From: Marc Horowitz Date: Sat, 24 Oct 1998 05:32:37 +0000 (+0000) Subject: merge in from mainline X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2e95463e9169d387794231183075ca49f9e6510;p=thirdparty%2Fkrb5.git merge in from mainline git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10991 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/ChangeLog b/src/ChangeLog index eb86f7c006..409a200cbf 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -4,6 +4,12 @@ Wed Sep 23 15:24:44 1998 Tom Yu moving the explicit resetting of DEPLIB=$SHLIBEXT and forcing SHLIBEXT=.so-nobuild to avoid duplicate rules on AIX and such. +1998-08-24 Theodore Ts'o + + * Makefile.in: Add support to build the lib/krb5/ccache api + directory and include it in the Windows kerbsrc-nt.zip + file. + Wed Aug 19 20:14:31 1998 Tom Yu * aclocal.m4 (KRB5_LIB_AUX): Back out Sam's change to reorder the diff --git a/src/Makefile.in b/src/Makefile.in index 6eac49a450..2c108b4a0a 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -141,6 +141,7 @@ config-windows:: makefile-windows ##DOS## lib\krb5\ccache\file\makefile \ ##DOS## lib\krb5\ccache\stdio\makefile \ ##DOS## lib\krb5\ccache\memory\makefile \ +##DOS## lib\krb5\ccache\ccapi\makefile \ ##DOS## lib\krb5\error_tables\makefile \ ##DOS## lib\krb5\keytab\makefile \ ##DOS## lib\krb5\keytab\file\makefile lib\krb5\krb\makefile \ @@ -207,6 +208,8 @@ config-windows:: makefile-windows ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\ccache\memory\makefile: lib\krb5\ccache\memory\makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ +##DOS##lib\krb5\ccache\ccapi\makefile: lib\krb5\ccache\ccapi\makefile.in $(MKFDEP) +##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\error_tables\makefile: lib\krb5\error_tables\makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\keytab\makefile: lib\krb5\keytab\makefile.in $(MKFDEP) @@ -285,7 +288,8 @@ FILES= ./* \ lib/gssapi/mechglue/* lib/krb4/* \ lib/krb5/* lib/krb5/asn.1/* lib/krb5/krb/* \ lib/krb5/ccache/* lib/krb5/ccache/file/* lib/krb5/ccache/memory/* \ - lib/krb5/ccache/stdio/* lib/krb5/error_tables/* \ + lib/krb5/ccache/stdio/* lib/krb5/ccache/ccapi/* \ + lib/krb5/error_tables/* \ lib/krb5/keytab/* lib/krb5/keytab/file/* \ lib/krb5/os/* lib/krb5/posix/* lib/krb5/rcache/* \ util/et/* util/profile/* @@ -293,8 +297,7 @@ FILES= ./* \ WINFILES= util/windows/* windows/* windows/lib/* windows/cns/* \ windows/wintel/* windows/gss/* windows/gina/* -MACFILES= mac/* mac/kconfig/* mac/libraries/* mac/telnet-k5-auth/* \ - mac/gss-sample/* mac/SAP/* config/* include/* \ +MACFILES= mac/* mac/kconfig/* mac/libraries/* config/* include/* \ include/krb5/* include/krb5/stock/* include/sys/* \ ./patchlevel.h diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 53213697ef..c575e07f0e 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,7 +1,28 @@ +1998-10-06 Theodore Ts'o + + * krshd.c (doit): Apply ghudson's patch so that rshd passes the + port numbers for the local and foreign addresses so that + the V4 encrypted RCP will work correctly. [krb5-appl/638] + * v4rcp.c (answer_auth): Apply ghudson's patch so that if + KRB5LOCALPORT and KRB5REMOTEPORT are set, use them to set + the foreign and local ports so that encrypted rcp for the + same machine. [krb5-appl/638] + Tue Aug 18 16:48:02 1998 Tom Yu * krlogin.c: Add for FIONREAD. +Sat Aug 15 00:01:15 1998 Geoffrey King + + * krcp.c (error): Don't call rcmd_stream_write if iamremote is not + set, because it expects a valid file descriptor [krb5-appl/359]. + Also, remove mistakenly duplicated comment above the function. + +Mon Jul 27 00:06:20 1998 Geoffrey King + + * krlogin.c (main): Apply ghudson's patch so that rlogin -a + no longer dumps core. [krb5-appl/612] + Sun Jul 26 23:46:36 1998 Sam Hartman * login.c (main): Allow krb524 conversion for forwarded tickets diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index 1a1a862ddb..967014579f 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -1134,12 +1134,6 @@ struct buffer *allocbuf(bp, fd, blksize) return (bp); } - - -/* This function is mostly vestigial, since under normal operation - * the -x flag doesn't get set for the server process for encrypted - * rcp. It only gets called by beta clients attempting user-to-user - * authentication. */ void #ifdef HAVE_STDARG_H error(char *fmt, ...) @@ -1164,8 +1158,9 @@ error(fmt, va_alist) (void) vsprintf(cp, fmt, ap); va_end(ap); - (void) rcmd_stream_write(rem, buf, strlen(buf)); - if (iamremote == 0) + if (iamremote) + (void) rcmd_stream_write(rem, buf, strlen(buf)); + else (void) write(2, buf+1, strlen(buf+1)); } @@ -1255,8 +1250,6 @@ char **save_argv(argc, argv) #endif - - /* This function is mostly vestigial, since under normal operation * the -x flag doesn't get set for the server process for encrypted * rcp. It only gets called by beta clients attempting user-to-user diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index 4ad2ff5dfb..b04f13a2a8 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -575,7 +575,7 @@ main(argc, argv) authopts |= OPTS_FORWARDABLE_CREDS; status = kcmd(&sock, &host, debug_port, - null_local_username ? NULL : pwd->pw_name, + null_local_username ? "" : pwd->pw_name, name ? name : pwd->pw_name, term, 0, "host", krb_realm, &cred, @@ -589,7 +589,7 @@ main(argc, argv) #ifdef KRB5_KRB4_COMPAT fprintf(stderr, "Trying krb4 rlogin...\n"); status = k4cmd(&sock, &host, debug_port, - null_local_username ? NULL : pwd->pw_name, + null_local_username ? "" : pwd->pw_name, name ? name : pwd->pw_name, term, 0, &v4_ticket, "rcmd", krb_realm, &v4_cred, v4_schedule, &v4_msg_data, &local, &foreign, @@ -620,10 +620,10 @@ main(argc, argv) #else rem = rcmd(&host, debug_port, - null_local_username ? NULL : pwd->pw_name, + null_local_username ? "" : pwd->pw_name, name ? name : pwd->pw_name, term, 0); #endif /* KERBEROS */ - + if (rem < 0) exit(1); diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 164dd6d55b..6f9468e801 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -443,8 +443,10 @@ char term[64] = "TERM=network"; char path_rest[] = RPATH; char remote_addr[64]; /* = "KRB5REMOTEADDR=" */ +char remote_port[64]; /* = "KRB5REMOTEPORT=" */ char local_addr[64]; /* = "KRB5LOCALADDR=" */ -#define ADDRPAD 0,0 /* remoteaddr, localaddr */ +char local_port[64]; /* = "KRB5LOCALPORT=" */ +#define ADDRPAD 0,0,0,0 #define KRBPAD 0 /* KRB5CCNAME, optional */ /* The following include extra space for TZ and MAXENV pointers... */ @@ -1348,14 +1350,22 @@ if(port) { int i; - /* these two are covered by ADDRPAD */ + /* these four are covered by ADDRPAD */ sprintf(local_addr, "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr)); for (i = 0; envinit[i]; i++); envinit[i] =local_addr; + sprintf(local_port, "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port)); + for (; envinit[i]; i++); + envinit[i] =local_port; + sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr)); for (; envinit[i]; i++); envinit[i] =remote_addr; + + sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port)); + for (; envinit[i]; i++); + envinit[i] =remote_port; } /* If we do anything else, make sure there is space in the array. */ diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 4ddef36da2..36754deadc 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -1003,7 +1003,10 @@ answer_auth() local.sin_addr.s_addr = inet_addr(envaddr); #endif local.sin_family = AF_INET; - local.sin_port = 0; + if (envaddr = getenv("KRB5LOCALPORT")) + local.sin_port = htons(atoi(envaddr)); + else + local.sin_port = 0; } else { fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n"); exit(1); @@ -1015,7 +1018,10 @@ answer_auth() foreign.sin_addr.s_addr = inet_addr(envaddr); #endif foreign.sin_family = AF_INET; - foreign.sin_port = 0; + if (envaddr = getenv("KRB5REMOTEPORT")) + foreign.sin_port = htons(atoi(envaddr)); + else + foreign.sin_port = 0; } else { fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n"); exit(1); diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 2bad1481db..786283c9c4 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,46 @@ +Fri Oct 2 16:16:13 1998 Theodore Y. Ts'o + + * cmdtab.c: Update help message for passive mode so that it + indicates that the "passive" command toggles passive mode. + + * main.c (main): Make passive mode off by default. + +Fri Aug 28 18:46:35 1998 Geoffrey King + + * cmds.c (user): Replace "oldlevel" with the more descriptive + "oldclevel". Also, replace all occurrences of "dlevel" in this + function with "clevel". + + * ftp.c (login): Test whether or not the server actually requires + "PASS dummy" by first sending "PWD" and checking the return value. + +Wed Aug 12 02:26:26 1998 Geoffrey King + + * ftp.c, cmds.c, cmdtab.c, main.c, secure.c, ftp_var.h: Replace + global variable level with separate variables clevel and dlevel + for the control channel and data channel protection levels, + respectively, so that the user may specify separate protection + levels for each channel. Similarly, functions such as getlevel + and setlevel are now getclevel/getdlevel, and setclevel/setdlevel. + + * cmdtab.c: Add new FTP commands "cprotect" to allow the user to + set the control channel protection level (similar to "protect"), + and "ccc" (Clear Command Channel) which sets the control channel + protection level to clear (per the RFC). + +Fri Aug 7 22:39:47 1998 Matthew D Hancher + + * ftp.c (do_auth): Make verbosity not disappear if GSSAPI fails. + (getreply): Move 'S:' and 'P:' from verbose to debug. + +Fri Aug 7 11:45:17 1998 Tom Yu + + * ftp.c (getreply): Restore proper setting of safe. This variable + was previously being set to the value of code rather than to the + boolean expression (code == 631), which it had been previously. + The bug resulted in all replies from the server being parsed as + krb_safe messages even when they were krb_priv messages. + 1998-05-06 Theodore Ts'o * radix.c (argv): POSIX states that getopt returns -1 when it diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index 81e6fee1ce..4d1a8206ab 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -160,7 +160,7 @@ setpeer(argc, argv) /* * Set up defaults for FTP. */ - level = PROT_C; + clevel = dlevel = PROT_C; type = TYPE_A; curtype = TYPE_A; form = FORM_N; @@ -169,15 +169,17 @@ setpeer(argc, argv) (void) strcpy(bytename, "8"), bytesize = 8; if (autoauth) { if (do_auth() && autoencrypt) { + clevel = PROT_P; setpbsz(1<<20); if (command("PROT P") == COMPLETE) - level = PROT_P; + dlevel = PROT_P; else fprintf(stderr, "ftp: couldn't enable encryption\n"); } - + if(auth_type && clevel == PROT_C) + clevel = PROT_S; if(autologin) - (void) login(argv[1]); + (void) login(argv[1]); } #ifndef unix @@ -259,18 +261,85 @@ struct levels { }; char * -getlevel() +getclevel() { register struct levels *p; - for (p = levels; p->p_level != level; p++); + for (p = levels; p->p_level != clevel; p++); return(p->p_name); } +char * +getdlevel() +{ + register struct levels *p; + + for (p = levels; p->p_level != dlevel; p++); + return(p->p_name); +} + +char *plevel[] = { + "protect", + "", + 0 +}; + +/* + * Set control channel protection level. + */ +setclevel(argc, argv) + char *argv[]; +{ + register struct levels *p; + int comret; + + if (argc > 2) { + char *sep; + + printf("usage: %s [", argv[0]); + sep = " "; + for (p = levels; p->p_name; p++) { + printf("%s%s", sep, p->p_name); + if (*sep == ' ') + sep = " | "; + } + printf(" ]\n"); + code = -1; + return; + } + if (argc < 2) { + printf("Using %s protection level for commands.\n", + getclevel()); + code = 0; + return; + } + for (p = levels; p->p_name; p++) + if (strcmp(argv[1], p->p_name) == 0) + break; + if (p->p_name == 0) { + printf("%s: unknown protection level\n", argv[1]); + code = -1; + return; + } + if (!auth_type) { + if (strcmp(p->p_name, "clear")) + printf("Cannot set protection level to %s\n", argv[1]); + return; + } + if (!strcmp(p->p_name, "clear")) { + comret = command("CCC"); + if (comret == COMPLETE) + clevel = PROT_C; + return; + } + clevel = p->p_level; + printf("Control channel protection level set to %s.\n", p->p_name); +} + /* - * Set protection level. + * Set data channel protection level. */ -setlevel(argc, argv) +setdlevel(argc, argv) char *argv[]; { register struct levels *p; @@ -292,7 +361,7 @@ setlevel(argc, argv) } if (argc < 2) { printf("Using %s protection level to transfer files.\n", - getlevel()); + getdlevel()); code = 0; return; } @@ -313,44 +382,49 @@ setlevel(argc, argv) if (p->p_level != PROT_C) setpbsz(1<<20); comret = command("PROT %s", p->p_mode); if (comret == COMPLETE) - level = p->p_level; + dlevel = p->p_level; } -char *plevel[] = { - "protect", - "", - 0 -}; /* - * Set clear protection level. + * Set clear command protection level. + */ +/*VARARGS*/ +ccc() +{ + plevel[1] = "clear"; + setclevel(2, plevel); +} + +/* + * Set clear data protection level. */ /*VARARGS*/ setclear() { plevel[1] = "clear"; - setlevel(2, plevel); + setdlevel(2, plevel); } /* - * Set safe protection level. + * Set safe data protection level. */ /*VARARGS*/ setsafe() { plevel[1] = "safe"; - setlevel(2, plevel); + setdlevel(2, plevel); } #ifndef NOENCRYPTION /* - * Set private protection level. + * Set private data protection level. */ /*VARARGS*/ setprivate() { plevel[1] = "private"; - setlevel(2, plevel); + setdlevel(2, plevel); } #endif @@ -1021,7 +1095,8 @@ cstatus() printf("Connected %sto %s.\n", proxy ? "for proxy commands " : "", hostname); if (auth_type) printf("Authentication type: %s\n", auth_type); - printf("Protection Level: %s\n", getlevel()); + printf("Control Channel Protection Level: %s\n", getclevel()); + printf("Data Channel Protection Level: %s\n", getdlevel()); printf("Passive mode %s\n", onoff(passivemode)); printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n", getmode(), gettype(), getform(), getstruct()); @@ -1489,17 +1564,17 @@ user(argc, argv) n = command("PASS dummy"); else if (n == CONTINUE) { #ifndef NOENCRYPTION - int oldlevel; + int oldclevel; #endif - if (argc < 3 ) + if (argc < 3) argv[2] = mygetpass("Password: "), argc++; #ifndef NOENCRYPTION - if ((oldlevel = level) == PROT_S) level = PROT_P; + if ((oldclevel = clevel) == PROT_S) clevel = PROT_P; #endif n = command("PASS %s", argv[2]); #ifndef NOENCRYPTION /* level may have changed */ - if (level == PROT_P) level = oldlevel; + if (clevel == PROT_P) clevel = oldclevel; #endif } if (n == CONTINUE) { @@ -1730,7 +1805,7 @@ disconnect() macnum = 0; } auth_type = NULL; - level = PROT_C; + dlevel = PROT_C; } confirm(cmd, file) diff --git a/src/appl/gssftp/ftp/cmdtab.c b/src/appl/gssftp/ftp/cmdtab.c index f20660cac8..de572996f1 100644 --- a/src/appl/gssftp/ftp/cmdtab.c +++ b/src/appl/gssftp/ftp/cmdtab.c @@ -45,7 +45,7 @@ int setascii(), setbell(), setbinary(), setdebug(), setform(); int setglob(), sethash(), setmode(), setpeer(), setport(); int setprompt(), setstruct(); int settenex(), settrace(), settype(), setverbose(); -int setlevel(), setclear(), setsafe(); +int setclevel(), setdlevel(), setclear(), setsafe(), ccc(); #ifndef NOENCRYPTION int setprivate(); #endif @@ -69,6 +69,7 @@ char asciihelp[] = "set ascii transfer type"; char beephelp[] = "beep when command completed"; char binaryhelp[] = "set binary transfer type"; char casehelp[] = "toggle mget upper/lower case id mapping"; +char ccchelp[] = "set clear protection level for commands"; char cdhelp[] = "change remote working directory"; char cduphelp[] = "change remote working directory to parent directory"; char chmodhelp[] = "change file permissions of remote file"; @@ -87,6 +88,7 @@ char helphelp[] = "print local help information"; char idlehelp[] = "get (set) idle timer on remote side"; char lcdhelp[] = "change local working directory"; char levelhelp[] = "set protection level for file transfer"; +char clevelhelp[] = "set protection level for commands"; char lshelp[] = "list contents of remote directory"; char macdefhelp[] = "define a macro"; char mdeletehelp[] = "delete multiple files"; @@ -135,7 +137,7 @@ char umaskhelp[] = "get (set) umask on remote side"; char userhelp[] = "send new user information"; char verbosehelp[] = "toggle verbose mode"; #ifndef NO_PASSIVE_MODE -char setpassivehelp[] = "enter passive transfer mode"; +char setpassivehelp[] = "toggle passive transfer mode"; #endif struct cmd cmdtab[] = { @@ -148,11 +150,13 @@ struct cmd cmdtab[] = { { "binary", binaryhelp, 0, 1, 1, setbinary }, { "bye", quithelp, 0, 0, 0, quit }, { "case", casehelp, 0, 0, 1, setcase }, + { "ccc", ccchelp, 0, 1, 1, ccc }, { "cd", cdhelp, 0, 1, 1, cd }, { "cdup", cduphelp, 0, 1, 1, cdup }, { "chmod", chmodhelp, 0, 1, 1, do_chmod }, { "clear", clearhelp, 0, 1, 1, setclear }, { "close", disconhelp, 0, 1, 1, disconnect }, + { "cprotect", clevelhelp, 0, 1, 1, setclevel }, { "cr", crhelp, 0, 0, 0, setcr }, { "delete", deletehelp, 0, 1, 1, delete_file }, { "debug", debughelp, 0, 0, 0, setdebug }, @@ -188,7 +192,7 @@ struct cmd cmdtab[] = { { "private", privatehelp, 0, 1, 1, setprivate }, #endif { "prompt", prompthelp, 0, 0, 0, setprompt }, - { "protect", levelhelp, 0, 1, 1, setlevel }, + { "protect", levelhelp, 0, 1, 1, setdlevel }, { "proxy", proxyhelp, 0, 0, 1, doproxy }, { "sendport", porthelp, 0, 0, 0, setport }, { "put", sendhelp, 1, 1, 1, put }, @@ -223,3 +227,4 @@ struct cmd cmdtab[] = { }; int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1; + diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index 5c09718356..0c2da64944 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -291,22 +291,32 @@ login(host) user = tmp; } n = command("USER %s", user); - if (n == COMPLETE) - n = command("PASS dummy"); + if (n == COMPLETE) { + /* determine if we need to send a dummy password */ + int oldverbose = verbose; + + verbose = 0; + if (command("PWD") != COMPLETE) { + verbose = oldverbose; + command("PASS dummy"); + } else { + verbose = oldverbose; + } + } else if (n == CONTINUE) { #ifndef NOENCRYPTION - int oldlevel; + int oldclevel; #endif if (pass == NULL) pass = mygetpass("Password:"); #ifndef NOENCRYPTION - oldlevel = level; - level = PROT_P; + oldclevel = clevel; + clevel = PROT_P; #endif n = command("PASS %s", pass); #ifndef NOENCRYPTION /* level may have changed */ - if (level == PROT_P) level = oldlevel; + if (clevel == PROT_P) clevel = oldclevel; #endif } if (n == CONTINUE) { @@ -352,14 +362,10 @@ secure_command(cmd) char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; int length; - if (auth_type) { - /* - * File protection level also determines whether - * commands are MIC or ENC. Should be independent ... - */ + if (auth_type && clevel != PROT_C) { #ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, "KERBEROS_V4") == 0) - if ((length = level == PROT_P ? + if ((length = clevel == PROT_P ? krb_mk_priv((unsigned char *)cmd, (unsigned char *)out, strlen(cmd), schedule, &cred.session, &myctladdr, &hisctladdr) @@ -367,7 +373,7 @@ secure_command(cmd) strlen(cmd), &cred.session, &myctladdr, &hisctladdr)) == -1) { fprintf(stderr, "krb_mk_%s failed for KERBEROS_V4\n", - level == PROT_P ? "priv" : "safe"); + clevel == PROT_P ? "priv" : "safe"); return(0); } #endif /* KRB5_KRB4_COMPAT */ @@ -377,27 +383,27 @@ secure_command(cmd) gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; -/* level = PROT_P; */ +/* clevel = PROT_P; */ in_buf.value = cmd; in_buf.length = strlen(cmd) + 1; maj_stat = gss_seal(&min_stat, gcontext, - (level==PROT_P), /* confidential */ + (clevel==PROT_P), /* private */ GSS_C_QOP_DEFAULT, &in_buf, &conf_state, &out_buf); if (maj_stat != GSS_S_COMPLETE) { /* generally need to deal */ user_gss_error(maj_stat, min_stat, - (level==PROT_P)? + (clevel==PROT_P)? "gss_seal ENC didn't complete": "gss_seal MIC didn't complete"); - } else if ((level == PROT_P) && !conf_state) { + } else if ((clevel == PROT_P) && !conf_state) { fprintf(stderr, "GSSAPI didn't encrypt message"); } else { if (debug) fprintf(stderr, "sealed (%s) %d bytes\n", - level==PROT_P?"ENC":"MIC", + clevel==PROT_P?"ENC":"MIC", out_buf.length); memcpy(out, out_buf.value, length=out_buf.length); @@ -411,10 +417,10 @@ secure_command(cmd) radix_error(kerror)); return(0); } - fprintf(cout, "%s %s", level == PROT_P ? "ENC" : "MIC", in); + fprintf(cout, "%s %s", clevel == PROT_P ? "ENC" : "MIC", in); if(debug) fprintf(stderr, "secure_command(%s)\nencoding %d bytes %s %s\n", - cmd, length, level==PROT_P ? "ENC" : "MIC", in); + cmd, length, clevel==PROT_P ? "ENC" : "MIC", in); } else fputs(cmd, cout); fprintf(cout, "\r\n"); (void) fflush(cout); @@ -475,10 +481,10 @@ again: if (secure_command(in) == 0) cpend = 1; r = getreply(!strcmp(fmt, "QUIT")); #ifndef NOENCRYPTION - if (r == 533 && level == PROT_P) { + if (r == 533 && clevel == PROT_P) { fprintf(stderr, "ENC command not supported at server; retrying under MIC...\n"); - level = PROT_S; + clevel = PROT_S; goto again; } #endif @@ -600,7 +606,7 @@ getreply(expecteof) if (code != 631 && code != 632 && code != 633) { printf("Unknown reply: %d %s\n", code, obuf); n = '5'; - } else safe = code; + } else safe = (code == 631); if (obuf[0]) /* if there is a string to decode */ if (!auth_type) { printf("Cannot decode reply:\n%d %s\n", code, obuf); @@ -641,7 +647,7 @@ getreply(expecteof) krb_get_err_text(kerror)); n = '5'; } else { - if (verbose) printf("%c:", safe ? 'S' : 'P'); + if (debug) printf("%c:", safe ? 'S' : 'P'); memcpy(ibuf, msg_data.app_data, msg_data.app_length); strcpy(&ibuf[msg_data.app_length], "\r\n"); @@ -1544,7 +1550,8 @@ pswitch(flag) char mi[MAXPATHLEN]; char mo[MAXPATHLEN]; char *authtype; - int lvl; + int clvl; + int dlvl; #ifdef KRB5_KRB4_COMPAT C_Block session; Key_schedule schedule; @@ -1613,10 +1620,14 @@ pswitch(flag) (void) strcpy(mapout, op->mo); ip->authtype = auth_type; auth_type = op->authtype; - ip->lvl = level; - level = op->lvl; - if (!level) - level = 1; + ip->clvl = clevel; + clevel = op->clvl; + ip->dlvl = dlevel; + dlevel = op->dlvl; + if (!clevel) + clevel = PROT_C; + if (!dlevel) + dlevel = PROT_C; #ifdef KRB5_KRB4_COMPAT memcpy(ip->session, cred.session, sizeof(cred.session)); memcpy(cred.session, op->session, sizeof(cred.session)); @@ -1850,7 +1861,7 @@ int n_gss_trials = sizeof(gss_trials)/sizeof(gss_trials[0]); do_auth() { extern int setsafe(); - int oldverbose; + int oldverbose = verbose; #ifdef KRB5_KRB4_COMPAT char *service, inst[INST_SZ]; u_long cksum, checksum = (u_long) getpid(); diff --git a/src/appl/gssftp/ftp/ftp_var.h b/src/appl/gssftp/ftp/ftp_var.h index dcc19f206e..c2c03f39e8 100644 --- a/src/appl/gssftp/ftp/ftp_var.h +++ b/src/appl/gssftp/ftp/ftp_var.h @@ -77,7 +77,8 @@ extern char ntout[17]; /* output translation table */ #include extern char mapin[MAXPATHLEN]; /* input map template */ extern char mapout[MAXPATHLEN]; /* output map template */ -extern int level; /* protection level */ +extern int clevel; /* command channel protection level */ +extern int dlevel; /* data channel protection level */ extern int type; /* requested file transfer type */ extern int curtype; /* current file transfer type */ extern int stru; /* file transfer structure */ diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c index 1eac2ff2af..685c147585 100644 --- a/src/appl/gssftp/ftp/main.c +++ b/src/appl/gssftp/ftp/main.c @@ -175,7 +175,7 @@ main(argc, argv) cpend = 0; /* no pending replies */ proxy = 0; /* proxy not active */ #ifndef NO_PASSIVE_MODE - passivemode = 1; /* passive mode active */ + passivemode = 0; /* passive mode not active */ #endif crflag = 1; /* strip c.r. on ascii gets */ sendport = -1; /* not using ports */ @@ -225,7 +225,8 @@ lostpeer(sig) extern FILE *cout; extern int data; extern char *auth_type; - extern int level; + extern int clevel; + extern int dlevel; if (connected) { if (cout != NULL) { @@ -240,7 +241,7 @@ lostpeer(sig) } connected = 0; auth_type = NULL; - level = PROT_C; + clevel = dlevel = PROT_C; } pswitch(1); if (connected) { @@ -251,7 +252,7 @@ lostpeer(sig) } connected = 0; auth_type = NULL; - level = PROT_C; + clevel = dlevel = PROT_C; } proxflag = 0; pswitch(0); diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c index cc707ffd3e..57653b6281 100644 --- a/src/appl/gssftp/ftp/secure.c +++ b/src/appl/gssftp/ftp/secure.c @@ -49,7 +49,7 @@ typedef long ftp_int32; extern struct sockaddr_in hisaddr; extern struct sockaddr_in myaddr; -extern int level; +extern int dlevel; extern char *auth_type; #define MAX maxbuf @@ -171,7 +171,7 @@ int fd; { int ret; - if (level == PROT_C) + if (dlevel == PROT_C) return(0); if (nout) if (ret = secure_putbuf(fd, ucbuf, nout)) @@ -188,7 +188,7 @@ secure_putc(c, stream) char c; FILE *stream; { - if (level == PROT_C) + if (dlevel == PROT_C) return(putc(c,stream)); return(secure_putbyte(fileno(stream), (unsigned char) c)); } @@ -206,7 +206,7 @@ unsigned int nbyte; unsigned int i; int c; - if (level == PROT_C) + if (dlevel == PROT_C) return(write(fd,buf,nbyte)); for (i=0; nbyte>0; nbyte--) if ((c = secure_putbyte(fd, buf[i++])) < 0) @@ -245,13 +245,13 @@ unsigned int nbyte; } if (strcmp(auth_type, "KERBEROS_V4") == 0) - if ((length = level == PROT_P ? + if ((length = dlevel == PROT_P ? krb_mk_priv(buf, (unsigned char *) outbuf, nbyte, schedule, SESSION, &myaddr, &hisaddr) : krb_mk_safe(buf, (unsigned char *) outbuf, nbyte, SESSION, &myaddr, &hisaddr)) == -1) { secure_error("krb_mk_%s failed for KERBEROS_V4", - level == PROT_P ? "priv" : "safe"); + dlevel == PROT_P ? "priv" : "safe"); return(ERR); } #endif /* KRB5_KRB4_COMPAT */ @@ -264,7 +264,7 @@ unsigned int nbyte; in_buf.value = buf; in_buf.length = nbyte; maj_stat = gss_seal(&min_stat, gcontext, - (level == PROT_P), /* confidential */ + (dlevel == PROT_P), /* confidential */ GSS_C_QOP_DEFAULT, &in_buf, &conf_state, &out_buf); @@ -272,7 +272,7 @@ unsigned int nbyte; /* generally need to deal */ /* ie. should loop, but for now just fail */ secure_gss_error(maj_stat, min_stat, - level == PROT_P? + dlevel == PROT_P? "GSSAPI seal failed": "GSSAPI sign failed"); return(ERR); @@ -333,13 +333,13 @@ int fd; /* Other auth types go here ... */ #ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if (kerror = level == PROT_P ? + if (kerror = dlevel == PROT_P ? krb_rd_priv(ucbuf, length, schedule, SESSION, &hisaddr, &myaddr, &msg_data) : krb_rd_safe(ucbuf, length, SESSION, &hisaddr, &myaddr, &msg_data)) { secure_error("krb_rd_%s failed for KERBEROS_V4 (%s)", - level == PROT_P ? "priv" : "safe", + dlevel == PROT_P ? "priv" : "safe", krb_get_err_text(kerror)); return(ERR); } @@ -355,13 +355,13 @@ int fd; xmit_buf.value = ucbuf; xmit_buf.length = length; - conf_state = (level == PROT_P); + conf_state = (dlevel == PROT_P); /* decrypt/verify the message */ maj_stat = gss_unseal(&min_stat, gcontext, &xmit_buf, &msg_buf, &conf_state, NULL); if (maj_stat != GSS_S_COMPLETE) { secure_gss_error(maj_stat, min_stat, - (level == PROT_P)? + (dlevel == PROT_P)? "failed unsealing ENC message": "failed unsealing MIC message"); return ERR; @@ -386,7 +386,7 @@ int fd; secure_getc(stream) FILE *stream; { - if (level == PROT_C) + if (dlevel == PROT_C) return(getc(stream)); return(secure_getbyte(fileno(stream))); } @@ -405,7 +405,7 @@ int nbyte; static int c; int i; - if (level == PROT_C) + if (dlevel == PROT_C) return(read(fd,buf,nbyte)); if (c == EOF) return(c = 0); diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index c35c8f8d34..400d4834df 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,72 @@ +Tue Oct 20 16:29:46 1998 Dan Winship + + * ftpd.M: Reality check. Add -a to synopsis, document -c and -u + and CCC. + +1998-10-08 Geoffrey King + + * ftpd.c: Add support for restricted users, as requested in + [krb5-appl/481]. Users that appear in /etc/ftpusers, followed + by the keyword "restrict" will be granted access, but a chroot() + will be done to their home directory. + +Tue Sep 29 19:25:09 1998 Theodore Y. Ts'o + + * ftpd.c (auth_data): Don't use h_errno, it's not fully portable, + and it's not worth it. + +1998-08-28 Geoffrey King + + * ftpd.c (login): New function. Essentially, the old pass + function has been split into its two logical components, pass and + login. Don't reply 230 "User logged in" if the user didn't + send a PASS command; this causes the client to get a bit confused. + (pass): If auth_ok is true, reply with code 202 to tell the + user that a PASS command is not necessary. + (auth_ok): New function that returns true if either gss_ok or + kerb_ok is true (all the #ifdefs were beginning to clutter things, + and it's a good abstraction in case other auth types are ever + added in the future). + (user): If GSSAPI or Kerberos v4 authentication succeeds, call + login immediately, instead of waiting for the client to send "PASS + dummy." Also, use #ifdef PARANOID instead of "some paranoid sites + may wish to uncomment this" + +Wed Aug 19 06:47:46 1998 Geoffrey King + + * ftpd.c: Add a new command line option, -c, which tells the + server to accept the CCC command. + + * ftpcmd.y: If the -c option was given, check to make sure the CCC + command itself was integrity protected, and then set ccc_ok to + allow future commands to be transmitted as cleartext. + (getline): Now that CCC is potentially allowed, we must check to + see if we are parsing an unprotected command even if a security + context is established (i.e. auth_type is set). + +Wed Aug 12 02:57:07 1998 Geoffrey King + + * ftpcmd.y, ftpd.c: Replace global variable level with clevel and + dlevel to allow independence of command and data channel + protection levels. + +Tue Aug 11 04:30:59 1998 Matthew D Hancher + + * ftpd.c: Add support for extended logging as per PR#481. Using + the 'l' command line option twice now logs the major file commands, + and using it thrice logs bytecounts for RETR and STOR as well. + +Fri Aug 7 00:56:30 1998 Matthew D Hancher + + * ftpcmd.y: Replace old KERBEROS #ifdef's with KRB5_KRB4_COMPAT + so that K4 compatibility support actually gets compiled in. + + * ftpd.c: (pass): Make daemon not lose for homedirs on + root-squashing filesystems. + (auth_data): Fix that godawful "error: No error" message + when gss_acquire_cred() fails. + (user): Fix getusershell() code so it works more than once. + 1998-07-11 * ftpd.c (data;): do not declare h_errno; breaks on AIX and diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index fe2b76d774..f237bb7c07 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -74,13 +74,13 @@ extern lreply(int, char *, ...); #endif static int kerror; /* XXX needed for all auth types */ -#ifdef KERBEROS +#ifdef KRB5_KRB4_COMPAT extern struct sockaddr_in his_addr, ctrl_addr; #include extern AUTH_DAT kdata; extern Key_schedule schedule; extern MSG_DAT msg_data; -#endif /* KERBEROS */ +#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI #include #include @@ -114,7 +114,12 @@ extern int guest; extern int logging; extern int type; extern int form; +extern int clevel; extern int debug; + + +extern int allow_ccc; +extern int ccc_ok; extern int timeout; extern int maxtimeout; extern int pdata; @@ -227,13 +232,23 @@ cmd: USER SP username CRLF | PROT SP prot_code CRLF = { if (maxbuf) - setlevel ($3); + setdlevel ($3); else reply(503, "Must first set PBSZ"); } | CCC CRLF = { - reply(534, "CCC not supported"); + if (!allow_ccc) { + reply(534, "CCC not supported"); + } + else { + if(clevel == PROT_C && !ccc_ok) { + reply(533, "CCC command must be integrity protected"); + } else { + reply(200, "CCC command successful."); + ccc_ok = 1; + } + } } | PBSZ SP STRING CRLF = { @@ -978,9 +993,29 @@ getline(s, n, iop) char out[sizeof(cbuf)], *cp; int len, mic; - if ((cs = strpbrk(s, " \r\n"))) - *cs++ = '\0'; + + /* Check to see if we have a protected command. */ + if (!((mic = strncmp(s, "ENC", 3)) && strncmp(s, "MIC", 3) +#ifndef NOCONFIDENTIAL + && strncmp(s, "CONF", 4) +#endif + ) && (cs = strpbrk(s, " \r\n"))) { + *cs++ = '\0'; /* If so, split it into s and cs. */ + } else { /* If not, check if unprotected commands are allowed. */ + if(ccc_ok) { + clevel = PROT_C; + upper(s); + return(s); + } else { + reply(533, "All commands must be protected."); + syslog(LOG_ERR, "Unprotected command received"); + *s = '\0'; + return(s); + } + } upper(s); + if (debug) + syslog(LOG_INFO, "command %s received (mic=%d)", s, mic); #ifdef NOCONFIDENTIAL if (!strcmp(s, "CONF")) { reply(537, "CONF protected commands not supported."); @@ -988,17 +1023,6 @@ getline(s, n, iop) return(s); } #endif - if ((mic = strcmp(s, "ENC")) && strcmp(s, "MIC") -#ifndef NOCONFIDENTIAL - && strcmp(s, "CONF") -#endif - ) { - reply(533, "All commands must be protected."); - syslog(LOG_ERR, "Unprotected command received"); - *s = '\0'; - return(s); - } else if (debug) - syslog(LOG_INFO, "command %s received (mic=%d)", s, mic); /* Some paranoid sites may want to require that commands be encrypted. */ #ifdef PARANOID if (mic) { @@ -1024,7 +1048,8 @@ getline(s, n, iop) } if (debug) syslog(LOG_DEBUG, "getline got %d from %s <%s>\n", len, cs, mic?"MIC":"ENC"); -#ifdef KERBEROS + clevel = mic ? PROT_S : PROT_P; +#ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, "KERBEROS_V4") == 0) { if ((kerror = mic ? krb_rd_safe((unsigned char *)out, len, &kdata.session, @@ -1044,7 +1069,7 @@ getline(s, n, iop) (void) memcpy(s, msg_data.app_data, msg_data.app_length); (void) strcpy(s+msg_data.app_length, "\r\n"); } -#endif /* KERBEROS */ +#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI /* we know this is a MIC or ENC already, and out/len already has the bits */ if (strcmp(auth_type, "GSSAPI") == 0) { @@ -1080,7 +1105,7 @@ getline(s, n, iop) #endif /* GSSAPI */ /* Other auth types go here ... */ } -#if defined KERBEROS || defined GSSAPI /* or other auth types */ +#if defined KRB5_KRB4_COMPAT || defined GSSAPI /* or other auth types */ else { /* !auth_type */ if ( (!(strncmp(s, "ENC", 3))) || (!(strncmp(s, "MIC", 3))) #ifndef NOCONFIDENTIAL @@ -1092,7 +1117,7 @@ getline(s, n, iop) return(s); } } -#endif /* KERBEROS */ +#endif /* KRB5_KRB4_COMPAT || GSSAPI */ if (debug) { if (!strncmp(s, "PASS ", 5) && !guest) diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M index 1806aa5b48..cdbb69b541 100644 --- a/src/appl/gssftp/ftpd/ftpd.M +++ b/src/appl/gssftp/ftpd/ftpd.M @@ -39,9 +39,10 @@ Internet File Transfer Protocol server .SH SYNOPSIS .B ftpd -[\fB\-d\fP] [\fB\-l\fP] [\fB\-t\fP \fItimeout\fP] [\fB\-T\fP -\fImaxtimeout\fP] [\fB\-p\fP \fIport\fP] [\fB\-r\fP \fIrealm-file\fP] -[\fB\-s\fP \fIsrvtab\fP] +[\fB\-a\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-l\fP] +[\fB\-t\fP \fItimeout\fP] [\fB\-T\fP \fImaxtimeout\fP] +[\fB\-p\fP \fIport\fP] [\fB\-u\fP \fIumask\fP] +[\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP] .SH DESCRIPTION .B Ftpd is the @@ -54,6 +55,13 @@ specification; see .PP Available options: .TP +.B \-a +Only permit Kerberos-authenticated or anonymous logins. +.TP +.B \-c +Allow the CCC (Clear Command Channel) command to be used. This allows +less secure connections, and should probably only be used when debugging. +.TP .B \-d Debugging information is written to the syslog. .TP @@ -75,15 +83,15 @@ seconds with the .B \-T option. The default limit is 2 hours. .TP -.B \-a -Only permit Kerberos authenticated or anonymous logins. -.TP \fB\-p\fP \fIport\fP Run as a server and accept a connection on .IR port . Normally the ftp server is invoked by .IR inetd (8). .TP +\fB\-u\fP \fIumask\fP +Sets the umask for the ftpd process. The default value is normally 027. +.TP \fB\-r\fP \fIrealm-file\fP Sets the name of the .I krb.conf @@ -127,6 +135,11 @@ AUTH specify an authentication protocol to be performed .sp -1 .TP +CCC +set the command channel protection mode to "Clear" (no protection). +Only available if the \fB-c\fP command-line option was given. +.sp -1 +.TP CDUP change to parent of current working directory .sp -1 diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 3d027e9ac7..44bf8dfe5b 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -172,13 +172,17 @@ sigjmp_buf urgcatch; int logged_in; struct passwd *pw; int debug; +int allow_ccc = 0; /* whether or not the CCC command is allowed */ +int ccc_ok = 0; /* whether or not to accept cleartext commands */ int timeout = 900; /* timeout after 15 minutes of inactivity */ int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ int logging; int authenticate; int guest; +int restricted; int type; -int level; +int clevel; /* control protection level */ +int dlevel; /* data protection level */ int form; int stru; /* avoid C keyword */ int mode; @@ -193,6 +197,7 @@ off_t byte_count; #endif int defumask = CMASK; /* default umask value */ char tmpline[FTP_BUFSIZ]; +char pathbuf[MAXPATHLEN + 1]; char hostname[MAXHOSTNAMELEN]; char remotehost[MAXHOSTNAMELEN]; @@ -274,13 +279,17 @@ main(argc, argv, envp) break; case 'l': - logging = 1; + logging ++; break; case 'a': authenticate = 1; break; + case 'c': + allow_ccc = 1; + break; + case 'p': if (*++cp != '\0') port = atoi(cp); @@ -399,6 +408,7 @@ nextopt: #define LOG_DAEMON 0 #endif openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON); + addrlen = sizeof (his_addr); if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); @@ -454,7 +464,7 @@ nextopt: * Set up default state */ data = -1; - level = PROT_C; + clevel = dlevel = PROT_C; type = TYPE_A; form = FORM_N; stru = STRU_F; @@ -537,7 +547,36 @@ sgetpwnam(name) return (&save); } -setlevel(prot_level) +/* + * Expand the given pathname relative to the current working directory. + */ +char * +path_expand(path) + char *path; +{ + pathbuf[0] = '\x0'; + if (!path) return pathbuf; + /* Don't bother with getcwd() if the path is absolute */ + if (path[0] != '/') { + if (!getcwd(pathbuf, sizeof pathbuf)) { + pathbuf[0] = '\x0'; + syslog(LOG_ERR, "getcwd() failed"); + } + else { + int len = strlen(pathbuf); + if (pathbuf[len-1] != '/') { + pathbuf[len++] = '/'; + pathbuf[len] = '\x0'; + } + } + } + return strcat(pathbuf, path); +} + +/* + * Set data channel protection level + */ +setdlevel(prot_level) int prot_level; { switch (prot_level) { @@ -547,10 +586,10 @@ int prot_level; #endif if (auth_type) case PROT_C: - reply(200, "Protection level set to %s.", - (level = prot_level) == PROT_S ? - "Safe" : level == PROT_P ? - "Private" : "Clear"); + reply(200, "Data channel protection level set to %s.", + (dlevel = prot_level) == PROT_S ? + "safe" : dlevel == PROT_P ? + "private" : "clear"); else default: reply(536, "%s protection level not supported.", levelnames[prot_level]); @@ -569,7 +608,10 @@ int askpasswd; /* had user command, ask for passwd */ * If account doesn't exist, ask for passwd anyway. Otherwise, check user * requesting login privileges. Disallow anyone who does not have a standard * shell as returned by getusershell(). Disallow anyone mentioned in the file - * _PATH_FTPUSERS to allow people such as root and uucp to be avoided. + * _PATH_FTPUSERS to allow people such as root and uucp to be avoided, except + * for users whose names are followed by whitespace and then the keyword + * "restrict." Restricted users are allowed to login, but a chroot() is + * done to their home directory. */ user(name) char *name; @@ -580,14 +622,16 @@ user(name) char *getusershell(); #endif - /* Some paranoid sites may want the client to authenticate - * before accepting the USER command. If so, uncomment this: - +#ifdef PARANOID + /* + * Some paranoid sites may want the client to authenticate + * before accepting the USER command. + */ if (!auth_type) { reply(530, "Must perform authentication before identifying USER."); return; - */ +#endif if (logged_in) { if (guest) { reply(530, "Can't change user from guest login."); @@ -598,7 +642,7 @@ user(name) guest = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { - if (checkuser("ftp") || checkuser("anonymous")) + if (disallowed_user("ftp") || disallowed_user("anonymous")) reply(530, "User %s access denied.", name); else if ((pw = sgetpwnam("ftp")) != NULL) { guest = 1; @@ -612,14 +656,15 @@ user(name) if ((shell = pw->pw_shell) == NULL || *shell == 0) shell = "/bin/sh"; #ifdef HAVE_GETUSERSHELL + setusershell(); while ((cp = getusershell()) != NULL) if (strcmp(cp, shell) == 0) break; - /* endusershell(); */ /* this breaks on solaris 2.4 */ + endusershell(); #else cp = shell; #endif - if (cp == NULL || checkuser(name)) { + if (cp == NULL || disallowed_user(name)) { reply(530, "User %s access denied.", name); if (logging) syslog(LOG_NOTICE, @@ -628,6 +673,7 @@ user(name) pw = (struct passwd *) NULL; return; } + restricted = restricted_user(name); } #ifdef GSSAPI if (auth_type && strcmp(auth_type, "GSSAPI") == 0) { @@ -649,6 +695,10 @@ user(name) /* 232 is per draft-8, but why 331 not 53z? */ reply(gss_ok ? 232 : 331, "%s", buf); syslog(gss_ok ? LOG_INFO : LOG_ERR, "%s", buf); + if (gss_ok) { + login((char *) NULL); + return; + } } else #endif /* GSSAPI */ #ifdef KRB5_KRB4_COMPAT @@ -671,6 +721,10 @@ user(name) name, kerb_ok ? "" : "; Password required."); reply(kerb_ok ? 232 : 331, "%s", buf); syslog(kerb_ok ? LOG_INFO : LOG_ERR, "%s", buf); + if (kerb_ok) { + login((char *) NULL); + return; + } } else #endif /* KRB5_KRB4_COMPAT */ /* Other auth types go here ... */ @@ -685,7 +739,9 @@ user(name) return; } else reply(331, "Password required for %s.", name); + askpasswd = 1; + /* * Delay before reading passwd after first failed * attempt to slow down passwd-guessing programs. @@ -695,7 +751,9 @@ user(name) } /* - * Check if a user is in the file _PATH_FTPUSERS + * Check if a user is in the file _PATH_FTPUSERS. + * Return 1 if they are (a disallowed user), -1 if their username + * is followed by "restrict." (a restricted user). Otherwise return 0. */ checkuser(name) char *name; @@ -705,19 +763,47 @@ checkuser(name) char line[FTP_BUFSIZ]; if ((fd = fopen(_PATH_FTPUSERS, "r")) != NULL) { - while (fgets(line, sizeof(line), fd) != NULL) - if ((p = strchr(line, '\n')) != NULL) { - *p = '\0'; - if (line[0] == '#') - continue; - if (strcmp(line, name) == 0) - return (1); + while (fgets(line, sizeof(line), fd) != NULL) { + if ((p = strchr(line, '\n')) != NULL) { + *p = '\0'; + if (line[0] == '#') + continue; + if (strcmp(line, name) == 0) + return (1); + if (strncmp(line, name, strlen(name)) == 0) { + int i = strlen(name) + 1; + + /* Make sure foo doesn't match foobar */ + if (line[i] == '\0' || !isspace(line[i])) + continue; + /* Ignore whitespace */ + while (isspace(line[++i])); + + if (strcmp(&line[i], "restrict") == 0) + return (-1); + else + return (1); } - (void) fclose(fd); + } + } } + (void) fclose(fd); + return (0); } +disallowed_user(name) + char *name; +{ + return(checkuser(name) == 1); +} + +restricted_user(name) + char *name; +{ + return(checkuser(name) == -1); +} + /* * Terminate login as previous user, if any, resetting state; * used when USER command is given or login fails. @@ -790,19 +876,18 @@ pass(passwd) { char *xpasswd, *salt; - if (logged_in || askpasswd == 0) { - reply(503, "Login with USER first."); + if (auth_ok()) { + reply(202, "PASS command superfluous."); return; } - askpasswd = 0; - if ( -#ifdef KRB5_KRB4_COMPAT - !kerb_ok && -#endif /* KRB5_KRB4_COMPAT */ -#ifdef GSSAPI - !gss_ok && -#endif /* GSSAPI */ - !guest) { /* "ftp" is only account allowed no password */ + + if (logged_in || askpasswd == 0) { + reply(503, "Login with USER first."); + return; + } + + if (!auth_ok() && !guest) { + /* "ftp" is only account allowed no password */ if (pw == NULL) salt = "xx"; else @@ -818,12 +903,13 @@ pass(passwd) if (pw == NULL || (*pw->pw_passwd && strcmp(xpasswd, pw->pw_passwd) && !kpass(pw->pw_name, passwd)) || - (!*pw->pw_passwd && !kpass(pw->pw_name, passwd))) { + (!*pw->pw_passwd && !kpass(pw->pw_name, passwd))) #else /* The strcmp does not catch null passwords! */ if (pw == NULL || *pw->pw_passwd == '\0' || - strcmp(xpasswd, pw->pw_passwd)) { + strcmp(xpasswd, pw->pw_passwd)) #endif /* KRB5_KRB4_COMPAT */ + { reply(530, "Login incorrect."); pw = NULL; if (login_attempts++ >= 5) { @@ -833,38 +919,54 @@ pass(passwd) exit(0); } return; - } + } } login_attempts = 0; /* this time successful */ + + login(passwd); + return; +} + +login(passwd) + char *passwd; +{ (void) krb5_setegid((gid_t)pw->pw_gid); (void) initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ - (void)sprintf(ttyline, "ftp%d", getpid()); + (void) sprintf(ttyline, "ftp%d", getpid()); ftp_logwtmp(ttyline, pw->pw_name, remotehost); logged_in = 1; + if (guest || restricted) { + if (chroot(pw->pw_dir) < 0) { + reply(550, "Can't set privileges."); + goto bad; + } + } + if (krb5_seteuid((uid_t)pw->pw_uid) < 0) { + reply(550, "Can't set uid."); + goto bad; + } if (guest) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." * outside the new root! */ - if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + if (chdir("/") < 0) { reply(550, "Can't set guest privileges."); goto bad; } - } else if (chdir(pw->pw_dir) < 0) { - if (chdir("/") < 0) { - reply(530, "User %s: can't change directory to %s.", - pw->pw_name, pw->pw_dir); - goto bad; - } else - lreply(230, "No directory! Logging in with home=/"); - } - if (krb5_seteuid((uid_t)pw->pw_uid) < 0) { - reply(550, "Can't set uid."); - goto bad; + } else { + if (chdir(restricted ? "/" : pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", + pw->pw_name, pw->pw_dir); + goto bad; + } else + lreply(230, "No directory! Logging in with home=/"); + } } if (guest) { reply(230, "Guest login ok, access restrictions apply."); @@ -878,7 +980,10 @@ pass(passwd) syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s", remotehost, passwd); } else { - reply(230, "User %s logged in.", pw->pw_name); + if (askpasswd) { + askpasswd = 0; + reply(230, "User %s logged in.", pw->pw_name); + } #ifdef SETPROCTITLE sprintf(proctitle, "%s: %s", remotehost, pw->pw_name); setproctitle(proctitle); @@ -902,6 +1007,8 @@ retrieve(cmd, name) struct stat st; int (*closefunc)(); + if (logging > 1 && !cmd) + syslog(LOG_NOTICE, "get %s", path_expand(name)); if (cmd == 0) { fin = fopen(name, "r"), closefunc = fclose; st.st_size = 0; @@ -957,6 +1064,8 @@ retrieve(cmd, name) pdata = -1; done: (*closefunc)(fin); + if (logging > 2 && !cmd) + syslog(LOG_NOTICE, "get: %i bytes transferred", byte_count); } store_file(name, mode, unique) @@ -968,6 +1077,8 @@ store_file(name, mode, unique) int (*closefunc)(); char *gunique(); + if (logging > 1) syslog(LOG_NOTICE, "put %s", path_expand(name)); + if (unique && stat(name, &st) == 0 && (name = gunique(name)) == NULL) return; @@ -1023,6 +1134,8 @@ store_file(name, mode, unique) pdata = -1; done: (*closefunc)(fout); + if (logging > 2) + syslog(LOG_NOTICE, "put: %i bytes transferred", byte_count); } FILE * @@ -1396,7 +1509,7 @@ statcmd() reply(0, " Waiting for authentication data"); else reply(0, " Waiting for user name"); - reply(0, " PROTection level: %s", levelnames[level]); + reply(0, " Protection level: %s", levelnames[dlevel]); sprintf(str, " TYPE: %s", typenames[type]); if (type == TYPE_A || type == TYPE_E) sprintf(&str[strlen(str)], ", FORM: %s", formnames[form]); @@ -1470,16 +1583,12 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) if (auth_type) { char in[FTP_BUFSIZ], out[FTP_BUFSIZ]; int length, kerror; - /* - * File protection level also determines whether - * replies are 631 or 632. Should be independent ... - */ if (n) sprintf(in, "%d%c", n, cont_char); else in[0] = '\0'; strcat(in, buf); #ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if ((length = level == PROT_P ? + if ((length = clevel == PROT_P ? krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, &kdata.session, @@ -1490,7 +1599,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) &ctrl_addr, &his_addr)) == -1) { syslog(LOG_ERR, "krb_mk_%s failed for KERBEROS_V4", - level == PROT_P ? "priv" : "safe"); + clevel == PROT_P ? "priv" : "safe"); fputs(in,stdout); } } else @@ -1505,17 +1614,17 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) in_buf.value = in; in_buf.length = strlen(in) + 1; maj_stat = gss_seal(&min_stat, gcontext, - level == PROT_P, /* confidential */ + clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, &in_buf, &conf_state, &out_buf); if (maj_stat != GSS_S_COMPLETE) { /* generally need to deal */ secure_gss_error(maj_stat, min_stat, - (level==PROT_P)? + (clevel==PROT_P)? "gss_seal ENC didn't complete": "gss_seal MIC didn't complete"); - } else if ((level == PROT_P) && !conf_state) { + } else if ((clevel == PROT_P) && !conf_state) { secure_error("GSSAPI didn't encrypt message"); } else { memcpy(out, out_buf.value, @@ -1530,7 +1639,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) radix_error(kerror)); fputs(in,stdout); } else - printf("%s%c%s", level == PROT_P ? "632" : "631", + printf("%s%c%s", clevel == PROT_P ? "632" : "631", n ? cont_char : '-', in); } else { if (n) printf("%d%c", n, cont_char); @@ -1596,6 +1705,8 @@ delete_file(name) { struct stat st; + if (logging > 1) syslog(LOG_NOTICE, "del %s", path_expand(name)); + if (stat(name, &st) < 0) { perror_reply(550, name); return; @@ -1627,6 +1738,8 @@ cwd(path) makedir(name) char *name; { + if (logging > 1) syslog(LOG_NOTICE, "mkdir %s", path_expand(name)); + if (mkdir(name, 0777) < 0) perror_reply(550, name); else @@ -1636,6 +1749,8 @@ makedir(name) removedir(name) char *name; { + if (logging > 1) syslog(LOG_NOTICE, "rmdir %s", path_expand(name)); + if (rmdir(name) < 0) perror_reply(550, name); else @@ -1644,16 +1759,14 @@ removedir(name) pwd() { - char path[MAXPATHLEN + 1]; - - if (getcwd(path, sizeof path) == (char *)NULL) + if (getcwd(pathbuf, sizeof pathbuf) == (char *)NULL) #ifdef POSIX - perror_reply(550, path); + perror_reply(550, pathbuf); #else - reply(550, "%s.", path); + reply(550, "%s.", pathbuf); #endif else - reply(257, "\"%s\" is current directory.", path); + reply(257, "\"%s\" is current directory.", pathbuf); } char * @@ -1673,6 +1786,9 @@ renamefrom(name) renamecmd(from, to) char *from, *to; { + if(logging > 1) + syslog(LOG_NOTICE, "rename %s %s", path_expand(from), to); + if (rename(from, to) < 0) perror_reply(550, "rename"); else @@ -1978,8 +2094,8 @@ char *data; return 0; } if (!(hp = gethostbyname(localname))) { - reply(501, "couldn't canonicalize local hostname (%d)\n", h_errno); - syslog(LOG_ERR, "Couldn't canonicalize local hostname (%d)", h_errno); + reply(501, "couldn't canonicalize local hostname\n"); + syslog(LOG_ERR, "Couldn't canonicalize local hostname"); return 0; } strcpy(localname, hp->h_name); @@ -2040,8 +2156,14 @@ char *data; return 0; } } else { - reply_gss_error(501, stat_maj, stat_min, - "acquiring credentials"); + /* Kludge to make sure the right error gets reported, so we don't * + * get those nasty "error: no error" messages. */ + if(stat_maj != GSS_S_COMPLETE) + reply_gss_error(501, stat_maj, stat_min, + "acquiring credentials"); + else + reply_gss_error(501, acquire_maj, acquire_min, + "acquiring credentials"); syslog(LOG_ERR, "gssapi error acquiring credentials"); return 0; } @@ -2153,7 +2275,7 @@ char *fmt; va_list ap; va_start(ap, fmt); - if (level == PROT_C) rval = vfprintf(stream, fmt, ap); + if (dlevel == PROT_C) rval = vfprintf(stream, fmt, ap); else { vsprintf(s, fmt, ap); rval = secure_write(fileno(stream), s, strlen(s)); @@ -2162,7 +2284,7 @@ char *fmt; return(rval); #else - if (level == PROT_C) + if (dlevel == PROT_C) return(fprintf(stream, fmt, p1, p2, p3, p4, p5)); sprintf(s, fmt, p1, p2, p3, p4, p5); return(secure_write(fileno(stream), s, strlen(s))); @@ -2303,6 +2425,18 @@ data_err: pdata = -1; } +int auth_ok(void) +{ + return(0 +#ifdef KRB5_KRB4_COMPAT + || kerb_ok +#endif /* KRB5_KRB4_COMPAT */ +#ifdef GSSAPI + || gss_ok +#endif /* GSSAPI */ + ); +} + #ifdef SETPROCTITLE /* * clobber argv so ps will show what we're doing. @@ -2415,3 +2549,4 @@ ftpd_userok(client_name, name) return retval; } #endif /* GSSAPI */ + diff --git a/src/appl/telnet/telnet/ChangeLog b/src/appl/telnet/telnet/ChangeLog index 3e582855f0..6d13e63f2c 100644 --- a/src/appl/telnet/telnet/ChangeLog +++ b/src/appl/telnet/telnet/ChangeLog @@ -1,3 +1,18 @@ +Sat Oct 10 06:24:55 1998 Geoffrey King + + * telnet.c (telnet): Cosmetic change: Put a newline after "Waiting + for encryption to be negotiated..." so that the response + "[ Kerberos V5 accepts you as ``gjking@ATHENA.MIT.EDU'' ]" doesn't + run off the end of the line. + +Mon Aug 17 04:32:08 1998 Geoffrey King + + * main.c (main): Declare dst_realm_sz as extern int instead of + extern char, to agree with its definition in libtelnet/kerberos.c. + This was causing dst_realm_sz to be zero unexpectedly, and so + strncpy was not copying the -k realm argument into dest_realm. + [krb5-appl/616] + Tue May 26 15:27:55 1998 Tom Yu * configure.in: Re-order check for setupterm to avoid lossage if diff --git a/src/appl/telnet/telnet/main.c b/src/appl/telnet/telnet/main.c index 16663089f0..da98ae6df8 100644 --- a/src/appl/telnet/telnet/main.c +++ b/src/appl/telnet/telnet/main.c @@ -228,7 +228,8 @@ main(argc, argv) case 'k': #if defined(AUTHENTICATION) && defined(KRB4) { - extern char *dest_realm, dst_realm_buf[], dst_realm_sz; + extern char *dest_realm, dst_realm_buf[]; + extern int dst_realm_sz; dest_realm = dst_realm_buf; (void)strncpy(dest_realm, optarg, dst_realm_sz); } diff --git a/src/appl/telnet/telnet/telnet.c b/src/appl/telnet/telnet/telnet.c index 2ef24320ed..3a0844bfc0 100644 --- a/src/appl/telnet/telnet/telnet.c +++ b/src/appl/telnet/telnet/telnet.c @@ -2334,7 +2334,7 @@ telnet(user) } if (printed_encrypt == 0) { printed_encrypt = 1; - printf("Waiting for encryption to be negotiated..."); + printf("Waiting for encryption to be negotiated...\n"); /* * Turn on MODE_TRAPSIG and then turn off localchars * so that ^C will cause telnet to exit. diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index 84c1fe77f5..02b05da2b9 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,3 +1,9 @@ +Wed Aug 12 00:17:09 1998 Matthew D Hancher + + * Makefile.in (AUTH_DEF): Undefine LOGIN_CAP_F so that telnetd + runs login with -f rather than -F for preauthenticated login, + following the changes in appl/bsd/. + 1998-05-26 Theodore Ts'o * sys_term.c: #include utmp.h if present, and use _PATH_WTMP and diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in index aad4c8ab4b..af56cf2e90 100644 --- a/src/appl/telnet/telnetd/Makefile.in +++ b/src/appl/telnet/telnetd/Makefile.in @@ -22,7 +22,7 @@ BUILDTOP=$(REL)$(U)$(S)$(U)$(S)$(U) # @(#)Makefile.generic 5.5 (Berkeley) 3/1/91 # -AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN +AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON LOCALINCLUDES=-I.. -I$(srcdir)/.. CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES) diff --git a/src/appl/user_user/ChangeLog b/src/appl/user_user/ChangeLog index f9f76b81de..d26f5bbe00 100644 --- a/src/appl/user_user/ChangeLog +++ b/src/appl/user_user/ChangeLog @@ -1,3 +1,10 @@ +Tue Sep 29 18:58:46 1998 Theodore Y. Ts'o + + * client.c (main): Don't use h_errno at all; it doesn't work on + all platforms (for example HPUX), and it's just not worth + the effort to disambiguate between the different reasons + why gethostbyname() might have failed. + 1998-07-05 * client.c (main): do not declare h_errno diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index bd5c8a408a..9fb0c7ad05 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -83,12 +83,7 @@ char *argv[]; if ((host = gethostbyname (argv[1])) == NULL) { - - - if (h_errno == HOST_NOT_FOUND) - fprintf (stderr, "uu-client: unknown host \"%s\".\n", argv[1]); - else - fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", argv[1]); + fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", argv[1]); return 3; } diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index e09e58ad3d..3150210e4c 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,8 @@ +Tue Aug 11 23:38:53 1998 Matthew D Hancher + + * klist.c (do_ccache): Properly check the return value of + krb5_cc_set_flags() so the right thing happens if there is no CC. + Mon Mar 30 17:08:07 1998 Ezra Peisach * klist.c (main): Exit with a 0 exit status if everything okay diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 671316b2c8..deb5f44bc2 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -287,7 +287,7 @@ void do_ccache(name) flags = 0; /* turns off OPENCLOSE mode */ if ((code = krb5_cc_set_flags(kcontext, cache, flags))) { - if (code == ENOENT) { + if (code == KRB5_FCC_NOFILE) { if (!status_only) com_err(progname, code, "(ticket cache %s)", krb5_cc_get_name(kcontext, cache)); diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index 6cae35b0cf..d579e91575 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,8 @@ +Wed Sep 30 00:02:01 1998 Theodore Y. Ts'o + + * dump.c: Add support for changing the master key for a database + as part of creating a dump of the database. + Thu Aug 20 16:50:00 1998 Tom Yu * kdb5_util.c (add_random_key): Fixes to deal with absence of "-e" diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 194c6abadd..cf7dfef5a9 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -34,6 +34,18 @@ #include #endif /* HAVE_REGEX_H */ +/* + * Needed for master key conversion. + */ +extern krb5_keyblock master_keyblock; +extern krb5_principal master_princ; +extern krb5_encrypt_block master_encblock; +extern int valid_master_key; +extern void usage(); +static int mkey_convert; +static krb5_keyblock new_master_keyblock; +static krb5_encrypt_block new_master_encblock; + /* * Use compile(3) if no regcomp present. */ @@ -193,6 +205,7 @@ static const char standard_fmt_name[] = "Kerberos version 5 format"; static const char no_name_mem_fmt[] = "%s: cannot get memory for temporary name\n"; static const char ctx_err_fmt[] = "%s: cannot initialize Kerberos context\n"; static const char stdin_name[] = "standard input"; +static const char remaster_err_fmt[] = "while re-encoding keys for principal %s with new master key"; static const char restfail_fmt[] = "%s: %s restore failed\n"; static const char close_err_fmt[] = "%s: cannot close database (%s)\n"; static const char dbinit_err_fmt[] = "%s: cannot initialize database (%s)\n"; @@ -212,6 +225,51 @@ static const char hashoption[] = "-hash"; static const char ovoption[] = "-ov"; static const char dump_tmptrail[] = "~"; +/* + * Re-encrypt the key_data with the new master key... + */ +krb5_error_code master_key_convert(context, db_entry) + krb5_context context; + krb5_db_entry * db_entry; +{ + krb5_error_code retval; + krb5_keyblock v5plainkey, *key_ptr; + krb5_keysalt keysalt; + int i; + krb5_key_data new_key_data, *key_data; + krb5_boolean is_mkey; + + is_mkey = krb5_principal_compare(context, master_princ, db_entry->princ); + + if (is_mkey && db_entry->n_key_data != 1) + fprintf(stderr, + "Master key db entry has %d keys, expecting only 1!\n", + db_entry->n_key_data); + for (i=0; i < db_entry->n_key_data; i++) { + key_data = &db_entry->key_data[i]; + if (key_data->key_data_length == 0) + continue; + retval = krb5_dbekd_decrypt_key_data(context, &master_encblock, + key_data, &v5plainkey, + &keysalt); + if (retval) + return retval; + + memset(&new_key_data, 0, sizeof(new_key_data)); + key_ptr = is_mkey ? &new_master_keyblock : &v5plainkey; + retval = krb5_dbekd_encrypt_key_data(context, &new_master_encblock, + key_ptr, &keysalt, + key_data->key_data_kvno, + &new_key_data); + if (retval) + return retval; + krb5_free_keyblock_contents(context, &v5plainkey); + free(key_data->key_data_contents); + *key_data = new_key_data; + } + return 0; +} + /* * Update the "ok" file. */ @@ -368,7 +426,7 @@ find_enctype(dbentp, enctype, salttype, kentp) maxkvno = -1; datap = (krb5_key_data *) NULL; for (i=0; in_key_data; i++) { - if ((dbentp->key_data[i].key_data_type[0] == enctype) && + if (( (krb5_enctype)dbentp->key_data[i].key_data_type[0] == enctype) && ((dbentp->key_data[i].key_data_type[1] == salttype) || (salttype < 0))) { maxkvno = dbentp->key_data[i].key_data_kvno; @@ -409,7 +467,6 @@ dump_k5beta_iterator(ptr, entry) struct dump_args *arg; char *name, *mod_name; krb5_principal mod_princ; - krb5_tl_data *pwchg; krb5_key_data *pkey, *akey, nullkey; krb5_timestamp mod_date, last_pwd_change; int i; @@ -430,6 +487,18 @@ dump_k5beta_iterator(ptr, entry) arg->programname, error_message(retval)); return(retval); } + + /* + * Re-encode the keys in the new master key, if necessary. + */ + if (mkey_convert) { + retval = master_key_convert(arg->kcontext, entry); + if (retval) { + com_err(arg->programname, retval, remaster_err_fmt, name); + return retval; + } + } + /* * If we don't have any match strings, or if our name matches, then * proceed with the dump, otherwise, just forget about it. @@ -464,9 +533,9 @@ dump_k5beta_iterator(ptr, entry) /* * Find the last password change record and set it straight. */ - if (retval = - krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry, - &last_pwd_change)) { + if ((retval = + krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry, + &last_pwd_change))) { fprintf(stderr, nokeys_err, arg->programname, name); krb5_xfree(mod_name); krb5_xfree(name); @@ -585,6 +654,18 @@ dump_k5beta6_iterator(ptr, entry) arg->programname, error_message(retval)); return(retval); } + + /* + * Re-encode the keys in the new master key, if necessary. + */ + if (mkey_convert) { + retval = master_key_convert(arg->kcontext, entry); + if (retval) { + com_err(arg->programname, retval, remaster_err_fmt, name); + return retval; + } + } + /* * If we don't have any match strings, or if our name matches, then * proceed with the dump, otherwise, just forget about it. @@ -883,11 +964,12 @@ dump_db(argc, argv) int error; char *programname; char *ofile; - krb5_error_code kret; + krb5_error_code kret, retval; dump_version *dump; int aindex; krb5_boolean locked; extern osa_adb_policy_t policy_db; + char *new_mkey_file = 0; /* * Parse the arguments. @@ -899,6 +981,8 @@ dump_db(argc, argv) error = 0; dump = &beta7_version; arglist.verbose = 0; + new_mkey_file = 0; + mkey_convert = 0; /* * Parse the qualifiers. @@ -912,7 +996,12 @@ dump_db(argc, argv) dump = &ov_version; else if (!strcmp(argv[aindex], verboseoption)) arglist.verbose++; - else + else if (!strcmp(argv[aindex], "-mkey_convert")) + mkey_convert = 1; + else if (!strcmp(argv[aindex], "-new_mkey_file")) { + new_mkey_file = argv[++aindex]; + mkey_convert = 1; + } else break; } @@ -937,6 +1026,52 @@ dump_db(argc, argv) return; } + /* + * If we're doing a master key conversion, set up for it. + */ + if (mkey_convert) { + if (!valid_master_key) { + /* TRUE here means read the keyboard, but only once */ + if ((retval = krb5_db_fetch_mkey(util_context, + master_princ, &master_encblock, TRUE, FALSE, + (char *) NULL, 0, &master_keyblock))) { + com_err(argv[0], retval, "while reading master key"); + exit(1); + } + if ((retval = krb5_db_verify_master_key(util_context, + master_princ, &master_keyblock,&master_encblock))) { + com_err(argv[0], retval, "while verifying master key"); + exit(1); + } + if ((retval = krb5_process_key(util_context, + &master_encblock, &master_keyblock))) { + com_err(argv[0], retval, "while processing master key"); + exit(1); + } + } + new_master_keyblock.enctype = global_params.enctype; + if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN) + new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; + krb5_use_enctype(util_context, &new_master_encblock, + new_master_keyblock.enctype); + if (!new_mkey_file) + printf("Please enter new master key....\n"); + if ((retval = krb5_db_fetch_mkey(util_context, master_princ, + &new_master_encblock, + !new_mkey_file, TRUE, + new_mkey_file, 0, + &new_master_keyblock))) { + com_err(argv[0], retval, "while reading old master key"); + exit(1); + } + if ((retval = krb5_process_key(util_context, &new_master_encblock, + &new_master_keyblock))) { + com_err(argv[0], retval, + "while processing old master key"); + exit(1); + } + } + kret = 0; locked = 0; if (ofile && strcmp(ofile, "-")) { @@ -1749,9 +1884,9 @@ int process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db) return 1; } - if (ret = osa_adb_create_policy(pol_db, &rec)) { + if ((ret = osa_adb_create_policy(pol_db, &rec))) { if (ret == OSA_ADB_DUP && - (ret = osa_adb_put_policy(pol_db, &rec))) { + ((ret = osa_adb_put_policy(pol_db, &rec)))) { fprintf(stderr, "cannot create policy on line %d: %s\n", *linenop, error_message(ret)); return 1; @@ -1967,7 +2102,8 @@ load_db(argc, argv) exit_status++; return; } - if (kret = krb5_lock_file(kcontext, fileno(f), KRB5_LOCKMODE_SHARED)) { + if ((kret = krb5_lock_file(kcontext, fileno(f), + KRB5_LOCKMODE_SHARED))) { fprintf(stderr, "%s: Cannot lock %s: %s\n", programname, dumpfile, error_message(errno)); exit_status++; @@ -2023,8 +2159,8 @@ load_db(argc, argv) newparams.mask |= KADM5_CONFIG_DBNAME; newparams.dbname = dbname_tmp; - if (kret = kadm5_get_config_params(kcontext, NULL, NULL, - &newparams, &newparams)) { + if ((kret = kadm5_get_config_params(kcontext, NULL, NULL, + &newparams, &newparams))) { com_err(argv[0], kret, "while retreiving new configuration parameters"); exit_status++; @@ -2038,7 +2174,7 @@ load_db(argc, argv) * with policy info, because they may be loading an old dump * intending to use it with the new kadm5 system. */ - if (!update && (kret = krb5_db_create(kcontext, dbname_tmp, crflags))) { + if (!update && ((kret = krb5_db_create(kcontext, dbname_tmp, crflags)))) { fprintf(stderr, dbcreaterr_fmt, programname, dbname_tmp, error_message(kret)); exit_status++; @@ -2058,15 +2194,15 @@ load_db(argc, argv) /* * Point ourselves at the new databases. */ - if (kret = krb5_db_set_name(kcontext, - (update) ? dbname : dbname_tmp)) { + if ((kret = krb5_db_set_name(kcontext, + (update) ? dbname : dbname_tmp))) { fprintf(stderr, dbname_err_fmt, programname, (update) ? dbname : dbname_tmp, error_message(kret)); exit_status++; goto error; } - if (kret = osa_adb_open_policy(&tmppol_db, &newparams)) { + if ((kret = osa_adb_open_policy(&tmppol_db, &newparams))) { fprintf(stderr, "%s: %s while opening policy database\n", programname, error_message(kret)); exit_status++; @@ -2077,7 +2213,7 @@ load_db(argc, argv) * the update fails. */ if (update) { - if (kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT)) { + if ((kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT))) { fprintf(stderr, "%s: %s while permanently locking database\n", programname, error_message(kret)); exit_status++; @@ -2088,7 +2224,7 @@ load_db(argc, argv) /* * Initialize the database. */ - if (kret = krb5_db_init(kcontext)) { + if ((kret = krb5_db_init(kcontext))) { fprintf(stderr, dbinit_err_fmt, programname, error_message(kret)); exit_status++; @@ -2120,14 +2256,14 @@ load_db(argc, argv) programname, dbname_tmp, error_message(kret)); exit_status++; } - if (kret = krb5_db_fini(kcontext)) { + if ((kret = krb5_db_fini(kcontext))) { fprintf(stderr, close_err_fmt, programname, error_message(kret)); exit_status++; } if (!update && load->create_kadm5 && - (kret = kadm5_create_magic_princs(&newparams, kcontext))) { + ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { /* error message printed by create_magic_princs */ exit_status++; } @@ -2148,7 +2284,7 @@ error: programname, dbname_tmp, error_message(kret)); exit_status++; } - if (kret = osa_adb_destroy_policy_db(&newparams)) { + if ((kret = osa_adb_destroy_policy_db(&newparams))) { fprintf(stderr, "%s: %s while destroying policy database\n", programname, error_message(kret)); exit_status++; @@ -2164,14 +2300,14 @@ error: exit_status++; } - if (kret = osa_adb_close_policy(tmppol_db)) { + if ((kret = osa_adb_close_policy(tmppol_db))) { fprintf(stderr, close_err_fmt, programname, error_message(kret)); exit_status++; } - if (kret = osa_adb_rename_policy_db(&newparams, - &global_params)) { + if ((kret = osa_adb_rename_policy_db(&newparams, + &global_params))) { fprintf(stderr, "%s: %s while renaming policy db %s to %s\n", programname, error_message(kret), @@ -2181,13 +2317,13 @@ error: } } } else /* update */ { - if (! exit_status && (kret = osa_adb_release_lock(tmppol_db))) { + if (! exit_status && ((kret = osa_adb_release_lock(tmppol_db)))) { fprintf(stderr, "%s: %s while releasing permanent lock\n", programname, error_message(kret)); exit_status++; } - if(tmppol_db && (kret = osa_adb_close_policy(tmppol_db))) { + if (tmppol_db && ((kret = osa_adb_close_policy(tmppol_db)))) { fprintf(stderr, close_err_fmt, programname, error_message(kret)); exit_status++; diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index fa9506e964..22f8214bd0 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,26 @@ +Wed Jul 22 00:28:57 1998 Geoffrey King + + * ovsec_kadmd.c (main): Cast gss_nt_krb5_name to + gss_OID to avoid compiler warnings. + +Tue Jul 21 16:36:51 1998 Geoffrey King + + * ovsec_kadmd.c: Call krb5_klog_reopen in kadm_svc_run + upon receiving a SIGHUP. Use sigaction instead of + signal if POSIX_SIGNALS is defined. All of the calls + to signal and sigaction are now in a separate function + setup_signal_handlers, as the kdc code does. Also, + since reset_db no longer does anything, change the name + of signal_request_reset to the more descriptive + signal_request_hup, and request_reset_db to + request_hup (paralleling the nomenclature in the kdc + code). + +Mon Jul 20 11:28:39 1998 Ezra Peisach + + * schpw.c (process_chpw_request): Cast to krb5_octet * instead of + char * for krb5_address.contents type. + Fri Feb 27 23:32:38 1998 Theodore Ts'o * Makefile.in: Changed thisconfigdir to point at the kadmin diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index fed4104b85..6d60c3b461 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -32,14 +32,20 @@ void request_pure_report(int); void request_pure_clear(int); #endif /* PURIFY */ -int signal_request_exit = 0; -int signal_request_reset = 0; +volatile int signal_request_exit = 0; +volatile int signal_request_hup = 0; +void setup_signal_handlers(void); void request_exit(int); -void request_reset_db(int); +void request_hup(int); void reset_db(void); void sig_pipe(int); void kadm_svc_run(void); +#ifdef POSIX_SIGNALS +static struct sigaction s_action; +#endif /* POSIX_SIGNALS */ + + #define TIMEOUT 15 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL; @@ -120,7 +126,7 @@ int main(int argc, char *argv[]) names[0].name = names[1].name = names[2].name = names[3].name = NULL; names[0].type = names[1].type = names[2].type = names[3].type = - gss_nt_krb5_name; + (gss_OID) gss_nt_krb5_name; #ifdef PURIFY purify_start_batch(); @@ -297,7 +303,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "This probably means that another %s process is already\n" "running, or that another program is using the server port (number %d)\n" -"after being assigned it by the RPC portmap deamon. If another\n" +"after being assigned it by the RPC portmap daemon. If another\n" "%s is already running, you should kill it before\n" "restarting the server. If, on the other hand, another program is\n" "using the server port, you should kill it before running\n" @@ -406,12 +412,12 @@ int main(int argc, char *argv[]) /* if set_names succeeded, this will too */ in_buf.value = names[1].name; in_buf.length = strlen(names[1].name) + 1; - (void) gss_import_name(&OMret, &in_buf, gss_nt_krb5_name, + (void) gss_import_name(&OMret, &in_buf, (gss_OID) gss_nt_krb5_name, &gss_changepw_name); if (oldnames) { in_buf.value = names[3].name; in_buf.length = strlen(names[3].name) + 1; - (void) gss_import_name(&OMret, &in_buf, gss_nt_krb5_name, + (void) gss_import_name(&OMret, &in_buf, (gss_OID) gss_nt_krb5_name, &gss_oldchangepw_name); } @@ -441,17 +447,8 @@ int main(int argc, char *argv[]) exit(1); } - signal(SIGINT, request_exit); - signal(SIGTERM, request_exit); - signal(SIGQUIT, request_exit); - signal(SIGHUP, request_reset_db); - signal(SIGPIPE, sig_pipe); -#ifdef PURIFY - signal(SIGUSR1, request_pure_report); - signal(SIGUSR2, request_pure_clear); -#endif /* PURIFY */ + setup_signal_handlers(); krb5_klog_syslog(LOG_INFO, "starting"); - kadm_svc_run(); krb5_klog_syslog(LOG_INFO, "finished, exiting"); @@ -477,6 +474,43 @@ int main(int argc, char *argv[]) exit(2); } +/* + * Function: setup_signal_handlers + * + * Purpose: Setup signal handling functions using POSIX's sigaction() + * if possible, otherwise with System V's signal(). + */ + +void setup_signal_handlers(void) { +#ifdef POSIX_SIGNALS + (void) sigemptyset(&s_action.sa_mask); + s_action.sa_handler = request_exit; + (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL); + (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL); + (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = request_hup; + (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = sig_pipe; + (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL); +#ifdef PURIFY + s_action.sa_handler = request_pure_report; + (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL); + s_action.sa_handler = request_pure_clear; + (void) sigaction(SIGUSR2, &s_action, (struct sigaction *) NULL); +#endif /* PURIFY */ +#else /* POSIX_SIGNALS */ + signal(SIGINT, request_exit); + signal(SIGTERM, request_exit); + signal(SIGQUIT, request_exit); + signal(SIGHUP, request_hup); + signal(SIGPIPE, sig_pipe); +#ifdef PURIFY + signal(SIGUSR1, request_pure_report); + signal(SIGUSR2, request_pure_clear); +#endif /* PURIFY */ +#endif /* POSIX_SIGNALS */ +} + /* * Function: kadm_svc_run * @@ -496,8 +530,11 @@ void kadm_svc_run(void) struct timeval timeout; while(signal_request_exit == 0) { - if (signal_request_reset) - reset_db(); + if (signal_request_hup) { + reset_db(); + krb5_klog_reopen(); + signal_request_hup = 0; + } #ifdef PURIFY if (signal_pure_report) /* check to see if a report */ /* should be dumped... */ @@ -580,7 +617,7 @@ void request_pure_clear(int signum) #endif /* PURIFY */ /* - * Function: request_reset_db + * Function: request_hup * * Purpose: sets flag saying the server got a signal and that it should * reset the database files when convenient. @@ -589,18 +626,17 @@ void request_pure_clear(int signum) * Requires: * Effects: * Modifies: - * sets signal_request_reset to one + * sets signal_request_hup to one */ -void request_reset_db(int signum) +void request_hup(int signum) { - krb5_klog_syslog(LOG_DEBUG, "Got signal to request resetting the databases"); - signal_request_reset = 1; + signal_request_hup = 1; return; } /* - * Function: reset-db + * Function: reset_db * * Purpose: flushes the currently opened database files to disk. * @@ -627,12 +663,11 @@ void reset_db(void) } #endif - signal_request_reset = 0; return; } /* - * Function: request-exit + * Function: request_exit * * Purpose: sets flags saying the server got a signal and that it * should exit when convient. @@ -926,7 +961,7 @@ void do_schpw(int s1, kadm5_config_params *params) close(s2); if (repdata.length == 0) { - /* just qreturn. This means something really bad happened */ + /* just return. This means something really bad happened */ goto cleanup; } @@ -948,3 +983,11 @@ cleanup: return; } + + + + + + + + diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index c3901be926..f246571f8c 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -140,7 +140,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sin, req, rep) local_kaddr.length = sizeof(((struct sockaddr_in *) &local_addr)->sin_addr); local_kaddr.contents = - (char *) &(((struct sockaddr_in *) &local_addr)->sin_addr); + (krb5_octet *) &(((struct sockaddr_in *) &local_addr)->sin_addr); } else { krb5_address **addrs; @@ -168,11 +168,11 @@ process_chpw_request(context, server_handle, realm, s, keytab, sin, req, rep) remote_kaddr.length = sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr); remote_kaddr.contents = - (char *) &(((struct sockaddr_in *) &remote_addr)->sin_addr); + (krb5_octet *) &(((struct sockaddr_in *) &remote_addr)->sin_addr); remote_kaddr.addrtype = ADDRTYPE_INET; remote_kaddr.length = sizeof(sin->sin_addr); - remote_kaddr.contents = (char *) &sin->sin_addr; + remote_kaddr.contents = (krb5_octet *) &sin->sin_addr; /* mk_priv requires that the local address be set. getsockname is used for this. rd_priv requires that the diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index bcea1cd847..ce4eb4c174 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -8,6 +8,10 @@ Fri Jul 31 18:17:16 1998 Tom Yu * admin_server.c (clear_secrets): Remove references to master_encblock, due to new crypto API. +Mon Jul 20 11:20:32 1998 Ezra Peisach + + * acl_files.c: Include stdlib.h if present. + Thu Jul 9 21:52:41 1998 Tom Yu * kadm_server.c (kadm_ser_cpw): Re-enable "old-style" password diff --git a/src/kadmin/v4server/acl_files.c b/src/kadmin/v4server/acl_files.c index f7c1509eb2..22a0007de6 100644 --- a/src/kadmin/v4server/acl_files.c +++ b/src/kadmin/v4server/acl_files.c @@ -13,6 +13,9 @@ #include #include +#ifdef HAVE_STDLIB_H +#include +#endif #ifdef HAVE_UNISTD_H #include #endif diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index f338b92bde..65f6e05a41 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -46,6 +46,21 @@ Wed Aug 12 18:40:08 1998 Tom Yu it's a single-des key. (set_tgtkey): Call krb_set_key_krb5 if appropriate. +Tue Jul 21 20:29:38 1998 Tom Yu + + * replay.c (kdc_check_lookaside): + (kdc_insert_lookaside): Add code to originating address of packet, + as krb4 initial ticket requests don't contain an address. This + would cause a subtle problem wherein two simultaneous krb4 initial + ticket requests for the same principal originating from different + addresses would result in both replies containing the same + address. + + * kdc_util.h: Modify prototype for lookaside functions. + + * dispatch.c (dispatch): Update to new calling conventions of the + lookaside functions. + Wed Jul 15 18:32:07 1998 Tom Yu * configure.in: Add CHECK_SIGNALS so that POSIX_SIGNALS gets diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index a94173ce4f..7446ea5f88 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -43,7 +43,7 @@ dispatch(pkt, from, portnum, response) /* decode incoming packet, and dispatch */ /* try the replay lookaside buffer */ - if (kdc_check_lookaside(pkt, response)) { + if (kdc_check_lookaside(pkt, from, response)) { /* a hit! */ krb5_klog_syslog(LOG_INFO, "DISPATCH: replay found and re-transmitted"); return 0; @@ -72,7 +72,7 @@ dispatch(pkt, from, portnum, response) retval = KRB5KRB_AP_ERR_MSG_TYPE; /* put the response into the lookaside buffer */ if (!retval) - kdc_insert_lookaside(pkt, *response); + kdc_insert_lookaside(pkt, from, *response); return retval; } diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 2702e14d23..6e87892396 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -149,8 +149,10 @@ krb5_error_code return_padata krb5_key_data *client_key, krb5_keyblock *encrypting_key)); /* replay.c */ -krb5_boolean kdc_check_lookaside PROTOTYPE((krb5_data *, krb5_data **)); -void kdc_insert_lookaside PROTOTYPE((krb5_data *, krb5_data *)); +krb5_boolean kdc_check_lookaside PROTOTYPE((krb5_data *, krb5_fulladdr *, + krb5_data **)); +void kdc_insert_lookaside PROTOTYPE((krb5_data *, krb5_fulladdr *, + krb5_data *)); /* which way to convert key? */ #define CONVERT_INTO_DB 0 diff --git a/src/kdc/replay.c b/src/kdc/replay.c index cf30c07846..a65ffb3eb7 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -36,6 +36,7 @@ typedef struct _krb5_kdc_replay_ent { time_t db_age; krb5_data *req_packet; krb5_data *reply_packet; + krb5_address *addr; /* XXX should these not be pointers? */ } krb5_kdc_replay_ent; static krb5_kdc_replay_ent root_ptr = {0}; @@ -46,13 +47,16 @@ static int max_hits_per_entry = 0; static int num_entries = 0; #define STALE_TIME 2*60 /* two minutes */ -#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \ +#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) || \ ((ptr)->db_age != db_age)) -#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \ - !memcmp((ptr)->req_packet->data, inpkt->data, inpkt->length) && \ +#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) && \ + !memcmp((ptr)->req_packet->data, inpkt->data, \ + inpkt->length) && \ + ((ptr)->addr->length == from->address->length) && \ + !memcmp((ptr)->addr->contents, from->address, \ + from->address->length)&& \ ((ptr)->db_age == db_age)) - /* XXX Todo: quench the size of the queue... */ @@ -61,9 +65,10 @@ static int num_entries = 0; FALSE if the caller should do the work */ krb5_boolean -kdc_check_lookaside(inpkt, outpkt) -register krb5_data *inpkt; -register krb5_data **outpkt; +kdc_check_lookaside(inpkt, from, outpkt) + register krb5_data *inpkt; + register krb5_fulladdr *from; + register krb5_data **outpkt; { krb5_int32 timenow; register krb5_kdc_replay_ent *eptr, *last, *hold; @@ -71,7 +76,7 @@ register krb5_data **outpkt; if (krb5_timeofday(kdc_context, &timenow) || krb5_db_get_age(kdc_context, 0, &db_age)) - return FALSE; + return FALSE; calls++; @@ -98,6 +103,7 @@ register krb5_data **outpkt; max_hits_per_entry = max(max_hits_per_entry, eptr->num_hits); krb5_free_data(kdc_context, eptr->req_packet); krb5_free_data(kdc_context, eptr->reply_packet); + krb5_free_address(kdc_context, eptr->addr); hold = eptr; last->next = eptr->next; eptr = last; @@ -115,9 +121,10 @@ register krb5_data **outpkt; already there, and can fail softly due to other weird errors. */ void -kdc_insert_lookaside(inpkt, outpkt) -register krb5_data *inpkt; -register krb5_data *outpkt; +kdc_insert_lookaside(inpkt, from, outpkt) + register krb5_data *inpkt; + register krb5_fulladdr *from; + register krb5_data *outpkt; { register krb5_kdc_replay_ent *eptr; krb5_int32 timenow; @@ -125,7 +132,7 @@ register krb5_data *outpkt; if (krb5_timeofday(kdc_context, &timenow) || krb5_db_get_age(kdc_context, 0, &db_age)) - return; + return; /* this is a new entry */ eptr = (krb5_kdc_replay_ent *)calloc(1, sizeof(*eptr)); @@ -133,6 +140,11 @@ register krb5_data *outpkt; return; eptr->timein = timenow; eptr->db_age = db_age; + /* + * This is going to hurt a lot malloc()-wise due to the need to + * allocate memory for the krb5_data and krb5_address elements. + * ARGH! + */ if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) { free(eptr); return; @@ -142,6 +154,12 @@ register krb5_data *outpkt; free(eptr); return; } + if (krb5_copy_addr(kdc_context, from->address, &eptr->addr)) { + krb5_free_data(kdc_context, eptr->req_packet); + krb5_free_data(kdc_context, eptr->reply_packet); + free(eptr); + return; + } eptr->next = root_ptr.next; root_ptr.next = eptr; num_entries++; diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 9bc1d60e27..40ef10cd17 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -21,6 +21,11 @@ Wed Aug 19 13:40:28 1998 Tom Yu found kvno as well, and use that instead of the kvno of the incoming ticket. +Fri Jul 24 19:38:58 1998 Geoffrey King + + * krb524d.c (main): Fork into the background by default, also + add a -nofork command line option. + Sat Jul 18 22:10:29 1998 Geoffrey King * krb524d.c (main): Remove the variable use_other_realm. diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 85a196e7e0..1afeec2dce 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -57,7 +57,7 @@ krb5_error_code do_connection(), lookup_service_key(), kdc_get_server_key(); void usage(context) krb5_context context; { - fprintf(stderr, "Usage: %s [-k[eytab]] [-m[aster] [-r realm]]\n", whoami); + fprintf(stderr, "Usage: %s [-k[eytab]] [-m[aster] [-r realm]] [-nofork]\n", whoami); cleanup_and_exit(1, context); } @@ -86,7 +86,7 @@ int main(argc, argv) struct servent *serv; struct sockaddr_in saddr; struct timeval timeout; - int ret, s; + int ret, s, nofork; fd_set rfds; krb5_context context; krb5_error_code retval; @@ -101,7 +101,7 @@ int main(argc, argv) whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]); argv++; argc--; - use_master = use_keytab = 0; + use_master = use_keytab = nofork = 0; config_params.mask = 0; while (argc) { @@ -109,6 +109,8 @@ int main(argc, argv) use_keytab = 1; else if (strncmp(*argv, "-m", 2) == 0) use_master = 1; + else if (strcmp(*argv, "-nofork") == 0) + nofork = 1; else if (strcmp(*argv, "-r") == 0) { argv++; argc--; if (argc == 0 || !use_master) @@ -154,6 +156,10 @@ int main(argc, argv) com_err(whoami, errno, "binding main socket"); cleanup_and_exit(1, context); } + if (!nofork && daemon(0, 0)) { + com_err(whoami, errno, "while detaching from tty"); + cleanup_and_exit(1, context); + } while (1) { FD_ZERO(&rfds); diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index d0bd8a8fc1..2f3da297d1 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -24,6 +24,13 @@ Thu Sep 3 19:35:44 1998 Tom Yu bash the enctype in ctx->subkey->enctype rather than just "enctype", which nothing checks. +Fri Jul 24 21:13:53 1998 Tom Yu + + * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix to round down + by 8 even if the req_output_size-ohlen is a multiple of 8, since + the wrap token is always padded regardless of whether it's a + mutiple of 8 bytes. + 1998-06-08 Theodore Ts'o * k5unseal.c (kg_unseal): Clean up lint warnings. diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 5961390080..0162fc450f 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -21,6 +21,20 @@ Wed Aug 12 18:32:44 1998 Tom Yu krb5_keyblock to encrypt the ticket, or just a C_Block if the krb5_keyblock is not set. +Mon Aug 10 17:51:59 1998 Matthew D Hancher + + * rd_svc_key.c (read_service_key): Don't call krb5_kt_close() if + krb5_kt_resolve() fails, so we don't segfault if the keytab name + is invalid. + +Fri Aug 7 11:04:03 1998 Tom Yu + + * rd_safe.c (krb_rd_safe): Fix up call to quad_cksum(). + + * mk_safe.c (krb_mk_safe): Fix up call to quad_cksum(). + + * tf_util.c (tf_init): Add call to getuid() to initialize me. + Thu Jul 30 13:13:30 1998 Sam Hartman * tf_util.c (tf_init): s/,/= so getuid() actually gets called diff --git a/src/lib/krb4/mk_safe.c b/src/lib/krb4/mk_safe.c index a20a2257c2..b0dbd17e4a 100644 --- a/src/lib/krb4/mk_safe.c +++ b/src/lib/krb4/mk_safe.c @@ -143,7 +143,7 @@ krb_mk_safe(in,out,length,key,sender,receiver) #else /* Do encryption */ /* calculate the checksum of length, timestamps, and input data */ cksum = quad_cksum(q, (unsigned KRB4_32 *)big_cksum, - p-q, 2, (C_Block *)&key); + p-q, 2, (C_Block *)key); #endif /* NOENCRYPTION */ DEB (("\ncksum = %u",cksum)); diff --git a/src/lib/krb4/rd_safe.c b/src/lib/krb4/rd_safe.c index 20407677b4..52fdf3ab10 100644 --- a/src/lib/krb4/rd_safe.c +++ b/src/lib/krb4/rd_safe.c @@ -182,7 +182,7 @@ krb_rd_safe protocol err sizeof(u_long) != sizeof(struct in_addr)"); #else /* Do encryption */ /* calculate the checksum of the length, timestamps, and * input data, on the sending byte order !! */ - quad_cksum(q,calc_cksum,p-q,2,(C_Block *)&key); + quad_cksum(q,calc_cksum,p-q,2,(C_Block *)key); #endif /* NOENCRYPTION */ DEB (("\n0: calc %l big %lx\n1: calc %lx big %lx\n2: calc %lx big %lx\n3: calc %lx big %lx\n", diff --git a/src/lib/krb4/rd_svc_key.c b/src/lib/krb4/rd_svc_key.c index 5ef12d8ebb..34924baf50 100644 --- a/src/lib/krb4/rd_svc_key.c +++ b/src/lib/krb4/rd_svc_key.c @@ -166,10 +166,11 @@ read_service_key(service,instance,realm,kvno,file,key) sizeof(keytabname)-1); if (!retval) { retval = krb5_kt_resolve(context, (char *)keytabname, &kt_id); - if (!retval) + if (!retval) { retval = krb5_kt_get_entry(context, kt_id, princ, kvno, ENCTYPE_DES_CBC_CRC, &kt_entry); - krb5_kt_close(context, kt_id); + krb5_kt_close(context, kt_id); + } krb5_free_principal(context, princ); } if (!retval) { diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c index e5f70aca4c..1c7aadd9fa 100644 --- a/src/lib/krb4/tf_util.c +++ b/src/lib/krb4/tf_util.c @@ -190,6 +190,8 @@ int tf_init(tf_name, rw) int shmid; #endif + me = getuid(); + switch (rw) { case R_TKT_FIL: wflag = 0; diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index d34555d5a3..71aa06dc82 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,12 @@ +1998-08-24 Theodore Ts'o + + * Makefile.in: Add windows build instructions to build CCache API + Cache implementation. + +Fri Aug 20 18:30:00 1998 Miro Jurisic + * Added Frank's CCache API cache implementation and made + it default on the Mac + Thu Jul 30 13:12:30 1998 Sam Hartman * ccbase.c: Enable memory ccache (merge adapted from Kerbnet) diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in index 48bfd9dd7d..9d375cd64f 100644 --- a/src/lib/krb5/ccache/Makefile.in +++ b/src/lib/krb5/ccache/Makefile.in @@ -9,7 +9,7 @@ CFLAGS = $(CCOPTS) $(DEFS) -I$(srcdir)$(S)file -I$(srcdir)$(S)stdio ##DOS##OBJFILE=..\$(PREFIXDIR).lst ##WIN16##LIBNAME=..\krb5.lib -MAC_SUBDIRS = file stdio memory +MAC_SUBDIRS = file stdio memory ccapi STLIBOBJS= \ ccbase.o \ @@ -34,7 +34,8 @@ all-unix:: all-libobjs all-windows:: subdirs $(OBJFILE) -##DOSsubdirs:: file\file.lst +##DOSsubdirs:: file\file.lst memory\file.lst ccapi\file.lst +##DOS ##DOSfile\file.lst:: ##DOS cd file ##DOS @echo Making in krb5\ccache\file @@ -47,10 +48,17 @@ all-windows:: subdirs $(OBJFILE) ##DOS -$(MAKE) -$(MFLAGS) ##DOS cd .. -##DOS$(OBJFILE): $(OBJS) file\file.lst memory\file.lst +##DOSccapi\file.lst:: +##DOS cd ccapi +##DOS @echo Making in krb5\ccache\ccapi +##DOS -$(MAKE) -$(MFLAGS) +##DOS cd .. + +##DOS$(OBJFILE): $(OBJS) file\file.lst memory\file.lst ccapi\file.lst ##DOS $(RM) $(OBJFILE) ##WIN16## $(CP) nul: $(OBJFILE) -##WIN32## $(LIBECHO) -p $(PREFIXDIR)\ *.obj file\*.obj memory\*.obj > $(OBJFILE) +##WIN32## $(LIBECHO) -p $(PREFIXDIR)\ *.obj file\*.obj memory\*.obj \ +##WIN32## ccapi\*.obj > $(OBJFILE) clean-unix:: clean-libobjs diff --git a/src/lib/krb5/ccache/ccdefops.c b/src/lib/krb5/ccache/ccdefops.c index df7497f800..9c39f40f57 100644 --- a/src/lib/krb5/ccache/ccdefops.c +++ b/src/lib/krb5/ccache/ccdefops.c @@ -27,6 +27,15 @@ #include "k5-int.h" +#if defined(macintosh) || defined(_MSDOS) || defined(_WIN32) + +/* Macs and PCs use the shared, memory based credentials cache */ +#include "stdcc.h" /* from ccapi subdir */ + +krb5_cc_ops *krb5_cc_dfl_ops = &krb5_cc_stdcc_ops; + +#else + #ifdef HAVE_SYS_TYPES_H /* Systems that have probably have Unix-like files (off_t, for example, which is needed by fcc.h). */ @@ -41,3 +50,5 @@ krb5_cc_ops *krb5_cc_dfl_ops = &krb5_cc_file_ops; krb5_cc_ops *krb5_cc_dfl_ops = &krb5_scc_ops; #endif + +#endif diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 921d8d3c4e..0ee4a7192f 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,3 +1,20 @@ +Fri Sep 25 22:32:16 1998 Theodore Y. Ts'o + + * ccdefname.c: We shouldn't try to use the CCache API on Unix + systems. (The maze of #ifdef's was confusing.) + +Tue Sep 1 15:44:11 1998 Theodore Y. Ts'o + + * ccdefname.c (krb5_cc_default_name): Changed the PC version to + use the CCache API by default. Removed the old Macintosh + code that had been commented out. (If we need to + ressurect it, we'll get it from CVS.) + +Fri Aug 21 17:37:00 1998 Miro Jurisic + + * ccdefname.c.c (krb5_cc_default_name): Changed the Mac + version to use CCache API by default. + Thu Jul 16 09:59:34 1998 Ezra Peisach * changepw.c (krb5_change_password): Changes casts from char * to diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index d3914bcdc3..d782f94bed 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -92,19 +92,9 @@ krb5_cc_default_name(context) if (name == 0) { -#ifdef HAVE_MACSOCK_H +#ifdef macintosh { -short vRefnum; -long parID; -OSErr theErr; -FSSpec krbccSpec; -char pathbuf[255]; - - theErr = FindFolder(kOnSystemDisk, kPreferencesFolderType, kDontCreateFolder, &vRefnum, &parID); - FSMakeFSSpec(vRefnum, parID, "\pkrb5cc", &krbccSpec); - GetPathname(&krbccSpec, &pathbuf); - sprintf(name_buf, "STDIO:%s", pathbuf); -// strcpy (name_buf, "STDIO:krb5cc"); + strcpy (name_buf, "API:default_cache_name"); } #else #if defined(_MSDOS) || defined(_WIN32) @@ -151,16 +141,18 @@ char pathbuf[255]; if(!(found)) { #endif - GetWindowsDirectory (defname, sizeof(defname)-7); - strcat (defname, "\\krb5cc"); - strcpy (name_buf, "FILE:"); + //GetWindowsDirectory (defname, sizeof(defname)-7); + strcpy (defname, "default_cache_name"); + strcpy (name_buf, "API:"); GetPrivateProfileString(INI_FILES, INI_KRB_CCACHE, defname, - name_buf+5, sizeof(name_buf)-5, KERBEROS_INI); + name_buf+4, sizeof(name_buf)-4, + KERBEROS_INI); #if defined(_WIN32) } #endif } #else + /* Default for Unix systems */ sprintf(name_buf, "FILE:/tmp/krb5cc_%d", getuid()); #endif #endif diff --git a/src/mac/ChangeLog b/src/mac/ChangeLog index 560ee3f917..86bc05be37 100644 --- a/src/mac/ChangeLog +++ b/src/mac/ChangeLog @@ -1,3 +1,81 @@ +Fri Oct 21 18:00:00 1998 Miro Jurisic + * ReadMe: updated instructions to say we require CW Pro4 + * version.r: upped to 1.1a4 + +Fri Oct 21 17:30:00 1998 Miro Jurisic + * Makefile.initial: added auto-detection of CodeWarrior version + * Makefile.tmpl: added CodeWarrior Pro4 files and fixed -map on krb5 68k lib + +Fri Sep 8 15:50:00 1998 Miro Jurisic + * CFMGlue.c: Added check for Code Fragment Manager + +Fri Aug 28 16:30:00 1998 Miro Jurisic + + * Makefile.tmpl, ReadMe, Makefile.initial, RunAppleScript.pl: Added stuff to + automagically run AppleScriprs to build CW projects. + +Fri Aug 28 12:00:00 1998 Miro Jurisic + + * Makefile.tmpl: Removed static library targets, renamed other + targets, added debugging targets + * ReadMe: removed mentions of static libraries and kconfig + * macfile_gen.pl: renamed output variables + * version.r: upped to 1.1a3 + +Fri Aug 21 17:00:00 1998 Miro Jurisic + + * Makefile.tmpl: Added CCache API dependencies + +Wed Aug 19 18:20:00 1998 Miro Jurisic + + * version.r: Upped to 1.1a1 library, 1.5a1 package + +Tue Aug 18 14:30:00 1998 Miro Jurisic + + * ReadMe: added information about warnings that should be ignored + +Fri Aug 14 14:00:00 1998 Miro Jurisic + + * Makefile.tmpl: Change -sym fullpath to -sym on -- now + MPW doesn't crash during link stage + * version.r: Upped to 1.0.5b8 + +Wed Aug 12 13:20:00 1998 Miro Jurisic + + * version.r: Upped to 1.0.5b7 + +Wed Aug 12 13:20:00 1998 Miro Jurisic + + * Makefile.tmpl: Change glue targets' output folders + +Mon Aug 10 17:20:00 1998 Miro Jurisic + + * Makefile.tmpl: Fixed glue targets' dependencies + +Mon Aug 10 13:15:00 1998 Miro Jurisic + + * version.r: Upped to 1.0.5b6 + +Mon Aug 10 13:15:00 1998 Miro Jurisic + + * Makefile.tmpl: Added glue files to snapshot list + +Mon Aug 10 13:05:00 1998 Miro Jurisic + + * Makefile.tmpl: Changed location of glue generation output + +Mon Aug 10 13:05:00 1998 Miro Jurisic + + * ReadMe: Changed instructions to refer to 68K glue + +Mon Aug 10 12:58:00 1998 Miro Jurisic + + * Makefile.tmpl: Added glue files to clean targets + +Mon Aug 10 12:30:00 1998 Miro Jurisic + + * Added sources for classic 68K glue for GSSAPI and krb5 libraries + Tue Jul 7 17:00:00 1998 Miro Jurisic * Makefile: separated krb5 and GSS libraries; also commented out MIT-specific targets, diff --git a/src/mac/Makefile.tmpl b/src/mac/Makefile.tmpl index 6c09819363..23fe70e52e 100644 --- a/src/mac/Makefile.tmpl +++ b/src/mac/Makefile.tmpl @@ -1,4 +1,6 @@ -INCLUDES = {AUTOINCLUDES} -i /mac/TestTrack/ +snapshot-root = //GSS-Kerberos5-1.1 + +include-paths = {autogenerated-include-paths} -i /mac/TestTrack/ -i "/mac/libraries/CCache API/include/" ################################################################################ ## @@ -10,9 +12,6 @@ create-directories : If Not "`Exists -d /bin`" NewFolder /bin End - If Not "`Exists -d /bin/68K`" - NewFolder /bin/68K - End If Not "`Exists -d /bin/PPC`" NewFolder /bin/PPC End @@ -20,16 +19,38 @@ create-directories : NewFolder /bin/CFM-68K End +################################################################################ +## +## Autogenerating classic 68K glue files +## +################################################################################ + +classic-glue-output = /K5.CFMglue.c /GSS.CFMglue.c +classic-glue-input = /mac/K5.CFMglue.cin /mac/K5.CFMglue.proto.h /mac/CFMglue.c /mac/K5.moreCFMglue.cin \ + /mac/GSS.CFMglue.cin /mac/GSS.CFMglue.proto.h /mac/GSS.moreCFMglue.cin /mac/CFMGlue.pl + +glue : {classic-glue-output} +glue-clean : + Delete -i {classic-glue-output} + +/K5.CFMglue.c : /mac/K5.CFMglue.cin /mac/K5.CFMglue.proto.h /mac/CFMglue.c /mac/K5.moreCFMglue.cin + perl /mac/CFMGlue.pl < /mac/K5.CFMglue.proto.h > /K5.CFMglue.c + Catenate /mac/K5.CFMglue.cin /mac/CFMglue.c /K5.CFMglue.c /mac/K5.moreCFMglue.cin | Catenate > /K5.CFMglue.c + +/GSS.CFMglue.c : /mac/GSS.CFMglue.cin /mac/GSS.CFMglue.proto.h /mac/CFMglue.c /mac/GSS.moreCFMglue.cin + perl /mac/CFMGlue.pl < /mac/GSS.CFMglue.proto.h > /GSS.CFMglue.c + Catenate /mac/GSS.CFMglue.cin /mac/CFMglue.c /GSS.CFMglue.c /mac/GSS.moreCFMglue.cin | Catenate > /GSS.CFMglue.c + ################################################################################ ## ## Autogenerating header and source files ## ################################################################################ -AUTOGEN_H_FROM_ET = /util/et/et_h.perl -AUTOGEN_C_FROM_ET = /util/et/et_c.perl +autogeneration-h-script = /util/et/et_h.perl +autogeneration-c-script = /util/et/et_c.perl -AUTOGEN_OUTPUT = /include/asn1_err.h /include/kdb5_err.h /include/krb5_err.h \ +autogenerated-files = /include/asn1_err.h /include/kdb5_err.h /include/krb5_err.h \ /include/kv5m_err.h /include/adm_err.h \ /lib/gssapi/generic/gssapi_err_generic.h \ /lib/gssapi/krb5/gssapi_err_krb5.h /util/profile/prof_err.c \ @@ -41,10 +62,21 @@ AUTOGEN_OUTPUT = /include/asn1_err.h /include/kdb5_err.h /include/krb5_err.h \ /include/profile.h /include/krb5/osconf.h /lib/gssapi/generic/gssapi.h \ /include/autoconf.h - -autogenerate-files : {AUTOGEN_OUTPUT} +autogeneration-sources = /lib/krb5/error_tables/asn1_err.et \ + /lib/krb5/error_tables/kdb5_err.et \ + /lib/krb5/error_tables/krb5_err.et \ + /lib/krb5/error_tables/kv5m_err.et \ + /lib/krb5/error_tables/adm_err.et \ + /lib/gssapi/generic/gssapi_err_generic.et \ + /lib/gssapi/krb5/gssapi_err_krb5.et \ + /util/profile/prof_err.et \ + /include/krb5.hin /util/profile/profile.hin \ + /include/krb5/stock/osconf.h /lib/gssapi/generic/gssapi.hin \ + /mac/libraries/autoconf.h + +autogenerate-files : {autogenerated-files} autogenerate-clean : - for output_file in {AUTOGEN_OUTPUT} + for output_file in {autogenerated-files} if "`Exists {output_file}`" SetFile -a l {output_file} Delete {output_file} @@ -58,28 +90,28 @@ autogenerate-clean : ################################################################################ /include/asn1_err.h : /lib/krb5/error_tables/asn1_err.et - perl {AUTOGEN_H_FROM_ET} outfile="/include/asn1_err.h" < "/lib/krb5/error_tables/asn1_err.et" + perl {autogeneration-h-script} outfile="/include/asn1_err.h" < "/lib/krb5/error_tables/asn1_err.et" /include/kdb5_err.h : /lib/krb5/error_tables/kdb5_err.et - perl {AUTOGEN_H_FROM_ET} outfile="/include/kdb5_err.h" < "/lib/krb5/error_tables/kdb5_err.et" + perl {autogeneration-h-script} outfile="/include/kdb5_err.h" < "/lib/krb5/error_tables/kdb5_err.et" /include/krb5_err.h : /lib/krb5/error_tables/krb5_err.et - perl {AUTOGEN_H_FROM_ET} outfile="/include/krb5_err.h" < "/lib/krb5/error_tables/krb5_err.et" + perl {autogeneration-h-script} outfile="/include/krb5_err.h" < "/lib/krb5/error_tables/krb5_err.et" /include/kv5m_err.h : /lib/krb5/error_tables/kv5m_err.et - perl {AUTOGEN_H_FROM_ET} outfile="/include/kv5m_err.h" < "/lib/krb5/error_tables/kv5m_err.et" + perl {autogeneration-h-script} outfile="/include/kv5m_err.h" < "/lib/krb5/error_tables/kv5m_err.et" /include/adm_err.h : /lib/krb5/error_tables/adm_err.et - perl {AUTOGEN_H_FROM_ET} outfile="/include/adm_err.h" < "/lib/krb5/error_tables/adm_err.et" + perl {autogeneration-h-script} outfile="/include/adm_err.h" < "/lib/krb5/error_tables/adm_err.et" /lib/gssapi/generic/gssapi_err_generic.h : /lib/gssapi/generic/gssapi_err_generic.et - perl {AUTOGEN_H_FROM_ET} outfile="/lib/gssapi/generic/gssapi_err_generic.h" < "/lib/gssapi/generic/gssapi_err_generic.et" + perl {autogeneration-h-script} outfile="/lib/gssapi/generic/gssapi_err_generic.h" < "/lib/gssapi/generic/gssapi_err_generic.et" /lib/gssapi/krb5/gssapi_err_krb5.h : /lib/gssapi/krb5/gssapi_err_krb5.et - perl {AUTOGEN_H_FROM_ET} outfile="/lib/gssapi/krb5/gssapi_err_krb5.h" < "/lib/gssapi/krb5/gssapi_err_krb5.et" + perl {autogeneration-h-script} outfile="/lib/gssapi/krb5/gssapi_err_krb5.h" < "/lib/gssapi/krb5/gssapi_err_krb5.et" /util/profile/prof_err.h : /util/profile/prof_err.et - perl {AUTOGEN_H_FROM_ET} outfile="/util/profile/prof_err.h" < "/util/profile/prof_err.et" + perl {autogeneration-h-script} outfile="/util/profile/prof_err.h" < "/util/profile/prof_err.et" ################################################################################ # @@ -88,28 +120,28 @@ autogenerate-clean : ################################################################################ /lib/krb5/error_tables/asn1_err.c : /lib/krb5/error_tables/asn1_err.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/krb5/error_tables/asn1_err.c" < "/lib/krb5/error_tables/asn1_err.et" + perl {autogeneration-c-script} outfile="/lib/krb5/error_tables/asn1_err.c" < "/lib/krb5/error_tables/asn1_err.et" /lib/krb5/error_tables/kdb5_err.c : /lib/krb5/error_tables/kdb5_err.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/krb5/error_tables/kdb5_err.c" < "/lib/krb5/error_tables/kdb5_err.et" + perl {autogeneration-c-script} outfile="/lib/krb5/error_tables/kdb5_err.c" < "/lib/krb5/error_tables/kdb5_err.et" /lib/krb5/error_tables/krb5_err.c : /lib/krb5/error_tables/krb5_err.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/krb5/error_tables/krb5_err.c" < "/lib/krb5/error_tables/krb5_err.et" + perl {autogeneration-c-script} outfile="/lib/krb5/error_tables/krb5_err.c" < "/lib/krb5/error_tables/krb5_err.et" /lib/krb5/error_tables/kv5m_err.c : /lib/krb5/error_tables/kv5m_err.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/krb5/error_tables/kv5m_err.c" < "/lib/krb5/error_tables/kv5m_err.et" + perl {autogeneration-c-script} outfile="/lib/krb5/error_tables/kv5m_err.c" < "/lib/krb5/error_tables/kv5m_err.et" /lib/krb5/error_tables/adm_err.c : /lib/krb5/error_tables/adm_err.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/krb5/error_tables/adm_err.c" < "/lib/krb5/error_tables/adm_err.et" + perl {autogeneration-c-script} outfile="/lib/krb5/error_tables/adm_err.c" < "/lib/krb5/error_tables/adm_err.et" /lib/gssapi/generic/gssapi_err_generic.c : /lib/gssapi/generic/gssapi_err_generic.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/gssapi/generic/gssapi_err_generic.c" < "/lib/gssapi/generic/gssapi_err_generic.et" + perl {autogeneration-c-script} outfile="/lib/gssapi/generic/gssapi_err_generic.c" < "/lib/gssapi/generic/gssapi_err_generic.et" /lib/gssapi/krb5/gssapi_err_krb5.c : /lib/gssapi/krb5/gssapi_err_krb5.et - perl {AUTOGEN_C_FROM_ET} outfile="/lib/gssapi/krb5/gssapi_err_krb5.c" < "/lib/gssapi/krb5/gssapi_err_krb5.et" + perl {autogeneration-c-script} outfile="/lib/gssapi/krb5/gssapi_err_krb5.c" < "/lib/gssapi/krb5/gssapi_err_krb5.et" /util/profile/prof_err.c : /util/profile/prof_err.et - perl {AUTOGEN_C_FROM_ET} outfile="/util/profile/prof_err.c" < "/util/profile/prof_err.et" + perl {autogeneration-c-script} outfile="/util/profile/prof_err.c" < "/util/profile/prof_err.et" ################################################################################ # @@ -137,7 +169,7 @@ autogenerate-clean : ################################################################################ ## -## Shared library specific sources (initialization and termination) +## Shared library initialization and termination sources ## ################################################################################ @@ -145,25 +177,25 @@ autogenerate-clean : # GSS library # -GSSSHLIBSRC = /mac/GSS.CFM.c -GSSSHLIBOBJ68KCFM = /bin/CFM-68K/GSS.CFM.c.CFM68.o -GSSSHLIBOBJPPC = /bin/PPC/GSS.CFM.c.PPC.o +cfm-gss-src = /mac/GSS.CFM.c +cfm-gss-obj-cfm68k = /bin/CFM-68K/GSS.CFM.c.CFM68.o +cfm-gss-obj-ppc = /bin/PPC/GSS.CFM.c.PPC.o # # Krb5 library # -K5SHLIBSRC = /mac/K5.CFM.c -K5SHLIBOBJ68KCFM = /bin/CFM-68K/K5.CFM.c.CFM68.o -K5SHLIBOBJPPC = /bin/PPC/K5.CFM.c.PPC.o +cfm-krb5-src = /mac/K5.CFM.c +cfm-krb5-obj-cfm68k = /bin/CFM-68K/K5.CFM.c.CFM68.o +cfm-krb5-obj-ppc = /bin/PPC/K5.CFM.c.PPC.o # # TestTrack # -TTSRC = /mac/TestTrack/ShlibTestTrack.c -TTOBJ68KCFM = /bin/CFM-68K/ShlibTestTrack.c.CFM68.o -TTOBJPPC = /bin/PPC/ShlibTestTrack.c.PPC.o +testtrack-src = /mac/TestTrack/ShlibTestTrack.c +testtrack-obj-cfm68k = /bin/CFM-68K/ShlibTestTrack.c.CFM68.o +testtrack-obj-ppc = /bin/PPC/ShlibTestTrack.c.PPC.o ################################################################################ ## @@ -171,169 +203,156 @@ TTOBJPPC = /bin/PPC/ShlibTestTrack.c.PPC.o ## ################################################################################ -KH = /mac/libraries/ -KH68K = {KH}KerberosHeaders68K -KHCFM-68K = {KH}KerberosHeadersCFM-68K -KHPPC = {KH}KerberosHeadersPPC +kerberos-headers-root = /mac/libraries/ +kerberos-headers-cfm68k = {kerberos-headers-root}KerberosHeadersCFM-68K +kerberos-headers-ppc = {kerberos-headers-root}KerberosHeadersPPC ################################################################################ ## -## Runtime libraries +## System and runtime libraries ## ################################################################################ -GSSRTLCFM68K = "MSL C.CFM68K.DLL" \ - "MSL RuntimeCFM68K.DLL" \ +libraries-gss-cfm68k = \ + "/bin/MIT CLib.68K" \ + "/bin/MIT RuntimeLib.68K" \ "{MW68KLibraries}MSL ShLibRuntimeCFM68K.Lib" \ "{SharedLibraries}InterfaceLib" \ "{MW68KLibraries}MathLibCFM68K (4i_8d).Lib" -GSSRTLCFMPPC = "MSL C.PPC.DLL" \ - "MSL RuntimePPC.DLL" \ + +libraries-gss-ppc = \ + "/bin/MIT CLib.PPC" \ + "/bin/MIT RuntimeLib.PPC" \ "{MWPPCLibraries}MSL ShLibRuntime.Lib" \ "{SharedLibraries}InterfaceLib" \ "{SharedLibraries}MathLib" -K5RTLCFM68K = "MSL C.CFM68K.DLL" \ - "MSL RuntimeCFM68K.DLL" \ + +libraries-krb5-cfm68k = \ + "/bin/MIT CLib.68K" \ + "/bin/MIT RuntimeLib.68K" \ "{MW68KLibraries}MSL ShLibRuntimeCFM68K.Lib" \ "{SharedLibraries}InterfaceLib" \ "{MW68KLibraries}MathLibCFM68K (4i_8d).Lib" -K5RTLCFMPPC = "MSL C.PPC.DLL" \ - "MSL RuntimePPC.DLL" \ + +libraries-krb5-ppc = \ + "/bin/MIT CLib.PPC" \ + "/bin/MIT RuntimeLib.PPC" \ "{MWPPCLibraries}MSL ShLibRuntime.Lib" \ "{SharedLibraries}InterfaceLib" \ "{SharedLibraries}MathLib" -OPTIONS = {INCLUDES} -enum int -opt all -strings pool -mapcr \ - -mpw_pointers -warnings off -fatext -nosyspath -maxerrors 1000 \ - -align mac68k -opt off -toc_data on -fp_contract on -sym fullpath \ - -model farData ################################################################################ ## -## General rules +## Common compiler and linker options ## ################################################################################ -all : autogenerate-files build build-gss-shlibglue build-k5-shlibglue build-testtrack link -libs : {KH68K} {KHPPC} {GSSOBJS68K} {GSSOBJS68KCFM} {GSSOBJSPPC} link -build : build-PPC build-68K build-68KCFM +compiler-options = \ + {include-paths} -enum int -opt all -strings pool -mapcr \ + -mpw_pointers -warnings off -fatext -nosyspath -maxerrors 1000 \ + -align mac68k -opt off -toc_data on -fp_contract on -sym on \ + -model farData + +linker-options-gss = \ + +linker-options-krb5 = \ ################################################################################ ## -## Compilation rules +## Credentials cache API libraries ## ################################################################################ -build-68K : {GSSOBJS68K} {K5OBJS68K} -/bin/68K/ : {SRCDIRS} -.c.68K.o : .c {KH68K} - MWC68K {OPTIONS} -o {TargDir}{Default}.c.68K.o -prefix {KH68K} -model far {DepDir}{Default}.c +ccache-cfm68K = \ + "/mac/libraries/CCache API/bin/CCacheLib.68K" \ + "/mac/libraries/CCache API/bin/CCacheGlobalsLib.68K" -build-68KCFM : {GSSOBJS68KCFM} {K5OBJS68KCFM} -/bin/CFM-68K/ : {SRCDIRS} -.c.CFM68.o : .c {KHCFM-68K} - MWC68K {OPTIONS} -o {TargDir}{Default}.c.CFM68.o -prefix {KHCFM-68K} \ - -model cfmflat {DepDir}{Default}.c +ccache-ppc = \ + "/mac/libraries/CCache API/bin/CCacheLib.PPC" \ + "/mac/libraries/CCache API/bin/CCacheGlobalsLib.PPC" + +ccache-cfm68K-debug = \ + "/mac/libraries/CCache API/bin/CCacheLib.68K.debug" \ + "/mac/libraries/CCache API/bin/CCacheGlobalsLib.68K" -build-PPC : {GSSOBJSPPC} {K5OBJSPPC} -/bin/PPC/ : {SRCDIRS} -.c.PPC.o : .c {KHPPC} - MWCPPC {OPTIONS} -o {TargDir}{Default}.c.PPC.o -prefix {KHPPC} {DepDir}{Default}.c +ccache-ppc-debug = \ + "/mac/libraries/CCache API/bin/CCacheLib.PPC.debug" \ + "/mac/libraries/CCache API/bin/CCacheGlobalsLib.PPC" ################################################################################ ## -## Shared library initialization routines and TestTrack +## General rules ## ################################################################################ -build-gss-shlibglue : {GSSSHLIBOBJ68KCFM} {GSSSHLIBOBJPPC} -{GSSSHLIBOBJ68KCFM} : {GSSSHLIBSRC} {KHCFM-68K} - MWC68K {OPTIONS} -o {GSSSHLIBOBJ68KCFM} -prefix {KHCFM-68K} -model cfmflat {GSSSHLIBSRC} -{GSSSHLIBOBJPPC} : {GSSSHLIBSRC} {KHPPC} - MWCPPC {OPTIONS} -o {GSSSHLIBOBJPPC} -prefix {KHPPC} {GSSSHLIBSRC} - -build-k5-shlibglue : {K5SHLIBOBJ68KCFM} {K5SHLIBOBJPPC} -{K5SHLIBOBJ68KCFM} : {K5SHLIBSRC} {KHCFM-68K} - MWC68K {OPTIONS} -o {K5SHLIBOBJ68KCFM} -prefix {KHCFM-68K} -model cfmflat {K5SHLIBSRC} -{K5SHLIBOBJPPC} : {K5SHLIBSRC} {KHPPC} - MWCPPC {OPTIONS} -o {K5SHLIBOBJPPC} -prefix {KHPPC} {K5SHLIBSRC} - -build-testtrack : {TTOBJ68KCFM} {TTOBJPPC} -{TTOBJ68KCFM} : {TTSRC} {KHCFM-68K} - MWC68K {OPTIONS} -o {TTOBJ68KCFM} -prefix {KHCFM-68K} -model cfmflat {TTSRC} -{TTOBJPPC} : {TTSRC} {KHPPC} - MWCPPC {OPTIONS} -o {TTOBJPPC} -prefix {KHPPC} {TTSRC} +all : link-all glue +compile : compile-ppc compile-cfm68k compile-cfm-gss \ + compile-cfm-krb5 compile-testtrack ################################################################################ ## -## Precompiled headers +## Compilation rules ## ################################################################################ - -{KH68K} : {KH}KerberosHeaders.pch {KH}KerberosHeaders.h - MWC68K {KH}KerberosHeaders.pch -precompile {KH68K} {OPTIONS} -i {KH} -{KHCFM-68K} : {KH}KerberosHeaders.pch {KH}KerberosHeaders.h - MWC68K {KH}KerberosHeaders.pch -precompile {KHCFM-68K} {OPTIONS} \ - -i {KH} -model cfmflat -{KHPPC} : {KH}KerberosHeaders.pch {KH}KerberosHeaders.h - MWCPPC {KH}KerberosHeaders.pch -precompile {KHPPC} {OPTIONS} -i {KH} + +compile-cfm68k : {autogenerated-files} {gss-obj-cfm68k} {krb5-obj-cfm68k} +/bin/CFM-68K/ : {source-folders} +.c.CFM68.o : .c {autogenerated-files} {kerberos-headers-cfm68k} + MWC68K {compiler-options} -o {TargDir}{Default}.c.CFM68.o -prefix {kerberos-headers-cfm68k} \ + -model cfmflat {DepDir}{Default}.c + +compile-ppc : {autogenerated-files} {gss-obj-ppc} {krb5-obj-ppc} +/bin/PPC/ : {source-folders} +.c.PPC.o : .c {autogenerated-files} {kerberos-headers-ppc} + MWCPPC {compiler-options} -o {TargDir}{Default}.c.PPC.o -prefix {kerberos-headers-ppc} {DepDir}{Default}.c ################################################################################ ## -## Private version of MSL (different fragment name) +## Shared library initialization routines and TestTrack ## ################################################################################ -private-msl : "MSL C.PPC.DLL" "MSL C.CFM68K.DLL" "MSL RuntimePPC.DLL" "MSL RuntimeCFM68K.DLL" +compile-cfm-gss : {cfm-gss-obj-cfm68k} {cfm-gss-obj-ppc} +{cfm-gss-obj-cfm68k} : {autogenerated-files} {cfm-gss-src} {kerberos-headers-cfm68k} + MWC68K {compiler-options} -o {cfm-gss-obj-cfm68k} -prefix {kerberos-headers-cfm68k} -model cfmflat {cfm-gss-src} +{cfm-gss-obj-ppc} : {autogenerated-files} {cfm-gss-src} {kerberos-headers-ppc} + MWCPPC {compiler-options} -o {cfm-gss-obj-ppc} -prefix {kerberos-headers-ppc} {cfm-gss-src} -"MSL C.PPC.DLL" : "{MWPPCLibraries}MSL C.PPC.DLL" - Duplicate "{MWPPCLibraries}MSL C.PPC.DLL" "MSL C.PPC.DLL" - MergeFragment -c -n "MIT_*MITCLib" -t 'pwpc' -x "MSL C.PPC.DLL" +compile-cfm-krb5 : {cfm-krb5-obj-cfm68k} {cfm-krb5-obj-ppc} +{cfm-krb5-obj-cfm68k} : {autogenerated-files} {cfm-krb5-src} {kerberos-headers-cfm68k} + MWC68K {compiler-options} -o {cfm-krb5-obj-cfm68k} -prefix {kerberos-headers-cfm68k} -model cfmflat {cfm-krb5-src} +{cfm-krb5-obj-ppc} : {autogenerated-files} {cfm-krb5-src} {kerberos-headers-ppc} + MWCPPC {compiler-options} -o {cfm-krb5-obj-ppc} -prefix {kerberos-headers-ppc} {cfm-krb5-src} -"MSL RuntimePPC.DLL" : "{MWPPCLibraries}MSL RuntimePPC.DLL" - Duplicate "{MWPPCLibraries}MSL RuntimePPC.DLL" "MSL RuntimePPC.DLL" - MergeFragment -c -n "MIT_*MITRuntimeLib" -t 'pwpc' -x "MSL RuntimePPC.DLL" - -"MSL C.CFM68K.DLL" : "{MW68KLibraries}MSL C.CFM68K.DLL" - Duplicate "{MW68KLibraries}MSL C.CFM68K.DLL" "MSL C.CFM68K.DLL" - MergeFragment -c -n "MIT_*MITCLib" -t 'm68k' -x "MSL C.CFM68K.DLL" - -"MSL RuntimeCFM68K.DLL" : "{MW68KLibraries}MSL MWRuntimeLibCFM68K" - Duplicate "{MW68KLibraries}MSL MWRuntimeLibCFM68K" "MSL RuntimeCFM68K.DLL" - MergeFragment -c -n "MIT_*MITRuntimeLib" -t 'm68k' -x "MSL RuntimeCFM68K.DLL" +compile-testtrack : {testtrack-obj-cfm68k} {testtrack-obj-ppc} +{testtrack-obj-cfm68k} : {autogenerated-files} {testtrack-src} {kerberos-headers-cfm68k} + MWC68K {compiler-options} -o {testtrack-obj-cfm68k} -prefix {kerberos-headers-cfm68k} -model cfmflat {testtrack-src} +{testtrack-obj-ppc} : {autogenerated-files} {testtrack-src} {kerberos-headers-ppc} + MWCPPC {compiler-options} -o {testtrack-obj-ppc} -prefix {kerberos-headers-ppc} {testtrack-src} ################################################################################ ## -## Linking +## Precompiled headers ## ################################################################################ - -link : link-68K link-68KCFM link-PPC link-CFMFAT + +{kerberos-headers-cfm68k} : {kerberos-headers-root}KerberosHeaders.pch {kerberos-headers-root}KerberosHeaders.h + MWC68K {kerberos-headers-root}KerberosHeaders.pch -precompile {kerberos-headers-cfm68k} {compiler-options} \ + -i {kerberos-headers-root} -model cfmflat +{kerberos-headers-ppc} : {kerberos-headers-root}KerberosHeaders.pch {kerberos-headers-root}KerberosHeaders.h + MWCPPC {kerberos-headers-root}KerberosHeaders.pch -precompile {kerberos-headers-ppc} {compiler-options} -i {kerberos-headers-root} ################################################################################ ## -## 68 libraries +## Linking ## ################################################################################ +# fixme/ only build PPC for now +# link : link-cfm68k link-ppc link-fat -link-68K : libkrb5.68K libgss.68K - -# -# static 68K krb5 library -# - -libkrb5.68K libkrb5.68K.MAP :: autogenerate-files {K5OBJS68K} - MWLink68K -library -model far -o libkrb5.68K {K5OBJS68K} -libkrb5.68K :: /mac/version.r - Rez "/mac/version.r" -a -o libkrb5.68K - -# -# static GSS krb5 library -# - -libgss.68K libgss.68K.MAP :: autogenerate-files {GSSOBJS68K} - MWLink68K -library -model far -o libgss.68K {GSSOBJS68K} -libgss.68K :: /mac/version.r - Rez "/mac/version.r" -a -o libgss.68K +link : link-ppc link-fat +link-debug : link-ppc-debug link-fat-debug +link-all : link link-debug ################################################################################ ## @@ -341,34 +360,55 @@ libgss.68K :: /mac/version.r ## ################################################################################ -link-68KCFM : K5Library68K GSSLibrary68K +link-cfm68k : Kerberos5Lib.68K GSSLib.68K +link-cfm68k-debug : Kerberos5Lib.68K.debug GSSLib.68K.debug +link-cmf68k-all : link-cfm68k link-cfm68k-debug # # shared CFM-68K krb5 library # -K5Library68K K5Library68K.MAP :: autogenerate-files /mac/K5Library.exp {K5RTLCFM68K} {K5OBJS68KCFM} {K5SHLIBOBJ68KCFM} {TTOBJ68KCFM} +Kerberos5Lib.68K Kerberos5Lib.68K.MAP :: {autogenerated-files} /mac/K5Library.exp {libraries-krb5-cfm68k} {krb5-obj-cfm68k} {cfm-krb5-obj-cfm68k} {testtrack-obj-cfm68k} {ccache-cfm68k} MWLink68K -xm sharedlibrary -name K5Library -m "" \ - -model cfmflat -@export "/mac/K5Library.exp" -sym fullpath \ - -map K5Library68K.MAP -o K5Library68K \ + -model cfmflat -@export "/mac/K5Library.exp" -sym off \ + -map Kerberos5Lib.68K.MAP -o Kerberos5Lib.68K \ -init "__initializeK5" -term "__terminateK5" \ - -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib68K" \ - {K5RTLCFM68K} {K5OBJS68KCFM} {K5SHLIBOBJ68KCFM} {TTOBJ68KCFM} -K5Library68K :: /mac/version.r - Rez "/mac/version.r" -a -o K5Library68K + -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib" \ + {libraries-krb5-cfm68k} {krb5-obj-cfm68k} {cfm-krb5-obj-cfm68k} {testtrack-obj-cfm68k} {ccache-cfm68k} +Kerberos5Lib.68K :: /mac/version.r + Rez "/mac/version.r" -a -o Kerberos5Lib.68K + +Kerberos5Lib.68K.debug Kerberos5Lib.68K.debug.MAP :: {autogenerated-files} /mac/K5Library.exp {libraries-krb5-cfm68k} {krb5-obj-cfm68k} {cfm-krb5-obj-cfm68k} {testtrack-obj-cfm68k} {ccache-cfm68k-debug} + MWLink68K -xm sharedlibrary -name "MIT_*Kerberos5Lib.debug" -m "" \ + -model cfmflat -@export "/mac/K5Library.exp" -sym off \ + -map Kerberos5Lib.68K.MAP -o Kerberos5Lib.68K.debug \ + -init "__initializeK5" -term "__terminateK5" \ + -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib" \ + {libraries-krb5-cfm68k} {krb5-obj-cfm68k} {cfm-krb5-obj-cfm68k} {testtrack-obj-cfm68k} {ccache-cfm68k-debug} +Kerberos5Lib.68K.debug :: /mac/version.r + Rez "/mac/version.r" -a -o Kerberos5Lib.68K.debug # # shared CFM-68K GSS library # -GSSLibrary68K GSSLibrary68K.MAP :: autogenerate-files K5Library68K /mac/GSSLibrary.exp {GSSRTLCFM68K} {GSSOBJS68KCFM} {GSSSHLIBOBJ68KCFM} +GSSLib.68K GSSLib.68K.MAP :: {autogenerated-files} Kerberos5Lib.68K /mac/GSSLibrary.exp {libraries-gss-cfm68k} {gss-obj-cfm68k} {cfm-gss-obj-cfm68k} MWLink68K -xm sharedlibrary -name GSSLibrary -m "" \ - -model cfmflat -@export "/mac/GSSLibrary.exp" -sym fullpath \ - -map GSSLibrary68K.MAP -o GSSLibrary68K \ + -model cfmflat -@export "/mac/GSSLibrary.exp" -sym off \ + -map GSSLib.68K.MAP -o GSSLib.68K \ + -init "__initializeGSS" -term "__terminateGSS" \ + {libraries-gss-cfm68k} {gss-obj-cfm68k} {cfm-gss-obj-cfm68k} Kerberos5Lib.68K +GSSLib.68K :: /mac/version.r + Rez "/mac/version.r" -a -o GSSLib.68K + +GSSLib.68K.debug GSSLib.68K.debug.MAP :: {autogenerated-files} Kerberos5Lib.68K /mac/GSSLibrary.exp {libraries-gss-cfm68k} {gss-obj-cfm68k} {cfm-gss-obj-cfm68k} + MWLink68K -xm sharedlibrary -name "MIT_*GSSLib.debug" -m "" \ + -model cfmflat -@export "/mac/GSSLibrary.exp" -sym off \ + -map GSSLib.68K.MAP -o GSSLib.68K.debug \ -init "__initializeGSS" -term "__terminateGSS" \ - {GSSRTLCFM68K} {GSSOBJS68KCFM} {GSSSHLIBOBJ68KCFM} K5Library68K -GSSLibrary68K :: /mac/version.r - Rez "/mac/version.r" -a -o GSSLibrary68K + {libraries-gss-cfm68k} {gss-obj-cfm68k} {cfm-gss-obj-cfm68k} Kerberos5Lib.68K +GSSLib.68K :: /mac/version.r + Rez "/mac/version.r" -a -o GSSLib.68K.debug ################################################################################ ## @@ -376,204 +416,227 @@ GSSLibrary68K :: /mac/version.r ## ################################################################################ -link-PPC : libkrb5.PPC K5LibraryPPC libgss.PPC GSSLibraryPPC - -# -# PPC krb5 libraries -# static PPC krb5 library -# - -libkrb5.PPC libkrb5.PPC.MAP :: autogenerate-files {K5OBJSPPC} - MWLinkPPC -library -o libkrb5.PPC {K5OBJSPPC} -libkrb5.PPC :: /mac/version.r - Rez "/mac/version.r" -a -o libkrb5.PPC +link-ppc : Kerberos5Lib.PPC GSSLib.PPC +link-ppc-debug : Kerberos5Lib.PPC.debug GSSLib.PPC.debug +link-ppc-all : link-ppc link-ppc-debug # # shared PPC krb5 library # -K5LibraryPPC K5LibraryPPC.MAP :: autogenerate-files /mac/K5Library.exp {K5RTLCFMPPC} {K5OBJSPPC} {K5SHLIBOBJPPC} {TTOBJPPC} +Kerberos5Lib.PPC Kerberos5Lib.PPC.MAP :: {autogenerated-files} /mac/K5Library.exp {libraries-krb5-ppc} {krb5-obj-ppc} {cfm-krb5-obj-ppc} {testtrack-obj-ppc} {ccache-ppc} MWLinkPPC -sharedlibrary -name K5Library -m "" \ - -@export "/mac/K5Library.exp" -sym fullpath -init "__initializeK5" \ + -@export "/mac/K5Library.exp" -sym on -init "__initializeK5" \ -term "__terminateK5" \ -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib" \ - -map K5LibraryPPC.MAP -o K5LibraryPPC \ - {K5RTLCFMPPC} {K5OBJSPPC} {K5SHLIBOBJPPC} {TTOBJPPC} -K5LibraryPPC :: /mac/version.r - Rez "/mac/version.r" -a -o K5LibraryPPC - -# -# PPC GSS libraries -# - -# -# static PPC GSS library -# + -map K5LibraryPPC.MAP -o Kerberos5Lib.PPC \ + {libraries-krb5-ppc} {krb5-obj-ppc} {cfm-krb5-obj-ppc} {testtrack-obj-ppc} {ccache-ppc} +Kerberos5Lib.PPC :: /mac/version.r + Rez "/mac/version.r" -a -o Kerberos5Lib.PPC + +Kerberos5Lib.PPC.debug Kerberos5Lib.PPC.debug.MAP :: {autogenerated-files} /mac/K5Library.exp {libraries-krb5-ppc} {krb5-obj-ppc} {cfm-krb5-obj-ppc} {testtrack-obj-ppc} {ccache-ppc-debug} + MWLinkPPC -sharedlibrary -name "MIT_*Kerberos5Lib.debug" -m "" \ + -@export "/mac/K5Library.exp" -sym on -init "__initializeK5" \ + -term "__terminateK5" \ + -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib" \ + -map K5LibraryPPC.debug.MAP -o Kerberos5Lib.PPC.debug \ + {libraries-krb5-ppc} {krb5-obj-ppc} {cfm-krb5-obj-ppc} {testtrack-obj-ppc} {ccache-ppc-debug} +Kerberos5Lib.PPC.debug :: /mac/version.r + Rez "/mac/version.r" -a -o Kerberos5Lib.PPC.debug -libgss.PPC libgss.PPC.MAP :: autogenerate-files {GSSOBJSPPC} - MWLinkPPC -library -o libgss.PPC {GSSOBJSPPC} -libgss.PPC :: /mac/version.r - Rez "/mac/version.r" -a -o libgss.PPC # # shared PPC GSS library # -GSSLibraryPPC GSSLibraryPPC.MAP :: autogenerate-files K5LibraryPPC /mac/GSSLibrary.exp {GSSRTLCFMPPC} {GSSOBJSPPC} {GSSSHLIBOBJPPC} +GSSLib.PPC GSSLib.PPC.MAP :: {autogenerated-files} Kerberos5Lib.PPC /mac/GSSLibrary.exp {libraries-gss-ppc} {gss-obj-ppc} {cfm-gss-obj-ppc} MWLinkPPC -sharedlibrary -name GSSLibrary -m "" \ - -@export "/mac/GSSLibrary.exp" -sym fullpath -init "__initializeGSS" \ - -term "__terminateGSS" -map GSSLibraryPPC.MAP -o GSSLibraryPPC \ - {GSSRTLCFMPPC} {GSSOBJSPPC} {GSSSHLIBOBJPPC} K5LibraryPPC -GSSLibraryPPC :: /mac/version.r - Rez "/mac/version.r" -a -o GSSLibraryPPC + -@export "/mac/GSSLibrary.exp" -sym on -init "__initializeGSS" \ + -term "__terminateGSS" -map GSSLib.PPC.MAP -o GSSLib.PPC \ + {libraries-gss-ppc} {gss-obj-ppc} {cfm-gss-obj-ppc} Kerberos5Lib.PPC +GSSLib.PPC :: /mac/version.r + Rez "/mac/version.r" -a -o GSSLib.PPC + +GSSLib.PPC.debug GSSLib.PPC.debug.MAP :: {autogenerated-files} Kerberos5Lib.PPC.debug /mac/GSSLibrary.exp {libraries-gss-ppc} {gss-obj-ppc} {cfm-gss-obj-ppc} + MWLinkPPC -sharedlibrary -name "MIT_*GSSLib.debug" -m "" \ + -@export "/mac/GSSLibrary.exp" -sym on -init "__initializeGSS" \ + -term "__terminateGSS" -map GSSLib.PPC.debug.MAP -o GSSLib.PPC.debug \ + {libraries-gss-ppc} {gss-obj-ppc} {cfm-gss-obj-ppc} Kerberos5Lib.PPC.debug +GSSLib.PPC.debug :: /mac/version.r + Rez "/mac/version.r" -a -o GSSLib.PPC.debug ################################################################################ ## ## Fat libraries ## ################################################################################ +# fixme/ not really fat, just ppc -link-CFMFAT : GSSLib +link-fat : GSSLib +link-fat-debug : GSSLib.debug +link-fat-all :Êlink-fat link-fat-debug -GSSLib : GSSLibraryPPC GSSLibrary68K K5LibraryPPC K5Library68K +GSSLib : GSSLib.PPC Kerberos5Lib.PPC {ccache-ppc} # GSSLib.68K Kerberos5Lib.68K {ccache-cfm68k} Delete -i GSSLib - Duplicate -y GSSLibraryPPC GSSLib - MergeFragment GSSLibrary68K GSSLib - MergeFragment K5LibraryPPC GSSLib - MergeFragment K5Library68K GSSLib - MergeFragment "MSL C.PPC.DLL" -t 'pwpc' GSSLib - MergeFragment "MSL C.CFM68K.DLL" -t 'm68k' GSSLib - MergeFragment "MSL RuntimePPC.DLL" -t 'pwpc' GSSLib - MergeFragment "MSL RuntimeCFM68K.DLL" -t 'm68k' GSSLib + Duplicate -y GSSLib.PPC GSSLib +# MergeFragment GSSLib.68K GSSLib + MergeFragment "/bin/MIT CLib.PPC" GSSLib + MergeFragment "/bin/MIT RuntimeLib.PPC" GSSLib + MergeFragment Kerberos5Lib.PPC GSSLib +# MergeFragment Kerberos5Lib.68K GSSLib +# MergeFragment "/bin/MIT CLib.68K" GSSLib +# MergeFragment "/bin/MIT RuntimeLib.68K" GSSLib +# MergeFragment "/mac/libraries/CCache API/bin/CCacheLib.68K" GSSLib +# MergeFragment "/mac/libraries/CCache API/bin/CCacheGlobalsLib.68K" GSSLib + MergeFragment "/mac/libraries/CCache API/bin/CCacheLib.PPC" GSSLib + MergeFragment "/mac/libraries/CCache API/bin/CCacheGlobalsLib.PPC" GSSLib + DeRez -only "'cfrg'(0)" GSSLib "{RIncludes}"CodeFragments.r | StreamEdit -s /mac/FragmentAlias.mpw | Rez -a -o GSSLib -i "{RIncludes}" -################################################################################ -## -## Clean targets -## -################################################################################ - -clean : autogenerate-clean - Delete -i {GSSOBJS68K} {GSSOBJSPPC} {GSSOBJS68KCFM} \ - {K5OBJS68K} {K5OBJSPPC} {K5OBJS68KCFM} \ - {KH68K} {KHPPC} {KHCFM-68K} \ - {GSSSHLIBOBJ68KCFM} {GSSSHLIBOBJPPC} \ - {K5SHLIBOBJ68KCFM} {K5SHLIBOBJPPC} - -dist-clean : clean - Delete -i -y /bin - Delete -i GSSLib GSSLibraryPPC GSSLibrary68K K5LibraryPPC K5Library68K \ - GSSLibrary68K.MAP GSSLibrary68K.SYM GSSLibraryPPC.MAP GSSLibraryPPC.xSYM \ - K5Library68K.MAP K5Library68K.SYM K5LibraryPPC.MAP K5LibraryPPC.xSYM \ - libkrb5.68K libgss.68K libkrb5.PPC libgss.PPC \ - "MSL C.PPC.DLL" "MSL C.CFM68K.DLL" "MSL RuntimePPC.DLL" "MSL RuntimeCFM68K.DLL" \ - /mac/libraries/KerberosHeaders.pch.68k.o /mac/libraries/KerberosHeaders.pch.ppc.o \ - Makefile -# clean-mit : -# Delete -i {GSSOBJ68KCFM-TT} {GSSOBJPPC-TT} +GSSLib.debug : GSSLib.PPC.debug Kerberos5Lib.PPC.debug {ccache-ppc-debug} # GSSLib.68K.debug Kerberos5Lib.68K.debug {ccache-cfm68k-debug} + Delete -i GSSLib.debug + Duplicate -y GSSLib.PPC.debug GSSLib.debug +# MergeFragment GSSLib.68K.debug GSSLib.debug + MergeFragment "/bin/MIT CLib.PPC" GSSLib.debug + MergeFragment "/bin/MIT RuntimeLib.PPC" GSSLib.debug + MergeFragment Kerberos5Lib.PPC.debug GSSLib.debug +# MergeFragment Kerberos5Lib.68K.debug GSSLib.debug +# MergeFragment "/bin/MIT CLib.68K" GSSLib.debug +# MergeFragment "/bin/MIT RuntimeLib.68K" GSSLib.debug +# MergeFragment "/mac/libraries/CCache API/bin/CCacheLib.68K.debug" GSSLib.debug +# MergeFragment "/mac/libraries/CCache API/bin/CCacheGlobalsLib.68K" GSSLib + MergeFragment "/mac/libraries/CCache API/bin/CCacheLib.PPC.debug" GSSLib.debug + MergeFragment "/mac/libraries/CCache API/bin/CCacheGlobalsLib.PPC" GSSLib.debug + DeRez -only "'cfrg'(0)" GSSLib.debug "{RIncludes}"CodeFragments.r | StreamEdit -s /mac/FragmentAlias.mpw | Rez -a -o GSSLib.debug -i "{RIncludes}" ################################################################################ ## -## MIT specific (TestTrack) versions -## We are not building these right now because we folded TestTrack into -## main library, weak-linked -## -################################################################################ - -# -# TestTrack sources -# - -# SRCS-TT = /mac/TestTrack/mitTestTrackGlue.c - -# -# TestTrack objects -# - -# GSSOBJ68KCFM-TT = /bin/CFM-68K/mitTestTrackGlue.c.68K.o -# GSSOBJPPC-TT = /bin/PPC/mitTestTrackGlue.c.PPC.o - -# -# TestTrack includes -# - -# INCLUDES-TT = -i /mac/TestTrack/ - -# -# TestTrack compiler options -# - -# OPTIONS-TT = {INCLUDES-TT} {INCLUDES} -enum int -opt all -strings pool -mapcr \ -# -mpw_pointers -warnings off -fatext -nosyspath -maxerrors 1000 \ -# -align mac68k -opt off -toc_data on -fp_contract on -sym fullpath - -################################################################################ -## -## TestTrack rules -## -################################################################################ - -# all-mit : build-testtrack link-testtrack - -# build-testtrack : build-68KCFM build-PPC build-testtrackglue - -# build-testtrackglue : {GSSOBJ68KCFM-TT} {GSSOBJPPC-TT} -# {GSSOBJ68KCFM-TT} : {SRCS-TT} {KHCFM-68K} -# MWC68K {OPTIONS-TT} -o {GSSOBJ68KCFM-TT} -prefix {KHCFM-68K} \ -# -model cfmflat {SRCS-TT} -# {GSSOBJPPC-TT} : {SRCS-TT} {KHPPC} -# MWCPPC {OPTIONS-TT} -o "/bin/PPC/" -prefix {KHPPC} {SRCS-TT} - -################################################################################ -## -## TestTrack linking +## Clean targets ## ################################################################################ -# link-testtrack : link-68KCFM-TT link-PPC-TT link-CFMFAT-TT +# This target punts things that get created during an MPW build -################################################################################ -## -## CFM-68K TestTrack -## -################################################################################ - -# link-68KCFM-TT : GSSLibraryMIT.68K -# GSSLibraryMIT.68K GSSLibraryMIT.68K.MAP :: /mac/GSSLibrary.TT.exp {GSSRTLCFM68K} {GSSOBJ68KCFM-TT} /mac/TestTrack/MITAthenaLib {GSSOBJS68KCFM} -# MWLink68K -xm sharedlibrary -name GSSLibrary -m "" \ -# -model cfmflat -@export "/mac/GSSLibrary.TT.exp" \ -# -init "__initializeTTglue" -term "__terminateTTglue" \ -# -sym fullpath -map GSSLibraryMIT.68K.MAP -o GSSLibraryMIT.68K \ -# {GSSRTLCFM68K} \ -# {GSSOBJ68KCFM-TT} -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib68K" \ -# {GSSOBJS68KCFM} -# GSSLibraryMIT.68K :: /mac/version.r -# Rez "/mac/version.r" -a -o GSSLibraryMIT.68K +clean : autogenerate-clean glue-clean + Delete -i {gss-obj-cfm68k} {gss-obj-ppc} \ + {krb5-obj-cfm68k} {krb5-obj-ppc} \ + {kerberos-headers-cfm68k} {kerberos-headers-ppc} \ + {cfm-gss-obj-cfm68k} {cfm-gss-obj-ppc} \ + {cfm-krb5-obj-cfm68k} {cfm-krb5-obj-ppc} -################################################################################ -## -## PPC TestTrack -## -################################################################################ +# This target also punts everything that gets created in other ways during normal +# build process (CW files etc) -# link-PPC-TT : GSSLibraryMIT.PPC -# GSSLibraryMIT.PPC GSSLibraryMIT.PPC.MAP :: /mac/GSSLibrary.TT.exp {GSSRTLCFMPPC} {GSSOBJPPC-TT} /mac/TestTrack/MITAthenaLib {GSSOBJSPPC} -# MWLinkPPC -sharedlibrary -name GSSLibrary -m "" \ -# -@export "/mac/GSSLibrary.TT.exp" \ -# -init "__initializeTTglue" -term "__terminateTTglue" \ -# -sym fullpath -map GSSLibraryMIT.PPC.MAP -o GSSLibraryMIT.PPC \ -# {GSSRTLCFMPPC} \ -# {GSSOBJPPC-TT} -weakimport /mac/TestTrack/MITAthenaLib -initbefore "MIT_*TestTrackLib" \ -# {GSSOBJSPPC} -# GSSLibraryMIT.PPC :: /mac/version.r -# Rez "/mac/version.r" -a -o GSSLibraryMIT.PPC +dist-clean : clean + Delete -i -y /bin \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT C.CFM68K DLL.prj Data" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT C.PPC DLL.prj Data" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT RuntimeCFM68K DLL.prj Data" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT RuntimePPC DLL.prj Data" + Delete -i GSSLib GSSLib.PPC GSSLib.68K Kerberos5Lib.PPC Kerberos5Lib.68K \ + GSSLib.68K.MAP GSSLib.68K.SYM GSSLib.PPC.MAP GSSLib.PPC.xSYM \ + Kerberos5Lib.68K.MAP Kerberos5Lib.68K.SYM Kerberos5Lib.PPC.MAP Kerberos5Lib.PPC.xSYM \ + /mac/libraries/KerberosHeaders.pch.68k.o /mac/libraries/KerberosHeaders.pch.ppc.o \ + Makefile + +################################################################################ +## +## Snapshot +## +################################################################################ + +mac-files = `perl "/mac/macfile_gen.pl" maclist` +mac-folders = `perl "/mac/macfile_gen.pl" macdirs` + +all-mac-files = {mac-files} {classic-glue-input} {autogeneration-sources} /Makefile.in /patchlevel.h \ + /util/et/et_h.perl /util/et/et_c.perl \ + /mac/GSS.CFM.c \ + /mac/GSSLibrary.exp \ + /mac/GSSLibrary.SAP.exp \ + /mac/K5.CFM.c \ + /mac/K5Library.exp \ + /mac/krb5.ini \ + /mac/macfile_gen.pl \ + /mac/Makefile.tmpl \ + /mac/ReadMe \ + /mac/version.r \ + /mac/FragmentAlias.mpw \ + /mac/RunAppleScript.pl \ + "/mac/Release notes" \ + /mac/libraries/autoconf.h \ + /mac/libraries/ChangeLog \ + /mac/libraries/KerberosHeaders.h \ + /mac/libraries/KerberosHeaders.pch \ + /mac/libraries/KerberosHeadersCFM.pch \ + "/mac/libraries/CodeWarrior Dependencies/Pro2.prj" \ + "/mac/libraries/CodeWarrior Dependencies/Pro4.prj" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT C.CFM68K DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT C.PPC DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT RuntimeCFM68K DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT RuntimePPC DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT C.CFM68K DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT C.PPC DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT RuntimeCFM68K DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 2/MIT RuntimePPC DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT C.CFM68K DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT C.PPC DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT RuntimeCFM68K DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT RuntimePPC DLL.prj" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT C.CFM68K DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT C.PPC DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT RuntimeCFM68K DLL.doc" \ + "/mac/libraries/Metrowerks/CW Pro 4/MIT RuntimePPC DLL.doc" \ + "/mac/libraries/CCache API/include/CCache.h" \ + "/mac/libraries/CCache API/bin/CCacheGlobalsLib.68K" \ + "/mac/libraries/CCache API/bin/CCacheGlobalsLib.PPC" \ + "/mac/libraries/CCache API/bin/CCacheLib.68K.debug" \ + "/mac/libraries/CCache API/bin/CCacheLib.PPC.debug" \ + "/mac/libraries/CCache API/bin/CCacheLib.68K" \ + "/mac/libraries/CCache API/bin/CCacheLib.PPC" \ + /mac/TestTrack/ChangeLog \ + /mac/TestTrack/GSSforSAP.r \ + /mac/TestTrack/MITAthenaLib \ + /mac/TestTrack/ShlibTestTrack.c \ + /mac/TestTrack/ShlibTestTrack.h \ + /mac/TestTrack/TestTrackLib.h \ + /mac/TestTrack/testtrack.h \ + /mac/templatify.pl +all-mac-folders = /config/ /include/ /include/krb5/ /include/krb5/stock/ \ + /include/sys/ /lib/ /lib/krb5/ /lib/gssapi/ /util/ {mac-folders} \ + /mac/ \ + /mac/kconfig/ \ + /mac/libraries/ \ + "/mac/libraries/CodeWarrior Dependencies/" \ + /mac/libraries/Metrowerks/ \ + "/mac/libraries/Metrowerks/CW Pro 2/" \ + "/mac/libraries/Metrowerks/CW Pro 4/" \ + "/mac/libraries/CCache API/" \ + "/mac/libraries/CCache API/bin" \ + "/mac/libraries/CCache API/include" \ + /mac/testtrack/ + +snapshot : autogenerate-clean + NewFolder {snapshot-root} + For shapshot-folder in {all-mac-folders} + NewFolder "{snapshot-root}{shapshot-folder}" + if "`Exists {TargDir}"{shapshot-folder}Makefile.in"`" + Duplicate -y {TargDir}"{shapshot-folder}Makefile.in" {snapshot-root}"{shapshot-folder}Makefile.in" + SetFile -a l {snapshot-root}"{shapshot-folder}Makefile.in" + end + end + For snapshot-file in {all-mac-files} + if "`Exists {TargDir}"{snapshot-file}"`" + Duplicate -y {TargDir}"{snapshot-file}" {snapshot-root}"{snapshot-file}" + SetFile -a l {snapshot-root}"{snapshot-file}" + end + end + Duplicate /mac/Makefile.initial {snapshot-root}/Makefile + SetFile -a l {snapshot-root}/Makefile ################################################################################ ## -## Fat TestTrack +## Makefile ## ################################################################################ -# link-CFMFAT-TT : GSSLibMIT -# GSSLibMIT : GSSLibraryMIT.68K GSSLibraryMIT.PPC -# Duplicate -y GSSLibraryMIT.68K GSSLibMIT -# MergeFragment GSSLibraryMIT.PPC GSSLibMIT +Makefile : /mac/Makefile.tmpl + perl /mac/macfile_gen.pl diff --git a/src/mac/ReadMe b/src/mac/ReadMe index b2cd9e9e0f..4723dd003b 100644 --- a/src/mac/ReadMe +++ b/src/mac/ReadMe @@ -1,89 +1,134 @@ -To Build the Macintosh version of Kerberos 5 and GSS: +Building the Macintosh version of Kerberos 5 and GSS +---------------------------------------------------- ---- Installing tools --- - - 1) Install CodeWarrior Pro 2 with MPW +(Last updated $Date$) - 2) Copy "MSL C.CFM68K.DLL" from - "Metrowerks:Metrowerks CodeWarrior:Metrowerks Standard Library:MSL C:Bin:" to - "Metrowerks:CodeWarrior MPW:Interfaces&Libraries:Libraries:MW68KLibraries:" +If you have questions or comments about the Macintosh build process, +send e-mail to . - 3) Copy "MSL C.PPC.DLL" from - "Metrowerks:Metrowerks CodeWarrior:Metrowerks Standard Library:MSL C:Bin:" to - "Metrowerks:CodeWarrior MPW:Interfaces&Libraries:Libraries:MWPPCLibraries:" - 4) Download MacPerl and MacPerl MPW tool from - +To build the Macintosh version of Kerberos 5 and GSS: - 5) Install MacPerl and MacPerl MPW tool +--- Installing tools --- ---- Preparing Kerberos v5 build tree --- + 1) Install CodeWarrior Pro 4, including MPW. + This build of Kerberos v5 and GSS requires CodeWarrior Pro4 MPW tools! - 6) Launch MPW + 2) Download MacPerl and MacPerl MPW tool from + + + + The MacPerl directory contains several versions of the app and the MPW + tool. The *_appl and *_tool versions work properly with our scripts, e.g., + you should download "Mac_Perl_520r4_appl.bin" and "Mac_Perl_520r4_tool.bin". - 7) Set directory in MPW to the top level of Kerberos 5 distribution + 3) Install MacPerl and MacPerl MPW tool (by following the installation + instructions provided with them). - 8) Execute "perl :mac:macfile_get.pl" in MPW +--- Preparing Kerberos v5 build tree --- - 9) Build target "create-directories" in MPW - ---- Building libraries --- + 4) Launch MPW. - 10) Build target "all" in MPW. Wait. + 5) Set directory in MPW to the top level of Kerberos 5 distribution + (e.g. "GSS-Kerberos5-1.0.5"). ---- Building the Cygnus Network Security Application --- + 6) Build target "all" in MPW. + This will create a new Makefile, and launch your CodeWarrior IDE to build + some CodeWarrior projects. You may be asked to locate CodeWarrior IDE. + +--- Building libraries --- - 11) Open the project file :mac:kconfig:kconfig.µ in CodeWarrior Pro 2 IDE + 7) Build target "all" in MPW. Wait. - 12) Select Make from the Project menu + Example build times: 30-40 minutes on a G3 machine, 80 minutes + on a PowerMac 9600/233. + + You may receive some compile warnings about an ignored pragma, warnings + about illegal implicit const pointer conversions, and some link warnings. + These are normal and can be ignored. + + We used to see MPW crash during the link stage of the build. We think this + has been fixed. If this happens to you, you should restart MPW and start + the build again, and report the problem to macdev@mit.edu. ---- Installation --- +--- Binaries --- The following assumes that you have followed the steps above to build - the Kerberos libraries. What you now have supports both the Kerberos - and GSS APIs. Each is supported as both a shared library and a Code - Warrior static link library for 68k Macs. Following are the binary - components provided in this release: - - * Code Fragment Manager libraries for 68k Macintosh - (:mac:libraries:GSSLibrary and :mac:libraries:GSSLib) - - * Code Warrior static libraries for 68k Macintosh - (:mac:libraries:libgss and :mac:libraries:libkrb5) - - * Cygnus Network Security Configuration program - (:mac:kconfig:CNS Config) - + the GSS & Kerberos 5 libraries. What you now have supports both the + Kerberos 5 and GSS APIs. Each is supported as both CFM shared libraries + and CodeWarrior static link libraries for both 68k & PowerPC Macs. + We strongly recommend you use the CFM shared libraries. + + The following binary components are provided/built in this release: + + :GSSLib + * Fat CFM Shared Library including both GSS and Kerberos 5 libraries. + * Not for linking against in your projects; include in distributions to + be placed in System Folder:Extensions. + + :GSSLibrary68K + * CFM Shared Library including GSS for 68k Macs. + + :GSSLibraryPPC + * CFM Shared Library including GSS for PowerPC Macs. + + :K5Library68K + * CFM Shared Library including Kerberos 5 for 68k Macs. + + :K5LibraryPPC + * CFM Shared Library including Kerberos 5 for PowerPC Macs. + + :mac:krb5.ini * Sample krb5.ini file using CYGNUS.COM as the default realm - (:mac:krb5.ini) - * An include directory containing the files necessary - for development (:include) + :include + * An include directory containing the files necessary for development - To install the Kerberos system: +--- Installation --- - 1) Drop the :mac:krb5.ini file into the "Preferences" - folder contained in the "System Folder". - - 2) To install the shared libraries (optional), simply copy the - "GSS Library" and "Kerberos 5 Library" files to the "Extensions" - folder in the "System Folder". + To install the Kerberos 5 system on your Mac: + 1) Copy the :mac:krb5.ini file (configured for your site) into + the "Preferences" folder in the "System Folder". + + 2) Install the shared libraries by copying the "GSSLib" file + to the "Extensions" folder in the "System Folder". + + 3) If you are using System 7.6 or earlier on a 68K Mac, install + the CFM-68K Runtime Enabler 4.0, available from Apple at: + + --- Getting Started Programming --- - You may program using either the Kerberos or GSS APIs. As delivered, the - libraries containing the GSS API are complete. They do not rely on the - krb5 library. - - To add Kerberos utility to a Code Warrior based application: - - 1) Decide on whether to use CFM or static libraries. + You can program using either the Kerberos 5 or GSS APIs. (Currently the + GSS Library depends on the krb5 library; this means you will have to + link against both if you are using static libraries.) - 2) Decide on whether to use ther Kerberos or GSS APIs. - - 3) Drag the appropriate library into your project - (One of: :mac:libraries:libgss, mac:libraries:libkrb5, - :mac:libraries:GSS Library or :mac:libraries:Kerberos 5 Library). - - 4) Set the project options to 4 byte integers and enums treated as ints. + To add Kerberos functionality to a Code Warrior based application: + + 1) PPC application: use shared libraries: + For GSSAPI, add GSSLibraryPPC to your project + For Kerberos v5 API, add K5LibraryPPC to your project + Set the project options to 4 byte integers and enums treated as ints. + + 2) CFM-68K application: use shared libraries + For GSSAPI, add GSSLibrary68K to your project + For Kerberos v5 API, add K5Library68K to your project + Set the project options to 4 byte integers and enums treated as ints. + + 3) Classic 68K application: use glue for shared libraries + For GSSAPI, add GSS.CFMglue.c to your project + For Kerberos v5 API, add K5.CFMglue.c to your project + Set the project options to 4 byte integers and enums treated as ints. + + A PDF document describing the Kerberos 5 API is located at: + + + + (That document was created from tex files in the main Kerberos 5 source tree.) + + The GSSAPI is described in Internet RFC's 1508 and 1509: + + + diff --git a/src/mac/SAP/GSSforSAP.r b/src/mac/SAP/GSSforSAP.r index ca25a83846..1a3865ae8e 100644 --- a/src/mac/SAP/GSSforSAP.r +++ b/src/mac/SAP/GSSforSAP.r @@ -77,9 +77,8 @@ resource 'ALRT' (135, nonpurgeable) { OK, visible, sound1, /* [4] */ OK, visible, sound1 - } - /****** Extra bytes follow... ******/ - /* $"0000" /* .. */ + }, + alertPositionParentWindowScreen }; resource 'ALRT' (136, nonpurgeable) { @@ -94,9 +93,8 @@ resource 'ALRT' (136, nonpurgeable) { OK, visible, sound1, /* [4] */ OK, visible, sound1 - } - /****** Extra bytes follow... ******/ - /* $"0000" /* .. */ + }, + alertPositionParentWindowScreen }; resource 'actb' (136) { diff --git a/src/mac/kconfig/kconfig.sit.hqx b/src/mac/kconfig/kconfig.sit.hqx deleted file mode 100644 index 81f28b42e0..0000000000 --- a/src/mac/kconfig/kconfig.sit.hqx +++ /dev/null @@ -1,347 +0,0 @@ -(This file must be converted with BinHex 4.0) -:#fYMEfjQD@FZFfPd!&0*9%46593K!*!%3*J!N!4jd90*9#%!!J!!3*Kb6'&e!RX -!N!-@EhX0!!aVBfpZCQPR,R*cFQ-!N!4)!*!$5!#3"3%!!3!")*S*KJ#3%M%h!*! -%rj!%8P053d4[G@FK!+YHRJ5a`Am+!!"aI!#3"M#a!*!%cFJ!N!K'a!l!q,kc+jS -6lR9fXBl+hHECVGc,mTHMEGh-kccqAV(-r0CpfHR6c&jqRPIdkefiRFUlMY-pL$h -FCqGe[I'&rr)m@aH[5ATjR9'qk-)0HQbcDcPGM*IRdhhQfA8XEqAq1M-2k+VVqVj -*$rFRj%YN13,*!*)&*!H5J`3DZHA)38SJ3!ImIT01a"+4$EmPXKlri0r$qBqRj[V -1hTieh@YRprAhGDi*5%#@VeMHeYklDHeTBJ@PljMr'2lbKNpIrFQ3!2&YE(Q$l33 -*TaNLmPaVeFL!G8NSF-8le&q(b(1YYU'UUqGFIGl9ElhkI#pUNT`VCpm6N!""H'q -65Shk"HXNf@LY+'&lIN,3+hm(EefSXUfMTl0V[FDF)[dbblUUhL#F+P0PYP`rG0b -Lh[k"FpYl0h4dpjM)&Z!X,H'd5+YF!Cb+j9dGkcF`iYFN2''!!L'C*Ee$G93JXRK -CT'2ekVkZr[lA9*J[lE)8@'89b2"YdL2h9p3X@,fKZbI5hp9hBaHbhkU9ic6q3pD -CFSr98G,(mh[kI%K'i$ejA*p+HEHFB$8-6AY(9pqUVVlHrXLbM[lqQhVl9NIDeRA -dV1e5P)MF*A1XDcaP)R+pc*%2$i@@GQ``mA-4[lJ82eG1NX@)VfrEe0IAe603SQ5 -+%l"@PE#@)b0A!DYQDGG04h#Z"miY*CcVj'6j&H#F(Z%C!jXmXkpVB22'VXK!E`6 -Cd,eQmeR!QbT,j"*je(T!,%ZV,mjlDE`@q$i6Z&4@5pVkkp(!AmErSRX[ZPHG6eM -VT#(JeSMV`,[)qrZ42"E+PZqr1fjLr&LH-QB9X+V'#q5P2lFAPSZI(V&SlGSP!GS -IrlJ%DDpC)b(Djjm[&BU#"#B+2'(D`+ZL$EaUfX#E4"YiabNEp"CN!lc*Y"&45aY -iGE5"9dmEH!h+@U54V)&h2'hJ6D'0b+QdJAF#EH#GU1U)6+-k`$Z*0["1TJfm0p% -'`R6D`$Y&984*T)Vi0p%'AS3fm%kM$E`CY)(dCP9Ej(5U$GpED!2[$0V!1j-fm'E -5"YjCQK8LCc-Vi)R5"YijY)!hLcE`CY-'hVND,6+(dF!lMcBLhNSEH0"5mq-#fX# -l8&Q)r!aC!1pRD31[Q6BLjp)'hYYS!qmLC5XbMfb"phED`*Y2'hJYY)(35KYi#e3 -9NB98"AKYY2&[T`fmLfN$la,D3,T8e80pSAV!@d`E-CI4"YilD!0[#@hJADiULbb -Pb["F34YibfJ$ldVD`&Y1'hJV0"Y%9M)EJ(F9E86%D!2[RE5!pblD`2XjM4*j0k1 -!pr1dJIF,Y"(j(YV!ZjSfm+j4G$5)4!GH"fhJVD)0[%lD3&K0'hKGbK)T3*E!@dX -EH1YSipp0'hMAd3E5pDS'1R#U!E`0Y)(A3aZa[E5"Yj%fm'j3e86kU"SmrE5"0d! -EH*YS!qp'fX#l5G89ZCRU!QmcE86m)QhJh8)EH&YS!qp@c3)dYm`#i'fP$Ea"fSL --d`EHlE5!peleSPHK&hLr4"Yi[d`EH(I3"X)3EH#pAe&&2N"8i(f3!$E`2N3EH,p -#'rpYY)'dAGQ*l#!li2dRfX$l-'hJIB3f-1kN$Eb2UJSL(k-+m0a&'hKhd`DHCLr -`2N%EH,qUDU'9TPV!qhADL2JNEH$p"QhJh8-EH,qTUSVF5e@"GapYi0e2'j'r44Y -i[ddEH,qMkSXm32@"pbRD`(Z3!$E`2NdE#!RD`2YGY83q3`YiRk80[0qM$EcIT`f -m2k#0ramUQXJIQ3j0rM0Yi2daEH"pMME`2NmE@(qLV%5q3&E`I*%fm2k80[$qM$E -`[N3EH(qZl%@'b4ji$p&'a&r3"YkAD32[BGV!qdY95H34UJ5mRE5"pbKY42iAfX$ -l+pV!qfY9%b5T*[#q3KYiZfN$E`pY)$a''hKrSkU,r#e&"pjAD32[FGV!qc[D`2X -DE5$prIlpTYppmNQe[rj&+)lc$`mqU2BhKSE8rZC00kRpj&9AUIe8Hl[D6mqBSIC -)3i2Dha*44Ym'&"Np)k+-[L1LM*i988E2L5JMG-r+k(N4CI5#L$,kVSJbqKj*JG% -q*IqN[%JEM&3e-$T!'ib5Y-(S*GTJG*!!0KJGSJe'KfQ$8@Ur(NNrU8FbAp3Mf3I -e5'j)Mq4[dL1&Ur5)hDj(LM2dL01JKjerkIJc!f0AaL8Z52@*-qb6YdXJ*DNd8Sc -fSa+#*DQ[-EEP6V&58Nc9--,r8X@8*DQ-K2f)BLT)qh%i3Pi!!*iNJ8[`6kIc`9` -UPFlPhA``MILm"$2jK11i0BPi0S@!BTD`AaFVBcYZ95+H6UAbMTX[TT!!CDQRb@2 -Tab@3!-iRFQlB"T9S[Z$Bl[4%2%Vd&%!b#GGeiV&X&VK12"YhXlE4B&)"JEPXdA8 -b-!4K6j(2C4m6X3[`&p015J"UjD0ZfJCK+af(0j''U1P8cLQk9KCa+'Nja`dA8QR -(GB[aSK[)Ta%fSYVFK56*f+i8RDL6GP-90XLQdf3@N!"d`N&J2Ke-T603A,)1`U$ --db*`Jd81UX6iCk"UI6QdbB*1`XQi%#93F)[J!N'XG+,S"V2TG041"mL(b)SU'5J -5MmBFYb)4M5-$(!!l4TlPGc1[SBp9c$UC8$302T!!+DV+3dR,5GZU@e8kllUaG$4 -Y+%'BqRJ8L@V(-Y%-IP'09%kE5K*P3jPS`5d8dU)Fb,-LVQ"1fN+fT%*&0dCR-4A -f#dK'DNI,#Ejmd3h&-jPXYTJ*J#V&-c@RM,'IY$H$0JL'Ll&B&RE"6P[40,(%KKL -j)[*&dS98)1['E&#IPXjN@##m6fXA$$$d#K9i9a4!1j1e-d'MQF[NG$*@'N@X`J# -r41Sh-XNTHG'*"@hAMZE63Z,)TM$`N4mSFkRUA)EjNdVR@6L+16Xe+CU`qF95f5* -#iL`+14ZZ#UHBX,1j3U)Uam4+TA*&TQLmQ%FQDH%l40iEM15eN!$F4RB#LKq,JF5 -3!-MC!)J6VTLbdmHK)VLj9$VZZUaI9SD-mbLl)4X%meNh9-aQ@0)%pD%k(5fLP'9 -6@BGed%iG*0eE$Ge!-BHkC48c4FeF5r,)ZN3@p48#1&VZTC!!ULAI2041SrS@@4` -dNa0Z2KY(TQ5+DIUPJ)a"JK5JHCa5JeN)+U948+Z,m6a+*G05eEl&e"8,UB%DV)9 -!8Qi+!e`%9'[D3fpd)'a,E$3D+)%SC+c0+'9+eh+b6P4Xm-ij846c)USfF!%-&kT --0-U+Lc+-fJq06+&8m[eDa`qlP3@3!)41VZS-iT0)2-XNP94"S$)B!$A+ZShbPbC -*+43c@Nd,S%5(*h[8BjfK)ZNLFNi4A,"6dJ0-1#4J-Hp@j&9FAfj@'MFM8#F,AE5 -0X+-Xp'"Q'-B0C@4caL*26fLkJ*%4G!YZ&!@#Q'JQ82U41XUkYjcQU!ijbXeQ*B8 -b@TA)H@+6YK#k!09##B!BRE2i3d8d%f3I,U!X3$LMFcB$dMB*&ah8FYD%`k-03l# -Bba8,U%0S+9!rf3QKXU!6LN%QP,fXGM*@)XV@Kff8b543KPe4m,*BG6CbK"M$)N- -eN!$39BV"%U%kEr*DXa"ije(RJJRJ-Z%PKlUGLe''02S4V38*pJp+'[SLJE)@DjC -aQ*6+"X(DP$6%S2JJG9"436YR1J#2pSdQ[C!!!cQ*jpe!)4Y&Se*-&C!!ij!!MXP -QP+j-D1Y!eLUa9BJCac(@TX3if@TfXDMD-"eh%JS9mi"e5E1Xa,ZS[+fm0N43QhP -Gm)XRU+G"[@LS)iIJbEiZ1A*E-6c*Q4NS3q`-R*b0QZ0A6UpX9aCM1H58R8IYY6, -D!%)08lDeH0S5bV$GGe4i5-G#B80apJE3*qXVAT*K9(SR%mijLALmN!$,&VaDTLh -,&Lr(d@kKB'C4VT!!!'&N0L(3Kc6QNA(8R3fJa0`mKJ[)SD`,!9R!NF,CBaNhRRU -HqZ%-d",)Z,aA[jApl5EPUL!pmi[0P"BC0#1SK,9&UU`0MU4Lk,[4-%*U0Sa4p#` -9QJ8r56eII)`(8"a3&P'T)$ijk4K"drifD)$ZN!"P0%430)BKYf"Dm#K6#i)J!G' -hX99(f`3bQ(P!IiaE5+KFm&l9hmpqkPPG6#6`Xq-aGMPJT$Q!aNQbH65)1DSG46[ -MBKU4`C5#$GNNc'A3Xd)80im"LcCV3D3R6#X,45eYM)XXI'!)V5!@)X+1eUXSfe@ --'54af!hB,#THiPf,IbD0ML)6a9J)Sj3#bQMD3QeJSK468p#ATY)aG+CXJjJ0Q8b --fHRNBJjUXPUKBKiT5fmQGmJ0fYS(q@R9p6&"#jJ'X)0LiC)kZUPXYNUE,'De4Z6 -LYT-i,TjMfkpIUTLZb1ELm9`Q&5fJJlBc0[iFZ+#pb&Jj+-QdmSYR$fNL,46$"SD -9`9#&fR-Lj+3,'$9JHT4#ri!*9E45"`$8'X-KcF+LpRLDMiK`S`AB6LD)$)iA#TD -0-90)4`aH+hEehHcV-$03!T39!`q&K"mc,FTNFF5%D8ikPpS2cNAm#cSP)P3a'NC -@j6L[BF'Y4RTT"qNe2iXq"R*1'XdIF)[`5050)Sh3m+Hb4NQdA#$k(2iS%9RN,R) -cRjf%ZBAT[&0'UIGm&'10!XBUR!)8c6J*65U#,1BHr(P-!V+3!)RZ[!NT8N#%&-J -F!iV+,-LKi+*p3%)S2bm4jRp%CiGf+SH1'b-b1@MQQ,CN[$RQ0e)K(4m@-X&F`V@ -pHCb1N9JIlN6LLS!hLVX$A`'66ASbk#Ja4!8"-bT"5)8C36QT1Qq'@TT+14JTk)c -9bL06R36QCDiGXl9,9CQZqLLBT*8BrbpalQU`Ll$cT%BR"Yp`"ZQN#NAMXNN-M8X -mP12XL1-FEr"`bSF4MUPjkY0%SJ!FDE"+D2M81%IbU5p"Rd-k!6*Le-EPINh+M+R -#Nq2bfj6[3#VTKGmVKe8TRCU"a@rSR&MeBYJ"KTdBPrYNXLHMClciNaReR1r)T0' -"i4p+THGaS**@-`Kd$jB&c1ck$l&(#r8bK6`+KCd2aE`%3FPA+EmUNl2a4#)H`p4 -0qHqAQR3"ilK8,+%MjFHP-TT3e'HP)Kdh3dY$`-8F-ija*d*HN!!`mFbdA,Bp,a8 -FL+&-TUV4CqPNQh1Y55QNY*IdAj-kG0aS3G%N*4++)%LGDSb9-EH0S9R4ZI8hC6, -Q)aJqZDJ`40iVi6bV)&`j#&&Y+'A48URd"b!SK34l3`NlbarD+pA!ck2JCTaFRM# -(*+!4F(eGJP'-f'e-)edEFdbGrB-BDR!Ui@)kNLYidrFUM%2"+HB@[$Rr#k#*Q40 -VT&E,Pk5+1U(d1TQ#S9N99F%,EN`$-0Q[fbY9''"LDTjeFT`T6KiIlb+$+a&ZfTc -6aSI$Vhm&C$Tb$9AH`R!9-c0X2)i$T*40TJ!%&kAj$8S*&j0LE)NFqr)53P+L#3- -,,C26MJ)BR[cX91-45G'%1%L,Pk-dKDbh2Sr-BMDDK0$QTM)GbqGBLc16dG[NdSc -(fN31l5a$@C!!d2eV+&UXR*ZDJSKS,Qr''rKb+#$X2l%G`+5193)EBHMY*Q0T!Vi -8*LjZ0TYfBKb""S'G4h1EaYJJQiS@-aCQcjN6X2H3!!H8-UI%k)&b@D`EC$($"b) -DVK4U3LLDLZ@c@Ri+'&KLNJ!CNBJCN!$"11$m(-T9&,`%QP)HDKRPV*!!r9dXRqF -N5$,jI)c"R#"R-bRdqCM0Ka(&k$3DVR3!@LM*liTe`9jKPBKR(GZX@P4PR!3QMUa -`lNRBfh!,6"NlRX!mM8%*6")dH*S*cMNfGN03pQ-J8F#`#%*+%*!!m6c()fR!cFM -Qh$L'C-$M$0b*F[6UBY8%ba'*+)E@6Ja$X,2b85UQ38JFF-2I5FA4#@0)"(LiLcD -k6KD2KMJQiX9L*S9P!FaI5"IG+4S,T$"h1m,+&T1Y@4JqqMkk02maXh(M+*[&"'B -mU1B*c*4Ba,NLibC1dTc(5NJ#@bj1)UeLj$RbL'NRmD*Qc54Q"4A9SG"89(kd1XJ -(9UmF*P*ajTm6251"-6kba3YQPmrJ$&4)TG'FSqY!XKDb8-m0ST5$5jJ$$i$%h&4 -M%FX(#NT0628U4PehGL)+#a)bL$XQk)bd6X&PSlKJl!TU+,0B#Q#dNjj'hH&$lQ* -SKNNdL+$&4bVCZT54Md2"ipM3+NR`QB0mmAed8FpS&*cLD(U4m1!&83#"rJE&%V* -M5Z"14H,Bb(CX60JU4b%&THa#DTpB&qh9`S#HI,TMaMd3&BP0C95H+"Ca0'ZQ!4K -,&JJ"hh+`l5DFp('BKS1SV8XE0L3-jH(4b8k3!(cFG#2@G6a3F%1@++FPb)Q%kXH -dJ8c3$Ac9a4`"@"331@)L%4N#@PSZd0@"IcQ@I$JlNNV)$q&41YedKHRB`Y!JCK! -@q#iX5$"YB%66-FHQl"Q2Xj%@h",N&P2"r9J%HDY0qm@k%,d`ZFBaj'[%Y"VT`eB -(9FfRHj+4#l-CXQ9*(!h'G&ITB*A%iES)9LDiV44NC84&i@i@b+@RQRUKXTKF9dV -S'PKcQ%h8#N-pXpG%fG"NBiP'Ke(jD!C1e!H'))X*VCM8dUDdF5-4UBH`))2ZJAX -'Q'@T5'&&d'aY92)UThSJ$ZCP0HKlXJJ#GDm5RT6`T0$-*'p2&BjG8+QMHi@*'Bq -L@fRJ`S@f4E&X$+@1&6`kf55SRc0f,*4K"+C&EM@UV)R'm05XQ6&*E)jmi'+1D,( -aNlb8,bbrE`*i(Kd(eF&HK9SX31SLl4bQ*3TSNS8$3'@!@Z*1-S9+bCM*Z#AB!G! -p&mU*NU'jBZ)EI*GQIS',Haafe@$-A'!&-*U!eSRFC+0I!8FeSCkS-6rl!KTSBC( -*k0SJ4lc`S["'1H8S4#GV3V+3!'(("+T"$JEDd5U(13HHMK1Y49+c4,!T49Bk@,& -KZJZNm2)&mf8D6,N-e6,jJSPVhNNN#PaL+'Q$,4M8A6[DKQ'K&K#0cD()qF8&'P% -D%kZmP$Nd468'PVBD@XqLTl)M-SP#mTj,CG$aDc&k&PUe[&)fA#!&%i6YL'C0cSY -P,IAb%T-LUaR$*+dbZN45QFm3%CQ-Y34b,'L@)-HT2C-HNe-6b5%cYa'GD)d$'"Z -kBSTPYZCBDr*N'8lP%QcQSP2BZ6UUTLHERchB884S,TqjV+32pRU3!%5FcV)0dIc -3%%bC6IU"F%E,TKGVFT[*NdHRQQEA#L89$0+a,5#%NcRHGhNDX-P$kTc(r0DLSP5 -iX-M8!8%`eQl+a+Sd*NG4FZCj-aZN$TG"DQ2)#0H"A""8+mZ*V+dJNk"%fQrR%TU -EGV34ILDS!kE!c8&*6Ca*D"5CVqN-pJK55,eFK$dF)-SedXYZ,6%F4cQ*4LaP8UF -m$FHN5M%k5fXdq+!X`C@2DDNJ@8$NQDUP2#3G6*f`%SSHY%C6469%1PjCC+kaAq1 -bNA(j3Q#ZJ#8[VGSa1V(ha0UDcrP*M"80G06D*b#6Y#CUGm2X`G5,1blBfBV&XGB -4T-BB*!#5#lJ*p"ASEr+jBMcK)$Nb@3h'M-8,VN-hK3&ZJVA@+F3GY$B"c#@F9"M -$q@)#5dr&9#"GF#U45%JS`)CYcQ%`r!54"!SSL13ahZ%f)R`9'$$BHDkK1+KF$Fa -Ad+6X9$D"qZl@S$2JdT%$M9JX,9,"aP*d%RZkBLb&'SF*398LUj@ck03aAjJGm0' -&4UikB843cV9!BXG43$Sj-5bNF'm&h8Z$GU1&JS28BA`abjB'TGPX(@,EIIpHA40 -aG*dNJ+D3!*d+QlX+3'#ZPSm'BMN0iVl'F4QZYL'*%)QUM3816"#Mf(G,Bj3Td@" --*`KKAG5&NBfHN!$$2,T)iEK!K"66R9qX,B*K$@Cfk'`e)XD@05C!V#5i9K'Z@K5 -deBYQFmHa)p+5NF9!#YbE$!l*C#!E&Bfb"BF`$)-583Zl8e&X8ZSD#aFIX1Ar@hY -e4q@`VSi!%b00E)YJjb`Ea6B%CTc9*)+IMP-`kp*`MQ&&Ye5iI*MN)J['R$Q80@c -%C&'lNVV%BQ01KK84e!rU4bLZ"@CeZF9d2jK$QQiamb*DHG!qT)"))PA$,1G!TVZ -HelN`p0"&e#M@C9)[k+jfkM#ei%kmMSFaX0-GDB&mNr*SRlMcJV+XQlMqabQNCM4 -C(PBk@D-XpK'dXl!ecp5"'X3-d#qMSZVLcY-k5j!!6qc&CN[5@jS"Iq9"l3[T5Th -CB6UHUPCT[2'eE[8Ha(Br&Yr6U31D45LYk(*YYN`()H%qc6c)E6CYX#415LKB!96 -PBP3Ak41aB[4&6S+B!4MLDZD51'D*CM`NEFr+lkFUc9`Fkb,2J&-Hf90K"ZN[)B1 -rVR-qr2)U+mFT,'[28jY8qKX8q1HIdk@GjmM*PZr4e,AJ`fBLEACU'!S2'A)Kb3B -jEK"p4hRECSd%[`,LG@S1NIiFNfEjKqp)ipMBhM1crVB0,Ed"`F3p4bBH9Vd2@&T -Z`C!!%lY2TIAhJTcJJlfmEF#0&Rqha9[K+AUl4*JHBL*43$i8ApY8X'AUDiX0P+Q -m,#1BE-Upr`!ljerIF!5J&*6QF-86%(GT32PU,a)rA+S"@CKp"C13!)khLf3idRl -*@m9K(&G6NY"28((3RM!VNd5(CQC[bH0Y-Sb6IMRhrFVM'5@CCc&J12B-8Pp!@U2 -2!aE'c%T-8VKXjF`iVL#"C0lh@BmqYda'Nqeh4%k)bj-QX6l0bX"-N!$8I5+6Z'T -%rfp2j(!9"pDR([!8qFjrm%!'KYpI'krpc9VX$H&q2[aVhrp%r)PlRl!ZRCSAUb- -[0pI1R6ThkX3-2hIUV4-e%2Gredjm3*!!q6IaaM8`[[hZ&l$cMeYmF2@!Z0!4@fI -LBSh3,H,[B#kDjCDChJ+(dSXSJd4%qVJFCJYhe4K"E,4UL""h"*H4SE)VbK-HY`c -3k%HV3d*dSFCMjmdbQ$j$h'VN%TY-$idc3brcG8EQ"*-i9BMhrBA)"K%"jFGG1I" -$@im38MK+Q8`2'mS+8`3-e5RLYMlb)$$rC-BrQ9UNalm*T@h#mqV$$SeUk8'4"S2 -)c#K&J!!#bEr-bUHM-Z#+*"@G8QM)U+N#Uh!'2+aqcmhF1#Ta%G'Ha,`0bf0KXUe -i"0hmahQ@4I,CP0(p11D9dF-NAiRN10Fb@PRm%J$rKJ)e%KGh3qhlB3+S@@BdcZ& -9rFHVbP&02*LbpXGS%Y28JcHN0hr30%@(8TL5a'T`P"`CMD&#lC&r8p['(S5$[kR -A*CQ4B`Kk9@-dldJr)KTLV%a[k'Z2al0@'DA-riM!IV9l@H'RrNeKmL2Z8B89aj6 -de`8fR(aahNKJNJ-e2i`3Bc!jp$A(LYP4I3ZQ`hP9frmZ-GVqmC6k(r@+#+1&G%b -3!)N#DM9eXA%aUAIGkF[&ZL6q6VD1E((BL2N9d#KQI%B6E&FSYM2kTr)PY8heb*@ -kZ6*CJKPjr1V#EJN,eCkI`KjYZNM#N!!KFkVKYaLDk53reYZTN!!RIm2M`[i60qq -"(qk`Flr1r[J-a[VTJ8'BfVL9$a3rihN9Tr'Vi(B3riIPGf%p-6&'lhr+0QdAN!! -l&*J*J,ef&eF*ZRVpePZfP4VQ8BMRN!"DQ*Z9BGD0`j6VK@P`@4p-MI"klE'HJJf -,(cl@4l$AS&dZ)hS$3paR5Le'ZpUaqPFUDM9qpG)I0M&(T6N+GD`DMKIK8T4+d-Z -8BG@Zd$VU68R+UT6`*RZ9eM11m2Dd,bPX'TEA#@rFTNK%m#JI+C*qkVa"qj9fVZ# -eJmFBEpKQ!XDkU(*[F%5N#T0G4bSh!I1PKXa[,jK8iaRLdGh-T2ElMQ0mAdY6(mh --+[ieQAAb39LPhQAU5@PUB1"-jq!ASV)5c"MY)[c`XZDQk5MA,rS95QP1h$%DR$M -!4RT9,kpHlYqCfB!,[%XAFGq0UmTIZ926X`0rmhpr$BF`drZ@1aK14Y#Gh$Ep4Be -S'C`[mdkp&K(2c(p4'K(4K([Z0iC(-%D`pRl*$iR)L-@3!'!jT08D&K2L8@Q5`D# -'@-'4I5E#N[#`A1Y&R(")kTX#%Kk8501J-kr1GS,ZF0+%KD319lrI2$,I#BlF9YH -%X+Q(T+jTQSBPNbdY`C(jTpBG-&(0M,*'ETlIj%8TK5eM8I2V"MeQ$X1#)eZ1KV@ -m&ZBfe3kqMPBh2"Tf+X08L,S4b&X1mq3**dHMkNleSS*C*-IjAP3`Hd#Q(*,D*XZ -f4U6$%keb[`N54j,@3lkqq`fqE*8YiF&N8S0D(#0kbq$@`5DAHG-86-j[F6fph'I -FiA"@QJEGPMffqqF-UhT@!Ne-0cV#[U-jk$QZY8S1$qcD)"cKCl%c@hP!l6TSpZr -ejbeSNCVf$#2rEDN)iR*FDcpkS)hS&%+B@CcD$%Gc6P(#36`pJ5Lemq#Blk(8!+A -@3cQ$+(JfJU*-Vm(+affSB&@%U89SE60)!HCd`Z$bHS@C4TJjD)'QSEm"L[jVX[* -QJZ$ZIS+%QN%U$-,0`%$T8)cT@CRPb*RK5(KlrqIRhE,pMT&QfA,,pUHDR%2Ih(* -E%PGqR"MqI+EfjRRc@flHFJYB+&UbCZFA[lRQlGrF(@Q@jpkqXrD'E6FFf0Cm`kj -E"Nm-lYUmVARrcZR0clepf%1lHIVH0fhEfjcG(fQfGXi&fZiEGZjZlYr@2rMQpfk -lBAIclVh6jqkFkk20Qlih#,6Q!i-PY)G'dHBH36Ze#@KZFr2HBB0fhZiEKZFVfYB -[%ffiD3bYERSiZ'fNZIPE)p-8VDRfKZ(pLVE!S0e84R2$Er(3RKqC2TPSFfTp*3c -Db+J530Zf0[KVrFh6(KfTRIB)d,CZbcfdq`XhI+Krm+&RIUer@r2"[HpTIX4ASQR -2hZfhhca[5phfB466@`mm[A9RjiJl(IIe2I6-SHc@TLhcYQlEXZA@%9XQirk!PQ% -X&33(0aj5EqX4lk$[VF(H4!X'm1(K,#i%QJ#JT4VliH%2Aq2XGF)!1QHMm#3GUDd -2"#55I#NEa%KJSE5L9Le%jAa[YLJ9PU"UhCkAQELjekT#*akSPSlUURTC!#J82$a -M)L#Y2Y"JAQDjFUBPcccmMYmlZ&01Ukk+b)+1iBA[H[M5%jYh0PJlTIAEElj$RKQ -FfAl$)qF8L1CDEfNmI8R$m61)GUdXq("NiHVf4AHh,f`)c*!!"BfR,iShb-cfSG[ -I@NCEe0#SD&#K-E+`[Ah4MPD$eY$f++j,DQmI[(h'8E3)lT@6"FH2,'aIZ(e(Xd& -,[Zp5U`&S'dYSB4r0U6SCh!4S3r8KJfDeYd)*Tlh+3c[6U[E4kKXm*4C8l4MAlIB -P3d3laj'Uj$0IIV6qi'Q$%@INj-%&$F2cfKH%kjXAE,IqJLQa8j,$Yeq`F4A!'V' -3!)L8NRTd#)-B!&Vl6%LSeDT(Bi'EFk9KRdc',Ne`8%B`3DhGpap&!)efU!N&!%N -X)4#X1L$((j,UqYXT!KST,iBYArhY-jUrpH829V8[RGkqFD4jFlhT"1[MTlF[2(h -*4qj[Rp(qrRVm[)E@@MP[B@M4R3LEZ9P+B91XPHd,(QEBr2UKN5eq@+--YEHH[ZJ -M$lG(CJl9YrTK$3KEH2ULSG$$KYXFMr+1SARRIARSMQ$Ep2DE[pemmf0BH*aJS0+ -qmZ10j)0E-BR#X-$brp[ahi'*`'GEaIV8k2qcVEDe)ak`lJTBeTfKiILGiFL#1cF -lElqcD[L81d0bbPhIPP0fR$CibPdM@hrpVK'jG8F%-50Lm3qIp4Z`ahMb6ql3S!D -MNhI,(eX2bU$Hm(lkmRGHh`REZQ6jaCIS5bfJKm3AYbepFpN,1laJfE)PjN,em,+ -qVM8D,1ISNd,dB#QSB%fTAl#UGp0!T'hTLNLE[VU%SGBX(k42ZIKi6iFZk9lI9E' -NGbfH$V)B%bKiJ)lRJNLGH5p(q4%Ebd6U9kcV[5R5eYHe'XrJk1jBhir(ChMFDYV -@prCh4GlChE1kpbCj*dV4PCZk"q4+rk8BYiqbGN-AVqiH#&d&+'5#4b$B"Yl[!Qj -ElmE0dLC5!HB$A4+$Tfep9iIr+K5SETk8iCraUqD9)!(5T30R4C!$1B"qI#r(fcM -dM`#IlLSF4KLr(N5iVKpr2J'U(-Ic!rpmK2Maj)FVMH'R(LAqRQ)QhJmCMIImB`) -DpkMH4h2!8chP(5m!Gb(`"L2iFG@FCJ9&eRK&-%RJ3Bl'%e6p+3f(#jiIqBrKPIR -3Vb+8m3"!-Br%Mr*Kr#LH*k#[cj%83&h%%cpiN[V%!45XT'[c53Tlh)BQBcGjGN2 -6l[hlGZe*[Q524'E[J`h83*fVrXLjY(Gr@rhZVYhl$m!Q,SM"6hcMKffH*,,(jeh -5!*kk'KcS8VI((4kfNe,h8S10TiR!ILNj2,a(rA9f(H)aYUb$[kkT*PPRr(Z5aPp -6Shl3T,r"6VUHAr%DX(a![f[iP"1KGDXcD(hHHYKkh2V,EceidQGh2KMqe"f*Qqk -[5eMh@hpUEA@fBK(c4fFVHj,@V51YFhjKjUTjei9@V9jj*ll9+d1a`m[r+2EimX0 -AKlED@dHf*VGQBIrJBdfDq+'hi[mR5NpXF%a[Cq(C*cEQ+*Ai9q!I'Ua2KPSEUN+ -4aX2KC11Gk*,eAe[IH,LK[U&UpSk'MILhmJprDbhqD*Rj[keP4d2J["d0Yjf0rqR -`dDDIFBKhd%1M)4[limNT5I*[JK6`mBqjVcZ-riL*R3MKcfQ59j[mipGRrp3PcG0 -9r,2R&EmTY#ArRSB'VHbq(r9E+h,*Eqrj9lrLId8I*&2Qph3J%#"0q*X3q*8N(QE -$9l636c2J'J$2Im$GC3$8[mFp50N2iRNcAR`b3J*S,dViHZV8Mp9N!*6Lm@!+HpH -HJdIL`4$*Br$9[a[[Xd#)MkGRpi&b[!RBIm6[k6ZD32#$aCMrRr,aTrjMqFiD-&S -%[+aRJm46CmT"hE"hpZ#P(Z2aZa3!m5KGM0qP!(8eG4"4ia@JETKCc(K$XDlQTD6 -f80T'D6cm(X@aH0Ifia8IVC3AErJPh56D0-BMLi!02pScM9GfBr''@`RIX#ra-r& -PrVik[Ml-dL4%GReqc&,dN!"X%m[a54`I(eQ,TP(mH1#p%Rm-raLr8Ii-(G@RI%a -mqIa,r,(q($X52ffCMXeYMKdJP)FiVjjrL4r"qA(m#)BH&6m!32a)"I&(Cc1[a)2 -L"!IaCIlBV6ib&cUL(ai9B0,Q5,b[2m)jRUUU+J&imEjAq!kD-B$aH,c)!JqBd(M --Z)l'Bq6P9R%cXc`NJdlMq+$'(8H$V`$(q!1J&$i@cd2#H)4-+A`dASm+BKjLa2- -kIKVhfAT(Ri6cFMaZrM,(bl0Mr-T()9l&(d-SM-@rAQ&'qIdShM[rTrj0E"$r4Rh -A(Z$e,Z")RIFRPk9c"1$9H$25r((m')$'PiH**Ri8J(%FITE'PaTI"N#BQIq@!)k -SD1*KP`Q8TTEr+piIh2k![jQ1MXH2kDGTUD$MmD2$e1r(PfAjDI`2q)pUqiTq4q* -IdIqIir@8Nqp9rIhjYYDF(q'ETI!Iaq[#miri[B(r"[rrTYrhp5qKIMrqY61"3[b -2'`#F)0j4J%'jHIGB"*prbUm(#f&`kMh[EI5B#"pah$[a`k4h3SJY)KjX%hUCCYP -bk0D+FrQkXY8I#(a)X%A-$`0SV!F"YD)9Zf$B"Z2NjYL`jV8*VGp*Qp2bLVrFE+Z -rTD(Kd*LIXl9ark'@Ir8VrJADUjIjAB(j+'R#hi6!#h4#krPTkS3@!*lr'[Gm!k$ -qP[+%eSX[6@K,q0k%9[QjK`"3LXIXl0$j,Gk%eSm(3jh3P[`AiN9-#2(ap&ai66R -H"&aea1rT1jT!m)2&Q2qIm['RrPFQY0CI,Bfj6bhD@cHYHEE8c*mYYBYkA2Z"J3L -X161PIG(`V&Eh-$bAU5Hl-GJL$pbaX4V@"b)p8R92pbQYlRI9FaDYb,*CLpcR)ZY -NQ8Cq$cb-&p('-fZCZfr1E$RjHV%DDeSPf#2@T-GDje`NP8Za+)Q0TPVXXmZeZ(I -bh0NbjB(l,Q[[a@ZY`'d+9!JX'LD2Ymk%6JrplH$EV*8A-h*H294lkS%2)REIiZ4 -'@E4cdF14m'2[Zc4C*E1@Z-Q&Pi,2d%EX,)*apGV3jhDY1RY1a@1AYXLFfHj6Med -#06m5UGRa'6HjY[(Ff5iBY-L-QJrhZ!GEV!GqkA1l1TF"HcUael5#b`A+"+qYk)T -iRVQV6PLdmkNl)Z&RYcme@$qPEmi1UdmDjDN&(Zj&b[P4D['jAD[&[I'bf6*YEIf -LQkZE0q*&J!pFSeVIhc,E66p`"k`mXm[N5reXph[hA-IFJZHlpebhC2qdT2[)dUX -Meeb"D`'@2[D9"BZAXMaTa6jZd[Lqhb6XdI%jGZC*GNHmY9M1@bE2@jp+ePjee4c -H+c($HalH*M`FlrhbH1QeIC1`)hbpYA)SF$@[R(J#&ecbh'G0PmpCR5@8qq4Rm&L -`,H1[m+X'el0NjR!!dfUH0q(eIfqhEKikHaN@qE!PL1h"VVl)jYj0IAMkhJ#f#kq -2,'kIh0'c1V,4fcCmQq,HJrF)IX&DBcBFV6UjdfUb,[GHd(F&F[9DqIM3F@8'"P3 -f)2)f[(fVfPpG,-AG*EI+9d[iGmNe9UGkTmR&FSP9KEXUF0@'194Z)l,$fSIpAEr -e0-rP'aYJ-IhmPYDrTB0)G`qDU1mh[+ARmPNI[4rArQPr5jDidX"[k,aRH1PcqGK -NMlCR2LHe!ppkp9Hj6qmTQS5hClJfl[M$pMY[G6NB`#Y`!YJrRfEMBKG3i`mAd3G -F"hm'RQcM`AeH)&!Cj)F#Fbc8`QYM$*N6aJ,eiKTPh$J@PPFp+Qh*ZVJIJKUj9EM -Yj9N,&b#&NA,23Z5Uli'["DJI1haKN5`3K[IMM,V+`5'!@A!e3JNji)C!dl,dYN0 -H%,%IXJ'2,3FMpZYp026`CpdK&@pDZDiVXJQ[8Bcdi%@)NHlq5%r[316'M[AGUfI -h[aklUDIlKNeGXb14Rq[G&0R3X6QbVZ2'VXL'hMimia"VY*(HRUj)akD"GEephEr -B-G$Gfa0Chh9MehS!HK9acDEekcG(EYJ%MQXfQmTB)MRlfQ9GI4ZkqrZ*ZkkM2l+ -UUkXRJKAFlUl9N9ABp4f!*(fJJA$SXDRRqTlHQhV+h2$ibS'16J26iaA,$MkiXEY -rS+pMS,G[pRXSDMH+mYUqlS(0NGieieJPbTfp'cEfp8+*VYArNpf&+hVlqMDIBe6 -e#cb9kZlT4'4Ajd#Cc8$IjNM(@MaNFMB+h'T[kV2,ZJShbf`IE8bfbmR@+8065Sp -m(&Y*0SL6JAKTU,+pDhdAPSKjCJ,hckcl[(9TMj0kYiAEeR9hGUa&`rQr$eT"EdT -P&+XBMcE2[66(2"[6(0-Z[1*M3c*6CPT6V-IpPc[Lr**(S-C`Y%kcIX@kd0VTCiA -[pr5G*&236crLH@djdCT[$3eKhaARiKl8T%i@Mmf4YXeVHcEe4eCXfVLaY`pCh)[ -bGAhAk2Vil-PQ%4`eB(2NXYje2C%c)TGY@YrGJD6pd9Q1['-qclh`b[0Q6lkNYbm -bd0@j,Y*[D*i6kF*M0GIlp@*@IeIR*PDHeNj9BcB+c6Q6Id)[!N+G(H[A4k,R45i -ilm,)h$RR4mklB!lQ#f0UIhX#$E9Rrk2D+aBXLk`"UFXAVicdEqcU4*P$[9I+%b* -8Vap@UE'U0ZCMpCSUNkf9&Ujq,cdp%lF1"-j&PIU5Q2I`6C&IP61X@cc%%c"U1%- -q1P5cT"GTMAc#%d&0ehi@F1CDY`aClc+9mbbXeFi&8S2IpV00BTId0K-IP%r*mGE -DSC1CdqAq3*0l%rS4p&"D,@ZPdCSK5d,QlJ2&4N`--6Y#rLd)2#["pj1iUm'F,dL -p&I+p`2Z%0F1DrMlrUJ5rYc&+V,6q30CCqd*"[1l64+a(a#!LaVU5pb,Q,X6SP3L -')b*fMq2q,5+H1iVl!Q++ilKY8'U&pF$3'HBPU1Ib6DEDSljDV[`AQ(i+Q(m#c*N -Vp1QPSdmirDqSeYP9N!#lVl1h`mak*J5S0ihr8PGqk"[VU2kjZrSKhVrlIP),cjD -3!(@PK4F[P@UKIaI'1CKh6J(JHE2RV(VVR&10UC@H&GrV(NBVrIq(Gq54YK9r)aH -dF4GMH["XQG+qH185M+!HE&pbaD95DCf`E((E5YcPGYhLYLZ@!RREJLA,9f)BpSQ -&5pYjaFFIQ,Y*V#pGI[(5Ui$cYHl1rQEiml![%#[3#"ZhP3610VH@""CfGkjRh,Y -K!bI3epRGLESEq-#5G[#3!-$(c*dRJAY4G2S4rjN9Lppp-Ha(9UaFrQE%2G@qj0* -h55$`hI,Y*Ub9QPZilJ[RI4JU#PmELI2,["22ZTUZ*0jrLVG[kGY"NaKl`kF[AN6 -h[!Rh&jVD'FIS6pDBhZ0f$$#PHkl($eH#"6Ckr#k($lIX+lp9e-T`%[4C(EM29$R -K3DeVV[%ir6TiR1*a`LhekrPX9bbq8)1!H6XNhRb"9e9eP,AT`'fi2XDPH('PleY -ddDL@H(&P+Fl-2ic26$U8dk,E4Z1-CLB1VlDN([3Y4[GP-#+bf'J2M)KFYV8Fp`j -p8Ub*@f+HL+Ya5cii'QIfY6AZmZ2,F8Y2,-GG`GcdiUjX+XHY3'llFHmmXkcCcdH -06kk,b09i+5B2-Dl&BJdE,IV@AfbUV[U3!-YQ9)Vmq+52"eqLR$HGZ2QF18TI&qk -SpA0LRG&5Fq)kM#[4lLjBhp8h8"iQVGEq+G+&aUSFC0kQUd(KGfLMYrVr4`aG$KM -6FGDAF!Dk1kr['ZKr1D"#,r)aPJ+VmIm!N!80#@YMEfjQD@FZY3!"!!$rr`$E5p! -!!3#3#TJL#BB!N!m@!*!)rj!%68e3FN0A588"!,("BTZaar`l!*!'Q`8!N!B1m3! -!K*J!N!B"(3i!9BiiEC!!Ri0LR5Yr1kq&A5ZIZ$dhjH6i,E59R8@,bR46+pSqm`a -22@R+p)hJVlKR(6PqNAf%NpY(q"1HK2H%Iq3hf4lC3h+EeF`MYipefC2M(GN$b5E -m-R)mXSmF[`CN(q&NNqG2EK0q(38@i-4Id[3kIT66cIbLcqhp)Mbc)lI*B,mA!!m -BIm!cVmZNE@H%%"9#'#Z%Z2&,3Rc`)5%Ub5E10N)'U8ULGXVU-"dRE6[KZ'0[Yj) -&heH6)M2mATJK$"BK3ZLGq9q41L48R6H62HBfkmpT(-(q%EF[qicrc%5I@l#bdBc -TZTBlNS)X"#RdUiqCbI-Y-f8jEU6lfB30891-+US-dGr[ZIEhFa@&1&DTN!#EEK, -L[(jm-XIDUTLG-j2f4,[2%#Y%RA&hk#TI(bkC)8i02@cd96aPV"&Lm@H%mIM028N -lejAHeX"i%SkPhD6`R0BkpJlAFRalc0b@6SDMCMiXHb-FYE2jG'BN3%Xkec2Lk!' -AlqP%,mVR,`i213$Y0PLj)6p#`&`kYmhe(GHRdJ@lQ'U6R5YQjj9erFk#BaC$4R[ -GJTd0Af$elE#G90'[-CQdU+jaXp"GG&VEQmkNbKQFYHD#S3V"CehD"@TN1`ID!Sk -PKS",Z4@LTdCAVKaZ+Z8f92CS8ib5m-h0EH(@I#'G6Hm+3Qmd,c1(dSbEEY,-$1I -*IN1*aZ24S9,$Ck68F#b9'Llap8f$pR*0iY&'0dZ0Pl-b[P1EY@Zi5KhTA"[U8A, -EZHDXS5,"Te3,Z*4cEcHGE9BKR,!+KEeeEk)%`c%cRjGH(T*)VjDd'b#BQ@a0K'- -@CF%&e(')acb1!RpLfiRJ9@aVNJa$b9Ek9l+Y$hb'EHqRIcAE2NCraAQ%Z*2qY@b -lPrjeE(X!9)aYMp+rRNZ"I'Dbl5fNc',EDD6-CYXk8ZD`l@*5MQ4ERT5jE(X[+I2 -BGJXTmpPf1pFCYVY)@F#fqdPCb,EINV+)k54kB$(E8)qMfABU+E$$GMiT5pKf%5R -(X+d([)jY9j+bP'dhNK*QfkG)1BjYHdJjRQdr*Z8%Y[f+P'9XHj*l%qf*qTl%YT0 -*@FkfFdM"r%#2)m!Ai!V`"$J#(!)H!S1!*HJaB!H`#TL'hJ1H!81!(HJj1B0JM!3 -f!X1!KF!6i!M`!lJ"[!"1!"q!#ai@!KI3hm!%B!%`!,h2[Ddc%#Ba)T2ZG%`R6H- -1eqjeNKBFHTc1Y`V*EL*N&BfE%XhK&D[6*iHM%@+HN4Eb565hEYlL@f2%QdN(Yd8 -FkF-*4KcA5BS0L85Al53Dia&(%1I+%hrFNBVi!`GBI"mLHLPlaqC#1N0'VJBb&3h -463RLHJKi#U8L+-Y`FcC[1i8`h'2aMJ(c@M16XHeFq(`VNaHaMV"Ldc*3"p%e5AP -K*E)TL+8@3rH)@+)PA#S`HFMLKjY-U[$@05P9j-(#qfl0ZB,PG*P*Ua4M-(KART+ -9(BB3Ckhf%QhVc4'IYlcF0BILmAr`'irrJrYir"rmaH2ri#FHrep*IirrRdGrMrr -(1"H)5Aq2rqISlh'HAI6hq2r9p'Iq,kkR2r0rF62pQIq,6p#IqEri![fCriY[dTr -j[lL2k`Ej"IfCrm[j![0r!IlXmAr8aH2rb0RMrq"Sc2q0#0FI0Xa"Q2r,Z32cIf- -l+FcrMIH3!-,mhlL@&1EraSG*BIkr9e"6p"2UKKc3(kJ,jqRc6[3(DSkH4%qJCp' -6b"9pKaUK(ZJ&e!jjSjiHId@G8AId+hTFp4KPJfQc%&I+QA5JBGTZL#U'!jj5Hhq -bbcpTeD6*Rr5N5XdU%E5r59Y(6l)a(Qp"QECS!F$Y2",IZ0QihUJ0A9k#[r+dA1' -5BFbp`()k,FGfHF)2@PJ#6YN$4I%3%q)KjK$-kReNkeDhB$UDKmdAS&faP6eq)Mh -U0XHE)hR(kNV[R-V"ieP5X2c$)&S-i@0XYA,m0hc)YY%lp)j($A8c!Z*R4ZcHmCi -%I9&d#$4&8TAr&f),4X@k!c%#iJ5`#Je#eVL%4*bCN3D'mFaI(QeGYhjjH2Qka[C -'8Z20dADHdZY5K("IEFJ%@e$D9I'@,$3Z3Mb`35Z$"eSA`@$eC"i9ci-L+YTD@pX -(3P4XD0[X$Bf0fZ*L%Je,QTTEeP0-Jr9keQHb2SIeH8%'S5THD#U'pr3UeUYCVf' -p,JKI8HdY3KA6pTB@8$i-jZT4!U52e*%IFP1$F9'$I'4-8QV9NQMVa,4R3[a*%,+ -HXDjP`jCN6cU&cG514$a+!E"H3#YNaUGjpVb8DP&ME"@2eGahcHpTU2qi8@@J+UJ -JeJ-3LpB5C#cBXAl3aFPLVF#[Y,3F`Ad,'jB,D3T9XCQMVa$TF!1e5N25kFXAl)C -XkUd0P*eF3%#@P*Q-Xe#%6aQ-P+5p-,qGpLh5B3%#5a&bHB5F+Xh)VM5f2E8fmXl -QH(KMii@0q-q1@3ADjVHF(MH-VA!K0Y!HBp1*0A-Iq@K0r6Ae5ck1pJpG*KCfTc* -JURFRfYY1S&EmIQcpTXdmaT2p6dTaai(HB5"YcZklGY'fMDP"f&E8@JN`!5!YpGh -IHHUFr[lVX,fPVj2$C%rh8H)T`C*GK9cm896UG3P41qN%QJDMM-RG&-`!Q0Q6`[V -3LTek+%G8mPY'91k",EPLhC%`@Yq2%pUl36F3"e"49i`cZ$F9'!!R4ab))aFX$m4 -"Gmdk%!FcNYPqR)TppFC5jk)$IB&PcF8(iQ""G-Q"1&J+A6S9jdeMJK`D945Rj9S -(#Gi`S8HeaZ*%8VBhGrpRR[5IhZXl@ZfY[LkAdVmaRpF!2+Z&2'+aPV96F8V[bBa -),0k#Tb"d!(Pd42'8P3DJVUeV0r*c8Q05HKKR40S5EH1BmA)pfYG[DBpdGSZNkqi -4&4FZ%N[ZZ-F2F)cj-05p,r1`91lZPAV9mM@23CGj61,8hNGp4NAPX4,2P@J"mRL -Z)#rRmGcqbPrbf*r)i6bXRANahUpi)NNq+%J01pb[kplPjc(k#ZDKHQ#%*I1BA1m -CI,pT[+ldT*3Z))rNrXT1e4@,qeiH%dKd1)r*2@UmD$8P-JrAf[EI[LFbU4cq*H! -0mT8`,8!HERGQqX@XdQYI)q)@HM8"H8$d!)bE(N8lmia`m,"P@@TIB8b8b(jN1-5 -BT[-ib(5Hcq-PTM19ab%N(mhM055IbQ-5p#J2qHcT&%,)4q6'*CK)M(F)j@&hiN' -VIG,DZAdkMjMr$ZbSe-4L86bEU3'3!"F4Mjk-45FqRdIQ1Dj)H3`qI6cDd5R,fk0 -p[Dj[F!DI5dpbmX0j6#(RC*rjr9(BhfB[LZ5N%aJc8diIVcMhNXVGK6&fql3-X&Y -rqUJ&b#1DF9e"%%-!XLm2`RUjRrXXfeC6-6Nee!,83dllY!"jH01qL6`16rZfSrT -MHEc3(c`G5HI(q`c6NE'TKXS$#p3#HqC[p+ZFMQJ"qNa14l3!H8!8$)Rre&AQJ6A -m0rU$*%4E&K-2&PG3"(jJF84Q8)5aq(L&BD(FfeK-#aa9HVMh5,$8ddp#+V$(D*! -$51H5QGk8eB$R2M4Xm"$J388*$r4V8&$'!fcQ!`q#4fYX9lq'#J%H9!lM!CildVM -KJCSRPI"JYFi0$kU(m5"PkGF)Bi!(0F0i3)rHRAQ'CJd4!MbS(FB$[4S5$1&"AB! -(F[I!G(14dh9ZI"&[aHl&Jf656(CVerB3!MbS,q1"j6LfXl9JdZ90'V@a8S!(-mY -id19B'VBYT3!2CTAaS-IU)h+JFH1,XiI``0'ZJF%J(X`Tii'1EAYa,aiF@FD$[1f -QGqVFjXecbhMJk0lQcEM,!hM35lHh0H3GZiXHZY+lc3rQ$q#"9G$![BGae!"I0&0 -C64XJ"(L`31'"IkQ0rJd2&M)rd,2"`$0iX!J[V2'CV)RH20k0EH"lqR4U'1(K!4f --JY2h#!q+"`NP#QBZC6STHXd9&,+[3GlCU6[$"Jm2k$h1bUIjJ8)#VGS`)H!(Z$1 -`M!I&)kZeDB!3i!(HrLhM34c8-CiaFrUdGB3!$fB3(Y3S1!M1c5k,rZ2fP(hAZla -kHmTB(YU!fe-d(cHMM0p)mmS&&00j(,`CC6U2JjG82*r(5jG8619ai'B8Vf'(qr8 -I0k1-eZ2[0k1-&ID[0k0-jA(`dSc40&kl0'-UMmQE85L2kE04C"kZk*l!DAA2ZaM -YHiA6@k+Ydc`'-DEZ'G*qh*kb$d"H[6hP666)Y8HEl"bZF4i6)aD,D`"Z4-GKUQT -M34lGr'b3!'Vpa-D#IQ!L2b(2B(4Cp!'64lh#T1m&L6@hKa0pZH3q4LP[B08$c2" -SRId+V+aQh8)Tc5VbUi"I#6PUbFq!Afl3Vbl)Sq,A4EpCL(H9bQ2!ErC6T-#2mKM -`-h!R99hHSCQ&NIbj9fY5cb#PA[PGr(mS(2ZG5mS-k5Gq-*GXI#bXJGdDj@I)L3` -IDfYJ9fDlL[IJR@6$h9A`qcaD5[Rp%6RMKNlirBb8'Z@hqdLbiDj1q2h5pc0@R3d -Eqce+bQR+lqe8HhPr*mU&#lBh+Vq6VND0f3m`1&rPGmH2b-ChHXj"l+09[%ZZ3qf -9Ab-G4rff(bUreGmL"paHLhJI3Xe8(Rpk#aU2r6j#bL,Ppm6[d(MXpm9LRld$Sa# --9D"q(E'9hd@!#03FIYmMjG[FPa[*KPk$q`fNd$Z-b1m4e!qhfm)2mEKIHkj&MGR -[*p3M2e9qFG6q+18hlrCL["Mb@k$mMMZ0iPfQm[XUrHA0hSL(1Ue4ITm$"LaL[bI -3%bU2pJq3!'famTX2A&"pCV`[JYjL2q5MqN$FHK[Cd$[`1ik8Hj6I([3-hrFera' -Ua`+9adehN3-Z%8FCRb6PNbVH0d$[d1mSikdqVKKAhdFfA%%12qU9N!#UYlMrZq6 -!1e2,(b"PQBThqV[4!1b(r,KIA@$bmFT["I$V"Z8hjaDbRF"qG$Njiihi-LM3-Z@ -hk#'##HicHa8jd+(GN!$,6kH@q#cR$BcNFlNEJB@ACJXbjq$fhK9d8RG9GlBJQ@A -JYr4VT+c+&M,fS0qa[`')8,cdS&pi0j)K(J#r3)kRNlp$5l+&E5AHX1aZmPZ9cEX -8Em$[f$q3!,)RhZ)@K1'!8#rRr$B8maZ)Ga*`qMDU"iCr!r@MrKDGUQrZI4#aiI8 -r!&J'!!!: diff --git a/src/mac/libraries/ChangeLog b/src/mac/libraries/ChangeLog index 86fb38e335..844ba30ac6 100644 --- a/src/mac/libraries/ChangeLog +++ b/src/mac/libraries/ChangeLog @@ -1,3 +1,8 @@ +Wed Oct 21 17:40:00 1998 Miro Jurisic + + * Metrowerks: Added CodeWarrior Pro4 projects and docs + * CodeWarrior Dependencies: Added CodeWarrior Pro4 deps + Wed Jul 1 19:13:25 1998 Theodore Y. Ts'o * KerberosHeaders.h: Removed #endif with no matching initial #if diff --git a/src/mac/libraries/autoconf.h b/src/mac/libraries/autoconf.h index ba6b6f0ae7..3341630add 100644 --- a/src/mac/libraries/autoconf.h +++ b/src/mac/libraries/autoconf.h @@ -13,8 +13,6 @@ #define krb5_sigtype void #define HAVE_NETINET_IN_H 1 #define ODBM 1 -/* Define to empty if the keyword does not work. */ -#define const /* Define if you can safely include both and . */ #define TIME_WITH_SYS_TIME 1 diff --git a/src/mac/macfile_gen.pl b/src/mac/macfile_gen.pl index 74da7b39a1..fc5a620e7e 100644 --- a/src/mac/macfile_gen.pl +++ b/src/mac/macfile_gen.pl @@ -7,6 +7,30 @@ if (defined ($ENV{'KERBSRCROOT'})) $ROOT='.'; } +# if we get "maclist" as a command line argument, print out a +# list of files we need. + +if (defined($ARGV[0]) && $ARGV[0] eq "maclist") +{ + print(STDERR "Creating maclist.\n"); + print(join(" ", &make_macfile_maclist(&make_macfile_list())), "\n"); + print(STDERR "Done.\n"); + exit; +} + +# if we get "macdirs" as a command line argument, print out a +# list of directories we need. Else, generate a makefile. + +if (defined($ARGV[0]) && $ARGV[0] eq "macdirs") +{ + print(STDERR "Creating macdirs.\n"); + @MFSRCD=grep(s/(.*:)[^:]*\.c$/$1/, &make_macfile_maclist(&make_macfile_list())); + @MFSRCD=&uniq(sort(@MFSRCD)); + print(join(" ", @MFSRCD), "\n"); + print(STDERR "Done.\n"); + exit; +} + print(STDERR "Creating makefile.\n"); @MACLIST=&make_macfile_maclist(&make_macfile_list()); @@ -17,28 +41,27 @@ print(STDERR "Creating makefile.\n"); $MAKEFILE=&chew_on_filename("Makefile"); &delete_file("Makefile") && print(STDERR "Old makefile ($MAKEFILE) deleted.\n"); open(MF, ">".&chew_on_filename("Makefile")) || die "Can't open Makefile for writing"; -print(MF "SRCS = ", join(" ", @MACSRCS), "\n\n"); +print(MF "sources = ", join(" ", @MACSRCS), "\n\n"); @MFSRCD=grep(s/(.*:)[^:]*\.c$/$1/, ©_array(@MACLIST)); @MFSRCD=&uniq(sort(@MFSRCD)); -print(MF "SRCDIRS = @MFSRCD\n\n"); +print(MF "source-folders = @MFSRCD\n\n"); @MACSRCSGSS=grep(s/.*://, @MACSRCSGSS); @MACSRCSK5=grep(s/.*://, @MACSRCSK5); -for $A (0..2) +for $A (0..1) { - @ARCH=('68K', '68K', '68K') if $A==0; - @ARCH=('68KCFM', 'CFM68', 'CFM-68K') if $A==1; - @ARCH=('PPC', 'PPC', 'PPC') if $A==2; + @ARCH=('cfm68k', 'CFM68', 'CFM-68K') if $A==0; + @ARCH=('ppc', 'PPC', 'PPC') if $A==1; - print MF "GSSOBJS$ARCH[0] = "; + print MF "gss-obj-$ARCH[0] = "; for $SRC (@MACSRCSGSS) { print(MF ":bin:$ARCH[2]:$SRC.$ARCH[1].o "); } print(MF "\n\n"); - print MF "K5OBJS$ARCH[0] = "; + print MF "krb5-obj-$ARCH[0] = "; for $SRC (@MACSRCSK5) { print(MF ":bin:$ARCH[2]:$SRC.$ARCH[1].o "); @@ -47,7 +70,7 @@ for $A (0..2) } @HEADERS=grep(s/(.*:)[^:]*\.h$/ -i $1/, @MACLIST); -print(MF "AUTOINCLUDES = ", &uniq(sort(@HEADERS)), "\n"); +print(MF "autogenerated-include-paths = ", &uniq(sort(@HEADERS)), "\n"); print(MF "\n# TEMPLATE BEGINS HERE\n\n"); diff --git a/src/mac/macfiles.sh b/src/mac/macfiles.sh deleted file mode 100644 index cd19aa1f15..0000000000 --- a/src/mac/macfiles.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -for DIR do - for SDIR in `sed -n -e 's/MAC_SUBDIRS.*=//p' $DIR/Makefile.in`; do - awk '/^MACSRCS?[ ]*=/, /[^\\]$/' $DIR/$SDIR/Makefile.in | \ - tr ' ' '\012\012' | sed -n -e 's|.*[/)]\([A-Za-z0-9_]*\.c\).*|\1|' -e 's|\(.*\.c\)|'$DIR/$SDIR'/\1|p'; - awk '/^SRCS?[ ]*=/, /[^\\]$/' $DIR/$SDIR/Makefile.in | \ - tr ' ' '\012\012' | sed -n -e 's|.*[/)]\([A-Za-z0-9_]*\.c\).*|\1|' -e 's|\(.*\.c\)|'$DIR/$SDIR'/\1|p'; - ls -1 $DIR/$SDIR/*.h 2> /dev/null - /bin/sh mac/macfiles.sh $DIR/$SDIR; - done -done diff --git a/src/mac/mkbindirs.sh b/src/mac/mkbindirs.sh deleted file mode 100644 index cdc2af202b..0000000000 --- a/src/mac/mkbindirs.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# -# This shell script creates the Macintosh binary hierarchies. - -topbin=$1 -shift - -for DIR do - mkdir $topbin/$DIR - for SDIR in `sed -n -e 's/MAC_SUBDIRS.*=//p' $DIR/Makefile.in`; do - /bin/sh mac/mkbindirs.sh $topbin $DIR/$SDIR; - done -done diff --git a/src/mac/version.r b/src/mac/version.r index 3576098673..2f83c787b4 100644 --- a/src/mac/version.r +++ b/src/mac/version.r @@ -7,15 +7,15 @@ #endif resource 'vers' (1) { - 0x01, 0x05, beta, 0x01, + 0x01, 0x10, alpha, 0x04, verUS, - "1.0.5b1", - "1.0.5b1, Copyright 1996-1998 Massachusetts Institute of Technology" + "1.1a4", + "1.1a4, Copyright 1996-1998 Massachusetts Institute of Technology" }; resource 'vers' (2) { - 0x01, 0x05, final, 0x01, + 0x01, 0x50, alpha, 0x1, verUS, - "", - "Kerberos v5 1.0.5, Copyright 1996-1998 MIT" + "1.5a1", + "MacOS Kerberos v5 1.5a1" }; diff --git a/src/util/ChangeLog b/src/util/ChangeLog index d2bb771386..d9eab6f9ae 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,8 @@ +Thu Sep 24 20:05:33 1998 Tom Yu + + * mkrel: Add fixes to deal with "tails" on release directories, + e.g. for beta releases. + Wed Feb 18 16:31:21 1998 Tom Yu * send-pr/Makefile.in: Remove trialing slash from thisconfigdir. diff --git a/src/util/mkrel b/src/util/mkrel index 4c96302bd5..ae7a1ed37a 100644 --- a/src/util/mkrel +++ b/src/util/mkrel @@ -27,6 +27,8 @@ reldir=$2 relmajor=0 relminor=0 relpatch=0 +relhead= +reltail= reldate=`date +%Y%m%d` case "$reldir" in @@ -38,6 +40,14 @@ case "$reldir" in echo "release-dir may not contain whitespace." exit 1 ;; +krb5-*.*.*-*) + release=`echo $reldir|sed -e 's/krb5-//'` + relhead=`echo $release|sed -e 's/-.*//'` + reltail=`echo $release|sed -e 's/.*-//'` + relmajor=`echo $relhead|awk -F. '{print $1}'` + relminor=`echo $relhead|awk -F. '{print $2}'` + relpatch=`echo $relhead|awk -F. '{print $3}'` + ;; krb5-*.*.*) release=`echo $reldir|sed -e 's/krb5-//'` relmajor=`echo $release|awk -F. '{print $1}'` diff --git a/src/util/profile/ChangeLog b/src/util/profile/ChangeLog index c878926798..e9734a6f95 100644 --- a/src/util/profile/ChangeLog +++ b/src/util/profile/ChangeLog @@ -1,4 +1,12 @@ -1998-07-12 +1998-08-06 Theodore Ts'o + + * prof_tree.c (profile_delete_node_relation): Fix bug where + deleting a node would corrupt the linked list. + (profile_add_node): Fix another linked list corruption + problem where an insertion into the middle of the linked + list didn't update a previous link. [krb5-libs/615] + +1998-07-12 Sam Hartman * Makefile.in: Add dependency on -lcom_err diff --git a/src/util/profile/prof_tree.c b/src/util/profile/prof_tree.c index 3db7dc625e..f4dc9751bb 100644 --- a/src/util/profile/prof_tree.c +++ b/src/util/profile/prof_tree.c @@ -145,9 +145,14 @@ errcode_t profile_add_node(section, name, value, ret_node) if (section->value) return PROF_ADD_NOT_SECTION; + /* + * Find the place to insert the new node. We look for the + * place *after* the last match of the node name, since + * order matters. + */ for (p=section->first_child, last = 0; p; last = p, p = p->next) { cmp = strcmp(p->name, name); - if (cmp >= 0) + if (cmp > 0) break; } retval = profile_create_node(name, value, &new); @@ -155,19 +160,14 @@ errcode_t profile_add_node(section, name, value, ret_node) return retval; new->group_level = section->group_level+1; new->parent = section; - if (cmp == 0) { - do { - last = p; - p = p->next; - } while (p && strcmp(p->name, name) == 0); - } new->prev = last; + new->next = p; + if (p) + p->prev = new; if (last) last->next = new; else section->first_child = new; - if (p) - new->next = p; if (ret_node) *ret_node = new; return 0; @@ -317,7 +317,7 @@ errcode_t profile_delete_node_relation(section, name) section->first_child = p->next; next = p->next; if (p->next) - p->next->prev = p; + p->next->prev = p->prev; profile_free_node(p); p = next; }