- Kerberos Version 5, Release 1.3.5
+ Kerberos Version 5, Release 1.5
Release Notes
The MIT Kerberos Team
---------------------------------
The source distribution of Kerberos 5 comes in a gzipped tarfile,
-krb5-1.3.5.tar.gz. Instructions on how to extract the entire
+krb5-1.5.tar.gz. Instructions on how to extract the entire
distribution follow.
If you have the GNU tar program and gzip installed, you can simply do:
- gtar zxpf krb5-1.3.5.tar.gz
+ gtar zxpf krb5-1.5.tar.gz
If you don't have GNU tar, you will need to get the FSF gzip
distribution and use gzcat:
- gzcat krb5-1.3.5.tar.gz | tar xpf -
+ gzcat krb5-1.5.tar.gz | tar xpf -
-Both of these methods will extract the sources into krb5-1.3.5/src and
-the documentation into krb5-1.3.5/doc.
+Both of these methods will extract the sources into krb5-1.5/src and
+the documentation into krb5-1.5/doc.
Building and Installing Kerberos 5
----------------------------------
and logging in as "guest" with password "guest".
-Major changes in 1.3.5
+Major changes in 1.5
----------------------
-* [2682] Fix ftpd hang caused by empty PASS command.
+Merged to the trunk and included in this alpha release:
-* [2686] Fix double-free errors. [MITKRB5-SA-2004-002]
+* plug-in architecture (in-progress)
-* [2687] Fix denial-of-service vulnerability in ASN.1
- decoder. [MITKRB5-SA-2004-003]
+Not yet merged to the trunk, thus not included in this alpha release:
-Minor changes in 1.3.5
-----------------------
-
-* [2016] Fix build problem in fake-addrinfo.h by including stdio.h so
- that sprintf() gets prototyped where needed on some platforms.
-
-* [2353] Add missing prototype for gss_krb5int_unseal_token_v3().
-
-* [2607] Fix enctype filtering and some memory leaks in MSLSA ccache.
-
-* [2608] Remove incorrect localization in MSLSA ccache which was
- resulting in crashes.
-
-* [2619] Update MSLSA ccache to support new LSA flag.
-
-* [2623] Update MSLSA ccache to reflect differences in registry layout
- between Windows client and server OSes.
-
-* [2624] Do not ignore the cache when obtaining TGTs from the MSLSA if
- the requested enctype is the NULL enctype.
-
-* [2626] Add Terminal Server compatibility for KfW.
-
-* [2627] Fix cc_mslsa thread safety.
-
-* [2634] Remove the caching of the ccache principal name from
- krb5_context.
+* LDAP plug-in for KDB
-* [2643] Fix another problem with krb4 ticket backdating.
+* multi-mechanism GSS-API implementation
-* [2675] Add new WiX-based MSI installer for KfW.
+* SPNEGO implementation
-* [2677] Add "-c ccache" option to kvno; use consistent memory
- management to avoid crashes on Windows.
-
-* [2689] Misc MSLSA ccache fixes.
-
-* [2691] Improve documentation of ANSI C requirement.
-
-Major changes in 1.3.4
-----------------------
-
-* [2024, 2583, 2584] Fixed buffer overflows in
- krb5_aname_to_localname(). [MITKRB-SA-2004-001]
-
-Minor changes in 1.3.4
+Minor changes in 1.5
----------------------
-* [957] The auth_to_local rules now allow for the client realm to be
- examined.
-
-* [2527, 2528, 2531] Keytab file names lacking a "FILE:" prefix now work
- under Windows.
-
-* [2533] Updated installer scripts for Windows.
-
-* [2534] Fixed memory leak for when an incorrect password is input to
- krb5_get_init_creds_password().
-
-* [2535] Added missing newline to dnssrv.c.
-
-* [2551, 2564] Use compile-time checks to determine endianness.
-
-* [2558] krb5_send_tgs() now correctly sets message_type after
- receiving a KRB_ERROR message.
-
-* [2561, 2574] Fixed memory allocation errors in the MSLSA ccache.
-
-* [2562] The Windows installer works around cases where DLLs cannot be
- unloaded.
-
-* [2585] Documentation correctly describes AES support in GSSAPI.
-
-Major changes in 1.3.3
-----------------------
-
-* [2284] Fixed accept_sec_context to use a replay cache in the
- GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia.
-
-* [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc
- code on AIX. Thanks to Bill Dodd.
-
-* [2430] Fixed a crash in the MSLSA ccache.
-
-* [2453] The AES string-to-key function no longer returns a pointer to
- stack memory when given a password longer than 64 characters.
-
-Minor changes in 1.3.3
-----------------------
-
-* [2277] In sendto_kdc, a socket leak on connection failure was fixed.
- Thanks to Bill Dodd.
-
-* [2384] A memory leak in the TCP handling code in the KDC has been
- fixed. Thanks to Will Fiveash.
-
-* [2521] The Windows NSIS installer scripts are in the source tree.
-
-* [2522] The MSLSA ccache now supports Windows 9x.
-
-Major changes in 1.3.2
-----------------------
-
-* [2040, 1471, 2067, 2077, 2079, 2166, 2167, 2220, 2266] Support for
- AES in GSSAPI has been implemented. This corresponds to the
- in-progress work in the IETF (CFX).
-
-* [2049, 2139, 2148, 2153, 2182, 2183, 2184, 2190, 2202] Added a new
- ccache type "MSLSA:" for read-only access to the MS Windows LSA
- cache.
-
-* [982] On windows, krb5.exe now has a checkbox to request addressless
- tickets.
-
-* [2189, 2234] To avoid compatibility problems, unrecognized TGS
- options will now be ignored. Thanks to Wyllys Ingersoll for finding
- a problem with a previous fix.
-
-* [2218] 128-bit AES has been added to the default enctypes.
-
-* [2223, 2229] AES cryptosystem now chains IVs. This WILL break
- backwards compatibility for the kcmd applications, if they are using
- AES session keys. Thanks to Wyllys Ingersoll for finding a problem
- with a previous fix.
-
-Minor changes in 1.3.2
-----------------------
-
-* [1437] Applied patch from Stephen Grau so kinit returns non-zero
- status under certain failure conditions where it had previously
- returned zero.
-
-* [1586] On Windows, the krb4 CREDENTIALS structure has been changed
- to align with KfW's version of the structure.
-
-* [1613] Applied patch from Dave Shrimpton to avoid truncation of
- dates output from the kadmin CLI when long time zone names are
- used.
-
-* [1622] krshd no longer calls syslog from inside a signal handler, in
- an effort to avoid deadlocks on exit.
-
-* [1649] A com_err test program compiles properly on Darwin now.
-
-* [1692] A new configuration file tag "master_kdc" has been added to
- allow master KDCs to be designated separately from admin servers.
-
-* [1702] krb5_get_host_realm() and krb5_free_host_realm() are no
- longer marked as KRB5_PRIVATE.
-
-* [1711] Applied patch from Harry McGavran Jr to allow fake-addrinfo.h
- to compile on libc5 Linux platforms.
-
-* [1712] Applied patch from Cesar Garcia to fix lifetime computation
- in krb524 ticket conversion.
-
-* [1714] Fixed a 64-bit endianness bug in ticket starttime encoding in
- krb524d. Found by Cesar Garcia.
-
-* [1715] kadmind4 and v5passwdd are no longer installed on Mac OS X.
-
-* [1718] The krb4 library configure script now recognizes
- OpenDarwin/x86. Bug found by Rob Braun.
-
-* [1721] krb5_get_init_creds_password() no longer returns a spurious
- KRB5_REALM_UNKNOWN if DNS SRV record support is turned off.
-
-* [1730] krb_mk_auth() no longer overzealously clears the key
- schedule.
-
-* [1731] A double-free related to reading forwarded credentials has
- been fixed. Found by Joseph Galbraith.
-
-* [1770] Applied patch from Maurice Massar to fix a foreachaddr()
- problem that was causing the KDC to segfault on startup.
-
-* [1790] The Linux build uses $(CC) to create shared libraries,
- avoiding a libgcc problem when building libdb.
-
-* [1792] The lib/kadm5 unit tests now work around a Solaris 9
- pty-close bug.
-
-* [1793] The test suite works around some Tru64 and Irix RPATH
- issues, which previously could prevent tests from running on a build
- with shared libraries enabled.
-
-* [1799] kadmind supports callouts to the Apple password server.
-
-* [1893] KRB-SAFE messages from older releases can now be read
- successfully. Prior 1.3.x releases did not save the encoded
- KRB-SAFE message, and experienced problems when re-encoding. Found
- by Scooter Morris.
-
-* [1962] MS LSA tickets with short remaining lifetimes will be
- rejected in favor of retrieving tickets bypassing the LSA cache.
-
-* [1973] sendto_kdc.c now closes sockets with closesocket() instead of
- close(), avoiding a descriptor leak on Windows.
-
-* [1979] An erroneously short initial sequence number mask has been
- fixed.
-
-* [2028] KfW now displays a kinit dialog when GSS fails to find
- tickets.
-
-* [2051] Missing exports have been added to krb4_32.def on Windows.
-
-* [2058] Some problems with krb4 ticket lifetime backdating have
- fixed.
-
-* [2060] GSSAPI's idea of the default ccache is less sticky now.
-
-* [2068] The profile library includes prof-int.h before conditionals
- that rely on it.
-
-* [2084] The resolver library is no longer referenced by library code
- if not building with DNS SRV record support.
-
-* [2085] Updated Windows README file to reflect current compilation
- requirements, etc.
-
-* [2104] On Windows, only define strcasecmp and strncasecmp
- replacement macros if said functions are missing.
-
-* [2106] Return an error for unimplemented ccache functions, rather
- than calling through a null pointer.
-
-* [2118] Applied patch from Will Fiveash to use correct parameter for
- KDC TCP listening sockets.
-
-* [2144,2230] Memory management errors in the Windows gss.exe test
- client have been fixed.
-
-* [2171] krb5_locate_kpasswd() now correctly calls htons() on the
- kpasswd port number. Found by Arlene Berry.
-
-* [2180] The profile library now includes pthread.h when compiled with
- USE_PTHREADS.
-
-* [2181, 2224] A timeout has been added to gss-server, and a missing
- parameter to sign_server() has been added.
-
-* [2196] config.{guess,sub} have been updated from autoconf-2.59.
-
-* [2204] Windows gss.exe now has support for specifying credentials
- cache, as well as some minor bugfixes.
-
-* [2210] GSSAPI accept_sec_context() no longer unconditionally sets
- INTEG and CONF flags in contradiction to what the initiator sent.
-
-* [2212] The GSS sample application has some additional options to
- support testing of SSPI vs GSSAPI.
-
-* [2217] Windows gss.exe has new UI elements to support more flag
- settings.
-
-* [2225] In the gss sample client, some extraneous parameters have
- been removed from client_establish_context().
-
-* [2228] Copyright notices updated in GSS sample apps.
-
-* [2233] On Windows compiles with KRB5_KFW_COMPILE, the lib path for
- krbcc32.lib is now correct.
-
-* [2195, 2236, 2241, 2245] The Solaris 9 pty-close bug, which was
- affecting the test suite, has been worked around by hacking
- scheduler priorities. See the installation notes for details.
- Thanks to Bill Sommerfeld for some useful hints.
-
-* [2258] An incorrect memcpy() statement in fakeka has been fixed.
- Reported by David Thompson.
-
-Notes, Major Changes, and Known Bugs for 1.3.1
-----------------------------------------------
-
-* [1681] The incorrect encoding of the ETYPE-INFO2 preauthentication
- hint is no longer emitted, and the both the incorrect and the
- correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY
- encourage deploying krb5-1.3.1 in preference to 1.3, especially on
- client installations, as the 1.3 release did not conform to the
- internet-draft for the revised Kerberos protocol in its encoding of
- ETYPE-INFO2.
-
-* [1683] The non-caching getaddrinfo() API on Mac OS X, which was
- causing significant slowdowns under some circumstances, has been
- worked around.
-
-Minor changes in 1.3.1
-----------------------
-
-* [1015] gss_accept_sec_context() now passes correct arguments to
- TREAD_STR() when reading options beyond the forwarded credential
- option. Thanks to Emily Ratliff.
-
-* [1365] The GSSAPI initiator credentials are no longer cached inside
- the GSSAPI library.
-
-* [1651] A buffer overflow in krb_get_admhst() has been fixed.
-
-* [1655] krb5_get_permitted_enctypes() and krb5_set_real_time() are
- now exported for use by Samba.
-
-* [1656] gss_init_sec_context() no longer leaks credentials under some
- error conditions.
-
-* [1657] krb_get_lrealm() no longer returns "ATHENA.MIT.EDU"
- inappropriately.
-
-* [1664] The crypto library no longer has bogus dependencies on
- com_err.
-
-* [1665] krb5_init_context() no longer multiply registers error tables
- when called more than once, preventing a memory leak.
-
-* [1666] The GSS_C_NT_* symbols are now exported from gssapi32.dll on
- Windows.
-
-* [1667] ms2mit now imports any tickets with supported enctypes, and
- does not import invalid tickets.
-
-* [1677] krb5_gss_register_acceptor_identity() no longer has an
- off-by-one in its memory allocation.
-
-* [1679] krb5_principal2salt is now exported on all platforms.
-
-* [1684] The file credentials cache is now supported if USE_CCAPI is
- defined, i.e., for KfM and KfW.
-
-* [1691] Documentation for the obsolete kdc_supported_enctypes config
- variable has been removed.
-
-Notes, Major Changes, and Known Bugs for 1.3
---------------------------------------------
-
-* We now install the compile_et program, so other packages can use the
- installed com_err library with their own error tables. (If you use
- our com_err code, that is; see below.)
-
-* The header files we install now assume ANSI/ISO C ('89, not '99).
- We have stopped testing on SunOS 4, even with gcc. Some of our code
- now has C89-based assumptions, like free(NULL) being well defined,
- that will probably frustrate any attempts to run this code under SunOS
- 4 or other pre-C89 systems.
-
-* Some new code, bug fixes, and cleanup for IPv6 support. Most of the
- code should support IPv6 transparently now. The RPC code (and
- therefore the admin system, which is based on it) does not yet
- support IPv6. The support for Kerberos 4 may work with IPv6 in very
- limited ways, if the address checking is turned off. The FTP client
- and server do not have support for the new protocol messages needed
- for IPv6 support (RFC 2428).
-
-* We have upgraded to autoconf 2.52 (or later), and the syntax for
- specifying certain configuration options have changed. For example,
- autoconf 2.52 configure scripts let you specify command-line options
- like "configure CC=/some/path/foo-cc", so we have removed some of
- our old options like --with-cc in favor of this approach.
-
-* The client libraries can now use TCP to connect to the KDC. This
- may be necessary when talking to Microsoft KDCs (domain controllers),
- if they issue you tickets with lots of PAC data.
-
-* If you have versions of the com_err or ss installed locally, you can
- use the --with-system-et and --with-system-ss configure options to
- use them rather than using the versions supplied here. Note that
- the interfaces are assumed to be similar to those we supply; in
- particular, some older, divergent versions of the com_err library
- may not work with the krb5 sources. Many configure-time variables
- can be used to help the compiler and linker find the installed
- packages; see the build documentation for details.
-
-* The AES cryptosystem has been implemented. However, support in the
- Kerberos GSSAPI mechanism has not been written (or even fully
- specified), so it's not fully enabled. See the documentation for
- details.
-
-Major changes listed by ticket ID
----------------------------------
-
-* [492] PRNG breakage on 64-bit platforms no longer an issue due to
- new PRNG implementation.
-
-* [523] Client library is now compatible with the RC4-based
- cryptosystem used by Windows 2000.
-
-* [709] krb4 long lifetime support has been implemented.
-
-* [880] krb5_gss_register_acceptor_identity() implemented (is called
- gsskrb5_register_acceptor_identity() by Heimdal).
-
-* [1087] ftpd no longer requires channel bindings, allowing easier use
- of ftp from behind a NAT.
-
-* [1156, 1209] It is now possible to use the system com_err to build
- this release.
-
-* [1174] TCP support added to client library.
-
-* [1175] TCP support added to the KDC, but is disabled by default.
-
-* [1176] autoconf-2.5x is now required by the build system.
-
-* [1184] It is now possible to use the system Berkeley/Sleepycat DB
- library to build this release.
-
-* [1189, 1251] The KfM krb4 library source base has been merged.
-
-* [1190] The default KDC master key type is now triple-DES. KDCs
- being updated may need their config files updated if they are not
- already specifying the master key type.
-
-* [1190] The default ticket lifetime and default maximum renewable
- ticket lifetime have been extended to one day and one week,
- respectively.
-
-* [1191] A new script, k5srvutil, may be used to manipulate keytabs in
- ways similar to the krb4 ksrvutil utility.
-
-* [1281] The "fakeka" program, which emulates the AFS kaserver, has
- been integrated. Thanks to Ken Hornstein.
-
-* [1343] The KDC now defaults to not answering krb4 requests.
-
-* [1344] Addressless tickets are requested by default now.
-
-* [1372] There is no longer a need to create a special keytab for
- kadmind. The legacy administration daemons "kadmind4" and
- "v5passwdd" will still require a keytab, though.
-
-* [1377, 1442, 1443] The Microsoft set-password protocol has been
- implemented. Thanks to Paul Nelson.
-
-* [1385, 1395, 1410] The krb4 protocol vulnerabilities
- [MITKRB5-SA-2003-004] have been worked around. Note that this will
- disable krb4 cross-realm functionality, as well as krb4 triple-DES
- functionality. Please see doc/krb4-xrealm.txt for details of the
- patch.
-
-* [1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have
- been fixed.
-
-* [1397] The krb5_principal buffer bounds problems
- [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai.
-
-* [1415] Subsession key negotiation has been fixed to allow for
- server-selected subsession keys in the future.
-
-* [1418, 1429, 1446, 1484, 1486, 1487, 1535, 1621] The AES
- cryptosystem has been implemented. It is not usable for GSSAPI,
- though.
-
-* [1491] The client-side functionality of the krb524 library has been
- moved into the krb5 library.
-
-* [1550] SRV record support exists for Kerberos v4.
-
-* [1551] The heuristic for locating the Kerberos v4 KDC by prepending
- "kerberos." to the realm name if no config file or DNS information
- is available has been removed.
-
-* [1568, 1067] A krb524 stub library is built on Windows.
-
-Minor changes listed by ticket ID
----------------------------------
-
-* [90] default_principal_flags documented.
-
-* [175] Docs refer to appropriate example domains/IPs now.
-
-* [299] kadmin no longer complains about missing kdc.conf parameters
- when it really means krb5.conf parameters.
-
-* [318] Run-time load path for tcl is set now when linking test
- programs.
-
-* [443] --includedir honored now.
-
-* [479] unused argument in try_krb4() in login.c deleted.
-
-* [590] The des_read_pw_string() function in libdes425 has been
- aligned with the original krb4 and CNS APIs.
-
-* [608] login.krb5 handles SIGHUP more sanely now and thus avoids
- getting the session into a weird state w.r.t. job control.
-
-* [620] krb4 encrypted rcp should work a little better now. Thanks to
- Greg Hudson.
-
-* [647] libtelnet/kerberos5.c no longer uses internal include files.
-
-* [673] Weird echoing of admin password in kadmin client worked around
- by not using buffered stdio calls to read passwords.
-
-* [677] The build system has been reworked to allow the user to set
- CFLAGS, LDFLAGS, CPPFLAGS, etc. reasonably.
-
-* [680] Related to [673], rewrite krb5_prompter_posix() to no longer
- use longjmp(), thus avoiding some bugs relating to non-restoration
- of terminal settings.
-
-* [697] login.krb5 no longer zeroes out the terminal window size.
+For a list of bugs fixed in krb5-1.5, please consult
-* [710] decomp_ticket() in libkrb4 now looks up the local realm name
- more correctly. Thanks to Booker Bense.
-
-* [771] .rconf files are excluded from the release now.
-
-* [772] LOG_AUTHPRIV syslog facility is now usable for logging on
- systems that support it.
-
-* [844] krshd now syslogs using the LOG_AUTH facility.
-
-* [850] Berekely DB build is better integrated into the krb5 library
- build process.
-
-* [866] lib/krb5/os/localaddr.c and kdc/network.c use a common source
- for local address enumeration now.
-
-* [882] gss-client now correctly deletes the context on error.
-
-* [919] kdc/network.c problems relating to SIOCGIFCONF have been
- fixed.
-
-* [922] An overflow in the string-to-time conversion routines has been
- fixed.
-
-* [933] krb524d now handles single-DES session keys other than of type
- des-cbc-crc.
-
-* [935] des-cbc-md4 now included in default enctypes.
-
-* [939] A minor grammatical error has been fixed in a telnet client
- error message.
-
-* [953] des3 no longer failing on Windows due to SHA1 implementation
- problems.
-
-* [964] kdb_init_hist() no longer fails if master_key_enctype is not
- in supported_enctypes.
-
-* [970] A minor inconsistency in ccache.tex has been fixed.
-
-* [971] option parsing bugs rendered irrelevant by removal of unused
- gss mechanism.
-
-* [976] make install mentioned in build documentation.
-
-* [986] Related to [677], problems with the ordering of LDFLAGS
- initialization rendered irrelevant by use of native autoconf
- idioms.
-
-* [992] Related to [677], quirks with --with-cc no longer relevant as
- AC_PROG_CC is used instead now.
-
-* [999] The kdc_default_options configuration variable is now honored.
- Thanks to Emily Ratliff.
-
-* [1006] Client library, as well as KDC, now perform reasonable
- sorting of ETYPE-INFO preauthentication data.
-
-* [1055] NULL pointer dereferences in code calling
- krb5_change_password() have been fixed.
-
-* [1063] Initial credentials acquisition failures related to client
- host having a large number of local network interfaces should be
- fixed now.
-
-* [1064] Incorrect option parsing in the gssapi library is no longer
- relevant due to removal of the "v2" mechanism.
-
-* [1065, 1225] krb5_get_init_creds_password() should properly warn about
- password expiration.
-
-* [1066] printf() argument mismatches in rpc unit tests fixed.
-
-* [1085] The krb5.conf manpage has been re-synchronized with other
- documentation.
-
-* [1102] gssapi_generic.h should now work with C++.
-
-* [1135] The kadm5 ACL system is better documented.
-
-* [1136] Some documentation for the setup of cross-realm
- authentication has been added.
-
-* [1164] krb5_auth_con_gen_addrs() now properly returns errno instead
- of -1 if getpeername() fails.
-
-* [1173] Address-less forwardable tickets will remain address-less
- when forwarded.
-
-* [1178, 1228, 1244, 1246, 1249] Test suite has been stabilized
- somewhat.
-
-* [1188] As part of the modernization of our usage of autoconf,
- AC_CONFIG_FILES is now used instead of passing a list of files to
- AC_OUTPUT.
-
-* [1194] configure will no longer recurse out of the top of the source
- tree when attempting to locate the top of the source tree.
-
-* [1192] Documentation for the krb5 afs functionality of krb524d has
- been written.
-
-* [1195] Example krb5.conf file modified to include all enctypes
- supported by the release.
-
-* [1202] The KDC no longer rejects unrecognized flags.
-
-* [1203] krb5_get_init_creds_keytab() no longer does a double-free.
-
-* [1211] The ASN.1 code no longer passes (harmless) uninitialized
- values around.
-
-* [1212] libkadm5 now allows for persistent exclusive database locks.
-
-* [1217] krb5_read_password() and des_read_password() are now
- implemented via krb5_prompter_posix().
-
-* [1224] For SAM challenges, omitted optional strings are no longer
- encoded as zero-length strings.
-
-* [1226] Client-side support for SAM hardware-based preauth
- implemented.
-
-* [1229] The keytab search logic no longer fails prematurely if an
- incorrect encryption type is found. Thanks to Wyllys Ingersoll.
-
-* [1232] If the master KDC cannot be resolved, but a slave is
- reachable, the client library now returns the real error from the
- slave rather than the resolution failure from the master. Thanks to
- Ben Cox.
-
-* [1234] Assigned numbers for SAM preauth have been corrected.
- sam-pk-for-sad implementation has been aligned.
-
-* [1237] Profile-sharing optimizations from KfM have been merged.
-
-* [1240] Windows calling conventions for krb5int_c_combine_keys() have
- been aligned.
-
-* [1242] Build system incompatibilities with Debian's chimeric
- autoconf installation have been worked around.
-
-* [1256] Incorrect sizes passed to memset() in combine_keys()
- operations have been corrected.
-
-* [1260] Client credential lookup now gets new service tickets in
- preference to attempting to use expired ticketes. Thanks to Ben
- Cox.
-
-* [1262, 1572] Sequence numbers are now unsigned; negative sequence
- numbers will be accepted for the purposes of backwards
- compatibility.
-
-* [1263] A heuristic for matching the incorrectly encoded sequence
- numbers emitted by Heimdal implementations has been written.
-
-* [1284] kshd accepts connections by IPv6 now.
-
-* [1292] kvno manpage title fixed.
-
-* [1293] Source files no longer explicitly attempt to declare errno.
-
-* [1304] kadmind4 no longer leaves sa_flags uninitialized.
-
-* [1305] Expired tickets now cause KfM to pop up a password dialog.
-
-* [1309] krb5_send_tgs() no longer leaks the storage associated with
- the TGS-REQ.
-
-* [1310] kadm5_get_either() no longer leaks regexp library memory.
-
-* [1311] Output from krb5-config no longer contains spurious uses of
- $(PURE).
-
-* [1324] The KDC no longer logs an inappropriate "no matching key"
- error when an encrypted timestamp preauth password is incorrect.
-
-* [1334] The KDC now returns a clockskew error when the timestamp in
- the encrypted timestamp preauth is out of bounds, rather than just
- returning a preauthentcation failure.
-
-* [1342] gawk is no longer required for building kerbsrc.zip for the
- Windows build.
-
-* [1346] gss_krb5_ccache_name() no longer attempts to return a pointer
- to freed memory.
-
-* [1351] The filename globbing vulnerability [CERT VU#258721] in the
- ftp client's handling of filenames beginning with "|" or "-"
- returned from the "mget" command has been fixed.
-
-* [1352] GSS_C_PROT_READY_FLAG is no longer asserted inappropriately
- during GSSAPI context establishment.
-
-* [1356] krb5_gss_accept_sec_context() no longer attempts to validate
- a null credential if one is passed in.
-
-* [1362] The "-a user" option to telnetd now does the right thing.
- Thanks to Nathan Neulinger.
-
-* [1363] ksu no longer inappropriately syslogs to stderr.
-
-* [1357] krb__get_srvtab_name() no longer leaks memory.
-
-* [1370] GSS_C_NO_CREDENTIAL now accepts any principal in the keytab.
-
-* [1373] Handling of SAM preauth no longer attempts to stuff a size_t
- into an unsigned int.
-
-* [1387] BIND versions later than 8 now supported.
-
-* [1392] The getaddrinfo() wrapper should work better on AIX.
-
-* [1400] If DO_TIME is not set in the auth_context, and no replay
- cache is available, no replay cache will be used.
-
-* [1406, 1108] libdb is no longer installed. If you installed
- krb5-1.3-alpha1, you should ensure that no spurious libdb is left in
- your install tree.
-
-* [1412] ETYPE_INFO handling no longer goes into an infinite loop.
-
-* [1414] libtelnet is now built using the same library build framework
- as the rest of the tree.
-
-* [1417] A minor memory leak in krb5_read_password() has been fixed.
-
-* [1419] A memory leak in asn1_decode_kdc_req_body() has been fixed.
-
-* [1435] inet_ntop() is now emulated when needed.
-
-* [1439] krb5_free_pwd_sequences() now correctly frees the entire
- sequence of elements.
-
-* [1440] errno is no longer explicitly declared.
-
-* [1441] kadmind should now return useful errors if an unrecognized
- version is received in a changepw request.
-
-* [1454, 1480, 1517, 1525] The etype-info2 preauth type is now
- supported.
-
-* [1459] (KfM/KLL internal) config file resolution can now be
- prevented from accessing the user's homedir.
-
-* [1463] Preauth handling in the KDC has been reorganized.
-
-* [1470] Double-free in client-side preauth code fixed.
-
-* [1473] Ticket forwarding when the TGS and the end service have
- different enctypes should work somewhat better now.
-
-* [1474] ASN.1 testsuite memory management has been cleaned up a
- little to allow for memory leak checking.
-
-* [1476] Documentation updated to reflect default krb4 mode.
-
-* [1482] RFC-1964 OIDs now provided using the suggested symbolic
- names.
-
-* [1483, 1528] KRB5_DEPRECATED is now false by default on all
- platforms.
-
-* [1488] The KDC will now return integrity errors if a decryption
- error is responsible for preauthentication failure.
-
-* [1492] The autom4te.cache directories are now deleted from the
- release tarfiles.
-
-* [1501] Writable keytabs are registered by default.
-
-* [1515] The check for cross-realm TGTs no longer reads past the end
- of an array.
-
-* [1518] The kdc_default_options option is now actually honored.
-
-* [1519] The changepw protocol implementation in kadmind now logs
- password changes.
-
-* [1520] Documentation of OS-specific build options has been updated.
-
-* [1536] A missing prototype for krb5_db_iterate_ext() has been
- added.
-
-* [1537] An incorrect path to kdc.conf show in the kdc.conf manpage
- has been fixed.
-
-* [1540] verify_as_reply() will only check the "renew-till" time
- against the "till" time if the RENEWABLE is not set in the request.
-
-* [1547] gssftpd no longer uses vfork(), as this was causing problems
- under RedHat 9.
-
-* [1549] SRV records with a value of "." are now interpreted as a lack
- of support for the protocol.
-
-* [1553] The undocumented (and confusing!) kdc_supported_enctypes
- kdc.conf variable is no longer used.
-
-* [1560] Some spurious double-colons in password prompts have been
- fixed.
-
-* [1571] The test suite tries a little harder to get a root shell.
-
-* [1573] The KfM build process now sets localstatedir=/var/db.
-
-* [1576, 1575] The client library no longer requests RENEWABLE_OK if
- the renew lifetime is greater than the ticket lifetime.
-
-* [1587] A more standard autoconf test to locate the C compiler allows
- for gcc to be found by default without additional configuration
- arguments.
-
-* [1593] Replay cache filenames are now escaped with hyphens, not
- backslashes.
-
-* [1598] MacOS 9 support removed from in-tree com_err.
-
-* [1602] Fixed a memory leak in make_ap_req_v1(). Thanks to Kent Wu.
-
-* [1604] Fixed a memory leak in krb5_gss_init_sec_context(), and an
- uninitialized memory reference in kg_unseal_v1(). Thanks to Kent
- Wu.
-
-* [1607] kerberos-iv SRV records are now documented.
-
-* [1610] Fixed AES credential delegation under GSSAPI.
-
-* [1618] ms2mit no longer inserts local addresses into tickets
- converted from the MS ccache if they began as addressless tickets.
-
-* [1619] etype_info parser (once again) accepts extra field emitted by
- Heimdal.
-
-* [1643] Some typos in kdc.conf.M have been fixed.
-
-* [1648] For consistency, leading spaces before preprocessor
- directives in profile.h have been removed.
-
---[ DELETE BEFORE RELEASE ---changes to unreleased code, etc.--- ]--
-
-* [1054] KRB-CRED messages for RC4 are encrypted now.
-
-* [1177] krb5-1-2-2-branch merged onto trunk.
-
-* [1193] Punted comment about reworking key storage architecture.
-
-* [1208] install-headers target implemented.
-
-* [1223] asn1_decode_oid, asn1_encode_oid implemented
-
-* [1248] RC4 is explicitly excluded from combine_keys.
-
-* [1276] Generated dependencies handle --without-krb4 properly now.
-
-* [1339] An inadvertent change to the krb4 get_adm_hst API (strcpy vs
- strncpy etc.) has been fixed.
-
-* [1384, 1413] Use of autoconf-2.52 in util/reconf will now cause a
- warning.
-
-* [1388] DNS support is turned on in KfM.
-
-* [1391] Fix kadmind startup failure with krb4 vuln patch.
-
-* [1409] get_ad_tkt() now prompts for password if there are no tickets
- (in KfM).
-
-* [1447] vts_long() and vts_short() work now.
-
-* [1462] KfM adds exports of set_pw calls.
-
-* [1477] compile_et output not used in err_txt.c.
-
-* [1495] KfM now exports string_to_key_with_params.
-
-* [1512, 1522] afs_string_to_key now works with etype_info2.
-
-* [1514] krb5int_populate_gic_opt returns void now.
-
-* [1521] Using an afs3 salt for an AES key no longer causes
- segfaults.
-
-* [1533] krb524.h no longer contains invalid Mac pragmas.
-
-* [1546] krb_mk_req_creds() no longer zeros the session key.
-
-* [1554] The krb4 string-to-key iteration now accounts correctly for
- the decrypt-in-place semantics of libdes425.
-
-* [1557] KerberosLoginPrivate.h is now correctly included for the use
- of __KLAllowHomeDirectoryAccess() in init_os_ctx.c (for KfM).
-
-* [1558] KfM exports the new krb524 interface.
-
-* [1563] krb__get_srvtaname() no longer returns a pointer that is
- free()d upon a subsequent call.
-
-* [1569] A debug statement has been removed from krb524init.
-
-* [1592] Document possible file rename lossage when building against
- system libdb.
-
-* [1594] Darwin gets an explicit dependency of err_txt.o on
- krb_err.c.
-
-* [1596] Calling conventions, etc. tweaked for KfW build of
- krb524.dll.
-
-* [1600] Minor tweaks to README to improve notes on IPv6, etc.
-
-* [1605] Fixed a leak of subkeys in krb5_rd_rep().
-
-* [1630] krb5_get_in_tkt_with_keytab() works now; previously borken by
- reimplementation in terms of krb5_get_init_creds().
-
-* [1642] KfM build now inherits CFLAGS and LDFLAGS from parent project.
+http://krbdev.mit.edu/rt/NoAuth/krb5-1.5/fixed-1.5.html
Copyright Notice and Legal Administrivia
----------------------------------------
-Copyright (C) 1985-2004 by the Massachusetts Institute of Technology.
+Copyright (C) 1985-2006 by the Massachusetts Institute of Technology.
All rights reserved.
in respect of any properties, including, but not limited to, correctness
and fitness for purpose.
-
-
Acknowledgements
----------------
-Appreciation Time!!!! There are far too many people to try to thank
-them all; many people have contributed to the development of Kerberos
-V5. This is only a partial listing....
-
-Thanks to Paul Vixie and the Internet Software Consortium for funding
-the work of Barry Jaspan. This funding was invaluable for the OV
-administration server integration, as well as the 1.0 release
-preparation process.
-
-Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
-Technologies, Inc., who donated their administration server for use in
-the MIT release of Kerberos.
-
-Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
-Raeburn, and all of the folks at Cygnus Support, who provided
-innumerable bug fixes and portability enhancements to the Kerberos V5
-tree. Thanks especially to Jeff Bigler, for the new user and system
-administrator's documentation.
-
-Thanks to Doug Engert from ANL for providing many bug fixes, as well
-as testing to ensure DCE interoperability.
-
-Thanks to Ken Hornstein at NRL for providing many bug fixes and
-suggestions, and for working on SAM preauthentication.
-
-Thanks to Matt Crawford at FNAL for bugfixes and enhancements.
-
-Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
-their many suggestions and bug fixes.
-
-Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and
-providing patches for numerous buffer overruns.
-
-Thanks to Christopher Thompson and Marcus Watts for discovering the
-ftpd security bug.
-
-Thanks to Paul Nelson of Thursby Software Systems for implementing the
-Microsoft set password protocol.
-
Thanks to the members of the Kerberos V5 development team at MIT, both
-past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt,
-Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood,
-Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva
-Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl,
-Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park,
-Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff
-Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall
-Vale, Tom Yu.
+past and present: Danilo Almeida, Jeffrey Altman, Richard Basch, Jay
+Berkenbilt, Mitch Berger, Andrew Boardman, Joe Calzaretta, John Carr,
+Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman,
+Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan,
+Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin
+Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken
+Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry
+Tsai, Ted Ts'o, Marshall Vale, Tom Yu.
-Copyright @copyright{} 1985-2002,2005 by the Massachusetts Institute of Technology.
+Copyright @copyright{} 1985-2006 by the Massachusetts Institute of Technology.
@quotation
Export of software employing encryption from the United States of
AC_MSG_RESULT($ac_cv_printf_positional)
dnl
dnl
+dnl for kadmin
+dnl
+AC_PROG_YACC
+ath_compat=
+AC_ARG_ENABLE([athena],
+[ --enable-athena build with MIT Project Athena configuration],
+ath_compat=compat,)
+dnl The following are tests for the presence of programs required for
+dnl kadmin testing.
+AC_CHECK_PROG(have_RUNTEST,runtest,runtest)
+AC_CHECK_PROG(have_PERL,perl,perl)
+AC_KRB5_TCL
+if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
+ DO_TEST=ok
+fi
+AC_SUBST(DO_TEST)
+dnl
+DO_V4_TEST=
+if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then
+ DO_V4_TEST=ok
+fi
+AC_SUBST(DO_V4_TEST)
+dnl The following are substituted into kadmin/testing/scripts/env-setup.sh
+RBUILD=`pwd`
+AC_SUBST(RBUILD)
+case "$srcdir" in
+/*) S_TOP=$srcdir ;;
+*) S_TOP=`pwd`/$srcdir ;;
+esac
+AC_SUBST(S_TOP)
+AC_PATH_PROG(PERL_PATH,perl)
+AC_PATH_PROG(EXPECT,expect)
+dnl For kadmin/testing/util/Makefile.in
+if test "$TCL_LIBS" != "" ; then
+ DO_ALL=tcl
+fi
+AC_SUBST(DO_ALL)
+KRB5_AC_PRIOCNTL_HACK
+K5_GEN_FILE(kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin)
+dnl for lib/kadm5
+AC_CHECK_PROG(RUNTEST,runtest,runtest)
+AC_CHECK_PROG(PERL,perl,perl)
+dnl
+dnl
+dnl for lib/krb4
+case $krb5_cv_host in
+ *-apple-darwin*)
+ KRB_ERR_TXT=
+ KRB_ERR=
+ KRB_ERR_C=krb_err.c
+ ;;
+ *)
+ KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)'
+ KRB_ERR_TXT=krb_err_txt.c
+ KRB_ERR_C=
+ ;;
+esac
+AC_SUBST([KRB_ERR_TXT])
+AC_SUBST([KRB_ERR])
+AC_SUBST([KRB_ERR_C])
+dnl
+dnl
+dnl lib/gssapi
+AC_CHECK_HEADER(stdint.h,[
+ include_stdint='awk '\''END{printf("%cinclude <stdint.h>\n", 35);}'\'' < /dev/null'],
+ include_stdint='echo "/* no stdint.h */"')
+AC_SUBST(include_stdint)
+AC_CHECK_HEADER(inttypes.h,[
+ include_inttypes='awk '\''END{printf("%cinclude <inttypes.h>\n", 35);}'\'' < /dev/null'],
+ include_inttypes='echo "/* no inttypes.h */"')
+AC_SUBST(include_inttypes)
+AC_CHECK_HEADER(xom.h,[
+ include_xom='awk '\''END{printf("%cinclude <xom.h>\n", 35);}'\'' < /dev/null'], [
+ include_xom='echo "/* no xom.h */"'])
+AC_SUBST(include_xom)
+dnl
+dnl
+dnl lib/rpc
+### Check where struct rpcent is declared.
+#
+# This is necessary to determine:
+# 1. If /usr/include/netdb.h declares struct rpcent
+# 2. If /usr/include/rpc/netdb.h declares struct rpcent
+#
+# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes
+# rpc/netdb.h, then nastiness could happen.
+#
+# Logic: If /usr/include/netdb.h declares struct rpcent, then check
+# rpc/netdb.h. If /usr/include/rpc/netdb.h declares struct rpcent,
+# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not. If
+# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define
+# STRUCT_RPCENT_IN_RPC_NETDB_H anyway.
+#
+AC_MSG_CHECKING([where struct rpcent is declared])
+AC_TRY_COMPILE([#include <netdb.h>],
+[struct rpcent e;
+char c = e.r_name[0];
+int i = e.r_number;],
+[AC_TRY_COMPILE([#include <rpc/netdb.h>],
+[struct rpcent e;
+char c = e.r_name[0];
+int i = e.r_number;],
+[AC_MSG_RESULT([rpc/netdb.h])
+rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'],
+[AC_MSG_RESULT([netdb.h])])],
+[AC_MSG_RESULT([nowhere])
+rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'])
+AC_SUBST(rpcent_define)
+
+AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h)
+if test $ac_cv_header_sys_select_h = yes; then
+ GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
+else
+ GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
+fi
+AC_SUBST(GSSRPC__SYS_SELECT_H)
+if test $ac_cv_header_sys_time_h = yes; then
+ GSSRPC__SYS_TIME_H='#include <sys/time.h>'
+else
+ GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
+fi
+AC_SUBST(GSSRPC__SYS_TIME_H)
+if test $ac_cv_header_unistd_h = yes; then
+ GSSRPC__UNISTD_H='#include <unistd.h>'
+else
+ GSSRPC__UNISTD_H='/* #include <unistd.h> */'
+fi
+AC_SUBST(GSSRPC__UNISTD_H)
+
+AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h],
+ [krb5_cv_header_sys_param_h_maxhostnamelen],
+ [AC_TRY_COMPILE([#include <sys/param.h>],
+ [int i = MAXHOSTNAMELEN;],
+ [krb5_cv_header_sys_param_h_maxhostnamelen=yes],
+ [krb5_cv_header_sys_param_h_maxhostnamelen=no])])
+AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h],
+ [krb5_cv_header_netdb_h_maxhostnamelen],
+ [AC_TRY_COMPILE([#include <netdb.h>],
+ [int i = MAXHOSTNAMELEN;],
+ [krb5_cv_header_netdb_h_maxhostnamelen=yes],
+ [krb5_cv_header_netdb_h_maxhostnamelen=no])])
+
+GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
+GSSRPC__NETDB_H='/* #include <netdb.h> */'
+if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
+ GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
+else
+ if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
+ GSSRPC__NETDB_H='#include <netdb.h>'
+ else
+ AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it])
+ fi
+fi
+AC_SUBST(GSSRPC__SYS_PARAM_H)
+AC_SUBST(GSSRPC__NETDB_H)
+
+AC_CACHE_CHECK([for uint32_t in sys/types.h],
+ [krb5_cv_header_sys_types_h_uint32_t],
+ [AC_TRY_COMPILE([#include <sys/types.h>],
+ [uint32_t i = 0;],
+ [krb5_cv_header_sys_types_h_uint32_t=yes],
+ [krb5_cv_header_sys_types_h_uint32_t=no])])
+AC_CACHE_CHECK([for uint32_t in stdint.h],
+ [krb5_cv_header_stdint_h_uint32_t],
+ [AC_TRY_COMPILE([#include <stdint.h>],
+ [uint32_t i = 0;],
+ [krb5_cv_header_stdint_h_uint32_t=yes],
+ [krb5_cv_header_stdint_h_uint32_t=no])])
+AC_CACHE_CHECK([for uint32_t in inttypes.h],
+ [krb5_cv_header_inttypes_h_uint32_t],
+ [AC_TRY_COMPILE([#include <inttypes.h>],
+ [uint32_t i = 0;],
+ [krb5_cv_header_inttypes_h_uint32_t=yes],
+ [krb5_cv_header_inttypes_h_uint32_t=no])])
+GSSRPC__STDINT_H='/* #include <stdint.h> */'
+GSSRPC__INTTYPES_H='/* #include <inttypes.h> */'
+GSSRPC__FAKE_UINT32='/* #undef GSSRPC__FAKE_INT32 */'
+if test $krb5_cv_header_sys_types_h_uint32_t = yes; then
+ : # already included sys/types.h
+else
+ if test $krb5_cv_header_stdint_h_uint32_t = yes; then
+ GSSRPC__STDINT_H='#include <stdint.h>'
+ else
+ if test $krb5_cv_header_inttypes_h_uint32_t = yes; then
+ GSSRPC__INTTYPES_H='#include <inttypes.h>'
+ else
+ AC_MSG_WARN([can't find a fixed-width 32-bit type anywhere; faking it])
+ GSSRPC__FAKE_UINT32='#define GSSRPC__FAKE_UINT32 1'
+ fi
+ fi
+fi
+AC_SUBST(GSSRPC__STDINT_H)
+AC_SUBST(GSSRPC__INTTYPES_H)
+AC_SUBST(GSSRPC__FAKE_UINT32)
+
+AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases],
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif],
+ [u_char c;
+u_int i;
+u_long l;], [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])])
+if test $krb5_cv_type_bsdaliases = yes; then
+ GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
+else
+ GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
+fi
+AC_SUBST(GSSRPC__BSD_TYPEALIASES)
+#
+# sockaddr length field checks
+#
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], , ,
+ [#include <sys/types.h>
+@%:@include <netinet/in.h>])
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], , ,
+ [#include <sys/types.h>
+@%:@include <sys/socket.h>])
+
+AC_MSG_CHECKING([return type of setrpcent])
+AC_CACHE_VAL(k5_cv_type_setrpcent,
+[AC_TRY_COMPILE([#include <netdb.h>
+#ifdef __cplusplus
+extern "C"
+#endif
+extern void setrpcent();],
+[int i;], k5_cv_type_setrpcent=void, k5_cv_type_setrpcent=int)])dnl
+AC_MSG_RESULT($k5_cv_type_setrpcent)
+AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
+dnl
+AC_MSG_CHECKING([return type of endrpcent])
+AC_CACHE_VAL(k5_cv_type_endrpcent,
+[AC_TRY_COMPILE([#include <netdb.h>
+#ifdef __cplusplus
+extern "C"
+#endif
+extern void endrpcent();],
+[int i;], k5_cv_type_endrpcent=void, k5_cv_type_endrpcent=int)])dnl
+AC_MSG_RESULT($k5_cv_type_endrpcent)
+AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
+K5_GEN_FILE(lib/rpc/types.h:lib/rpc/types.hin)
+changequote(<<, >>)
+case "$krb5_cv_host" in
+*-*-solaris2.[012345]*)
+ PASS=tcp
+ ;;
+*)
+ PASS="tcp udp"
+ ;;
+esac
+changequote([, ])
+AC_SUBST(PASS)
+dnl
+dnl
dnl Check for thread safety issues.
dnl (Is there a better place for this?)
dnl tsfuncs="getpwnam_r getpwuid_r gethostbyname_r getservbyname_r gmtime_r localtime_r"
if test "$SS_VERSION" = k5 ; then
AC_CONFIG_SUBDIRS(util/ss)
fi
-AC_CONFIG_SUBDIRS(lib/crypto lib/krb5 lib/des425 lib/apputils)
if test -n "$KRB4_LIB"; then
- AC_CONFIG_SUBDIRS(lib/krb4)
+ K5_GEN_MAKEFILE(lib/krb4)
fi
-AC_CONFIG_SUBDIRS(lib/gssapi lib/rpc lib/kadm5)
+dnl
+dnl
ldap_plugin_dir=""
ldap_lib=""
if test -n "$OPENLDAP_PLUGIN"; then
AC_CHECK_HEADERS(ldap.h lber.h)
+ if test $ac_cv_header_ldap_h = no || test $ac_cv_header_lber_h = no; then
+ AC_ERROR(OpenLDAP headers missing)
+ fi
AC_CONFIG_SUBDIRS(plugins/kdb/ldap/libkdb_ldap)
K5_GEN_MAKEFILE(plugins/kdb/ldap)
K5_GEN_MAKEFILE(plugins/kdb/ldap/ldap_util)
fi
AC_SUBST(ldap_plugin_dir)
-AC_CONFIG_SUBDIRS(kadmin plugins/kdb/db2 appl tests)
+AC_CONFIG_SUBDIRS(lib/apputils plugins/kdb/db2 appl tests)
dnl
-if true; then
+if false; then
AC_CHECK_HEADERS(Python.h python2.3/Python.h)
AC_CONFIG_SUBDIRS(plugins/locate/python)
fi
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
-V5_AC_OUTPUT_MAKEFILE(. util util/support util/profile util/send-pr lib lib/kdb kdc slave krb524 config-files gen-manpages include include/kerberosIV clients clients/klist clients/kinit clients/kvno clients/kdestroy clients/kpasswd clients/ksu)
+V5_AC_OUTPUT_MAKEFILE(.
+
+ util util/support util/profile util/send-pr
+
+ lib lib/des425 lib/kdb
+
+ lib/crypto lib/crypto/crc32 lib/crypto/des lib/crypto/dk
+ lib/crypto/enc_provider lib/crypto/hash_provider
+ lib/crypto/keyhash_provider lib/crypto/md4 lib/crypto/md5
+ lib/crypto/old lib/crypto/raw lib/crypto/sha1
+ lib/crypto/arcfour lib/crypto/yarrow lib/crypto/aes
+
+ lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
+ lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os
+
+ lib/gssapi lib/gssapi/generic lib/gssapi/krb5
+
+ lib/rpc lib/rpc/unit-test
+
+ lib/kadm5 lib/kadm5/clnt lib/kadm5/srv lib/kadm5/unit-test
+
+ kdc slave krb524 config-files gen-manpages include
+ include/kerberosIV
+
+ clients clients/klist clients/kinit clients/kvno
+ clients/kdestroy clients/kpasswd clients/ksu
+
+ kadmin kadmin/cli kadmin/dbutil kadmin/passwd
+ kadmin/passwd/unit-test kadmin/ktutil kadmin/server
+ kadmin/testing kadmin/testing/scripts kadmin/testing/util
+
+)
+/*
+ * <krb5/locate_plugin.h>
+ *
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Service location plugin definitions for Kerberos 5.
+ */
+
#ifndef KRB5_LOCATE_PLUGIN_H_INCLUDED
#define KRB5_LOCATE_PLUGIN_H_INCLUDED
#include <krb5/krb5.h>
#endif
#endif
+#if defined(__MACH__) && defined(__APPLE__)
+# include <TargetConditionals.h>
+#endif
+
#if defined(_WIN32)
#define DEFAULT_PROFILE_FILENAME "krb5.ini"
#define DEFAULT_LNAME_FILENAME "/aname"
#if TARGET_OS_MAC
#define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
#define DEFAULT_PROFILE_PATH ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH)
+#define KRB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
+#define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
#else
#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
#define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH
#else
#define DEFAULT_KDB_LIB_PATH { "@MODULEDIR/kdb", NULL }
#endif
-#define MODULE_PATH "@MODULEDIR"
#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1
#define KDCRCACHE "dfl:krb5kdc_rcache"
-thisconfigdir=.
+thisconfigdir=..
myfulldir=kadmin
-mydir=.
+mydir=kadmin
BUILDTOP=$(REL)..
LOCAL_SUBDIRS = cli dbutil passwd ktutil server testing
-thisconfigdir=./..
+thisconfigdir=../..
myfulldir=kadmin/cli
-mydir=cli
+mydir=kadmin/cli
BUILDTOP=$(REL)..$(S)..
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-AC_PROG_INSTALL
-AC_PROG_YACC
-AC_PROG_AWK
-AC_CHECK_HEADERS(unistd.h stdlib.h krb_db.h kdc.h regex.h alloca.h sys/time.h sys/select.h memory.h arpa/inet.h)
-AC_CHECK_FUNCS(ftime timezone getcwd strstr waitpid vsprintf)
-KRB5_AC_NEED_DAEMON
-AC_HEADER_TIME
-CHECK_SIGNALS
-CHECK_WAIT_TYPE
-CHECK_SETJMP
-KRB5_GETSOCKNAME_ARGS
-ath_compat=
-AC_ARG_ENABLE([athena],
-[ --enable-athena build with MIT Project Athena configuration],
-ath_compat=compat,)
-dnl
-dnl The following are tests for the presence of programs required for testing
-AC_CHECK_PROG(have_RUNTEST,runtest,runtest)
-AC_CHECK_PROG(have_PERL,perl,perl)
-AC_KRB5_TCL
-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
- DO_TEST=ok
-fi
-AC_SUBST(DO_TEST)
-dnl
-DO_V4_TEST=
-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then
- DO_V4_TEST=ok
-fi
-AC_SUBST(DO_V4_TEST)
-dnl
-dnl The following are substituted into testing/scripts/env-setup.sh
-RBUILD=`pwd`/..
-AC_SUBST(RBUILD)
-case "$srcdir" in
-/*)
- S_TOP=$srcdir/..
- ;;
-*)
- S_TOP=`pwd`/$srcdir/..
- ;;
-esac
-AC_SUBST(S_TOP)
-AC_PATH_PROG(PERL,perl)
-AC_PATH_PROG(EXPECT,expect)
-dnl
-KRB5_RUN_FLAGS
-dnl For testing/util/Makefile.in
-if test "$TCL_LIBS" != "" ; then
- DO_ALL=tcl
-fi
-AC_SUBST(DO_ALL)
-KRB5_BUILD_PROGRAM
-KRB5_AC_PRIOCNTL_HACK
-dnl
-K5_GEN_FILE(testing/scripts/env-setup.sh:testing/scripts/env-setup.shin)
-V5_AC_OUTPUT_MAKEFILE(. cli dbutil passwd passwd/unit-test ktutil server testing testing/scripts testing/util)
-thisconfigdir=./..
+thisconfigdir=../..
myfulldir=kadmin/dbutil
-mydir=dbutil
+mydir=kadmin/dbutil
BUILDTOP=$(REL)..$(S)..
DEFINES = -DKDB4_DISABLE
DEFS=
-thisconfigdir=./..
+thisconfigdir=../..
myfulldir=kadmin/ktutil
-mydir=ktutil
+mydir=kadmin/ktutil
BUILDTOP=$(REL)..$(S)..
LOCALINCLUDES = $(KRB4_INCLUDES)
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
-thisconfigdir=./..
+thisconfigdir=../..
myfulldir=kadmin/passwd
-mydir=passwd
+mydir=kadmin/passwd
BUILDTOP=$(REL)..$(S)..
LOCALINCLUDES = -I.
DEFINES = -DUSE_KADM5_API_VERSION=1
-thisconfigdir=./../..
+thisconfigdir=../../..
myfulldir=kadmin/passwd/unit-test
-mydir=passwd/unit-test
+mydir=kadmin/passwd/unit-test
BUILDTOP=$(REL)..$(S)..$(S)..
check unit-test:: unit-test-@DO_TEST@
-thisconfigdir=./..
+thisconfigdir=../..
myfulldir=kadmin/server
-mydir=server
+mydir=kadmin/server
BUILDTOP=$(REL)..$(S)..
KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
DEFS=
-thisconfigdir=./..
+thisconfigdir=../..
myfulldir=kadmin/testing
-mydir=testing
+mydir=kadmin/testing
BUILDTOP=$(REL)..$(S)..
LOCAL_SUBDIRS = scripts util
-thisconfigdir=./../..
+thisconfigdir=../../..
myfulldir=kadmin/testing/scripts
-mydir=testing/scripts
+mydir=kadmin/testing/scripts
BUILDTOP=$(REL)..$(S)..$(S)..
-PERL=@PERL@
+PERL_PATH=@PERL_PATH@
.SUFFIXES: .plin .pl
env-setup.stamp: $(srcdir)/env-setup.shin $(thisconfigdir)/config.status \
Makefile
cd $(thisconfigdir) && \
- CONFIG_FILES=./testing/scripts/env-setup.sh:./testing/scripts/env-setup.shin $(SHELL) \
+ CONFIG_FILES=$(mydir)/env-setup.sh:$(mydir)/env-setup.shin $(SHELL) \
config.status
chmod +x env-setup.sh
touch env-setup.stamp
.plin.pl:
-rm -f $@.tmp
- echo "#!$(PERL)" > $@.tmp
+ echo "#!$(PERL_PATH)" > $@.tmp
sed 1d $< >> $@.tmp
chmod +x $@.tmp
mv $@.tmp $@
-thisconfigdir=./../..
+thisconfigdir=../../..
myfulldir=kadmin/testing/util
-mydir=testing/util
+mydir=kadmin/testing/util
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/
# Force Tcl headers to use stdarg.h, because krb5 does too, and if
errout:
if (status) {
+ char * emsg = 0;
+ if (errcode)
+ emsg = krb5_get_error_message (kdc_context, errcode);
+
krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
ktypestr,
fromstring, status,
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
errcode ? ", " : "",
- errcode ? krb5_get_error_message (kdc_context, errcode) : "");
+ errcode ? emsg : "");
+ if (errcode)
+ krb5_free_error_message (kdc_context, emsg);
}
if (errcode) {
- if (status == 0)
+ int got_err = 0;
+ if (status == 0) {
status = krb5_get_error_message (kdc_context, errcode);
+ got_err = 1;
+ }
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
errcode = prepare_error_as(request, errcode, &e_data, response,
status);
+ if (got_err) {
+ krb5_free_error_message (kdc_context, status);
+ status = 0;
+ }
}
if (encrypting_key.contents)
sname ? sname : "<unknown server>",
enc_tkt_reply.transited.tr_contents.length,
enc_tkt_reply.transited.tr_contents.data);
- else
+ else {
+ char *emsg = krb5_get_error_message(kdc_context, errcode);
krb5_klog_syslog (LOG_ERR,
"unexpected error checking transit from '%s' to '%s' via '%.*s': %s",
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
enc_tkt_reply.transited.tr_contents.length,
enc_tkt_reply.transited.tr_contents.data,
- krb5_get_error_message(kdc_context, errcode));
+ emsg);
+ krb5_free_error_message(kdc_context, emsg);
+ }
} else
krb5_klog_syslog (LOG_INFO, "not checking transit path");
if (reject_bad_transit
cleanup:
if (status) {
+ char * emsg = NULL;
if (!errcode)
rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
+ if(errcode)
+ emsg = krb5_get_error_message (kdc_context, errcode);
krb5_klog_syslog(LOG_INFO,
"TGS_REQ (%s) %s: %s: authtime %d, "
"%s%s %s for %s%s%s",
cname ? cname : "<unknown client>",
sname ? sname : "<unknown server>",
errcode ? ", " : "",
- errcode ? krb5_get_error_message (kdc_context, errcode) : "");
+ errcode ? emsg : "");
+ if(errcode)
+ krb5_free_error_message (kdc_context, emsg);
}
if (errcode) {
- if (status == 0)
+ int got_err = 0;
+ if (status == 0) {
status = krb5_get_error_message (kdc_context, errcode);
+ got_err = 1;
+ }
errcode -= ERROR_TABLE_BASE_krb5;
if (errcode < 0 || errcode > 128)
errcode = KRB_ERR_GENERIC;
retval = prepare_error_tgs(request, header_ticket, errcode,
fromstring, response, status);
+ if (got_err) {
+ krb5_free_error_message (kdc_context, status);
+ status = 0;
+ }
}
if (header_ticket)
retval = pa_sys->verify_padata(context, client, request,
enc_tkt_reply, *padata);
if (retval) {
+ char * emsg = krb5_get_error_message (context, retval);
krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s",
- pa_sys->name,
- krb5_get_error_message (context, retval));
+ pa_sys->name, emsg);
+ krb5_free_error_message (context, emsg);
if (pa_sys->flags & PA_REQUIRED) {
pa_ok = 0;
break;
return 0;
if (!pa_found) {
- krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s",
- krb5_get_error_message(context, retval));
+ char *emsg = krb5_get_error_message(context, retval);
+ krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s", emsg);
+ krb5_free_error_message(context, emsg);
}
/* The following switch statement allows us
* to return some preauth system errors back to the client.
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/crypto
-mydir=.
+mydir=lib/crypto
BUILDTOP=$(REL)..$(S)..
LOCAL_SUBDIRS=crc32 des dk enc_provider hash_provider keyhash_provider \
md4 md5 old raw sha1 arcfour yarrow aes
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/aes
-mydir=aes
+mydir=lib/crypto/aes
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../dk
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/arcfour
-mydir=arcfour
+mydir=lib/crypto/arcfour
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../md4
DEFS=
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-
-AC_CHECK_HEADERS(memory.h unistd.h endian.h machine/endian.h)
-
-KRB5_RUN_FLAGS
-KRB5_BUILD_PROGRAM
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-
-V5_AC_OUTPUT_MAKEFILE(. crc32 des dk enc_provider hash_provider keyhash_provider md4 md5 old raw sha1 arcfour yarrow aes)
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/crc32
-mydir=crc32
+mydir=lib/crypto/crc32
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/des
-mydir=des
+mydir=lib/crypto/des
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/dk
-mydir=dk
+mydir=lib/crypto/dk
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/enc_provider
-mydir=enc_provider
+mydir=lib/crypto/enc_provider
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour -I$(srcdir)/../aes
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/hash_provider
-mydir=hash_provider
+mydir=lib/crypto/hash_provider
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/../crc32 -I$(srcdir)/../md4 \
-I$(srcdir)/../md5 -I$(srcdir)/../sha1
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/keyhash_provider
-mydir=keyhash_provider
+mydir=lib/crypto/keyhash_provider
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../md4 \
-I$(srcdir)/../md5 -I$(srcdir)/../arcfour \
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/md4
-mydir=md4
+mydir=lib/crypto/md4
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/md5
-mydir=md5
+mydir=lib/crypto/md5
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/old
-mydir=old
+mydir=lib/crypto/old
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/../des
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/raw
-mydir=raw
+mydir=lib/crypto/raw
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/sha1
-mydir=sha1
+mydir=lib/crypto/sha1
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/crypto/yarrow
-mydir=yarrow
+mydir=lib/crypto/yarrow
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../sha1 -I$(srcdir)/../enc_provider
DEFS=
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/des425
-mydir=.
+mydir=lib/des425
BUILDTOP=$(REL)..$(S)..
LOCALINCLUDES = -I$(srcdir)/../crypto/des -I$(srcdir)/../../include/kerberosIV
DEFS=
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-dnl
-KRB5_RUN_FLAGS
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-KRB5_BUILD_PROGRAM
-dnl
-V5_AC_OUTPUT_MAKEFILE
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/gssapi
-mydir=.
+mydir=lib/gssapi
BUILDTOP=$(REL)..$(S)..
LOCAL_SUBDIRS= generic krb5
DEFS=
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-AC_PROG_AWK
-AC_CHECK_HEADERS(stdlib.h sys/types.h limits.h memory.h)
-AC_CHECK_HEADER(stdint.h,[
- include_stdint='awk '\''END{printf("%cinclude <stdint.h>\n", 35);}'\'' < /dev/null'],
- include_stdint='echo "/* no stdint.h */"')
-AC_SUBST(include_stdint)
-AC_CHECK_HEADER(inttypes.h,[
- include_inttypes='awk '\''END{printf("%cinclude <inttypes.h>\n", 35);}'\'' < /dev/null'],
- include_inttypes='echo "/* no inttypes.h */"')
-AC_SUBST(include_inttypes)
-AC_CHECK_HEADER(xom.h,[
- include_xom='awk '\''END{printf("%cinclude <xom.h>\n", 35);}'\'' < /dev/null'], [
- include_xom='echo "/* no xom.h */"'])
-AC_SUBST(include_xom)
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-V5_AC_OUTPUT_MAKEFILE(. generic krb5)
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/gssapi/generic
-mydir=generic
+mydir=lib/gssapi/generic
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I. -I$(srcdir)
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/gssapi/krb5
-mydir=krb5
+mydir=lib/gssapi/krb5
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic
DEFS=
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/kadm5
-mydir=.
+mydir=lib/kadm5
BUILDTOP=$(REL)..$(S)..
LOCAL_SUBDIRS = clnt srv unit-test
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/kadm5/clnt
-mydir=clnt
+mydir=lib/kadm5/clnt
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
DEFS=
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-AC_PROG_LEX
-AC_PROG_AWK
-AC_CHECK_HEADERS(syslog.h memory.h)
-AC_CHECK_FUNCS(openlog syslog closelog strftime vsprintf)
-KRB5_AC_REGEX_FUNCS
-dnl The following are tests for the presence of programs required for testing
-AC_CHECK_PROG(RUNTEST,runtest,runtest)
-AC_CHECK_PROG(PERL,perl,perl)
-AC_CHECK_FUNCS(srand48 srand srandom)
-AC_KRB5_TCL
-if test "$PERL" = perl -a "$RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
- DO_TEST=ok
-fi
-AC_SUBST(DO_TEST)
-dnl
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-KRB5_BUILD_PROGRAM
-KRB5_AC_PRIOCNTL_HACK
-dnl
-V5_AC_OUTPUT_MAKEFILE(. clnt srv unit-test)
/* If reporting an error message, separate it. */
if (code) {
+ char *emsg;
outbuf[sizeof(outbuf) - 1] = '\0';
- strncat(outbuf, krb5_get_error_message (err_context, code), sizeof(outbuf) - 1 - strlen(outbuf));
+ emsg = krb5_get_error_message (err_context, code);
+ strncat(outbuf, emsg, sizeof(outbuf) - 1 - strlen(outbuf));
strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf));
+ krb5_free_error_message(err_context, emsg);
}
cp = &outbuf[strlen(outbuf)];
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/kadm5/srv
-mydir=srv
+mydir=lib/kadm5/srv
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5 \
-I$(SRCTOP)/lib/gssapi/krb5 -I$(SRCTOP)/lib/gssapi/generic \
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/kadm5/unit-test
-mydir=unit-test
+mydir=lib/kadm5/unit-test
BUILDTOP=$(REL)..$(S)..$(S)..
DEFINES = -DUSE_KADM5_API_VERSION=1
PROG_LIBPATH=-L$(TOPLIBD)
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/krb4
-mydir=.
+mydir=lib/krb4
BUILDTOP=$(REL)..$(S)..
LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I.
DEFINES= -DKRB4_USE_KEYTAB
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-AC_TYPE_MODE_T
-AC_TYPE_UID_T
-case $krb5_cv_host in
- *-apple-darwin*)
- KRB_ERR_TXT=
- KRB_ERR=
- KRB_ERR_C=krb_err.c
- ;;
- *)
- KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)'
- KRB_ERR_TXT=krb_err_txt.c
- KRB_ERR_C=
- ;;
-esac
-AC_SUBST([KRB_ERR_TXT])
-AC_SUBST([KRB_ERR])
-AC_SUBST([KRB_ERR_C])
-AC_PROG_AWK
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-V5_AC_OUTPUT_MAKEFILE
char *krb_stime(long *);
/* tf_util.c */
-int tf_save_cred(char *, char *, char *, C_Block, int , int, KTEXT, long);
+int tf_save_cred(char *, char *, char *, C_Block, int , int, KTEXT, KRB4_32);
+
/* unix_glue.c */
int krb_start_session(char *);
void krb4int_et_fini(void);
int krb4int_save_credentials_addr(
- char *, char *, char *, C_Block, int, int, KTEXT, long, KRB_UINT32);
+ char *, char *, char *, C_Block, int, int, KTEXT, KRB4_32, KRB_UINT32);
int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *,
struct sockaddr *, socklen_t *);
int lifetime; /* Lifetime */
int kvno; /* Key version number */
KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
+ KRB4_32 issue_date; /* The issue time */
KRB_UINT32 laddr;
{
CREDENTIALS cr;
int lifetime,
int kvno,
KTEXT ticket,
- long issue_date)
+ KRB4_32 issue_date)
{
return krb4int_save_credentials_addr(name, inst, realm, session,
lifetime, kvno, ticket,
int lifetime; /* Lifetime */
int kvno; /* Key version number */
KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
+ KRB4_32 issue_date; /* The issue time */
KRB_UINT32 local_addr;
{
int tf_status; /* return values of the tf_util calls */
{
return krb4int_save_credentials_addr(service, instance, realm,
session, lifetime, kvno,
- ticket, issue_date, 0);
+ ticket, (KRB4_32)issue_date, 0);
}
#include "k5-int.h"
#include "krb4int.h"
+
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <sys/shm.h>
#endif /* TKT_SHMEM */
+
+
#define TOO_BIG -1
#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before
* retry if ticket file is
#endif
#endif
+
+#ifdef K5_LE
+/* This was taken from jhutz's patch for heimdal krb4. It only
+ * applies to little endian systems. Big endian systems have a
+ * less elegant solution documented below.
+ *
+ * This record is written after every real ticket, to ensure that
+ * both 32- and 64-bit readers will perceive the next real ticket
+ * as starting in the same place. This record looks like a ticket
+ * with the following properties:
+ * Field 32-bit 64-bit
+ * ============ ================= =================
+ * sname "." "."
+ * sinst "" ""
+ * srealm ".." ".."
+ * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
+ * lifetime 0 0
+ * kvno 0 12
+ * ticket 12 nulls 4 nulls
+ * issue 0 0
+ *
+ * Our code always reads and writes the 32-bit format, but knows
+ * to skip 00000000 at the front of a record, and to completely
+ * ignore tickets for the special alignment principal.
+ */
+static unsigned char align_rec[] = {
+ 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x2e,
+ 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00,
+ 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00
+};
+
+#else /* Big Endian */
+
+/* These alignment records are for big endian systems. We need more
+ * of them because the portion of the 64-bit issue_date that overlaps
+ * with the start of a ticket on 32-bit systems contains an unpredictable
+ * number of NULL bytes. Preceeding these records is a second copy of the
+ * 32-bit issue_date. The srealm for the alignment records is always one of
+ * ".." or "?.."
+ */
+
+/* No NULL bytes
+ * This is actually two alignment records since both 32- and 64-bit
+ * readers will agree on everything in the first record up through the
+ * issue_date size, except where sname starts.
+ * Field (1) 32-bit 64-bit
+ * ============ ================= =================
+ * sname "????." "."
+ * sinst "" ""
+ * srealm ".." ".."
+ * session key 00000000 xxxxxxxx 00000000 xxxxxxxx
+ * lifetime 0 0
+ * kvno 0 0
+ * ticket 4 nulls 4 nulls
+ * issue 0 0
+ *
+ * Field (2) 32-bit 64-bit
+ * ============ ================= =================
+ * sname "." "."
+ * sinst "" ""
+ * srealm ".." ".."
+ * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
+ * lifetime 0 0
+ * kvno 0 12
+ * ticket 12 nulls 4 nulls
+ * issue 0 0
+ *
+ */
+static unsigned char align_rec_0[] = {
+ 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00,
+ 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x04,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+};
+
+/* One NULL byte
+ * Field 32-bit 64-bit
+ * ============ ================= =================
+ * sname "x" |"xx"|"xxx" "."
+ * sinst "xx."|"x."|"." ".."
+ * srealm ".." "..."
+ * session key 2E2E2E00 xxxxxxxx xxxxxxxx 00000000
+ * lifetime 0 0
+ * kvno 0 12
+ * ticket 12 nulls 4 nulls
+ * issue 0 0
+ */
+static unsigned char align_rec_1[] = {
+ 0x2e, 0x00, 0x2e, 0x2e, 0x00, 0x2e, 0x2e, 0x2e,
+ 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x0c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00
+};
+
+/* Two NULL bytes
+ * Field 32-bit 64-bit
+ * ============ ================= =================
+ * sname "x" |"x" |"xx" ".."
+ * sinst "" |"x" |"" ""
+ * srealm "x.."|".."|".." ".."
+ * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000
+ * lifetime 0 0
+ * kvno 0 12
+ * ticket 12 nulls 4 nulls
+ * issue 0 0
+ */
+ static unsigned char align_rec_2[] = {
+ 0x2e, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00,
+ 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* Three NULL bytes
+ * Things break here for 32-bit krb4 libraries that don't
+ * understand this alignment record. We can't really do
+ * anything about the fact that the three strings ended
+ * in the duplicate timestamp. The good news is that this
+ * only happens once every 0x1000000 seconds, once roughly
+ * every six and a half months. We'll live.
+ *
+ * Discussion on the krbdev list has suggested the
+ * issue_date be incremented by one in this case to avoid
+ * the problem. I'm leaving this here just in case.
+ *
+ * Field 32-bit 64-bit
+ * ============ ================= =================
+ * sname "" "."
+ * sinst "" ""
+ * srealm "" ".."
+ * session key 2E00002E 2E00FFFF xxxx0000 0000xxxx
+ * lifetime 0 0
+ * kvno 4294901760 917504
+ * ticket 14 nulls 4 nulls
+ * issue 0 0
+ */
+/*
+static unsigned char align_rec_3[] = {
+ 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+*/
+#endif /* K5_LE*/
+
/*
* fd must be initialized to something that won't ever occur as a real
* file descriptor. Since open(2) returns only non-negative numbers as
* int lifetime
* int kvno
* KTEXT_ST ticket_st
- * long issue_date
+ * KRB4_32 issue_date
*
* Strings are stored NUL-terminated, and read back until a NUL is
* found or the indicated number of bytes have been read. (So if you
* EOF - end of file encountered
*/
-int KRB5_CALLCONV tf_get_cred(c)
+static int real_tf_get_cred(c)
CREDENTIALS *c;
{
KTEXT ticket = &c->ticket_st; /* pointer to ticket */
int k_errno;
- long issue_date;
+ unsigned char nullbuf[3]; /* used for 64-bit issue_date tf compatibility */
if (fd < 0) {
if (krb_debug)
fprintf(stderr, "tf_get_cred called before tf_init.\n");
return TKT_FIL_INI;
}
- if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2)
+ if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) {
+
+#ifdef K5_BE
+ /* If we're big endian then we can have a null service name as part of
+ * an alignment record. */
+ if (k_errno < 2)
+ switch (k_errno) {
+ case TOO_BIG:
+ tf_close();
+ return TKT_FIL_FMT;
+ case 0:
+ return EOF;
+ }
+#else /* Little Endian */
+ /* If we read an empty service name, it's possible that's because
+ * the file was written by someone who thinks issue_date should be
+ * 64 bits. If that is the case, there will be three more zeros,
+ * followed by the real record.*/
+
+ if (k_errno == 1 &&
+ tf_read(nullbuf, 3) == 3 &&
+ !nullbuf[0] && !nullbuf[1] && !nullbuf[2])
+ k_errno = tf_gets(c->service, SNAME_SZ);
+
+ if (k_errno < 2)
switch (k_errno) {
case TOO_BIG:
case 1: /* can't be just a null */
case 0:
return EOF;
}
+#endif/*K5_BE*/
+
+ }
if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1)
switch (k_errno) {
case TOO_BIG:
case 0:
return EOF;
}
- if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2)
+ if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) {
switch (k_errno) {
case TOO_BIG:
case 1: /* can't be just a null */
case 0:
return EOF;
}
+ }
+
if (
tf_read((char *) (c->session), KEY_SZ) < 1 ||
tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 ||
/* don't try to read a silly amount into ticket->dat */
ticket->length > MAX_KTXT_LEN ||
tf_read((char *) (ticket->dat), ticket->length) < 1 ||
- tf_read((char *) &(issue_date), sizeof(issue_date)) < 1
+ tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1
) {
tf_close();
return TKT_FIL_FMT;
}
- c->issue_date = issue_date;
+
+#ifdef K5_BE
+ /* If the issue_date is 0 and we're not dealing with an alignment
+ record, then it's likely we've run into an issue_date written by
+ a 64-bit library that is using long instead of KRB4_32. Let's get
+ the next four bytes instead.
+ */
+ if (0 == c->issue_date) {
+ int len = strlen(c->realm);
+ if (!(2 == len && 0 == strcmp(c->realm, "..")) &&
+ !(3 == len && 0 == strcmp(c->realm + 1, ".."))) {
+ if (tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1) {
+ tf_close();
+ return TKT_FIL_FMT;
+ }
+ }
+ }
+
+#endif
+
+ return KSUCCESS;
+}
+
+int KRB5_CALLCONV tf_get_cred(c)
+ CREDENTIALS *c;
+{
+ int k_errno;
+ int fake;
+
+ do {
+ fake = 0;
+ k_errno = real_tf_get_cred(c);
+ if (k_errno)
+ return k_errno;
+
+#ifdef K5_BE
+ /* Here we're checking to see if the realm is one of the
+ * alignment record realms, ".." or "?..", so we can skip it.
+ * If it's not, then we need to verify that the service name
+ * was not null as this should be a valid ticket.
+ */
+ {
+ int len = strlen(c->realm);
+ if (2 == len && 0 == strcmp(c->realm, ".."))
+ fake = 1;
+ if (3 == len && 0 == strcmp(c->realm + 1, ".."))
+ fake = 1;
+ if (!fake && 0 == strlen(c->service)) {
+ tf_close();
+ return TKT_FIL_FMT;
+ }
+ }
+#else /* Little Endian */
+ /* Here we're checking to see if the service principal is the
+ * special alignment record principal ".@..", so we can skip it.
+ */
+ if (strcmp(c->service, ".") == 0 &&
+ strcmp(c->instance, "") == 0 &&
+ strcmp(c->realm, "..") == 0)
+ fake = 1;
+#endif/*K5_BE*/
+ } while (fake);
+
#ifdef TKT_SHMEM
memcpy(c->session, tmp_shm_addr, KEY_SZ);
tmp_shm_addr += KEY_SZ;
int lifetime; /* Lifetime */
int kvno; /* Key version number */
KTEXT ticket; /* The ticket itself */
- long issue_date; /* The issue time */
+ KRB4_32 issue_date; /* The issue time */
{
off_t lseek();
if (write(fd, (char *) (ticket->dat), count) != count)
goto bad;
/* Issue date */
- if (write(fd, (char *) &issue_date, sizeof(long))
- != sizeof(long))
+ if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
+ != sizeof(KRB4_32))
+ goto bad;
+ /* Alignment Record */
+#ifdef K5_BE
+ {
+ int null_bytes = 0;
+ if (0 == (issue_date & 0xff000000))
+ ++null_bytes;
+ if (0 == (issue_date & 0x00ff0000))
+ ++null_bytes;
+ if (0 == (issue_date & 0x0000ff00))
+ ++null_bytes;
+ if (0 == (issue_date & 0x000000ff))
+ ++null_bytes;
+
+ switch(null_bytes) {
+ case 0:
+ /* Issue date */
+ if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
+ != sizeof(KRB4_32))
+ goto bad;
+ if (write(fd, align_rec_0, sizeof(align_rec_0))
+ != sizeof(align_rec_0))
+ goto bad;
+ break;
+
+ case 1:
+ if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
+ != sizeof(KRB4_32))
+ goto bad;
+ if (write(fd, align_rec_1, sizeof(align_rec_1))
+ != sizeof(align_rec_1))
+ goto bad;
+ break;
+
+ case 3:
+ /* Three NULLS are troublesome but rare. We'll just pretend
+ * they don't exist by decrementing the issue_date.
+ */
+ --issue_date;
+ case 2:
+ if (write(fd, (char *) &issue_date, sizeof(KRB4_32))
+ != sizeof(KRB4_32))
+ goto bad;
+ if (write(fd, align_rec_2, sizeof(align_rec_2))
+ != sizeof(align_rec_2))
+ goto bad;
+ break;
+
+ default:
+ goto bad;
+ }
+
+ }
+#else
+ if (write(fd, align_rec, sizeof(align_rec)) != sizeof(align_rec))
goto bad;
+#endif
/* Actually, we should check each write for success */
return (KSUCCESS);
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/krb5
-mydir=.
+mydir=lib/krb5
BUILDTOP=$(REL)..$(S)..
LOCALINCLUDES = -I$(srcdir)/ccache -I$(srcdir)/keytab -I$(srcdir)/rcache -I$(srcdir)/os
LOCAL_SUBDIRS= error_tables asn.1 ccache keytab krb os rcache
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/asn.1
-mydir=asn.1
+mydir=lib/krb5/asn.1
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/ccache
-mydir=ccache
+mydir=lib/krb5/ccache
BUILDTOP=$(REL)..$(S)..$(S)..
LOCAL_SUBDIRS =
DEFS=
+++ /dev/null
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-AC_PROG_AWK
-dnl
-AC_C_CONST
-AC_TYPE_UID_T
-AC_TYPE_OFF_T
-dnl
-dnl
-KRB5_AC_REGEX_FUNCS
-KRB5_NEED_PROTO([#include <time.h>],strptime)
-dnl
-KRB5_SIGTYPE
-CHECK_SIGNALS
-KRB5_SOCKADDR_SA_LEN
-KRB5_GETPEERNAME_ARGS
-KRB5_GETSOCKNAME_ARGS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_PROGRAM
-KRB5_RUN_FLAGS
-dnl
-V5_AC_OUTPUT_MAKEFILE(. error_tables asn.1 ccache keytab krb rcache os)
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/error_tables
-mydir=error_tables
+mydir=lib/krb5/error_tables
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/keytab
-mydir=keytab
+mydir=lib/krb5/keytab
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/krb
-mydir=krb
+mydir=lib/krb5/krb
BUILDTOP=$(REL)..$(S)..$(S)..
RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/os
-mydir=os
+mydir=lib/krb5/os
BUILDTOP=$(REL)..$(S)..$(S)..
KRB5_RUN_ENV = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
-thisconfigdir=./..
+thisconfigdir=../../..
myfulldir=lib/krb5/rcache
-mydir=rcache
+mydir=lib/krb5/rcache
BUILDTOP=$(REL)..$(S)..$(S)..
DEFS=
-thisconfigdir=.
+thisconfigdir=../..
myfulldir=lib/rpc
-mydir=.
+mydir=lib/rpc
BUILDTOP=$(REL)..$(S)..
DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0 -DGSSRPC__IMPL
DEFS=
+SUBDIRS=unit-test
+
##DOSBUILDTOP = ..\..
##DOSLIBNAME=libgssrpc.lib
# makefile post-processing is unconditional and would trash the makefile.
types.h: types.stamp
types.stamp: $(srcdir)/types.hin config.status
- $(SHELL) config.status
+ cd $(thisconfigdir) && $(SHELL) config.status $(mydir)/types.h
touch types.stamp
clean-unix::
+++ /dev/null
-K5_AC_INIT(auth_gssapi.c)
-CONFIG_RULES
-AC_CONFIG_SUBDIRS(unit-test)
-AC_CHECK_HEADERS(sys/uio.h sys/param.h)
-AC_TYPE_GETGROUPS
-### Check where struct rpcent is declared.
-#
-# This is necessary to determine:
-# 1. If /usr/include/netdb.h declares struct rpcent
-# 2. If /usr/include/rpc/netdb.h declares struct rpcent
-#
-# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes
-# rpc/netdb.h, then nastiness could happen.
-#
-# Logic: If /usr/include/netdb.h declares struct rpcent, then check
-# rpc/netdb.h. If /usr/include/rpc/netdb.h declares struct rpcent,
-# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not. If
-# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define
-# STRUCT_RPCENT_IN_RPC_NETDB_H anyway.
-#
-AC_MSG_CHECKING([where struct rpcent is declared])
-AC_TRY_COMPILE([#include <netdb.h>],
-[struct rpcent e;
-char c = e.r_name[0];
-int i = e.r_number;],
-[AC_TRY_COMPILE([#include <rpc/netdb.h>],
-[struct rpcent e;
-char c = e.r_name[0];
-int i = e.r_number;],
-[AC_MSG_RESULT([rpc/netdb.h])
-rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'],
-[AC_MSG_RESULT([netdb.h])])],
-[AC_MSG_RESULT([nowhere])
-rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'])
-AC_SUBST(rpcent_define)
-
-AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h)
-if test $ac_cv_header_sys_select_h = yes; then
- GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
-else
- GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
-fi
-AC_SUBST(GSSRPC__SYS_SELECT_H)
-if test $ac_cv_header_sys_time_h = yes; then
- GSSRPC__SYS_TIME_H='#include <sys/time.h>'
-else
- GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
-fi
-AC_SUBST(GSSRPC__SYS_TIME_H)
-if test $ac_cv_header_unistd_h = yes; then
- GSSRPC__UNISTD_H='#include <unistd.h>'
-else
- GSSRPC__UNISTD_H='/* #include <unistd.h> */'
-fi
-AC_SUBST(GSSRPC__UNISTD_H)
-
-AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h],
- [krb5_cv_header_sys_param_h_maxhostnamelen],
- [AC_TRY_COMPILE([#include <sys/param.h>],
- [int i = MAXHOSTNAMELEN;],
- [krb5_cv_header_sys_param_h_maxhostnamelen=yes],
- [krb5_cv_header_sys_param_h_maxhostnamelen=no])])
-AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h],
- [krb5_cv_header_netdb_h_maxhostnamelen],
- [AC_TRY_COMPILE([#include <netdb.h>],
- [int i = MAXHOSTNAMELEN;],
- [krb5_cv_header_netdb_h_maxhostnamelen=yes],
- [krb5_cv_header_netdb_h_maxhostnamelen=no])])
-
-GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
-GSSRPC__NETDB_H='/* #include <netdb.h> */'
-if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
- GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
-else
- if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
- GSSRPC__NETDB_H='#include <netdb.h>'
- else
- AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it])
- fi
-fi
-AC_SUBST(GSSRPC__SYS_PARAM_H)
-AC_SUBST(GSSRPC__NETDB_H)
-
-AC_CACHE_CHECK([for uint32_t in sys/types.h],
- [krb5_cv_header_sys_types_h_uint32_t],
- [AC_TRY_COMPILE([#include <sys/types.h>],
- [uint32_t i = 0;],
- [krb5_cv_header_sys_types_h_uint32_t=yes],
- [krb5_cv_header_sys_types_h_uint32_t=no])])
-AC_CACHE_CHECK([for uint32_t in stdint.h],
- [krb5_cv_header_stdint_h_uint32_t],
- [AC_TRY_COMPILE([#include <stdint.h>],
- [uint32_t i = 0;],
- [krb5_cv_header_stdint_h_uint32_t=yes],
- [krb5_cv_header_stdint_h_uint32_t=no])])
-AC_CACHE_CHECK([for uint32_t in inttypes.h],
- [krb5_cv_header_inttypes_h_uint32_t],
- [AC_TRY_COMPILE([#include <inttypes.h>],
- [uint32_t i = 0;],
- [krb5_cv_header_inttypes_h_uint32_t=yes],
- [krb5_cv_header_inttypes_h_uint32_t=no])])
-GSSRPC__STDINT_H='/* #include <stdint.h> */'
-GSSRPC__INTTYPES_H='/* #include <inttypes.h> */'
-GSSRPC__FAKE_UINT32='/* #undef GSSRPC__FAKE_INT32 */'
-if test $krb5_cv_header_sys_types_h_uint32_t = yes; then
- : # already included sys/types.h
-else
- if test $krb5_cv_header_stdint_h_uint32_t = yes; then
- GSSRPC__STDINT_H='#include <stdint.h>'
- else
- if test $krb5_cv_header_inttypes_h_uint32_t = yes; then
- GSSRPC__INTTYPES_H='#include <inttypes.h>'
- else
- AC_MSG_WARN([can't find a fixed-width 32-bit type anywhere; faking it])
- GSSRPC__FAKE_UINT32='#define GSSRPC__FAKE_UINT32 1'
- fi
- fi
-fi
-AC_SUBST(GSSRPC__STDINT_H)
-AC_SUBST(GSSRPC__INTTYPES_H)
-AC_SUBST(GSSRPC__FAKE_UINT32)
-
-AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases],
- [AC_TRY_COMPILE(
- [#include <sys/types.h>
-#if HAVE_UNISTD_H
-#include <unistd.h>
-#endif],
- [u_char c;
-u_int i;
-u_long l;], [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])])
-if test $krb5_cv_type_bsdaliases = yes; then
- GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
-else
- GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
-fi
-AC_SUBST(GSSRPC__BSD_TYPEALIASES)
-
-AC_CHECK_FUNCS(strerror)
-#
-# sockaddr length field checks
-#
-AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], , ,
- [#include <sys/types.h>
-@%:@include <netinet/in.h>])
-AC_CHECK_MEMBERS([struct sockaddr.sa_len], , ,
- [#include <sys/types.h>
-@%:@include <sys/socket.h>])
-
-AC_MSG_CHECKING([return type of setrpcent])
-AC_CACHE_VAL(k5_cv_type_setrpcent,
-[AC_TRY_COMPILE([#include <netdb.h>
-#ifdef __cplusplus
-extern "C"
-#endif
-extern void setrpcent();],
-[int i;], k5_cv_type_setrpcent=void, k5_cv_type_setrpcent=int)])dnl
-AC_MSG_RESULT($k5_cv_type_setrpcent)
-AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
-dnl
-AC_MSG_CHECKING([return type of endrpcent])
-AC_CACHE_VAL(k5_cv_type_endrpcent,
-[AC_TRY_COMPILE([#include <netdb.h>
-#ifdef __cplusplus
-extern "C"
-#endif
-extern void endrpcent();],
-[int i;], k5_cv_type_endrpcent=void, k5_cv_type_endrpcent=int)])dnl
-AC_MSG_RESULT($k5_cv_type_endrpcent)
-AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
-DECLARE_SYS_ERRLIST
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_LIBRARY_WITH_DEPS
-K5_GEN_FILE(types.h:types.hin)
-V5_AC_OUTPUT_MAKEFILE
-thisconfigdir=.
+thisconfigdir=../../..
myfulldir=lib/rpc/unit-test
-mydir=.
+mydir=lib/rpc/unit-test
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I.
PROG_LIBPATH=-L$(TOPLIBD)
+++ /dev/null
-K5_AC_INIT(client.c)
-CONFIG_RULES
-dnl sets $(krb5_cv_host)
-KRB5_BUILD_PROGRAM
-dnl
-AC_CHECK_HEADERS(unistd.h)
-dnl The following are tests for the presence of programs required for testing
-AC_CHECK_PROG(RUNTEST,runtest,runtest)
-AC_CHECK_PROG(PERL,perl,perl)
-AC_KRB5_TCL
-if test "$PERL" = perl -a "$RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
- DO_TEST=ok
-fi
-AC_SUBST(DO_TEST)
-changequote(<<, >>)
-case "$krb5_cv_host" in
-*-*-solaris2.[012345]*)
- PASS=tcp
- ;;
-*)
- PASS="tcp udp"
- ;;
-esac
-changequote([, ])
-AC_SUBST(PASS)
-dnl
-CHECK_SIGNALS
-KRB5_AC_PRIOCNTL_HACK
-V5_AC_OUTPUT_MAKEFILE
#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 5
#define KRB5_PATCHLEVEL 0
-#define KRB5_RELTAIL "prerelease"
+#define KRB5_RELTAIL "alpha1-postrelease"
/* #undef KRB5_RELDATE */
/* #undef KRB5_RELTAG */
void **newp = NULL;
count++;
- newp = realloc (p, ((count + 1) + sizeof (*p))); /* +1 for NULL */
+ newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
if (newp == NULL) {
err = errno;
} else {
void (**newp)() = NULL;
count++;
- newp = realloc (p, ((count + 1) + sizeof (*p))); /* +1 for NULL */
+ newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
if (newp == NULL) {
err = errno;
} else {
projects / thirdparty / krb5.git / commitdiff
