hash_provider *hash = &krb5int_hash_md5; + krb5_crypto_iov iov; + krb5_error_code ret; + + /* Compute a hash of the input, storing into the output buffer. */ + iov.flags = KRB5_CRYPTO_TYPE_DATA; + iov.data = *in; + ret = hash->hash(&iov, 1, out); + if (ret != 0) + return ret; + + /* Encrypt the hash in place. */ + iov.data = *out; + return ktp->enc->encrypt(key, NULL, &iov, 1); +} diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c index f0e9984..cb9ca9b 100644 --- a/src/lib/crypto/krb/prng.c +++ b/src/lib/crypto/krb/prng.c @@ -26,8 +26,6 @@ #include "crypto_int.h" -#include - krb5_error_code KRB5_CALLCONV krb5_c_random_seed(krb5_context context, krb5_data *data) { @@ -101,16 +99,9 @@ krb5_boolean k5_get_os_entropy(unsigned char *buf, size_t len, int strong) { const char *device; +#if defined(__linux__) && defined(SYS_getrandom) int r; - /* A wild FIPS mode appeared! */ - if (FIPS_mode()) { - /* The return codes on this API are not good */ - r = RAND_bytes(buf, len); - return r == 1; - } - -#if defined(__linux__) && defined(SYS_getrandom) while (len > 0) { /* * Pull from the /dev/urandom pool, but require it to have been seeded. diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c index 863090b..1574625 100644 --- a/src/lib/crypto/krb/random_to_key.c +++ b/src/lib/crypto/krb/random_to_key.c @@ -71,3 +71,48 @@ k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock) memcpy(keyblock->contents, randombits->data, randombits->length); return 0; } + +static inline void +eighth_byte(unsigned char *b) +{ + b[7] = (((b[0] & 1) << 1) | ((b[1] & 1) << 2) | ((b[2] & 1) << 3) | + ((b[3] & 1) << 4) | ((b[4] & 1) << 5) | ((b[5] & 1) << 6) | + ((b[6] & 1) << 7)); +} + +krb5_error_code +k5_rand2key_des(const krb5_data *randombits, krb5_keyblock *keyblock) +{ + if (randombits->length != 7) + return(KRB5_CRYPTO_INTERNAL); + + keyblock->magic = KV5M_KEYBLOCK; + + /* Take the seven bytes, move them around into the top 7 bits of the + * 8 key bytes, then compute the parity bits. */ + memcpy(keyblock->contents, randombits->data, randombits->length); + eighth_byte(keyblock->contents); + k5_des_fixup_key_parity(keyblock->contents); + + return 0; +} + +krb5_error_code +k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock) +{ + int i; + + if (randombits->length != 21) + return KRB5_CRYPTO_INTERNAL; + + keyblock->magic = KV5M_KEYBLOCK; + + /* Take the seven bytes, move them around into the top 7 bits of the + * 8 key bytes, then compute the parity bits. Do this three times. */ + for (i = 0; i < 3; i++) { + memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7); + eighth_byte(&keyblock->contents[i * 8]); + k5_des_fixup_key_parity(&keyblock->contents[i * 8]); + } + return 0; +} diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 9db1813..451d5e0 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -86,6 +86,7 @@ krb5_k_verify_checksum krb5_k_verify_checksum_iov krb5int_aes_encrypt krb5int_aes_decrypt +krb5int_enc_des3 krb5int_arcfour_gsscrypt krb5int_camellia_cbc_mac krb5int_cmac_checksum diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in index 234fc0e..aa434b1 100644 --- a/src/lib/crypto/openssl/Makefile.in +++ b/src/lib/crypto/openssl/Makefile.in @@ -1,6 +1,6 @@ mydir=lib$(S)crypto$(S)openssl BUILDTOP=$(REL)..$(S)..$(S).. -SUBDIRS=camellia aes md4 md5 sha1 sha2 enc_provider hash_provider +SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir) STLIBOBJS=\ @@ -24,14 +24,14 @@ SRCS=\ $(srcdir)/sha256.c \ $(srcdir)/stubs.c -STOBJLISTS= md4/OBJS.ST \ +STOBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ aes/OBJS.ST \ OBJS.ST -SUBDIROBJLISTS= md4/OBJS.ST \ +SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \ md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST \ enc_provider/OBJS.ST \ hash_provider/OBJS.ST \ @@ -42,7 +42,7 @@ includes: depend depend: $(SRCS) -clean-unix:: clean-libobjsn +clean-unix:: clean-libobjs @lib_frag@ @libobj_frag@ diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in new file mode 100644 index 0000000..4392fb8 --- /dev/null +++ b/src/lib/crypto/openssl/des/Makefile.in @@ -0,0 +1,20 @@ +mydir=lib$(S)crypto$(S)openssl$(S)des +BUILDTOP=$(REL)..$(S)..$(S)..$(S).. +LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. + +STLIBOBJS= des_keys.o + +OBJS= $(OUTPRE)des_keys.$(OBJEXT) + +SRCS= $(srcdir)/des_keys.c + +all-unix: all-libobjs + +includes: depend + +depend: $(SRCS) + +clean-unix:: clean-libobjs + +@libobj_frag@ + diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps new file mode 100644 index 0000000..21b904f --- /dev/null +++ b/src/lib/crypto/openssl/des/deps @@ -0,0 +1,15 @@ +# +# Generated makefile dependencies follow. +# +des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../crypto_mod.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ + des_keys.c diff --git a/src/lib/crypto/openssl/des/des_keys.c b/src/lib/crypto/openssl/des/des_keys.c new file mode 100644 index 0000000..51d9db2 --- /dev/null +++ b/src/lib/crypto/openssl/des/des_keys.c @@ -0,0 +1,40 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/des/des_keys.c - Key functions used by Kerberos code */ +/* + * Copyright (C) 2011 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "crypto_int.h" +#include + +void +k5_des_fixup_key_parity(unsigned char *keybits) +{ + DES_set_odd_parity((DES_cblock *)keybits); +} + +krb5_boolean +k5_des_is_weak_key(unsigned char *keybits) +{ + return DES_is_weak_key((DES_cblock *)keybits); +} diff --git a/src/lib/crypto/openssl/enc_provider/Makefile.in b/src/lib/crypto/openssl/enc_provider/Makefile.in index 2b32c3a..a9069d2 100644 --- a/src/lib/crypto/openssl/enc_provider/Makefile.in +++ b/src/lib/crypto/openssl/enc_provider/Makefile.in @@ -3,16 +3,19 @@ BUILDTOP=$(REL)..$(S)..$(S)..$(S).. LOCALINCLUDES = -I$(srcdir)/../../krb -I$(srcdir)/.. STLIBOBJS= \ + des3.o \ rc4.o \ aes.o \ camellia.o OBJS= \ + $(OUTPRE)des3.$(OBJEXT) \ $(OUTPRE)aes.$(OBJEXT) \ $(OUTPRE)camellia.$(OBJEXT) \ $(OUTPRE)rc4.$(OBJEXT) SRCS= \ + $(srcdir)/des3.c \ $(srcdir)/aes.c \ $(srcdir)/camellia.c \ $(srcdir)/rc4.c diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c index f79679a..2da6913 100644 --- a/src/lib/crypto/openssl/enc_provider/camellia.c +++ b/src/lib/crypto/openssl/enc_provider/camellia.c @@ -304,9 +304,6 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE]; struct iov_cursor cursor; - if (FIPS_mode()) - return KRB5_CRYPTO_INTERNAL; - if (output->length < CAMELLIA_BLOCK_SIZE) return KRB5_BAD_MSIZE; @@ -334,9 +331,6 @@ static krb5_error_code krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage, krb5_data *state) { - if (FIPS_mode()) - return KRB5_CRYPTO_INTERNAL; - state->length = 16; state->data = (void *) malloc(16); if (state->data == NULL) diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps index 91ba482..1c28cc8 100644 --- a/src/lib/crypto/openssl/enc_provider/deps +++ b/src/lib/crypto/openssl/enc_provider/deps @@ -1,6 +1,17 @@ # # Generated makefile dependencies follow. # +des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ + $(srcdir)/../crypto_mod.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ + $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ + $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h des3.c aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \ diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c new file mode 100644 index 0000000..1c439c2 --- /dev/null +++ b/src/lib/crypto/openssl/enc_provider/des3.c @@ -0,0 +1,184 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/openssl/enc_provider/des3.c */ +/* + * Copyright (C) 2009 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* + * Copyright (C) 1998 by the FundsXpress, INC. + * + * All rights reserved. + * + * Export of this software from the United States of America may require + * a specific license from the United States Government. It is the + * responsibility of any person or organization contemplating export to + * obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of FundsXpress. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. FundsXpress makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "crypto_int.h" +#include + + +#define DES3_BLOCK_SIZE 8 +#define DES3_KEY_SIZE 24 +#define DES3_KEY_BYTES 21 + +static krb5_error_code +validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data, + size_t num_data, krb5_boolean *empty) +{ + size_t input_length = iov_total_length(data, num_data, FALSE); + + if (key->keyblock.length != DES3_KEY_SIZE) + return(KRB5_BAD_KEYSIZE); + if ((input_length%DES3_BLOCK_SIZE) != 0) + return(KRB5_BAD_MSIZE); + if (ivec && (ivec->length != 8)) + return(KRB5_BAD_MSIZE); + + *empty = (input_length == 0); + return 0; +} + +static krb5_error_code +k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + int ret, olen = DES3_BLOCK_SIZE; + unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; + struct iov_cursor cursor; + EVP_CIPHER_CTX *ctx; + krb5_boolean empty; + + ret = validate(key, ivec, data, num_data, &empty); + if (ret != 0 || empty) + return ret; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return ENOMEM; + + ret = EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, + key->keyblock.contents, + (ivec) ? (unsigned char*)ivec->data : NULL); + if (!ret) { + EVP_CIPHER_CTX_free(ctx); + return KRB5_CRYPTO_INTERNAL; + } + + EVP_CIPHER_CTX_set_padding(ctx,0); + + k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); + while (k5_iov_cursor_get(&cursor, iblock)) { + ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, DES3_BLOCK_SIZE); + if (!ret) + break; + k5_iov_cursor_put(&cursor, oblock); + } + + if (ivec != NULL) + memcpy(ivec->data, oblock, DES3_BLOCK_SIZE); + + EVP_CIPHER_CTX_free(ctx); + + zap(iblock, sizeof(iblock)); + zap(oblock, sizeof(oblock)); + + if (ret != 1) + return KRB5_CRYPTO_INTERNAL; + return 0; +} + +static krb5_error_code +k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + size_t num_data) +{ + int ret, olen = DES3_BLOCK_SIZE; + unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE]; + struct iov_cursor cursor; + EVP_CIPHER_CTX *ctx; + krb5_boolean empty; + + ret = validate(key, ivec, data, num_data, &empty); + if (ret != 0 || empty) + return ret; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return ENOMEM; + + ret = EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, + key->keyblock.contents, + (ivec) ? (unsigned char*)ivec->data : NULL); + if (!ret) { + EVP_CIPHER_CTX_free(ctx); + return KRB5_CRYPTO_INTERNAL; + } + + EVP_CIPHER_CTX_set_padding(ctx,0); + + k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE); + while (k5_iov_cursor_get(&cursor, iblock)) { + ret = EVP_DecryptUpdate(ctx, oblock, &olen, + (unsigned char *)iblock, DES3_BLOCK_SIZE); + if (!ret) + break; + k5_iov_cursor_put(&cursor, oblock); + } + + if (ivec != NULL) + memcpy(ivec->data, iblock, DES3_BLOCK_SIZE); + + EVP_CIPHER_CTX_free(ctx); + + zap(iblock, sizeof(iblock)); + zap(oblock, sizeof(oblock)); + + if (ret != 1) + return KRB5_CRYPTO_INTERNAL; + return 0; +} + +const struct krb5_enc_provider krb5int_enc_des3 = { + DES3_BLOCK_SIZE, + DES3_KEY_BYTES, DES3_KEY_SIZE, + k5_des3_encrypt, + k5_des3_decrypt, + NULL, + krb5int_des_init_state, + krb5int_default_free_state +}; diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c index 6ccaca9..a65d57b 100644 --- a/src/lib/crypto/openssl/enc_provider/rc4.c +++ b/src/lib/crypto/openssl/enc_provider/rc4.c @@ -66,9 +66,6 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, EVP_CIPHER_CTX *ctx = NULL; struct arcfour_state *arcstate; - if (FIPS_mode()) - return KRB5_CRYPTO_INTERNAL; - arcstate = (state != NULL) ? (void *)state->data : NULL; if (arcstate != NULL) { ctx = arcstate->ctx; @@ -116,12 +113,7 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, static void k5_arcfour_free_state(krb5_data *state) { - struct arcfour_state *arcstate; - - if (FIPS_mode()) - return; - - arcstate = (void *) state->data; + struct arcfour_state *arcstate = (void *)state->data; EVP_CIPHER_CTX_free(arcstate->ctx); free(arcstate); @@ -133,9 +125,6 @@ k5_arcfour_init_state(const krb5_keyblock *key, { struct arcfour_state *arcstate; - if (FIPS_mode()) - return KRB5_CRYPTO_INTERNAL; - /* * The cipher state here is a saved pointer to a struct arcfour_state * object, rather than a flat byte array as in most enc providers. The diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c index 2eb5139..1e0fb8f 100644 --- a/src/lib/crypto/openssl/hash_provider/hash_evp.c +++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c @@ -49,11 +49,6 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, if (ctx == NULL) return ENOMEM; - if (type == EVP_md4() || type == EVP_md5()) { - /* See comments below in hash_md4() and hash_md5(). */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } - ok = EVP_DigestInit_ex(ctx, type, NULL); for (i = 0; i < num_data; i++) { if (!SIGN_IOV(&data[i])) @@ -69,19 +64,12 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, static krb5_error_code hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { - /* - * MD4 is needed in FIPS mode to perform key generation for RC4 keys used - * by IPA. These keys are only used along a (separately) secured channel - * for legacy reasons when performing trusts to Active Directory. - */ return hash_evp(EVP_md4(), data, num_data, output); } static krb5_error_code hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output) { - /* MD5 is needed in FIPS mode for communication with RADIUS servers. This - * is gated in libkrad by libdefaults->radius_md5_fips_override. */ return hash_evp(EVP_md5(), data, num_data, output); } diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c index 769a50c..7dc59dc 100644 --- a/src/lib/crypto/openssl/hmac.c +++ b/src/lib/crypto/openssl/hmac.c @@ -103,11 +103,7 @@ map_digest(const struct krb5_hash_provider *hash) return EVP_sha256(); else if (!strncmp(hash->hash_name, "SHA-384",7)) return EVP_sha384(); - - if (FIPS_mode()) - return NULL; - - if (!strncmp(hash->hash_name, "MD5", 3)) + else if (!strncmp(hash->hash_name, "MD5", 3)) return EVP_md5(); else if (!strncmp(hash->hash_name, "MD4", 3)) return EVP_md4(); diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h index c675e8e..218456e 100644 --- a/src/lib/gssapi/generic/gssapi_ext.h +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -595,8 +595,6 @@ gss_store_cred_into( * attribute (along with any applicable RFC 5587 attributes). */ -#define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */ - OM_uint32 KRB5_CALLCONV gssspi_query_meta_data( OM_uint32 *minor_status, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index abccb5d..c821cc8 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -98,7 +98,6 @@ */ #include "k5-int.h" -#include "k5-input.h" #include "gssapiP_krb5.h" #ifdef HAVE_MEMORY_H #include @@ -216,7 +215,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred) if ((retval = krb5_cc_initialize(context, ccache, creds[0]->client))) goto cleanup; - if ((retval = k5_cc_store_primary_cred(context, ccache, creds[0]))) + if ((retval = krb5_cc_store_cred(context, ccache, creds[0]))) goto cleanup; /* generate a delegated credential handle */ @@ -414,228 +413,6 @@ kg_process_extension(krb5_context context, return code; } -/* The length of the MD5 channel bindings in an 0x8003 checksum */ -#define CB_MD5_LEN 16 - -/* The minimum length of an 0x8003 checksum value (4-byte channel bindings - * length, 16-byte channel bindings, 4-byte flags) */ -#define MIN_8003_LEN (4 + CB_MD5_LEN + 4) - -/* The flags we accept from the initiator's authenticator checksum. */ -#define INITIATOR_FLAGS (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | \ - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | \ - GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE | \ - GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG) - -/* A zero-value channel binding, for comparison */ -static const uint8_t null_cb[CB_MD5_LEN]; - -/* Look for AP_OPTIONS in authdata. If present and the options include - * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */ -static krb5_error_code -check_cbt(krb5_context context, krb5_authdata *const *authdata, - krb5_boolean *cbt_out) -{ - krb5_error_code code; - krb5_authdata **ad; - uint32_t ad_ap_options; - const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; - - *cbt_out = FALSE; - - code = krb5_find_authdata(context, NULL, authdata, - KRB5_AUTHDATA_AP_OPTIONS, &ad); - if (code || ad == NULL) - return code; - if (ad[1] != NULL || ad[0]->length != 4) { - code = KRB5KRB_AP_ERR_MSG_TYPE; - } else { - ad_ap_options = load_32_le(ad[0]->contents); - if (ad_ap_options & KERB_AP_OPTIONS_CBT) - *cbt_out = TRUE; - } - - krb5_free_authdata(context, ad); - return code; -} - -/* - * The krb5 GSS mech appropriates the authenticator checksum field from RFC - * 4120 to store structured data instead of a checksum, indicated with checksum - * type 0x8003 (see RFC 4121 section 4.1.1). Some implementations instead send - * no checksum, or a regular checksum over empty data. - * - * Interpret the checksum. Read delegated creds into *deleg_out if it is not - * NULL. Set *flags_out to the allowed subset of token flags, plus - * GSS_C_DELEG_FLAG if a delegated credential was present and - * GSS_C_CHANNEL_BOUND_FLAG if matching channel bindings are present. Process - * any extensions found using exts. On error, set *code_out to a krb5_error - * code for use as a minor status value. - */ -static OM_uint32 -process_checksum(OM_uint32 *minor_status, krb5_context context, - gss_channel_bindings_t acceptor_cb, - krb5_auth_context auth_context, krb5_flags ap_req_options, - krb5_authenticator *authenticator, krb5_gss_ctx_ext_t exts, - krb5_gss_cred_id_t *deleg_out, krb5_ui_4 *flags_out, - krb5_error_code *code_out) -{ - krb5_error_code code = 0; - OM_uint32 status, option_id, token_flags; - size_t cb_len, option_len; - krb5_boolean valid, client_cbt, token_cb_present = FALSE, cb_match = FALSE; - krb5_key subkey; - krb5_data option, empty = empty_data(); - krb5_checksum cb_cksum; - const uint8_t *token_cb, *option_bytes; - struct k5input in; - const krb5_checksum *cksum = authenticator->checksum; - - cb_cksum.contents = NULL; - - if (cksum == NULL) { - /* - * Some SMB client implementations use handcrafted GSSAPI code that - * does not provide a checksum. MS-KILE documents that the Microsoft - * implementation considers a missing checksum acceptable; the server - * assumes all flags are unset in this case, and does not check channel - * bindings. - */ - *flags_out = 0; - } else if (cksum->checksum_type != CKSUMTYPE_KG_CB) { - /* Samba sends a regular checksum. */ - code = krb5_auth_con_getkey_k(context, auth_context, &subkey); - if (code) { - status = GSS_S_FAILURE; - goto fail; - } - - /* Verifying the checksum ensures that this authenticator wasn't - * replayed from one with a checksum over actual data. */ - code = krb5_k_verify_checksum(context, subkey, - KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, &empty, - cksum, &valid); - krb5_k_free_key(context, subkey); - if (code || !valid) { - status = GSS_S_BAD_SIG; - goto fail; - } - - /* Use ap_options from the request to guess the mutual flag. */ - *flags_out = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; - if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) - *flags_out |= GSS_C_MUTUAL_FLAG; - } else { - /* The checksum must contain at least a fixed 24-byte part. */ - if (cksum->length < MIN_8003_LEN) { - status = GSS_S_BAD_BINDINGS; - goto fail; - } - - k5_input_init(&in, cksum->contents, cksum->length); - cb_len = k5_input_get_uint32_le(&in); - if (cb_len != CB_MD5_LEN) { - code = KG_BAD_LENGTH; - status = GSS_S_FAILURE; - goto fail; - } - - token_cb = k5_input_get_bytes(&in, cb_len); - if (acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS) { - code = kg_checksum_channel_bindings(context, acceptor_cb, - &cb_cksum); - if (code) { - status = GSS_S_BAD_BINDINGS; - goto fail; - } - assert(cb_cksum.length == cb_len); - token_cb_present = (k5_bcmp(token_cb, null_cb, cb_len) != 0); - cb_match = (k5_bcmp(token_cb, cb_cksum.contents, cb_len) == 0); - if (token_cb_present && !cb_match) { - status = GSS_S_BAD_BINDINGS; - goto fail; - } - } - - /* Read the token flags and accept some of them as context flags. */ - token_flags = k5_input_get_uint32_le(&in); - *flags_out = token_flags & INITIATOR_FLAGS; - if (cb_match) - *flags_out |= GSS_C_CHANNEL_BOUND_FLAG; - - /* Read the delegated credential if present. */ - if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) { - option_id = k5_input_get_uint16_le(&in); - option_len = k5_input_get_uint16_le(&in); - option_bytes = k5_input_get_bytes(&in, option_len); - option = make_data((uint8_t *)option_bytes, option_len); - if (in.status) { - code = KG_BAD_LENGTH; - status = GSS_S_FAILURE; - goto fail; - } - if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { - status = GSS_S_FAILURE; - goto fail; - } - - /* Store the delegated credential. */ - code = rd_and_store_for_creds(context, auth_context, &option, - deleg_out); - if (code) { - status = GSS_S_FAILURE; - goto fail; - } - *flags_out |= GSS_C_DELEG_FLAG; - } - - /* Process any extensions at the end of the checksum. Extensions use - * 4-byte big-endian tag and length instead of 2-byte little-endian. */ - while (in.len > 0) { - option_id = k5_input_get_uint32_be(&in); - option_len = k5_input_get_uint32_be(&in); - option_bytes = k5_input_get_bytes(&in, option_len); - option = make_data((uint8_t *)option_bytes, option_len); - if (in.status) { - code = KG_BAD_LENGTH; - status = GSS_S_FAILURE; - goto fail; - } - - code = kg_process_extension(context, auth_context, option_id, - &option, exts); - if (code) { - status = GSS_S_FAILURE; - goto fail; - } - } - } - - /* - * If the client asserts the KERB_AP_OPTIONS_CBT flag (from MS-KILE) in the - * authenticator authdata, and the acceptor passed channel bindings, - * require matching channel bindings from the client. The intent is to - * prevent an authenticator generated for use outside of a TLS channel from - * being used inside of one. - */ - code = check_cbt(context, authenticator->authorization_data, &client_cbt); - if (code) { - status = GSS_S_FAILURE; - goto fail; - } - if (client_cbt && acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS && !cb_match) { - status = GSS_S_BAD_BINDINGS; - goto fail; - } - - status = GSS_S_COMPLETE; - -fail: - free(cb_cksum.contents); - *code_out = code; - return status; -} - static OM_uint32 kg_accept_krb5(minor_status, context_handle, verifier_cred_handle, input_token, @@ -656,13 +433,17 @@ kg_accept_krb5(minor_status, context_handle, krb5_gss_ctx_ext_t exts; { krb5_context context; - unsigned char *ptr; + unsigned char *ptr, *ptr2; char *sptr; + OM_uint32 tmp; + size_t md5len; krb5_gss_cred_id_t cred = 0; krb5_data ap_rep, ap_req; + unsigned int i; krb5_error_code code; krb5_address addr, *paddr; krb5_authenticator *authdat = 0; + krb5_checksum reqcksum; krb5_gss_name_t name = NULL; krb5_ui_4 gss_flags = 0; krb5_gss_ctx_id_rec *ctx = NULL; @@ -670,6 +451,8 @@ kg_accept_krb5(minor_status, context_handle, gss_buffer_desc token; krb5_auth_context auth_context = NULL; krb5_ticket * ticket = NULL; + int option_id; + krb5_data option; const gss_OID_desc *mech_used = NULL; OM_uint32 major_status = GSS_S_FAILURE; OM_uint32 tmp_minor_status; @@ -680,6 +463,7 @@ kg_accept_krb5(minor_status, context_handle, krb5int_access kaccess; int cred_rcache = 0; int no_encap = 0; + int token_deleg_flag = 0; krb5_flags ap_req_options = 0; krb5_enctype negotiated_etype; krb5_authdata_context ad_context = NULL; @@ -705,6 +489,7 @@ kg_accept_krb5(minor_status, context_handle, output_token->length = 0; output_token->value = NULL; token.value = 0; + reqcksum.contents = 0; ap_req.data = 0; ap_rep.data = 0; @@ -869,16 +654,195 @@ kg_accept_krb5(minor_status, context_handle, krb5_auth_con_getauthenticator(context, auth_context, &authdat); - major_status = process_checksum(minor_status, context, input_chan_bindings, - auth_context, ap_req_options, - authdat, exts, - delegated_cred_handle ? &deleg_cred : NULL, - &gss_flags, &code); + if (authdat->checksum == NULL) { + /* + * Some SMB client implementations use handcrafted GSSAPI code that + * does not provide a checksum. MS-KILE documents that the Microsoft + * implementation considers a missing checksum acceptable; the server + * assumes all flags are unset in this case, and does not check channel + * bindings. + */ + gss_flags = 0; + } else if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { + /* Samba does not send 0x8003 GSS-API checksums */ + krb5_boolean valid; + krb5_key subkey; + krb5_data zero; - if (major_status != GSS_S_COMPLETE) - goto fail; + code = krb5_auth_con_getkey_k(context, auth_context, &subkey); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + + zero.length = 0; + zero.data = ""; + + code = krb5_k_verify_checksum(context, + subkey, + KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, + &zero, + authdat->checksum, + &valid); + krb5_k_free_key(context, subkey); + if (code || !valid) { + major_status = GSS_S_BAD_SIG; + goto fail; + } - major_status = GSS_S_FAILURE; + /* Use ap_options from the request to guess the mutual flag. */ + gss_flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) + gss_flags |= GSS_C_MUTUAL_FLAG; + } else { + /* gss krb5 v1 */ + + /* stash this now, for later. */ + code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + + /* verify that the checksum is correct */ + + /* + The checksum may be either exactly 24 bytes, in which case + no options are specified, or greater than 24 bytes, in which case + one or more options are specified. Currently, the only valid + option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ). + */ + + if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) || + (authdat->checksum->length < 24)) { + code = 0; + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } + + ptr = (unsigned char *) authdat->checksum->contents; + + TREAD_INT(ptr, tmp, 0); + + if (tmp != md5len) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } + + /* + The following section of code attempts to implement the + optional channel binding facility as described in RFC2743. + + Since this facility is optional channel binding may or may + not have been provided by either the client or the server. + + If the server has specified input_chan_bindings equal to + GSS_C_NO_CHANNEL_BINDINGS then we skip the check. If + the server does provide channel bindings then we compute + a checksum and compare against those provided by the + client. */ + + if ((code = kg_checksum_channel_bindings(context, + input_chan_bindings, + &reqcksum))) { + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } + + /* Always read the clients bindings - eventhough we might ignore them */ + TREAD_STR(ptr, ptr2, reqcksum.length); + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) { + if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) { + xfree(reqcksum.contents); + reqcksum.contents = 0; + code = 0; + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } + + } + + xfree(reqcksum.contents); + reqcksum.contents = 0; + + /* Read the token flags. Remember if GSS_C_DELEG_FLAG was set, but + * mask it out until we actually read a delegated credential. */ + TREAD_INT(ptr, gss_flags, 0); + token_deleg_flag = (gss_flags & GSS_C_DELEG_FLAG); + gss_flags &= ~GSS_C_DELEG_FLAG; + + /* if the checksum length > 24, there are options to process */ + + i = authdat->checksum->length - 24; + if (i && token_deleg_flag) { + if (i >= 4) { + TREAD_INT16(ptr, option_id, 0); + TREAD_INT16(ptr, option.length, 0); + i -= 4; + + if (i < option.length) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } + + /* have to use ptr2, since option.data is wrong type and + macro uses ptr as both lvalue and rvalue */ + + TREAD_STR(ptr, ptr2, option.length); + option.data = (char *) ptr2; + + i -= option.length; + + if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { + major_status = GSS_S_FAILURE; + goto fail; + } + + /* store the delegated credential */ + + code = rd_and_store_for_creds(context, auth_context, &option, + (delegated_cred_handle) ? + &deleg_cred : NULL); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + + gss_flags |= GSS_C_DELEG_FLAG; + } /* if i >= 4 */ + /* ignore any additional trailing data, for now */ + } + while (i > 0) { + /* Process Type-Length-Data options */ + if (i < 8) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } + TREAD_INT(ptr, option_id, 1); + TREAD_INT(ptr, option.length, 1); + i -= 8; + if (i < option.length) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } + TREAD_STR(ptr, ptr2, option.length); + option.data = (char *)ptr2; + + i -= option.length; + + code = kg_process_extension(context, auth_context, + option_id, &option, exts); + if (code != 0) { + major_status = GSS_S_FAILURE; + goto fail; + } + } + } if (exts->iakerb.conv && !exts->iakerb.verified) { major_status = GSS_S_BAD_SIG; @@ -905,7 +869,12 @@ kg_accept_krb5(minor_status, context_handle, ctx->mech_used = (gss_OID) mech_used; ctx->auth_context = auth_context; ctx->initiate = 0; - ctx->gss_flags = gss_flags | GSS_C_TRANS_FLAG; + ctx->gss_flags = (GSS_C_TRANS_FLAG | + ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | + GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG | + GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG | + GSS_C_EXTENDED_ERROR_FLAG))); ctx->seed_init = 0; ctx->cred_rcache = cred_rcache; @@ -1041,6 +1010,7 @@ kg_accept_krb5(minor_status, context_handle, } switch (negotiated_etype) { + case ENCTYPE_DES3_CBC_SHA1: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" @@ -1192,6 +1162,8 @@ fail: krb5_auth_con_free(context, auth_context); } + if (reqcksum.contents) + xfree(reqcksum.contents); if (ap_rep.data) krb5_free_data_contents(context, &ap_rep); if (major_status == GSS_S_COMPLETE || diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 4062f47..acc1868 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -557,23 +557,15 @@ set_refresh_time(krb5_context context, krb5_ccache ccache, krb5_boolean kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred) { - krb5_timestamp now, soon; + krb5_timestamp now; if (krb5_timeofday(context, &now)) return FALSE; - soon = ts_incr(now, 30); if (cred->refresh_time != 0 && !ts_after(cred->refresh_time, now)) { - set_refresh_time(context, cred->ccache, soon); + set_refresh_time(context, cred->ccache, + ts_incr(cred->refresh_time, 30)); return TRUE; } - - /* If the creds will expire soon, try to refresh even if they weren't - * acquired with a client keytab. */ - if (ts_after(soon, cred->expire)) { - set_refresh_time(context, cred->ccache, soon); - return TRUE; - } - return FALSE; } diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index f5b0fed..2e2c775 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -125,14 +125,14 @@ enum sgn_alg { /* SGN_ALG_DES_MAC = 0x0002, */ /* SGN_ALG_3 = 0x0003, /\* not published *\/ */ SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ - /* SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 */ + SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 }; enum seal_alg { SEAL_ALG_NONE = 0xffff, /* SEAL_ALG_DES = 0x0000, */ /* SEAL_ALG_1 = 0x0001, /\* not published *\/ */ SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ - /* SEAL_ALG_DES3KD = 0x0002 */ + SEAL_ALG_DES3KD = 0x0002 }; /* for 3DES */ @@ -153,7 +153,7 @@ enum qop { GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, /* GSS_KRB5_CONF_C_QOP_DES = 0x0100, */ - /* GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, */ + GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, GSS_KRB5_CONF_C_QOP_MASK = 0xff00 }; diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index 21023dd..da2ab14 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -102,8 +102,8 @@ parse_hostbased(const char *str, size_t len, memcpy(service, str, servicelen); service[servicelen] = '\0'; - /* Copy the hostname if present (at least one character after '@'). */ - if (len - servicelen > 1) { + /* If present, copy the hostname. */ + if (at != NULL) { hostlen = len - servicelen - 1; host = malloc(hostlen + 1); if (host == NULL) { diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index 7f7146a..d1cdce4 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -136,12 +136,19 @@ make_seal_token_v1 (krb5_context context, /* pad the plaintext, encrypt if needed, and stick it in the token */ - if (signalg != SGN_ALG_HMAC_MD5) - abort(); - - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - if (toktype != KG_TOK_SEAL_MSG) - sign_usage = 15; + /* initialize the the checksum */ + switch (signalg) { + case SGN_ALG_HMAC_SHA1_DES3_KD: + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; + case SGN_ALG_HMAC_MD5: + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + if (toktype != KG_TOK_SEAL_MSG) + sign_usage = 15; + break; + default: + abort (); + } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) { @@ -189,8 +196,20 @@ make_seal_token_v1 (krb5_context context, gssalloc_free(t); return(code); } - - memcpy (ptr+14, md5cksum.contents, cksum_size); + switch(signalg) { + case SGN_ALG_HMAC_SHA1_DES3_KD: + /* + * Using key derivation, the call to krb5_c_make_checksum + * already dealt with encrypting. + */ + if (md5cksum.length != cksum_size) + abort (); + memcpy (ptr+14, md5cksum.contents, md5cksum.length); + break; + case SGN_ALG_HMAC_MD5: + memcpy (ptr+14, md5cksum.contents, cksum_size); + break; + } krb5_free_checksum_contents(context, &md5cksum); diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c index 9147bb2..9bb2ee1 100644 --- a/src/lib/gssapi/krb5/k5sealiov.c +++ b/src/lib/gssapi/krb5/k5sealiov.c @@ -144,11 +144,18 @@ make_seal_token_v1_iov(krb5_context context, /* pad the plaintext, encrypt if needed, and stick it in the token */ /* initialize the checksum */ - if (ctx->signalg != SGN_ALG_HMAC_MD5) - abort(); - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - if (toktype != KG_TOK_WRAP_MSG) - sign_usage = 15; + switch (ctx->signalg) { + case SGN_ALG_HMAC_SHA1_DES3_KD: + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; + case SGN_ALG_HMAC_MD5: + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + if (toktype != KG_TOK_WRAP_MSG) + sign_usage = 15; + break; + default: + abort (); + } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen); if (code != 0) @@ -170,7 +177,15 @@ make_seal_token_v1_iov(krb5_context context, if (code != 0) goto cleanup; - memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); + switch (ctx->signalg) { + case SGN_ALG_HMAC_SHA1_DES3_KD: + assert(md5cksum.length == ctx->cksum_size); + memcpy(ptr + 14, md5cksum.contents, md5cksum.length); + break; + case SGN_ALG_HMAC_MD5: + memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); + break; + } /* create the seq_num */ code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF, diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index f0cc4a6..9b183bc 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -131,21 +131,28 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, but few enough that we can try them all. */ if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || + (ctx->sealalg == SEAL_ALG_DES3KD && + signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && signalg != SGN_ALG_HMAC_MD5)) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - if (signalg != SGN_ALG_HMAC_MD5) { + switch (signalg) { + case SGN_ALG_HMAC_MD5: + cksum_len = 8; + if (toktype != KG_TOK_SEAL_MSG) + sign_usage = 15; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + cksum_len = 20; + break; + default: *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - cksum_len = 8; - if (toktype != KG_TOK_SEAL_MSG) - sign_usage = 15; - if ((size_t)bodysize < 14 + cksum_len) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; @@ -245,52 +252,63 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, /* compute the checksum of the message */ /* initialize the the cksum */ - if (signalg != SGN_ALG_HMAC_MD5) - abort(); - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + switch (signalg) { + case SGN_ALG_HMAC_MD5: + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; + default: + abort (); + } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) return(code); md5cksum.length = sumlen; - if (signalg != SGN_ALG_HMAC_MD5) { + switch (signalg) { + default: *minor_status = 0; return(GSS_S_DEFECTIVE_TOKEN); - } - /* compute the checksum of the message */ + case SGN_ALG_HMAC_SHA1_DES3_KD: + case SGN_ALG_HMAC_MD5: + /* compute the checksum of the message */ - /* 8 = bytes of token body to be checksummed according to spec */ + /* 8 = bytes of token body to be checksummed according to spec */ - if (! (data_ptr = xmalloc(8 + plainlen))) { - if (sealalg != 0xffff) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - gssalloc_free(token.value); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } + if (! (data_ptr = xmalloc(8 + plainlen))) { + if (sealalg != 0xffff) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + gssalloc_free(token.value); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } - (void) memcpy(data_ptr, ptr-2, 8); + (void) memcpy(data_ptr, ptr-2, 8); - (void) memcpy(data_ptr+8, plain, plainlen); + (void) memcpy(data_ptr+8, plain, plainlen); - plaind.length = 8 + plainlen; - plaind.data = data_ptr; - code = krb5_k_make_checksum(context, md5cksum.checksum_type, - ctx->seq, sign_usage, - &plaind, &md5cksum); - xfree(data_ptr); + plaind.length = 8 + plainlen; + plaind.data = data_ptr; + code = krb5_k_make_checksum(context, md5cksum.checksum_type, + ctx->seq, sign_usage, + &plaind, &md5cksum); + xfree(data_ptr); - if (code) { - if (toktype == KG_TOK_SEAL_MSG) - gssalloc_free(token.value); - *minor_status = code; - return(GSS_S_FAILURE); - } + if (code) { + if (toktype == KG_TOK_SEAL_MSG) + gssalloc_free(token.value); + *minor_status = code; + return(GSS_S_FAILURE); + } - code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); + code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); + break; + } krb5_free_checksum_contents(context, &md5cksum); if (sealalg != 0xffff) diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index 3ce2a90..85a9574 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -102,21 +102,28 @@ kg_unseal_v1_iov(krb5_context context, } if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || + (ctx->sealalg == SEAL_ALG_DES3KD && + signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && signalg != SGN_ALG_HMAC_MD5)) { *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - if (signalg != SGN_ALG_HMAC_MD5) { + switch (signalg) { + case SGN_ALG_HMAC_MD5: + cksum_len = 8; + if (toktype != KG_TOK_WRAP_MSG) + sign_usage = 15; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + cksum_len = 20; + break; + default: *minor_status = 0; return GSS_S_DEFECTIVE_TOKEN; } - cksum_len = 8; - if (toktype != KG_TOK_WRAP_MSG) - sign_usage = 15; - /* get the token parameters */ code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction, &seqnum); @@ -174,10 +181,16 @@ kg_unseal_v1_iov(krb5_context context, /* initialize the checksum */ - if (signalg != SGN_ALG_HMAC_MD5) + switch (signalg) { + case SGN_ALG_HMAC_MD5: + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; + default: abort(); - - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code != 0) { @@ -196,13 +209,18 @@ kg_unseal_v1_iov(krb5_context context, goto cleanup; } - if (signalg != SGN_ALG_HMAC_MD5) { + switch (signalg) { + case SGN_ALG_HMAC_SHA1_DES3_KD: + case SGN_ALG_HMAC_MD5: + code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); + break; + default: code = 0; retval = GSS_S_DEFECTIVE_TOKEN; goto cleanup; + break; } - code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len); if (code != 0) { code = 0; retval = GSS_S_BAD_SIG; diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index f7d3e92..80954af 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -97,6 +97,17 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey, return code; switch (subkey->keyblock.enctype) { + case ENCTYPE_DES3_CBC_SHA1: + code = kg_copy_keys(context, ctx, subkey); + if (code != 0) + return code; + + ctx->enc->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; + ctx->seq->keyblock.enctype = ENCTYPE_DES3_CBC_RAW; + ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; + ctx->cksum_size = 20; + ctx->sealalg = SEAL_ALG_DES3KD; + break; case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype, diff --git a/src/lib/gssapi/spnego/gssapiP_negoex.h b/src/lib/gssapi/spnego/gssapiP_negoex.h index 489ab7c..44b08f5 100644 --- a/src/lib/gssapi/spnego/gssapiP_negoex.h +++ b/src/lib/gssapi/spnego/gssapiP_negoex.h @@ -201,10 +201,10 @@ negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx, OM_uint32 negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req, - gss_buffer_t input_token, gss_channel_bindings_t bindings, - gss_buffer_t output_token, OM_uint32 *time_rec); + gss_buffer_t input_token, gss_buffer_t output_token, + OM_uint32 *time_rec); OM_uint32 negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, - gss_buffer_t input_token, gss_channel_bindings_t bindings, - gss_buffer_t output_token, OM_uint32 *time_rec); + gss_buffer_t input_token, gss_buffer_t output_token, + OM_uint32 *time_rec); diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 066ec73..a937633 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -357,14 +357,6 @@ OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit OM_uint32 *max_input_size ); -OM_uint32 KRB5_CALLCONV spnego_gss_localname -( - OM_uint32 *minor_status, - const gss_name_t pname, - const gss_const_OID mech_type, - gss_buffer_t localname -); - OM_uint32 KRB5_CALLCONV spnego_gss_get_mic ( OM_uint32 *minor_status, diff --git a/src/lib/gssapi/spnego/negoex_ctx.c b/src/lib/gssapi/spnego/negoex_ctx.c index 8848ee4..18d9d41 100644 --- a/src/lib/gssapi/spnego/negoex_ctx.c +++ b/src/lib/gssapi/spnego/negoex_ctx.c @@ -276,8 +276,7 @@ static OM_uint32 mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, gss_name_t target, OM_uint32 req_flags, OM_uint32 time_req, struct negoex_message *messages, size_t nmessages, - gss_channel_bindings_t bindings, gss_buffer_t output_token, - OM_uint32 *time_rec) + gss_buffer_t output_token, OM_uint32 *time_rec) { OM_uint32 major, first_major = 0, first_minor = 0; struct negoex_auth_mech *mech = NULL; @@ -317,9 +316,10 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, mech = K5_TAILQ_FIRST(&ctx->negoex_mechs); major = gss_init_sec_context(minor, cred, &mech->mech_context, target, - mech->oid, req_flags, time_req, bindings, - input_token, &ctx->actual_mech, - output_token, &ctx->ctx_flags, time_rec); + mech->oid, req_flags, time_req, + GSS_C_NO_CHANNEL_BINDINGS, input_token, + &ctx->actual_mech, output_token, + &ctx->ctx_flags, time_rec); if (major == GSS_S_COMPLETE) mech->complete = 1; @@ -351,8 +351,7 @@ mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, static OM_uint32 mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, struct negoex_message *messages, - size_t nmessages, gss_channel_bindings_t bindings, - gss_buffer_t output_token, OM_uint32 *time_rec) + size_t nmessages, gss_buffer_t output_token, OM_uint32 *time_rec) { OM_uint32 major, tmpmin; struct negoex_auth_mech *mech; @@ -396,10 +395,10 @@ mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_release_cred(&tmpmin, &ctx->deleg_cred); major = gss_accept_sec_context(minor, &mech->mech_context, cred, - &msg->token, bindings, &ctx->internal_name, - &ctx->actual_mech, output_token, - &ctx->ctx_flags, time_rec, - &ctx->deleg_cred); + &msg->token, GSS_C_NO_CHANNEL_BINDINGS, + &ctx->internal_name, &ctx->actual_mech, + output_token, &ctx->ctx_flags, + time_rec, &ctx->deleg_cred); if (major == GSS_S_COMPLETE) mech->complete = 1; @@ -610,8 +609,8 @@ make_output_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, OM_uint32 negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req, - gss_buffer_t input_token, gss_channel_bindings_t bindings, - gss_buffer_t output_token, OM_uint32 *time_rec) + gss_buffer_t input_token, gss_buffer_t output_token, + OM_uint32 *time_rec) { OM_uint32 major, tmpmin; gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER; @@ -664,8 +663,7 @@ negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, /* Process the input token and/or produce an output token. This may prune * the mech list, but on success there will be at least one mech entry. */ major = mech_init(minor, ctx, cred, target_name, req_flags, time_req, - messages, nmessages, bindings, &mech_output_token, - time_rec); + messages, nmessages, &mech_output_token, time_rec); if (major != GSS_S_COMPLETE) goto cleanup; assert(!K5_TAILQ_EMPTY(&ctx->negoex_mechs)); @@ -703,8 +701,8 @@ cleanup: OM_uint32 negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, - gss_buffer_t input_token, gss_channel_bindings_t bindings, - gss_buffer_t output_token, OM_uint32 *time_rec) + gss_buffer_t input_token, gss_buffer_t output_token, + OM_uint32 *time_rec) { OM_uint32 major, tmpmin; gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER; @@ -756,7 +754,7 @@ negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred, * prune the list to a single mech. Continue on error if an output token * is generated, so that we send the token to the initiator. */ - major = mech_accept(minor, ctx, cred, messages, nmessages, bindings, + major = mech_accept(minor, ctx, cred, messages, nmessages, &mech_output_token, time_rec); if (major != GSS_S_COMPLETE && mech_output_token.length == 0) goto cleanup; diff --git a/src/lib/gssapi/spnego/negoex_util.c b/src/lib/gssapi/spnego/negoex_util.c index 99580fd..7003684 100644 --- a/src/lib/gssapi/spnego/negoex_util.c +++ b/src/lib/gssapi/spnego/negoex_util.c @@ -454,7 +454,7 @@ negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_const_buffer_t token, struct negoex_message **messages_out, size_t *count_out) { - OM_uint32 major = GSS_S_COMPLETE; + OM_uint32 major; size_t count = 0; struct k5input in; struct negoex_message *messages = NULL, *newptr; diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 4cf0111..ec0bae6 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -130,7 +130,6 @@ init_ctx_reselect(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32, static OM_uint32 init_ctx_call_init(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t, OM_uint32, gss_name_t, OM_uint32, OM_uint32, gss_buffer_t, - gss_channel_bindings_t, gss_buffer_t, OM_uint32 *, send_token_flag *); static OM_uint32 @@ -145,8 +144,8 @@ acc_ctx_vfy_oid(OM_uint32 *, spnego_gss_ctx_id_t, gss_OID, OM_uint32 *, send_token_flag *); static OM_uint32 acc_ctx_call_acc(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t, - gss_buffer_t, gss_channel_bindings_t, gss_buffer_t, - OM_uint32 *, OM_uint32 *, send_token_flag *); + gss_buffer_t, gss_buffer_t, OM_uint32 *, OM_uint32 *, + send_token_flag *); static gss_OID negotiate_mech(spnego_gss_ctx_id_t, gss_OID_set, OM_uint32 *); @@ -238,7 +237,7 @@ static struct gss_config spnego_mechanism = spnego_gss_inquire_context, /* gss_inquire_context */ NULL, /* gss_internal_release_oid */ spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */ - spnego_gss_localname, + NULL, /* gssd_pname_to_uid */ NULL, /* gss_userok */ NULL, /* gss_export_name */ spnego_gss_duplicate_name, /* gss_duplicate_name */ @@ -906,7 +905,6 @@ init_ctx_call_init(OM_uint32 *minor_status, OM_uint32 req_flags, OM_uint32 time_req, gss_buffer_t mechtok_in, - gss_channel_bindings_t bindings, gss_buffer_t mechtok_out, OM_uint32 *time_rec, send_token_flag *send_token) @@ -923,14 +921,15 @@ init_ctx_call_init(OM_uint32 *minor_status, if (gss_oid_equal(sc->internal_mech, &negoex_mech)) { ret = negoex_init(minor_status, sc, mcred, target_name, mech_req_flags, time_req, mechtok_in, - bindings, mechtok_out, time_rec); + mechtok_out, time_rec); } else { ret = gss_init_sec_context(minor_status, mcred, &sc->ctx_handle, target_name, sc->internal_mech, mech_req_flags, - time_req, bindings, mechtok_in, - &sc->actual_mech, mechtok_out, - &sc->ctx_flags, time_rec); + time_req, GSS_C_NO_CHANNEL_BINDINGS, + mechtok_in, &sc->actual_mech, + mechtok_out, &sc->ctx_flags, + time_rec); } /* Bail out if the acceptor gave us an error token but the mech didn't @@ -982,8 +981,8 @@ init_ctx_call_init(OM_uint32 *minor_status, gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER); tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState, target_name, req_flags, time_req, - mechtok_in, bindings, mechtok_out, - time_rec, send_token); + mechtok_in, mechtok_out, time_rec, + send_token); if (HARD_ERROR(tmpret)) goto fail; *minor_status = tmpmin; @@ -1005,7 +1004,7 @@ spnego_gss_init_sec_context( gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, - gss_channel_bindings_t bindings, + gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech, gss_buffer_t output_token, @@ -1085,8 +1084,8 @@ spnego_gss_init_sec_context( if (!spnego_ctx->mech_complete) { ret = init_ctx_call_init(minor_status, spnego_ctx, spcred, acc_negState, target_name, req_flags, - time_req, mechtok_in, bindings, - &mechtok_out, time_rec, &send_token); + time_req, mechtok_in, &mechtok_out, + time_rec, &send_token); if (ret != GSS_S_COMPLETE) goto cleanup; @@ -1543,9 +1542,8 @@ cleanup: static OM_uint32 acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, spnego_gss_cred_id_t spcred, gss_buffer_t mechtok_in, - gss_channel_bindings_t bindings, gss_buffer_t mechtok_out, - OM_uint32 *time_rec, OM_uint32 *negState, - send_token_flag *tokflag) + gss_buffer_t mechtok_out, OM_uint32 *time_rec, + OM_uint32 *negState, send_token_flag *tokflag) { OM_uint32 ret, tmpmin; gss_OID_desc mechoid; @@ -1570,12 +1568,13 @@ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred; if (negoex) { ret = negoex_accept(minor_status, sc, mcred, mechtok_in, - bindings, mechtok_out, time_rec); + mechtok_out, time_rec); } else { (void) gss_release_name(&tmpmin, &sc->internal_name); (void) gss_release_cred(&tmpmin, &sc->deleg_cred); ret = gss_accept_sec_context(minor_status, &sc->ctx_handle, - mcred, mechtok_in, bindings, + mcred, mechtok_in, + GSS_C_NO_CHANNEL_BINDINGS, &sc->internal_name, &sc->actual_mech, mechtok_out, &sc->ctx_flags, time_rec, @@ -1621,7 +1620,7 @@ spnego_gss_accept_sec_context( gss_ctx_id_t *context_handle, gss_cred_id_t verifier_cred_handle, gss_buffer_t input_token, - gss_channel_bindings_t bindings, + gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, @@ -1735,8 +1734,8 @@ spnego_gss_accept_sec_context( */ if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) { ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in, - bindings, &mechtok_out, time_rec, - &negState, &return_token); + &mechtok_out, time_rec, &negState, + &return_token); } /* Step 3: process or generate the MIC, if the negotiated mech is @@ -2373,13 +2372,6 @@ spnego_gss_wrap_size_limit( } OM_uint32 KRB5_CALLCONV -spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname, - const gss_const_OID mech_type, gss_buffer_t localname) -{ - return gss_localname(minor_status, pname, GSS_C_NO_OID, localname); -} - -OM_uint32 KRB5_CALLCONV spnego_gss_get_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index 9aec3c0..c6885ed 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -309,7 +309,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do */ append = (cp[4] == ':') ? O_APPEND : 0; if (append || cp[4] == '=') { - fd = THREEPARAMOPEN(&cp[5], O_CREAT | O_WRONLY | append, + fd = open(&cp[5], O_CREAT | O_WRONLY | append, S_IRUSR | S_IWUSR | S_IRGRP); if (fd != -1) f = fdopen(fd, append ? "a" : "w"); @@ -776,7 +776,7 @@ krb5_klog_reopen(krb5_context kcontext) * In case the old logfile did not get moved out of the * way, open for append to prevent squashing the old logs. */ - f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+"); + f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); if (f) { set_cloexec_file(f); log_control.log_entries[lindex].lfu_filep = f; diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c index 7982956..7cf51d3 100644 --- a/src/lib/kadm5/str_conv.c +++ b/src/lib/kadm5/str_conv.c @@ -340,10 +340,9 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps, while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) { /* Pass a null pointer to subsequent calls to strtok_r(). */ p = NULL; - - /* Discard unrecognized keysalts. */ - if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0) - continue; + ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype); + if (ret) + goto cleanup; /* Ignore duplicate keysalts if caller asks. */ if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) diff --git a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp index 6b45f5f..740425c 100644 --- a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp +++ b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp @@ -53,10 +53,10 @@ proc test200 {} { } # XXX Perhaps I should actually check the key type returned. - if {$num_keys == 4} { + if {$num_keys == 5} { pass "$test" } else { - fail "$test: $num_keys keys, should be 4" + fail "$test: $num_keys keys, should be 5" } if { ! [cmd {kadm5_destroy $server_handle}]} { perror "$test: unexpected failure in destroy" diff --git a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp index d2c6d1a..3ea1ba2 100644 --- a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp +++ b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp @@ -143,8 +143,8 @@ proc test101_102 {rpc} { } set failed 0 - if {$num_keys != 4} { - fail "$test: num_keys $num_keys should be 4" + if {$num_keys != 5} { + fail "$test: num_keys $num_keys should be 5" set failed 1 } for {set i 0} {$i < $num_keys} {incr i} { diff --git a/src/lib/kadm5/unit-test/api.current/init-v2.exp b/src/lib/kadm5/unit-test/api.current/init-v2.exp index d8a506a..7a353d4 100644 --- a/src/lib/kadm5/unit-test/api.current/init-v2.exp +++ b/src/lib/kadm5/unit-test/api.current/init-v2.exp @@ -48,7 +48,7 @@ proc test101 {} { # it fails in that case. one_line_succeed_test { kadm5_init admin admin $KADM5_ADMIN_SERVICE \ - [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1767]] \ + [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ server_handle } diff --git a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp index 2f76c8b..2925c1c 100644 --- a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp +++ b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp @@ -46,10 +46,10 @@ proc test100 {} { } # XXX Perhaps I should actually check the key type returned. - if {$num_keys == 4} { + if {$num_keys == 5} { pass "$test" } else { - fail "$test: $num_keys keys, should be 4" + fail "$test: $num_keys keys, should be 5" } if { ! [cmd {kadm5_destroy $server_handle}]} { perror "$test: unexpected failure in destroy" diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c index e9b95fc..2659a25 100644 --- a/src/lib/kdb/kdb_log.c +++ b/src/lib/kdb/kdb_log.c @@ -480,7 +480,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries) return ENOMEM; if (stat(logname, &st) == -1) { - log_ctx->ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600); + log_ctx->ulogfd = open(logname, O_RDWR | O_CREAT, 0600); if (log_ctx->ulogfd == -1) { retval = errno; goto cleanup; diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c index 42d354a..9c13d9d 100644 --- a/src/lib/krad/attr.c +++ b/src/lib/krad/attr.c @@ -38,8 +38,7 @@ typedef krb5_error_code (*attribute_transform_fn)(krb5_context ctx, const char *secret, const unsigned char *auth, const krb5_data *in, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, - krb5_boolean *is_fips); + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); typedef struct { const char *name; @@ -52,14 +51,12 @@ typedef struct { static krb5_error_code user_password_encode(krb5_context ctx, const char *secret, const unsigned char *auth, const krb5_data *in, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, - krb5_boolean *is_fips); + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); static krb5_error_code user_password_decode(krb5_context ctx, const char *secret, const unsigned char *auth, const krb5_data *in, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, - krb5_boolean *ignored); + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); static const attribute_record attributes[UCHAR_MAX] = { {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL}, @@ -131,8 +128,7 @@ static const attribute_record attributes[UCHAR_MAX] = { static krb5_error_code user_password_encode(krb5_context ctx, const char *secret, const unsigned char *auth, const krb5_data *in, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, - krb5_boolean *is_fips) + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) { const unsigned char *indx; krb5_error_code retval; @@ -158,15 +154,8 @@ user_password_encode(krb5_context ctx, const char *secret, for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) { memcpy(tmp.data + seclen, indx, BLOCKSIZE); - if (kr_use_fips(ctx)) { - /* Skip encryption here. Taint so that we won't pass it out of - * the machine by accident. */ - *is_fips = TRUE; - sum.contents = calloc(1, BLOCKSIZE); - } else { - retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, - &sum); - } + retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp, + &sum); if (retval != 0) { zap(tmp.data, tmp.length); zap(outbuf, len); @@ -191,8 +180,7 @@ user_password_encode(krb5_context ctx, const char *secret, static krb5_error_code user_password_decode(krb5_context ctx, const char *secret, const unsigned char *auth, const krb5_data *in, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, - krb5_boolean *is_fips) + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) { const unsigned char *indx; krb5_error_code retval; @@ -216,15 +204,8 @@ user_password_decode(krb5_context ctx, const char *secret, for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) { memcpy(tmp.data + seclen, indx, BLOCKSIZE); - if (kr_use_fips(ctx)) { - /* Skip encryption here. Taint so that we won't pass it out of - * the machine by accident. */ - *is_fips = TRUE; - sum.contents = calloc(1, BLOCKSIZE); - } else { - retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, - &tmp, &sum); - } + retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, + &tmp, &sum); if (retval != 0) { zap(tmp.data, tmp.length); zap(outbuf, in->length); @@ -267,7 +248,7 @@ krb5_error_code kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth, krad_attr type, const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE], - size_t *outlen, krb5_boolean *is_fips) + size_t *outlen) { krb5_error_code retval; @@ -284,8 +265,7 @@ kr_attr_encode(krb5_context ctx, const char *secret, return 0; } - return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen, - is_fips); + return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen); } krb5_error_code @@ -294,7 +274,6 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen) { krb5_error_code retval; - krb5_boolean ignored; retval = kr_attr_valid(type, in); if (retval != 0) @@ -309,8 +288,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, return 0; } - return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen, - &ignored); + return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen); } krad_attr diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c index d89982a..03c6137 100644 --- a/src/lib/krad/attrset.c +++ b/src/lib/krad/attrset.c @@ -167,8 +167,7 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy) krb5_error_code kr_attrset_encode(const krad_attrset *set, const char *secret, const unsigned char *auth, - unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, - krb5_boolean *is_fips) + unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen) { unsigned char buffer[MAX_ATTRSIZE]; krb5_error_code retval; @@ -182,7 +181,7 @@ kr_attrset_encode(const krad_attrset *set, const char *secret, K5_TAILQ_FOREACH(a, &set->list, list) { retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr, - buffer, &attrlen, is_fips); + buffer, &attrlen); if (retval != 0) return retval; diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h index 312dc82..996a893 100644 --- a/src/lib/krad/internal.h +++ b/src/lib/krad/internal.h @@ -39,8 +39,6 @@ #include #include -#include - #ifndef UCHAR_MAX #define UCHAR_MAX 255 #endif @@ -51,13 +49,6 @@ typedef struct krad_remote_st krad_remote; -struct krad_packet_st { - char buffer[KRAD_PACKET_SIZE_MAX]; - krad_attrset *attrset; - krb5_data pkt; - krb5_boolean is_fips; -}; - /* Validate constraints of an attribute. */ krb5_error_code kr_attr_valid(krad_attr type, const krb5_data *data); @@ -66,8 +57,7 @@ kr_attr_valid(krad_attr type, const krb5_data *data); krb5_error_code kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth, krad_attr type, const krb5_data *in, - unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen, - krb5_boolean *is_fips); + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); /* Decode an attribute. */ krb5_error_code @@ -79,8 +69,7 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, krb5_error_code kr_attrset_encode(const krad_attrset *set, const char *secret, const unsigned char *auth, - unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, - krb5_boolean *is_fips); + unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen); /* Decode attributes from a buffer. */ krb5_error_code @@ -163,17 +152,4 @@ gai_error_code(int err) } } -static inline krb5_boolean -kr_use_fips(krb5_context ctx) -{ - int val = 0; - - if (!FIPS_mode()) - return 0; - - profile_get_boolean(ctx->profile, "libdefaults", - "radius_md5_fips_override", NULL, 0, &val); - return !val; -} - #endif /* INTERNAL_H_ */ diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c index fc2d248..c597174 100644 --- a/src/lib/krad/packet.c +++ b/src/lib/krad/packet.c @@ -53,6 +53,12 @@ typedef unsigned char uchar; #define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH)) #define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR)) +struct krad_packet_st { + char buffer[KRAD_PACKET_SIZE_MAX]; + krad_attrset *attrset; + krb5_data pkt; +}; + typedef struct { uchar x[(UCHAR_MAX + 1) / 8]; } idmap; @@ -181,14 +187,8 @@ auth_generate_response(krb5_context ctx, const char *secret, memcpy(data.data + response->pkt.length, secret, strlen(secret)); /* Hash it. */ - if (kr_use_fips(ctx)) { - /* This checksum does very little security-wise anyway, so don't - * taint. */ - hash.contents = calloc(1, AUTH_FIELD_SIZE); - } else { - retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, - &hash); - } + retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data, + &hash); free(data.data); if (retval != 0) return retval; @@ -276,7 +276,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, /* Encode the attributes. */ retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt), - &attrset_len, &pkt->is_fips); + &attrset_len); if (retval != 0) goto error; @@ -314,7 +314,7 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, /* Encode the attributes. */ retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt), - &attrset_len, &pkt->is_fips); + &attrset_len); if (retval != 0) goto error; @@ -451,8 +451,6 @@ krad_packet_decode_response(krb5_context ctx, const char *secret, const krb5_data * krad_packet_encode(const krad_packet *pkt) { - if (pkt->is_fips) - return NULL; return &pkt->pkt; } diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c index 0f90443..437f7e9 100644 --- a/src/lib/krad/remote.c +++ b/src/lib/krad/remote.c @@ -263,7 +263,7 @@ on_io_write(krad_remote *rr) request *r; K5_TAILQ_FOREACH(r, &rr->list, list) { - tmp = &r->request->pkt; + tmp = krad_packet_encode(r->request); /* If the packet has already been sent, do nothing. */ if (r->sent == tmp->length) @@ -359,7 +359,7 @@ on_io_read(krad_remote *rr) if (req != NULL) { K5_TAILQ_FOREACH(r, &rr->list, list) { if (r->request == req && - r->sent == req->pkt.length) { + r->sent == krad_packet_encode(req)->length) { request_finish(r, 0, rsp); break; } @@ -455,12 +455,6 @@ kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs, (krad_packet_iter_cb)iterator, &r, &tmp); if (retval != 0) goto error; - else if (tmp->is_fips && rr->info->ai_family != AF_LOCAL && - rr->info->ai_family != AF_UNIX) { - /* This would expose cleartext passwords, so abort. */ - retval = ESOCKTNOSUPPORT; - goto error; - } K5_TAILQ_FOREACH(r, &rr->list, list) { if (r->request == tmp) { diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c index 4d285ad..eb2a780 100644 --- a/src/lib/krad/t_attr.c +++ b/src/lib/krad/t_attr.c @@ -50,7 +50,6 @@ main() const char *tmp; krb5_data in; size_t len; - krb5_boolean is_fips = FALSE; noerror(krb5_init_context(&ctx)); @@ -74,7 +73,7 @@ main() in = string2data((char *)decoded); retval = kr_attr_encode(ctx, secret, auth, krad_attr_name2num("User-Password"), - &in, outbuf, &len, &is_fips); + &in, outbuf, &len); insist(retval == 0); insist(len == sizeof(encoded)); insist(memcmp(outbuf, encoded, len) == 0); diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c index 0f95762..7928335 100644 --- a/src/lib/krad/t_attrset.c +++ b/src/lib/krad/t_attrset.c @@ -49,7 +49,6 @@ main() krb5_context ctx; size_t len = 0, encode_len; krb5_data tmp; - krb5_boolean is_fips = FALSE; noerror(krb5_init_context(&ctx)); noerror(krad_attrset_new(ctx, &set)); @@ -63,8 +62,7 @@ main() noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp)); /* Encode attrset. */ - noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len, - &is_fips)); + noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len)); krad_attrset_free(set); /* Manually encode User-Name. */ diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index cd6b879..a160cf4 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -356,7 +356,7 @@ make_tag(asn1buf *buf, const taginfo *t, size_t len) static krb5_error_code get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out, const uint8_t **contents_out, size_t *clen_out, - const uint8_t **remainder_out, size_t *rlen_out, int recursion) + const uint8_t **remainder_out, size_t *rlen_out) { krb5_error_code ret; uint8_t o; @@ -394,11 +394,9 @@ get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out, /* Indefinite form (should not be present in DER, but we accept it). */ if (tag_out->construction != CONSTRUCTED) return ASN1_MISMATCH_INDEF; - if (recursion >= 32) - return ASN1_OVERFLOW; p = asn1; while (!(len >= 2 && p[0] == 0 && p[1] == 0)) { - ret = get_tag(p, len, &t, &c, &clen, &p, &len, recursion + 1); + ret = get_tag(p, len, &t, &c, &clen, &p, &len); if (ret) return ret; } @@ -615,7 +613,7 @@ split_der(asn1buf *buf, uint8_t *const *der, size_t len, taginfo *tag_out) const uint8_t *contents, *remainder; size_t clen, rlen; - ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen, 0); + ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen); if (ret) return ret; if (rlen != 0) @@ -1201,7 +1199,7 @@ decode_atype(const taginfo *t, const uint8_t *asn1, size_t len, const uint8_t *rem; size_t rlen; if (!tag->implicit) { - ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen, 0); + ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen); if (ret) return ret; /* Note: we don't check rlen (it should be 0). */ @@ -1422,7 +1420,7 @@ decode_sequence(const uint8_t *asn1, size_t len, const struct seq_info *seq, for (i = 0; i < seq->n_fields; i++) { if (len == 0) break; - ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0); + ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len); if (ret) goto error; /* @@ -1480,7 +1478,7 @@ decode_sequence_of(const uint8_t *asn1, size_t len, *seq_out = NULL; *count_out = 0; while (len > 0) { - ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0); + ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len); if (ret) goto error; if (!check_atype_tag(elemtype, &t)) { @@ -1586,7 +1584,7 @@ k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a, *retrep = NULL; ret = get_tag((uint8_t *)code->data, code->length, &t, &contents, - &clen, &remainder, &rlen, 0); + &clen, &remainder, &rlen); if (ret) return ret; /* rlen should be 0, but we don't check it (and due to padding in diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c index 5683a04..7b100a0 100644 --- a/src/lib/krb5/ccache/cc_dir.c +++ b/src/lib/krb5/ccache/cc_dir.c @@ -183,19 +183,10 @@ write_primary_file(const char *primary_path, const char *contents) char *newpath = NULL; FILE *fp = NULL; int fd = -1, status; -#ifdef USE_SELINUX - void *selabel; -#endif if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0) return ENOMEM; -#ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(primary_path); -#endif fd = mkstemp(newpath); -#ifdef USE_SELINUX - krb5int_pop_fscreatecon(selabel); -#endif if (fd < 0) goto cleanup; #ifdef HAVE_CHMOD @@ -230,23 +221,10 @@ static krb5_error_code verify_dir(krb5_context context, const char *dirname) { struct stat st; - int status; -#ifdef USE_SELINUX - void *selabel; -#endif if (stat(dirname, &st) < 0) { - if (errno == ENOENT) { -#ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(dirname); -#endif - status = mkdir(dirname, S_IRWXU); -#ifdef USE_SELINUX - krb5int_pop_fscreatecon(selabel); -#endif - if (status == 0) - return 0; - } + if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0) + return 0; k5_setmsg(context, KRB5_FCC_NOFILE, _("Credential cache directory %s does not exist"), dirname); diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index 23edc25..62a6983 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -297,23 +297,3 @@ krb5_cc_switch(krb5_context context, krb5_ccache cache) return 0; return cache->ops->switch_to(context, cache); } - -krb5_error_code -k5_cc_store_primary_cred(krb5_context context, krb5_ccache cache, - krb5_creds *creds) -{ - krb5_error_code ret; - - /* Write a start realm if we're writing a TGT and the client realm isn't - * the same as the TGS realm. */ - if (IS_TGS_PRINC(creds->server) && - !data_eq(creds->client->realm, creds->server->data[1])) { - ret = krb5_cc_set_config(context, cache, NULL, - KRB5_CC_CONF_START_REALM, - &creds->server->data[1]); - if (ret) - return ret; - } - - return krb5_cc_store_cred(context, cache, creds); -} diff --git a/src/lib/krb5/error_tables/k5e1_err.et b/src/lib/krb5/error_tables/k5e1_err.et index abd9f3b..ade5cae 100644 --- a/src/lib/krb5/error_tables/k5e1_err.et +++ b/src/lib/krb5/error_tables/k5e1_err.et @@ -42,5 +42,4 @@ error_code KRB5_KCM_MALFORMED_REPLY, "Malformed reply from KCM daemon" error_code KRB5_KCM_RPC_ERROR, "Mach RPC error communicating with KCM daemon" error_code KRB5_KCM_REPLY_TOO_BIG, "KCM daemon reply too big" error_code KRB5_KCM_NO_SERVER, "No KCM server found" -error_code KRB5_CERTAUTH_HWAUTH, "Authorize and set hw-authent ticket flag" end diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index aaf5734..021c943 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -735,14 +735,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) KTCHECKLOCK(id); errno = 0; - KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), + KTFILEP(id) = fopen(KTFILENAME(id), (mode == KRB5_LOCKMODE_EXCLUSIVE) ? "rb+" : "rb"); if (!KTFILEP(id)) { if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) { /* try making it first time around */ k5_create_secure_file(context, KTFILENAME(id)); errno = 0; - KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), "rb+"); + KTFILEP(id) = fopen(KTFILENAME(id), "rb+"); if (!KTFILEP(id)) goto report_errno; writevno = 1; diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index b40f705..e0a3b5c 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -149,8 +149,7 @@ struct _krb5_tkt_creds_context { krb5_principal client; /* Caller-requested client principal (alias) */ krb5_principal server; /* Server principal (alias) */ krb5_principal req_server; /* Caller-requested server principal */ - krb5_ccache ccache; /* Caller-provided ccache */ - krb5_data start_realm; /* Realm of starting TGT in ccache */ + krb5_ccache ccache; /* Caller-provided ccache (alias) */ krb5_flags req_options; /* Caller-requested KRB5_GC_* options */ krb5_flags req_kdcopt; /* Caller-requested options as KDC options */ krb5_authdata **authdata; /* Caller-requested authdata */ @@ -784,7 +783,7 @@ get_cached_local_tgt(krb5_context context, krb5_tkt_creds_context ctx, return code; /* Construct the principal name. */ - code = krb5int_tgtname(context, &ctx->start_realm, &ctx->start_realm, + code = krb5int_tgtname(context, &ctx->client->realm, &ctx->client->realm, &tgtname); if (code != 0) return code; @@ -822,7 +821,7 @@ init_realm_path(krb5_context context, krb5_tkt_creds_context ctx) size_t nrealms; /* Get the client realm path and count its length. */ - code = k5_client_realm_path(context, &ctx->start_realm, + code = k5_client_realm_path(context, &ctx->client->realm, &ctx->server->realm, &realm_path); if (code != 0) return code; @@ -934,7 +933,7 @@ step_get_tgt(krb5_context context, krb5_tkt_creds_context ctx) ctx->cur_realm = path_realm; ctx->next_realm = ctx->last_realm; } - } else if (data_eq(*tgt_realm, ctx->start_realm)) { + } else if (data_eq(*tgt_realm, ctx->client->realm)) { /* We were referred back to the local realm, which is bad. */ return KRB5_KDCREP_MODIFIED; } else { @@ -964,7 +963,7 @@ begin_get_tgt(krb5_context context, krb5_tkt_creds_context ctx) ctx->state = STATE_GET_TGT; - is_local_service = data_eq(ctx->start_realm, ctx->server->realm); + is_local_service = data_eq(ctx->client->realm, ctx->server->realm); if (!is_local_service) { /* See if we have a cached TGT for the server realm. */ code = get_cached_tgt(context, ctx, &ctx->server->realm, &cached_tgt); @@ -1049,10 +1048,10 @@ begin(krb5_context context, krb5_tkt_creds_context ctx) if (code != 0 || ctx->state == STATE_COMPLETE) return code; - /* If the server realm is unspecified, start with the TGT realm. */ + /* If the server realm is unspecified, start with the client realm. */ if (krb5_is_referral_realm(&ctx->server->realm)) { krb5_free_data_contents(context, &ctx->server->realm); - code = krb5int_copy_data_contents(context, &ctx->start_realm, + code = krb5int_copy_data_contents(context, &ctx->client->realm, &ctx->server->realm); TRACE_TKT_CREDS_REFERRAL_REALM(context, ctx->server); if (code != 0) @@ -1101,18 +1100,6 @@ krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, code = krb5_cc_dup(context, ccache, &ctx->ccache); if (code != 0) goto cleanup; - - /* Get the start realm from the cache config, defaulting to the client - * realm. */ - code = krb5_cc_get_config(context, ccache, NULL, "start_realm", - &ctx->start_realm); - if (code != 0) { - code = krb5int_copy_data_contents(context, &ctx->client->realm, - &ctx->start_realm); - if (code != 0) - goto cleanup; - } - code = krb5_copy_authdata(context, in_creds->authdata, &ctx->authdata); if (code != 0) goto cleanup; @@ -1152,7 +1139,6 @@ krb5_tkt_creds_free(krb5_context context, krb5_tkt_creds_context ctx) krb5int_fast_free_state(context, ctx->fast_state); krb5_free_creds(context, ctx->in_creds); krb5_cc_close(context, ctx->ccache); - krb5_free_data_contents(context, &ctx->start_realm); krb5_free_principal(context, ctx->req_server); krb5_free_authdata(context, ctx->authdata); krb5_free_creds(context, ctx->cur_tgt); diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index f5dd751..870df62 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1482,116 +1482,6 @@ accept_method_data(krb5_context context, krb5_init_creds_context ctx) ctx->method_padata); } -/* Return the password expiry time indicated by enc_part2. Set *is_last_req - * if the information came from a last_req value. */ -static void -get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, - krb5_timestamp *acct_exp, krb5_boolean *is_last_req) -{ - krb5_last_req_entry **last_req; - krb5_int32 lr_type; - - *pw_exp = 0; - *acct_exp = 0; - *is_last_req = FALSE; - - /* Look for last-req entries for password or account expiration. */ - if (enc_part2->last_req) { - for (last_req = enc_part2->last_req; *last_req; last_req++) { - lr_type = (*last_req)->lr_type; - if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME || - lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { - *is_last_req = TRUE; - *pw_exp = (*last_req)->value; - } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME || - lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) { - *is_last_req = TRUE; - *acct_exp = (*last_req)->value; - } - } - } - - /* If we didn't find any, use the ambiguous key_exp field. */ - if (*is_last_req == FALSE) - *pw_exp = enc_part2->key_exp; -} - -/* - * Send an appropriate warning prompter if as_reply indicates that the password - * is going to expire soon. If an expire callback was provided, use that - * instead. - */ -static void -warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, - krb5_prompter_fct prompter, void *data, - const char *in_tkt_service, krb5_kdc_rep *as_reply) -{ - krb5_error_code ret; - krb5_expire_callback_func expire_cb; - void *expire_data; - krb5_timestamp pw_exp, acct_exp, now; - krb5_boolean is_last_req; - krb5_deltat delta; - char ts[256], banner[1024]; - - if (as_reply == NULL || as_reply->enc_part2 == NULL) - return; - - get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); - - k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data); - if (expire_cb != NULL) { - /* Invoke the expire callback and don't send prompter warnings. */ - (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req); - return; - } - - /* Don't warn if no password expiry value was sent. */ - if (pw_exp == 0) - return; - - /* Don't warn if the password is being changed. */ - if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0) - return; - - /* - * If the expiry time came from a last_req field, assume the KDC wants us - * to warn. Otherwise, warn only if the expiry time is less than a week - * from now. - */ - ret = krb5_timeofday(context, &now); - if (ret != 0) - return; - if (!is_last_req && - (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60)) - return; - - if (!prompter) - return; - - ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts)); - if (ret != 0) - return; - - delta = ts_delta(pw_exp, now); - if (delta < 3600) { - snprintf(banner, sizeof(banner), - _("Warning: Your password will expire in less than one hour " - "on %s"), ts); - } else if (delta < 86400 * 2) { - snprintf(banner, sizeof(banner), - _("Warning: Your password will expire in %d hour%s on %s"), - delta / 3600, delta < 7200 ? "" : "s", ts); - } else { - snprintf(banner, sizeof(banner), - _("Warning: Your password will expire in %d days on %s"), - delta / 86400, ts); - } - - /* PROMPTER_INVOCATION */ - (*prompter)(context, data, 0, banner, 0, 0); -} - static krb5_error_code init_creds_step_reply(krb5_context context, krb5_init_creds_context ctx, @@ -1779,7 +1669,7 @@ init_creds_step_reply(krb5_context context, code = krb5_cc_initialize(context, out_ccache, ctx->cred.client); if (code != 0) goto cc_cleanup; - code = k5_cc_store_primary_cred(context, out_ccache, &ctx->cred); + code = krb5_cc_store_cred(context, out_ccache, &ctx->cred); if (code != 0) goto cc_cleanup; if (fast_avail) { @@ -1803,8 +1693,6 @@ init_creds_step_reply(krb5_context context, /* success */ ctx->complete = TRUE; - warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data, - ctx->in_tkt_service, ctx->reply); cleanup: krb5_free_pa_data(context, kdc_padata); diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 54e0a8e..14ce23b 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -133,6 +133,113 @@ krb5_init_creds_set_password(krb5_context context, return 0; } +/* Return the password expiry time indicated by enc_part2. Set *is_last_req + * if the information came from a last_req value. */ +static void +get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp, + krb5_timestamp *acct_exp, krb5_boolean *is_last_req) +{ + krb5_last_req_entry **last_req; + krb5_int32 lr_type; + + *pw_exp = 0; + *acct_exp = 0; + *is_last_req = FALSE; + + /* Look for last-req entries for password or account expiration. */ + if (enc_part2->last_req) { + for (last_req = enc_part2->last_req; *last_req; last_req++) { + lr_type = (*last_req)->lr_type; + if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME || + lr_type == KRB5_LRQ_ONE_PW_EXPTIME) { + *is_last_req = TRUE; + *pw_exp = (*last_req)->value; + } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME || + lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) { + *is_last_req = TRUE; + *acct_exp = (*last_req)->value; + } + } + } + + /* If we didn't find any, use the ambiguous key_exp field. */ + if (*is_last_req == FALSE) + *pw_exp = enc_part2->key_exp; +} + +/* + * Send an appropriate warning prompter if as_reply indicates that the password + * is going to expire soon. If an expire callback was provided, use that + * instead. + */ +static void +warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options, + krb5_prompter_fct prompter, void *data, + const char *in_tkt_service, krb5_kdc_rep *as_reply) +{ + krb5_error_code ret; + krb5_expire_callback_func expire_cb; + void *expire_data; + krb5_timestamp pw_exp, acct_exp, now; + krb5_boolean is_last_req; + krb5_deltat delta; + char ts[256], banner[1024]; + + get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req); + + k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data); + if (expire_cb != NULL) { + /* Invoke the expire callback and don't send prompter warnings. */ + (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req); + return; + } + + /* Don't warn if no password expiry value was sent. */ + if (pw_exp == 0) + return; + + /* Don't warn if the password is being changed. */ + if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0) + return; + + /* + * If the expiry time came from a last_req field, assume the KDC wants us + * to warn. Otherwise, warn only if the expiry time is less than a week + * from now. + */ + ret = krb5_timeofday(context, &now); + if (ret != 0) + return; + if (!is_last_req && + (ts_after(now, pw_exp) || ts_delta(pw_exp, now) > 7 * 24 * 60 * 60)) + return; + + if (!prompter) + return; + + ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts)); + if (ret != 0) + return; + + delta = ts_delta(pw_exp, now); + if (delta < 3600) { + snprintf(banner, sizeof(banner), + _("Warning: Your password will expire in less than one hour " + "on %s"), ts); + } else if (delta < 86400*2) { + snprintf(banner, sizeof(banner), + _("Warning: Your password will expire in %d hour%s on %s"), + delta / 3600, delta < 7200 ? "" : "s", ts); + } else { + snprintf(banner, sizeof(banner), + _("Warning: Your password will expire in %d days on %s"), + delta / 86400, ts); + } + + /* PROMPTER_INVOCATION */ + (*prompter)(context, data, 0, banner, 0, 0); +} + /* * Create a temporary options structure for getting a kadmin/changepw ticket, * based on the appplication-specified options. Propagate all application @@ -389,6 +496,9 @@ krb5_get_init_creds_password(krb5_context context, goto cleanup; cleanup: + if (ret == 0) + warn_pw_expiry(context, options, prompter, data, in_tkt_service, + as_reply); free(chpw_opts); zapfree(gakpw.storage.data, gakpw.storage.length); memset(pw0array, 0, sizeof(pw0array)); diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 9a4741f..e7d67cc 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -59,6 +59,7 @@ static krb5_enctype default_enctype_list[] = { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, + ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, 0 @@ -478,6 +479,8 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, /* Set all enctypes in the default list. */ for (i = 0; default_list[i]; i++) mod_list(default_list[i], sel, weak, &list); + } else if (strcasecmp(token, "des3") == 0) { + mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list); } else if (strcasecmp(token, "aes") == 0) { mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, &list); mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list); diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 0850486..9fc6a0e 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -68,9 +68,10 @@ */ static krb5_error_code -make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes, - krb5_enctype tkt_enctype, krb5_boolean client_aware_cb, - krb5_authdata ***authdata_out); +make_etype_list(krb5_context context, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype, + krb5_authdata ***authdata); static krb5_error_code generate_authenticator(krb5_context, @@ -262,8 +263,7 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_enctype tkt_enctype) { krb5_error_code retval; - krb5_authdata **ext_authdata = NULL, **ap_authdata, **combined; - int client_aware_cb; + krb5_authdata **ext_authdata = NULL; authent->client = client; authent->checksum = cksum; @@ -297,104 +297,99 @@ generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_free_authdata(context, ext_authdata); } - retval = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS, - KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS, NULL, - FALSE, &client_aware_cb); - if (retval) - return retval; - - /* Add etype negotiation or channel-binding awareness authdata to the - * front, if appropriate. */ - retval = make_ap_authdata(context, desired_etypes, tkt_enctype, - client_aware_cb, &ap_authdata); - if (retval) - return retval; - if (ap_authdata != NULL) { - retval = krb5_merge_authdata(context, ap_authdata, - authent->authorization_data, &combined); - krb5_free_authdata(context, ap_authdata); + /* Only send EtypeList if we prefer another enctype to tkt_enctype */ + if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) { + TRACE_MK_REQ_ETYPES(context, desired_etypes); + retval = make_etype_list(context, desired_etypes, tkt_enctype, + &authent->authorization_data); if (retval) return retval; - krb5_free_authdata(context, authent->authorization_data); - authent->authorization_data = combined; } return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec)); } -/* Set *out to a DER-encoded RFC 4537 etype list, or to NULL if no etype list - * should be sent. */ +/* RFC 4537 */ static krb5_error_code -make_etype_list(krb5_context context, krb5_enctype *desired_enctypes, - krb5_enctype tkt_enctype, krb5_data **out) +make_etype_list(krb5_context context, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype, + krb5_authdata ***authdata) { - krb5_etype_list etlist; - int count; + krb5_error_code code; + krb5_etype_list etypes; + krb5_data *enc_etype_list; + krb5_data *ad_if_relevant; + krb5_authdata *etype_adata[2], etype_adatum, **adata; + int i; + + etypes.etypes = desired_etypes; + + for (etypes.length = 0; + etypes.etypes[etypes.length] != ENCTYPE_NULL; + etypes.length++) + { + /* + * RFC 4537: + * + * If the enctype of the ticket session key is included in the enctype + * list sent by the client, it SHOULD be the last on the list; + */ + if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype) + break; + } - *out = NULL; + code = encode_krb5_etype_list(&etypes, &enc_etype_list); + if (code) { + return code; + } - /* Only send a list if we prefer another enctype to tkt_enctype. */ - if (desired_enctypes == NULL || desired_enctypes[0] == tkt_enctype) - return 0; + etype_adatum.magic = KV5M_AUTHDATA; + etype_adatum.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; + etype_adatum.length = enc_etype_list->length; + etype_adatum.contents = (krb5_octet *)enc_etype_list->data; - /* Count elements of desired_etypes, stopping at tkt_enctypes if present. - * (Per RFC 4537, it must be the last option if it is included.) */ - for (count = 0; desired_enctypes[count] != ENCTYPE_NULL; count++) { - if (count > 0 && desired_enctypes[count - 1] == tkt_enctype) - break; + etype_adata[0] = &etype_adatum; + etype_adata[1] = NULL; + + /* Wrap in AD-IF-RELEVANT container */ + code = encode_krb5_authdata(etype_adata, &ad_if_relevant); + if (code) { + krb5_free_data(context, enc_etype_list); + return code; } - etlist.etypes = desired_enctypes; - etlist.length = count; - return encode_krb5_etype_list(&etlist, out); -} + krb5_free_data(context, enc_etype_list); -/* Set *authdata_out to appropriate authenticator authdata for the request, - * encoded in a single AD_IF_RELEVANT element. */ -static krb5_error_code -make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes, - krb5_enctype tkt_enctype, krb5_boolean client_aware_cb, - krb5_authdata ***authdata_out) -{ - krb5_error_code ret; - krb5_authdata etypes_ad, flags_ad, *list[3]; - krb5_data *der_etypes = NULL; - size_t count = 0; - uint8_t flagbuf[4]; - const uint32_t KERB_AP_OPTIONS_CBT = 0x4000; - - *authdata_out = NULL; - - /* Include an ETYPE_NEGOTIATION element if appropriate. */ - ret = make_etype_list(context, desired_enctypes, tkt_enctype, &der_etypes); - if (ret) - goto cleanup; - if (der_etypes != NULL) { - etypes_ad.magic = KV5M_AUTHDATA; - etypes_ad.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; - etypes_ad.length = der_etypes->length; - etypes_ad.contents = (uint8_t *)der_etypes->data; - list[count++] = &etypes_ad; - } + adata = *authdata; + if (adata == NULL) { + adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *)); + i = 0; + } else { + for (i = 0; adata[i] != NULL; i++) + ; - /* Include an AP_OPTIONS element if the CBT flag is configured. */ - if (client_aware_cb != 0) { - store_32_le(KERB_AP_OPTIONS_CBT, flagbuf); - flags_ad.magic = KV5M_AUTHDATA; - flags_ad.ad_type = KRB5_AUTHDATA_AP_OPTIONS; - flags_ad.length = 4; - flags_ad.contents = flagbuf; - list[count++] = &flags_ad; + adata = (krb5_authdata **)realloc(*authdata, + (i + 2) * sizeof(krb5_authdata *)); } + if (adata == NULL) { + krb5_free_data(context, ad_if_relevant); + return ENOMEM; + } + *authdata = adata; - if (count > 0) { - list[count] = NULL; - ret = krb5_encode_authdata_container(context, - KRB5_AUTHDATA_IF_RELEVANT, - list, authdata_out); + adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); + if (adata[i] == NULL) { + krb5_free_data(context, ad_if_relevant); + return ENOMEM; } + adata[i]->magic = KV5M_AUTHDATA; + adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT; + adata[i]->length = ad_if_relevant->length; + adata[i]->contents = (krb5_octet *)ad_if_relevant->data; + free(ad_if_relevant); /* contents owned by adata[i] */ -cleanup: - krb5_free_data(context, der_etypes); - return ret; + adata[i + 1] = NULL; + + return 0; } diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index d8f486d..504eb55 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -287,6 +287,8 @@ verify_s4u2self_reply(krb5_context context, assert(req_s4u_user != NULL); switch (subkey->enctype) { + case ENCTYPE_DES3_CBC_SHA1: + case ENCTYPE_DES3_CBC_RAW: case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP : not_newer = TRUE; @@ -534,13 +536,6 @@ krb5_get_self_cred_from_kdc(krb5_context context, if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) { code = build_pa_for_user(context, tgtptr, &s4u_user.user_id, &in_padata[1]); - /* - * If we couldn't compute the hmac-md5 checksum, send only the - * KRB5_PADATA_S4U_X509_USER; this will still work against modern - * Windows and MIT KDCs. - */ - if (code == KRB5_CRYPTO_INTERNAL) - code = 0; if (code != 0) { krb5_free_pa_data(context, in_padata); goto cleanup; diff --git a/src/lib/krb5/krb/t_copy_context.c b/src/lib/krb5/krb/t_copy_context.c index fb82daf..2970a8c 100644 --- a/src/lib/krb5/krb/t_copy_context.c +++ b/src/lib/krb5/krb/t_copy_context.c @@ -113,7 +113,7 @@ main(int argc, char **argv) { krb5_context ctx, ctx2; krb5_plugin_initvt_fn *mods; - const krb5_enctype etypes1[] = { ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }; + const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 }; const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }; krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD }; diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c index 248ffea..f609e93 100644 --- a/src/lib/krb5/krb/t_etypes.c +++ b/src/lib/krb5/krb/t_etypes.c @@ -50,6 +50,17 @@ static struct { { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, 0, 0 }, + /* Family followed by enctype */ + { "aes des3-cbc-sha1-kd", + { 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, + ENCTYPE_DES3_CBC_SHA1, 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, + ENCTYPE_DES3_CBC_SHA1, 0 }, + 0, 0 + }, /* Family with enctype removed */ { "camellia -camellia256-cts-cmac", { 0 }, @@ -58,15 +69,46 @@ static struct { }, /* Default set with family added and enctype removed */ { "DEFAULT +aes -arcfour-hmac-md5", - { ENCTYPE_ARCFOUR_HMAC, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, + { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 }, + { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }, - { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + { ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 }, 0, 0 }, + /* Default set with families removed and enctypes added (one redundant) */ + { "DEFAULT -des3 rc4-hmac rc4-hmac-exp", + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_ARCFOUR_HMAC, 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, 0 }, + 0, 0 + }, + /* Default set with family moved to front */ + { "des3 +DEFAULT", + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_DES3_CBC_SHA1, 0 }, + { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, + { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, + 0, 0 + }, + /* Two families with default set removed (exotic case), enctype added */ + { "aes +rc4 -DEFaulT des3-hmac-sha1", + { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC, 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, + { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192, + ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 }, + 0, 0 + }, /* Test krb5_set_default_in_tkt_ktypes */ { NULL, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }, diff --git a/src/lib/krb5/krb/t_expire_warn.c b/src/lib/krb5/krb/t_expire_warn.c index dc8dc8f..1e59acb 100644 --- a/src/lib/krb5/krb/t_expire_warn.c +++ b/src/lib/krb5/krb/t_expire_warn.c @@ -28,13 +28,6 @@ static int exp_dummy, prompt_dummy; -static void -check(krb5_error_code code) -{ - if (code != 0) - abort(); -} - static krb5_error_code prompter_cb(krb5_context ctx, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) @@ -59,48 +52,36 @@ int main(int argc, char **argv) { krb5_context ctx; - krb5_init_creds_context icctx; krb5_get_init_creds_opt *opt; char *user, *password, *service = NULL; - krb5_boolean use_cb, stepwise; + krb5_boolean use_cb; krb5_principal client; krb5_creds creds; - if (argc < 5) { - fprintf(stderr, "Usage: %s username password {1|0} {1|0} [service]\n", + if (argc < 4) { + fprintf(stderr, "Usage: %s username password {1|0} [service]\n", argv[0]); return 1; } user = argv[1]; password = argv[2]; use_cb = atoi(argv[3]); - stepwise = atoi(argv[4]); - if (argc >= 6) - service = argv[5]; + if (argc >= 5) + service = argv[4]; - check(krb5_init_context(&ctx)); - check(krb5_get_init_creds_opt_alloc(ctx, &opt)); + assert(krb5_init_context(&ctx) == 0); + assert(krb5_get_init_creds_opt_alloc(ctx, &opt) == 0); if (use_cb) { - check(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb, - &exp_dummy)); - } - check(krb5_parse_name(ctx, user, &client)); - if (stepwise) { - check(krb5_init_creds_init(ctx, client, prompter_cb, &prompt_dummy, 0, - opt, &icctx)); - krb5_init_creds_set_password(ctx, icctx, password); - if (service != NULL) - check(krb5_init_creds_set_service(ctx, icctx, service)); - check(krb5_init_creds_get(ctx, icctx)); - krb5_init_creds_free(ctx, icctx); - } else { - check(krb5_get_init_creds_password(ctx, &creds, client, password, - prompter_cb, &prompt_dummy, 0, - service, opt)); - krb5_free_cred_contents(ctx, &creds); + assert(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb, + &exp_dummy) == 0); } + assert(krb5_parse_name(ctx, user, &client) == 0); + assert(krb5_get_init_creds_password(ctx, &creds, client, password, + prompter_cb, &prompt_dummy, 0, service, + opt) == 0); krb5_get_init_creds_opt_free(ctx, opt); krb5_free_principal(ctx, client); + krb5_free_cred_contents(ctx, &creds); krb5_free_context(ctx); return 0; } diff --git a/src/lib/krb5/krb/t_expire_warn.py b/src/lib/krb5/krb/t_expire_warn.py index e163cc7..781f272 100755 --- a/src/lib/krb5/krb/t_expire_warn.py +++ b/src/lib/krb5/krb/t_expire_warn.py @@ -34,33 +34,23 @@ realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '12 hours', realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '3 days', 'days']) # Check for expected prompter warnings when no expire callback is used. -output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0', '0']) +output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0']) if output: fail('Unexpected output for noexpire') -realm.run(['./t_expire_warn', 'minutes', 'pass', '0', '0'], +realm.run(['./t_expire_warn', 'minutes', 'pass', '0'], expected_msg=' less than one hour on ') -realm.run(['./t_expire_warn', 'hours', 'pass', '0', '0'], - expected_msg=' hours on ') -realm.run(['./t_expire_warn', 'days', 'pass', '0', '0'], - expected_msg=' days on ') -# Try one case with the stepwise interface. -realm.run(['./t_expire_warn', 'days', 'pass', '0', '1'], - expected_msg=' days on ') +realm.run(['./t_expire_warn', 'hours', 'pass', '0'], expected_msg=' hours on ') +realm.run(['./t_expire_warn', 'days', 'pass', '0'], expected_msg=' days on ') # Check for expected expire callback behavior. These tests are # carefully agnostic about whether the KDC supports last_req fields, # and could be made more specific if last_req support is added. -output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1', '0']) +output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1']) if 'password_expiration = 0\n' not in output or \ 'account_expiration = 0\n' not in output or \ 'is_last_req = ' not in output: fail('Expected callback output not seen for noexpire') -output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '0']) -if 'password_expiration = ' not in output or \ - 'password_expiration = 0\n' in output: - fail('Expected non-zero password expiration not seen for days') -# Try one case with the stepwise interface. -output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '1']) +output = realm.run(['./t_expire_warn', 'days', 'pass', '1']) if 'password_expiration = ' not in output or \ 'password_expiration = 0\n' in output: fail('Expected non-zero password expiration not seen for days') diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index cab5b3b..5aba29e 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -125,7 +125,6 @@ k5_add_pa_data_from_data k5_alloc_pa_data k5_authind_decode k5_build_conf_principals -k5_cc_store_primary_cred k5_ccselect_free_context k5_change_error_message_code k5_etypes_contains diff --git a/src/lib/krb5/os/t_trace.c b/src/lib/krb5/os/t_trace.c index 24064ff..10ba8d0 100644 --- a/src/lib/krb5/os/t_trace.c +++ b/src/lib/krb5/os/t_trace.c @@ -65,8 +65,8 @@ main (int argc, char *argv[]) krb5_principal princ = &principal_data; krb5_pa_data padata, padata2, **padatap; krb5_enctype enctypes[4] = { - ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC_EXP, - ENCTYPE_UNKNOWN, ENCTYPE_NULL}; + ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN, + ENCTYPE_NULL}; krb5_ccache ccache; krb5_keytab keytab; krb5_creds creds; diff --git a/src/lib/krb5/os/t_trace.ref b/src/lib/krb5/os/t_trace.ref index 98fb14f..044a669 100644 --- a/src/lib/krb5/os/t_trace.ref +++ b/src/lib/krb5/os/t_trace.ref @@ -41,7 +41,7 @@ int, krb5_principal type: ? krb5_pa_data **, display list of padata type numbers: PA-PW-SALT (3), 0 krb5_pa_data **, display list of padata type numbers: (empty) krb5_enctype, display shortest name of enctype: aes128-cts -krb5_enctype *, display list of enctypes: aes128-cts, rc4-hmac-exp, 511 +krb5_enctype *, display list of enctypes: 5, rc4-hmac-exp, 511 krb5_enctype *, display list of enctypes: (empty) krb5_ccache, display type:name: FILE:/path/to/ccache krb5_keytab, display name: FILE:/etc/krb5.keytab diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c index e9b99f4..7073459 100644 --- a/src/lib/krb5/os/trace.c +++ b/src/lib/krb5/os/trace.c @@ -458,7 +458,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename) fd = malloc(sizeof(*fd)); if (fd == NULL) return ENOMEM; - *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600); + *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600); if (*fd == -1) { free(fd); return errno; diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index de5823c..a0734c7 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -499,6 +499,3 @@ EXPORTS k5_size_context @467 ; PRIVATE GSSAPI k5_size_keyblock @468 ; PRIVATE GSSAPI k5_size_principal @469 ; PRIVATE GSSAPI - -; new in 1.19 - k5_cc_store_primary_cred @470 ; PRIVATE diff --git a/src/man/ksu.man b/src/man/ksu.man index 8d4c6a3..81e3481 100644 --- a/src/man/ksu.man +++ b/src/man/ksu.man @@ -176,7 +176,7 @@ wrong password is typed in, ksu fails. .INDENT 0.0 .INDENT 3.5 During authentication, only the tickets that could be -obtained without providing a password are cached in the +obtained without providing a password are cached in in the source cache. .UNINDENT .UNINDENT diff --git a/src/man/kvno.man b/src/man/kvno.man index 4e5b43b..005a2ec 100644 --- a/src/man/kvno.man +++ b/src/man/kvno.man @@ -35,11 +35,14 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] \fBkvno\fP [\fB\-c\fP \fIccache\fP] [\fB\-e\fP \fIetype\fP] -[\fB\-k\fP \fIkeytab\fP] [\fB\-q\fP] -[\fB\-u\fP | \fB\-S\fP \fIsname\fP] +[\fB\-h\fP] [\fB\-P\fP] -[[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP] +[\fB\-S\fP \fIsname\fP] +[\fB\-I\fP \fIfor_user\fP] +[\fB\-U\fP \fIfor_user\fP] +[\fB\-F\fP \fIcert_file\fP] +[\fB\-\-u2u\fP \fIccache\fP] \fIservice1 service2\fP ... .SH DESCRIPTION .sp @@ -57,18 +60,13 @@ Specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in certain backward compatibility situations. .TP -\fB\-k\fP \fIkeytab\fP -Decrypt the acquired tickets using \fIkeytab\fP to confirm their -validity. -.TP \fB\-q\fP Suppress printing output when successful. If a service ticket cannot be obtained, an error message will still be printed and kvno will exit with nonzero status. .TP -\fB\-u\fP -Use the unknown name type in requested service principal names. -This option Cannot be used with \fI\-S\fP\&. +\fB\-h\fP +Prints a usage statement and exits. .TP \fB\-P\fP Specifies that the \fIservice1 service2\fP ... arguments are to be @@ -97,20 +95,6 @@ Specifies that protocol transition is to be used, identifying the client principal with the X.509 certificate in \fIcert_file\fP\&. The certificate file must be in PEM format. .TP -\fB\-\-cached\-only\fP -Only retrieve credentials already present in the cache, not from -the KDC. (Added in release 1.19.) -.TP -\fB\-\-no\-store\fP -Do not store retrieved credentials in the cache. If -\fB\-\-out\-cache\fP is also specified, credentials will still be -stored into the output credential cache. (Added in release 1.19.) -.TP -\fB\-\-out\-cache\fP \fIccache\fP -Initialize \fIccache\fP and store all retrieved credentials into it. -Do not store acquired credentials in the input cache. (Added in -release 1.19.) -.TP \fB\-\-u2u\fP \fIccache\fP Requests a user\-to\-user ticket. \fIccache\fP must contain a local krbtgt ticket for the server principal. The reported version diff --git a/src/plugins/certauth/test/Makefile.in b/src/plugins/certauth/test/Makefile.in index e94c138..d352408 100644 --- a/src/plugins/certauth/test/Makefile.in +++ b/src/plugins/certauth/test/Makefile.in @@ -5,8 +5,8 @@ LIBBASE=certauth_test LIBMAJOR=0 LIBMINOR=0 RELDIR=../plugins/certauth/test -SHLIB_EXPDEPS=$(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS) -SHLIB_EXPLIBS=$(KDB5_LIBS) $(KRB5_BASE_LIBS) +SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS) +SHLIB_EXPLIBS=$(KRB5_BASE_LIBS) STLIBOBJS=main.o diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c index d4633b8..7764123 100644 --- a/src/plugins/certauth/test/main.c +++ b/src/plugins/certauth/test/main.c @@ -31,7 +31,6 @@ */ #include -#include #include "krb5/certauth_plugin.h" struct krb5_certauth_moddata_st { @@ -132,8 +131,7 @@ has_cn(krb5_context context, const uint8_t *cert, size_t cert_len, /* * Test module 2 returns OK if princ matches the CN part of the subject name, - * and returns indicators of the module name and princ. If the "hwauth" string - * attribute is set on db_entry, it returns KRB5_CERTAUTH_HWAUTH. + * and returns indicators of the module name and princ. */ static krb5_error_code test2_authorize(krb5_context context, krb5_certauth_moddata moddata, @@ -143,7 +141,7 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, char ***authinds_out) { krb5_error_code ret; - char *name = NULL, *strval = NULL, **ais = NULL; + char *name = NULL, **ais = NULL; *authinds_out = NULL; @@ -169,11 +167,6 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, ais = NULL; - ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth", - &strval); - ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0; - krb5_dbe_free_string(context, strval); - cleanup: krb5_free_unparsed_name(context, name); return ret; diff --git a/src/plugins/gssapi/negoextest/main.c b/src/plugins/gssapi/negoextest/main.c index 72fc527..6c340f4 100644 --- a/src/plugins/gssapi/negoextest/main.c +++ b/src/plugins/gssapi/negoextest/main.c @@ -57,15 +57,6 @@ gss_init_sec_context(OM_uint32 *minor_status, const char *envstr; uint8_t hops, mech_last_octet; - envstr = getenv("GSS_INIT_BINDING"); - if (envstr != NULL) { - assert(strlen(envstr) > 0); - assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS); - assert(strlen(envstr) == input_chan_bindings->application_data.length); - assert(strcmp((char *)input_chan_bindings->application_data.value, - envstr) == 0); - } - if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { envstr = getenv("HOPS"); hops = (envstr != NULL) ? atoi(envstr) : 1; @@ -121,15 +112,6 @@ gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, uint8_t hops, mech_last_octet; const char *envstr; - envstr = getenv("GSS_ACCEPT_BINDING"); - if (envstr != NULL) { - assert(strlen(envstr) > 0); - assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS); - assert(strlen(envstr) == input_chan_bindings->application_data.length); - assert(strcmp((char *)input_chan_bindings->application_data.value, - envstr) == 0); - } - /* * The unwrapped token sits at the end and is just one byte giving the * remaining number of hops. The final octet of the mech encoding should diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c index 2b9d019..7db30a3 100644 --- a/src/plugins/kdb/db2/adb_openclose.c +++ b/src/plugins/kdb/db2/adb_openclose.c @@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename, * needs be open read/write so that write locking can work with * POSIX systems */ - if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) { + if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) { /* * maybe someone took away write permission so we could only * get shared locks? diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index e481e81..5106a5c 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc) if (retval) return retval; - dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name, - O_CREAT | O_RDWR | O_TRUNC, 0600); + dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC, + 0600); if (dbc->db_lf_file < 0) { retval = errno; goto cleanup; diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c index d5809a5..2977b17 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c @@ -60,7 +60,6 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95"; #include #include -#include "k5-int.h" #include "db-int.h" #include "btree.h" @@ -204,7 +203,7 @@ __bt_open(fname, flags, mode, openinfo, dflags) goto einval; } - if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) + if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0) goto err; } else { diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c index 686a960..862dbb1 100644 --- a/src/plugins/kdb/db2/libdb2/hash/hash.c +++ b/src/plugins/kdb/db2/libdb2/hash/hash.c @@ -51,7 +51,6 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95"; #include #endif -#include "k5-int.h" #include "db-int.h" #include "hash.h" #include "page.h" @@ -130,7 +129,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags) new_table = 1; } if (file) { - if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1) + if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1) RETURN_ERROR(errno, error0); (void)fcntl(hashp->fp, F_SETFD, 1); } diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c index b0daa7c..d8b26e7 100644 --- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c +++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c @@ -51,7 +51,6 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94"; #include #include -#include "k5-int.h" #include "db-int.h" #include "recno.h" @@ -69,8 +68,7 @@ __rec_open(fname, flags, mode, openinfo, dflags) int rfd = -1, sverrno; /* Open the user's file -- if this fails, we're done. */ - if (fname != NULL && - (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) + if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) return (NULL); if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in index a22f23c..8669c24 100644 --- a/src/plugins/kdb/ldap/ldap_util/Makefile.in +++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in @@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE) getdate.c: $(GETDATE) $(RM) getdate.c y.tab.c $(YACC) $(GETDATE) - $(CP) y.tab.c getdate.c + $(MV) y.tab.c getdate.c install: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 0a95101..b92cb58 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -190,7 +190,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) /* set password in the file */ old_mode = umask(0177); - pfile = WRITABLEFOPEN(file_name, "a+"); + pfile = fopen(file_name, "a+"); if (pfile == NULL) { com_err(me, errno, _("Failed to open file %s: %s"), file_name, strerror (errno)); @@ -231,9 +231,6 @@ kdb5_ldap_stash_service_password(int argc, char **argv) * Delete the existing entry and add the new entry */ FILE *newfile; -#ifdef USE_SELINUX - void *selabel; -#endif mode_t omask; @@ -245,13 +242,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv) } omask = umask(077); -#ifdef USE_SELINUX - selabel = krb5int_push_fscreatecon_for(file_name); -#endif newfile = fopen(tmp_file, "w"); -#ifdef USE_SELINUX - krb5int_pop_fscreatecon(selabel); -#endif umask (omask); if (newfile == NULL) { com_err(me, errno, _("Error creating file %s"), tmp_file); diff --git a/src/plugins/preauth/pkinit/pkcs11.h b/src/plugins/preauth/pkinit/pkcs11.h index 586661b..e3d2846 100644 --- a/src/plugins/preauth/pkinit/pkcs11.h +++ b/src/plugins/preauth/pkinit/pkcs11.h @@ -339,9 +339,9 @@ typedef unsigned long ck_key_type_t; #define CKK_GENERIC_SECRET (0x10) #define CKK_RC2 (0x11) #define CKK_RC4 (0x12) -/* #define CKK_DES (0x13) */ -/* #define CKK_DES2 (0x14) */ -/* #define CKK_DES3 (0x15) */ +#define CKK_DES (0x13) +#define CKK_DES2 (0x14) +#define CKK_DES3 (0x15) #define CKK_CAST (0x16) #define CKK_CAST3 (0x17) #define CKK_CAST128 (0x18) diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 9b991ff..1a64213 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -212,6 +212,14 @@ pkinit_as_req_create(krb5_context context, auth_pack.clientPublicValue = &info; auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids; + /* add List of CMS algorithms */ + retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx, + reqctx->cryptoctx, + reqctx->idctx, &cmstypes); + auth_pack.supportedCMSTypes = cmstypes; + if (retval) + goto cleanup; + switch(protocol) { case DH_PROTOCOL: TRACE_PKINIT_CLIENT_REQ_DH(context); @@ -897,11 +905,6 @@ pkinit_client_prep_questions(krb5_context context, k5_json_object jval = NULL; k5_json_number jflag = NULL; - /* Don't ask questions for the informational padata items or when the - * ticket is issued. */ - if (pa_data->pa_type != KRB5_PADATA_PK_AS_REQ) - return 0; - if (!reqctx->identity_initialized) { pkinit_client_profile(context, plgctx, reqctx, cb, rock, &request->server->realm); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h index a291889..8064a07 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto.h +++ b/src/plugins/preauth/pkinit/pkinit_crypto.h @@ -382,6 +382,18 @@ krb5_error_code server_process_dh /* * this functions takes in crypto specific representation of + * supportedCMSTypes and creates a list of + * krb5_algorithm_identifier + */ +krb5_error_code create_krb5_supportedCMSTypes + (krb5_context context, /* IN */ + pkinit_plg_crypto_context plg_cryptoctx, /* IN */ + pkinit_req_crypto_context req_cryptoctx, /* IN */ + pkinit_identity_crypto_context id_cryptoctx, /* IN */ + krb5_algorithm_identifier ***supportedCMSTypes); /* OUT */ + +/* + * this functions takes in crypto specific representation of * trustedCertifiers and creates a list of * krb5_external_principal_identifier */ diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index dbb0543..8c7fd0c 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -38,13 +38,6 @@ #include #include -#ifdef OSSL_KDFS -#include -#include -#else -#error "Refusing to build without OpenSSL KDFs!" -#endif - static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); @@ -2338,51 +2331,11 @@ pkinit_alg_values(krb5_context context, } } /* pkinit_alg_values() */ -#ifdef OSSL_KDFS -static krb5_error_code -openssl_sskdf(krb5_context context, size_t hash_bytes, krb5_data *key, - krb5_data *info, char *out, size_t out_len) -{ - krb5_error_code ret = KRB5_CRYPTO_INTERNAL; - EVP_KDF_CTX *ctx = NULL; - const EVP_MD *digest; - - /* RFC 8636 defines a SHA384 variant, but we don't use it. */ - if (hash_bytes == 20) { - digest = EVP_sha1(); - } else if (hash_bytes == 32) { - digest = EVP_sha256(); - } else if (hash_bytes == 64) { - digest = EVP_sha512(); - } else { - krb5_set_error_message(context, ret, "Bad hash type for SSKDF"); - goto done; - } - - ctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); - if (!ctx) { - oerr(context, ret, _("Failed to instantiate SSKDF")); - goto done; - } - - if (EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key->data, - key->length) != 1 || - EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSKDF_INFO, info->data, - info->length) != 1 || - EVP_KDF_derive(ctx, (unsigned char *)out, out_len) != 1) - goto done; - ret = 0; -done: - EVP_KDF_CTX_free(ctx); - return ret; -} -#else -/* - * Generate a key using the KDF described in RFC 8636, also known as SSKDF - * (single-step kdf). Our caller precomputes `reps`, but otherwise the - * algorithm is as follows: +/* pkinit_alg_agility_kdf() -- + * This function generates a key using the KDF described in + * draft_ietf_krb_wg_pkinit_alg_agility-04.txt. The algorithm is + * described as follows: * * 1. reps = keydatalen (K) / hash length (H) * @@ -2396,16 +2349,95 @@ done: * * 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ -static krb5_error_code -builtin_sskdf(krb5_context context, unsigned int reps, size_t hash_len, - const EVP_MD *(*EVP_func)(void), krb5_data *secret, - krb5_data *other_info, char *out, size_t out_len) +krb5_error_code +pkinit_alg_agility_kdf(krb5_context context, + krb5_data *secret, + krb5_data *alg_oid, + krb5_const_principal party_u_info, + krb5_const_principal party_v_info, + krb5_enctype enctype, + krb5_data *as_req, + krb5_data *pk_as_rep, + krb5_keyblock *key_block) { krb5_error_code retval = 0; - uint32_t counter = 1; + unsigned int reps = 0; + uint32_t counter = 1; /* Does this type work on Windows? */ size_t offset = 0; + size_t hash_len = 0; + size_t rand_len = 0; + size_t key_len = 0; + krb5_data random_data; + krb5_sp80056a_other_info other_info_fields; + krb5_pkinit_supp_pub_info supp_pub_info_fields; + krb5_data *other_info = NULL; + krb5_data *supp_pub_info = NULL; + krb5_algorithm_identifier alg_id; EVP_MD_CTX *ctx = NULL; + const EVP_MD *(*EVP_func)(void); + + /* initialize random_data here to make clean-up safe */ + random_data.length = 0; + random_data.data = NULL; + + /* allocate and initialize the key block */ + key_block->magic = 0; + key_block->enctype = enctype; + if (0 != (retval = krb5_c_keylengths(context, enctype, &rand_len, + &key_len))) + goto cleanup; + + random_data.length = rand_len; + key_block->length = key_len; + + if (NULL == (key_block->contents = malloc(key_block->length))) { + retval = ENOMEM; + goto cleanup; + } + + memset (key_block->contents, 0, key_block->length); + + /* If this is anonymous pkinit, use the anonymous principle for party_u_info */ + if (party_u_info && krb5_principal_compare_any_realm(context, party_u_info, + krb5_anonymous_principal())) + party_u_info = (krb5_principal)krb5_anonymous_principal(); + + if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func))) + goto cleanup; + + /* 1. reps = keydatalen (K) / hash length (H) */ + reps = key_block->length/hash_len; + + /* ... and round up, if necessary */ + if (key_block->length > (reps * hash_len)) + reps++; + + /* Allocate enough space in the random data buffer to hash directly into + * it, even if the last hash will make it bigger than the key length. */ + if (NULL == (random_data.data = malloc(reps * hash_len))) { + retval = ENOMEM; + goto cleanup; + } + + /* Encode the ASN.1 octet string for "SuppPubInfo" */ + supp_pub_info_fields.enctype = enctype; + supp_pub_info_fields.as_req = *as_req; + supp_pub_info_fields.pk_as_rep = *pk_as_rep; + if (0 != ((retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, + &supp_pub_info)))) + goto cleanup; + + /* Now encode the ASN.1 octet string for "OtherInfo" */ + memset(&alg_id, 0, sizeof alg_id); + alg_id.algorithm = *alg_oid; /*alias*/ + + other_info_fields.algorithm_identifier = alg_id; + other_info_fields.party_u_info = (krb5_principal) party_u_info; + other_info_fields.party_v_info = (krb5_principal) party_v_info; + other_info_fields.supp_pub_info = *supp_pub_info; + if (0 != (retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info))) + goto cleanup; /* 2. Initialize a 32-bit, big-endian bit string counter as 1. * 3. For i = 1 to reps by 1, do the following: @@ -2439,9 +2471,8 @@ builtin_sskdf(krb5_context context, unsigned int reps, size_t hash_len, goto cleanup; } - /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K - * bytes. */ - if (!EVP_DigestFinal(ctx, (unsigned char *)out + offset, &s)) { + /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ + if (!EVP_DigestFinal(ctx, (uint8_t *)random_data.data + offset, &s)) { krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, "Call to OpenSSL EVP_DigestUpdate() returned an error."); retval = KRB5_CRYPTO_INTERNAL; @@ -2453,110 +2484,26 @@ builtin_sskdf(krb5_context context, unsigned int reps, size_t hash_len, EVP_MD_CTX_free(ctx); ctx = NULL; } -cleanup: - EVP_MD_CTX_free(ctx); - return retval; -} /* builtin_sskdf() */ -#endif /* OSSL_KDFS */ -/* id-pkinit-kdf family, as specified by RFC 8636. */ -krb5_error_code -pkinit_alg_agility_kdf(krb5_context context, krb5_data *secret, - krb5_data *alg_oid, krb5_const_principal party_u_info, - krb5_const_principal party_v_info, - krb5_enctype enctype, krb5_data *as_req, - krb5_data *pk_as_rep, krb5_keyblock *key_block) -{ - krb5_error_code retval; - size_t hash_len = 0, rand_len = 0, key_len = 0; - const EVP_MD *(*EVP_func)(void); - krb5_sp80056a_other_info other_info_fields; - krb5_pkinit_supp_pub_info supp_pub_info_fields; - krb5_data *other_info = NULL, *supp_pub_info = NULL; - krb5_data random_data = empty_data(); - krb5_algorithm_identifier alg_id; - unsigned int reps; + retval = krb5_c_random_to_key(context, enctype, &random_data, + key_block); - /* Allocate and initialize the key block. */ - key_block->magic = 0; - key_block->enctype = enctype; - - /* Use separate variables to avoid alignment restriction problems. */ - retval = krb5_c_keylengths(context, enctype, &rand_len, &key_len); - if (retval) - goto cleanup; - random_data.length = rand_len; - key_block->length = key_len; - - key_block->contents = k5calloc(key_block->length, 1, &retval); - if (key_block->contents == NULL) - goto cleanup; - - /* If this is anonymous pkinit, use the anonymous principle for - * party_u_info. */ - if (party_u_info && - krb5_principal_compare_any_realm(context, party_u_info, - krb5_anonymous_principal())) { - party_u_info = (krb5_principal)krb5_anonymous_principal(); - } - - retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func); - if (retval) - goto cleanup; - - /* 1. reps = keydatalen (K) / hash length (H) */ - reps = key_block->length / hash_len; - - /* ... and round up, if necessary. */ - if (key_block->length > (reps * hash_len)) - reps++; - - /* Allocate enough space in the random data buffer to hash directly into - * it, even if the last hash will make it bigger than the key length. */ - random_data.data = k5alloc(reps * hash_len, &retval); - if (random_data.data == NULL) - goto cleanup; - - /* Encode the ASN.1 octet string for "SuppPubInfo". */ - supp_pub_info_fields.enctype = enctype; - supp_pub_info_fields.as_req = *as_req; - supp_pub_info_fields.pk_as_rep = *pk_as_rep; - retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, - &supp_pub_info); - if (retval) - goto cleanup; - - /* Now encode the ASN.1 octet string for "OtherInfo". */ - memset(&alg_id, 0, sizeof(alg_id)); - alg_id.algorithm = *alg_oid; - other_info_fields.algorithm_identifier = alg_id; - other_info_fields.party_u_info = (krb5_principal)party_u_info; - other_info_fields.party_v_info = (krb5_principal)party_v_info; - other_info_fields.supp_pub_info = *supp_pub_info; - retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info); - if (retval) - goto cleanup; - -#ifdef OSSL_KDFS - retval = openssl_sskdf(context, hash_len, secret, other_info, - random_data.data, key_block->length); -#else - retval = builtin_sskdf(context, reps, hash_len, EVP_func, secret, - other_info, random_data.data, key_block->length); -#endif - if (retval) - goto cleanup; - - retval = krb5_c_random_to_key(context, enctype, &random_data, key_block); cleanup: - if (retval) + EVP_MD_CTX_free(ctx); + + /* If this has been an error, free the allocated key_block, if any */ + if (retval) { krb5_free_keyblock_contents(context, key_block); + } - zapfree(random_data.data, random_data.length); + /* free other allocated resources, either way */ + if (random_data.data) + free(random_data.data); krb5_free_data(context, other_info); krb5_free_data(context, supp_pub_info); + return retval; -} +} /*pkinit_alg_agility_kdf() */ /* Call DH_compute_key() and ensure that we left-pad short results instead of * leaving junk bytes at the end of the buffer. */ @@ -4362,18 +4309,17 @@ pkinit_load_fs_cert_and_key(krb5_context context, /* Load the certificate. */ retval = get_cert(certname, &x); - if (retval) { - retval = oerr(context, retval, _("Cannot read certificate file '%s'"), + if (retval != 0 || x == NULL) { + retval = oerr(context, 0, _("Cannot read certificate file '%s'"), certname); - } - if (retval || x == NULL) goto cleanup; + } /* Load the key. */ retval = get_key(context, id_cryptoctx, keyname, fsname, &y, password); - if (retval) - retval = oerr(context, retval, _("Cannot read key file '%s'"), fsname); - if (retval || y == NULL) + if (retval != 0 || y == NULL) { + retval = oerr(context, 0, _("Cannot read key file '%s'"), fsname); goto cleanup; + } id_cryptoctx->creds[cindex] = malloc(sizeof(struct _pkinit_cred_info)); if (id_cryptoctx->creds[cindex] == NULL) { @@ -5542,6 +5488,44 @@ cleanup: } krb5_error_code +create_krb5_supportedCMSTypes(krb5_context context, + pkinit_plg_crypto_context plg_cryptoctx, + pkinit_req_crypto_context req_cryptoctx, + pkinit_identity_crypto_context id_cryptoctx, + krb5_algorithm_identifier ***oids) +{ + + krb5_error_code retval = ENOMEM; + krb5_algorithm_identifier **loids = NULL; + krb5_data des3oid = {0, 8, "\x2A\x86\x48\x86\xF7\x0D\x03\x07" }; + + *oids = NULL; + loids = malloc(2 * sizeof(krb5_algorithm_identifier *)); + if (loids == NULL) + goto cleanup; + loids[1] = NULL; + loids[0] = malloc(sizeof(krb5_algorithm_identifier)); + if (loids[0] == NULL) { + free(loids); + goto cleanup; + } + retval = pkinit_copy_krb5_data(&loids[0]->algorithm, &des3oid); + if (retval) { + free(loids[0]); + free(loids); + goto cleanup; + } + loids[0]->parameters.length = 0; + loids[0]->parameters.data = NULL; + + *oids = loids; + retval = 0; +cleanup: + + return retval; +} + +krb5_error_code create_krb5_trustedCertifiers(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, pkinit_req_crypto_context req_cryptoctx, diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c index cd998a2..7acbd0d 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c @@ -49,6 +49,7 @@ char eighteen_bs[9]; char party_u_name[] = "lha@SU.SE"; char party_v_name[] = "krbtgt/SU.SE@SU.SE"; int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96; +int enctype_des3 = ENCTYPE_DES3_CBC_SHA1; const krb5_data lha_data = DATA_FROM_STRING("lha"); krb5_octet key1_hex[] = @@ -184,6 +185,36 @@ main(int argc, char **argv) goto cleanup; } + /* TEST 3: SHA-512/DES3 */ + /* set up algorithm id */ + alg_id.algorithm.data = (char *)krb5_pkinit_sha512_oid; + alg_id.algorithm.length = krb5_pkinit_sha512_oid_len; + + enctype = enctype_des3; + + /* call pkinit_alg_agility_kdf() with test vector values*/ + if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, + &alg_id.algorithm, + u_principal, v_principal, + enctype, &as_req, &pk_as_rep, + &key_block))) { + printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d", + retval); + goto cleanup; + } + + /* compare key to expected key value */ + + if ((key_block.length == sizeof(key3_hex)) && + (0 == memcmp(key_block.contents, key3_hex, key_block.length))) { + printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n"); + retval = 0; + } else { + printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n"); + retval = 1; + goto cleanup; + } + cleanup: /* release all allocated resources, whether good or bad return */ free(secret.data); diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c index 3ae56c0..feca118 100644 --- a/src/plugins/preauth/pkinit/pkinit_srv.c +++ b/src/plugins/preauth/pkinit/pkinit_srv.c @@ -320,12 +320,12 @@ static krb5_error_code authorize_cert(krb5_context context, certauth_handle *certauth_modules, pkinit_kdc_context plgctx, pkinit_kdc_req_context reqctx, krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, - krb5_principal client, krb5_boolean *hwauth_out) + krb5_principal client) { krb5_error_code ret; certauth_handle h; struct certauth_req_opts opts; - krb5_boolean accepted = FALSE, hwauth = FALSE; + krb5_boolean accepted = FALSE; uint8_t *cert; size_t i, cert_len; void *db_ent = NULL; @@ -347,10 +347,9 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, /* * Check the certificate against each certauth module. For the certificate - * to be authorized at least one module must return 0 or - * KRB5_CERTAUTH_HWAUTH, and no module can return an error code other than - * KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from modules that return 0 - * or pass. + * to be authorized at least one module must return 0, and no module can an + * error code other than KRB5_PLUGIN_NO_HANDLE (pass). Add indicators from + * modules that return 0 or pass. */ ret = KRB5_PLUGIN_NO_HANDLE; for (i = 0; certauth_modules != NULL && certauth_modules[i] != NULL; i++) { @@ -360,8 +359,6 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, &opts, db_ent, &ais); if (ret == 0) accepted = TRUE; - else if (ret == KRB5_CERTAUTH_HWAUTH) - accepted = hwauth = TRUE; else if (ret != KRB5_PLUGIN_NO_HANDLE) goto cleanup; @@ -377,7 +374,6 @@ authorize_cert(krb5_context context, certauth_handle *certauth_modules, } } - *hwauth_out = hwauth; ret = accepted ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH; cleanup: @@ -434,7 +430,7 @@ pkinit_server_verify_padata(krb5_context context, int is_signed = 1; krb5_pa_data **e_data = NULL; krb5_kdcpreauth_modreq modreq = NULL; - krb5_boolean valid_freshness_token = FALSE, hwauth = FALSE; + krb5_boolean valid_freshness_token = FALSE; char **sp; pkiDebug("pkinit_verify_padata: entered!\n"); @@ -498,7 +494,7 @@ pkinit_server_verify_padata(krb5_context context, } if (is_signed) { retval = authorize_cert(context, moddata->certauth_modules, plgctx, - reqctx, cb, rock, request->client, &hwauth); + reqctx, cb, rock, request->client); if (retval) goto cleanup; @@ -617,8 +613,6 @@ pkinit_server_verify_padata(krb5_context context, /* remember to set the PREAUTH flag in the reply */ enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; - if (hwauth) - enc_tkt_reply->flags |= TKT_FLG_HW_AUTH; modreq = (krb5_kdcpreauth_modreq)reqctx; reqctx = NULL; @@ -1050,9 +1044,7 @@ pkinit_server_get_flags(krb5_context kcontext, krb5_preauthtype patype) { if (patype == KRB5_PADATA_PKINIT_KX) return PA_INFO; - /* PKINIT does not normally set the hw-authent ticket flag, but a - * certauth module can cause it to do so. */ - return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA | PA_HARDWARE; + return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA; } static krb5_preauthtype supported_server_pa_types[] = { diff --git a/src/plugins/preauth/spake/spake_client.c b/src/plugins/preauth/spake/spake_client.c index a3ce22b..00734a1 100644 --- a/src/plugins/preauth/spake/spake_client.c +++ b/src/plugins/preauth/spake/spake_client.c @@ -38,8 +38,6 @@ #include "groups.h" #include -#include - typedef struct reqstate_st { krb5_pa_spake *msg; /* set in prep_questions, used in process */ krb5_keyblock *initial_key; @@ -377,10 +375,6 @@ clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; - - if (FIPS_mode()) - return KRB5_CRYPTO_INTERNAL; - vt = (krb5_clpreauth_vtable)vtable; vt->name = "spake"; vt->pa_type_list = pa_types; diff --git a/src/plugins/preauth/spake/spake_kdc.c b/src/plugins/preauth/spake/spake_kdc.c index c7df039..88c964c 100644 --- a/src/plugins/preauth/spake/spake_kdc.c +++ b/src/plugins/preauth/spake/spake_kdc.c @@ -41,8 +41,6 @@ #include -#include - /* * The SPAKE kdcpreauth module uses a secure cookie containing the following * concatenated fields (all integer fields are big-endian): @@ -573,10 +571,6 @@ kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; - - if (FIPS_mode()) - return KRB5_CRYPTO_INTERNAL; - vt = (krb5_kdcpreauth_vtable)vtable; vt->name = "spake"; vt->pa_type_list = pa_types; diff --git a/src/plugins/preauth/spake/t_vectors.c b/src/plugins/preauth/spake/t_vectors.c index 96b0307..2279202 100644 --- a/src/plugins/preauth/spake/t_vectors.c +++ b/src/plugins/preauth/spake/t_vectors.c @@ -56,6 +56,31 @@ struct test { const char *K2; const char *K3; } tests[] = { + { ENCTYPE_DES3_CBC_SHA1, SPAKE_GROUP_EDWARDS25519, + /* initial key, w, x, y, T, S, K */ + "850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E", + "686D84730CB8679AE95416C6567C6A63F2C9CEF124F7A3371AE81E11CAD42A37", + "201012D07BFD48DDFA33C4AAC4FB1E229FB0D043CFE65EBFB14399091C71A723", + "500B294797B8B042ACA1BEDC0F5931A4F52C537B3608B2D05CC8A2372F439F25", + "18F511E750C97B592ACD30DB7D9E5FCA660389102E6BF610C1BFBED4616C8362", + "5D10705E0D1E43D5DBF30240CCFBDE4A0230C70D4C79147AB0B317EDAD2F8AE7", + "25BDE0D875F0FEB5755F45BA5E857889D916ECF7476F116AA31DC3E037EC4292", + /* support, challenge, thash, body */ + "A0093007A0053003020101", + "A1363034A003020101A122042018F511E750C97B592ACD30DB7D9E5FCA660389" + "102E6BF610C1BFBED4616C8362A20930073005A003020101", + "EAAA08807D0616026FF51C849EFBF35BA0CE3C5300E7D486DA46351B13D4605B", + "3075A00703050000000000A1143012A003020101A10B30091B07726165627572" + "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018" + "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730" + "303130313030303030305AA703020100A8053003020110", + /* K'[0], K'[1], K'[2], K'[3] */ + "BAF12FAE7CD958CBF1A29BFBC71F89CE49E03E295D89DAFD", + "64F73DD9C41908206BCEC1F719026B574F9D13463D7A2520", + "0454520B086B152C455829E6BAEFF78A61DFE9E3D04A895D", + "4A92260B25E3EF94C125D5C24C3E5BCED5B37976E67F25C4", + }, + { ENCTYPE_ARCFOUR_HMAC, SPAKE_GROUP_EDWARDS25519, /* initial key, w, x, y, T, S, K */ "8846F7EAEE8FB117AD06BDD830B7586C", diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 4d8c917..b047ef1 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -15,6 +15,8 @@ set timeout 100 set stty_init {erase \^h kill \^u} set env(TERM) dumb +set des3_krbtgt 0 + if { [string length $VALGRIND] } { rename spawn valgrind_aux_spawn proc spawn { args } { @@ -104,8 +106,16 @@ if { $PRIOCNTL_HACK } { set passes { { + des3 + mode=udp + des3_krbtgt=1 + {supported_enctypes=des3-cbc-sha1:normal} + {dummy=[verbose -log "DES3 TGT, DES3 enctype"]} + } + { aes-only mode=udp + des3_krbtgt=0 {supported_enctypes=aes256-cts-hmac-sha1-96:normal} {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} @@ -120,6 +130,7 @@ set passes { { aes-sha2-only mode=udp + des3_krbtgt=0 {supported_enctypes=aes256-sha2:normal} {permitted_enctypes(kdc)=aes256-sha2} {permitted_enctypes(replica)=aes256-sha2} @@ -135,6 +146,7 @@ set passes { { camellia-only mode=udp + des3_krbtgt=0 {supported_enctypes=camellia256-cts:normal} {permitted_enctypes(kdc)=camellia256-cts} {permitted_enctypes(replica)=camellia256-cts} @@ -148,8 +160,31 @@ set passes { {dummy=[verbose -log "Camellia-256 enctype"]} } { + aes-des3 + mode=udp + des3_krbtgt=0 + {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} + {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} + {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} + {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} + {master_key_type=aes256-cts-hmac-sha1-96} + {dummy=[verbose -log "AES + DES3 + DES enctypes"]} + } + { + aes-des3tgt + mode=udp + des3_krbtgt=1 + {supported_enctypes=aes256-cts-hmac-sha1-96:normal des3-cbc-sha1:normal} + {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} + {permitted_enctypes(client)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} + {permitted_enctypes(server)=aes256-cts-hmac-sha1-96 des3-cbc-sha1} + {master_key_type=aes256-cts-hmac-sha1-96} + {dummy=[verbose -log "AES enctypes, DES3 TGT"]} + } + { all-enctypes mode=udp + des3_krbtgt=0 {allow_weak_crypto(kdc)=false} {allow_weak_crypto(replica)=false} {allow_weak_crypto(client)=false} @@ -911,6 +946,7 @@ proc setup_kerberos_db { standalone } { global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY global tmppwd hostname global spawn_id + global des3_krbtgt global multipass_name last_passname_db set failall 0 @@ -1107,6 +1143,48 @@ proc setup_kerberos_db { standalone } { } } + if $des3_krbtgt { + # Set the TGT key to DES3. + set test "kadmin.local TGT to DES3" + set body { + if $failall { + break + } + spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal + verbose "starting $test" + expect_after $def_exp_after + + expect "kadmin.local: " + send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" + # It echos... + expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r" + expect { + "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { } + } + expect "kadmin.local: " + send "quit\r" + expect eof + catch expect_after + if ![check_exit_status kadmin_local] { + break + } + } + set ret [catch $body] + catch "expect eof" + catch expect_after + if $ret { + set failall 1 + if $standalone { + fail $test + } else { + delete_db + } + } else { + if $standalone { + pass $test + } + } + } envstack_pop # create the admin database lock file diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp index 8c08cf4..f71ee86 100644 --- a/src/tests/dejagnu/krb-standalone/kprop.exp +++ b/src/tests/dejagnu/krb-standalone/kprop.exp @@ -54,7 +54,7 @@ proc doit { } { global REALMNAME KEY global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id global hostname tmppwd spawn_id timeout - global KRBIV supported_enctypes portbase mode ulog + global KRBIV supported_enctypes portbase mode ulog des3_krbtgt # Delete any db, ulog files delete_db diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in index 68c132b..5cc1e0f 100644 --- a/src/tests/gssapi/Makefile.in +++ b/src/tests/gssapi/Makefile.in @@ -9,33 +9,33 @@ LOCALINCLUDES = -I$(srcdir)/../../lib/gssapi/mechglue \ -I../../lib/gssapi/generic SRCS= $(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \ - $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_bindings.c \ - $(srcdir)/t_ccselect.c $(srcdir)/t_ciflags.c $(srcdir)/t_context.c \ - $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c $(srcdir)/t_err.c \ - $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \ - $(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \ - $(srcdir)/t_invalid.c $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \ + $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c $(srcdir)/t_ccselect.c \ + $(srcdir)/t_ciflags.c $(srcdir)/t_context.c $(srcdir)/t_credstore.c \ + $(srcdir)/t_enctypes.c $(srcdir)/t_err.c $(srcdir)/t_export_cred.c \ + $(srcdir)/t_export_name.c $(srcdir)/t_gssexts.c \ + $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c $(srcdir)/t_invalid.c \ + $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \ $(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \ $(srcdir)/t_lifetime.c $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c \ $(srcdir)/t_pcontok.c $(srcdir)/t_prf.c $(srcdir)/t_s4u.c \ $(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \ $(srcdir)/t_spnego.c $(srcdir)/t_srcattrs.c -OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_bindings.o \ - t_ccselect.o t_ciflags.o t_context.o t_credstore.o t_enctypes.o \ - t_err.o t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o \ - t_imp_name.o t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o \ - t_iov.o t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o \ - t_s4u.o t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o +OBJS= ccinit.o ccrefresh.o common.o t_accname.o t_add_cred.o t_ccselect.o \ + t_ciflags.o t_context.o t_credstore.o t_enctypes.o t_err.o \ + t_export_cred.o t_export_name.o t_gssexts.o t_imp_cred.o t_imp_name.o \ + t_invalid.o t_inq_cred.o t_inq_ctx.o t_inq_mechs_name.o t_iov.o \ + t_lifetime.o t_namingexts.o t_oid.o t_pcontok.o t_prf.o t_s4u.o \ + t_s4u2proxy_krb5.o t_saslname.o t_spnego.o t_srcattrs.o COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS) -all: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect t_ciflags \ - t_context t_credstore t_enctypes t_err t_export_cred t_export_name \ - t_gssexts t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx \ - t_inq_mechs_name t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf \ - t_s4u t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs +all: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags t_context \ + t_credstore t_enctypes t_err t_export_cred t_export_name t_gssexts \ + t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name \ + t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf t_s4u \ + t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs check-unix: t_oid $(RUN_TEST) ./t_invalid @@ -43,12 +43,11 @@ check-unix: t_oid $(RUN_TEST) ./t_prf $(RUN_TEST) ./t_imp_name -check-pytests: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect \ - t_ciflags t_context t_credstore t_enctypes t_err t_export_cred \ - t_export_name t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov \ - t_lifetime t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs +check-pytests: ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags \ + t_context t_credstore t_enctypes t_err t_export_cred t_export_name \ + t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime \ + t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs $(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS) - $(RUNPYTEST) $(srcdir)/t_bindings.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_enctypes.py $(PYTESTFLAGS) @@ -65,8 +64,6 @@ t_accname: t_accname.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS) t_add_cred: t_add_cred.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_add_cred.o $(COMMON_LIBS) -t_bindings: t_bindings.o $(COMMON_DEPS) - $(CC_LINK) -o $@ t_bindings.o $(COMMON_LIBS) t_ccselect: t_ccselect.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS) t_ciflags: t_ciflags.o $(COMMON_DEPS) @@ -121,8 +118,8 @@ t_srcattrs: t_srcattrs.o $(COMMON_DEPS) $(CC_LINK) -o $@ t_srcattrs.o $(COMMON_LIBS) clean: - $(RM) ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect - $(RM) t_ciflags t_context t_credstore t_enctypes t_err t_export_cred + $(RM) ccinit ccrefresh t_accname t_add_cred t_ccselect t_ciflags + $(RM) t_context t_credstore t_enctypes t_err t_export_cred $(RM) t_export_name t_gssexts t_imp_cred t_imp_name t_invalid $(RM) t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime $(RM) t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5 diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c index 7ba72f7..83e9d9b 100644 --- a/src/tests/gssapi/common.c +++ b/src/tests/gssapi/common.c @@ -116,20 +116,6 @@ establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech, gss_cred_id_t *deleg_cred) { - return establish_contexts_ex(imech, icred, acred, tname, flags, ictx, actx, - GSS_C_NO_CHANNEL_BINDINGS, - GSS_C_NO_CHANNEL_BINDINGS, NULL, src_name, - amech, deleg_cred); -} - -void -establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, - gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx, - gss_ctx_id_t *actx, gss_channel_bindings_t icb, - gss_channel_bindings_t acb, OM_uint32 *aret_flags, - gss_name_t *src_name, gss_OID *amech, - gss_cred_id_t *deleg_cred) -{ OM_uint32 minor, imaj, amaj; gss_buffer_desc itok, atok; @@ -140,16 +126,17 @@ establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred, for (;;) { (void)gss_release_buffer(&minor, &itok); imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags, - GSS_C_INDEFINITE, icb, &atok, NULL, &itok, - NULL, NULL); + GSS_C_INDEFINITE, + GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, + &itok, NULL, NULL); check_gsserr("gss_init_sec_context", imaj, minor); if (amaj == GSS_S_COMPLETE) break; (void)gss_release_buffer(&minor, &atok); - amaj = gss_accept_sec_context(&minor, actx, acred, &itok, acb, - src_name, amech, &atok, aret_flags, NULL, - deleg_cred); + amaj = gss_accept_sec_context(&minor, actx, acred, &itok, + GSS_C_NO_CHANNEL_BINDINGS, src_name, + amech, &atok, NULL, NULL, deleg_cred); check_gsserr("gss_accept_sec_context", amaj, minor); (void)gss_release_buffer(&minor, &itok); if (imaj == GSS_S_COMPLETE) diff --git a/src/tests/gssapi/common.h b/src/tests/gssapi/common.h index a5c8f87..ae11b51 100644 --- a/src/tests/gssapi/common.h +++ b/src/tests/gssapi/common.h @@ -62,15 +62,6 @@ void establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_name_t *src_name, gss_OID *amech, gss_cred_id_t *deleg_cred); -/* Establish contexts with channel bindings. */ -void establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, - gss_cred_id_t acred, gss_name_t tname, - OM_uint32 flags, gss_ctx_id_t *ictx, - gss_ctx_id_t *actx, gss_channel_bindings_t icb, - gss_channel_bindings_t acb, OM_uint32 *aret_flags, - gss_name_t *src_name, gss_OID *amech, - gss_cred_id_t *deleg_cred); - /* Export *cred to a token, then release *cred and replace it by re-importing * the token. */ void export_import_cred(gss_cred_id_t *cred); diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps index 73e4d9a..acd0e96 100644 --- a/src/tests/gssapi/deps +++ b/src/tests/gssapi/deps @@ -33,10 +33,6 @@ $(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ common.h t_add_cred.c -$(OUTPRE)t_bindings.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ - common.h t_bindings.c $(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \ diff --git a/src/tests/gssapi/t_bindings.c b/src/tests/gssapi/t_bindings.c deleted file mode 100644 index e890671..0000000 --- a/src/tests/gssapi/t_bindings.c +++ /dev/null @@ -1,111 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 2020 by Red Hat, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include - -#include "common.h" - -/* - * Establish contexts (without and with GSS_C_DCE_STYLE) with the default - * initiator name, a specified principal name as target name, initiator - * bindings, and acceptor bindings. If any call is unsuccessful, display an - * error message. Output "yes" or "no" to indicate whether the contexts were - * reported as channel-bound on the acceptor. Exit with status 0 if all - * operations are successful, or 1 if not. - * - * Usage: ./t_bindings [-s] targetname icb acb - * - * An icb or abc value of "-" will not specify channel bindings. - */ - -int -main(int argc, char *argv[]) -{ - OM_uint32 minor, flags1, flags2; - gss_name_t target_name; - gss_ctx_id_t ictx, actx; - struct gss_channel_bindings_struct icb_data = {0}, acb_data = {0}; - gss_channel_bindings_t icb = GSS_C_NO_CHANNEL_BINDINGS; - gss_channel_bindings_t acb = GSS_C_NO_CHANNEL_BINDINGS; - gss_OID_desc *mech; - - argv++; - argc--; - if (*argv != NULL && strcmp(*argv, "-s") == 0) { - mech = &mech_spnego; - argv++; - argc--; - } else { - mech = &mech_krb5; - } - - if (argc != 3) { - fprintf(stderr, "Usage: t_bindings [-s] targetname icb acb\n"); - return 1; - } - - target_name = import_name(argv[0]); - - if (strcmp(argv[1], "-") != 0) { - icb_data.application_data.length = strlen(argv[1]); - icb_data.application_data.value = argv[1]; - icb = &icb_data; - } - - if (strcmp(argv[2], "-") != 0) { - acb_data.application_data.length = strlen(argv[2]); - acb_data.application_data.value = argv[2]; - acb = &acb_data; - } - - establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, - target_name, 0, &ictx, &actx, icb, acb, &flags1, - NULL, NULL, NULL); - - /* Try again with GSS_C_DCE_STYLE */ - (void)gss_delete_sec_context(&minor, &ictx, NULL); - (void)gss_delete_sec_context(&minor, &actx, NULL); - - establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, - target_name, GSS_C_DCE_STYLE, &ictx, &actx, icb, acb, - &flags2, NULL, NULL, NULL); - assert((flags1 & GSS_C_CHANNEL_BOUND_FLAG) == - (flags2 & GSS_C_CHANNEL_BOUND_FLAG)); - printf("%s\n", (flags1 & GSS_C_CHANNEL_BOUND_FLAG) ? "yes" : "no"); - - (void)gss_delete_sec_context(&minor, &ictx, NULL); - (void)gss_delete_sec_context(&minor, &actx, NULL); - (void)gss_release_name(&minor, &target_name); - - return 0; -} diff --git a/src/tests/gssapi/t_bindings.py b/src/tests/gssapi/t_bindings.py deleted file mode 100644 index f377977..0000000 --- a/src/tests/gssapi/t_bindings.py +++ /dev/null @@ -1,43 +0,0 @@ -from k5test import * - -realm = K5Realm() -server = 'p:' + realm.host_princ - -mark('krb5 channel bindings') -realm.run(['./t_bindings', server, '-', '-'], expected_msg='no') -realm.run(['./t_bindings', server, 'a', '-'], expected_msg='no') -realm.run(['./t_bindings', server, 'a', 'a'], expected_msg='yes') -realm.run(['./t_bindings', server, '-', 'a'], expected_msg='no') -realm.run(['./t_bindings', server, 'a', 'x'], - expected_code=1, expected_msg='Incorrect channel bindings') - -mark('SPNEGO channel bindings') -realm.run(['./t_bindings', '-s', server, '-', '-'], expected_msg='no') -realm.run(['./t_bindings', '-s', server, 'a', '-'], expected_msg='no') -realm.run(['./t_bindings', '-s', server, 'a', 'a'], expected_msg='yes') -realm.run(['./t_bindings', '-s', server, '-', 'a'], expected_msg='no') -realm.run(['./t_bindings', '-s', server, 'a', 'x'], - expected_code=1, expected_msg='Incorrect channel bindings') - -client_aware_conf = {'libdefaults': {'client_aware_channel_bindings': 'true'}} -e = realm.special_env('cb_aware', False, krb5_conf=client_aware_conf) - -mark('krb5 client_aware_channel_bindings') -realm.run(['./t_bindings', server, '-', '-'], env=e, expected_msg='no') -realm.run(['./t_bindings', server, 'a', '-'], env=e, expected_msg='no') -realm.run(['./t_bindings', server, 'a', 'a'], env=e, expected_msg='yes') -realm.run(['./t_bindings', server, '-', 'a'], env=e, - expected_code=1, expected_msg='Incorrect channel bindings') -realm.run(['./t_bindings', server, 'a', 'x'], env=e, - expected_code=1, expected_msg='Incorrect channel bindings') - -mark('SPNEGO client_aware_channel_bindings') -realm.run(['./t_bindings', '-s', server, '-', '-'], env=e, expected_msg='no') -realm.run(['./t_bindings', '-s', server, 'a', '-'], env=e, expected_msg='no') -realm.run(['./t_bindings', '-s', server, 'a', 'a'], env=e, expected_msg='yes') -realm.run(['./t_bindings', '-s', server, '-', 'a'], env=e, - expected_code=1, expected_msg='Incorrect channel bindings') -realm.run(['./t_bindings', '-s', server, 'a', 'x'], env=e, - expected_code=1, expected_msg='Incorrect channel bindings') - -success('channel bindings tests') diff --git a/src/tests/gssapi/t_client_keytab.py b/src/tests/gssapi/t_client_keytab.py index 7847b3e..e474a27 100755 --- a/src/tests/gssapi/t_client_keytab.py +++ b/src/tests/gssapi/t_client_keytab.py @@ -124,22 +124,4 @@ realm.kinit(realm.user_princ, password('user')) realm.run(['./t_ccselect', phost], env=bad_cktname, expected_msg=realm.user_princ) -mark('refresh of manually acquired creds') - -# Test 17: no name/ccache specified, manually acquired creds which -# will expire soon. Verify that creds are refreshed using the current -# client name, with refresh_time set in the refreshed ccache. -realm.kinit('bob', password('bob'), ['-l', '15s']) -realm.run(['./t_ccselect', phost], expected_msg='bob') -realm.run([klist, '-C'], expected_msg='refresh_time = ') - -# Test 18: no name/ccache specified, manually acquired creds with a -# client principal not present in the client keytab. A refresh is -# attempted but fails, and an expired ticket error results. -realm.kinit(realm.admin_princ, password('admin'), ['-l', '-1s']) -msgs = ('Getting initial credentials for user/admin@KRBTEST.COM', - '/Matching credential not found') -realm.run(['./t_ccselect', phost], expected_code=1, - expected_msg='Ticket expired', expected_trace=msgs) - success('Client keytab tests') diff --git a/src/tests/gssapi/t_enctypes.py b/src/tests/gssapi/t_enctypes.py index 2f95d89..7494d7f 100755 --- a/src/tests/gssapi/t_enctypes.py +++ b/src/tests/gssapi/t_enctypes.py @@ -1,17 +1,24 @@ from k5test import * -# Define some convenience abbreviations for enctypes we will see in test -# program output. For background, aes256 and aes128 are "CFX enctypes", -# meaning that they imply support for RFC 4121, while rc4 does not. +# Define some convenience abbreviations for enctypes we will see in +# test program output. For background, aes256 and aes128 are "CFX +# enctypes", meaning that they imply support for RFC 4121, while des3 +# and rc4 are not. DES3 keys will appear as 'des3-cbc-raw' in +# t_enctypes output because that's how GSSAPI does raw triple-DES +# encryption without the RFC3961 framing. aes256 = 'aes256-cts-hmac-sha1-96' aes128 = 'aes128-cts-hmac-sha1-96' +des3 = 'des3-cbc-sha1' +d_des3 = 'DEPRECATED:des3-cbc-sha1' +des3raw = 'des3-cbc-raw' +d_des3raw = 'DEPRECATED:des3-cbc-raw' rc4 = 'arcfour-hmac' d_rc4 = 'DEPRECATED:arcfour-hmac' # These tests make assumptions about the default enctype lists, so set # them explicitly rather than relying on the library defaults. -supp='aes256-cts:normal aes128-cts:normal rc4-hmac:normal' -conf = {'libdefaults': {'permitted_enctypes': 'aes rc4'}, +supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal' +conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4'}, 'realms': {'$realm': {'supported_enctypes': supp}}} realm = K5Realm(krb5_conf=conf) shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save')) @@ -80,12 +87,19 @@ test('both aes128', 'aes128-cts', 'aes128-cts', test_err('acc aes128', None, 'aes128-cts', 'Encryption type aes256-cts-hmac-sha1-96 not permitted') +# If the initiator constrains the permitted session enctypes to des3, +# no acceptor subkey will be generated because we can't upgrade to a +# CFX enctype. +test('init des3', 'des3', None, + tktenc=aes256, tktsession=d_des3, + proto='rfc1964', isubkey=des3raw, asubkey=None) + # Force the ticket session key to be rc4, so we can test some subkey # upgrade cases. The ticket encryption key remains aes256. realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4']) # With no arguments, the initiator should send an upgrade list of -# [aes256 aes128] and the acceptor should upgrade to an aes256 +# [aes256 aes128 des3] and the acceptor should upgrade to an aes256 # subkey. test('upgrade noargs', None, None, tktenc=aes256, tktsession=d_rc4, @@ -101,6 +115,13 @@ test('upgrade init aes128+rc4', 'aes128-cts rc4', None, tktenc=aes256, tktsession=d_rc4, proto='cfx', isubkey=rc4, asubkey=aes128) +# If the initiator permits rc4 but prefers des3, it will send an +# upgrade list of [des3], but the acceptor won't generate a subkey +# because des3 isn't a CFX enctype. +test('upgrade init des3+rc4', 'des3 rc4', None, + tktenc=aes256, tktsession=d_rc4, + proto='rfc1964', isubkey=rc4, asubkey=None) + # If the acceptor permits only aes128, subkey negotiation will fail # because the ticket session key and initiator subkey are # non-permitted. (This is unfortunate if the acceptor's restriction diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py index ecf9826..54d5cf5 100755 --- a/src/tests/gssapi/t_gssapi.py +++ b/src/tests/gssapi/t_gssapi.py @@ -47,9 +47,6 @@ realm.run(['./t_accname', 'p:service2/calvin', 'h:service2'], expected_msg='service2/calvin') realm.run(['./t_accname', 'p:service2/calvin', 'h:service1'], expected_code=1, expected_msg=' found in keytab but does not match server principal') -# Regression test for #8892 (trailing @ in name). -realm.run(['./t_accname', 'p:service1/andrew', 'h:service1@'], - expected_msg='service1/abraham') # Test with acceptor name containing service and host. Use the # client's un-canonicalized hostname as acceptor input to mirror what diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c index fb8fe55..9876a11 100644 --- a/src/tests/gssapi/t_invalid.c +++ b/src/tests/gssapi/t_invalid.c @@ -85,6 +85,18 @@ struct test { const char *token; } tests[] = { { + ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES3_CBC_RAW, + SEAL_ALG_DES3KD, SGN_ALG_HMAC_SHA1_DES3_KD, 20, + 24, + "\x4F\xEA\x19\x19\x5E\x0E\x10\xDF\x3D\x29\xB5\x13\x8F\x01\xC7\xA7" + "\x92\x3D\x38\xF7\x26\x73\x0D\x6D", + 65, + "\x60\x3F\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x04" + "\x00\x02\x00\xFF\xFF\xEB\xF3\x9A\x89\x24\x57\xB8\x63\x95\x25\xE8" + "\x6E\x8E\x79\xE6\x2E\xCA\xD3\xFF\x57\x9F\x8C\xAB\xEF\xDD\x28\x10" + "\x2F\x93\x21\x2E\xF2\x52\xB6\x6F\xA8\xBB\x8A\x6D\xAA\x6F\xB7\xF4\xD4" + }, + { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC, SEAL_ALG_MICROSOFT_RC4, SGN_ALG_HMAC_MD5, 8, 16, diff --git a/src/tests/gssapi/t_negoex.py b/src/tests/gssapi/t_negoex.py index a218899..88470d2 100644 --- a/src/tests/gssapi/t_negoex.py +++ b/src/tests/gssapi/t_negoex.py @@ -139,11 +139,4 @@ msgs = ('sending [3]AP_REQUEST', 'sending [7]CHALLENGE', 'sending [8]VERIFY', 'sending [11]CHALLENGE', 'sending [12]VERIFY', 'sending [13]VERIFY') test({'HOPS': '4', 'KEY': 'accept-always'}, expected_trace=()) -mark('channel bindings') -e = realm.env.copy() -e.update({'HOPS': '1', 'GSS_INIT_BINDING': 'a', 'GSS_ACCEPT_BINDING': 'b'}) -# The test mech will verify that the bindings are communicated to the -# mech, but does not set the channel-bound flag. -realm.run(['./t_bindings', '-s', 'h:host', 'a', 'b'], env=e, expected_msg='no') - success('NegoEx tests') diff --git a/src/tests/gssapi/t_pcontok.c b/src/tests/gssapi/t_pcontok.c index bf22bd3..7368f75 100644 --- a/src/tests/gssapi/t_pcontok.c +++ b/src/tests/gssapi/t_pcontok.c @@ -43,6 +43,7 @@ #include "k5-int.h" #include "common.h" +#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04 #define SGN_ALG_HMAC_MD5 0x11 /* @@ -76,12 +77,17 @@ make_delete_token(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *out) ret = krb5_k_create_key(context, &seqkb, &seq); check_k5err(context, "krb5_k_create_key", ret); - if (signalg != SGN_ALG_HMAC_MD5) + if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) { + cktype = CKSUMTYPE_HMAC_SHA1_DES3; + cksize = 20; + ckusage = 23; + } else if (signalg == SGN_ALG_HMAC_MD5) { + cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; + cksize = 8; + ckusage = 15; + } else { abort(); - - cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR; - cksize = 8; - ckusage = 15; + } tlen = 20 + mech_krb5.length + cksize; token = malloc(tlen); diff --git a/src/tests/gssapi/t_prf.c b/src/tests/gssapi/t_prf.c index d1857c4..f71774c 100644 --- a/src/tests/gssapi/t_prf.c +++ b/src/tests/gssapi/t_prf.c @@ -41,6 +41,13 @@ static struct { const char *key2; const char *out2; } tests[] = { + { ENCTYPE_DES3_CBC_SHA1, + "70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2", + "9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9" + "AC4A333D644D21BA3EF24F4A886D143F85AC9F6377FB", + "3452A167DF1094BA1089E0A20E9E51ABEF1525922558B69E", + "6BF24FABC858F8DD9752E4FCD331BB831F238B5BE190" + "4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4" }, { ENCTYPE_ARCFOUR_HMAC, "3BB3AE288C12B3B9D06B208A4151B3B6", "9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28" diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py index 4fbdbec..c589adf 100644 --- a/src/tests/t_authdata.py +++ b/src/tests/t_authdata.py @@ -174,7 +174,7 @@ realm.run([kvno, 'restricted']) # preferred krbtgt enctype changes. mark('#8139 regression test') realm.kinit(realm.user_princ, password('user'), ['-f']) -realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-sha2', +realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'des3-cbc-sha1', realm.krbtgt_princ]) realm.run(['./forward']) realm.run([kvno, realm.host_princ]) diff --git a/src/tests/t_certauth.py b/src/tests/t_certauth.py index 0fe0fdb..9c70945 100644 --- a/src/tests/t_certauth.py +++ b/src/tests/t_certauth.py @@ -43,17 +43,4 @@ out = realm.kinit("user2@KRBTEST.COM", expected_code=1, expected_msg='kinit: Certificate mismatch') -# Test the KRB5_CERTAUTH_HWAUTH return code. -mark('hw-authent flag tests') -# First test +requires_hwauth without causing the hw-authent ticket -# flag to be set. This currently results in a preauth loop. -realm.run([kadminl, 'modprinc', '+requires_hwauth', realm.user_princ]) -realm.kinit(realm.user_princ, - flags=['-X', 'X509_user_identity=%s' % file_identity], - expected_code=1, expected_msg='Looping detected') -# Cause the test2 module to return KRB5_CERTAUTH_HWAUTH and try again. -realm.run([kadminl, 'setstr', realm.user_princ, 'hwauth', 'x']) -realm.kinit(realm.user_princ, - flags=['-X', 'X509_user_identity=%s' % file_identity]) - success("certauth tests") diff --git a/src/tests/t_crossrealm.py b/src/tests/t_crossrealm.py index 28b397c..fa7fd26 100755 --- a/src/tests/t_crossrealm.py +++ b/src/tests/t_crossrealm.py @@ -77,14 +77,6 @@ r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)), {'realm': 'B.X'})) test_kvno(r1, r3.host_princ, 'KDC domain walk') check_klist(r1, (tgt(r1, r1), r3.host_princ)) - -# Test start_realm in this setup. -r1.run([kvno, '--out-cache', r1.ccache, r2.krbtgt_princ]) -r1.run([klist, '-C'], expected_msg='config: start_realm = X') -msgs = ('Requesting TGT krbtgt/B.X@X using TGT krbtgt/X@X', - 'Received TGT for service realm: krbtgt/B.X@X') -r1.run([kvno, r3.host_princ], expected_trace=msgs) - stop(r1, r2, r3) # Test client capaths. The client in A will ask for a cross TGT to D, diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py index ace0edc..2a052fc 100644 --- a/src/tests/t_etype_info.py +++ b/src/tests/t_etype_info.py @@ -1,6 +1,6 @@ from k5test import * -supported_enctypes = 'aes128-cts rc4-hmac' +supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac' conf = {'libdefaults': {'allow_weak_crypto': 'true'}, 'realms': {'$realm': {'supported_enctypes': supported_enctypes}}} realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) @@ -24,9 +24,9 @@ def test_etinfo(princ, enctypes, expected_lines): # With no newer enctypes in the request, PA-ETYPE-INFO2, # PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one # key for the most preferred matching enctype. -test_etinfo('user', 'rc4-hmac-exp rc4', - ['asrep etype_info2 rc4-hmac KRBTEST.COMuser', - 'asrep etype_info rc4-hmac KRBTEST.COMuser', +test_etinfo('user', 'rc4-hmac-exp des3 rc4', + ['asrep etype_info2 des3-cbc-sha1 KRBTEST.COMuser', + 'asrep etype_info des3-cbc-sha1 KRBTEST.COMuser', 'asrep pw_salt KRBTEST.COMuser']) # With a newer enctype in the request (even if it is not the most @@ -37,9 +37,9 @@ test_etinfo('user', 'rc4 aes256-cts', # In preauth-required errors, PA-PW-SALT does not appear, but the same # etype-info2 values are expected. -test_etinfo('preauthuser', 'rc4-hmac-exp rc4', - ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser', - 'error etype_info rc4-hmac KRBTEST.COMpreauthuser']) +test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4', + ['error etype_info2 des3-cbc-sha1 KRBTEST.COMpreauthuser', + 'error etype_info des3-cbc-sha1 KRBTEST.COMpreauthuser']) test_etinfo('preauthuser', 'rc4 aes256-cts', ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser']) @@ -48,8 +48,8 @@ test_etinfo('preauthuser', 'rc4 aes256-cts', # (to allow for preauth mechs which don't depend on long-term keys). # An AS-REP cannot be generated without preauth as there is no reply # key. -test_etinfo('rc4user', 'aes128-cts', []) -test_etinfo('nokeyuser', 'aes128-cts', []) +test_etinfo('rc4user', 'des3', []) +test_etinfo('nokeyuser', 'des3', []) # Verify that etype-info2 is included in a MORE_PREAUTH_DATA_REQUIRED # error if the client does optimistic preauth. diff --git a/src/tests/t_keyrollover.py b/src/tests/t_keyrollover.py index f29e0d5..2c825a6 100755 --- a/src/tests/t_keyrollover.py +++ b/src/tests/t_keyrollover.py @@ -37,9 +37,9 @@ realm.run([klist, '-e'], expected_msg=msg) # Test that the KDC only accepts the first enctype for a kvno, for a # local-realm TGS request. To set this up, we abuse an edge-case -# behavior of modprinc -kvno. First, set up an aes128-sha2 krbtgt entry at +# behavior of modprinc -kvno. First, set up a DES3 krbtgt entry at # kvno 1 and cache a krbtgt ticket. -realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes128-cts-hmac-sha256-128', +realm.run([kadminl, 'cpw', '-randkey', '-e', 'des3-cbc-sha1', realm.krbtgt_princ]) realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) realm.kinit(realm.user_princ, password('user')) @@ -50,9 +50,9 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts', realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ]) out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ]) if 'vno 1, aes256-cts' not in out or \ - 'vno 1, aes128-cts-hmac-sha256-128' not in out: + 'vno 1, DEPRECATED:des3-cbc-sha1' not in out: fail('keyrollover: setup for TGS enctype test failed') -# Now present the aes128-sha2 ticket to the KDC and make sure it's rejected. +# Now present the DES3 ticket to the KDC and make sure it's rejected. realm.run([kvno, realm.host_princ], expected_code=1) realm.stop() diff --git a/src/tests/t_mkey.py b/src/tests/t_mkey.py index f84041c..99273c9 100755 --- a/src/tests/t_mkey.py +++ b/src/tests/t_mkey.py @@ -7,6 +7,7 @@ import struct # default enctype for master keys. aes256 = 'aes256-cts-hmac-sha1-96' aes128 = 'aes128-cts-hmac-sha1-96' +des3 = 'des3-cbc-sha1' defetype = aes256 realm = K5Realm(create_host=False, start_kadmind=True) @@ -299,6 +300,40 @@ if 'Decrypt integrity check failed' in out or 'added to keytab' not in out: realm.stop() +# Load a dump file created with krb5 1.6, before the master key +# rollover changes were introduced. Write out an old-format stash +# file consistent with the dump's master password ("footes"). The K/M +# entry in this database will not have actkvno tl-data because it was +# created prior to master key rollover support. Verify that: +# 1. We can access the database using the old-format stash file. +# 2. list_mkeys displays the same list as for a post-1.7 KDB. +mark('pre-1.7 stash file') +dumpfile = os.path.join(srctop, 'tests', 'dumpfiles', 'dump.16') +os.remove(stash_file) +f = open(stash_file, 'wb') +f.write(struct.pack('=HL24s', 16, 24, + b'\xF8\x3E\xFB\xBA\x6D\x80\xD9\x54\xE5\x5D\xF2\xE0' + b'\x94\xAD\x6D\x86\xB5\x16\x37\xEC\x7C\x8A\xBC\x86')) +f.close() +realm.run([kdb5_util, 'load', dumpfile]) +nprincs = len(realm.run([kadminl, 'listprincs']).splitlines()) +check_mkvno('K/M', 1) +check_mkey_list((1, des3, True, True)) + +# Create a new master key and verify that, without actkvkno tl-data: +# 1. list_mkeys displays the same as for a post-1.7 KDB. +# 2. update_princ_encryption still targets mkvno 1. +# 3. libkadm5 still uses mkvno 1 for key changes. +# 4. use_mkey creates the same list as for a post-1.7 KDB. +mark('rollover from pre-1.7 KDB') +add_mkey([]) +check_mkey_list((2, defetype, False, False), (1, des3, True, True)) +update_princ_encryption(False, 1, 0, nprincs - 1) +realm.run([kadminl, 'addprinc', '-randkey', realm.user_princ]) +check_mkvno(realm.user_princ, 1) +realm.run([kdb5_util, 'use_mkey', '2', 'now-1day']) +check_mkey_list((2, defetype, True, True), (1, des3, True, False)) + # Regression test for #8395. Purge the master key and verify that a # master key fetch does not segfault. mark('#8395 regression test') diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py index f224383..69daf49 100755 --- a/src/tests/t_pkinit.py +++ b/src/tests/t_pkinit.py @@ -130,9 +130,6 @@ realm.run([kvno, realm.host_princ]) out = realm.run(['./adata', realm.host_princ]) if '97:' in out: fail('auth indicators seen in anonymous PKINIT ticket') -# Verify start_realm setting and test referrals TGS request. -realm.run([klist, '-C'], expected_msg='start_realm = KRBTEST.COM') -realm.run([kvno, '-S', 'host', hostname]) # Test anonymous kadmin. mark('anonymous kadmin') @@ -251,13 +248,10 @@ realm.run(['./adata', realm.host_princ], # supplied by the responder. # Supply the response in raw form. mark('FILE identity, password on key (responder)') -out = realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity, - '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity, - '-X', 'X509_user_identity=%s' % file_enc_identity, - realm.user_princ]) -# Regression test for #8885 (password question asked twice). -if out.count('OK: ') != 1: - fail('Wrong number of responder calls') +realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity, + '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity, + '-X', 'X509_user_identity=%s' % file_enc_identity, + realm.user_princ]) # Supply the response through the convenience API. realm.run(['./responder', '-X', 'X509_user_identity=%s' % file_enc_identity, '-p', '%s=%s' % (file_enc_identity, 'encrypted'), realm.user_princ]) diff --git a/src/tests/t_salt.py b/src/tests/t_salt.py index 55ca897..65084bb 100755 --- a/src/tests/t_salt.py +++ b/src/tests/t_salt.py @@ -16,12 +16,13 @@ def test_salt(realm, e1, salt, e2): # Enctype/salt pairs chosen with non-default salt types. # The enctypes are mostly arbitrary. -salts = [('aes128-cts-hmac-sha1-96', 'norealm'), +salts = [('des3-cbc-sha1', 'norealm'), ('arcfour-hmac', 'onlyrealm'), ('aes128-cts-hmac-sha1-96', 'special')] # These enctypes are chosen to cover the different string-to-key routines. # Omit ":normal" from aes256 to check that salttype defaulting works. -second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal'] +second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal', + 'des3-cbc-sha1:normal'] # Test using different salt types in a principal's key list. # Parameters from one key in the list must not leak over to later ones. diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c index 7dc02a3..d7069a9 100644 --- a/src/util/et/error_message.c +++ b/src/util/et/error_message.c @@ -26,7 +26,7 @@ static struct et_list *et_list; static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER; -static int terminated = 0; /* for safety and finalization debugging */ +static int terminated = 0; /* for debugging shlib fini sequence errors */ MAKE_INIT_FUNCTION(com_err_initialize); MAKE_FINI_FUNCTION(com_err_terminate); @@ -69,7 +69,6 @@ void com_err_terminate(void) enext = e->next; free(e); } - et_list = NULL; k5_mutex_unlock(&et_list_lock); k5_mutex_destroy(&et_list_lock); terminated = 1; @@ -281,10 +280,6 @@ remove_error_table(const struct error_table *et) { struct et_list **ep, *e; - /* Safety check in case libraries are finalized in the wrong order. */ - if (terminated) - return ENOENT; - if (CALL_INIT_FUNCTION(com_err_initialize)) return 0; k5_mutex_lock(&et_list_lock); diff --git a/src/util/k5test.py b/src/util/k5test.py index 52b3b79..442a4e4 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -47,7 +47,7 @@ A sample test script: By default, the realm will have: * The name KRBTEST.COM -* Listener ports starting at 61016 +* Listener ports starting at 61000 * krb5.conf and kdc.conf files * A fresh DB2 KDB * Running krb5kdc (but not kadmind) @@ -871,7 +871,7 @@ def stop_daemon(proc): class K5Realm(object): """An object representing a functional krb5 test realm.""" - def __init__(self, realm='KRBTEST.COM', portbase=61016, testdir='testdir', + def __init__(self, realm='KRBTEST.COM', portbase=61000, testdir='testdir', krb5_conf=None, kdc_conf=None, create_kdb=True, krbtgt_keysalt=None, create_user=True, get_creds=True, create_host=True, start_kdc=True, start_kadmind=False, @@ -1214,7 +1214,7 @@ def cross_realms(num, xtgts=None, args=None, **keywords): if not 'testdir' in a: a['testdir'] = os.path.join('testdir', str(realmnumber)) if not 'portbase' in a: - a['portbase'] = 61016 + 10 * realmnumber + a['portbase'] = 61000 + 10 * realmnumber realm_args.append(a) # Build a [realms] config fragment containing all of the realms. @@ -1299,6 +1299,13 @@ _passes = [ # No special settings; exercises AES256. ('default', None, None, None), + # Exercise the DES3 enctype. + ('des3', None, + {'libdefaults': {'permitted_enctypes': 'des3'}}, + {'realms': {'$realm': { + 'supported_enctypes': 'des3-cbc-sha1:normal', + 'master_key_type': 'des3-cbc-sha1'}}}), + # Exercise the arcfour enctype. ('arcfour', None, {'libdefaults': {'permitted_enctypes': 'rc4'}}, diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index 79f9500..aa951df 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -33,7 +33,6 @@ #endif #include "k5-platform.h" -#include "k5-label.h" struct global_shared_profile_data { /* This is the head of the global list of shared trees */ @@ -392,7 +391,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile, errno = 0; - f = WRITABLEFOPEN(new_file, "w"); + f = fopen(new_file, "w"); if (!f) { retval = errno; if (retval == 0) diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in index 1052d53..86d5a95 100644 --- a/src/util/support/Makefile.in +++ b/src/util/support/Makefile.in @@ -74,7 +74,6 @@ IPC_SYMS= \ STLIBOBJS= \ threads.o \ - selinux.o \ init-addrinfo.o \ plugins.o \ errors.o \ @@ -169,7 +168,7 @@ SRCS=\ SHLIB_EXPDEPS = # Add -lm if dumping thread stats, for sqrt. -SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB) +SHLIB_EXPLIBS= $(LIBS) $(DL_LIB) DEPLIBS= diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c deleted file mode 100644 index 6d41f32..0000000 --- a/src/util/support/selinux.c +++ /dev/null @@ -1,406 +0,0 @@ -/* - * Copyright 2007,2008,2009,2011,2012,2013,2016 Red Hat, Inc. All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of Red Hat, Inc. nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * File-opening wrappers for creating correctly-labeled files. So far, we can - * assume that this is Linux-specific, so we make many simplifying assumptions. - */ - -#include "../../include/autoconf.h" - -#ifdef USE_SELINUX - -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -/* #define DEBUG 1 */ -static void -debug_log(const char *fmt, ...) -{ -#ifdef DEBUG - va_list ap; - va_start(ap, fmt); - if (isatty(fileno(stderr))) { - vfprintf(stderr, fmt, ap); - } - va_end(ap); -#endif - - return; -} - -/* Mutex used to serialize use of the process-global file creation context. */ -k5_mutex_t labeled_mutex = K5_MUTEX_PARTIAL_INITIALIZER; - -/* Make sure we finish initializing that mutex before attempting to use it. */ -k5_once_t labeled_once = K5_ONCE_INIT; -static void -label_mutex_init(void) -{ - k5_mutex_finish_init(&labeled_mutex); -} - -static struct selabel_handle *selabel_ctx; -static time_t selabel_last_changed; - -MAKE_FINI_FUNCTION(cleanup_fscreatecon); - -static void -cleanup_fscreatecon(void) -{ - if (selabel_ctx != NULL) { - selabel_close(selabel_ctx); - selabel_ctx = NULL; - } -} - -static security_context_t -push_fscreatecon(const char *pathname, mode_t mode) -{ - security_context_t previous, configuredsc, currentsc, derivedsc; - context_t current, derived; - const char *fullpath, *currentuser; - char *genpath; - - previous = configuredsc = currentsc = derivedsc = NULL; - current = derived = NULL; - genpath = NULL; - - fullpath = pathname; - - if (!is_selinux_enabled()) { - goto fail; - } - - if (getfscreatecon(&previous) != 0) { - goto fail; - } - - /* Canonicalize pathname */ - if (pathname[0] != '/') { - char *wd; - size_t len; - len = 0; - - wd = getcwd(NULL, len); - if (wd == NULL) { - goto fail; - } - - len = strlen(wd) + 1 + strlen(pathname) + 1; - genpath = malloc(len); - if (genpath == NULL) { - free(wd); - goto fail; - } - - sprintf(genpath, "%s/%s", wd, pathname); - free(wd); - fullpath = genpath; - } - - debug_log("Looking up context for \"%s\"(%05o).\n", fullpath, mode); - - /* Check whether context file has changed under us */ - if (selabel_ctx != NULL || selabel_last_changed == 0) { - const char *cpath; - struct stat st; - int i = -1; - - cpath = selinux_file_context_path(); - if (cpath == NULL || (i = stat(cpath, &st)) != 0 || - st.st_mtime != selabel_last_changed) { - cleanup_fscreatecon(); - - selabel_last_changed = i ? time(NULL) : st.st_mtime; - } - } - - if (selabel_ctx == NULL) { - selabel_ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0); - } - - if (selabel_ctx != NULL && - selabel_lookup(selabel_ctx, &configuredsc, fullpath, mode) != 0) { - goto fail; - } - - if (genpath != NULL) { - free(genpath); - genpath = NULL; - } - - if (configuredsc == NULL) { - goto fail; - } - - getcon(¤tsc); - - /* AAAAAAAA */ - if (currentsc != NULL) { - derived = context_new(configuredsc); - - if (derived != NULL) { - current = context_new(currentsc); - - if (current != NULL) { - currentuser = context_user_get(current); - - if (currentuser != NULL) { - if (context_user_set(derived, - currentuser) == 0) { - derivedsc = context_str(derived); - - if (derivedsc != NULL) { - freecon(configuredsc); - configuredsc = strdup(derivedsc); - } - } - } - - context_free(current); - } - - context_free(derived); - } - - freecon(currentsc); - } - - debug_log("Setting file creation context to \"%s\".\n", configuredsc); - if (setfscreatecon(configuredsc) != 0) { - debug_log("Unable to determine current context.\n"); - goto fail; - } - - freecon(configuredsc); - return previous; - -fail: - if (previous != NULL) { - freecon(previous); - } - if (genpath != NULL) { - free(genpath); - } - if (configuredsc != NULL) { - freecon(configuredsc); - } - - cleanup_fscreatecon(); - return NULL; -} - -static void -pop_fscreatecon(security_context_t previous) -{ - if (!is_selinux_enabled()) { - return; - } - - if (previous != NULL) { - debug_log("Resetting file creation context to \"%s\".\n", previous); - } else { - debug_log("Resetting file creation context to default.\n"); - } - - /* NULL resets to default */ - setfscreatecon(previous); - - if (previous != NULL) { - freecon(previous); - } - - /* Need to clean this up here otherwise it leaks */ - cleanup_fscreatecon(); -} - -void * -krb5int_push_fscreatecon_for(const char *pathname) -{ - struct stat st; - void *retval; - - k5_once(&labeled_once, label_mutex_init); - k5_mutex_lock(&labeled_mutex); - - if (stat(pathname, &st) != 0) { - st.st_mode = S_IRUSR | S_IWUSR; - } - - retval = push_fscreatecon(pathname, st.st_mode); - return retval ? retval : (void *) -1; -} - -void -krb5int_pop_fscreatecon(void *con) -{ - if (con != NULL) { - pop_fscreatecon((con == (void *) -1) ? NULL : con); - k5_mutex_unlock(&labeled_mutex); - } -} - -FILE * -krb5int_labeled_fopen(const char *path, const char *mode) -{ - FILE *fp; - int errno_save; - security_context_t ctx; - - if ((strcmp(mode, "r") == 0) || - (strcmp(mode, "rb") == 0)) { - return fopen(path, mode); - } - - k5_once(&labeled_once, label_mutex_init); - k5_mutex_lock(&labeled_mutex); - ctx = push_fscreatecon(path, 0); - - fp = fopen(path, mode); - errno_save = errno; - - pop_fscreatecon(ctx); - k5_mutex_unlock(&labeled_mutex); - - errno = errno_save; - return fp; -} - -int -krb5int_labeled_creat(const char *path, mode_t mode) -{ - int fd; - int errno_save; - security_context_t ctx; - - k5_once(&labeled_once, label_mutex_init); - k5_mutex_lock(&labeled_mutex); - ctx = push_fscreatecon(path, 0); - - fd = creat(path, mode); - errno_save = errno; - - pop_fscreatecon(ctx); - k5_mutex_unlock(&labeled_mutex); - - errno = errno_save; - return fd; -} - -int -krb5int_labeled_mknod(const char *path, mode_t mode, dev_t dev) -{ - int ret; - int errno_save; - security_context_t ctx; - - k5_once(&labeled_once, label_mutex_init); - k5_mutex_lock(&labeled_mutex); - ctx = push_fscreatecon(path, mode); - - ret = mknod(path, mode, dev); - errno_save = errno; - - pop_fscreatecon(ctx); - k5_mutex_unlock(&labeled_mutex); - - errno = errno_save; - return ret; -} - -int -krb5int_labeled_mkdir(const char *path, mode_t mode) -{ - int ret; - int errno_save; - security_context_t ctx; - - k5_once(&labeled_once, label_mutex_init); - k5_mutex_lock(&labeled_mutex); - ctx = push_fscreatecon(path, S_IFDIR); - - ret = mkdir(path, mode); - errno_save = errno; - - pop_fscreatecon(ctx); - k5_mutex_unlock(&labeled_mutex); - - errno = errno_save; - return ret; -} - -int -krb5int_labeled_open(const char *path, int flags, ...) -{ - int fd; - int errno_save; - security_context_t ctx; - mode_t mode; - va_list ap; - - if ((flags & O_CREAT) == 0) { - return open(path, flags); - } - - k5_once(&labeled_once, label_mutex_init); - k5_mutex_lock(&labeled_mutex); - ctx = push_fscreatecon(path, 0); - - va_start(ap, flags); - mode = va_arg(ap, mode_t); - fd = open(path, flags, mode); - va_end(ap); - - errno_save = errno; - - pop_fscreatecon(ctx); - k5_mutex_unlock(&labeled_mutex); - - errno = errno_save; - return fd; -} - -#endif /* USE_SELINUX */ diff --git a/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/src/windows/leash/htmlhelp/html/Encryption_Types.htm index c38eefd..1aebdd0 100644 --- a/src/windows/leash/htmlhelp/html/Encryption_Types.htm +++ b/src/windows/leash/htmlhelp/html/Encryption_Types.htm @@ -79,6 +79,19 @@ will have an entry in the Encryption type column.
Description + des3- + The triple DES family improves on +the original DES (Data Encryption Standard) by using 3 separate 56-bit +keys. Some modes of 3DES are considered weak while others are strong +(if slow).
    +
  • des3-cbc-sha1
    • +
  • des3-cbc-raw (weak)
    • +
  • des3-hmac-sha1
    • +
  • des3-cbc-sha1-kd
    • +
+ + + aes The AES Advanced Encryption Standard family, like 3DES, is a symmetric block cipher and was designed