cyrus-sasl-2.1.25/0000777000076400007640000000000011632367340010730 500000000000000cyrus-sasl-2.1.25/include/0000777000076400007640000000000011632367340012353 500000000000000cyrus-sasl-2.1.25/include/exits.h0000666000076400007640000001254007535150462013604 00000000000000/* * Copyright (c) 1987, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)sysexits.h 8.1 (Berkeley) 6/2/93 */ #ifndef _SYSEXITS_H_ #define _SYSEXITS_H_ /* * SYSEXITS.H -- Exit status codes for system programs. * * This include file attempts to categorize possible error * exit statuses for system programs, notably delivermail * and the Berkeley network. * * Error numbers begin at EX__BASE to reduce the possibility of * clashing with other exit statuses that random programs may * already return. The meaning of the codes is approximately * as follows: * * EX_USAGE -- The command was used incorrectly, e.g., with * the wrong number of arguments, a bad flag, a bad * syntax in a parameter, or whatever. * EX_DATAERR -- The input data was incorrect in some way. * This should only be used for user's data & not * system files. * EX_NOINPUT -- An input file (not a system file) did not * exist or was not readable. This could also include * errors like "No message" to a mailer (if it cared * to catch it). * EX_NOUSER -- The user specified did not exist. This might * be used for mail addresses or remote logins. * EX_NOHOST -- The host specified did not exist. This is used * in mail addresses or network requests. * EX_UNAVAILABLE -- A service is unavailable. This can occur * if a support program or file does not exist. This * can also be used as a catchall message when something * you wanted to do doesn't work, but you don't know * why. * EX_SOFTWARE -- An internal software error has been detected. * This should be limited to non-operating system related * errors as possible. * EX_OSERR -- An operating system error has been detected. * This is intended to be used for such things as "cannot * fork", "cannot create pipe", or the like. It includes * things like getuid returning a user that does not * exist in the passwd file. * EX_OSFILE -- Some system file (e.g., /etc/passwd, /etc/utmp, * etc.) does not exist, cannot be opened, or has some * sort of error (e.g., syntax error). * EX_CANTCREAT -- A (user specified) output file cannot be * created. * EX_IOERR -- An error occurred while doing I/O on some file. * EX_TEMPFAIL -- temporary failure, indicating something that * is not really an error. In sendmail, this means * that a mailer (e.g.) could not create a connection, * and the request should be reattempted later. * EX_PROTOCOL -- the remote system returned something that * was "not possible" during a protocol exchange. * EX_NOPERM -- You did not have sufficient permission to * perform the operation. This is not intended for * file system problems, which should use NOINPUT or * CANTCREAT, but rather for higher level permissions. */ #define EX_OK 0 /* successful termination */ #define EX__BASE 64 /* base value for error messages */ #define EX_USAGE 64 /* command line usage error */ #define EX_DATAERR 65 /* data format error */ #define EX_NOINPUT 66 /* cannot open input */ #define EX_NOUSER 67 /* addressee unknown */ #define EX_NOHOST 68 /* host name unknown */ #define EX_UNAVAILABLE 69 /* service unavailable */ #define EX_SOFTWARE 70 /* internal software error */ #define EX_OSERR 71 /* system error (e.g., can't fork) */ #define EX_OSFILE 72 /* critical OS file missing */ #define EX_CANTCREAT 73 /* can't create (user) output file */ #define EX_IOERR 74 /* input/output error */ #define EX_TEMPFAIL 75 /* temp failure; user is invited to retry */ #define EX_PROTOCOL 76 /* remote error in protocol */ #define EX_NOPERM 77 /* permission denied */ #define EX_CONFIG 78 /* configuration error */ #define EX__MAX 78 /* maximum listed value */ #endif /* !_SYSEXITS_H_ */ cyrus-sasl-2.1.25/include/hmac-md5.h0000777000076400007640000000253007660262344014046 00000000000000/* hmac-md5.h -- HMAC_MD5 functions */ #ifndef HMAC_MD5_H #define HMAC_MD5_H 1 #define HMAC_MD5_SIZE 16 /* intermediate MD5 context */ typedef struct HMAC_MD5_CTX_s { MD5_CTX ictx, octx; } HMAC_MD5_CTX; /* intermediate HMAC state * values stored in network byte order (Big Endian) */ typedef struct HMAC_MD5_STATE_s { UINT4 istate[4]; UINT4 ostate[4]; } HMAC_MD5_STATE; #ifdef __cplusplus extern "C" { #endif /* One step hmac computation * * digest may be same as text or key */ void _sasl_hmac_md5(const unsigned char *text, int text_len, const unsigned char *key, int key_len, unsigned char digest[HMAC_MD5_SIZE]); /* create context from key */ void _sasl_hmac_md5_init(HMAC_MD5_CTX *hmac, const unsigned char *key, int key_len); /* precalculate intermediate state from key */ void _sasl_hmac_md5_precalc(HMAC_MD5_STATE *hmac, const unsigned char *key, int key_len); /* initialize context from intermediate state */ void _sasl_hmac_md5_import(HMAC_MD5_CTX *hmac, HMAC_MD5_STATE *state); #define _sasl_hmac_md5_update(hmac, text, text_len) _sasl_MD5Update(&(hmac)->ictx, (text), (text_len)) /* finish hmac from intermediate result. Intermediate result is zeroed. */ void _sasl_hmac_md5_final(unsigned char digest[HMAC_MD5_SIZE], HMAC_MD5_CTX *hmac); #ifdef __cplusplus } #endif #endif /* HMAC_MD5_H */ cyrus-sasl-2.1.25/include/prop.h0000666000076400007640000001615107766210032013426 00000000000000/* prop.h -- property request/response management routines * * Author: Chris Newman * Removal of implementation-specific details by: Rob Siemborski * * This is intended to be used to create a list of properties to request, * and _then_ request values for all properties. Any change to the request * list will discard any existing values. This assumption allows a very * efficient and simple memory model. This was designed for SASL API auxiliary * property support, but would be fine for other contexts where this property * model is appropriate. * * The "struct propctx" is allocated by prop_new and is a fixed size structure. * If a prop_init() call were added, it would be reasonable to embed a "struct * propctx" in another structure. prop_new also allocates a pool of memory * (in the vbase field) which will be used for an array of "struct propval" * to list all the requested properties. * * Properties may be multi-valued. */ #ifndef PROP_H #define PROP_H 1 /* The following ifdef block is the standard way of creating macros * which make exporting from a DLL simpler. All files within this DLL * are compiled with the LIBSASL_EXPORTS symbol defined on the command * line. this symbol should not be defined on any project that uses * this DLL. This way any other project whose source files include * this file see LIBSASL_API functions as being imported from a DLL, * wheras this DLL sees symbols defined with this macro as being * exported. */ /* Under Unix, life is simpler: we just need to mark library functions * as extern. (Technically, we don't even have to do that.) */ #ifdef WIN32 # ifdef LIBSASL_EXPORTS # define LIBSASL_API __declspec(dllexport) # else /* LIBSASL_EXPORTS */ # define LIBSASL_API __declspec(dllimport) # endif /* LIBSASL_EXPORTS */ #else /* WIN32 */ # define LIBSASL_API extern #endif /* WIN32 */ /* Same as above, but used during a variable declaration. Only Unix definition * is different, as we can't assign an initial value to an extern variable */ #ifdef WIN32 # ifdef LIBSASL_EXPORTS # define LIBSASL_VAR __declspec(dllexport) # else /* LIBSASL_EXPORTS */ # define LIBSASL_VAR __declspec(dllimport) # endif /* LIBSASL_EXPORTS */ #else /* WIN32 */ # define LIBSASL_VAR #endif /* WIN32 */ /* the resulting structure for property values */ struct propval { const char *name; /* name of property; NULL = end of list */ /* same pointer used in request will be used here */ const char **values; /* list of strings, values == NULL if property not * found, *values == NULL if property found with * no values */ unsigned nvalues; /* total number of value strings */ unsigned valsize; /* total size in characters of all value strings */ }; /* * private internal structure */ #define PROP_DEFAULT 4 /* default number of propvals to assume */ struct propctx; #ifdef __cplusplus extern "C" { #endif /* create a property context * estimate -- an estimate of the storage needed for requests & responses * 0 will use module default * returns a new property context on success and NULL on any error */ LIBSASL_API struct propctx *prop_new(unsigned estimate); /* create new propctx which duplicates the contents of an existing propctx * returns SASL_OK on success * possible other return values include: SASL_NOMEM, SASL_BADPARAM */ LIBSASL_API int prop_dup(struct propctx *src_ctx, struct propctx **dst_ctx); /* Add property names to request * ctx -- context from prop_new() * names -- list of property names; must persist until context freed * or requests cleared (This extends to other contexts that * are dup'ed from this one, and their children, etc) * * NOTE: may clear values from context as side-effect * returns SASL_OK on success * possible other return values include: SASL_NOMEM, SASL_BADPARAM */ LIBSASL_API int prop_request(struct propctx *ctx, const char **names); /* return array of struct propval from the context * return value persists until next call to * prop_request, prop_clear or prop_dispose on context * * returns NULL on error */ LIBSASL_API const struct propval *prop_get(struct propctx *ctx); /* Fill in an array of struct propval based on a list of property names * return value persists until next call to * prop_request, prop_clear or prop_dispose on context * returns number of matching properties which were found (values != NULL) * if a name requested here was never requested by a prop_request, then * the name field of the associated vals entry will be set to NULL * * The vals array MUST be atleast as long as the names array. * * returns # of matching properties on success * possible other return values include: SASL_BADPARAM */ LIBSASL_API int prop_getnames(struct propctx *ctx, const char **names, struct propval *vals); /* clear values and optionally requests from property context * ctx -- property context * requests -- 0 = don't clear requests, 1 = clear requests */ LIBSASL_API void prop_clear(struct propctx *ctx, int requests); /* erase the value of a property */ LIBSASL_API void prop_erase(struct propctx *ctx, const char *name); /* dispose of property context * ctx -- is disposed and set to NULL; noop if ctx or *ctx is NULL */ LIBSASL_API void prop_dispose(struct propctx **ctx); /****fetcher interfaces****/ /* format the requested property names into a string * ctx -- context from prop_new()/prop_request() * sep -- separator between property names (unused if none requested) * seplen -- length of separator, if < 0 then strlen(sep) will be used * outbuf -- output buffer * outmax -- maximum length of output buffer including NUL terminator * outlen -- set to length of output string excluding NUL terminator * returns SASL_OK on success * returns SASL_BADPARAM or amount of additional space needed on failure */ LIBSASL_API int prop_format(struct propctx *ctx, const char *sep, int seplen, char *outbuf, unsigned outmax, unsigned *outlen); /* add a property value to the context * ctx -- context from prop_new()/prop_request() * name -- name of property to which value will be added * if NULL, add to the same name as previous prop_set/setvals call * value -- a value for the property; will be copied into context * if NULL, remove existing values * vallen -- length of value, if <= 0 then strlen(value) will be used * returns SASL_OK on success * possible error return values include: SASL_BADPARAM, SASL_NOMEM */ LIBSASL_API int prop_set(struct propctx *ctx, const char *name, const char *value, int vallen); /* set the values for a property * ctx -- context from prop_new()/prop_request() * name -- name of property to which value will be added * if NULL, add to the same name as previous prop_set/setvals call * values -- array of values, ending in NULL. Each value is a NUL terminated * string * returns SASL_OK on success * possible error return values include: SASL_BADPARAM, SASL_NOMEM */ LIBSASL_API int prop_setvals(struct propctx *ctx, const char *name, const char **values); #ifdef __cplusplus } #endif #endif /* PROP_H */ cyrus-sasl-2.1.25/include/md5global.h0000666000076400007640000000175711631671140014317 00000000000000/* GLOBAL.H - RSAREF types and constants */ #ifndef MD5GLOBAL_H #define MD5GLOBAL_H /* PROTOTYPES should be set to one if and only if the compiler supports function argument prototyping. The following makes PROTOTYPES default to 0 if it has not already been defined with C compiler flags. */ #ifndef PROTOTYPES #define PROTOTYPES 0 #endif /* POINTER defines a generic pointer type */ typedef unsigned char *POINTER; typedef signed char INT1; /* 8 bits */ typedef short INT2; /* 16 bits */ typedef int INT4; /* 32 bits */ /* There is no 64 bit type */ typedef unsigned char UINT1; /* 8 bits */ typedef unsigned short UINT2; /* 16 bits */ typedef unsigned int UINT4; /* 32 bits */ /* There is no 64 bit type */ /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it returns an empty list. */ #if PROTOTYPES #define PROTO_LIST(list) list #else #define PROTO_LIST(list) () #endif #endif /* MD5GLOBAL_H */ cyrus-sasl-2.1.25/include/saslplug.h0000757000076400007640000010340411630151331014266 00000000000000/* saslplug.h -- API for SASL plug-ins */ #ifndef SASLPLUG_H #define SASLPLUG_H 1 #ifndef MD5GLOBAL_H #include "md5global.h" #endif #ifndef MD5_H #include "md5.h" #endif #ifndef HMAC_MD5_H #include "hmac-md5.h" #endif #ifndef PROP_H #include "prop.h" #endif #ifdef __cplusplus extern "C" { #endif /* callback to lookup a sasl_callback_t for a connection * input: * conn -- the connection to lookup a callback for * callbacknum -- the number of the callback * output: * pproc -- pointer to the callback function (set to NULL on failure) * pcontext -- pointer to the callback context (set to NULL on failure) * returns: * SASL_OK -- no error * SASL_FAIL -- unable to find a callback of the requested type * SASL_INTERACT -- caller must use interaction to get data */ typedef int (*sasl_callback_ft)(void); typedef int sasl_getcallback_t(sasl_conn_t *conn, unsigned long callbackid, sasl_callback_ft * pproc, void **pcontext); /* The sasl_utils structure will remain backwards compatible unless * the SASL_*_PLUG_VERSION is changed incompatibly * higher SASL_UTILS_VERSION numbers indicate more functions are available */ #define SASL_UTILS_VERSION 4 /* utility function set for plug-ins */ typedef struct sasl_utils { int version; /* contexts */ sasl_conn_t *conn; sasl_rand_t *rpool; void *getopt_context; /* option function */ sasl_getopt_t *getopt; /* allocation functions: */ sasl_malloc_t *malloc; sasl_calloc_t *calloc; sasl_realloc_t *realloc; sasl_free_t *free; /* mutex functions: */ sasl_mutex_alloc_t *mutex_alloc; sasl_mutex_lock_t *mutex_lock; sasl_mutex_unlock_t *mutex_unlock; sasl_mutex_free_t *mutex_free; /* MD5 hash and HMAC functions */ void (*MD5Init)(MD5_CTX *); void (*MD5Update)(MD5_CTX *, const unsigned char *text, unsigned int len); void (*MD5Final)(unsigned char [16], MD5_CTX *); void (*hmac_md5)(const unsigned char *text, int text_len, const unsigned char *key, int key_len, unsigned char [16]); void (*hmac_md5_init)(HMAC_MD5_CTX *, const unsigned char *key, int len); /* hmac_md5_update() is just a call to MD5Update on inner context */ void (*hmac_md5_final)(unsigned char [16], HMAC_MD5_CTX *); void (*hmac_md5_precalc)(HMAC_MD5_STATE *, const unsigned char *key, int len); void (*hmac_md5_import)(HMAC_MD5_CTX *, HMAC_MD5_STATE *); /* mechanism utility functions (same as above): */ int (*mkchal)(sasl_conn_t *conn, char *buf, unsigned maxlen, unsigned hostflag); int (*utf8verify)(const char *str, unsigned len); void (*rand)(sasl_rand_t *rpool, char *buf, unsigned len); void (*churn)(sasl_rand_t *rpool, const char *data, unsigned len); /* This allows recursive calls to the sasl_checkpass() routine from * within a SASL plug-in. This MUST NOT be used in the PLAIN mechanism * as sasl_checkpass MAY be a front-end for the PLAIN mechanism. * This is intended for use by the non-standard LOGIN mechanism and * potentially by a future mechanism which uses public-key technology to * set up a lightweight encryption layer just for sending a password. */ int (*checkpass)(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen); /* Access to base64 encode/decode routines */ int (*decode64)(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen); int (*encode64)(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen); /* erase a buffer */ void (*erasebuffer)(char *buf, unsigned len); /* callback to sasl_getprop() and sasl_setprop() */ int (*getprop)(sasl_conn_t *conn, int propnum, const void **pvalue); int (*setprop)(sasl_conn_t *conn, int propnum, const void *value); /* callback function */ sasl_getcallback_t *getcallback; /* format a message and then pass it to the SASL_CB_LOG callback * * use syslog()-style formatting (printf with %m as a human readable text * (strerror()) for the error specified as the parameter). * The implementation may use a fixed size buffer not smaller * than 512 octets if it securely truncates the message. * * level is a SASL_LOG_* level (see sasl.h) */ void (*log)(sasl_conn_t *conn, int level, const char *fmt, ...); /* callback to sasl_seterror() */ void (*seterror)(sasl_conn_t *conn, unsigned flags, const char *fmt, ...); /* spare function pointer */ int *(*spare_fptr)(void); /* auxiliary property utilities */ struct propctx *(*prop_new)(unsigned estimate); int (*prop_dup)(struct propctx *src_ctx, struct propctx **dst_ctx); int (*prop_request)(struct propctx *ctx, const char **names); const struct propval *(*prop_get)(struct propctx *ctx); int (*prop_getnames)(struct propctx *ctx, const char **names, struct propval *vals); void (*prop_clear)(struct propctx *ctx, int requests); void (*prop_dispose)(struct propctx **ctx); int (*prop_format)(struct propctx *ctx, const char *sep, int seplen, char *outbuf, unsigned outmax, unsigned *outlen); int (*prop_set)(struct propctx *ctx, const char *name, const char *value, int vallen); int (*prop_setvals)(struct propctx *ctx, const char *name, const char **values); void (*prop_erase)(struct propctx *ctx, const char *name); int (*auxprop_store)(sasl_conn_t *conn, struct propctx *ctx, const char *user); /* for additions which don't require a version upgrade; set to 0 */ int (*spare_fptr1)(void); int (*spare_fptr2)(void); } sasl_utils_t; /* * output parameters from SASL API * * created / destroyed by the glue code, though probably filled in * by a combination of the plugin, the glue code, and the canon_user callback. * */ typedef struct sasl_out_params { unsigned doneflag; /* exchange complete */ const char *user; /* canonicalized user name */ const char *authid; /* canonicalized authentication id */ unsigned ulen; /* length of canonicalized user name */ unsigned alen; /* length of canonicalized authid */ /* security layer information */ unsigned maxoutbuf; /* Maximum buffer size, which will produce buffer no bigger than the negotiated SASL maximum buffer size */ sasl_ssf_t mech_ssf; /* Should be set non-zero if negotiation of a * security layer was *attempted*, even if * the negotiation failed */ void *encode_context; int (*encode)(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen); void *decode_context; int (*decode)(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen); /* Pointer to delegated (client's) credentials, if supported by the SASL mechanism */ void *client_creds; /* for additions which don't require a version upgrade; set to 0 */ const void *gss_peer_name; const void *gss_local_name; const char *cbindingname; /* channel binding name from packet */ int (*spare_fptr1)(void); int (*spare_fptr2)(void); unsigned int cbindingdisp; /* channel binding disposition from client */ int spare_int2; int spare_int3; int spare_int4; /* set to 0 initially, this allows a plugin with extended parameters * to work with an older framework by updating version as parameters * are added. */ int param_version; } sasl_out_params_t; /* Used by both client and server side plugins */ typedef enum { SASL_INFO_LIST_START = 0, SASL_INFO_LIST_MECH, SASL_INFO_LIST_END } sasl_info_callback_stage_t; /****************************** * Channel binding macros ** ******************************/ typedef enum { SASL_CB_DISP_NONE = 0, /* client did not support CB */ SASL_CB_DISP_WANT, /* client supports CB, thinks server does not */ SASL_CB_DISP_USED /* client supports and used CB */ } sasl_cbinding_disp_t; /* TRUE if channel binding is non-NULL */ #define SASL_CB_PRESENT(params) ((params)->cbinding != NULL) /* TRUE if channel binding is marked critical */ #define SASL_CB_CRITICAL(params) (SASL_CB_PRESENT(params) && \ (params)->cbinding->critical) /****************************** * Client Mechanism Functions * ******************************/ /* * input parameters to client SASL plugin * * created / destroyed by the glue code * */ typedef struct sasl_client_params { const char *service; /* service name */ const char *serverFQDN; /* server fully qualified domain name */ const char *clientFQDN; /* client's fully qualified domain name */ const sasl_utils_t *utils; /* SASL API utility routines -- * for a particular sasl_conn_t, * MUST remain valid until mech_free is * called */ const sasl_callback_t *prompt_supp; /* client callback list */ const char *iplocalport; /* server IP domain literal & port */ const char *ipremoteport; /* client IP domain literal & port */ unsigned servicelen; /* length of service */ unsigned slen; /* length of serverFQDN */ unsigned clen; /* length of clientFQDN */ unsigned iploclen; /* length of iplocalport */ unsigned ipremlen; /* length of ipremoteport */ /* application's security requirements & info */ sasl_security_properties_t props; sasl_ssf_t external_ssf; /* external SSF active */ /* for additions which don't require a version upgrade; set to 0 */ const void *gss_creds; /* GSS credential handle */ const sasl_channel_binding_t *cbinding; /* client channel binding */ const sasl_http_request_t *http_request;/* HTTP Digest request method */ void *spare_ptr4; /* Canonicalize a user name from on-wire to internal format * added rjs3 2001-05-23 * Must be called once user name aquired if canon_user is non-NULL. * conn connection context * in user name from wire protocol (need not be NUL terminated) * len length of user name from wire protocol (0 = strlen(user)) * flags for SASL_CU_* flags * oparams the user, authid, ulen, alen, fields are * set appropriately after canonicalization/copying and * authorization of arguments * * responsible for setting user, ulen, authid, and alen in the oparams * structure * * default behavior is to strip leading and trailing whitespace, as * well as allocating space for and copying the parameters. * * results: * SASL_OK -- success * SASL_NOMEM -- out of memory * SASL_BADPARAM -- invalid conn * SASL_BADPROT -- invalid user/authid */ int (*canon_user)(sasl_conn_t *conn, const char *in, unsigned len, unsigned flags, sasl_out_params_t *oparams); int (*spare_fptr1)(void); unsigned int cbindingdisp; int spare_int2; int spare_int3; /* flags field as passed to sasl_client_new */ unsigned flags; /* set to 0 initially, this allows a plugin with extended parameters * to work with an older framework by updating version as parameters * are added. */ int param_version; } sasl_client_params_t; /* features shared between client and server */ /* These allow the glue code to handle client-first and server-last issues */ /* This indicates that the mechanism prefers to do client-send-first * if the protocol allows it. */ #define SASL_FEAT_WANT_CLIENT_FIRST 0x0002 /* This feature is deprecated. Instead, plugins should set *serverout to * non-NULL and return SASL_OK intelligently to allow flexible use of * server-last semantics #define SASL_FEAT_WANT_SERVER_LAST 0x0004 */ /* This feature is deprecated. Instead, plugins should correctly set * SASL_FEAT_SERVER_FIRST as needed #define SASL_FEAT_INTERNAL_CLIENT_FIRST 0x0008 */ /* This indicates that the plugin is server-first only. * Not defining either of SASL_FEAT_SERVER_FIRST or * SASL_FEAT_WANT_CLIENT_FIRST indicates that the mechanism * will handle the client-first situation internally. */ #define SASL_FEAT_SERVER_FIRST 0x0010 /* This plugin allows proxying */ #define SASL_FEAT_ALLOWS_PROXY 0x0020 /* server plugin don't use cleartext userPassword attribute */ #define SASL_FEAT_DONTUSE_USERPASSWD 0x0080 /* Underlying mechanism uses GSS framing */ #define SASL_FEAT_GSS_FRAMING 0x0100 /* Underlying mechanism supports channel binding */ #define SASL_FEAT_CHANNEL_BINDING 0x0800 /* This plugin can be used for HTTP authentication */ #define SASL_FEAT_SUPPORTS_HTTP 0x1000 /* client plug-in features */ #define SASL_FEAT_NEEDSERVERFQDN 0x0001 /* a C object for a client mechanism */ typedef struct sasl_client_plug { /* mechanism name */ const char *mech_name; /* best mech additional security layer strength factor */ sasl_ssf_t max_ssf; /* best security flags, as defined in sasl_security_properties_t */ unsigned security_flags; /* features of plugin */ unsigned features; /* required prompt ids, NULL = user/pass only */ const unsigned long *required_prompts; /* global state for mechanism */ void *glob_context; /* create context for mechanism, using params supplied * glob_context -- from above * params -- params from sasl_client_new * conn_context -- context for one connection * returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory * SASL_WRONGMECH -- mech doesn't support security params */ int (*mech_new)(void *glob_context, sasl_client_params_t *cparams, void **conn_context); /* perform one step of exchange. NULL is passed for serverin on * first step. * returns: * SASL_OK -- success * SASL_INTERACT -- user interaction needed to fill in prompts * SASL_BADPROT -- server protocol incorrect/cancelled * SASL_BADSERV -- server failed mutual auth */ int (*mech_step)(void *conn_context, sasl_client_params_t *cparams, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams); /* dispose of connection context from mech_new */ void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); /* free all global space used by mechanism * mech_dispose must be called on all mechanisms first */ void (*mech_free)(void *glob_context, const sasl_utils_t *utils); /* perform precalculations during a network round-trip * or idle period. conn_context may be NULL * returns 1 if action taken, 0 if no action taken */ int (*idle)(void *glob_context, void *conn_context, sasl_client_params_t *cparams); /* for additions which don't require a version upgrade; set to 0 */ int (*spare_fptr1)(void); int (*spare_fptr2)(void); } sasl_client_plug_t; #define SASL_CLIENT_PLUG_VERSION 4 /* plug-in entry point: * utils -- utility callback functions * max_version -- highest client plug version supported * returns: * out_version -- client plug version of result * pluglist -- list of mechanism plug-ins * plugcount -- number of mechanism plug-ins * results: * SASL_OK -- success * SASL_NOMEM -- failure * SASL_BADVERS -- max_version too small * SASL_BADPARAM -- bad config string * ... */ typedef int sasl_client_plug_init_t(const sasl_utils_t *utils, int max_version, int *out_version, sasl_client_plug_t **pluglist, int *plugcount); /* add a client plug-in */ LIBSASL_API int sasl_client_add_plugin(const char *plugname, sasl_client_plug_init_t *cplugfunc); typedef struct client_sasl_mechanism { int version; char *plugname; const sasl_client_plug_t *plug; } client_sasl_mechanism_t; typedef void sasl_client_info_callback_t (client_sasl_mechanism_t *m, sasl_info_callback_stage_t stage, void *rock); /* Dump information about available client plugins */ LIBSASL_API int sasl_client_plugin_info (const char *mech_list, sasl_client_info_callback_t *info_cb, void *info_cb_rock); /******************** * Server Functions * ********************/ /* log message formatting routine */ typedef void sasl_logmsg_p(sasl_conn_t *conn, const char *fmt, ...); /* * input parameters to server SASL plugin * * created / destroyed by the glue code * */ typedef struct sasl_server_params { const char *service; /* NULL = default service for user_exists and setpass */ const char *appname; /* name of calling application */ const char *serverFQDN; /* server default fully qualified domain name * (e.g., gethostname) */ const char *user_realm; /* realm for user (NULL = client supplied) */ const char *iplocalport; /* server IP domain literal & port */ const char *ipremoteport; /* client IP domain literal & port */ unsigned servicelen; /* length of service */ unsigned applen; /* length of appname */ unsigned slen; /* length of serverFQDN */ unsigned urlen; /* length of user_realm */ unsigned iploclen; /* length of iplocalport */ unsigned ipremlen; /* length of ipremoteport */ /* This indicates the level of logging desired. See SASL_LOG_* * in sasl.h * * Plug-ins can ignore this and just pass their desired level to * the log callback. This is primarily used to eliminate logging which * might be a performance problem (e.g., full protocol trace) and * to select between SASL_LOG_TRACE and SASL_LOG_PASS alternatives */ int log_level; const sasl_utils_t *utils; /* SASL API utility routines -- * for a particular sasl_conn_t, * MUST remain valid until mech_free is * called */ const sasl_callback_t *callbacks; /* Callbacks from application */ /* application's security requirements */ sasl_security_properties_t props; sasl_ssf_t external_ssf; /* external SSF active */ /* Pointer to the function which takes the plaintext passphrase and * transitions a user to non-plaintext mechanisms via setpass calls. * (NULL = auto transition not enabled/supported) * * If passlen is 0, it defaults to strlen(pass). * returns 0 if no entry added, 1 if entry added */ int (*transition)(sasl_conn_t *conn, const char *pass, unsigned passlen); /* Canonicalize a user name from on-wire to internal format * added cjn 1999-09-21 * Must be called once user name acquired if canon_user is non-NULL. * conn connection context * user user name from wire protocol (need not be NUL terminated) * ulen length of user name from wire protocol (0 = strlen(user)) * flags for SASL_CU_* flags * oparams the user, authid, ulen, alen, fields are * set appropriately after canonicalization/copying and * authorization of arguments * * responsible for setting user, ulen, authid, and alen in the oparams * structure * * default behavior is to strip leading and trailing whitespace, as * well as allocating space for and copying the parameters. * * results: * SASL_OK -- success * SASL_NOMEM -- out of memory * SASL_BADPARAM -- invalid conn * SASL_BADPROT -- invalid user/authid */ int (*canon_user)(sasl_conn_t *conn, const char *user, unsigned ulen, unsigned flags, sasl_out_params_t *oparams); /* auxiliary property context (see definitions in prop.h) * added cjn 2000-01-30 * * NOTE: these properties are the ones associated with the * canonicalized "user" (user to login as / authorization id), not * the "authid" (user whose credentials are used / authentication id) * Prefix the property name with a "*" if a property associated with * the "authid" is interesting. */ struct propctx *propctx; /* for additions which don't require a version upgrade; set to 0 */ const void *gss_creds; /* GSS credential handle */ const sasl_channel_binding_t *cbinding; /* server channel binding */ const sasl_http_request_t *http_request;/* HTTP Digest request method */ void *spare_ptr4; int (*spare_fptr1)(void); int (*spare_fptr2)(void); int spare_int1; int spare_int2; int spare_int3; /* flags field as passed to sasl_server_new */ unsigned flags; /* set to 0 initially, this allows a plugin with extended parameters * to work with an older framework by updating version as parameters * are added. */ int param_version; } sasl_server_params_t; /* logging levels (more levels may be added later, if necessary): */ #define SASL_LOG_NONE 0 /* don't log anything */ #define SASL_LOG_ERR 1 /* log unusual errors (default) */ #define SASL_LOG_FAIL 2 /* log all authentication failures */ #define SASL_LOG_WARN 3 /* log non-fatal warnings */ #define SASL_LOG_NOTE 4 /* more verbose than LOG_WARN */ #define SASL_LOG_DEBUG 5 /* more verbose than LOG_NOTE */ #define SASL_LOG_TRACE 6 /* traces of internal protocols */ #define SASL_LOG_PASS 7 /* traces of internal protocols, including * passwords */ /* additional flags for setpass() function below: */ /* SASL_SET_CREATE create user if pass non-NULL */ /* SASL_SET_DISABLE disable user */ #define SASL_SET_REMOVE SASL_SET_CREATE /* remove user if pass is NULL */ /* features for server plug-in */ #define SASL_FEAT_SERVICE 0x0200 /* service-specific passwords supported */ #define SASL_FEAT_GETSECRET 0x0400 /* sasl_server_{get,put}secret_t callbacks * required by plug-in */ /* a C object for a server mechanism */ typedef struct sasl_server_plug { /* mechanism name */ const char *mech_name; /* best mech additional security layer strength factor */ sasl_ssf_t max_ssf; /* best security flags, as defined in sasl_security_properties_t */ unsigned security_flags; /* features of plugin */ unsigned features; /* global state for mechanism */ void *glob_context; /* create a new mechanism handler * glob_context -- global context * sparams -- server config params * challenge -- server challenge from previous instance or NULL * challen -- length of challenge from previous instance or 0 * out: * conn_context -- connection context * errinfo -- error information * * returns: * SASL_OK -- successfully created mech instance * SASL_* -- any other server error code */ int (*mech_new)(void *glob_context, sasl_server_params_t *sparams, const char *challenge, unsigned challen, void **conn_context); /* perform one step in exchange * * returns: * SASL_OK -- success, all done * SASL_CONTINUE -- success, one more round trip * SASL_* -- any other server error code */ int (*mech_step)(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams); /* dispose of a connection state */ void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); /* free global state for mechanism * mech_dispose must be called on all mechanisms first */ void (*mech_free)(void *glob_context, const sasl_utils_t *utils); /* set a password (optional) * glob_context -- global context * sparams -- service, middleware utilities, etc. props ignored * user -- user name * pass -- password/passphrase (NULL = disable/remove/delete) * passlen -- length of password/passphrase * oldpass -- old password/passphrase (NULL = transition) * oldpasslen -- length of password/passphrase * flags -- see above * * returns: * SASL_NOCHANGE -- no change was needed * SASL_NOUSER -- no entry for user * SASL_NOVERIFY -- no mechanism compatible entry for user * SASL_PWLOCK -- password locked * SASL_DIABLED -- account disabled * etc. */ int (*setpass)(void *glob_context, sasl_server_params_t *sparams, const char *user, const char *pass, unsigned passlen, const char *oldpass, unsigned oldpasslen, unsigned flags); /* query which mechanisms are available for user * glob_context -- context * sparams -- service, middleware utilities, etc. props ignored * user -- NUL terminated user name * maxmech -- max number of strings in mechlist (0 = no output) * output: * mechlist -- an array of C string pointers, filled in with * mechanism names available to the user * * returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory * SASL_FAIL -- lower level failure * SASL_DISABLED -- account disabled * SASL_NOUSER -- user not found * SASL_BUFOVER -- maxmech is too small * SASL_NOVERIFY -- user found, but no mechanisms available */ int (*user_query)(void *glob_context, sasl_server_params_t *sparams, const char *user, int maxmech, const char **mechlist); /* perform precalculations during a network round-trip * or idle period. conn_context may be NULL (optional) * returns 1 if action taken, 0 if no action taken */ int (*idle)(void *glob_context, void *conn_context, sasl_server_params_t *sparams); /* check if mechanism is available * optional--if NULL, mechanism is available based on ENABLE= in config * * If this routine sets conn_context to a non-NULL value, then the call * to mech_new will be skipped. This should not be done unless * there's a significant performance benefit, since it can cause * additional memory allocation in SASL core code to keep track of * contexts potentially for multiple mechanisms. * * This is called by the first call to sasl_listmech() for a * given connection context, thus for a given protocol it may * never be called. Note that if mech_avail returns SASL_NOMECH, * then that mechanism is considered disabled for the remainder * of the session. If mech_avail returns SASL_NOTDONE, then a * future call to mech_avail may still return either SASL_OK * or SASL_NOMECH. * * returns SASL_OK on success, * SASL_NOTDONE if mech is not available now, but may be later * (e.g. EXTERNAL w/o auth_id) * SASL_NOMECH if mech disabled */ int (*mech_avail)(void *glob_context, sasl_server_params_t *sparams, void **conn_context); /* for additions which don't require a version upgrade; set to 0 */ int (*spare_fptr2)(void); } sasl_server_plug_t; #define SASL_SERVER_PLUG_VERSION 4 /* plug-in entry point: * utils -- utility callback functions * plugname -- name of plug-in (may be NULL) * max_version -- highest server plug version supported * returns: * out_version -- server plug-in version of result * pluglist -- list of mechanism plug-ins * plugcount -- number of mechanism plug-ins * results: * SASL_OK -- success * SASL_NOMEM -- failure * SASL_BADVERS -- max_version too small * SASL_BADPARAM -- bad config string * ... */ typedef int sasl_server_plug_init_t(const sasl_utils_t *utils, int max_version, int *out_version, sasl_server_plug_t **pluglist, int *plugcount); /* * add a server plug-in */ LIBSASL_API int sasl_server_add_plugin(const char *plugname, sasl_server_plug_init_t *splugfunc); typedef struct server_sasl_mechanism { int version; int condition; /* set to SASL_NOUSER if no available users; set to SASL_CONTINUE if delayed plugin loading */ char *plugname; /* for AUTHSOURCE tracking */ const sasl_server_plug_t *plug; char *f; /* where should i load the mechanism from? */ } server_sasl_mechanism_t; typedef void sasl_server_info_callback_t (server_sasl_mechanism_t *m, sasl_info_callback_stage_t stage, void *rock); /* Dump information about available server plugins (separate functions are used for canon and auxprop plugins) */ LIBSASL_API int sasl_server_plugin_info (const char *mech_list, sasl_server_info_callback_t *info_cb, void *info_cb_rock); /********************************************************* * user canonicalization plug-in -- added cjn 1999-09-29 * *********************************************************/ typedef struct sasl_canonuser { /* optional features of plugin (set to 0) */ int features; /* spare integer (set to 0) */ int spare_int1; /* global state for plugin */ void *glob_context; /* name of plugin */ char *name; /* free global state for plugin */ void (*canon_user_free)(void *glob_context, const sasl_utils_t *utils); /* canonicalize a username * glob_context -- global context from this structure * sparams -- server params, note user_realm&propctx elements * user -- user to login as (may not be NUL terminated) * len -- length of user name (0 = strlen(user)) * flags -- for SASL_CU_* flags * out -- buffer to copy user name * out_max -- max length of user name * out_len -- set to length of user name * * note that the output buffers MAY be the same as the input buffers. * * returns * SASL_OK on success * SASL_BADPROT username contains invalid character */ int (*canon_user_server)(void *glob_context, sasl_server_params_t *sparams, const char *user, unsigned len, unsigned flags, char *out, unsigned out_umax, unsigned *out_ulen); int (*canon_user_client)(void *glob_context, sasl_client_params_t *cparams, const char *user, unsigned len, unsigned flags, char *out, unsigned out_max, unsigned *out_len); /* for additions which don't require a version upgrade; set to 0 */ int (*spare_fptr1)(void); int (*spare_fptr2)(void); int (*spare_fptr3)(void); } sasl_canonuser_plug_t; #define SASL_CANONUSER_PLUG_VERSION 5 /* default name for canonuser plug-in entry point is "sasl_canonuser_init" * similar to sasl_server_plug_init model, except only returns one * sasl_canonuser_plug_t structure; */ typedef int sasl_canonuser_init_t(const sasl_utils_t *utils, int max_version, int *out_version, sasl_canonuser_plug_t **plug, const char *plugname); /* add a canonuser plugin */ LIBSASL_API int sasl_canonuser_add_plugin(const char *plugname, sasl_canonuser_init_t *canonuserfunc); /****************************************************** * auxiliary property plug-in -- added cjn 1999-09-29 * ******************************************************/ typedef struct sasl_auxprop_plug { /* optional features of plugin (none defined yet, set to 0) */ int features; /* spare integer, must be set to 0 */ int spare_int1; /* global state for plugin */ void *glob_context; /* free global state for plugin (OPTIONAL) */ void (*auxprop_free)(void *glob_context, const sasl_utils_t *utils); /* fill in fields of an auxiliary property context * last element in array has id of SASL_AUX_END * elements with non-0 len should be ignored. */ int (*auxprop_lookup)(void *glob_context, sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen); /* name of the auxprop plugin */ char *name; /* store the fields/values of an auxiliary property context (OPTIONAL) * * if ctx is NULL, just check if storing properties is enabled * * returns * SASL_OK on success * SASL_FAIL on failure */ int (*auxprop_store)(void *glob_context, sasl_server_params_t *sparams, struct propctx *ctx, const char *user, unsigned ulen); } sasl_auxprop_plug_t; /* auxprop lookup flags */ #define SASL_AUXPROP_OVERRIDE 0x01 /* if clear, ignore auxiliary properties * with non-zero len field. If set, * override value of those properties */ #define SASL_AUXPROP_AUTHZID 0x02 /* if clear, we are looking up the * authid flags (prefixed with *), otherwise * we are looking up the authzid flags * (no prefix) */ /* NOTE: Keep in sync with SASL_CU_ flags */ #define SASL_AUXPROP_VERIFY_AGAINST_HASH 0x10 #define SASL_AUXPROP_PLUG_VERSION 8 /* default name for auxprop plug-in entry point is "sasl_auxprop_init" * similar to sasl_server_plug_init model, except only returns one * sasl_auxprop_plug_t structure; */ typedef int sasl_auxprop_init_t(const sasl_utils_t *utils, int max_version, int *out_version, sasl_auxprop_plug_t **plug, const char *plugname); /* add an auxiliary property plug-in */ LIBSASL_API int sasl_auxprop_add_plugin(const char *plugname, sasl_auxprop_init_t *auxpropfunc); typedef void auxprop_info_callback_t (sasl_auxprop_plug_t *m, sasl_info_callback_stage_t stage, void *rock); /* Dump information about available auxprop plugins (separate functions are used for canon and server authentication plugins) */ LIBSASL_API int auxprop_plugin_info (const char *mech_list, auxprop_info_callback_t *info_cb, void *info_cb_rock); #ifdef __cplusplus } #endif #endif /* SASLPLUG_H */ cyrus-sasl-2.1.25/include/NTMakefile0000666000076400007640000000501207752546247014210 00000000000000# NTMakefile for SASL, include directory # Alexey Melnikov # ################################################################ # Copyright (c) 2003 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ #Suppress verbose output from defaulting values VERBOSE=0 !INCLUDE ..\win32\common.mak includedir = $(prefix)\include saslincludedir = $(includedir)\sasl\ saslinclude_HEADERS = hmac-md5.h md5.h sasl.h saslplug.h saslutil.h prop.h # The first target get executed by default. We don't want this to be "install" all: @echo Nothing to be done for $@ # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # install: $(saslinclude_HEADERS) !xcopy sasl*.h $(saslincludedir) /I /F /Y !xcopy $? $(saslincludedir) /I /F /Y cyrus-sasl-2.1.25/include/saslutil.h0000757000076400007640000000533711306006125014302 00000000000000/* saslutil.h -- various utility functions in SASL library */ #ifndef SASLUTIL_H #define SASLUTIL_H 1 #ifndef SASL_H #include "sasl.h" #endif #ifdef __cplusplus extern "C" { #endif /* base64 decode * in -- input data * inlen -- length of input data * out -- output data (may be same as in, must have enough space) * outmax -- max size of output buffer * result: * outlen -- actual output length * * returns SASL_BADPROT on bad base64, * SASL_BUFOVER if result won't fit * SASL_OK on success */ LIBSASL_API int sasl_decode64(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen); /* base64 encode * in -- input data * inlen -- input data length * out -- output buffer (will be NUL terminated) * outmax -- max size of output buffer * result: * outlen -- gets actual length of output buffer (optional) * * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ LIBSASL_API int sasl_encode64(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen); /* make a challenge string (NUL terminated) * buf -- buffer for result * maxlen -- max length of result * hostflag -- 0 = don't include hostname, 1 = include hostname * returns final length or 0 if not enough space */ LIBSASL_API int sasl_mkchal(sasl_conn_t *conn, char *buf, unsigned maxlen, unsigned hostflag); /* verify a string is valid UTF-8 * if len == 0, strlen(str) will be used. * returns SASL_BADPROT on error, SASL_OK on success */ LIBSASL_API int sasl_utf8verify(const char *str, unsigned len); /* create random pool seeded with OS-based params */ LIBSASL_API int sasl_randcreate(sasl_rand_t **rpool); /* free random pool from randcreate */ LIBSASL_API void sasl_randfree(sasl_rand_t **rpool); /* seed random number generator */ LIBSASL_API void sasl_randseed(sasl_rand_t *rpool, const char *seed, unsigned len); /* generate random octets */ LIBSASL_API void sasl_rand(sasl_rand_t *rpool, char *buf, unsigned len); /* churn data into random number generator */ LIBSASL_API void sasl_churn(sasl_rand_t *rpool, const char *data, unsigned len); /* erase a security sensitive buffer or password. * Implementation may use recovery-resistant erase logic. */ LIBSASL_API void sasl_erasebuffer(char *pass, unsigned len); /* Lowercase string in place */ LIBSASL_API char *sasl_strlower (char *val); LIBSASL_API int sasl_config_init(const char *filename); #ifdef WIN32 /* Just in case a different DLL defines this as well */ #if defined(NEED_GETOPT) LIBSASL_API int getopt(int argc, char **argv, char *optstring); #endif LIBSASL_API char * getpass(const char *prompt); #endif /* WIN32 */ #ifdef __cplusplus } #endif #endif /* SASLUTIL_H */ cyrus-sasl-2.1.25/include/makemd5.c0000666000076400007640000001613107622774110013765 00000000000000/* creates the md5global.h file. * Derived from KTH kerberos library bits.c program * Tim Martin * $Id: makemd5.c,v 1.4 2003/02/13 19:55:52 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Kungliga Tekniska * Högskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #include static void my_strupr(char *s) { char *p = s; while(*p){ if(islower((int) *p)) *p = toupper((int) *p); p++; } } #define BITSIZE(TYPE) \ { \ int b = 0; TYPE x = 1, zero = 0; char *pre = "U"; \ char tmp[128], tmp2[128]; \ while(x){ x <<= 1; b++; if(x < zero) pre=""; } \ if(b >= len){ \ int tabs; \ sprintf(tmp, "%sINT%d" , pre, len/8); \ sprintf(tmp2, "typedef %s %s;", #TYPE, tmp); \ my_strupr(tmp); \ tabs = 5 - strlen(tmp2) / 8; \ fprintf(f, "%s", tmp2); \ while(tabs-- > 0) fprintf(f, "\t"); \ fprintf(f, "/* %2d bits */\n", b); \ return; \ } \ } static void try_signed(FILE *f, int len) { BITSIZE(signed char); BITSIZE(short); BITSIZE(int); BITSIZE(long); #ifdef HAVE_LONG_LONG BITSIZE(long long); #endif fprintf(f, "/* There is no %d bit type */\n", len); } static void try_unsigned(FILE *f, int len) { BITSIZE(unsigned char); BITSIZE(unsigned short); BITSIZE(unsigned int); BITSIZE(unsigned long); #ifdef HAVE_LONG_LONG BITSIZE(unsigned long long); #endif fprintf(f, "/* There is no %d bit type */\n", len); } static int print_pre(FILE *f) { fprintf(f, "/* GLOBAL.H - RSAREF types and constants\n" " */\n" "#ifndef MD5GLOBAL_H\n" "#define MD5GLOBAL_H\n" "\n" "/* PROTOTYPES should be set to one if and only if the compiler supports\n" " function argument prototyping.\n" "The following makes PROTOTYPES default to 0 if it has not already\n" " been defined with C compiler flags.\n" " */\n" "#ifndef PROTOTYPES\n" "#define PROTOTYPES 0\n" "#endif\n" "\n" "/* POINTER defines a generic pointer type */\n" "typedef unsigned char *POINTER;\n" "\n" ); return 1; } static int print_post(FILE *f) { fprintf(f, "\n" "/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.\n" "If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it\n" "returns an empty list.\n" "*/\n" "#if PROTOTYPES\n" "#define PROTO_LIST(list) list\n" "#else\n" "#define PROTO_LIST(list) ()\n" "#endif\n" "\n" "#endif /* MD5GLOBAL_H */\n\n" ); return 1; } int main(int argc, char **argv) { FILE *f; char *fn, *hb; if(argc < 2){ fn = "bits.h"; hb = "__BITS_H__"; f = stdout; } else { char *p; fn = argv[1]; hb = malloc(strlen(fn) + 5); sprintf(hb, "__%s__", fn); for(p = hb; *p; p++){ if(!isalnum((int) *p)) *p = '_'; } f = fopen(argv[1], "w"); } print_pre(f); #ifndef HAVE_INT8_T try_signed (f, 8); #endif /* HAVE_INT8_T */ #ifndef HAVE_INT16_T try_signed (f, 16); #endif /* HAVE_INT16_T */ #ifndef HAVE_INT32_T try_signed (f, 32); #endif /* HAVE_INT32_T */ #ifndef HAVE_INT64_T try_signed (f, 64); #endif /* HAVE_INT64_T */ #ifndef HAVE_U_INT8_T try_unsigned (f, 8); #endif /* HAVE_INT8_T */ #ifndef HAVE_U_INT16_T try_unsigned (f, 16); #endif /* HAVE_U_INT16_T */ #ifndef HAVE_U_INT32_T try_unsigned (f, 32); #endif /* HAVE_U_INT32_T */ #ifndef HAVE_U_INT64_T try_unsigned (f, 64); #endif /* HAVE_U_INT64_T */ print_post(f); fclose(f); return 0; } cyrus-sasl-2.1.25/include/sasl.h0000777000076400007640000014546411631664415013431 00000000000000/* This is a proposed C API for support of SASL * *********************************IMPORTANT******************************* * send email to chris.newman@innosoft.com and cyrus-bugs@andrew.cmu.edu * * if you need to add new error codes, callback types, property values, * * etc. It is important to keep the multiple implementations of this * * API from diverging. * *********************************IMPORTANT******************************* * * Basic Type Summary: * sasl_conn_t Context for a SASL connection negotiation * sasl_ssf_t Security layer Strength Factor * sasl_callback_t A typed client/server callback function and context * sasl_interact_t A client interaction descriptor * sasl_secret_t A client password * sasl_rand_t Random data context structure * sasl_security_properties_t An application's required security level * * Callbacks: * sasl_getopt_t client/server: Get an option value * sasl_logmsg_t client/server: Log message handler * sasl_getsimple_t client: Get user/language list * sasl_getsecret_t client: Get authentication secret * sasl_chalprompt_t client: Display challenge and prompt for response * * Server only Callbacks: * sasl_authorize_t user authorization policy callback * sasl_getconfpath_t get path to search for config file * sasl_server_userdb_checkpass check password and auxprops in userdb * sasl_server_userdb_setpass set password in userdb * sasl_server_canon_user canonicalize username routine * * Client/Server Function Summary: * sasl_done Release all SASL global state * sasl_dispose Connection done: Dispose of sasl_conn_t * sasl_getprop Get property (e.g., user name, security layer info) * sasl_setprop Set property (e.g., external ssf) * sasl_errdetail Generate string from last error on connection * sasl_errstring Translate sasl error code to a string * sasl_encode Encode data to send using security layer * sasl_decode Decode data received using security layer * * Utility functions: * sasl_encode64 Encode data to send using MIME base64 encoding * sasl_decode64 Decode data received using MIME base64 encoding * sasl_erasebuffer Erase a buffer * * Client Function Summary: * sasl_client_init Load and initialize client plug-ins (call once) * sasl_client_new Initialize client connection context: sasl_conn_t * sasl_client_start Select mechanism for connection * sasl_client_step Perform one authentication step * * Server Function Summary * sasl_server_init Load and initialize server plug-ins (call once) * sasl_server_new Initialize server connection context: sasl_conn_t * sasl_listmech Create list of available mechanisms * sasl_server_start Begin an authentication exchange * sasl_server_step Perform one authentication exchange step * sasl_checkpass Check a plaintext passphrase * sasl_checkapop Check an APOP challenge/response (uses pseudo "APOP" * mechanism similar to CRAM-MD5 mechanism; optional) * sasl_user_exists Check if user exists * sasl_setpass Change a password or add a user entry * sasl_auxprop_request Request auxiliary properties * sasl_auxprop_getctx Get auxiliary property context for connection * sasl_auxprop_store Store a set of auxiliary properties * * Basic client model: * 1. client calls sasl_client_init() at startup to load plug-ins * 2. when connection formed, call sasl_client_new() * 3. once list of supported mechanisms received from server, client * calls sasl_client_start(). goto 4a * 4. client calls sasl_client_step() * [4a. If SASL_INTERACT, fill in prompts and goto 4 * -- doesn't happen if callbacks provided] * 4b. If SASL error, goto 7 or 3 * 4c. If SASL_OK, continue or goto 6 if last server response was success * 5. send message to server, wait for response * 5a. On data or success with server response, goto 4 * 5b. On failure goto 7 or 3 * 5c. On success with no server response continue * 6. continue with application protocol until connection closes * call sasl_getprop/sasl_encode/sasl_decode() if using security layer * 7. call sasl_dispose(), may return to step 2 * 8. call sasl_done() when program terminates * * Basic Server model: * 1. call sasl_server_init() at startup to load plug-ins * 2. On connection, call sasl_server_new() * 3. call sasl_listmech() and send list to client] * 4. after client AUTH command, call sasl_server_start(), goto 5a * 5. call sasl_server_step() * 5a. If SASL_CONTINUE, output to client, wait response, repeat 5 * 5b. If SASL error, then goto 7 * 5c. If SASL_OK, move on * 6. continue with application protocol until connection closes * call sasl_getprop to get username * call sasl_getprop/sasl_encode/sasl_decode() if using security layer * 7. call sasl_dispose(), may return to step 2 * 8. call sasl_done() when program terminates * ************************************************* * IMPORTANT NOTE: server realms / username syntax * * If a user name contains a "@", then the rightmost "@" in the user name * separates the account name from the realm in which this account is * located. A single server may support multiple realms. If the * server knows the realm at connection creation time (e.g., a server * with multiple IP addresses tightly binds one address to a specific * realm) then that realm must be passed in the user_realm field of * the sasl_server_new call. If user_realm is non-empty and an * unqualified user name is supplied, then the canon_user facility is * expected to append "@" and user_realm to the user name. The canon_user * facility may treat other characters such as "%" as equivalent to "@". * * If the server forbids the use of "@" in user names for other * purposes, this simplifies security validation. */ #ifndef SASL_H #define SASL_H 1 /* Keep in sync with win32/common.mak */ #define SASL_VERSION_MAJOR 2 #define SASL_VERSION_MINOR 1 #define SASL_VERSION_STEP 25 /* A convenience macro: same as was defined in the OpenLDAP LDAPDB */ #define SASL_VERSION_FULL ((SASL_VERSION_MAJOR << 16) |\ (SASL_VERSION_MINOR << 8) | SASL_VERSION_STEP) #include "prop.h" /************* * Basic API * *************/ /* SASL result codes: */ #define SASL_CONTINUE 1 /* another step is needed in authentication */ #define SASL_OK 0 /* successful result */ #define SASL_FAIL -1 /* generic failure */ #define SASL_NOMEM -2 /* memory shortage failure */ #define SASL_BUFOVER -3 /* overflowed buffer */ #define SASL_NOMECH -4 /* mechanism not supported */ #define SASL_BADPROT -5 /* bad protocol / cancel */ #define SASL_NOTDONE -6 /* can't request info until later in exchange */ #define SASL_BADPARAM -7 /* invalid parameter supplied */ #define SASL_TRYAGAIN -8 /* transient failure (e.g., weak key) */ #define SASL_BADMAC -9 /* integrity check failed */ #define SASL_NOTINIT -12 /* SASL library not initialized */ /* -- client only codes -- */ #define SASL_INTERACT 2 /* needs user interaction */ #define SASL_BADSERV -10 /* server failed mutual authentication step */ #define SASL_WRONGMECH -11 /* mechanism doesn't support requested feature */ /* -- server only codes -- */ #define SASL_BADAUTH -13 /* authentication failure */ #define SASL_NOAUTHZ -14 /* authorization failure */ #define SASL_TOOWEAK -15 /* mechanism too weak for this user */ #define SASL_ENCRYPT -16 /* encryption needed to use mechanism */ #define SASL_TRANS -17 /* One time use of a plaintext password will enable requested mechanism for user */ #define SASL_EXPIRED -18 /* passphrase expired, has to be reset */ #define SASL_DISABLED -19 /* account disabled */ #define SASL_NOUSER -20 /* user not found */ #define SASL_BADVERS -23 /* version mismatch with plug-in */ #define SASL_UNAVAIL -24 /* remote authentication server unavailable */ #define SASL_NOVERIFY -26 /* user exists, but no verifier for user */ /* -- codes for password setting -- */ #define SASL_PWLOCK -21 /* passphrase locked */ #define SASL_NOCHANGE -22 /* requested change was not needed */ #define SASL_WEAKPASS -27 /* passphrase is too weak for security policy */ #define SASL_NOUSERPASS -28 /* user supplied passwords not permitted */ #define SASL_NEED_OLD_PASSWD -29 /* sasl_setpass needs old password in order to perform password change */ #define SASL_CONSTRAINT_VIOLAT -30 /* a property can't be stored, because of some constrains/policy violation */ #define SASL_BADBINDING -32 /* channel binding failure */ /* max size of a sasl mechanism name */ #define SASL_MECHNAMEMAX 20 #ifdef _WIN32 /* Define to have the same layout as a WSABUF */ #ifndef STRUCT_IOVEC_DEFINED #define STRUCT_IOVEC_DEFINED 1 struct iovec { long iov_len; char *iov_base; }; #endif #else struct iovec; /* Defined in OS headers */ #endif /* per-connection SASL negotiation state for client or server */ typedef struct sasl_conn sasl_conn_t; /* Plain text password structure. * len is the length of the password, data is the text. */ typedef struct sasl_secret { unsigned long len; unsigned char data[1]; /* variable sized */ } sasl_secret_t; /* random data context structure */ typedef struct sasl_rand_s sasl_rand_t; #ifdef __cplusplus extern "C" { #endif /**************************** * Configure Basic Services * ****************************/ /* the following functions are used to adjust how allocation and mutexes work * they must be called before all other SASL functions: */ /* memory allocation functions which may optionally be replaced: */ typedef void *sasl_malloc_t(unsigned long); typedef void *sasl_calloc_t(unsigned long, unsigned long); typedef void *sasl_realloc_t(void *, unsigned long); typedef void sasl_free_t(void *); LIBSASL_API void sasl_set_alloc(sasl_malloc_t *, sasl_calloc_t *, sasl_realloc_t *, sasl_free_t *); /* mutex functions which may optionally be replaced: * sasl_mutex_alloc allocates a mutex structure * sasl_mutex_lock blocks until mutex locked * returns -1 on deadlock or parameter error * returns 0 on success * sasl_mutex_unlock unlocks mutex if it's locked * returns -1 if not locked or parameter error * returns 0 on success * sasl_mutex_free frees a mutex structure */ typedef void *sasl_mutex_alloc_t(void); typedef int sasl_mutex_lock_t(void *mutex); typedef int sasl_mutex_unlock_t(void *mutex); typedef void sasl_mutex_free_t(void *mutex); LIBSASL_API void sasl_set_mutex(sasl_mutex_alloc_t *, sasl_mutex_lock_t *, sasl_mutex_unlock_t *, sasl_mutex_free_t *); /***************************** * Security preference types * *****************************/ /* security layer strength factor -- an unsigned integer usable by the caller * to specify approximate security layer strength desired. Roughly * correlated to effective key length for encryption. * 0 = no protection * 1 = integrity protection only * 40 = 40-bit DES or 40-bit RC2/RC4 * 56 = DES * 112 = triple-DES * 128 = 128-bit RC2/RC4/BLOWFISH * 256 = baseline AES */ typedef unsigned sasl_ssf_t; /* usage flags provided to sasl_server_new and sasl_client_new: */ #define SASL_SUCCESS_DATA 0x0004 /* server supports data on success */ #define SASL_NEED_PROXY 0x0008 /* require a mech that allows proxying */ #define SASL_NEED_HTTP 0x0010 /* require a mech that can do HTTP auth */ /*************************** * Security Property Types * ***************************/ /* Structure specifying the client or server's security policy * and optional additional properties. */ /* These are the various security flags apps can specify. */ /* NOPLAINTEXT -- don't permit mechanisms susceptible to simple * passive attack (e.g., PLAIN, LOGIN) * NOACTIVE -- protection from active (non-dictionary) attacks * during authentication exchange. * Authenticates server. * NODICTIONARY -- don't permit mechanisms susceptible to passive * dictionary attack * FORWARD_SECRECY -- require forward secrecy between sessions * (breaking one won't help break next) * NOANONYMOUS -- don't permit mechanisms that allow anonymous login * PASS_CREDENTIALS -- require mechanisms which pass client * credentials, and allow mechanisms which can pass * credentials to do so * MUTUAL_AUTH -- require mechanisms which provide mutual * authentication */ #define SASL_SEC_NOPLAINTEXT 0x0001 #define SASL_SEC_NOACTIVE 0x0002 #define SASL_SEC_NODICTIONARY 0x0004 #define SASL_SEC_FORWARD_SECRECY 0x0008 #define SASL_SEC_NOANONYMOUS 0x0010 #define SASL_SEC_PASS_CREDENTIALS 0x0020 #define SASL_SEC_MUTUAL_AUTH 0x0040 #define SASL_SEC_MAXIMUM 0x00FF typedef struct sasl_security_properties { /* security strength factor * min_ssf = minimum acceptable final level * max_ssf = maximum acceptable final level */ sasl_ssf_t min_ssf; sasl_ssf_t max_ssf; /* Maximum security layer receive buffer size. * 0=security layer not supported */ unsigned maxbufsize; /* bitfield for attacks to protect against */ unsigned security_flags; /* NULL terminated array of additional property names, values */ const char **property_names; const char **property_values; } sasl_security_properties_t; /****************** * Callback types * ******************/ /* * Extensible type for a client/server callbacks * id -- identifies callback type * proc -- procedure call arguments vary based on id * context -- context passed to procedure */ /* Note that any memory that is allocated by the callback needs to be * freed by the application, be it via function call or interaction. * * It may be freed after sasl_*_step returns SASL_OK. if the mechanism * requires this information to persist (for a security layer, for example) * it must maintain a private copy. */ typedef struct sasl_callback { /* Identifies the type of the callback function. * Mechanisms must ignore callbacks with id's they don't recognize. */ unsigned long id; int (*proc)(void); /* Callback function. Types of arguments vary by 'id' */ void *context; } sasl_callback_t; /* callback ids & functions: */ #define SASL_CB_LIST_END 0 /* end of list */ /* option reading callback -- this allows a SASL configuration to be * encapsulated in the caller's configuration system. Some implementations * may use default config file(s) if this is omitted. Configuration items * may be plugin-specific and are arbitrary strings. * * inputs: * context -- option context from callback record * plugin_name -- name of plugin (NULL = general SASL option) * option -- name of option * output: * result -- set to result which persists until next getopt in * same thread, unchanged if option not found * len -- length of result (may be NULL) * returns: * SASL_OK -- no error * SASL_FAIL -- error */ typedef int sasl_getopt_t(void *context, const char *plugin_name, const char *option, const char **result, unsigned *len); #define SASL_CB_GETOPT 1 /* Logging levels for use with the logging callback function. */ #define SASL_LOG_NONE 0 /* don't log anything */ #define SASL_LOG_ERR 1 /* log unusual errors (default) */ #define SASL_LOG_FAIL 2 /* log all authentication failures */ #define SASL_LOG_WARN 3 /* log non-fatal warnings */ #define SASL_LOG_NOTE 4 /* more verbose than LOG_WARN */ #define SASL_LOG_DEBUG 5 /* more verbose than LOG_NOTE */ #define SASL_LOG_TRACE 6 /* traces of internal protocols */ #define SASL_LOG_PASS 7 /* traces of internal protocols, including * passwords */ /* logging callback -- this allows plugins and the middleware to * log operations they perform. * inputs: * context -- logging context from the callback record * level -- logging level; see above * message -- message to log * returns: * SASL_OK -- no error * SASL_FAIL -- error */ typedef int sasl_log_t(void *context, int level, const char *message); #define SASL_CB_LOG 2 /* getpath callback -- this allows applications to specify the * colon-separated path to search for plugins (by default, * taken from an implementation-specific location). * inputs: * context -- getpath context from the callback record * outputs: * path -- colon seperated path * returns: * SASL_OK -- no error * SASL_FAIL -- error */ typedef int sasl_getpath_t(void *context, const char **path); #define SASL_CB_GETPATH 3 /* verify file callback -- this allows applications to check if they * want SASL to use files, file by file. This is intended to allow * applications to sanity check the environment to make sure plugins * or the configuration file can't be written to, etc. * inputs: * context -- verifypath context from the callback record * file -- full path to file to verify * type -- type of file to verify (see below) * returns: * SASL_OK -- no error (file can safely be used) * SASL_CONTINUE -- continue WITHOUT using this file * SASL_FAIL -- error */ /* these are the types of files libsasl will ask about */ typedef enum { SASL_VRFY_PLUGIN=0, /* a DLL/shared library plug-in */ SASL_VRFY_CONF=1, /* a configuration file */ SASL_VRFY_PASSWD=2, /* a password storage file/db */ SASL_VRFY_OTHER=3 /* some other file */ } sasl_verify_type_t; typedef int sasl_verifyfile_t(void *context, const char *file, sasl_verify_type_t type); #define SASL_CB_VERIFYFILE 4 /* getconfpath callback -- this allows applications to specify the * colon-separated path to search for config files (by default, * taken from the SASL_CONF_PATH environment variable). * inputs: * context -- getconfpath context from the callback record * outputs: * path -- colon seperated path (allocated on the heap; the * library will free it using the sasl_free_t * * passed to sasl_set_callback, or the standard free() * library call). * returns: * SASL_OK -- no error * SASL_FAIL -- error */ typedef int sasl_getconfpath_t(void *context, char **path); #define SASL_CB_GETCONFPATH 5 /* client/user interaction callbacks: */ /* Simple prompt -- result must persist until next call to getsimple on * same connection or until connection context is disposed * inputs: * context -- context from callback structure * id -- callback id * outputs: * result -- set to NUL terminated string * NULL = user cancel * len -- length of result * returns SASL_OK */ typedef int sasl_getsimple_t(void *context, int id, const char **result, unsigned *len); #define SASL_CB_USER 0x4001 /* client user identity to login as */ #define SASL_CB_AUTHNAME 0x4002 /* client authentication name */ #define SASL_CB_LANGUAGE 0x4003 /* comma separated list of RFC 1766 * language codes in order of preference * to be used to localize client prompts * or server error codes */ #define SASL_CB_CNONCE 0x4007 /* caller supplies client-nonce * primarily for testing purposes */ /* get a sasl_secret_t (plaintext password with length) * inputs: * conn -- connection context * context -- context from callback structure * id -- callback id * outputs: * psecret -- set to NULL to cancel * set to password structure which must persist until * next call to getsecret in same connection, but middleware * will erase password data when it's done with it. * returns SASL_OK */ typedef int sasl_getsecret_t(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret); #define SASL_CB_PASS 0x4004 /* client passphrase-based secret */ /* prompt for input in response to a challenge. * input: * context -- context from callback structure * id -- callback id * challenge -- server challenge * output: * result -- NUL terminated result, NULL = user cancel * len -- length of result * returns SASL_OK */ typedef int sasl_chalprompt_t(void *context, int id, const char *challenge, const char *prompt, const char *defresult, const char **result, unsigned *len); #define SASL_CB_ECHOPROMPT 0x4005 /* challenge and client enterred result */ #define SASL_CB_NOECHOPROMPT 0x4006 /* challenge and client enterred result */ /* prompt (or autoselect) the realm to do authentication in. * may get a list of valid realms. * input: * context -- context from callback structure * id -- callback id * availrealms -- available realms; string list; NULL terminated * list may be empty. * output: * result -- NUL terminated realm; NULL is equivalent to "" * returns SASL_OK * result must persist until the next callback */ typedef int sasl_getrealm_t(void *context, int id, const char **availrealms, const char **result); #define SASL_CB_GETREALM (0x4008) /* realm to attempt authentication in */ /* server callbacks: */ /* improved callback to verify authorization; * canonicalization now handled elsewhere * conn -- connection context * requested_user -- the identity/username to authorize (NUL terminated) * rlen -- length of requested_user * auth_identity -- the identity associated with the secret (NUL terminated) * alen -- length of auth_identity * default_realm -- default user realm, as passed to sasl_server_new if * urlen -- length of default realm * propctx -- auxiliary properties * returns SASL_OK on success, * SASL_NOAUTHZ or other SASL response on failure */ typedef int sasl_authorize_t(sasl_conn_t *conn, void *context, const char *requested_user, unsigned rlen, const char *auth_identity, unsigned alen, const char *def_realm, unsigned urlen, struct propctx *propctx); #define SASL_CB_PROXY_POLICY 0x8001 /* functions for "userdb" based plugins to call to get/set passwords. * the location for the passwords is determined by the caller or middleware. * plug-ins may get passwords from other locations. */ /* callback to verify a plaintext password against the caller-supplied * user database. This is necessary to allow additional s for * encoding of the userPassword property. * user -- NUL terminated user name with user@realm syntax * pass -- password to check (may not be NUL terminated) * passlen -- length of password to check * propctx -- auxiliary properties for user */ typedef int sasl_server_userdb_checkpass_t(sasl_conn_t *conn, void *context, const char *user, const char *pass, unsigned passlen, struct propctx *propctx); #define SASL_CB_SERVER_USERDB_CHECKPASS (0x8005) /* callback to store/change a plaintext password in the user database * user -- NUL terminated user name with user@realm syntax * pass -- password to store (may not be NUL terminated) * passlen -- length of password to store * propctx -- auxiliary properties (not stored) * flags -- see SASL_SET_* flags below (SASL_SET_CREATE optional) */ typedef int sasl_server_userdb_setpass_t(sasl_conn_t *conn, void *context, const char *user, const char *pass, unsigned passlen, struct propctx *propctx, unsigned flags); #define SASL_CB_SERVER_USERDB_SETPASS (0x8006) /* callback for a server-supplied user canonicalization function. * * This function is called directly after the mechanism has the * authentication and authorization IDs. It is called before any * User Canonicalization plugin is called. It has the responsibility * of copying its output into the provided output buffers. * * in, inlen -- user name to canonicalize, may not be NUL terminated * may be same buffer as out * flags -- not currently used, supplied by auth mechanism * user_realm -- the user realm (may be NULL in case of client) * out -- buffer to copy user name * out_max -- max length of user name * out_len -- set to length of user name * * returns * SASL_OK on success * SASL_BADPROT username contains invalid character */ /* User Canonicalization Function Flags */ #define SASL_CU_NONE 0x00 /* Not a valid flag to pass */ /* One of the following two is required */ #define SASL_CU_AUTHID 0x01 #define SASL_CU_AUTHZID 0x02 /* Combine the following with SASL_CU_AUTHID, if you don't want to fail if auxprop returned SASL_NOUSER */ #define SASL_CU_EXTERNALLY_VERIFIED 0x04 #define SASL_CU_OVERRIDE 0x08 /* mapped to SASL_AUXPROP_OVERRIDE */ /* The following CU flags are passed "as is" down to auxprop lookup */ #define SASL_CU_ASIS_MASK 0xFFF0 /* NOTE: Keep in sync with SASL_AUXPROP_ flags */ #define SASL_CU_VERIFY_AGAINST_HASH 0x10 typedef int sasl_canon_user_t(sasl_conn_t *conn, void *context, const char *in, unsigned inlen, unsigned flags, const char *user_realm, char *out, unsigned out_max, unsigned *out_len); #define SASL_CB_CANON_USER (0x8007) /********************************** * Common Client/server functions * **********************************/ /* Types of paths to set (see sasl_set_path below). */ #define SASL_PATH_TYPE_PLUGIN 0 #define SASL_PATH_TYPE_CONFIG 1 /* a simpler way to set plugin path or configuration file path * without the need to set sasl_getpath_t callback. * * This function can be called before sasl_server_init/sasl_client_init. */ LIBSASL_API int sasl_set_path (int path_type, char * path); /* get sasl library version information * implementation is a vendor-defined string * version is a vender-defined representation of the version #. * * This function is being deprecated in favor of sasl_version_info. */ LIBSASL_API void sasl_version(const char **implementation, int *version); /* Extended version of sasl_version(). * * This function is to be used * for library version display and logging * for bug workarounds in old library versions * * The sasl_version_info is not to be used for API feature detection. * * All parameters are optional. If NULL is specified, the value is not returned. */ LIBSASL_API void sasl_version_info (const char **implementation, const char **version_string, int *version_major, int *version_minor, int *version_step, int *version_patch); /* dispose of all SASL plugins. Connection * states have to be disposed of before calling this. * * This function is DEPRECATED in favour of sasl_server_done/ * sasl_client_done. */ LIBSASL_API void sasl_done(void); /* dispose of all SASL plugins. Connection * states have to be disposed of before calling this. * This function should be called instead of sasl_done(), whenever possible. */ LIBSASL_API int sasl_server_done(void); /* dispose of all SASL plugins. Connection * states have to be disposed of before calling this. * This function should be called instead of sasl_done(), whenever possible. */ LIBSASL_API int sasl_client_done(void); /* dispose connection state, sets it to NULL * checks for pointer to NULL */ LIBSASL_API void sasl_dispose(sasl_conn_t **pconn); /* translate an error number into a string * input: * saslerr -- the error number * langlist -- comma separated list of RFC 1766 languages (may be NULL) * results: * outlang -- the language actually used (may be NULL if don't care) * returns: * the error message in UTF-8 (only the US-ASCII subset if langlist is NULL) */ LIBSASL_API const char *sasl_errstring(int saslerr, const char *langlist, const char **outlang); /* get detail about the last error that occurred on a connection * text is sanitized so it's suitable to send over the wire * (e.g., no distinction between SASL_BADAUTH and SASL_NOUSER) * input: * conn -- mandatory connection context * returns: * the error message in UTF-8 (only the US-ASCII subset permitted if no * SASL_CB_LANGUAGE callback is present) */ LIBSASL_API const char *sasl_errdetail(sasl_conn_t *conn); /* set the error string which will be returned by sasl_errdetail() using * syslog()-style formatting (e.g. printf-style with %m as most recent * errno error) * * primarily for use by server callbacks such as the sasl_authorize_t * callback and internally to plug-ins * * This will also trigger a call to the SASL logging callback (if any) * with a level of SASL_LOG_FAIL unless the SASL_NOLOG flag is set. * * Messages should be sensitive to the current language setting. If there * is no SASL_CB_LANGUAGE callback messages MUST be US-ASCII otherwise UTF-8 * is used and use of RFC 2482 for mixed-language text is encouraged. * * if conn is NULL, function does nothing */ LIBSASL_API void sasl_seterror(sasl_conn_t *conn, unsigned flags, const char *fmt, ...); #define SASL_NOLOG 0x01 /* get property from SASL connection state * propnum -- property number * pvalue -- pointer to value * returns: * SASL_OK -- no error * SASL_NOTDONE -- property not available yet * SASL_BADPARAM -- bad property number */ LIBSASL_API int sasl_getprop(sasl_conn_t *conn, int propnum, const void **pvalue); #define SASL_USERNAME 0 /* pointer to NUL terminated user name */ #define SASL_SSF 1 /* security layer security strength factor, * if 0, call to sasl_encode, sasl_decode * unnecessary */ #define SASL_MAXOUTBUF 2 /* security layer max output buf unsigned */ #define SASL_DEFUSERREALM 3 /* default realm passed to server_new */ /* or set with setprop */ #define SASL_GETOPTCTX 4 /* context for getopt callback */ #define SASL_CALLBACK 7 /* current callback function list */ #define SASL_IPLOCALPORT 8 /* iplocalport string passed to server_new */ #define SASL_IPREMOTEPORT 9 /* ipremoteport string passed to server_new */ /* This returns a string which is either empty or has an error message * from sasl_seterror (e.g., from a plug-in or callback). It differs * from the result of sasl_errdetail() which also takes into account the * last return status code. */ #define SASL_PLUGERR 10 /* a handle to any delegated credentials or NULL if none is present * is returned by the mechanism. The user will probably need to know * which mechanism was used to actually known how to make use of them * currently only implemented for the gssapi mechanism */ #define SASL_DELEGATEDCREDS 11 #define SASL_SERVICE 12 /* service passed to sasl_*_new */ #define SASL_SERVERFQDN 13 /* serverFQDN passed to sasl_*_new */ #define SASL_AUTHSOURCE 14 /* name of auth source last used, useful * for failed authentication tracking */ #define SASL_MECHNAME 15 /* active mechanism name, if any */ #define SASL_AUTHUSER 16 /* authentication/admin user */ #define SASL_APPNAME 17 /* application name (used for logging/ configuration), same as appname parameter to sasl_server_init */ /* GSS-API credential handle for sasl_client_step() or sasl_server_step(). * The application is responsible for releasing this credential handle. */ #define SASL_GSS_CREDS 18 /* GSS name (gss_name_t) of the peer, as output by gss_inquire_context() * or gss_accept_sec_context(). * On server end this is similar to SASL_USERNAME, but the gss_name_t * structure can contain additional attributes associated with the peer. */ #define SASL_GSS_PEER_NAME 19 /* Local GSS name (gss_name_t) as output by gss_inquire_context(). This * is particularly useful for servers that respond to multiple names. */ #define SASL_GSS_LOCAL_NAME 20 /* Channel binding information. Memory is managed by the caller. */ typedef struct sasl_channel_binding { const char *name; int critical; unsigned long len; const unsigned char *data; } sasl_channel_binding_t; #define SASL_CHANNEL_BINDING 21 /* HTTP Request (RFC 2616) - ONLY used for HTTP Digest Auth (RFC 2617) */ typedef struct sasl_http_request { const char *method; /* HTTP Method */ const char *uri; /* request-URI */ const unsigned char *entity; /* entity-body */ unsigned long elen; /* entity-body length */ unsigned non_persist; /* Is it a non-persistent connection? */ } sasl_http_request_t; #define SASL_HTTP_REQUEST 22 /* set property in SASL connection state * returns: * SASL_OK -- value set * SASL_BADPARAM -- invalid property or value */ LIBSASL_API int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value); #define SASL_SSF_EXTERNAL 100 /* external SSF active (sasl_ssf_t *) */ #define SASL_SEC_PROPS 101 /* sasl_security_properties_t */ #define SASL_AUTH_EXTERNAL 102 /* external authentication ID (const char *) */ /* If the SASL_AUTH_EXTERNAL value is non-NULL, then a special version of the * EXTERNAL mechanism is enabled (one for server-embedded EXTERNAL mechanisms). * Otherwise, the EXTERNAL mechanism will be absent unless a plug-in * including EXTERNAL is present. */ /* do precalculations during an idle period or network round trip * may pass NULL to precompute for some mechanisms prior to connect * returns 1 if action taken, 0 if no action taken */ LIBSASL_API int sasl_idle(sasl_conn_t *conn); /************** * Client API * **************/ /* list of client interactions with user for caller to fill in */ typedef struct sasl_interact { unsigned long id; /* same as client/user callback ID */ const char *challenge; /* presented to user (e.g. OTP challenge) */ const char *prompt; /* presented to user (e.g. "Username: ") */ const char *defresult; /* default result string */ const void *result; /* set to point to result */ unsigned len; /* set to length of result */ } sasl_interact_t; /* initialize the SASL client drivers * callbacks -- base callbacks for all client connections; * must include getopt callback * returns: * SASL_OK -- Success * SASL_NOMEM -- Not enough memory * SASL_BADVERS -- Mechanism version mismatch * SASL_BADPARAM -- missing getopt callback or error in config file * SASL_NOMECH -- No mechanisms available * ... */ LIBSASL_API int sasl_client_init(const sasl_callback_t *callbacks); /* initialize a client exchange based on the specified mechanism * service -- registered name of the service using SASL (e.g. "imap") * serverFQDN -- the fully qualified domain name of the server * iplocalport -- client IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * ipremoteport -- server IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * prompt_supp -- list of client interactions supported * may also include sasl_getopt_t context & call * NULL prompt_supp = user/pass via SASL_INTERACT only * NULL proc = interaction supported via SASL_INTERACT * flags -- server usage flags (see above) * in/out: * pconn -- connection negotiation structure * pointer to NULL => allocate new * * Returns: * SASL_OK -- success * SASL_NOMECH -- no mechanism meets requested properties * SASL_NOMEM -- not enough memory */ LIBSASL_API int sasl_client_new(const char *service, const char *serverFQDN, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *prompt_supp, unsigned flags, sasl_conn_t **pconn); /* select a mechanism for a connection * mechlist -- mechanisms server has available (punctuation ignored) * if NULL, then discard cached info and retry last mech * output: * prompt_need -- on SASL_INTERACT, list of prompts needed to continue * may be NULL if callbacks provided * clientout -- the initial client response to send to the server * will be valid until next call to client_start/client_step * NULL if mech doesn't include initial client challenge * mech -- set to mechansm name of selected mechanism (may be NULL) * * Returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory * SASL_NOMECH -- no mechanism meets requested properties * SASL_INTERACT -- user interaction needed to fill in prompt_need list */ LIBSASL_API int sasl_client_start(sasl_conn_t *conn, const char *mechlist, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, const char **mech); /* do a single authentication step. * serverin -- the server message received by the client, MUST have a NUL * sentinel, not counted by serverinlen * output: * prompt_need -- on SASL_INTERACT, list of prompts needed to continue * clientout -- the client response to send to the server * will be valid until next call to client_start/client_step * * returns: * SASL_OK -- success * SASL_INTERACT -- user interaction needed to fill in prompt_need list * SASL_BADPROT -- server protocol incorrect/cancelled * SASL_BADSERV -- server failed mutual auth */ LIBSASL_API int sasl_client_step(sasl_conn_t *conn, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen); /************** * Server API * **************/ /* initialize server drivers, done once per process * callbacks -- callbacks for all server connections; must include * getopt callback * appname -- name of calling application (for lower level logging) * results: * state -- server state * returns: * SASL_OK -- success * SASL_BADPARAM -- error in config file * SASL_NOMEM -- memory failure * SASL_BADVERS -- Mechanism version mismatch */ LIBSASL_API int sasl_server_init(const sasl_callback_t *callbacks, const char *appname); /* IP/port syntax: * a.b.c.d;p where a-d are 0-255 and p is 0-65535 port number. * e:f:g:h:i:j:k:l;p where e-l are 0000-ffff lower-case hexidecimal * e:f:g:h:i:j:a.b.c.d;p alternate syntax for previous * * Note that one or more "0" fields in f-k can be replaced with "::" * Thus: e:f:0000:0000:0000:j:k:l;p * can be abbreviated: e:f::j:k:l;p * * A buffer of size 52 is adequate for the longest format with NUL terminator. */ /* create context for a single SASL connection * service -- registered name of the service using SASL (e.g. "imap") * serverFQDN -- Fully qualified domain name of server. NULL means use * gethostname() or equivalent. * Useful for multi-homed servers. * user_realm -- permits multiple user realms on server, NULL = default * iplocalport -- server IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * ipremoteport -- client IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * callbacks -- callbacks (e.g., authorization, lang, new getopt context) * flags -- usage flags (see above) * returns: * pconn -- new connection context * * returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory */ LIBSASL_API int sasl_server_new(const char *service, const char *serverFQDN, const char *user_realm, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *callbacks, unsigned flags, sasl_conn_t **pconn); /* Return an array of NUL-terminated strings, terminated by a NULL pointer, * which lists all possible mechanisms that the library can supply * * Returns NULL on failure. */ LIBSASL_API const char ** sasl_global_listmech(void); /* This returns a list of mechanisms in a NUL-terminated string * conn -- the connection to list mechanisms for (either client * or server) * user -- restricts mechanisms to those available to that user * (may be NULL, not used for client case) * prefix -- appended to beginning of result * sep -- appended between mechanisms * suffix -- appended to end of result * results: * result -- NUL terminated result which persists until next * call to sasl_listmech for this sasl_conn_t * plen -- gets length of result (excluding NUL), may be NULL * pcount -- gets number of mechanisms, may be NULL * * returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory * SASL_NOMECH -- no enabled mechanisms */ LIBSASL_API int sasl_listmech(sasl_conn_t *conn, const char *user, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount); /* start a mechanism exchange within a connection context * mech -- the mechanism name client requested * clientin -- client initial response (NUL terminated), NULL if empty * clientinlen -- length of initial response * serverout -- initial server challenge, NULL if done * (library handles freeing this string) * serveroutlen -- length of initial server challenge * output: * pconn -- the connection negotiation state on success * * Same returns as sasl_server_step() or * SASL_NOMECH if mechanism not available. */ LIBSASL_API int sasl_server_start(sasl_conn_t *conn, const char *mech, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen); /* perform one step of the SASL exchange * inputlen & input -- client data * NULL on first step if no optional client step * outputlen & output -- set to the server data to transmit * to the client in the next step * (library handles freeing this) * * returns: * SASL_OK -- exchange is complete. * SASL_CONTINUE -- indicates another step is necessary. * SASL_TRANS -- entry for user exists, but not for mechanism * and transition is possible * SASL_BADPARAM -- service name needed * SASL_BADPROT -- invalid input from client * ... */ LIBSASL_API int sasl_server_step(sasl_conn_t *conn, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen); /* check if an apop exchange is valid * (note this is an optional part of the SASL API) * if challenge is NULL, just check if APOP is enabled * inputs: * challenge -- challenge which was sent to client * challen -- length of challenge, 0 = strlen(challenge) * response -- client response, " " (RFC 1939) * resplen -- length of response, 0 = strlen(response) * returns * SASL_OK -- success * SASL_BADAUTH -- authentication failed * SASL_BADPARAM -- missing challenge * SASL_BADPROT -- protocol error (e.g., response in wrong format) * SASL_NOVERIFY -- user found, but no verifier * SASL_NOMECH -- mechanism not supported * SASL_NOUSER -- user not found */ LIBSASL_API int sasl_checkapop(sasl_conn_t *conn, const char *challenge, unsigned challen, const char *response, unsigned resplen); /* check if a plaintext password is valid * if user is NULL, check if plaintext passwords are enabled * inputs: * user -- user to query in current user_domain * userlen -- length of username, 0 = strlen(user) * pass -- plaintext password to check * passlen -- length of password, 0 = strlen(pass) * returns * SASL_OK -- success * SASL_NOMECH -- mechanism not supported * SASL_NOVERIFY -- user found, but no verifier * SASL_NOUSER -- user not found */ LIBSASL_API int sasl_checkpass(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen); /* check if a user exists on server * conn -- connection context * service -- registered name of the service using SASL (e.g. "imap") * user_realm -- permits multiple user realms on server, NULL = default * user -- NUL terminated user name * * returns: * SASL_OK -- success * SASL_DISABLED -- account disabled * SASL_NOUSER -- user not found * SASL_NOVERIFY -- user found, but no usable mechanism * SASL_NOMECH -- no mechanisms enabled * SASL_UNAVAIL -- remote authentication server unavailable, try again later */ LIBSASL_API int sasl_user_exists(sasl_conn_t *conn, const char *service, const char *user_realm, const char *user); /* set the password for a user * conn -- SASL connection * user -- user name * pass -- plaintext password, may be NULL to remove user * passlen -- length of password, 0 = strlen(pass) * oldpass -- NULL will sometimes work * oldpasslen -- length of password, 0 = strlen(oldpass) * flags -- see flags below * * returns: * SASL_NOCHANGE -- proper entry already exists * SASL_NOMECH -- no authdb supports password setting as configured * SASL_NOVERIFY -- user exists, but no settable password present * SASL_DISABLED -- account disabled * SASL_PWLOCK -- password locked * SASL_WEAKPASS -- password too weak for security policy * SASL_NOUSERPASS -- user-supplied passwords not permitted * SASL_FAIL -- OS error * SASL_BADPARAM -- password too long * SASL_OK -- successful */ LIBSASL_API int sasl_setpass(sasl_conn_t *conn, const char *user, const char *pass, unsigned passlen, const char *oldpass, unsigned oldpasslen, unsigned flags); #define SASL_SET_CREATE 0x01 /* create a new entry for user */ #define SASL_SET_DISABLE 0x02 /* disable user account */ #define SASL_SET_NOPLAIN 0x04 /* do not store secret in plain text */ #define SASL_SET_CURMECH_ONLY 0x08 /* set the mechanism specific password only. fail if no current mechanism */ /********************************************************* * Auxiliary Property Support -- added by cjn 1999-09-29 * *********************************************************/ #define SASL_AUX_END NULL /* last auxiliary property */ #define SASL_AUX_ALL "*" /* A special flag to signal user deletion */ /* traditional Posix items (should be implemented on Posix systems) */ #define SASL_AUX_PASSWORD_PROP "userPassword" /* User Password */ #define SASL_AUX_PASSWORD "*" SASL_AUX_PASSWORD_PROP /* User Password (of authid) */ #define SASL_AUX_UIDNUM "uidNumber" /* UID number for the user */ #define SASL_AUX_GIDNUM "gidNumber" /* GID for the user */ #define SASL_AUX_FULLNAME "gecos" /* full name of the user, unix-style */ #define SASL_AUX_HOMEDIR "homeDirectory" /* home directory for user */ #define SASL_AUX_SHELL "loginShell" /* login shell for the user */ /* optional additional items (not necessarily implemented) */ /* single preferred mail address for user canonically-quoted * RFC821/822 syntax */ #define SASL_AUX_MAILADDR "mail" /* path to unix-style mailbox for user */ #define SASL_AUX_UNIXMBX "mailMessageStore" /* SMTP mail channel name to use if user authenticates successfully */ #define SASL_AUX_MAILCHAN "mailSMTPSubmitChannel" /* Request a set of auxiliary properties * conn connection context * propnames list of auxiliary property names to request ending with * NULL. * * Subsequent calls will add items to the request list. Call with NULL * to clear the request list. * * errors * SASL_OK -- success * SASL_BADPARAM -- bad count/conn parameter * SASL_NOMEM -- out of memory */ LIBSASL_API int sasl_auxprop_request(sasl_conn_t *conn, const char **propnames); /* Returns current auxiliary property context. * Use functions in prop.h to access content * * if authentication hasn't completed, property values may be empty/NULL * * properties not recognized by active plug-ins will be left empty/NULL * * returns NULL if conn is invalid. */ LIBSASL_API struct propctx *sasl_auxprop_getctx(sasl_conn_t *conn); /* Store the set of auxiliary properties for the given user. * Use functions in prop.h to set the content. * * conn connection context * ctx property context from prop_new()/prop_request()/prop_set() * user NUL terminated user * * Call with NULL 'ctx' to see if the backend allows storing properties. * * errors * SASL_OK -- success * SASL_NOMECH -- can not store some/all properties * SASL_BADPARAM -- bad conn/ctx/user parameter * SASL_NOMEM -- out of memory * SASL_FAIL -- failed to store */ LIBSASL_API int sasl_auxprop_store(sasl_conn_t *conn, struct propctx *ctx, const char *user); /********************** * security layer API * **********************/ /* encode a block of data for transmission using security layer, * returning the input buffer if there is no security layer. * output is only valid until next call to sasl_encode or sasl_encodev * returns: * SASL_OK -- success (returns input if no layer negotiated) * SASL_NOTDONE -- security layer negotiation not finished * SASL_BADPARAM -- inputlen is greater than the SASL_MAXOUTBUF */ LIBSASL_API int sasl_encode(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen); /* encode a block of data for transmission using security layer * output is only valid until next call to sasl_encode or sasl_encodev * returns: * SASL_OK -- success (returns input if no layer negotiated) * SASL_NOTDONE -- security layer negotiation not finished * SASL_BADPARAM -- input length is greater than the SASL_MAXOUTBUF * or no security layer */ LIBSASL_API int sasl_encodev(sasl_conn_t *conn, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen); /* decode a block of data received using security layer * returning the input buffer if there is no security layer. * output is only valid until next call to sasl_decode * * if outputlen is 0 on return, than the value of output is undefined. * * returns: * SASL_OK -- success (returns input if no layer negotiated) * SASL_NOTDONE -- security layer negotiation not finished * SASL_BADMAC -- bad message integrity check */ LIBSASL_API int sasl_decode(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen); #ifdef __cplusplus } #endif #endif /* SASL_H */ cyrus-sasl-2.1.25/include/md5.h0000646000076400007640000000257111630151330013120 00000000000000/* MD5.H - header file for MD5C.C */ /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ /* MD5 context. */ typedef struct { UINT4 state[4]; /* state (ABCD) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ unsigned char buffer[64]; /* input buffer */ } MD5_CTX; #ifdef __cplusplus extern "C" { #endif void _sasl_MD5Init (MD5_CTX *); void _sasl_MD5Update (MD5_CTX *, const unsigned char *, unsigned int); void _sasl_MD5Final (unsigned char [16], MD5_CTX *); #ifdef __cplusplus } #endif cyrus-sasl-2.1.25/include/gai.h0000646000076400007640000000647310421715336013211 00000000000000/* * Mar 8, 2000 by Hajimu UMEMOTO * $Id: gai.h,v 1.8 2006/04/10 13:36:20 mel Exp $ * * This module is besed on ssh-1.2.27-IPv6-1.5 written by * KIKUCHI Takahiro */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * fake library for ssh * * This file is included in getaddrinfo.c and getnameinfo.c. * See getaddrinfo.c and getnameinfo.c. */ #ifndef _GAI_H_ #define _GAI_H_ #ifndef NI_MAXHOST #define NI_MAXHOST 1025 #endif #ifndef NI_MAXSERV #define NI_MAXSERV 32 #endif /* for old netdb.h */ #ifndef EAI_NODATA #define EAI_NODATA 1 #define EAI_MEMORY 2 #define EAI_FAMILY 5 /* ai_family not supported */ #define EAI_SERVICE 9 /* servname not supported for ai_socktype */ #endif /* dummy value for old netdb.h */ #ifndef AI_PASSIVE #define AI_PASSIVE 1 #define AI_CANONNAME 2 struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ int ai_family; /* PF_xxx */ int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ size_t ai_addrlen; /* length of ai_addr */ char *ai_canonname; /* canonical name for hostname */ struct sockaddr *ai_addr; /* binary address */ struct addrinfo *ai_next; /* next structure in linked list */ }; #endif #ifdef __cplusplus extern "C" { #endif #ifndef HAVE_GETNAMEINFO int getnameinfo(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, int); #endif #ifndef HAVE_GETADDRINFO int getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); void freeaddrinfo(struct addrinfo *); char *gai_strerror(int); #endif #ifdef __cplusplus } #endif #endif cyrus-sasl-2.1.25/include/Makefile.am0000666000076400007640000000455210137006706014330 00000000000000# Makefile.am for SASL includes # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ noinst_HEADERS = gai.h exits.h saslincludedir = $(includedir)/sasl saslinclude_HEADERS = hmac-md5.h md5.h md5global.h sasl.h saslplug.h saslutil.h prop.h noinst_PROGRAMS = makemd5 makemd5_SOURCES = makemd5.c md5global.h: makemd5 -rm -f md5global.h ./makemd5 md5global.h EXTRA_DIST = NTMakefile DISTCLEANFILES = md5global.h if MACOSX framedir = /Library/Frameworks/SASL2.framework frameheaderdir = $(framedir)/Versions/A/Headers frameheader_DATA = $(saslinclude_HEADERS) endif cyrus-sasl-2.1.25/include/Makefile.in0000666000076400007640000005174611631670663014361 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for SASL includes # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ noinst_PROGRAMS = makemd5$(EXEEXT) subdir = include DIST_COMMON = $(noinst_HEADERS) $(saslinclude_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_makemd5_OBJECTS = makemd5.$(OBJEXT) makemd5_OBJECTS = $(am_makemd5_OBJECTS) makemd5_LDADD = $(LDADD) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(makemd5_SOURCES) DIST_SOURCES = $(makemd5_SOURCES) am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(frameheaderdir)" \ "$(DESTDIR)$(saslincludedir)" DATA = $(frameheader_DATA) HEADERS = $(noinst_HEADERS) $(saslinclude_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ noinst_HEADERS = gai.h exits.h saslincludedir = $(includedir)/sasl saslinclude_HEADERS = hmac-md5.h md5.h md5global.h sasl.h saslplug.h saslutil.h prop.h makemd5_SOURCES = makemd5.c EXTRA_DIST = NTMakefile DISTCLEANFILES = md5global.h @MACOSX_TRUE@framedir = /Library/Frameworks/SASL2.framework @MACOSX_TRUE@frameheaderdir = $(framedir)/Versions/A/Headers @MACOSX_TRUE@frameheader_DATA = $(saslinclude_HEADERS) all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu include/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list makemd5$(EXEEXT): $(makemd5_OBJECTS) $(makemd5_DEPENDENCIES) @rm -f makemd5$(EXEEXT) $(LINK) $(makemd5_OBJECTS) $(makemd5_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/makemd5.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-frameheaderDATA: $(frameheader_DATA) @$(NORMAL_INSTALL) test -z "$(frameheaderdir)" || $(MKDIR_P) "$(DESTDIR)$(frameheaderdir)" @list='$(frameheader_DATA)'; test -n "$(frameheaderdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(frameheaderdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(frameheaderdir)" || exit $$?; \ done uninstall-frameheaderDATA: @$(NORMAL_UNINSTALL) @list='$(frameheader_DATA)'; test -n "$(frameheaderdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(frameheaderdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(frameheaderdir)" && rm -f $$files install-saslincludeHEADERS: $(saslinclude_HEADERS) @$(NORMAL_INSTALL) test -z "$(saslincludedir)" || $(MKDIR_P) "$(DESTDIR)$(saslincludedir)" @list='$(saslinclude_HEADERS)'; test -n "$(saslincludedir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(saslincludedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(saslincludedir)" || exit $$?; \ done uninstall-saslincludeHEADERS: @$(NORMAL_UNINSTALL) @list='$(saslinclude_HEADERS)'; test -n "$(saslincludedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(saslincludedir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(saslincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) $(DATA) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(frameheaderdir)" "$(DESTDIR)$(saslincludedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-frameheaderDATA install-saslincludeHEADERS install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-frameheaderDATA uninstall-saslincludeHEADERS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am \ install-frameheaderDATA install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am \ install-saslincludeHEADERS install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-frameheaderDATA \ uninstall-saslincludeHEADERS md5global.h: makemd5 -rm -f md5global.h ./makemd5 md5global.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/configure.in0000646000076400007640000011760511631667560013177 00000000000000dnl configure.in for the SASL library dnl Rob Siemborski dnl Rob Earhart dnl $Id: configure.in,v 1.222 2011/09/07 13:19:44 murch Exp $ dnl dnl Copyright (c) 2001 Carnegie Mellon University. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without dnl modification, are permitted provided that the following conditions dnl are met: dnl dnl 1. Redistributions of source code must retain the above copyright dnl notice, this list of conditions and the following disclaimer. dnl dnl 2. Redistributions in binary form must reproduce the above copyright dnl notice, this list of conditions and the following disclaimer in dnl the documentation and/or other materials provided with the dnl distribution. dnl dnl 3. The name "Carnegie Mellon University" must not be used to dnl endorse or promote products derived from this software without dnl prior written permission. For permission or any other legal dnl details, please contact dnl Office of Technology Transfer dnl Carnegie Mellon University dnl 5000 Forbes Avenue dnl Pittsburgh, PA 15213-3890 dnl (412) 268-4387, fax: (412) 268-7395 dnl tech-transfer@andrew.cmu.edu dnl dnl 4. Redistributions of any form whatsoever must retain the following dnl acknowledgment: dnl \"This product includes software developed by Computing Services dnl at Carnegie Mellon University (http://www.cmu.edu/computing/).\" dnl dnl CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO dnl THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY dnl AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE dnl FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES dnl WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN dnl AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING dnl OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_INIT(lib/saslint.h) AC_PREREQ([2.54]) dnl use ./config.cache as the default cache file. dnl we require a cache file to successfully configure our build. if test $cache_file = "/dev/null"; then cache_file="./config.cache" AC_CACHE_LOAD fi AC_CONFIG_AUX_DIR(config) AC_CANONICAL_HOST AC_CANONICAL_TARGET dnl dnl REMINDER: When changing the version number here, please also update dnl the values in win32/include/config.h and include/sasl.h as well. dnl AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.25) CMU_INIT_AUTOMAKE # and include our config dir scripts ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" DIRS="" AC_ARG_ENABLE(cmulocal, [AC_HELP_STRING([--enable-cmulocal], [enable local mods for CMU [[no]]])], [], enable_cmulocal=no) AC_ARG_ENABLE(sample, [AC_HELP_STRING([--enable-sample], [compile sample code [[yes]]])], enable_sample=yes) AC_ARG_ENABLE(obsolete_cram_attr, [AC_HELP_STRING([--enable-obsolete_cram_attr], [enable support for cmusaslsecretCRAM-MD5 auxprop property [[yes]]])], enable_obsolete_cram_attr=$enableval, enable_obsolete_cram_attr=yes) AC_PROG_CC AC_PROG_CPP AC_PROG_AWK AC_PROG_LN_S AC_PROG_MAKE_SET AC_PROG_INSTALL CMU_C___ATTRIBUTE__ dnl check for -R, etc. switch CMU_GUESS_RUNPATH_SWITCH dnl xxx compatibility AC_ARG_WITH(staticsasl) if test "$with_staticsasl" = yes; then enable_shared=yes enable_static=yes fi save_target=$target if test -z "$target"; then target="NONE" fi # new libtool AM_DISABLE_STATIC AC_PROG_LIBTOOL target=$save_target if test "$enable_static" = yes; then SASL_STATIC_LIBS=libsasl2.a else SASL_STATIC_LIBS= fi AC_ARG_ENABLE(staticdlopen, [ --enable-staticdlopen try dynamic plugins when we are a static libsasl [[no]] ], enable_staticdlopen=$enableval, enable_staticdlopen=no) if test "$enable_staticdlopen" = yes; then AC_DEFINE(TRY_DLOPEN_WHEN_STATIC,[],[Should we try to dlopen() plugins while staticly compiled?]) fi if test "$ac_cv_prog_gcc" = yes; then CFLAGS="-Wall -W ${CFLAGS}" fi AC_ARG_WITH(purecov,[ --with-purecov link with purecov]) if test "$with_purecov" = yes; then AC_CHECK_PROGS(PURECOV, purecov) fi AC_ARG_WITH(purify,[ --with-purify link with purify]) if test "$with_purify" = yes; then AC_CHECK_PROGS(PURIFY, purify) fi AC_ARG_ENABLE(java, [ --enable-java compile Java support [[no]]], enable_java=$enableval, enable_java=no) if test "$enable_java" = yes; then AC_PATH_PROG(JAVAC, javac, no) AC_PATH_PROGS(JAVAH, javah kaffeh, no) AC_CHECK_PROGS(JAVADOC, javadoc, :) if test "$JAVAC" = "no" -o "$JAVAH" = "no"; then AC_WARN([Disabling Java support]) enable_java=no fi else # Make distcheck work JAVAC="true" JAVAH="true" JAVADOC="true" fi AM_CONDITIONAL(JAVA, test "$enable_java" = yes) if test "$enable_java" = yes; then AC_MSG_CHECKING([JNI cpp flags]) AC_CACHE_VAL(sasl_cv_java_includes,[ if test `echo $JAVAH | sed 's,.*/,,'` = "kaffeh"; then sasl_cv_java_includes=-I`echo $JAVAH | sed -e 's,/bin.*,/include/kaffe,'` else java_base=`echo $JAVAC | sed 's,/bin.*,'','` AC_ARG_WITH(javabase, [ --with-javabase=PATH set path to find jni.h in [/usr/java/include] ], java_base=$withval,) sasl_cv_java_includes='' for dir in `find ${java_base}/include -follow -type d -print | grep -v green_threads`; do sasl_cv_java_includes="${sasl_cv_java_includes} -I$dir" done fi sasl_cv_java_includes="${sasl_cv_java_includes} -I$javapath/include"]) JAVA_INCLUDES=$sasl_cv_java_includes AC_SUBST(JAVA_INCLUDES) AC_MSG_RESULT(ok) JAVAROOT=".." AC_SUBST(JAVAROOT) JAVAC=`echo "$JAVAC" | sed 's,.*/,,'` JAVAH=`echo "$JAVAH" | sed 's,.*/,,'` fi AM_CONDITIONAL(SAMPLE, test "$enable_sample" = yes) dnl call before we do the berkeley DB checks CMU_SOCKETS dnl we extracted this to config/sasldb.m4 SASL_DB_PATH_CHECK() SASL_DB_CHECK() # Do we not install the SASL DB man pages? AM_CONDITIONAL(NO_SASL_DB_MANS, test "x$SASL_DB_MANS" = "x") AC_ARG_ENABLE(keep_db_open, [ --enable-keep-db-open keep handle to Berkeley DB open for improved performance [[no]] ], keep_db_open=$enableval, keep_db_open=no) # Disable if Berkeley DB is not used if test "$dblib" != berkeley; then keep_db_open=no fi if test "$keep_db_open" = yes; then AC_DEFINE(KEEP_DB_OPEN,[],[Should we keep handle to Berkeley DB open in SASLDB plugin?]) fi AC_MSG_CHECKING(if Berkeley DB handle is kept open in SASLDB) AC_MSG_RESULT($keep_db_open) AC_CHECK_LIB(dl, dlopen, SASL_DL_LIB="-ldl", SASL_DL_LIB="") AC_SUBST(SASL_DL_LIB) dnl /dev/random ? AC_ARG_WITH(devrandom, [ --with-devrandom=PATH set the path to /dev/random [[/dev/random]] ], devrandom=$withval, devrandom=/dev/random) AC_MSG_CHECKING(/dev/random to use) AC_MSG_RESULT($devrandom) AC_DEFINE_UNQUOTED(SASL_DEV_RANDOM, "$devrandom", [File to use for source of randomness]) dnl Do we need leading underscores on our symbols? AC_CHECK_PROGS(NM, nm) AC_MSG_CHECKING(for underscore before symbols) AC_CACHE_VAL(sasl_cv_uscore,[ echo "main(){int i=1;} foo(){int i=6;}" > conftest.c ${CC} -o a.out conftest.c > /dev/null if (${NM} a.out | grep _foo) > /dev/null; then sasl_cv_uscore=yes else sasl_cv_uscore=no fi]) AC_MSG_RESULT($sasl_cv_uscore) rm -f conftest.c a.out if test $sasl_cv_uscore = yes; then if test $ac_cv_lib_dl_dlopen = yes ; then AC_MSG_CHECKING(whether dlsym adds the underscore for us) cmu_save_LIBS="$LIBS" LIBS="$LIBS $SASL_DL_LIB" AC_CACHE_VAL(sasl_cv_dlsym_adds_uscore,AC_TRY_RUN( [ #include #include foo() { int i=0;} main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY); if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo"); if(ptr1 && !ptr2) exit(0); } exit(1); } ], [sasl_cv_dlsym_adds_uscore=yes], sasl_cv_dlsym_adds_uscore=no AC_DEFINE(DLSYM_NEEDS_UNDERSCORE, [], [Do we need a leading _ for dlsym?]), AC_MSG_WARN(cross-compiler, we'll do our best))) LIBS="$cmu_save_LIBS" AC_MSG_RESULT($sasl_cv_dlsym_adds_uscore) fi fi dnl See if we can provide a default logging function... AC_CHECK_FUNCS(syslog) AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [[yes]] ], with_pam=$withval, with_pam=yes) if test "$with_pam" != no; then if test -d $with_pam; then CPPFLAGS="$CPPFLAGS -I${with_pam}/include" LDFLAGS="$LDFLAGS -L${with_pam}/lib" fi AC_CHECK_HEADERS(security/pam_appl.h pam/pam_appl.h) cmu_save_LIBS="$LIBS" AC_CHECK_FUNC(pam_start, :, LIBS="-lpam $LIBS" AC_TRY_LINK([[ #include #ifdef HAVE_PAM_PAM_APPL_H #include #endif #ifdef HAVE_SECURITY_PAM_H #include #endif]],[[ const char *service="foo"; const char *user="bar"; pam_handle_t *pamh; struct pam_conv *conv; int baz; baz = pam_start(service, user, conv, &pamh); return 0; ]], LIBPAM="-lpam") ) LIBS="$cmu_save_LIBS $LIBPAM" fi AC_ARG_WITH(saslauthd, [ --with-saslauthd=DIR enable use of the saslauth daemon using state dir DIR ], with_saslauthd=$withval, with_saslauthd=yes) if test "$with_saslauthd" != no; then if test "$with_saslauthd" = yes; then with_saslauthd="/var/state/saslauthd" fi AC_DEFINE(HAVE_SASLAUTHD,[],[Include support for saslauthd?]) AC_DEFINE_UNQUOTED(PATH_SASLAUTHD_RUNDIR, "$with_saslauthd", [Where do we look for saslauthd's socket?]) fi AM_CONDITIONAL(SASLAUTHD, test "$with_saslauthd" != no) AC_MSG_CHECKING(if I should include saslauthd) AC_MSG_RESULT($with_saslauthd) AC_ARG_WITH(authdaemond, [ --with-authdaemond=PATH enable use of authdaemon with default socket=PATH [[yes]] ], with_authdaemon=$withval, with_authdaemon=yes) if test "$with_authdaemon" != no; then if test "$with_authdaemon" = yes; then with_authdaemon="/dev/null" fi AC_DEFINE(HAVE_AUTHDAEMON,[],[Include support for Courier's authdaemond?]) AC_DEFINE_UNQUOTED(PATH_AUTHDAEMON_SOCKET, "$with_authdaemon", [Where do we look for Courier authdaemond's socket?]) fi AC_MSG_CHECKING(to include Courier authdaemond support) AC_MSG_RESULT($with_authdaemon) AC_ARG_WITH(pwcheck, [ --with-pwcheck=DIR enable deprecated pwcheck daemon using statedir DIR ], with_pwcheck=$withval, with_pwcheck=no) if test "$with_pwcheck" != no; then if test "$with_pwcheck" = yes; then with_pwcheck=/var/pwcheck fi AC_DEFINE(HAVE_PWCHECK,[],[Include Support for pwcheck daemon?]) AC_DEFINE_UNQUOTED(PWCHECKDIR, "$with_pwcheck", [Location of pwcheck socket]) AC_CHECK_FUNC(getspnam,PWCHECKMETH="getspnam",PWCHECKMETH="getpwnam") AC_SUBST(PWCHECKMETH) fi AM_CONDITIONAL(PWCHECK, test "$with_pwcheck" != no) AC_MSG_CHECKING(if I should include pwcheck) AC_MSG_RESULT($with_pwcheck) AC_ARG_WITH(ipctype, [ --with-ipctype={unix,doors} use ipctype [[unix]] ], with_ipctype=$withval, with_ipctype="unix") IPCTYPE=$with_ipctype AC_SUBST(IPCTYPE) LIB_DOOR= if test "$with_ipctype" = "doors"; then LIB_DOOR="-ldoor" AC_DEFINE(USE_DOORS,[],[use the doors IPC API for saslauthd?]) fi AC_SUBST(LIB_DOOR) AC_ARG_ENABLE(alwaystrue, [ --enable-alwaystrue enable the alwaystrue password verifier (discouraged)], enable_alwaystrue=$enableval, enable_alwaystrue=no) if test "$enable_alwaystrue" = yes; then AC_DEFINE(HAVE_ALWAYSTRUE, [], [Enable 'alwaystrue' password verifier?]) fi AC_MSG_CHECKING(if I should include the alwaystrue verifier) AC_MSG_RESULT($enable_alwaystrue) dnl sasl_checkapop support AC_ARG_ENABLE(checkapop, [ --enable-checkapop enable use of sasl_checkapop [[yes]] ], checkapop=$enableval, checkapop=yes) AC_MSG_CHECKING(if we should enable sasl_checkapop) if test "$checkapop" != no; then AC_MSG_RESULT(enabled) AC_DEFINE(DO_SASL_CHECKAPOP, [], [should we support sasl_checkapop?]) else AC_MSG_RESULT(disabled) fi dnl CRAM-MD5 AC_ARG_ENABLE(cram, [ --enable-cram enable CRAM-MD5 authentication [[yes]] ], cram=$enableval, cram=yes) AC_MSG_CHECKING(CRAM-MD5) if test "$cram" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libcrammd5.la" if test "$enable_obsolete_cram_attr" = yes; then CPPFLAGS="$CPPFLAGS -DOBSOLETE_CRAM_ATTR=1" fi if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS cram.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/cram.c" AC_DEFINE(STATIC_CRAMMD5, [], [Link CRAM-MD5 Staticly]) fi else AC_MSG_RESULT(disabled) fi CMU_HAVE_OPENSSL AC_MSG_CHECKING(for OpenSSL) AC_MSG_RESULT($with_openssl) SASL_DES_CHK dnl DIGEST-MD5 AC_ARG_ENABLE(digest, [ --enable-digest enable DIGEST-MD5 authentication [[yes]] ], digest=$enableval, digest=yes) if test "$digest" != no; then dnl In order to compile digest, we should look for need libdes. if test -d $digest; then CPPFLAGS="$CPPFLAGS -I$digest/include" LDFLAGS="$LDFLAGS -L$digest/lib" fi if test "$with_des" = no; then AC_WARN(No DES support for DIGEST-MD5) fi fi AC_MSG_CHECKING(DIGEST-MD5) if test "$digest" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libdigestmd5.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/digestmd5.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS digestmd5.o" AC_DEFINE(STATIC_DIGESTMD5, [], [Link DIGEST-MD5 Staticly]) fi else AC_MSG_RESULT(disabled) fi dnl SCRAM AC_ARG_ENABLE(scram, [ --enable-scram enable SCRAM authentication [[yes]] ], scram=$enableval, scram=yes) if test "$with_openssl" = no; then AC_WARN([OpenSSL not found -- SCRAM will be disabled]) scram=no fi AC_MSG_CHECKING(SCRAM) if test "$scram" != no; then AC_MSG_RESULT(enabled) SCRAM_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libscram.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/scram.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS scram.o" AC_DEFINE(STATIC_SCRAM, [], [Link SCRAM Staticly]) fi AC_SUBST(SCRAM_LIBS) else AC_MSG_RESULT(disabled) fi dnl OTP AC_ARG_ENABLE(otp, [ --enable-otp enable OTP authentication [[yes]] ], otp=$enableval, otp=yes) if test "$with_openssl" = no; then AC_WARN([OpenSSL not found -- OTP will be disabled]) otp=no fi AC_MSG_CHECKING(OTP) if test "$otp" != no; then AC_MSG_RESULT(enabled) OTP_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libotp.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/otp.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS otp.o" AC_DEFINE(STATIC_OTP, [], [Link OTP Staticly]) fi dnl Test for OPIE AC_ARG_WITH(with-opie,[ --with-opie=PATH use OPIE (One Time Passwords in Everything) from PATH], with_opie="${withval}") case "$with_opie" in ""|yes) AC_CHECK_LIB(opie, opiechallenge, [ AC_CHECK_HEADER(opie.h, with_opie="yes", with_opie="no")], with_opie="no") ;; *) if test -d $with_opie; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" LDFLAGS="${LDFLAGS} -L${with_opie}/lib" else with_opie="no" fi ;; esac AC_MSG_CHECKING(for OPIE) AC_MSG_RESULT($with_opie) if test "$with_opie" != no; then AC_DEFINE(HAVE_OPIE,[],[Use OPIE for server-side OTP?]) OTP_LIBS="$OTP_LIBS -lopie" fi AC_SUBST(OTP_LIBS) else AC_MSG_RESULT(disabled) fi dnl SRP AC_ARG_ENABLE(srp, [ --enable-srp enable SRP authentication [[no]] ], srp=$enableval, srp=no) if test "$with_openssl" = no; then AC_WARN([OpenSSL not found -- SRP will be disabled]) srp=no fi AC_MSG_CHECKING(SRP) if test "$srp" != no; then AC_MSG_RESULT(enabled) SRP_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libsrp.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/srp.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS srp.o" AC_DEFINE(STATIC_SRP, [], [Link SRP Staticly]) fi dnl srp_setpass support AC_ARG_ENABLE(srp_setpass, [ --enable-srp-setpass enable setting SRP secrets with saslpasswd [[no]]], srp_setpass=$enableval, srp_setpass=no) AC_MSG_CHECKING(if we should enable setting SRP secrets with saslpasswd) if test "$srp_setpass" != no; then AC_MSG_RESULT(enabled) AC_DEFINE(DO_SRP_SETPASS, [], [should we support setpass() for SRP?]) else AC_MSG_RESULT(disabled) fi AC_SUBST(SRP_LIBS) else AC_MSG_RESULT(disabled) fi dnl Kerberos based Mechanisms SASL_KERBEROS_V4_CHK SASL_GSSAPI_CHK if test "$gssapi" != "no"; then AC_DEFINE(STATIC_GSSAPIV2,[],[Link GSSAPI Staticly]) mutex_default="no" if test "$gss_impl" = "mit"; then mutex_default="yes" fi AC_MSG_CHECKING(to use mutexes aroung GSS calls) AC_ARG_ENABLE(gss_mutexes, [ --enable-gss_mutexes use mutexes around calls to the GSS library], use_gss_mutexes=$enableval, use_gss_mutexes=$mutex_default) if test $use_gss_mutexes = "yes"; then AC_DEFINE(GSS_USE_MUTEXES, [], [should we mutex-wrap calls into the GSS library?]) fi AC_MSG_RESULT($use_gss_mutexes) fi dnl PLAIN SASL_PLAIN_CHK dnl ANONYMOUS AC_ARG_ENABLE(anon, [ --enable-anon enable ANONYMOUS authentication [[yes]] ], anon=$enableval, anon=yes) AC_MSG_CHECKING(ANONYMOUS) if test "$anon" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libanonymous.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS anonymous.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/anonymous.c" AC_DEFINE(STATIC_ANONYMOUS, [], [Link ANONYMOUS Staticly]) fi else AC_MSG_RESULT(disabled) fi dnl LOGIN AC_ARG_ENABLE(login, [ --enable-login enable unsupported LOGIN authentication [[no]] ], login=$enableval, login=no) AC_MSG_CHECKING(LOGIN) if test "$login" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS liblogin.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/login.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS login.o" AC_DEFINE(STATIC_LOGIN,[],[Link LOGIN Staticly]) fi else AC_MSG_RESULT(disabled) fi dnl NTLM AC_ARG_ENABLE(ntlm, [ --enable-ntlm enable unsupported NTLM authentication [[no]] ], ntlm=$enableval, ntlm=no) if test "$with_openssl" = no; then AC_WARN([OpenSSL not found -- NTLM will be disabled]) ntlm=no fi AC_MSG_CHECKING(NTLM) if test "$ntlm" != no; then AC_MSG_RESULT(enabled) NTLM_LIBS="-lcrypto $LIB_RSAREF" AC_SUBST(NTLM_LIBS) SASL_MECHS="$SASL_MECHS libntlm.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ntlm.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS ntlm.o" AC_DEFINE(STATIC_NTLM,[],[Link NTLM Staticly]) fi else AC_MSG_RESULT(disabled) fi dnl PASSDSS AC_ARG_ENABLE(passdss, [ --enable-passdss enable PASSDSS authentication (experimental) [[no]] ], passdss=$enableval, passdss=no) if test "$with_openssl" = no; then AC_WARN([OpenSSL not found -- PASSDSS will be disabled]) passdss=no fi AC_MSG_CHECKING(PASSDSS) if test "$passdss" != no; then AC_MSG_RESULT(enabled) PASSDSS_LIBS="-lcrypto $LIB_RSAREF" AC_SUBST(PASSDSS_LIBS) SASL_MECHS="$SASL_MECHS libpassdss.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS passdss.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/passdss.c" AC_DEFINE(STATIC_PASSDSS,[],[Link PASSDSS Staticly]) fi else AC_MSG_RESULT(disabled) fi # make the option show up so people don't whine that it is only in the # saslauthd configure script --help AC_ARG_WITH(ldap, [ --with-ldap=DIR use LDAP (in DIR) for saslauthd [no] ],,with_ldap=no) dnl SQL dnl This flag also changes the requirements of --with-mysql and --with-pgsql dnl dnl Desired behavior: dnl dnl doesn't require mysql or postgres if --disable-sql is chosen dnl requires at least one (but not both) if --enable-sql is chosen AC_ARG_ENABLE(sql, [ --enable-sql enable SQL auxprop [[no]] ], sql=$enableval, sql=no) AC_MSG_CHECKING(SQL) if test "$sql" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libsql.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sql.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS sql.o" AC_DEFINE(STATIC_SQL,[],[Link SQL plugin staticly]) fi else AC_MSG_RESULT(disabled) fi dnl MySQL AC_ARG_WITH(mysql, [ --with-mysql=PATH use MySQL from PATH ], with_mysql=$withval, with_mysql=$sql) # find location of library # presuming if one given then correct if test "${with_mysql}" = "yes"; then with_mysql=notfound for mysqlloc in lib/mysql lib mysql/lib do if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then with_mysql="${prefix}" break elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then with_mysql="/usr/local" break elif test -f /usr/${mysqlloc}/libmysqlclient.a; then with_mysql="/usr" break fi done fi LIB_MYSQL="" case "$with_mysql" in no) true;; notfound) AC_WARN([MySQL Library not found]); true;; *) if test -d ${with_mysql}/lib/mysql; then CMU_ADD_LIBPATH_TO(${with_mysql}/lib/mysql, LIB_MYSQL) elif test -d ${with_mysql}/mysql/lib; then CMU_ADD_LIBPATH_TO(${with_mysql}/mysql/lib, LIB_MYSQL) elif test -d ${with_mysql}/lib; then CMU_ADD_LIBPATH_TO(${with_mysql}/lib, LIB_MYSQL) else CMU_ADD_LIBPATH_TO(${with_mysql}, LIB_MYSQL) fi LIB_MYSQL_DIR=$LIB_MYSQL LIB_MYSQL="$LIB_MYSQL -lmysqlclient" if test -d ${with_mysql}/include/mysql; then CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include/mysql" elif test -d ${with_mysql}/mysql/include; then CPPFLAGS="${CPPFLAGS} -I${with_mysql}/mysql/include" elif test -d ${with_mysql}/include; then CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include" else CPPFLAGS="${CPPFLAGS} -I${with_mysql}" fi save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_MYSQL_DIR" AC_CHECK_LIB(mysqlclient, mysql_select_db, AC_DEFINE(HAVE_MYSQL, [], [Do we have mysql support?]), [AC_WARN([MySQL library mysqlclient does not work]) with_mysql=no]) LDFLAGS=$save_LDFLAGS;; esac AC_SUBST(LIB_MYSQL) dnl PgSQL AC_ARG_WITH(pgsql, [ --with-pgsql=PATH use PostgreSQL from PATH ], with_pgsql=$withval, with_pgsql=$sql) # find location of library # presuing if one given then correct if test "${with_pgsql}" = "yes"; then with_pgsql=notfound for pgsqlloc in lib/pgsql lib pgsql/lib do if test -f ${prefix}/${pgsqlloc}/libpq.a; then with_pgsql="${prefix}" break elif test -f /usr/local/${pgsqlloc}/libpq.a; then with_pgsql="/usr/local" break elif test -f /usr/${pgsqlloc}/libpq.a; then with_pgsql="/usr" break fi done fi LIB_PGSQL="" case "$with_pgsql" in no) true;; notfound) AC_WARN([PostgreSQL Library not found]); true;; *) if test -d ${with_pgsql}/lib/pgsql; then CMU_ADD_LIBPATH_TO(${with_pgsql}/lib/pgsql, LIB_PGSQL) elif test -d ${with_pgsql}/pgsql/lib; then CMU_ADD_LIBPATH_TO(${with_pgsql}/pgsql/lib, LIB_PGSQL) elif test -d ${with_pgsql}/lib; then CMU_ADD_LIBPATH_TO(${with_pgsql}/lib, LIB_PGSQL) else CMU_ADD_LIBPATH_TO(${with_pgsql}, LIB_PGSQL) fi LIB_PGSQL_DIR=$LIB_PGSQL LIB_PGSQL="$LIB_PGSQL -lpq" if test -d ${with_pgsql}/include/pgsql; then CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" elif test -d ${with_pgsql}/pgsql/include; then CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" elif test -d ${with_pgsql}/include; then CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include" else CPPFLAGS="${CPPFLAGS} -I${with_pgsql}" fi save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_PGSQL_DIR" AC_CHECK_LIB(pq, PQsetdbLogin, AC_DEFINE(HAVE_PGSQL,[], [Do we have Postgres support?]), [AC_WARN([PostgreSQL Library pq does not work]) with_pgsql=no]) LDFLAGS=$save_LDFLAGS;; esac AC_SUBST(LIB_PGSQL) dnl SQLite AC_ARG_WITH(sqlite, [ --with-sqlite=PATH use SQLite from PATH ], with_sqlite=$withval, with_sqlite=$sql) # find location of library # presuing if one given then correct if test "${with_sqlite}" = "yes"; then with_sqlite=notfound for sqliteloc in lib do if test -f ${prefix}/${sqliteloc}/libsqlite.a; then with_sqlite="${prefix}" break elif test -f /usr/local/${sqliteloc}/libsqlite.a; then with_sqlite="/usr/local" break elif test -f /usr/${sqliteloc}/libsqlite.a; then with_sqlite="/usr" break fi done fi LIB_SQLITE="" case "$with_sqlite" in no) true;; notfound) AC_WARN([SQLite Library not found]); true;; *) if test -d ${with_sqlite}/lib; then LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" else LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" fi LIB_SQLITE_DIR=$LIB_SQLITE LIB_SQLITE="$LIB_SQLITE -lsqlite" if test -d ${with_sqlite}/include; then CPPFLAGS="${CPPFLAGS} -I${with_sqlite}/include" else CPPFLAGS="${CPPFLAGS} -I${with_sqlite}" fi AC_CHECK_LIB(sqlite, sqlite_open, AC_DEFINE(HAVE_SQLITE,[], [Do we have SQLite support?]), [AC_WARN([SQLite Library sqlite does not work]) with_sqlite=no], $LIB_SQLITE_DIR);; esac AC_SUBST(LIB_SQLITE) dnl SQLite3 AC_ARG_WITH(sqlite3, [ --with-sqlite3=PATH use SQLite3 from PATH ], with_sqlite3=$withval, with_sqlite3=$sql) # find location of library # we assume that if one given then it is correct if test "${with_sqlite3}" = "yes"; then with_sqlite3=notfound for sqlite3loc in lib do if test -f ${prefix}/${sqlite3loc}/libsqlite3.a; then with_sqlite3="${prefix}" break elif test -f /usr/local/${sqlite3loc}/libsqlite3.a; then with_sqlite3="/usr/local" break elif test -f /usr/${sqlite3loc}/libsqlite3.a; then with_sqlite3="/usr" break fi done fi LIB_SQLITE3="" case "$with_sqlite3" in no) true;; notfound) AC_WARN([SQLite3 Library not found]); true;; *) if test -d ${with_sqlite3}/lib; then LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" else LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" fi LIB_SQLITE3_DIR=$LIB_SQLITE3 LIB_SQLITE3="$LIB_SQLITE3 -lsqlite3" if test -d ${with_sqlite3}/include; then CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}/include" else CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}" fi AC_CHECK_LIB(sqlite3, sqlite3_open, AC_DEFINE(HAVE_SQLITE3,[], [Do we have SQLite3 support?]), [AC_WARN([SQLite3 Library sqlite3 does not work]) with_sqlite3=no], $LIB_SQLITE3_DIR);; esac AC_SUBST(LIB_SQLITE3) if test "$sql" = yes -a "$with_pgsql" = no -a "$with_mysql" = no -a "$with_sqlite" = no -a "$with_sqlite3" = no; then AC_ERROR([--enable-sql chosen but neither Postgres nor MySQL nor SQLite nor SQLite3 found]) fi if test "$enable_shared" = yes; then AC_DEFINE(DO_DLOPEN,[],[Should we build a shared plugin (via dlopen) library?]) fi dnl LDAPDB AC_ARG_ENABLE(ldapdb, [ --enable-ldapdb enable LDAPDB plugin [no] ], ldapdb=$enableval, ldapdb=no) AC_MSG_CHECKING(LDAPDB) if test "$ldapdb" != no; then AC_MSG_RESULT(enabled) if test "$with_ldap" = no; then AC_MSG_ERROR([Cannot enable LDAPDB plugin: You need to specify --with-ldap]) fi save_CPPFLAGS=$CPPFLAGS save_LDFLAGS=$LDFLAGS if test -d $with_ldap; then CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" CMU_ADD_LIBPATH(${with_ldap}/lib) fi AC_CHECK_HEADERS(ldap.h lber.h) if test $ac_cv_header_ldap_h = yes -a $ac_cv_header_lber_h = yes; then CMU_OPENLDAP_API if test "$cmu_cv_openldap_api" = yes; then AC_CHECK_LIB(ldap, ldap_initialize, [ cmu_link_openldap="-lldap -llber" ], [ cmu_link_openldap=no ],-llber) fi fi if test "$cmu_cv_openldap_api" = no -o "$cmu_link_openldap" = no; then AC_MSG_ERROR([Cannot enable LDAPDB plugin: Could not locate OpenLDAP]) else CMU_OPENLDAP_COMPAT if test "$cmu_cv_openldap_compat" = no; then AC_MSG_ERROR([Cannot enable LDAPDB plugin: OpenLDAP library located but incompatible]) else LIB_LDAP=$cmu_link_openldap AC_SUBST(LIB_LDAP) SASL_MECHS="$SASL_MECHS libldapdb.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ldapdb.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS ldapdb.o" AC_DEFINE(STATIC_LDAPDB,[],[Link ldapdb plugin Staticly]) fi fi fi if test "$cmu_cv_openldap_compat" != yes; then CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS fi else AC_MSG_RESULT(disabled) fi AC_SUBST(SASL_MECHS) AC_SUBST(SASL_STATIC_SRCS) AC_SUBST(SASL_STATIC_OBJS) AC_SUBST(SASL_STATIC_LIBS) AC_ARG_WITH(plugindir, [ --with-plugindir=DIR set the directory where plugins will be found [[/usr/lib/sasl2]] ], plugindir=$withval, plugindir=/usr/lib/sasl2) AC_DEFINE_UNQUOTED(PLUGINDIR, "$plugindir", [Runtime plugin location]) AC_SUBST(plugindir) AC_ARG_WITH(configdir, [ --with-configdir=DIR set the directory where config files will be found [/usr/lib/sasl2] ], configdir=$withval, configdir=$plugindir:/etc/sasl2) AC_DEFINE_UNQUOTED(CONFIGDIR, "$configdir", [Runtime config file location]) AC_SUBST(configdir) dnl look for rc4 libraries. we accept the CMU one or one from openSSL AC_ARG_WITH(rc4, [ --with-rc4 use internal rc4 routines [[yes]] ], with_rc4=$withval, with_rc4=yes) if test "$with_rc4" != no; then AC_DEFINE(WITH_RC4,[],[Use internal RC4 implementation?]) fi building_for_macosx=no case "$host_os" in darwin*) AC_ARG_ENABLE(macos-framework, [ --disable-macos-framework disable building and installing replacement SASL2 Framework for MacOS X-provided SASL Framework [[no]]],building_for_macosx=no,building_for_macosx=yes) ;; esac AM_CONDITIONAL(MACOSX, test "$building_for_macosx" = yes) dnl dmalloc tests AC_MSG_CHECKING(for dmalloc library) AC_ARG_WITH(dmalloc, [ --with-dmalloc=DIR with DMALLOC support (for test applications) [[no]] ], with_dmalloc=$withval, with_dmalloc=no) DMALLOC_LIBS="" if test "$with_dmalloc" != "no"; then if test "$with_dmalloc" = "yes"; then with_dmalloc="/usr/local" fi if test -r "$with_dmalloc/libdmalloc.a"; then DMALLOC_LIBS="$with_dmalloc/libdmalloc.a" AC_DEFINE(WITH_DMALLOC,[],[Linking against dmalloc?]) AC_MSG_RESULT(yes) elif test -r "$with_dmalloc/lib/libdmalloc.a"; then DMALLOC_LIBS="$with_dmalloc/lib/libdmalloc.a" AC_DEFINE(WITH_DMALLOC,[],[Linking against dmalloc?]) AC_MSG_RESULT(yes) else AC_MSG_ERROR(cannot find dmalloc library, please check your installation.) fi else AC_MSG_RESULT(no) fi AC_SUBST(DMALLOC_LIBS) dnl sfio tests AC_MSG_CHECKING(for sfio library) AC_ARG_WITH(sfio, [ --with-sfio=DIR with SFIO support (for smtptest/libsfsasl) [[no]] ], with_sfio=$withval, with_sfio=no) if test "$with_sfio" != "no"; then if test "$with_sfio" = "yes"; then with_sfio="/usr/local" fi AC_DEFUN([SFIO_INC_CHK], [if test -r "$with_sfio$1/sfio.h"; then SFIO_DIR=$with_sfio; SFIO_INC_DIR=$with_sfio$1]) AC_DEFUN([SFIO_LIB_CHK],[ str="$SFIO_DIR/$1/libsfio.*" for i in `echo $str`; do if test -r $i; then SFIO_LIBDIR=$SFIO_DIR/$1 break 2 fi done ]) SFIO_INC_CHK() el[]SFIO_INC_CHK(/include) el[]SFIO_INC_CHK(/include/sfio) fi if test -z "$SFIO_DIR"; then AC_MSG_ERROR(Cannot find sfio.h, Please check your SFIO installation.) fi SFIO_LIB_CHK(lib) SFIO_LIB_CHK(lib/sfio) if test -z "$SFIO_LIBDIR"; then AC_MSG_ERROR(Cannot find sfio library, Please check your SFIO installation.) fi SFIO_INC_FLAGS="-I$SFIO_INC_DIR" SFIO_LIB_FLAGS="-L$SFIO_LIBDIR -lsfio" SMTPTEST_PROGRAM="smtptest" SASL_UTIL_LIBS_EXTRA=libsfsasl2.la SASL_UTIL_HEADERS_EXTRA=sfsasl.h AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) SFIO_INC_FLAGS="" SFIO_LIB_FLAGS="" SMTPTEST_PROGRAM="" SASL_UTIL_LIBS_EXTRA="" SASL_UTIL_HEADERS_EXTRA="" fi AC_SUBST(SFIO_INC_FLAGS) AC_SUBST(SFIO_LIB_FLAGS) AC_SUBST(SMTPTEST_PROGRAM) AC_SUBST(SASL_UTIL_LIBS_EXTRA) AC_SUBST(SASL_UTIL_HEADERS_EXTRA) dnl check for getsubopt sasl_cv_getsubopt=no AC_CHECK_FUNC(getsubopt, [AC_DEFINE(HAVE_GETSUBOPT,[], [do we have getsubopt()?])], [sasl_cv_getsubopt=yes]) if test $sasl_cv_getsubopt = yes; then AC_LIBOBJ(getsubopt) GETSUBOPT="getsubopt.lo" fi AC_SUBST(GETSUBOPT) dnl Check for snprintf sasl_cv_snprintf=no SNPRINTFOBJS="" AC_CHECK_FUNC(snprintf, [AC_DEFINE(HAVE_SNPRINTF,[],[Does the system have snprintf()?])], [sasl_cv_snprintf=yes]) AC_CHECK_FUNC(vsnprintf, [AC_DEFINE(HAVE_VSNPRINTF,[],[Does the system have vsnprintf()?])], [sasl_cv_snprintf=yes]) if test $sasl_cv_snprintf = yes; then AC_LIBOBJ(snprintf) SNPRINTFOBJS="snprintf.o" LTSNPRINTFOBJS="snprintf.lo" fi AC_SUBST(SNPRINTFOBJS) AC_SUBST(LTSNPRINTFOBJS) dnl do we need to link in -lresolv? AC_CHECK_LIB(resolv, inet_aton) dnl Check for getaddrinfo GETADDRINFOOBJS="" sasl_cv_getaddrinfo=yes IPv6_CHECK_FUNC(getaddrinfo, [IPv6_CHECK_FUNC(gai_strerror, [AC_DEFINE(HAVE_GETADDRINFO,[],[Do we have a getaddrinfo() function?]) sasl_cv_getaddrinfo=no])]) if test $sasl_cv_getaddrinfo = yes; then AC_LIBOBJ(getaddrinfo) GETADDRINFOOBJS="getaddrinfo.o" LTGETADDRINFOOBJS="getaddrinfo.lo" fi AC_SUBST(GETADDRINFOOBJS) AC_SUBST(LTGETADDRINFOOBJS) dnl Check for getnameinfo GETNAMEINFOOBJS="" sasl_cv_getnameinfo=no IPv6_CHECK_FUNC(getnameinfo, [AC_DEFINE(HAVE_GETNAMEINFO,[],[Do we have a getnameinfo() function?])], [sasl_cv_getnameinfo=yes]) if test $sasl_cv_getnameinfo = yes; then AC_LIBOBJ(getnameinfo) GETNAMEINFOOBJS="getnameinfo.o" LTGETNAMEINFOOBJS="getnameinfo.lo" fi AC_SUBST(GETNAMEINFOOBJS) AC_SUBST(LTGETNAMEINFOOBJS) LTLIBOBJS=`echo "$LIB@&t@OBJS" | sed 's,\.[[^.]]* ,.lo ,g;s,\.[[^.]]*$,.lo,'` AC_SUBST(LTLIBOBJS) AC_C_CONST AC_C_INLINE AC_TYPE_MODE_T AC_TYPE_PID_T AC_TYPE_SIGNAL AC_HEADER_TIME AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h) IPv6_CHECK_SS_FAMILY() IPv6_CHECK_SA_LEN() IPv6_CHECK_SOCKLEN_T() #AC_FUNC_MEMCMP #AC_FUNC_VPRINTF AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase) if test $enable_cmulocal = yes; then AC_WARN([enabling CMU local kludges]) AC_DEFINE(KRB4_IGNORE_IP_ADDRESS,[],[Ignore IP Address in Kerberos 4 tickets?]) AC_DEFINE_UNQUOTED(PREFER_MECH, "KERBEROS_V4", [Force a preferred mechanism]) fi AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, [ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE,[],[Do we have struct sockaddr_stroage?])]) AC_SUBST(DIRS) AC_CONFIG_SUBDIRS(saslauthd) AH_TOP([ /* acconfig.h - autoheader configuration input */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef CONFIG_H #define CONFIG_H ]) AH_BOTTOM([ /* Create a struct iovec if we need one */ #if !defined(_WIN32) && !defined(HAVE_SYS_UIO_H) /* (win32 is handled in sasl.h) */ struct iovec { char *iov_base; long iov_len; }; #else #include #include #endif /* location of the random number generator */ #ifdef DEV_RANDOM #undef DEV_RANDOM #endif #define DEV_RANDOM SASL_DEV_RANDOM /* if we've got krb_get_err_txt, we might as well use it; especially since krb_err_txt isn't in some newer distributions (MIT Kerb for Mac 4 being a notable example). If we don't have it, we fall back to the krb_err_txt array */ #ifdef HAVE_KRB_GET_ERR_TEXT #define get_krb_err_txt krb_get_err_text #else #define get_krb_err_txt(X) (krb_err_txt[(X)]) #endif /* Make Solaris happy... */ #ifndef __EXTENSIONS__ #define __EXTENSIONS__ #endif /* Make Linux happy... */ #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #ifndef HAVE___ATTRIBUTE__ /* Can't use attributes... */ #define __attribute__(foo) #endif #define SASL_PATH_ENV_VAR "SASL_PATH" #define SASL_CONF_PATH_ENV_VAR "SASL_CONF_PATH" #include #include #include #ifndef WIN32 # include # ifdef HAVE_SYS_PARAM_H # include # endif #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif /* HAVE_SOCKLEN_T */ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE #define _SS_MAXSIZE 128 /* Implementation specific max size */ #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { struct sockaddr ss_sa; char __ss_pad2[_SS_PADSIZE]; }; # define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #ifndef AF_INET6 /* Define it to something that should never appear */ #define AF_INET6 AF_MAX #endif #ifndef HAVE_GETADDRINFO #define getaddrinfo sasl_getaddrinfo #define freeaddrinfo sasl_freeaddrinfo #define gai_strerror sasl_gai_strerror #endif #ifndef HAVE_GETNAMEINFO #define getnameinfo sasl_getnameinfo #endif #if !defined(HAVE_GETNAMEINFO) || !defined(HAVE_GETADDRINFO) #include "gai.h" #endif #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ #define AI_NUMERICHOST 4 #define NI_NUMERICHOST 2 #define NI_NAMEREQD 4 #define NI_NUMERICSERV 8 #endif /* Defined in RFC 1035. max strlen is only 253 due to length bytes. */ #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 255 #endif #ifndef HAVE_SYSEXITS_H #include "exits.h" #else #include "sysexits.h" #endif /* Get the correct time.h */ #if TIME_WITH_SYS_TIME # include # include #else # if HAVE_SYS_TIME_H # include # else # include # endif #endif #ifndef HIER_DELIMITER #define HIER_DELIMITER '/' #endif #endif /* CONFIG_H */ ]) AC_CONFIG_HEADERS(config.h) AC_OUTPUT(Makefile include/Makefile sasldb/Makefile plugins/Makefile lib/Makefile utils/Makefile doc/Makefile sample/Makefile java/Makefile java/CyrusSasl/Makefile java/Test/Makefile java/javax/Makefile java/javax/security/Makefile java/javax/security/auth/Makefile java/javax/security/auth/callback/Makefile pwcheck/Makefile man/Makefile) echo Configuration Complete. Type \'make\' to build. cyrus-sasl-2.1.25/cmulocal/0000777000076400007640000000000011632367343012532 500000000000000cyrus-sasl-2.1.25/cmulocal/heimdal.m40000666000076400007640000001372410233511377014320 00000000000000dnl kerberos_v5.m4--Kerberos 5 libraries and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: heimdal.m4,v 1.9 2005/04/26 19:14:07 shadow Exp $ AC_DEFUN([CMU_LIBHEIMDAL_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [krb5_keyblock foo;], ac_cv_found_libheimdal_inc=yes, ac_cv_found_libheimdal_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_LIBHEIMDAL_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for heimdal headers in $i) CMU_LIBHEIMDAL_INC_WHERE1($i) CMU_TEST_INCPATH($i, krb5) if test "$ac_cv_found_libheimdal_inc" = "yes"; then ac_cv_libheimdal_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) # # Test for kerberos lib files # AC_DEFUN([CMU_LIBHEIMDAL_LIB_WHERE1], [ AC_REQUIRE([CMU_SOCKETS]) saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lkadm5clnt -lkrb5 -lasn1 -lkadm5clnt -lroken $LIB_SOCKET" AC_TRY_LINK(, [krb5_get_in_tkt();], [ac_cv_found_libheimdal_lib=yes], ac_cv_found_libheimdal_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_LIBHEIMDAL_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for heimdal libraries in $i) CMU_LIBHEIMDAL_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, krb5) if test "$ac_cv_found_libheimdal_lib" = "yes" ; then ac_cv_libheimdal_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBHEIMDAL_LIBDES], [ AC_REQUIRE([CMU_LIBSSL]) cmu_save_LIBS=$LIBS AC_MSG_CHECKING([if libdes is needed]) AC_TRY_LINK([],[des_quad_cksum();],HEIM_DES_LIB="",HEIM_DES_LIB="maybe") if test "X$HEIM_DES_LIB" != "X"; then LIBS="$cmu_save_LIBS -L$1 -ldes" AC_TRY_LINK([], [des_quad_cksum();],HEIM_DES_LIB="yes") if test "X$HEIM_DES_LIB" = "Xyes"; then AC_MSG_RESULT([yes]) HEIM_LIBDES="-ldes" HEIM_LIBDESA="$1/libdes.a" else LIBS="$cmu_save_LIBS $LIBSSL_LIB_FLAGS" AC_TRY_LINK([], [des_quad_cksum();],HEIM_DES_LIB="libcrypto") if test "X$HEIM_DES_LIB" = "Xlibcrypto"; then AC_MSG_RESULT([libcrypto]) HEIM_LIBDES="$LIBSSL_LIB_FLAGS" HEIM_LIBDESA="$LIBSSL_LIB_FLAGS" else LIBS="$cmu_save_LIBS -L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" AC_TRY_LINK([], [des_quad_cksum();],HEIM_DES_LIB="libcrypto+descompat") if test "X$HEIM_DES_LIB" = "Xlibcrypto+descompat"; then AC_MSG_RESULT([libcrypto+descompat]) HEIM_LIBDES="-L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" HEIM_LIBDESA="-L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" else AC_MSG_RESULT([unknown]) AC_MSG_ERROR([Could not use -ldes]) fi fi fi else AC_MSG_RESULT([no]) fi ]) AC_DEFUN([CMU_LIBHEIMDAL], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_USE_COMERR]) AC_ARG_WITH(LIBHEIMDAL, [ --with-libheimdal=PREFIX Compile with Heimdal support], [if test "X$with_libheimdal" = "X"; then with_libheimdal=yes fi]) AC_ARG_WITH(libheimdal-lib, [ --with-libheimdal-lib=dir use heimdal libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libheimdal-lib]) fi]) AC_ARG_WITH(libheimdal-include, [ --with-libheimdal-include=dir use heimdal headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libheimdal-include]) fi]) if test "X$with_libheimdal" != "X"; then if test "$with_libheimdal" != "yes" -a "$with_libheimdal" != "no"; then ac_cv_libheimdal_where_lib=$with_libheimdal/$CMU_LIB_SUBDIR ac_cv_libheimdal_where_inc=$with_libheimdal/include fi fi if test "$with_libheimdal" != "no"; then if test "X$with_libheimdal_lib" != "X"; then ac_cv_libheimdal_where_lib=$with_libheimdal_lib fi if test "X$ac_cv_libheimdal_where_lib" = "X"; then CMU_LIBHEIMDAL_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/heimdal/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi if test "X$with_libheimdal_include" != "X"; then ac_cv_libheimdal_where_inc=$with_libheimdal_include fi if test "X$ac_cv_libheimdal_where_inc" = "X"; then CMU_LIBHEIMDAL_INC_WHERE(/usr/athena/include /usr/heimdal/include /usr/local/include) fi fi AC_MSG_CHECKING(whether to include heimdal) if test "X$ac_cv_libheimdal_where_lib" = "X" -a "X$ac_cv_libheimdal_where_inc" = "X"; then ac_cv_found_libheimdal=no AC_MSG_RESULT(no) else ac_cv_found_libheimdal=yes AC_MSG_RESULT(yes) LIBHEIMDAL_INC_DIR=$ac_cv_libheimdal_where_inc LIBHEIMDAL_LIB_DIR=$ac_cv_libheimdal_where_lib CMU_LIBHEIMDAL_LIBDES($LIBHEIMDAL_LIB_DIR) LIBHEIMDAL_INC_FLAGS="-I${LIBHEIMDAL_INC_DIR}" LIBHEIMDAL_LIB_FLAGS="-L${LIBHEIMDAL_LIB_DIR} -lkadm5clnt -lkrb5 -lasn1 ${HEIM_LIBDES} -lroken $LIB_SOCKET" AC_SUBST(LIBHEIMDAL_INC_FLAGS) AC_SUBST(LIBHEIMDAL_LIB_FLAGS) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBHEIMDAL_LIB_DIR}" else RPATH="${RPATH}:${LIBHEIMDAL_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${LIBHEIMDAL_LIB_DIR}" else RPATH="${RPATH}:${LIBHEIMDAL_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBHEIMDAL_LIB_DIR}" else RPATH="${RPATH}:${LIBHEIMDAL_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${LIBHEIMDAL_LIB_DIR}" else RPATH="${RPATH}:${LIBHEIMDAL_LIB_DIR}" fi else RPATH="${RPATH} -R${LIBHEIMDAL_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/nana.m40000666000076400007640000000126007741072415013627 00000000000000dnl nana.m4--nana macro dnl Rob Earhart dnl $Id: nana.m4,v 1.5 2003/10/08 20:35:25 rjs3 Exp $ AC_DEFUN([CMU_NANA], [ AC_REQUIRE([AC_PROG_CC]) AC_ARG_WITH(nana, [[ --with-nana use NANA [yes] ]],,with_nana=yes) if test "$GCC" != yes; then with_nana=no elif test "$with_nana" = yes; then AC_CHECK_PROGS(NANA, nana, :) if test "$NANA" = ":"; then with_nana=no else AC_CHECK_HEADER(nana.h, AC_CHECK_LIB(nana, nana_error,,with_nana=no), with_nana=no) fi else with_nana=no fi AC_MSG_CHECKING([whether to use NANA]) AC_MSG_RESULT($with_nana) if test "$with_nana" != yes; then AC_DEFINE(WITHOUT_NANA) fi ]) cyrus-sasl-2.1.25/cmulocal/util.m40000666000076400007640000000426007741072416013673 00000000000000dnl util.m4--robutil macro dnl Rob Earhart dnl $Id: util.m4,v 1.10 2003/10/08 20:35:26 rjs3 Exp $ dnl robutil is a collection of stuff I (Rob Earhart) have found useful dnl to have around when writing code; it's the stuff I wind up rewriting dnl every time I start a project. This does the autoconf setup dnl necessary for it. dnl This is a helper macro, here because there're times when I dnl want to know if a type exists or not, but don't want to define dnl it to something else (the way AC_CHECK_TYPE does). AC_DEFUN([CMU_CHECK_TYPE_EXISTS], [ changequote(<<, >>) define(<>, translit(CMU_HAVE_$1, [a-z *], [A-Z_P])) define(<>, translit(cmu_cv_type_$1, [ *], [_p])) changequote([, ]) AC_REQUIRE([AC_HEADER_STDC]) AC_MSG_CHECKING(for $1) AC_CACHE_VAL(CMU_CV_NAME, [ AC_EGREP_CPP([$1[[^a-zA-Z_0-9]]], [ #include #if STDC_HEADERS #include #include #endif ], CMU_CV_NAME=yes, CMU_CV_NAME=no)]) AC_MSG_RESULT($CMU_CV_NAME) if test $CMU_CV_NAME = yes; then AC_DEFINE(CMU_TYPE_NAME) fi ]) AC_DEFUN([CMU_UTIL], [ AC_REQUIRE([AC_PROG_CC]) AC_REQUIRE([AM_PROG_CC_STDC]) AC_REQUIRE([AC_PROG_RANLIB]) AC_REQUIRE([CMU_NANA]) AC_REQUIRE([CMU_COMERR]) AC_REQUIRE([AC_HEADER_STDC]) AC_REQUIRE([AC_TYPE_MODE_T]) AC_REQUIRE([AC_C_CONST]) AC_CHECK_HEADERS(sys/sysmacros.h) AC_CHECK_HEADER(inttypes.h, AC_DEFINE(HAVE_INTTYPES_H), CMU_CHECK_TYPE_EXISTS(int8_t) CMU_CHECK_TYPE_EXISTS(uint8_t) CMU_CHECK_TYPE_EXISTS(u_int8_t) CMU_CHECK_TYPE_EXISTS(int16_t) CMU_CHECK_TYPE_EXISTS(uint16_t) CMU_CHECK_TYPE_EXISTS(u_int16_t) CMU_CHECK_TYPE_EXISTS(int32_t) CMU_CHECK_TYPE_EXISTS(uint32_t) CMU_CHECK_TYPE_EXISTS(u_int32_t) ) dnl I'm not sure why autoconf gets so annoyed when these dnl are embedded as part of the inttypes check, but, whatever, dnl this works. if test "$ac_cv_header_inttypes_h" = no; then AC_CHECK_SIZEOF(short) AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) fi AC_CHECK_TYPE(ssize_t, signed) THREADED_UTIL_OBJECTS="" AC_SUBST(THREADED_UTIL_OBJECTS) ]) AC_DEFUN([CMU_THREAD_UTIL], [ AC_REQUIRE([CMU_UTIL]) THREADED_UTIL_OBJECTS="refcache.o rselock.o" ]) cyrus-sasl-2.1.25/cmulocal/ipv6.m40000666000076400007640000000617007765657403013617 00000000000000dnl See whether we can use IPv6 related functions dnl contributed by Hajimu UMEMOTO AC_DEFUN([IPv6_CHECK_FUNC], [ AC_CHECK_FUNC($1, [dnl ac_cv_lib_socket_$1=no ac_cv_lib_inet6_$1=no ], [dnl AC_CHECK_LIB(socket, $1, [dnl LIBS="$LIBS -lsocket" ac_cv_lib_inet6_$1=no ], [dnl AC_MSG_CHECKING([whether your system has IPv6 directory]) AC_CACHE_VAL(ipv6_cv_dir, [dnl for ipv6_cv_dir in /usr/local/v6 /usr/inet6 no; do if test $ipv6_cv_dir = no -o -d $ipv6_cv_dir; then break fi done])dnl AC_MSG_RESULT($ipv6_cv_dir) if test $ipv6_cv_dir = no; then ac_cv_lib_inet6_$1=no else if test x$ipv6_libinet6 = x; then ipv6_libinet6=no SAVELDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -L$ipv6_cv_dir/lib" fi AC_CHECK_LIB(inet6, $1, [dnl if test $ipv6_libinet6 = no; then ipv6_libinet6=yes LIBS="$LIBS -linet6" fi],)dnl if test $ipv6_libinet6 = no; then LDFLAGS="$SAVELDFLAGS" fi fi])dnl ])dnl ipv6_cv_$1=no if test $ac_cv_func_$1 = yes -o $ac_cv_lib_socket_$1 = yes \ -o $ac_cv_lib_inet6_$1 = yes then ipv6_cv_$1=yes fi if test $ipv6_cv_$1 = no; then if test $1 = getaddrinfo; then for ipv6_cv_pfx in o n; do AC_EGREP_HEADER(${ipv6_cv_pfx}$1, netdb.h, [AC_CHECK_FUNC(${ipv6_cv_pfx}$1)]) if eval test X\$ac_cv_func_${ipv6_cv_pfx}$1 = Xyes; then AC_DEFINE(HAVE_GETADDRINFO,[],[Do we have a getaddrinfo?]) ipv6_cv_$1=yes break fi done fi fi if test $ipv6_cv_$1 = yes; then ifelse([$2], , :, [$2]) else ifelse([$3], , :, [$3]) fi]) dnl See whether we have ss_family in sockaddr_storage AC_DEFUN([IPv6_CHECK_SS_FAMILY], [ AC_MSG_CHECKING([whether you have ss_family in struct sockaddr_storage]) AC_CACHE_VAL(ipv6_cv_ss_family, [dnl AC_TRY_COMPILE([#include #include ], [struct sockaddr_storage ss; int i = ss.ss_family;], [ipv6_cv_ss_family=yes], [ipv6_cv_ss_family=no])])dnl if test $ipv6_cv_ss_family = yes; then ifelse([$1], , AC_DEFINE(HAVE_SS_FAMILY,[],[Is there an ss_family in sockaddr_storage?]), [$1]) else ifelse([$2], , :, [$2]) fi AC_MSG_RESULT($ipv6_cv_ss_family)]) dnl whether you have sa_len in struct sockaddr AC_DEFUN([IPv6_CHECK_SA_LEN], [ AC_MSG_CHECKING([whether you have sa_len in struct sockaddr]) AC_CACHE_VAL(ipv6_cv_sa_len, [dnl AC_TRY_COMPILE([#include #include ], [struct sockaddr sa; int i = sa.sa_len;], [ipv6_cv_sa_len=yes], [ipv6_cv_sa_len=no])])dnl if test $ipv6_cv_sa_len = yes; then ifelse([$1], , AC_DEFINE(HAVE_SOCKADDR_SA_LEN,[],[Does sockaddr have an sa_len?]), [$1]) else ifelse([$2], , :, [$2]) fi AC_MSG_RESULT($ipv6_cv_sa_len)]) dnl See whether sys/socket.h has socklen_t AC_DEFUN([IPv6_CHECK_SOCKLEN_T], [ AC_MSG_CHECKING(for socklen_t) AC_CACHE_VAL(ipv6_cv_socklen_t, [dnl AC_TRY_LINK([#include #include ], [socklen_t len = 0;], [ipv6_cv_socklen_t=yes], [ipv6_cv_socklen_t=no])])dnl if test $ipv6_cv_socklen_t = yes; then ifelse([$1], , AC_DEFINE(HAVE_SOCKLEN_T,[],[Do we have a socklen_t?]), [$1]) else ifelse([$2], , :, [$2]) fi AC_MSG_RESULT($ipv6_cv_socklen_t)]) cyrus-sasl-2.1.25/cmulocal/sasl2.m4.orig0000666000076400007640000003767711204772451014716 00000000000000# sasl2.m4--sasl2 libraries and includes # Rob Siemborski # $Id: sasl2.m4,v 1.53 2008/03/03 22:06:34 wescraig Exp $ # SASL2_CRYPT_CHK # --------------- AC_DEFUN([SASL_GSSAPI_CHK], [AC_REQUIRE([SASL2_CRYPT_CHK]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_ENABLE([gssapi], [AC_HELP_STRING([--enable-gssapi=], [enable GSSAPI authentication [yes]])], [gssapi=$enableval], [gssapi=yes]) AC_ARG_WITH([gss_impl], [AC_HELP_STRING([--with-gss_impl={heimdal|mit|cybersafe|seam|auto}], [choose specific GSSAPI implementation [[auto]]])], [gss_impl=$withval], [gss_impl=auto]) if test "$gssapi" != no; then platform= case "${host}" in *-*-linux*) platform=__linux ;; *-*-hpux*) platform=__hpux ;; *-*-irix*) platform=__irix ;; *-*-solaris2*) # When should we use __sunos? platform=__solaris ;; *-*-aix*) ###_AIX platform=__aix ;; *) AC_WARN([The system type is not recognized. If you believe that CyberSafe GSSAPI works on this platform, please update the configure script]) if test "$gss_impl" = "cybersafe"; then AC_ERROR([CyberSafe was forced, cannot continue as platform is not supported]) fi ;; esac cmu_saved_CPPFLAGS=$CPPFLAGS if test -d ${gssapi}; then CPPFLAGS="$CPPFLAGS -I$gssapi/include" # We want to keep -I in our CPPFLAGS, but only if we succeed cmu_saved_CPPFLAGS=$CPPFLAGS ### I am not sure how useful is this (and whether this is required at all ### especially when we have to provide two -L flags for new CyberSafe LDFLAGS="$LDFLAGS -L$gssapi/lib" if test -n "$platform"; then if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi fi fi fi AC_CHECK_HEADER([gssapi.h],, [AC_CHECK_HEADER([gssapi/gssapi.h],, [AC_WARN([Disabling GSSAPI - no include files found]); gssapi=no])]) CPPFLAGS=$cmu_saved_CPPFLAGS fi if test "$gssapi" != no; then if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then AC_DEFINE(HAVE_GSSAPI_H,,[Define if you have the gssapi.h header file]) fi # We need to find out which gssapi implementation we are # using. Supported alternatives are: MIT Kerberos 5, # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), # CyberSafe Kerberos 5 (http://www.cybersafe.com/) # and Sun SEAM (http://wwws.sun.com/software/security/kerberos/) # # The choice is reflected in GSSAPIBASE_LIBS AC_CHECK_LIB(resolv,res_search) if test -d ${gssapi}; then gssapi_dir="${gssapi}/lib" GSSAPIBASE_LIBS="-L$gssapi_dir" GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" else # FIXME: This is only used for building cyrus, and then only as # a real hack. it needs to be fixed. gssapi_dir="/usr/local/lib" fi # Check a full link against the Heimdal libraries. # If this fails, check a full link against the MIT libraries. # If this fails, check a full link against the CyberSafe libraries. # If this fails, check a full link against the Solaris 8 and up libgss. if test "$gss_impl" = "auto" -o "$gss_impl" = "heimdal"; then gss_failed=0 AC_CHECK_LIB(gssapi,gss_unwrap,gss_impl="heimdal",gss_failed=1, ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET}) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then # check for libkrb5support first AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) gss_failed=0 AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi # For Cybersafe one has to set a platform define in order to make compilation work if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_GSSAPIBASE_LIBS=$GSSAPIBASE_LIBS # FIXME - Note that the libraries are in .../lib64 for 64bit kernels if test -d "${gssapi}/appsec-rt/lib"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -L${gssapi}/appsec-rt/lib" fi CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi gss_failed=0 # Check for CyberSafe with two libraries first, than fall back to a single # library (older CyberSafe) unset ac_cv_lib_gss_csf_gss_acq_user AC_CHECK_LIB(gss,csf_gss_acq_user,gss_impl="cybersafe03", [unset ac_cv_lib_gss_csf_gss_acq_user; AC_CHECK_LIB(gss,csf_gss_acq_user,gss_impl="cybersafe", gss_failed=1,$GSSAPIBASE_LIBS -lgss)], [${GSSAPIBASE_LIBS} -lgss -lcstbk5]) if test "$gss_failed" = "1"; then # Restore variables GSSAPIBASE_LIBS=$cmu_saved_GSSAPIBASE_LIBS CPPFLAGS=$cmu_saved_CPPFLAGS if test "$gss_impl" != "auto"; then gss_impl="failed" fi fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "seam"; then gss_failed=0 AC_CHECK_LIB(gss,gss_unwrap,gss_impl="seam",gss_failed=1,-lgss) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "mit"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP}" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}" elif test "$gss_impl" = "heimdal"; then CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" elif test "$gss_impl" = "cybersafe03"; then # Version of CyberSafe with two libraries CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss -lcstbk5" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "seam"; then GSSAPIBASE_LIBS=-lgss # there is no static libgss on Solaris 8 and up GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "failed"; then gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= AC_WARN([Disabling GSSAPI - specified library not found]) else gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= AC_WARN([Disabling GSSAPI - no library]) fi fi # # Cybersafe defines both GSS_C_NT_HOSTBASED_SERVICE and GSS_C_NT_USER_NAME # in gssapi\rfckrb5.h # if test "$gssapi" != "no"; then if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then AC_EGREP_CPP(hostbased_service_gss_nt_yes, [#include #ifdef GSS_C_NT_HOSTBASED_SERVICE hostbased_service_gss_nt_yes #endif], [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])], [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) elif test "$ac_cv_header_gssapi_gssapi_h"; then AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi/gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) fi if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then AC_EGREP_CPP(user_name_yes_gss_nt, [#include #ifdef GSS_C_NT_USER_NAME user_name_yes_gss_nt #endif], [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implimentation defines GSS_C_NT_USER_NAME])], [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER(GSS_C_NT_USER_NAME, gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implimentation defines GSS_C_NT_USER_NAME])]) elif test "$ac_cv_header_gssapi_gssapi_h"; then AC_EGREP_HEADER(GSS_C_NT_USER_NAME, gssapi/gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implimentation defines GSS_C_NT_USER_NAME])]) fi fi GSSAPI_LIBS="" AC_MSG_CHECKING([GSSAPI]) if test "$gssapi" != no; then AC_MSG_RESULT([with implementation ${gss_impl}]) AC_CHECK_LIB(resolv,res_search,GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv") SASL_MECHS="$SASL_MECHS libgssapiv2.la" SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS ../plugins/gssapi.c" cmu_save_LIBS="$LIBS" LIBS="$LIBS $GSSAPIBASE_LIBS" AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) LIBS="$cmu_save_LIBS" else AC_MSG_RESULT([disabled]) fi AC_SUBST(GSSAPI_LIBS) AC_SUBST(GSSAPIBASE_LIBS) ])# SASL_GSSAPI_CHK # SASL_SET_GSSAPI_LIBS # -------------------- AC_DEFUN([SASL_SET_GSSAPI_LIBS], [SASL_GSSAPI_LIBS_SET="yes" ]) # CMU_SASL2 # --------- # What we want to do here is setup LIB_SASL with what one would # generally want to have (e.g. if static is requested, make it that, # otherwise make it dynamic. # # We also want to create LIB_DYN_SASL and DYNSASLFLAGS. # # Also sets using_static_sasl to "no" "static" or "staticonly" # AC_DEFUN([CMU_SASL2], [AC_REQUIRE([SASL_GSSAPI_CHK]) AC_ARG_WITH(sasl, [AC_HELP_STRING([--with-sasl=DIR],[Compile with libsasl2 in ])], with_sasl="$withval", with_sasl="yes") AC_ARG_WITH(staticsasl, [AC_HELP_STRING([--with-staticsasl=DIR], [Compile with staticly linked libsasl2 in ])], [with_staticsasl="$withval"; if test $with_staticsasl != "no"; then using_static_sasl="static" fi], [with_staticsasl="no"; using_static_sasl="no"]) SASLFLAGS="" LIB_SASL="" cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_LDFLAGS=$LDFLAGS cmu_saved_LIBS=$LIBS if test ${with_staticsasl} != "no"; then if test -d ${with_staticsasl}; then if test -d ${with_staticsasl}/lib64 ; then ac_cv_sasl_where_lib=${with_staticsasl}/lib64 else ac_cv_sasl_where_lib=${with_staticsasl}/lib fi ac_cv_sasl_where_lib=${with_staticsasl}/lib ac_cv_sasl_where_inc=${with_staticsasl}/include SASLFLAGS="-I$ac_cv_sasl_where_inc" LIB_SASL="-L$ac_cv_sasl_where_lib" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" else with_staticsasl="/usr" fi AC_CHECK_HEADER(sasl/sasl.h, [AC_CHECK_HEADER(sasl/saslutil.h, [for i42 in lib64 lib; do if test -r ${with_staticsasl}/$i42/libsasl2.a; then ac_cv_found_sasl=yes AC_MSG_CHECKING([for static libsasl]) LIB_SASL="$LIB_SASL ${with_staticsasl}/$i42/libsasl2.a" fi done if test ! "$ac_cv_found_sasl" = "yes"; then AC_MSG_CHECKING([for static libsasl]) AC_ERROR([Could not find ${with_staticsasl}/lib*/libsasl2.a]) fi])]) AC_MSG_RESULT([found]) if test "x$SASL_GSSAPI_LIBS_SET" = "x"; then LIB_SASL="$LIB_SASL $GSSAPIBASE_STATIC_LIBS" else SASL_GSSAPI_LIBS_SET="" cmu_saved_LIBS="$GSSAPIBASE_STATIC_LIBS $cmu_saved_LIBS" fi fi if test -d ${with_sasl}; then ac_cv_sasl_where_lib=${with_sasl}/lib ac_cv_sasl_where_inc=${with_sasl}/include DYNSASLFLAGS="-I$ac_cv_sasl_where_inc" if test "$ac_cv_sasl_where_lib" != ""; then CMU_ADD_LIBPATH_TO($ac_cv_sasl_where_lib, LIB_DYN_SASL) fi LIB_DYN_SASL="$LIB_DYN_SASL -lsasl2" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" fi # be sure to check for a SASLv2 specific function AC_CHECK_HEADER(sasl/sasl.h, [AC_CHECK_HEADER(sasl/saslutil.h, [AC_CHECK_LIB(sasl2, prop_get, ac_cv_found_sasl=yes, ac_cv_found_sasl=no)], ac_cv_found_sasl=no)], ac_cv_found_sasl=no) if test "$ac_cv_found_sasl" = "yes"; then if test "$ac_cv_sasl_where_lib" != ""; then CMU_ADD_LIBPATH_TO($ac_cv_sasl_where_lib, DYNLIB_SASL) fi DYNLIB_SASL="$DYNLIB_SASL -lsasl2" if test "$using_static_sasl" != "static"; then LIB_SASL=$DYNLIB_SASL SASLFLAGS=$DYNSASLFLAGS fi else DYNLIB_SASL="" DYNSASLFLAGS="" using_static_sasl="staticonly" fi if test "x$SASL_GSSAPI_LIBS_SET" != "x"; then SASL_GSSAPI_LIBS_SET="" cmu_saved_LIBS="$GSSAPIBASE_LIBS $cmu_saved_LIBS" fi LIBS="$cmu_saved_LIBS" LDFLAGS="$cmu_saved_LDFLAGS" CPPFLAGS="$cmu_saved_CPPFLAGS" AC_SUBST(LIB_DYN_SASL) AC_SUBST(DYNSASLFLAGS) AC_SUBST(LIB_SASL) AC_SUBST(SASLFLAGS) ])# CMU_SASL2 # CMU_SASL2_REQUIRED # ------------------ AC_DEFUN([CMU_SASL2_REQUIRED], [AC_REQUIRE([CMU_SASL2]) if test "$ac_cv_found_sasl" != "yes"; then AC_ERROR([Cannot continue without libsasl2. Get it from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.]) fi]) # CMU_SASL2_REQUIRE_VER # --------------------- AC_DEFUN([CMU_SASL2_REQUIRE_VER], [AC_REQUIRE([CMU_SASL2_REQUIRED]) cmu_saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $SASLFLAGS" AC_TRY_CPP([ #include #ifndef SASL_VERSION_MAJOR #error SASL_VERSION_MAJOR not defined #endif #ifndef SASL_VERSION_MINOR #error SASL_VERSION_MINOR not defined #endif #ifndef SASL_VERSION_STEP #error SASL_VERSION_STEP not defined #endif #if SASL_VERSION_MAJOR < $1 || SASL_VERSION_MINOR < $2 || SASL_VERSION_STEP < $3 #error SASL version is less than $1.$2.$3 #endif ],, [AC_ERROR([Incorrect SASL headers found. This package requires SASL $1.$2.$3 or newer.])]) CPPFLAGS=$cmu_saved_CPPFLAGS ])# CMU_SASL2_REQUIRE_VER # CMU_SASL2_CHECKAPOP_REQUIRED # ---------------------------- AC_DEFUN([CMU_SASL2_CHECKAPOP_REQUIRED], [AC_REQUIRE([CMU_SASL2_REQUIRED]) cmu_saved_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_SASL" AC_CHECK_LIB(sasl2, sasl_checkapop, [AC_DEFINE(HAVE_APOP,[],[Does SASL support APOP?])], [AC_MSG_ERROR([libsasl2 without working sasl_checkapop. Cannot continue.])]) LDFLAGS=$cmu_saved_LDFLAGS ])# CMU_SASL2_CHECKAPOP_REQUIRED # SASL2_CRYPT_CHK # --------------- AC_DEFUN([SASL2_CRYPT_CHK], [AC_CHECK_FUNC(crypt, cmu_have_crypt=yes, [AC_CHECK_LIB(crypt, crypt, LIB_CRYPT="-lcrypt"; cmu_have_crypt=yes, cmu_have_crypt=no)]) AC_SUBST(LIB_CRYPT) ])# SASL2_CRYPT_CHK cyrus-sasl-2.1.25/cmulocal/find-func-no-libs2.m40000666000076400007640000000272107741072414016210 00000000000000dnl $Id: find-func-no-libs2.m4,v 1.2 2003/10/08 20:35:24 rjs3 Exp $ dnl dnl dnl Look for function in any of the specified libraries dnl dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args) AC_DEFUN([AC_FIND_FUNC_NO_LIBS2], [ AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(ac_cv_funclib_$1, [ if eval "test \"\$ac_cv_func_$1\" != yes" ; then ac_save_LIBS="$LIBS" for ac_lib in $2; do if test -n "$ac_lib"; then ac_lib="-l$ac_lib" else ac_lib="" fi LIBS="$6 $ac_lib $5 $ac_save_LIBS" AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break) done eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" LIBS="$ac_save_LIBS" fi ]) eval "ac_res=\$ac_cv_funclib_$1" if false; then AC_CHECK_FUNCS($1) dnl AC_CHECK_LIBS($2, foo) fi # $1 ac_tr_func=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` ac_tr_lib=HAVE_LIB_`echo $ac_res |sed 's/-l//' | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` eval "LIB_$1=$ac_res" case "$ac_res" in yes) eval "ac_cv_func_$1=yes" eval "LIB_$1=" AC_DEFINE_UNQUOTED($ac_tr_func) AC_MSG_RESULT([yes]) ;; no) eval "ac_cv_func_$1=no" eval "LIB_$1=" AC_MSG_RESULT([no]) ;; *) eval "ac_cv_func_$1=yes" eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" AC_DEFINE_UNQUOTED($ac_tr_func) AC_DEFINE_UNQUOTED($ac_tr_lib) AC_MSG_RESULT([yes, in $ac_res]) ;; esac AC_SUBST(LIB_$1) ]) cyrus-sasl-2.1.25/cmulocal/find-func.m40000666000076400007640000000036507741072414014567 00000000000000dnl $Id: find-func.m4,v 1.2 2003/10/08 20:35:24 rjs3 Exp $ dnl dnl AC_FIND_FUNC(func, libraries, includes, arguments) AC_DEFUN([AC_FIND_FUNC], [ AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) if test -n "$LIB_$1"; then LIBS="$LIB_$1 $LIBS" fi ]) cyrus-sasl-2.1.25/cmulocal/libpcap.m40000666000076400007640000000676510233511400014321 00000000000000dnl libpcap.m4--PCAP libraries and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: libpcap.m4,v 1.9 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_PCAP_INC_WHERE1], [ ac_cv_found_pcap_inc=no if test -f "$1/pcap.h" ; then ac_cv_found_pcap_inc=yes fi ]) AC_DEFUN([CMU_PCAP_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for pcap header in $i) CMU_PCAP_INC_WHERE1($i) if test "$ac_cv_found_pcap_inc" = "yes"; then ac_cv_pcap_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(no found) fi done ]) AC_DEFUN([CMU_PCAP_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lpcap" AC_TRY_LINK(, [pcap_lookupdev("");], [ac_cv_found_pcap_lib=yes], ac_cv_found_pcap_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_PCAP_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for pcap library in $i) CMU_PCAP_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, pcap) if test "$ac_cv_found_pcap_lib" = "yes" ; then ac_cv_pcap_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(no found) fi done ]) AC_DEFUN([CMU_PCAP], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(pcap, [ --with-pcap=PREFIX Compile with PCAP support], [if test "X$with_pcap" = "X"; then with_pcap=yes fi]) AC_ARG_WITH(pcap-lib, [ --with-pcap-lib=dir use pcap libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-pcap-lib]) fi]) AC_ARG_WITH(pcap-include, [ --with-pcap-include=dir use pcap headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-pcap-include]) fi]) if test "X$with_pcap" != "X"; then if test "$with_pcap" != "yes"; then ac_cv_pcap_where_lib=$with_pcap/$CMU_LIB_SUBDIR ac_cv_pcap_where_inc=$with_pcap/include fi fi if test "X$with_pcap_lib" != "X"; then ac_cv_pcap_where_lib=$with_pcap_lib fi if test "X$ac_cv_pcap_where_lib" = "X"; then CMU_PCAP_LIB_WHERE(/usr/ng/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi if test "X$with_pcap_include" != "X"; then ac_cv_pcap_where_inc=$with_pcap_include fi if test "X$ac_cv_pcap_where_inc" = "X"; then CMU_PCAP_INC_WHERE(/usr/ng/include /usr/include /usr/local/include) fi AC_MSG_CHECKING(whether to include pcap) if test "X$ac_cv_pcap_where_lib" = "X" -a "X$ac_cv_pcap_where_inc" = "X"; then ac_cv_found_pcap=no AC_MSG_RESULT(no) else ac_cv_found_pcap=yes AC_MSG_RESULT(yes) PCAP_INC_DIR=$ac_cv_pcap_where_inc PCAP_LIB_DIR=$ac_cv_pcap_where_lib PCAP_INC_FLAGS="-I${PCAP_INC_DIR}" PCAP_LIB_FLAGS="-L${PCAP_LIB_DIR} -lpcap" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${PCAP_LIB_DIR}" else RPATH="${RPATH}:${PCAP_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${PCAP_LIB_DIR}" else RPATH="${RPATH}:${PCAP_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${PCAP_LIB_DIR}" else RPATH="${RPATH}:${PCAP_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${PCAP_LIB_DIR}" else RPATH="${RPATH}:${PCAP_LIB_DIR}" fi else RPATH="${RPATH} -R${PCAP_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/kerberos_v4.m40000666000076400007640000002114310233511400015117 00000000000000dnl kerberos_v4.m4--Kerberos 4 libraries and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: kerberos_v4.m4,v 1.28 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_KRB_SENDAUTH_PROTO], [ AC_MSG_CHECKING(for krb_sendauth prototype) AC_TRY_COMPILE( [#include int krb_sendauth (long options, int fd, KTEXT ktext, char *service, char *inst, char *realm, u_long checksum, MSG_DAT *msg_data, CREDENTIALS *cred, Key_schedule schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr, char *version);], [int foo = krb_sendauth(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); ], ac_cv_krb_sendauth_proto=no, ac_cv_krb_sendauth_proto=yes) AC_MSG_RESULT($ac_cv_krb_sendauth_proto) if test "$ac_cv_krb_sendauth_proto" = yes; then AC_DEFINE(HAVE_KRB_SENDAUTH_PROTO)dnl fi AC_MSG_RESULT($ac_cv_krb_sendauth_proto) ]) AC_DEFUN([CMU_KRB_SET_KEY_PROTO], [ AC_MSG_CHECKING(for krb_set_key prototype) AC_CACHE_VAL(ac_cv_krb_set_key_proto, [ cmu_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="${CPPFLAGS} ${KRB_INC_FLAGS}" AC_TRY_COMPILE( [#include int krb_set_key(char *key, int cvt);], [int foo = krb_set_key(0, 0);], ac_cv_krb_set_key_proto=no, ac_cv_krb_set_key_proto=yes) ]) CPPFLAGS="${cmu_save_CPPFLAGS}" if test "$ac_cv_krb_set_key_proto" = yes; then AC_DEFINE(HAVE_KRB_SET_KEY_PROTO)dnl fi AC_MSG_RESULT($ac_cv_krb_set_key_proto) ]) AC_DEFUN([CMU_KRB4_32_DEFN], [ AC_MSG_CHECKING(for KRB4_32 definition) AC_CACHE_VAL(ac_cv_krb4_32_defn, [ cmu_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="${CPPFLAGS} ${KRB_INC_FLAGS}" AC_TRY_COMPILE( [#include ], [KRB4_32 foo = 1;], ac_cv_krb4_32_defn=yes, ac_cv_krb4_32_defn=no) ]) CPPFLAGS="${cmu_save_CPPFLAGS}" if test "$ac_cv_krb4_32_defn" = yes; then AC_DEFINE(HAVE_KRB4_32_DEFINE)dnl fi AC_MSG_RESULT($ac_cv_krb4_32_defn) ]) AC_DEFUN([CMU_KRB_RD_REQ_PROTO], [ AC_MSG_CHECKING(for krb_rd_req prototype) AC_CACHE_VAL(ac_cv_krb_rd_req_proto, [ cmu_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="${CPPFLAGS} ${KRB_INC_FLAGS}" AC_TRY_COMPILE( [#include int krb_rd_req(KTEXT authent, char *service, char *instance, unsigned KRB_INT32 from_addr, AUTH_DAT *ad, char *fn);], [int foo = krb_rd_req(0,0,0,0,0,0);], ac_cv_krb_rd_req_proto=no, ac_cv_krb_rd_req_proto=yes) ]) CPPFLAGS="${cmu_save_CPPFLAGS}" if test "$ac_cv_krb_rd_req_proto" = yes; then AC_DEFINE(HAVE_KRB_RD_REQ_PROTO)dnl fi AC_MSG_RESULT($ac_cv_krb_rd_req_proto) ]) AC_DEFUN([CMU_KRB_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [struct ktext foo;], ac_cv_found_krb_inc=yes, ac_cv_found_krb_inc=no) if test "$ac_cv_found_krb_inc" = "no"; then CPPFLAGS="$saved_CPPFLAGS -I$1 -I$1/kerberosIV" AC_TRY_COMPILE([#include ], [struct ktext foo;], [ac_cv_found_krb_inc=yes], ac_cv_found_krb_inc=no) fi CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_KRB_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for kerberos headers in $i) CMU_KRB_INC_WHERE1($i) CMU_TEST_INCPATH($i, krb) if test "$ac_cv_found_krb_inc" = "yes"; then ac_cv_krb_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) # # Test for kerberos lib files # AC_DEFUN([CMU_KRB_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lkrb ${KRB_LIBDES}" AC_TRY_LINK(, [dest_tkt();], [ac_cv_found_krb_lib=yes], ac_cv_found_krb_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_KRB_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for kerberos libraries in $i) CMU_KRB_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, krb) if test "$ac_cv_found_krb_lib" = "yes" ; then ac_cv_krb_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_KRB4], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_LIBSSL]) AC_ARG_WITH(krb4, [ --with-krb4=PREFIX Compile with Kerberos 4 support], [if test "X$with_krb4" = "X"; then with_krb4=yes fi]) AC_ARG_WITH(krb4-lib, [ --with-krb4-lib=dir use kerberos 4 libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-krb4-lib]) fi]) AC_ARG_WITH(krb4-include, [ --with-krb4-include=dir use kerberos 4 headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-krb4-include]) fi]) if test "X$with_krb4" != "X"; then if test "$with_krb4" != "yes" -a "$with_krb4" != "no"; then ac_cv_krb_where_lib=$with_krb4/$CMU_LIB_SUBDIR ac_cv_krb_where_inc=$with_krb4/include fi fi if test "$with_krb4" != "no"; then if test "X$with_krb4_lib" != "X"; then ac_cv_krb_where_lib=$with_krb4_lib fi if test "X$with_krb4_include" != "X"; then ac_cv_krb_where_inc=$with_krb4_include fi if test "X$ac_cv_krb_where_inc" = "X"; then CMU_KRB_INC_WHERE(/usr/athena/include /usr/include/kerberosIV /usr/local/include /usr/include/kerberos) fi AC_MSG_CHECKING([if libdes is needed]) AC_TRY_LINK([],[des_quad_cksum();],KRB_DES_LIB="",KRB_DES_LIB="maybe") if test "X$KRB_DES_LIB" != "X"; then LIBS="$cmu_save_LIBS -ldes" AC_TRY_LINK([], [des_quad_cksum();],KRB_DES_LIB="yes") if test "X$KRB_DES_LIB" = "Xyes"; then AC_MSG_RESULT([yes]) KRB_LIBDES="-ldes" KRB_LIBDESA='$(KRB_LIB_DIR)/libdes.a' else LIBS="$cmu_save_LIBS $LIBSSL_LIB_FLAGS" AC_TRY_LINK([], [des_quad_cksum();],KRB_DES_LIB="libcrypto") if test "X$KRB_DES_LIB" = "Xlibcrypto"; then AC_MSG_RESULT([libcrypto]) KRB_LIBDES="$LIBSSL_LIB_FLAGS" KRB_LIBDESA="$LIBSSL_LIB_FLAGS" else LIBS="$cmu_save_LIBS -L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" AC_TRY_LINK([], [des_quad_cksum();],KRB_DES_LIB="libcrypto+descompat") if test "X$KRB_DES_LIB" = "Xlibcrypto+descompat"; then AC_MSG_RESULT([libcrypto+descompat]) KRB_LIBDES="-L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" KRB_LIBDESA="-L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" else AC_MSG_RESULT([unknown]) AC_MSG_ERROR([Could not use -ldes]) fi fi fi else AC_MSG_RESULT([no]) fi if test "X$ac_cv_krb_where_lib" = "X"; then CMU_KRB_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR) fi fi LIBS="${cmu_save_LIBS}" AC_MSG_CHECKING([whether to include kerberos 4]) if test "X$ac_cv_krb_where_lib" = "X" -o "X$ac_cv_krb_where_inc" = "X"; then ac_cv_found_krb=no AC_MSG_RESULT(no) else ac_cv_found_krb=yes AC_MSG_RESULT(yes) KRB_INC_DIR=$ac_cv_krb_where_inc KRB_LIB_DIR=$ac_cv_krb_where_lib KRB_INC_FLAGS="-I${KRB_INC_DIR}" KRB_LIB_FLAGS="-L${KRB_LIB_DIR} -lkrb ${KRB_LIBDES}" LIBS="${cmu_save_LIBS} ${KRB_LIB_FLAGS}" AC_CHECK_LIB(resolv, dns_lookup, KRB_LIB_FLAGS="${KRB_LIB_FLAGS} -lresolv",,"${KRB_LIB_FLAGS}") AC_CHECK_LIB(crypt, crypt, KRB_LIB_FLAGS="${KRB_LIB_FLAGS} -lcrypt",,"${KRB_LIB_FLAGS}") LIBS="${LIBS} ${KRB_LIB_FLAGS}" AC_CHECK_FUNCS(krb_get_int krb_life_to_time) AC_SUBST(KRB_INC_FLAGS) AC_SUBST(KRB_LIB_FLAGS) LIBS="${cmu_save_LIBS}" AC_DEFINE(HAVE_KRB4,,[Kerberos V4 is present])dnl zephyr uses this AC_DEFINE(KERBEROS,,[Use kerberos 4. find out what needs this symbol]) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${KRB_LIB_DIR}" else RPATH="${RPATH}:${KRB_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${KRB_LIB_DIR}" else RPATH="${RPATH}:${KRB_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${KRB_LIB_DIR}" else RPATH="${RPATH}:${KRB_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${KRB_LIB_DIR}" else RPATH="${RPATH}:${KRB_LIB_DIR}" fi else RPATH="${RPATH} -R${KRB_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/db.m40000666000076400007640000000167410013510042013263 00000000000000dnl $Id: db.m4,v 1.2 2004/02/14 21:16:18 cg2v Exp $ dnl dnl tests for various db libraries dnl AC_DEFUN([rk_DB],[berkeley_db=db AC_ARG_WITH(berkeley-db, [ --without-berkeley-db if you don't want berkeley db],[ if test "$withval" = no; then berkeley_db="" fi ]) if test "$berkeley_db"; then AC_CHECK_HEADERS([ \ db.h \ db_185.h \ ]) fi AC_FIND_FUNC_NO_LIBS2(dbopen, $berkeley_db, [ #include #if defined(HAVE_DB_185_H) #include #elif defined(HAVE_DB_H) #include #endif ],[NULL, 0, 0, 0, NULL]) AC_FIND_FUNC_NO_LIBS(dbm_firstkey, $berkeley_db gdbm ndbm) AC_FIND_FUNC_NO_LIBS2(db_create, $berkeley_db, [ #include #if defined(HAVE_DB_H) #include #endif ],[NULL, NULL, 0]) DBLIB="$LIB_dbopen" if test "$LIB_dbopen" != "$LIB_db_create"; then DBLIB="$DBLIB $LIB_db_create" fi if test "$LIB_dbopen" != "$LIB_dbm_firstkey"; then DBLIB="$DBLIB $LIB_dbm_firstkey" fi AC_SUBST(DBLIB)dnl ]) cyrus-sasl-2.1.25/cmulocal/arx.m40000666000076400007640000000755510233511377013514 00000000000000dnl $Id: arx.m4,v 1.6 2005/04/26 19:14:07 shadow Exp $ AC_DEFUN([CMU_ARX_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [arx_context *foo;], ac_cv_found_arx_inc=yes, ac_cv_found_arx_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_ARX_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for arx headers in $i) CMU_ARX_INC_WHERE1($i) CMU_TEST_INCPATH($i, arx) if test "$ac_cv_found_arx_inc" = "yes"; then ac_cv_arx_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) # # Test for lib files # AC_DEFUN([CMU_ARX_LIB_WHERE1], [ AC_REQUIRE([CMU_AFS]) AC_REQUIRE([CMU_KRB4]) saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -larx $AFS_LIB_FLAGS $AFS_CLIENT_LIBS $KRB_LIB_FLAGS $LIB_SOCKET" AC_TRY_LINK(, [arx_Init();], [ac_cv_found_arx_lib=yes], ac_cv_found_arx_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_ARX_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for arx libraries in $i) CMU_ARX_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, arx) if test "$ac_cv_found_arx_lib" = "yes" ; then ac_cv_arx_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_USE_ARX], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(arx, [ --with-arx=PREFIX Compile with arx support], [if test "X$with_arx" = "X"; then with_arx=yes fi]) AC_ARG_WITH(arx-lib, [ --with-arx-lib=dir use arx libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-arx-lib]) fi]) AC_ARG_WITH(arx-include, [ --with-arx-include=dir use arx headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-arx-include]) fi]) if test "X$with_arx" != "X"; then if test "$with_arx" != "yes"; then ac_cv_arx_where_lib=$with_arx/${CMU_LIB_SUBDIR} ac_cv_arx_where_inc=$with_arx/include fi fi if test "X$with_arx_lib" != "X"; then ac_cv_arx_where_lib=$with_arx_lib fi if test "X$ac_cv_arx_where_lib" = "X"; then CMU_ARX_LIB_WHERE(/usr/athena/${CMU_LIB_SUBDIR} /usr/local/${CMU_LIB_SUBDIR} /usr/${CMU_LIB_SUBDIR}) fi if test "X$with_arx_include" != "X"; then ac_cv_arx_where_inc=$with_arx_include fi if test "X$ac_cv_arx_where_inc" = "X"; then CMU_ARX_INC_WHERE(/usr/athena/include /usr/local/include) fi AC_MSG_CHECKING(whether to include arx) if test "X$ac_cv_arx_where_lib" = "X" -o "X$ac_cv_arx_where_inc" = "X"; then ac_cv_found_arx=no AC_MSG_RESULT(no) else ac_cv_found_arx=yes AC_MSG_RESULT(yes) ARX_INC_DIR=$ac_cv_arx_where_inc ARX_LIB_DIR=$ac_cv_arx_where_lib ARX_INC_FLAGS="-I${ARX_INC_DIR}" ARX_LIB_FLAGS="-L${ARX_LIB_DIR} -larx" ARX_LD_FLAGS="-L${ARX_LIB_DIR}" dnl Do not force configure.in to put these in CFLAGS and LIBS unconditionally dnl Allow makefile substitutions.... AC_SUBST(ARX_INC_FLAGS) AC_SUBST(ARX_LIB_FLAGS) AC_SUBST(ARX_LD_FLAGS) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${ARX_LIB_DIR}" else RPATH="${RPATH}:${ARX_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${ARX_LIB_DIR}" else RPATH="${RPATH}:${ARX_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${ARX_LIB_DIR}" else RPATH="${RPATH}:${ARX_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${ARX_LIB_DIR}" else RPATH="${RPATH}:${ARX_LIB_DIR}" fi else RPATH="${RPATH} -R${ARX_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/mips-abi.m40000666000076400007640000000517507741072415014424 00000000000000dnl mips-abi.m4--Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext dnl to some value dnl Derrick Brashear dnl from KTH krb (from CMU) dnl $Id: mips-abi.m4,v 1.5 2003/10/08 20:35:25 rjs3 Exp $ AC_DEFUN([AC_MIPS_ABI], [ AC_ARG_WITH(mips_abi, [ --with-mips-abi=abi ABI to use for IRIX (32, n32, or 64)]) case "$host_os" in irix*) with_mips_abi="${with_mips_abi:-yes}" if test -n "$GCC"; then # GCC < 2.8 only supports the O32 ABI. GCC >= 2.8 has a flag to select # which ABI to use, but only supports (as of 2.8.1) the N32 and 64 ABIs. # # Default to N32, but if GCC doesn't grok -mabi=n32, we assume an old # GCC and revert back to O32. The same goes if O32 is asked for - old # GCCs doesn't like the -mabi option, and new GCCs can't output O32. # # Don't you just love *all* the different SGI ABIs? case "${with_mips_abi}" in 32|o32) abi='-mabi=32'; abilibdirext='' ;; n32|yes) abi='-mabi=n32'; abilibdirext='32' ;; 64) abi='-mabi=64'; abilibdirext='64' ;; no) abi=''; abilibdirext='';; *) AC_ERROR("Invalid ABI specified") ;; esac if test -n "$abi" ; then ac_foo=krb_cv_gcc_`echo $abi | tr =- __` dnl dnl can't use AC_CACHE_CHECK here, since it doesn't quote CACHE-ID to dnl AC_MSG_RESULT dnl AC_MSG_CHECKING([if $CC supports the $abi option]) AC_CACHE_VAL($ac_foo, [ save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $abi" AC_TRY_COMPILE(,int x;, eval $ac_foo=yes, eval $ac_foo=no) CFLAGS="$save_CFLAGS" ]) ac_res=`eval echo \\\$$ac_foo` AC_MSG_RESULT($ac_res) if test $ac_res = no; then # Try to figure out why that failed... case $abi in -mabi=32) save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -mabi=n32" AC_TRY_COMPILE(,int x;, ac_res=yes, ac_res=no) CLAGS="$save_CFLAGS" if test $ac_res = yes; then # New GCC AC_ERROR([$CC does not support the $with_mips_abi ABI]) fi # Old GCC abi='' abilibdirext='' ;; -mabi=n32|-mabi=64) if test $with_mips_abi = yes; then # Old GCC, default to O32 abi='' abilibdirext='' else # Some broken GCC AC_ERROR([$CC does not support the $with_mips_abi ABI]) fi ;; esac fi #if test $ac_res = no; then fi #if test -n "$abi" ; then else case "${with_mips_abi}" in 32|o32) abi='-32'; abilibdirext='' ;; n32|yes) abi='-n32'; abilibdirext='32' ;; 64) abi='-64'; abilibdirext='64' ;; no) abi=''; abilibdirext='';; *) AC_ERROR("Invalid ABI specified") ;; esac fi #if test -n "$GCC"; then ;; esac dnl And then we munge variables to make things work CFLAGS="${CFLAGS} $abi" libdir=`echo $libdir | sed 's,/*$,$abilibdirext,'` LDFLAGS=`echo $LDFLAGS | sed -e "s,/lib$,/lib$abilibdirext," -e "s,\\\(/lib[^a-zA-Z]\\\),\\\1$abilibdirext,g"` ]) cyrus-sasl-2.1.25/cmulocal/agentx.m40000666000076400007640000000242107741072414014177 00000000000000dnl agentx.m4--detect agentx libraries dnl copied from x-unixrc dnl Tim Martin dnl $Id: agentx.m4,v 1.5 2003/10/08 20:35:24 rjs3 Exp $ AC_DEFUN([CMU_AGENTX], [ dnl dnl CMU AgentX dnl AC_MSG_CHECKING([for AgentX]) AC_ARG_WITH(agentx, [ --with-agentx CMU AgentX libraries located in (val)], AGENTX_DIR="$withval", AGENTX_DIR=no) found_agentx="no" if test "${AGENTX_DIR}" != "no" && test -f $AGENTX_DIR/lib${ABILIBDIR}/libagentx.a && test -f $AGENTX_DIR/include/agentx.h; then AGENTX_DIR="$AGENTX_DIR" found_agentx="yes" elif test -d /usr/local && test -f /usr/local/lib${ABILIBDIR}/libagentx.a && test -f /usr/local/include/agentx.h; then AGENTX_DIR="/usr/local" found_agentx="yes" elif test -d /usr/ng && test -f /usr/ng/lib${ABILIBDIR}/libagentx.a && test -f /usr/ng/include/agentx.h; then AGENTX_DIR="/usr/ng" found_agentx="yes" fi if test "$found_agentx" = "no"; then AC_MSG_WARN([Could not locate AgentX Libraries! http://www.net.cmu.edu/groups/netdev/agentx/]) else LIB_AGENTX="-L$AGENTX_DIR/lib${ABILIBDIR} -lagentx" AC_SUBST(LIB_AGENTX) AGENTXFLAGS="-I$AGENTX_DIR/include" AC_SUBST(AGENTXFLAGS) AC_MSG_RESULT([found $AGENTX_DIR/lib${ABILIBDIR}/libagentx.a]) fi ]) cyrus-sasl-2.1.25/cmulocal/bsd_sockets.m40000646000076400007640000000211711337264205015211 00000000000000dnl bsd_sockets.m4--which socket libraries do we need? dnl Derrick Brashear dnl from Zephyr dnl $Id: bsd_sockets.m4,v 1.11 2010/02/18 16:19:07 murch Exp $ dnl Hacked on by Rob Earhart to not just toss stuff in LIBS dnl It now puts everything required for sockets into LIB_SOCKET AC_DEFUN([CMU_SOCKETS], [ save_LIBS="$LIBS" LIB_SOCKET="" AC_CHECK_FUNC(connect, :, [AC_CHECK_LIB(nsl, gethostbyname, LIB_SOCKET="-lnsl $LIB_SOCKET") AC_CHECK_LIB(socket, connect, LIB_SOCKET="-lsocket $LIB_SOCKET")] ) LIBS="$LIB_SOCKET $save_LIBS" AC_CHECK_FUNC(res_search, :, [LIBS="-lresolv $LIB_SOCKET $save_LIBS" AC_TRY_LINK([[ #include #include #include #ifdef HAVE_ARPA_NAMESER_COMPAT_H #include #endif #include ]],[[ const char host[12]="openafs.org"; u_char ans[1024]; res_search( host, C_IN, T_MX, (u_char *)&ans, sizeof(ans)); return 0; ]], LIB_SOCKET="-lresolv $LIB_SOCKET") ]) LIBS="$LIB_SOCKET $save_LIBS" AC_CHECK_FUNCS(dn_expand dns_lookup) LIBS="$save_LIBS" AC_SUBST(LIB_SOCKET) ]) cyrus-sasl-2.1.25/cmulocal/openldap.m40000646000076400007640000000225610414247622014513 00000000000000dnl dnl macros for configure.in to detect openldap dnl $Id: openldap.m4,v 1.2 2006/03/13 19:16:11 mel Exp $ dnl dnl dnl Check for OpenLDAP version compatility AC_DEFUN([CMU_OPENLDAP_API], [AC_CACHE_CHECK([OpenLDAP api], [cmu_cv_openldap_api],[ AC_EGREP_CPP(__openldap_api,[ #include #ifdef LDAP_API_FEATURE_X_OPENLDAP char *__openldap_api = LDAP_API_FEATURE_X_OPENLDAP; #endif ], [cmu_cv_openldap_api=yes], [cmu_cv_openldap_api=no])]) ]) dnl dnl Check for OpenLDAP version compatility AC_DEFUN([CMU_OPENLDAP_COMPAT], [AC_CACHE_CHECK([OpenLDAP version], [cmu_cv_openldap_compat],[ AC_EGREP_CPP(__openldap_compat,[ #include /* Require 2.1.27+ and 2.2.6+ */ #if LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 1 && LDAP_VENDOR_VERSION_PATCH > 26 char *__openldap_compat = "2.1.27 or better okay"; #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2 && LDAP_VENDOR_VERSION_PATCH > 5 char *__openldap_compat = "2.2.6 or better okay"; #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR > 2 char *__openldap_compat = "2.3 or better okay" #endif ], [cmu_cv_openldap_compat=yes], [cmu_cv_openldap_compat=no])]) ]) cyrus-sasl-2.1.25/cmulocal/telnet.m40000646000076400007640000001226010414247622014200 00000000000000dnl telnet.m4--telnet special macros dnl Derrick Brashear dnl $Id: telnet.m4,v 1.13 2006/02/25 18:36:36 cg2v Exp $ AC_DEFUN([CMU_TELNET_WHICH_TERM], [ AC_CHECK_LIB(termlib, setupterm, [ AC_DEFINE(HAVE_SETUPTERM,, [Define to 1 if you have the `setupterm' function.]) AC_CHECK_LIB(c, setupterm, TCLIB="/usr/ccs/lib/libtermlib.a",TCLIB="-ltermlib","/usr/ccs/lib/libtermlib.a") ], TCLIB="-ltermcap") ]) AC_DEFUN([CMU_TELNET_CC_T], [ AC_MSG_CHECKING(for cc_t definition) AC_CACHE_VAL(cmu_cv_cc_t_definition, [ AC_TRY_COMPILE( [ #ifdef HAVE_SYS_TERMIOS_H #include #else #ifdef HAVE_SYS_TERMIO_H #include #endif #endif ], [cc_t ffoo;], cmu_cv_cc_t_definition=yes, cmu_cv_cc_t_definition=no) ]) if test "$cmu_cv_cc_t_definition" = "no"; then AC_DEFINE(NO_CC_T,, [The type `cc_t' is not available]) fi AC_MSG_RESULT($cmu_cv_cc_t_definition) ]) AC_DEFUN([CMU_STREAMS], [ if test "$ac_cv_header_sys_stropts_h" = "yes" -o "$ac_cv_header_stropts_h" = "yes"; then AC_DEFINE(HAVE_STREAMS,, [STREAMS are available])dnl fi ]) AC_DEFUN([CMU_TERMIO_MODEL], [ if test "$ac_cv_header_sys_termio_h" = "yes" -o "$ac_cv_header_sys_termios_h" = "yes"; then AC_DEFINE(USE_TERMIO,, [Use termios for tty configuration])dnl if test "$ac_cv_header_sys_termios_h" = "no"; then AC_DEFINE(SYSV_TERMIO,, [Use SysV termios])dnl fi fi ]) AC_DEFUN([CMU_TELNET_DES_STRING_TO_KEY_PROTO], [ AC_MSG_CHECKING(for des_string_to_key prototype) AC_CACHE_VAL(cmu_cv_des_string_to_key_proto, [ AC_TRY_COMPILE( [#include typedef unsigned char Block[8]; int des_string_to_key(char *, Block);], [int foo = des_string_to_key(NULL, NULL);], cmu_cv_des_string_to_key_proto=no, cmu_cv_des_string_to_key_proto=yes) ]) if test "$cmu_cv_des_string_to_key_proto" = yes; then AC_DEFINE(HAVE_DES_STRING_TO_KEY_PROTO,, [define to 1 if `des_string_to_key' has a prototype])dnl fi AC_MSG_RESULT($cmu_cv_des_string_to_key_proto) ]) AC_DEFUN([CMU_TELNET_DES_KEY_SCHED_PROTO], [ AC_MSG_CHECKING(for des_key_sched prototype) AC_CACHE_VAL(cmu_cv_des_key_sched_proto, [ AC_TRY_COMPILE( [ #include char des_key_sched(int foo, int bar); ], [des_key_sched(NULL, NULL);], cmu_cv_des_key_sched_proto=no, cmu_cv_des_key_sched_proto=yes) ]) if test "$cmu_cv_des_key_sched_proto" = yes; then AC_DEFINE(HAVE_DES_KEY_SCHED_PROTO,, [define to 1 if `des_key_sched' has a prototype])dnl fi AC_MSG_RESULT($cmu_cv_des_key_sched_proto) ]) AC_DEFUN([CMU_TELNET_DES_SET_RANDOM_GENERATOR_SEED_PROTO], [ AC_MSG_CHECKING(for des_set_random_generator_seed prototype) AC_CACHE_VAL(cmu_cv_des_set_random_generator_seed_proto, [ AC_TRY_COMPILE( [ #include char des_set_random_generator_seed(int foo, int bar); ], [des_set_random_generator_seed(NULL, NULL);], cmu_cv_des_set_random_generator_seed_proto=no, cmu_cv_des_set_random_generator_seed_proto=yes) ]) if test "$cmu_cv_des_set_random_generator_seed_proto" = yes; then AC_DEFINE(HAVE_DES_SET_RANDOM_GENERATOR_SEED_PROTO,, [define to 1 if `des_set_random_generator_seed' has a prototype])dnl fi AC_MSG_RESULT($cmu_cv_des_set_random_generator_seed_proto) ]) AC_DEFUN([CMU_TELNET_DES_NEW_RANDOM_KEY_PROTO], [ AC_MSG_CHECKING(for des_new_random_key prototype) AC_CACHE_VAL(cmu_cv_des_new_random_key_proto, [ AC_TRY_COMPILE( [ #include char des_new_random_key(int foo, int bar); ], [des_new_random_key(NULL, NULL);], cmu_cv_des_new_random_key_proto=no, cmu_cv_des_new_random_key_proto=yes) ]) if test "$cmu_cv_des_new_random_key_proto" = yes; then AC_DEFINE(HAVE_DES_NEW_RANDOM_KEY_PROTO,, [define to 1 if `des_new_random_key' has a prototype])dnl fi AC_MSG_RESULT($cmu_cv_des_new_random_key_proto) ]) AC_DEFUN([CMU_TELNET_DES_ECB_ENCRYPT_PROTO], [ AC_MSG_CHECKING(for des_ecb_encrypt prototype) AC_CACHE_VAL(cmu_cv_des_ecb_encrypt_proto, [ AC_TRY_COMPILE( [#include typedef unsigned char Block[8]; typedef struct { Block _; } Schedule[16]; void des_ecb_encrypt(Block, Block, Schedule, int);], [int foo = des_ecb_encrypt(NULL, NULL, NULL, 0);], cmu_cv_des_ecb_encrypt_proto=no, cmu_cv_des_ecb_encrypt_proto=yes) ]) if test "$cmu_cv_des_ecb_encrypt_proto" = yes; then AC_DEFINE(HAVE_DES_ECB_ENCRYPT_PROTO,, [define to 1 if `des_ecb_encrypt' has a prototype])dnl fi AC_MSG_RESULT($cmu_cv_des_ecb_encrypt_proto) ]) AC_DEFUN([CMU_TELNET_GETTYTAB], [ if test -f "/etc/gettytab"; then AC_CHECK_FUNCS(getent getstr) if test "X$ac_cv_func_getent" != "Xyes"; then AC_DEFINE(HAVE_GETTYTAB,, [gettytab support is present]) if test "X$ac_cv_func_getstr" = "Xyes"; then CFLAGS="$CFLAGS -Dgetstr=ggetstr" fi fi else AC_CHECK_FUNCS(cgetent) fi ]) AC_DEFUN([CMU_TELNET_ISSUE], [ if test -f "/etc/issue.net"; then AC_DEFINE(ISSUE_FILE, "/etc/issue.net", [path of issue file to use]) else if test -f "/etc/issue"; then AC_DEFINE(ISSUE_FILE, "/etc/issue", [path of issue file to use]) fi fi ]) AC_DEFUN([CMU_TELNET_PTYDIR], [ if test -d /dev/pts -o -d /dev/pty; then case "${host}" in *-*-irix*) ;; *-*-linux*) AC_DEFINE(PTYDIR,, [Has /dev/ptX and pty allocation funcs]) ;; *) AC_DEFINE(PTYDIR,, [Has /dev/ptX and pty allocation funcs]) AC_DEFINE(STREAMSPTY,, [ptys are streams devices]) ;; esac fi ]) cyrus-sasl-2.1.25/cmulocal/tcl.m40000666000076400007640000001347407741072415013506 00000000000000dnl FIRST PASS AFTER STEALING THIS FROM CYRUS! dnl USE AT YOUR OWN PERIL! dnl I MEAN IT! dnl dnl tcl.m4: an autoconf Tcl locator dnl $Id: tcl.m4,v 1.4 2003/10/08 20:35:25 rjs3 Exp $ dnl dnl This is rob's Tcl macro, fixed by tjs. It may need occasional tweaking, dnl but until the next impediment to compilation, it's fill-in-the-blank, dnl and it should be able to do reasonable things with user input. dnl dnl This will probably just work on Andrew systems, but given the variety dnl and apparent creativity of people who compile Tcl elsewhere, I don't know dnl what it will do. I have yet to see an autoconf Tcl test that users were dnl happy with. dnl dnl BUGS dnl The command-line arguments are overcomplicated. dnl There are doubtlessly others... dnl To use this macro, just do CMU_TCL. It outputs dnl TCL_LIBS, TCL_CPPFLAGS, and TCL_DEFS and SUBSTs them. dnl If successful, these have stuff in them. If not, they're empty. dnl If not successful, with_tcl has the value "no". AC_DEFUN([CMU_TCL], [ # --- BEGIN CMU_TCL --- dnl To link against Tcl, configure does several things to make my life dnl "easier". dnl dnl * maybe ask the user where they think Tcl lives, and try to find it dnl * maybe ask the user what "tclsh" is called this week (i.e., "tclsh8.0") dnl * run tclsh, ask it for a path, then run that path through sed dnl * sanity check its result (many installs are a little broken) dnl * try to figure out where Tcl is based on this result dnl * try to guess where the Tcl include files are dnl dnl Notes from previous incarnations: dnl > XXX MUST CHECK FOR TCL BEFORE KERBEROS V4 XXX dnl > This is because some genius at MIT named one of the Kerberos v4 dnl > library functions log(). This of course conflicts with the dnl > logarithm function in the standard math library, used by Tcl. dnl dnl > Checking for Tcl first puts -lm before -lkrb on the library list. dnl dnl Check for some information from the user on what the world looks like AC_ARG_WITH(tclconfig,[ --with-tclconfig=PATH use tclConfig.sh from PATH (configure gets Tcl configuration from here)], dnl trim tclConfig.sh off the end so we can add it back on later. TclLibBase=`echo ${withval} | sed s/tclConfig.sh\$//`) AC_ARG_WITH(tcl, [ --with-tcl=PATH use Tcl from PATH], TclLibBase="${withval}/lib") AC_ARG_WITH(tclsh, [ --with-tclsh=TCLSH use TCLSH as the tclsh program (let configure find Tcl using this program)], TCLSH="${withval}") if test "$TCLSH" = "no" -o "$with_tclconfig" = "no" ; then AC_MSG_WARN([Tcl disabled because tclsh or tclconfig specified as "no"]) with_tcl=no fi if test "$with_tcl" != "no"; then if test \! -z "$with_tclconfig" -a \! -d "$with_tclconfig" ; then AC_MSG_ERROR([--with-tclconfig requires a directory argument.]) fi if test \! -z "$TCLSH" -a \! -x "$TCLSH" ; then AC_MSG_ERROR([--with-tclsh must specify an executable file.]) fi if test -z "$TclLibBase"; then # do we already know? # No? Run tclsh and ask it where it lives. # Do we know where a tclsh lives? if test -z "$TCLSH"; then # Try and find tclsh. Any tclsh. # If a new version of tcl comes out and unfortunately adds another # filename, it should be safe to add it (to the front of the line -- # somef vendors have older, badly installed tclshs that we want to avoid # if we can) AC_PATH_PROGS(TCLSH, [tclsh8.1 tclsh8.0 tclsh], "unknown") fi # Do we know where to get a tclsh? if test "${TCLSH}" != "unknown"; then AC_MSG_CHECKING([where Tcl says it lives]) TclLibBase=`echo puts \\\$tcl_library | ${TCLSH} | sed -e 's,[^/]*$,,'` AC_MSG_RESULT($TclLibBase) fi fi if test -z "$TclLibBase" ; then AC_MSG_RESULT([can't find tclsh]) AC_MSG_WARN([can't find Tcl installtion; use of Tcl disabled.]) with_tcl=no else AC_MSG_CHECKING([for tclConfig.sh]) # Check a list of places where the tclConfig.sh file might be. for tcldir in "${TclLibBase}" \ "${TclLibBase}/.." \ "${TclLibBase}"`echo ${TCLSH} | sed s/sh//` ; do if test -f "${tcldir}/tclConfig.sh"; then TclLibBase="${tcldir}" break fi done if test -z "${TclLibBase}" ; then AC_MSG_RESULT("unknown") AC_MSG_WARN([can't find Tcl configuration; use of Tcl disabled.]) with_tcl=no else AC_MSG_RESULT(${TclLibBase}/) fi if test "${with_tcl}" != no ; then AC_MSG_CHECKING([Tcl configuration on what Tcl needs to compile]) . ${TclLibBase}/tclConfig.sh AC_MSG_RESULT(ok) dnl no TK stuff for us. dnl . ${TclLibBase}/tkConfig.sh fi if test "${with_tcl}" != no ; then dnl Now, hunt for the Tcl include files, since we don't strictly dnl know where they are; some folks put them (properly) in the dnl default include path, or maybe in /usr/local; the *BSD folks dnl put them in other places. AC_MSG_CHECKING([where Tcl includes are]) for tclinclude in "${TCL_PREFIX}/include/tcl${TCL_VERSION}" \ "${TCL_PREFIX}/include/tcl" \ "${TCL_PREFIX}/include" ; do if test -r "${tclinclude}/tcl.h" ; then TCL_CPPFLAGS="-I${tclinclude}" break fi done if test -z "${TCL_CPPFLAGS}" ; then AC_MSG_WARN(can't find Tcl includes; use of Tcl disabled.) with_tcl=no fi AC_MSG_RESULT(${TCL_CPPFLAGS}) fi # Finally, pick up the Tcl configuration if we haven't found an # excuse not to. if test "${with_tcl}" != no; then dnl TCL_LIBS="${TK_LIB_SPEC} ${TK_XLIBSW} ${TCL_LD_SEARCH_FLAGS} ${TCL_LIB_SPEC}" TCL_LIBS="${TCL_LD_SEARCH_FLAGS} ${TCL_LIB_SPEC} ${TCL_LIBS}" fi fi fi AC_SUBST(TCL_DEFS) AC_SUBST(TCL_LIBS) AC_SUBST(TCL_CPPFLAGS) # --- END CMU_TCL --- ]) dnl CMU_TCL cyrus-sasl-2.1.25/cmulocal/libloguse.m40000646000076400007640000000472010414247622014674 00000000000000dnl libloguse.m4--LOGUSE libraries and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: libloguse.m4,v 1.7 2006/02/25 18:26:22 cg2v Exp $ AC_DEFUN([CMU_LOGUSE_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lloguse" AC_TRY_LINK(, [loguse("","","");], [ac_cv_found_loguse_lib=yes], ac_cv_found_loguse_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_LOGUSE_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for loguse library in $i) CMU_LOGUSE_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, loguse) if test "$ac_cv_found_loguse_lib" = "yes" ; then ac_cv_loguse_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(no found) fi done ]) AC_DEFUN([CMU_LOGUSE], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_WITH(loguse, [ --with-loguse=PREFIX Compile with LOGUSE support], [if test "X$with_loguse" = "X"; then with_loguse=yes fi]) if test "X$with_loguse" != "X"; then if test "$with_loguse" != "yes"; then ac_cv_loguse_where_lib=$with_loguse/$CMU_LIB_SUBDIR fi fi if test "X$with_loguse_lib" != "X"; then ac_cv_loguse_where_lib=$with_loguse_lib fi if test "X$ac_cv_loguse_where_lib" = "X"; then CMU_LOGUSE_LIB_WHERE(/usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi AC_MSG_CHECKING(whether to include loguse) if test "X$ac_cv_loguse_where_lib" = "X"; then ac_cv_found_loguse=no AC_MSG_RESULT(no) else ac_cv_found_loguse=yes AC_DEFINE(HAVE_LOGUSE,, [Use libloguse]) AC_MSG_RESULT(yes) LOGUSE_LIB_DIR=$ac_cv_loguse_where_lib LOGUSE_LIB_FLAGS="-L${LOGUSE_LIB_DIR} -lloguse" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LOGUSE_LIB_DIR}" else RPATH="${RPATH}:${LOGUSE_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${LOGUSE_LIB_DIR}" else RPATH="${RPATH}:${LOGUSE_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LOGUSE_LIB_DIR}" else RPATH="${RPATH}:${LOGUSE_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${LOGUSE_LIB_DIR}" else RPATH="${RPATH}:${LOGUSE_LIB_DIR}" fi else RPATH="${RPATH} -R${LOGUSE_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/com_err_link.m40000646000076400007640000001031210414247622015344 00000000000000dnl damnit, i don't want to figure out if I need to build an integral com_err dnl library with the collection, I just want to know where it's installed, dnl so don't bitch, Rob... dnl Derrick Brashear dnl $Id: com_err_link.m4,v 1.9 2006/02/25 18:32:46 cg2v Exp $ AC_DEFUN([CMU_COMERR_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [int foo;], ac_cv_found_com_err_inc=yes, ac_cv_found_com_err_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_COMERR_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for com_err headers in $i) CMU_COMERR_INC_WHERE1($i) CMU_TEST_INCPATH($i, com_err) if test "$ac_cv_found_com_err_inc" = "yes"; then ac_cv_comerr_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) # # Test for lib files # AC_DEFUN([CMU_COMERR_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lcom_err" AC_TRY_LINK(, [com_err();], [ac_cv_found_com_err_lib=yes], ac_cv_found_com_err_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_COMERR_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for com_err libraries in $i) CMU_COMERR_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, com_err) if test "$ac_cv_found_com_err_lib" = "yes" ; then ac_cv_comerr_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_USE_COMERR], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(comerr, [ --with-comerr=PREFIX Compile with com_err support], [if test "X$with_comerr" = "X"; then with_comerr=yes fi]) AC_ARG_WITH(comerr-lib, [ --with-comerr-lib=dir use com_err libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-comerr-lib]) fi]) AC_ARG_WITH(comerr-include, [ --with-comerr-include=dir use com_err headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-comerr-include]) fi]) if test "X$with_comerr" != "X"; then if test "$with_comerr" != "yes"; then ac_cv_comerr_where_lib=$with_comerr/$CMU_LIB_SUBDIR ac_cv_comerr_where_inc=$with_comerr/include fi fi if test "X$with_comerr_lib" != "X"; then ac_cv_comerr_where_lib=$with_comerr_lib fi if test "X$ac_cv_comerr_where_lib" = "X"; then CMU_COMERR_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi if test "X$with_comerr_include" != "X"; then ac_cv_comerr_where_inc=$with_comerr_include fi if test "X$ac_cv_comerr_where_inc" = "X"; then CMU_COMERR_INC_WHERE(/usr/athena/include /usr/local/include) fi AC_MSG_CHECKING(whether to include com_err) if test "X$ac_cv_comerr_where_lib" = "X" -a "X$ac_cv_comerr_where_inc" = "X"; then ac_cv_found_com_err=no AC_MSG_RESULT(no) else ac_cv_found_com_err=yes AC_MSG_RESULT(yes) COMERR_INC_DIR=$ac_cv_comerr_where_inc COMERR_LIB_DIR=$ac_cv_comerr_where_lib test "$COMERR_INC_DIR" && COMERR_INC_FLAGS="-I${COMERR_INC_DIR}" COMERR_LIB_FLAGS="-lcom_err" test "$COMERR_LIB_DIR" && COMERR_LIB_FLAGS="-L${COMERR_LIB_DIR} -lcom_err" dnl Do not force configure.in to put these in CFLAGS and LIBS unconditionally dnl Allow makefile substitutions.... AC_SUBST(COMERR_INC_FLAGS) AC_SUBST(COMERR_LIB_FLAGS) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${COMERR_LIB_DIR}" else RPATH="${RPATH}:${COMERR_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${COMERR_LIB_DIR}" else RPATH="${RPATH}:${COMERR_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${COMERR_LIB_DIR}" else RPATH="${RPATH}:${COMERR_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${COMERR_LIB_DIR}" else RPATH="${RPATH}:${COMERR_LIB_DIR}" fi else RPATH="${RPATH} -R${COMERR_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/afs.m40000666000076400007640000003131610233511377013463 00000000000000dnl afs.m4--AFS libraries, includes, and dependencies dnl $Id: afs.m4,v 1.29 2005/04/26 19:14:07 shadow Exp $ dnl Chaskiel Grundman dnl based on kerberos_v4.m4 dnl Derrick Brashear dnl from KTH krb and Arla AC_DEFUN([CMU_AFS_INC_WHERE1], [ cmu_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$cmu_save_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [#ifndef SYS_NAME choke me #endif int foo;], ac_cv_found_afs_inc=yes, ac_cv_found_afs_inc=no) CPPFLAGS=$cmu_save_CPPFLAGS ]) AC_DEFUN([CMU_AFS_LIB_WHERE1], [ save_LIBS="$LIBS" save_LDFLAGS="$LDFLAGS" LIBS="-lauth $1/afs/util.a $LIB_SOCKET $LIBS" LDFLAGS="-L$1 -L$1/afs $LDFLAGS" dnl suppress caching AC_TRY_LINK([],[afsconf_Open();], ac_cv_found_afs_lib=yes, ac_cv_found_afs_lib=no) LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" ]) AC_DEFUN([CMU_AFS_WHERE], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) for i in $1; do AC_MSG_CHECKING(for AFS in $i) CMU_AFS_INC_WHERE1("$i/include") ac_cv_found_lwp_inc=$ac_cv_found_afs_inc CMU_TEST_INCPATH($i/include, lwp) ac_cv_found_afs_inc=$ac_cv_found_lwp_inc if test "$ac_cv_found_afs_inc" = "yes"; then CMU_AFS_LIB_WHERE1("$i/$CMU_LIB_SUBDIR") if test "$ac_cv_found_afs_lib" = "yes"; then ac_cv_afs_where=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_AFS], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_LIBSSL]) AC_ARG_WITH(AFS, [ --with-afs=PREFIX Compile with AFS support], [if test "X$with_AFS" = "X"; then with_AFS=yes fi]) if test "X$with_AFS" != "X"; then ac_cv_afs_where=$with_AFS fi if test "X$ac_cv_afs_where" = "X"; then CMU_AFS_WHERE(/usr/afsws /usr/local /usr/athena /Library/OpenAFS/Tools) fi AC_MSG_CHECKING(whether to include AFS) if test "X$ac_cv_afs_where" = "Xno" -o "X$ac_cv_afs_where" = "X"; then ac_cv_found_afs=no AC_MSG_RESULT(no) else ac_cv_found_afs=yes AC_MSG_RESULT(yes) AFS_INC_DIR="$ac_cv_afs_where/include" AFS_LIB_DIR="$ac_cv_afs_where/$CMU_LIB_SUBDIR" AFS_TOP_DIR="$ac_cv_afs_where" AFS_INC_FLAGS="-I${AFS_INC_DIR}" AFS_LIB_FLAGS="-L${AFS_LIB_DIR} -L${AFS_LIB_DIR}/afs" cmu_save_LIBS="$LIBS" cmu_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS ${AFS_INC_FLAGS}" cmu_save_LDFLAGS="$LDFLAGS" LDFLAGS="$cmu_save_LDFLAGS ${AFS_LIB_FLAGS}" AC_CHECK_HEADERS(afs/stds.h) AC_MSG_CHECKING([if libdes is needed]) AC_TRY_LINK([],[des_quad_cksum();],AFS_DES_LIB="",AFS_DES_LIB="maybe") if test "X$AFS_DES_LIB" != "X"; then LIBS="$cmu_save_LIBS -ldes" AC_TRY_LINK([], [des_quad_cksum();],AFS_DES_LIB="yes") if test "X$AFS_DES_LIB" = "Xyes"; then AC_MSG_RESULT([yes]) AFS_LIBDES="-ldes" AFS_LIBDESA="${AFS_LIB_DIR}/libdes.a" else LIBS="$cmu_save_LIBS $LIBSSL_LIB_FLAGS" AC_TRY_LINK([], [des_quad_cksum();],AFS_DES_LIB="libcrypto") if test "X$AFS_DES_LIB" = "Xlibcrypto"; then AC_MSG_RESULT([libcrypto]) AFS_LIBDES="$LIBSSL_LIB_FLAGS" AFS_LIBDESA="$LIBSSL_LIB_FLAGS" else LIBS="$cmu_save_LIBS -L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" AC_TRY_LINK([], [des_quad_cksum();],AFS_DES_LIB="libcrypto+descompat") if test "X$AFS_DES_LIB" = "Xlibcrypto+descompat"; then AC_MSG_RESULT([libcrypto+descompat]) AFS_LIBDES="-L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" AFS_LIBDESA="-L$LIBSSL_LIB_DIR -ldescompat $LIBSSL_LIB_FLAGS" else AC_MSG_RESULT([unknown]) AC_MSG_ERROR([Could not use -ldes]) fi fi fi else AC_MSG_RESULT([no]) fi AFS_CLIENT_LIBS_STATIC="${AFS_LIB_DIR}/afs/libvolser.a ${AFS_LIB_DIR}/afs/libvldb.a ${AFS_LIB_DIR}/afs/libkauth.a ${AFS_LIB_DIR}/afs/libprot.a ${AFS_LIB_DIR}/libubik.a ${AFS_LIB_DIR}/afs/libauth.a ${AFS_LIB_DIR}/librxkad.a ${AFS_LIB_DIR}/librx.a ${AFS_LIB_DIR}/afs/libsys.a ${AFS_LIB_DIR}/librx.a ${AFS_LIB_DIR}/liblwp.a ${AFS_LIBDESA} ${AFS_LIB_DIR}/afs/libcmd.a ${AFS_LIB_DIR}/afs/libcom_err.a ${AFS_LIB_DIR}/afs/util.a" AFS_KTC_LIBS_STATIC="${AFS_LIB_DIR}/afs/libauth.a ${AFS_LIB_DIR}/afs/libsys.a ${AFS_LIB_DIR}/librx.a ${AFS_LIB_DIR}/liblwp.a ${AFS_LIBDESA} ${AFS_LIB_DIR}/afs/libcom_err.a ${AFS_LIB_DIR}/afs/util.a" AFS_CLIENT_LIBS="-lvolser -lvldb -lkauth -lprot -lubik -lauth -lrxkad -lrx ${AFS_LIB_DIR}/afs/libsys.a -lrx -llwp ${AFS_LIBDES} -lcmd -lcom_err ${AFS_LIB_DIR}/afs/util.a" AFS_RX_LIBS="-lauth -lrxkad -lrx ${AFS_LIB_DIR}/afs/libsys.a -lrx -llwp ${AFS_LIBDES} -lcmd -lcom_err ${AFS_LIB_DIR}/afs/util.a" AFS_KTC_LIBS="-lauth ${AFS_LIB_DIR}/afs/libsys.a -lrx -llwp ${AFS_LIBDES} -lcom_err ${AFS_LIB_DIR}/afs/util.a" LIBS="$cmu_save_LIBS $AFS_CLIENT_LIBS ${LIB_SOCKET}" AC_CHECK_FUNC(des_pcbc_init) if test "X$ac_cv_func_des_pcbc_init" != "Xyes"; then AC_CHECK_LIB(descompat, des_pcbc_init, AFS_DESCOMPAT_LIB="-ldescompat") if test "X$AFS_DESCOMPAT_LIB" != "X" ; then AFS_CLIENT_LIBS_STATIC="$AFS_CLIENT_LIBS_STATIC $AFS_DESCOMPAT_LIB" AFS_KTC_LIBS_STATIC="$AFS_KTC_LIBS_STATIC $AFS_DESCOMPAT_LIB" AFS_CLIENT_LIBS="$AFS_CLIENT_LIBS $AFS_DESCOMPAT_LIB" AFS_KTC_LIBS="$AFS_KTC_LIBS $AFS_DESCOMPAT_LIB" else AC_MSG_CHECKING([if rxkad needs des_pcbc_init]) AC_TRY_LINK(,[tkt_DecodeTicket();],RXKAD_PROBLEM=no,RXKAD_PROBLEM=maybe) if test "$RXKAD_PROBLEM" = "maybe"; then AC_TRY_LINK([int des_pcbc_init() { return 0;}], [tkt_DecodeTicket();],RXKAD_PROBLEM=yes,RXKAD_PROBLEM=error) if test "$RXKAD_PROBLEM" = "yes"; then AC_MSG_RESULT([yes]) AC_MSG_ERROR([cannot use rxkad]) else AC_MSG_RESULT([unknown]) AC_MSG_ERROR([Unknown error testing rxkad]) fi else AC_MSG_RESULT([no]) fi fi fi LIBS="$cmu_save_LIBS" AC_CHECK_FUNC(flock) LIBS="$cmu_save_LIBS ${AFS_CLIENT_LIBS} ${LIB_SOCKET}" if test "X$ac_cv_func_flock" != "Xyes"; then AC_MSG_CHECKING([if AFS needs flock]) AC_TRY_LINK([#include #ifdef HAVE_AFS_STDS_H #include #endif #include #include #include #include struct ubik_client * cstruct; int sigvec() {return 0;} extern int UV_SetSecurity();], [vsu_ClientInit(1,"","",0, &cstruct,UV_SetSecurity)], AFS_FLOCK=no,AFS_FLOCK=yes) if test $AFS_FLOCK = "no"; then AC_MSG_RESULT([no]) else AC_MSG_RESULT([yes]) LDFLAGS="$LDFLAGS -L/usr/ucblib" AC_CHECK_LIB(ucb, flock,:, [AC_CHECK_LIB(BSD, flock)]) fi fi LIBS="$cmu_save_LIBS" AC_CHECK_FUNC(sigvec) LIBS="$cmu_save_LIBS ${AFS_CLIENT_LIBS} ${LIB_SOCKET}" if test "X$ac_cv_func_sigvec" != "Xyes"; then AC_MSG_CHECKING([if AFS needs sigvec]) AC_TRY_LINK([#include #ifdef HAVE_AFS_STDS_H #include #endif #include #include #include #include struct ubik_client * cstruct; int flock() {return 0;} extern int UV_SetSecurity();], [vsu_ClientInit(1,"","",0, &cstruct,UV_SetSecurity)], AFS_SIGVEC=no,AFS_SIGVEC=yes) if test $AFS_SIGVEC = "no"; then AC_MSG_RESULT([no]) else AC_MSG_RESULT([yes]) LDFLAGS="$LDFLAGS -L/usr/ucblib" AC_CHECK_LIB(ucb, sigvec,:,[AC_CHECK_LIB(BSD, sigvec)]) fi fi if test "$ac_cv_lib_ucb_flock" = "yes" -o "$ac_cv_lib_ucb_sigvec" = "yes"; then AFS_LIB_FLAGS="${AFS_LIB_FLAGS} -L/usr/ucblib -R/usr/ucblib" fi if test "$ac_cv_lib_ucb_flock" = "yes" -o "$ac_cv_lib_ucb_sigvec" = "yes"; then AFS_BSD_LIB="-lucb" elif test "$ac_cv_lib_BSD_flock" = "yes" -o "$ac_cv_lib_BSD_sigvec" = "yes"; then AFS_BSD_LIB="-lBSD" fi if test "X$AFS_BSD_LIB" != "X" ; then AFS_CLIENT_LIBS_STATIC="$AFS_CLIENT_LIBS_STATIC $AFS_BSD_LIB" AFS_KTC_LIBS_STATIC="$AFS_KTC_LIBS_STATIC $AFS_BSD_LIB" AFS_CLIENT_LIBS="$AFS_CLIENT_LIBS $AFS_BSD_LIB" AFS_RX_LIBS="$AFS_CLIENT_LIBS $AFS_BSD_LIB" AFS_KTC_LIBS="$AFS_KTC_LIBS $AFS_BSD_LIB" fi AC_MSG_CHECKING([if libaudit is needed]) AFS_LIBAUDIT="" LIBS="$cmu_save_LIBS $AFS_CLIENT_LIBS ${LIB_SOCKET}" AC_TRY_LINK([#include #ifdef HAVE_AFS_STDS_H #include #endif #include #include ], [afsconf_SuperUser();],AFS_AUDIT_LIB="",AFS_AUDIT_LIB="maybe") if test "X$AFS_AUDIT_LIB" != "X"; then LIBS="$cmu_save_LIBS -lvolser -lvldb -lkauth -lprot -lubik -lauth -laudit -lrxkad -lrx ${AFS_LIB_DIR}/afs/libsys.a -lrx -llwp ${AFS_LIBDES} -lcmd -lcom_err ${AFS_LIB_DIR}/afs/util.a $AFS_BSD_LIB $AFS_DESCOMPAT_LIB $LIB_SOCKET" AC_TRY_LINK([#include #ifdef HAVE_AFS_STDS_H #include #endif #include #include ], [afsconf_SuperUser();],AFS_AUDIT_LIB="yes") if test "X$AFS_AUDIT_LIB" = "Xyes"; then AC_MSG_RESULT([yes]) AFS_LIBAUDIT="-laudit" AFS_CLIENT_LIBS_STATIC="${AFS_LIB_DIR}/afs/libvolser.a ${AFS_LIB_DIR}/afs/libvldb.a ${AFS_LIB_DIR}/afs/libkauth.a ${AFS_LIB_DIR}/afs/libprot.a ${AFS_LIB_DIR}/libubik.a ${AFS_LIB_DIR}/afs/libauth.a ${AFS_LIB_DIR}/afs/libaudit.a ${AFS_LIB_DIR}/librxkad.a ${AFS_LIB_DIR}/librx.a ${AFS_LIB_DIR}/afs/libsys.a ${AFS_LIB_DIR}/librx.a ${AFS_LIB_DIR}/liblwp.a ${AFS_LIBDESA} ${AFS_LIB_DIR}/afs/libcmd.a ${AFS_LIB_DIR}/afs/libcom_err.a ${AFS_LIB_DIR}/afs/util.a" AFS_CLIENT_LIBS="-lvolser -lvldb -lkauth -lprot -lubik -lauth -laudit -lrxkad -lrx ${AFS_LIB_DIR}/afs/libsys.a -lrx -llwp ${AFS_LIBDES} -lcmd -lcom_err ${AFS_LIB_DIR}/afs/util.a $AFS_BSD_LIB $AFS_DESCOMPAT_LIB" AFS_RX_LIBS="-lauth -laudit -lrxkad -lrx ${AFS_LIB_DIR}/afs/libsys.a -lrx -llwp ${AFS_LIBDES} -lcmd -lcom_err ${AFS_LIB_DIR}/afs/util.a $AFS_BSD_LIB $AFS_DESCOMPAT_LIB" else AC_MSG_RESULT([unknown]) AC_MSG_ERROR([Could not use -lauth while testing for -laudit]) fi else AC_MSG_RESULT([no]) fi AC_CHECK_FUNCS(VL_ProbeServer) AC_MSG_CHECKING([if new-style afs_ integer types are defined]) AC_CACHE_VAL(ac_cv_afs_int32, dnl The next few lines contain a quoted argument to egrep dnl It is critical that there be no leading or trailing whitespace dnl or newlines [AC_EGREP_CPP(dnl changequote(<<,>>)dnl <<(^|[^a-zA-Z_0-9])afs_int32[^a-zA-Z_0-9]>>dnl changequote([,]), [#include #ifdef HAVE_AFS_STDS_H #include #endif], ac_cv_afs_int32=yes, ac_cv_afs_int32=no)]) AC_MSG_RESULT($ac_cv_afs_int32) if test $ac_cv_afs_int32 = yes ; then AC_DEFINE(HAVE_AFS_INT32,, [AFS provides new "unambiguous" type names]) else AC_DEFINE(afs_int16, int16, [it's a type definition]) AC_DEFINE(afs_int32, int32, [it's a type definition]) AC_DEFINE(afs_uint16, u_int16, [it's a type definition]) AC_DEFINE(afs_uint32, u_int32, [it's a type definition]) fi CPPFLAGS="${cmu_save_CPPFLAGS}" LDFLAGS="${cmu_save_LDFLAGS}" LIBS="${cmu_save_LIBS}" AC_DEFINE(AFS_ENV,, [Use AFS. (find what needs this and nuke it)]) AC_DEFINE(AFS,, [Use AFS. (find what needs this and nuke it)]) AC_SUBST(AFS_CLIENT_LIBS_STATIC) AC_SUBST(AFS_KTC_LIBS_STATIC) AC_SUBST(AFS_CLIENT_LIBS) AC_SUBST(AFS_RX_LIBS) AC_SUBST(AFS_KTC_LIBS) AC_SUBST(AFS_INC_FLAGS) AC_SUBST(AFS_LIB_FLAGS) AC_SUBST(AFS_TOP_DIR) AC_SUBST(AFS_LIBAUDIT) AC_SUBST(AFS_LIBDES) AC_SUBST(AFS_LIBDESA) fi ]) AC_DEFUN([CMU_NEEDS_AFS], [AC_REQUIRE([CMU_AFS]) if test "$ac_cv_found_afs" != "yes"; then AC_ERROR([Cannot continue without AFS]) fi]) cyrus-sasl-2.1.25/cmulocal/kafs.m40000666000076400007640000001033310233511377013632 00000000000000dnl kerberos_v4.m4--Kafs libraries and includes dnl Derrick Brashear dnl from KTH kafs and Arla dnl $Id: kafs.m4,v 1.7 2005/04/26 19:14:07 shadow Exp $ AC_DEFUN([CMU_KAFS_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([ #include #include #include ], [struct ClearToken foo;], ac_cv_found_kafs_inc=yes, ac_cv_found_kafs_inc=no) if test "$ac_cv_found_kafs_inc" = "no"; then CPPFLAGS="$saved_CPPFLAGS -I$1 -I$1/kerberosIV" AC_TRY_COMPILE([ #include #include #include ], [struct ClearToken foo;], [ac_cv_found_kafs_inc=yes], ac_cv_found_kafs_inc=no) fi CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_KAFS_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for kafs headers in $i) CMU_KAFS_INC_WHERE1($i) CMU_TEST_INCPATH($i, kafs) if test "$ac_cv_found_kafs_inc" = "yes"; then ac_cv_kafs_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_KAFS_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lkafs $KRB_LIB_FLAGS $KRB5_LIB_FLAGS" AC_TRY_LINK(, [krb_afslog();], [ac_cv_found_kafs_lib=yes], ac_cv_found_kafs_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_KAFS_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for kafs libraries in $i) CMU_KAFS_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, kafs) if test "$ac_cv_found_kafs_lib" = "yes" ; then ac_cv_kafs_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_KAFS], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_KRB4]) AC_REQUIRE([CMU_KRB5]) AC_ARG_WITH(kafs, [ --with-kafs=PREFIX Compile with Kafs support], [if test "X$with_kafs" = "X"; then with_kafs=yes fi]) AC_ARG_WITH(kafs-lib, [ --with-kafs-lib=dir use kafs libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-kafs-lib]) fi]) AC_ARG_WITH(kafs-include, [ --with-kafs-include=dir use kafs headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-kafs-include]) fi]) if test "X$with_kafs" != "X"; then if test "$with_kafs" != "yes" -a "$with_kafs" != no; then ac_cv_kafs_where_lib=$with_kafs/$CMU_LIB_SUBDIR ac_cv_kafs_where_inc=$with_kafs/include fi fi if test "$with_kafs" != "no"; then if test "X$with_kafs_lib" != "X"; then ac_cv_kafs_where_lib=$with_kafs_lib fi if test "X$ac_cv_kafs_where_lib" = "X"; then CMU_KAFS_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR) fi if test "X$with_kafs_include" != "X"; then ac_cv_kafs_where_inc=$with_kafs_include fi if test "X$ac_cv_kafs_where_inc" = "X"; then CMU_KAFS_INC_WHERE(/usr/athena/include /usr/include/kerberosIV /usr/local/include /usr/include/kerberos) fi fi AC_MSG_CHECKING(whether to include kafs) if test "X$ac_cv_kafs_where_lib" = "X" -a "X$ac_cv_kafs_where_inc" = "X"; then ac_cv_found_kafs=no AC_MSG_RESULT(no) else ac_cv_found_kafs=yes AC_MSG_RESULT(yes) KAFS_INC_DIR=$ac_cv_kafs_where_inc KAFS_LIB_DIR=$ac_cv_kafs_where_lib KAFS_INC_FLAGS="-I${KAFS_INC_DIR}" KAFS_LIB_FLAGS="-L${KAFS_LIB_DIR} -lkafs" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${KAFS_LIB_DIR}" else RPATH="${RPATH}:${KAFS_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${KAFS_LIB_DIR}" else RPATH="${RPATH}:${KAFS_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${KAFS_LIB_DIR}" else RPATH="${RPATH}:${KAFS_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${KAFS_LIB_DIR}" else RPATH="${RPATH}:${KAFS_LIB_DIR}" fi else RPATH="${RPATH} -R${KAFS_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/.#sasl2.m4.1.530000646000076400007640000003771311204772407014453 00000000000000# sasl2.m4--sasl2 libraries and includes # Rob Siemborski # $Id: sasl2.m4,v 1.53 2008/03/03 22:06:34 wescraig Exp $ # SASL2_CRYPT_CHK # --------------- AC_DEFUN([SASL_GSSAPI_CHK], [AC_REQUIRE([SASL2_CRYPT_CHK]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_ENABLE([gssapi], [AC_HELP_STRING([--enable-gssapi=], [enable GSSAPI authentication [yes]])], [gssapi=$enableval], [gssapi=yes]) AC_ARG_WITH([gss_impl], [AC_HELP_STRING([--with-gss_impl={heimdal|mit|cybersafe|seam|auto}], [choose specific GSSAPI implementation [[auto]]])], [gss_impl=$withval], [gss_impl=auto]) if test "$gssapi" != no; then platform= case "${host}" in *-*-linux*) platform=__linux ;; *-*-hpux*) platform=__hpux ;; *-*-irix*) platform=__irix ;; *-*-solaris2*) # When should we use __sunos? platform=__solaris ;; *-*-aix*) ###_AIX platform=__aix ;; *) AC_WARN([The system type is not recognized. If you believe that CyberSafe GSSAPI works on this platform, please update the configure script]) if test "$gss_impl" = "cybersafe"; then AC_ERROR([CyberSafe was forced, cannot continue as platform is not supported]) fi ;; esac cmu_saved_CPPFLAGS=$CPPFLAGS if test -d ${gssapi}; then CPPFLAGS="$CPPFLAGS -I$gssapi/include" # We want to keep -I in our CPPFLAGS, but only if we succeed cmu_saved_CPPFLAGS=$CPPFLAGS ### I am not sure how useful is this (and whether this is required at all ### especially when we have to provide two -L flags for new CyberSafe LDFLAGS="$LDFLAGS -L$gssapi/lib" if test -n "$platform"; then if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi fi fi fi AC_CHECK_HEADER([gssapi.h],, [AC_CHECK_HEADER([gssapi/gssapi.h],, [AC_WARN([Disabling GSSAPI - no include files found]); gssapi=no])]) CPPFLAGS=$cmu_saved_CPPFLAGS fi if test "$gssapi" != no; then if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then AC_DEFINE(HAVE_GSSAPI_H,,[Define if you have the gssapi.h header file]) fi # We need to find out which gssapi implementation we are # using. Supported alternatives are: MIT Kerberos 5, # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), # CyberSafe Kerberos 5 (http://www.cybersafe.com/) # and Sun SEAM (http://wwws.sun.com/software/security/kerberos/) # # The choice is reflected in GSSAPIBASE_LIBS AC_CHECK_LIB(resolv,res_search) if test -d ${gssapi}; then gssapi_dir="${gssapi}/lib" GSSAPIBASE_LIBS="-L$gssapi_dir" GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" else # FIXME: This is only used for building cyrus, and then only as # a real hack. it needs to be fixed. gssapi_dir="/usr/local/lib" fi # Check a full link against the Heimdal libraries. # If this fails, check a full link against the MIT libraries. # If this fails, check a full link against the CyberSafe libraries. # If this fails, check a full link against the Solaris 8 and up libgss. if test "$gss_impl" = "auto" -o "$gss_impl" = "heimdal"; then gss_failed=0 AC_CHECK_LIB(gssapi,gss_unwrap,gss_impl="heimdal",gss_failed=1, ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET}) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then # check for libkrb5support first AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) gss_failed=0 AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi # For Cybersafe one has to set a platform define in order to make compilation work if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_GSSAPIBASE_LIBS=$GSSAPIBASE_LIBS # FIXME - Note that the libraries are in .../lib64 for 64bit kernels if test -d "${gssapi}/appsec-rt/lib"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -L${gssapi}/appsec-rt/lib" fi CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi gss_failed=0 # Check for CyberSafe with two libraries first, than fall back to a single # library (older CyberSafe) unset ac_cv_lib_gss_csf_gss_acq_user AC_CHECK_LIB(gss,csf_gss_acq_user,gss_impl="cybersafe03", [unset ac_cv_lib_gss_csf_gss_acq_user; AC_CHECK_LIB(gss,csf_gss_acq_user,gss_impl="cybersafe", gss_failed=1,$GSSAPIBASE_LIBS -lgss)], [${GSSAPIBASE_LIBS} -lgss -lcstbk5]) if test "$gss_failed" = "1"; then # Restore variables GSSAPIBASE_LIBS=$cmu_saved_GSSAPIBASE_LIBS CPPFLAGS=$cmu_saved_CPPFLAGS if test "$gss_impl" != "auto"; then gss_impl="failed" fi fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "seam"; then gss_failed=0 AC_CHECK_LIB(gss,gss_unwrap,gss_impl="seam",gss_failed=1,-lgss) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "mit"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP}" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}" elif test "$gss_impl" = "heimdal"; then CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" elif test "$gss_impl" = "cybersafe03"; then # Version of CyberSafe with two libraries CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss -lcstbk5" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "seam"; then GSSAPIBASE_LIBS=-lgss # there is no static libgss on Solaris 8 and up GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "failed"; then gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= AC_WARN([Disabling GSSAPI - specified library not found]) else gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= AC_WARN([Disabling GSSAPI - no library]) fi fi # # Cybersafe defines both GSS_C_NT_HOSTBASED_SERVICE and GSS_C_NT_USER_NAME # in gssapi\rfckrb5.h # if test "$gssapi" != "no"; then if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then AC_EGREP_CPP(hostbased_service_gss_nt_yes, [#include #ifdef GSS_C_NT_HOSTBASED_SERVICE hostbased_service_gss_nt_yes #endif], [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])], [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) elif test "$ac_cv_header_gssapi_gssapi_h"; then AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi/gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])]) fi if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then AC_EGREP_CPP(user_name_yes_gss_nt, [#include #ifdef GSS_C_NT_USER_NAME user_name_yes_gss_nt #endif], [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implimentation defines GSS_C_NT_USER_NAME])], [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER(GSS_C_NT_USER_NAME, gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implimentation defines GSS_C_NT_USER_NAME])]) elif test "$ac_cv_header_gssapi_gssapi_h"; then AC_EGREP_HEADER(GSS_C_NT_USER_NAME, gssapi/gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implimentation defines GSS_C_NT_USER_NAME])]) fi fi GSSAPI_LIBS="" AC_MSG_CHECKING([GSSAPI]) if test "$gssapi" != no; then AC_MSG_RESULT([with implementation ${gss_impl}]) AC_CHECK_LIB(resolv,res_search,GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv") SASL_MECHS="$SASL_MECHS libgssapiv2.la" SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" cmu_save_LIBS="$LIBS" LIBS="$LIBS $GSSAPIBASE_LIBS" AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) LIBS="$cmu_save_LIBS" else AC_MSG_RESULT([disabled]) fi AC_SUBST(GSSAPI_LIBS) AC_SUBST(GSSAPIBASE_LIBS) ])# SASL_GSSAPI_CHK # SASL_SET_GSSAPI_LIBS # -------------------- AC_DEFUN([SASL_SET_GSSAPI_LIBS], [SASL_GSSAPI_LIBS_SET="yes" ]) # CMU_SASL2 # --------- # What we want to do here is setup LIB_SASL with what one would # generally want to have (e.g. if static is requested, make it that, # otherwise make it dynamic. # # We also want to create LIB_DYN_SASL and DYNSASLFLAGS. # # Also sets using_static_sasl to "no" "static" or "staticonly" # AC_DEFUN([CMU_SASL2], [AC_REQUIRE([SASL_GSSAPI_CHK]) AC_ARG_WITH(sasl, [AC_HELP_STRING([--with-sasl=DIR],[Compile with libsasl2 in ])], with_sasl="$withval", with_sasl="yes") AC_ARG_WITH(staticsasl, [AC_HELP_STRING([--with-staticsasl=DIR], [Compile with staticly linked libsasl2 in ])], [with_staticsasl="$withval"; if test $with_staticsasl != "no"; then using_static_sasl="static" fi], [with_staticsasl="no"; using_static_sasl="no"]) SASLFLAGS="" LIB_SASL="" cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_LDFLAGS=$LDFLAGS cmu_saved_LIBS=$LIBS if test ${with_staticsasl} != "no"; then if test -d ${with_staticsasl}; then if test -d ${with_staticsasl}/lib64 ; then ac_cv_sasl_where_lib=${with_staticsasl}/lib64 else ac_cv_sasl_where_lib=${with_staticsasl}/lib fi ac_cv_sasl_where_lib=${with_staticsasl}/lib ac_cv_sasl_where_inc=${with_staticsasl}/include SASLFLAGS="-I$ac_cv_sasl_where_inc" LIB_SASL="-L$ac_cv_sasl_where_lib" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" else with_staticsasl="/usr" fi AC_CHECK_HEADER(sasl/sasl.h, [AC_CHECK_HEADER(sasl/saslutil.h, [for i42 in lib64 lib; do if test -r ${with_staticsasl}/$i42/libsasl2.a; then ac_cv_found_sasl=yes AC_MSG_CHECKING([for static libsasl]) LIB_SASL="$LIB_SASL ${with_staticsasl}/$i42/libsasl2.a" fi done if test ! "$ac_cv_found_sasl" = "yes"; then AC_MSG_CHECKING([for static libsasl]) AC_ERROR([Could not find ${with_staticsasl}/lib*/libsasl2.a]) fi])]) AC_MSG_RESULT([found]) if test "x$SASL_GSSAPI_LIBS_SET" = "x"; then LIB_SASL="$LIB_SASL $GSSAPIBASE_STATIC_LIBS" else SASL_GSSAPI_LIBS_SET="" cmu_saved_LIBS="$GSSAPIBASE_STATIC_LIBS $cmu_saved_LIBS" fi fi if test -d ${with_sasl}; then ac_cv_sasl_where_lib=${with_sasl}/lib ac_cv_sasl_where_inc=${with_sasl}/include DYNSASLFLAGS="-I$ac_cv_sasl_where_inc" if test "$ac_cv_sasl_where_lib" != ""; then CMU_ADD_LIBPATH_TO($ac_cv_sasl_where_lib, LIB_DYN_SASL) fi LIB_DYN_SASL="$LIB_DYN_SASL -lsasl2" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" fi # be sure to check for a SASLv2 specific function AC_CHECK_HEADER(sasl/sasl.h, [AC_CHECK_HEADER(sasl/saslutil.h, [AC_CHECK_LIB(sasl2, prop_get, ac_cv_found_sasl=yes, ac_cv_found_sasl=no)], ac_cv_found_sasl=no)], ac_cv_found_sasl=no) if test "$ac_cv_found_sasl" = "yes"; then if test "$ac_cv_sasl_where_lib" != ""; then CMU_ADD_LIBPATH_TO($ac_cv_sasl_where_lib, DYNLIB_SASL) fi DYNLIB_SASL="$DYNLIB_SASL -lsasl2" if test "$using_static_sasl" != "static"; then LIB_SASL=$DYNLIB_SASL SASLFLAGS=$DYNSASLFLAGS fi else DYNLIB_SASL="" DYNSASLFLAGS="" using_static_sasl="staticonly" fi if test "x$SASL_GSSAPI_LIBS_SET" != "x"; then SASL_GSSAPI_LIBS_SET="" cmu_saved_LIBS="$GSSAPIBASE_LIBS $cmu_saved_LIBS" fi LIBS="$cmu_saved_LIBS" LDFLAGS="$cmu_saved_LDFLAGS" CPPFLAGS="$cmu_saved_CPPFLAGS" AC_SUBST(LIB_DYN_SASL) AC_SUBST(DYNSASLFLAGS) AC_SUBST(LIB_SASL) AC_SUBST(SASLFLAGS) ])# CMU_SASL2 # CMU_SASL2_REQUIRED # ------------------ AC_DEFUN([CMU_SASL2_REQUIRED], [AC_REQUIRE([CMU_SASL2]) if test "$ac_cv_found_sasl" != "yes"; then AC_ERROR([Cannot continue without libsasl2. Get it from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.]) fi]) # CMU_SASL2_REQUIRE_VER # --------------------- AC_DEFUN([CMU_SASL2_REQUIRE_VER], [AC_REQUIRE([CMU_SASL2_REQUIRED]) cmu_saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $SASLFLAGS" AC_TRY_CPP([ #include #ifndef SASL_VERSION_MAJOR #error SASL_VERSION_MAJOR not defined #endif #ifndef SASL_VERSION_MINOR #error SASL_VERSION_MINOR not defined #endif #ifndef SASL_VERSION_STEP #error SASL_VERSION_STEP not defined #endif #if SASL_VERSION_MAJOR < $1 || SASL_VERSION_MINOR < $2 || SASL_VERSION_STEP < $3 #error SASL version is less than $1.$2.$3 #endif ],, [AC_ERROR([Incorrect SASL headers found. This package requires SASL $1.$2.$3 or newer.])]) CPPFLAGS=$cmu_saved_CPPFLAGS ])# CMU_SASL2_REQUIRE_VER # CMU_SASL2_CHECKAPOP_REQUIRED # ---------------------------- AC_DEFUN([CMU_SASL2_CHECKAPOP_REQUIRED], [AC_REQUIRE([CMU_SASL2_REQUIRED]) cmu_saved_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_SASL" AC_CHECK_LIB(sasl2, sasl_checkapop, [AC_DEFINE(HAVE_APOP,[],[Does SASL support APOP?])], [AC_MSG_ERROR([libsasl2 without working sasl_checkapop. Cannot continue.])]) LDFLAGS=$cmu_saved_LDFLAGS ])# CMU_SASL2_CHECKAPOP_REQUIRED # SASL2_CRYPT_CHK # --------------- AC_DEFUN([SASL2_CRYPT_CHK], [AC_CHECK_FUNC(crypt, cmu_have_crypt=yes, [AC_CHECK_LIB(crypt, crypt, LIB_CRYPT="-lcrypt"; cmu_have_crypt=yes, cmu_have_crypt=no)]) AC_SUBST(LIB_CRYPT) ])# SASL2_CRYPT_CHK cyrus-sasl-2.1.25/cmulocal/clamav.m40000666000076400007640000000167410245753363014167 00000000000000dnl dnl macros for configure.in to detect clamav library dnl $Id: clamav.m4,v 1.2 2005/05/28 02:26:59 shadow Exp $ dnl AC_DEFUN([CMU_CLAMAV], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(clamav,[ --with-clamav=PATH use ClamAV - PATH to clamav-config (yes)], with_clamav=$withval, with_clamav=yes) have_clamav=no if test "$with_clamav" != no; then if test -d $with_clamav; then clamav_path=${with_clamav}:${with_clamav}/bin else clamav_path=/usr/local/bin:/usr/bin:$PATH fi AC_PATH_PROG(CLAMAV_CONFIG,clamav-config,,[$clamav_path]) if test -x "$CLAMAV_CONFIG"; then LIB_CLAMAV="`$CLAMAV_CONFIG --libs` -lclamav" CFLAGS_CLAMAV=`$CLAMAV_CONFIG --cflags` if test -n "$LIB_CLAMAV"; then have_clamav=yes test -n "$CFLAGS_CLAMAV" && CPPFLAGS="$CPPFLAGS $CFLAGS_CLAMAV" AC_DEFINE(HAVE_CLAMAV,[],[Do we have ClamAV?]) AC_SUBST(LIB_CLAMAV) fi fi fi AC_MSG_CHECKING(ClamAV support) AC_MSG_RESULT($have_clamav) ]) cyrus-sasl-2.1.25/cmulocal/zephyr.m40000666000076400007640000001135510233511400014217 00000000000000dnl zephyr.m4--Zephyr libraries and includes dnl based on kafs.m4, by dnl Derrick Brashear dnl from KTH kafs and Arla dnl $Id: zephyr.m4,v 1.2 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_ZEPHYR_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE( [#include ], [ZNotice_t foo;], ac_cv_found_zephyr_inc=yes, ac_cv_found_zephyr_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_ZEPHYR_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for zephyr headers in $i) CMU_ZEPHYR_INC_WHERE1($i) CMU_TEST_INCPATH($i, zephyr/zephyr) if test "$ac_cv_found_zephyr_inc" = "yes"; then ac_cv_zephyr_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_ZEPHYR_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lzephyr $KRB_LIB_FLAGS" AC_TRY_LINK(, [ZInitialize();], [ac_cv_found_zephyr_lib=yes], ac_cv_found_zephyr_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_ZEPHYR_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for zephyr libraries in $i) CMU_ZEPHYR_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, zephyr) if test "$ac_cv_found_zephyr_lib" = "yes" ; then ac_cv_zephyr_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_ZEPHYR], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_KRB4]) AC_ARG_WITH(zephyr, [ --with-zephyr=PREFIX Compile with Zephyr support], [if test "X$with_zephyr" = "X"; then with_zephyr=yes fi]) AC_ARG_WITH(zephyr-lib, [ --with-zephyr-lib=dir use zephyr libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-zephyr-lib]) fi]) AC_ARG_WITH(zephyr-include, [ --with-zephyr-include=dir use zephyr headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-zephyr-include]) fi]) if test "X$with_zephyr" != "X"; then if test "$with_zephyr" != "yes" -a "$with_zephyr" != no; then ac_cv_zephyr_where_lib=$with_zephyr/$CMU_LIB_SUBDIR ac_cv_zephyr_where_inc=$with_zephyr/include fi fi if test "$with_zephyr" != "no"; then if test "X$with_zephyr_lib" != "X"; then ac_cv_zephyr_where_lib=$with_zephyr_lib fi if test "X$ac_cv_zephyr_where_lib" = "X"; then CMU_ZEPHYR_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR) fi if test "X$with_zephyr_include" != "X"; then ac_cv_zephyr_where_inc=$with_zephyr_include fi if test "X$ac_cv_zephyr_where_inc" = "X"; then CMU_ZEPHYR_INC_WHERE(/usr/athena/include /usr/local/include /usr/include) fi fi AC_MSG_CHECKING(whether to include zephyr) if test "X$ac_cv_zephyr_where_lib" = "X" -a "X$ac_cv_zephyr_where_inc" = "X"; then ac_cv_found_zephyr=no AC_MSG_RESULT(no) else ac_cv_found_zephyr=yes AC_MSG_RESULT(yes) ZEPHYR_INC_DIR=$ac_cv_zephyr_where_inc ZEPHYR_LIB_DIR=$ac_cv_zephyr_where_lib ZEPHYR_INC_FLAGS="-I${ZEPHYR_INC_DIR}" ZEPHYR_LIB_FLAGS="-L${ZEPHYR_LIB_DIR} -lzephyr" AC_SUBST(ZEPHYT_INC_FLAGS) AC_SUBST(ZEPHYR_LIB_FLAGS) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${ZEPHYR_LIB_DIR}" else RPATH="${RPATH}:${ZEPHYR_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${ZEPHYR_LIB_DIR}" else RPATH="${RPATH}:${ZEPHYR_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${ZEPHYR_LIB_DIR}" else RPATH="${RPATH}:${ZEPHYR_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${ZEPHYR_LIB_DIR}" else RPATH="${RPATH}:${ZEPHYR_LIB_DIR}" fi else RPATH="${RPATH} -R${ZEPHYR_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/.#openssl.m4.1.110000646000076400007640000000234110746221001015056 00000000000000dnl dnl macros for configure.in to detect openssl dnl $Id: openssl.m4,v 1.11 2006/05/17 18:30:19 murch Exp $ dnl AC_DEFUN([CMU_HAVE_OPENSSL], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(openssl,[ --with-openssl=PATH use OpenSSL from PATH], with_openssl=$withval, with_openssl="yes") save_CPPFLAGS=$CPPFLAGS save_LDFLAGS=$LDFLAGS if test -d $with_openssl; then CPPFLAGS="${CPPFLAGS} -I${with_openssl}/include" CMU_ADD_LIBPATH(${with_openssl}/$CMU_LIB_SUBDIR) fi case "$with_openssl" in no) with_openssl="no";; *) dnl if openssl has been compiled with the rsaref2 libraries, dnl we need to include the rsaref libraries in the crypto check LIB_RSAREF="" AC_CHECK_LIB(rsaref, RSAPublicEncrypt, cmu_have_rsaref=yes; [AC_CHECK_LIB(RSAglue, RSAPublicEncrypt, LIB_RSAREF="-lRSAglue -lrsaref", LIB_RSAREF="-lrsaref")], cmu_have_rsaref=no) AC_CHECK_HEADER(openssl/evp.h, [ AC_CHECK_LIB(crypto, EVP_DigestInit, with_openssl="yes", with_openssl="no", $LIB_RSAREF $LIB_SOCKET)], with_openssl=no) ;; esac if test "$with_openssl" != "no"; then AC_DEFINE(HAVE_OPENSSL,[],[Do we have OpenSSL?]) else CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS fi ]) cyrus-sasl-2.1.25/cmulocal/com_err.m40000666000076400007640000000157307741072414014346 00000000000000dnl com_err.m4--com_err detection macro dnl Rob Earhart dnl $Id: com_err.m4,v 1.6 2003/10/08 20:35:24 rjs3 Exp $ AC_DEFUN([CMU_COMERR], [ cmu_need_compile_et=no AC_CHECK_PROGS(COMPILE_ET, compile_et, no) if test "$COMPILE_ET" = no; then COMPILE_ET="\$(top_builddir)/com_err/compile_et" cmu_need_to_compile_com_err=yes fi AC_CHECK_HEADER(com_err.h,,CPPFLAGS="$CPPFLAGS -I\$(top_srcdir)/com_err") cmu_save_LIBS="$LIBS" AC_CHECK_LIB(com_err, com_err, LIB_COMERR="-lcom_err", LDFLAGS="$LDFLAGS -L`pwd`/com_err" LIB_COMERR="\$(top_builddir)/com_err/libcom_err.la" cmu_need_to_compile_com_err=yes) AC_SUBST(LIB_COMERR) LIBS="$cmu_save_LIBS" AC_MSG_CHECKING(whether we need to compile com_err) if test "$cmu_need_to_compile_com_err" = yes; then AC_MSG_RESULT(yes) AC_CONFIG_SUBDIRS(com_err) else AC_MSG_RESULT(no) fi ]) cyrus-sasl-2.1.25/cmulocal/README.andrew0000666000076400007640000000572510014167216014610 00000000000000This is a collection of autoconf macros which've been written by various people at CMU. To use it, use "aclocal -I cmulocal" (after the first time, automake should automatically use the -I cmulocal, if you've called CMU_INIT_AUTOMAKE in configure.in). CMU_INIT_AUTOMAKE If you use automake, you should call this after AM_INIT_AUTOMAKE. It adds "-I cmulocal" to the aclocal command line, so that when automake runs aclocal, aclocal'll continue to pick up these macros. CMU_ADD_LIBPATH Add -L(arg), and possibly -R(arg) (or whatever the runpath is) to LDFLAGS. CMU_ADD_LIBPATH_TO Likewise to above, except adds it to the specified variable (arg 2). CMU_GUESS_RUNPATH_SWITCH Attempts to guess what the runpath switch is (-R or whatever). CMU_COMERR Requires that com_err exist in the collection (at CMU, do this by running "cvs checkout com_err", and adding com_err to DIST_SUBDIRS in your Makefile.am). It sets the output variable COMPILE_ET to the compile_et program to use, and adds the appropriate paths to LDFLAGS and CPPFLAGS. It does *not* add -lcom_err to LIBS (this would cause later library checks to fail if com_err needs to be built), so Makefiles need to explicitly add -lcom_err (which, after all, should always exist as long as the com_err compile doesn't blow up). Makefiles should do this by using LIB_COMERR, which will substitute to the appropriate magic to use to grab the library. (This may involve a libtool archive; you should be using libtool to link your program if you distribute libraries with it that the program may link against). Note that com_err will only be compiled if the configure script can't find compile_et or libcom_err; if the system already has them, the configure script will use the system installation (although, due to some autoconf wonkiness, com_err will still be configured; it just won't show up in the @subdirs@ expansion). CMU_NANA Adds --with-nana, set by default; if set, attempts to link against libnana. If not set, or if libnana is unavailable, or if we're not using gcc, it defines WITHOUT_NANA. CMU_PROG_LIBTOOL Just like AM_PROG_LIBTOOL, except it performs a couple little hacks to make sure that things don't break on picky vendor compilers which whine about empty translation units. [DEPRECATED - DO NOT USE] CMU_PTHREADS This attempts to link against libpthread (failing if it can't be found), and attempts to do any system-specific setup required for thread support (for example, most things want _REENTRANT to be defined, but Solaris wants _POSIX_PTHREAD_SEMANTICS and __EXTENSIONS__, IRIX wants to see _SGI_REENTRANT_FUNCTIONS, etc). CMU_SASL This tries to find a SASL library, and calls AC_SUBST on LIB_SASL if it finds one, or tells the user to go ftp it if it doesn't exist. Provides --with-sasldir. CMU_KRB4 This attempts to find Kerberos 4 libraries and set up CFLAGS and LIBS appropriately. It also updates and substitutes RPATH for shared library stuff. cyrus-sasl-2.1.25/cmulocal/libXau.m40000666000076400007640000000713610233511400014124 00000000000000dnl $Id: libXau.m4,v 1.5 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_XAU_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([ #include ], [Xauth foo;], ac_cv_found_Xau_inc=yes, ac_cv_found_Xau_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_XAU_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for Xau headers in $i) CMU_XAU_INC_WHERE1($i) CMU_TEST_INCPATH($i, X11/Xauth) if test "$ac_cv_found_Xau_inc" = "yes"; then ac_cv_Xau_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_XAU_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lXau $LIB_SOCKET" AC_TRY_LINK(, [XauDisposeAuth();], [ac_cv_found_Xau_lib=yes], ac_cv_found_Xau_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_XAU_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for Xau libraries in $i) CMU_XAU_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, Xau) if test "$ac_cv_found_Xau_lib" = "yes" ; then ac_cv_Xau_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_XAU], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_WITH(Xau, [ --with-Xau=PREFIX Compile with Xau support], [if test "X$with_Xau" = "X"; then with_Xau=yes fi]) AC_ARG_WITH(Xau-lib, [ --with-Xau-lib=dir use Xau libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-Xau-lib]) fi]) AC_ARG_WITH(Xau-include, [ --with-Xau-include=dir use Xau headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-Xau-include]) fi]) if test "X$with_Xau" != "X"; then if test "$with_Xau" != "yes"; then ac_cv_Xau_where_lib=$with_Xau/$CMU_LIB_SUBDIR ac_cv_Xau_where_inc=$with_Xau/include fi fi if test "X$with_Xau_lib" != "X"; then ac_cv_Xau_where_lib=$with_Xau_lib fi if test "X$ac_cv_Xau_where_lib" = "X"; then CMU_XAU_LIB_WHERE(/usr/X11R6/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR /usr/openwin/$CMU_LIB_SUBDIR) fi if test "X$with_Xau_include" != "X"; then ac_cv_Xau_where_inc=$with_Xau_include fi if test "X$ac_cv_Xau_where_inc" = "X"; then CMU_XAU_INC_WHERE(/usr/X11R6/include /usr/local/include /usr/openwin/include) fi AC_MSG_CHECKING(whether to include Xau) if test "X$ac_cv_Xau_where_lib" = "X" -a "X$ac_cv_Xau_where_inc" = "X"; then ac_cv_found_Xau=no AC_MSG_RESULT(no) else ac_cv_found_Xau=yes AC_MSG_RESULT(yes) XAU_INC_DIR=$ac_cv_Xau_where_inc XAU_LIB_DIR=$ac_cv_Xau_where_lib XAU_INC_FLAGS="-I${XAU_INC_DIR}" XAU_LIB_FLAGS="-L${XAU_LIB_DIR} -lXau" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${XAU_LIB_DIR}" else RPATH="${RPATH}:${XAU_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${XAU_LIB_DIR}" else RPATH="${RPATH}:${XAU_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${XAU_LIB_DIR}" else RPATH="${RPATH}:${XAU_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${XAU_LIB_DIR}" else RPATH="${RPATH}:${XAU_LIB_DIR}" fi else RPATH="${RPATH} -R${XAU_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/ucdsnmp.m40000646000076400007640000000415311326340101014345 00000000000000dnl look for the (ucd|net)snmp libraries dnl $Id: ucdsnmp.m4,v 1.13 2010/01/06 17:01:28 murch Exp $ AC_DEFUN([CMU_UCDSNMP], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_WITH(snmp, [ --with-snmp=DIR use ucd|net snmp (rooted in DIR) [yes] ], with_snmp=$withval, with_snmp=yes) dnl dnl Maintain backwards compatibility with old --with-ucdsnmp option dnl AC_ARG_WITH(ucdsnmp,, with_snmp=$withval,) if test "$with_snmp" != "no"; then dnl dnl Try net-snmp first dnl if test "$with_snmp" = "yes"; then AC_PATH_PROG(SNMP_CONFIG,net-snmp-config,,[/usr/local/bin:$PATH]) else SNMP_CONFIG="$with_snmp/bin/net-snmp-config" fi if test -x "$SNMP_CONFIG"; then AC_MSG_CHECKING(NET SNMP libraries) SNMP_LIBS=`$SNMP_CONFIG --agent-libs` SNMP_PREFIX=`$SNMP_CONFIG --prefix` if test -n "$SNMP_LIBS" && test -n "$SNMP_PREFIX"; then CPPFLAGS="$CPPFLAGS -I${SNMP_PREFIX}/include" LIB_UCDSNMP=$SNMP_LIBS AC_DEFINE(HAVE_NETSNMP,1,[Do we have Net-SNMP support?]) AC_SUBST(LIB_UCDSNMP) AC_MSG_RESULT(yes) AC_CHECK_HEADERS(net-snmp/agent/agent_module_config.h,,) else AC_MSG_RESULT(no) AC_MSG_WARN([Could not find the required paths. Please check your net-snmp installation.]) fi else dnl dnl Try ucd-snmp if net-snmp test failed dnl if test "$with_snmp" != no; then if test -d "$with_snmp"; then CPPFLAGS="$CPPFLAGS -I${with_snmp}/include" LDFLAGS="$LDFLAGS -L${with_snmp}/$CMU_LIB_SUBDIR" fi cmu_save_LIBS="$LIBS" AC_CHECK_LIB(snmp, sprint_objid, [ AC_CHECK_HEADER(ucd-snmp/version.h,, with_snmp=no)], with_snmp=no, ${LIB_SOCKET}) LIBS="$cmu_save_LIBS" fi AC_MSG_CHECKING(UCD SNMP libraries) AC_MSG_RESULT($with_snmp) LIB_UCDSNMP="" if test "$with_snmp" != no; then AC_DEFINE(HAVE_UCDSNMP,1,[Do we have UCD-SNMP support?]) LIB_UCDSNMP="-lucdagent -lucdmibs -lsnmp" AC_CHECK_LIB(rpm, rpmdbOpen, LIB_UCDSNMP="${LIB_UCDSNMP} -lrpm -lpopt",,-lpopt) fi AC_SUBST(LIB_UCDSNMP) fi fi ]) cyrus-sasl-2.1.25/cmulocal/libssl.m40000666000076400007640000001007410233511400014163 00000000000000dnl libssl.m4--Ssl libraries and includes dnl Derrick Brashear dnl from KTH kafs and Arla dnl $Id: libssl.m4,v 1.10 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_LIBSSL_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" CMU_CHECK_HEADER_NOCACHE(openssl/ssl.h, ac_cv_found_libssl_inc=yes, ac_cv_found_libssl_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_LIBSSL_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libssl headers in $i) CMU_LIBSSL_INC_WHERE1($i) CMU_TEST_INCPATH($i, ssl) if test "$ac_cv_found_libssl_inc" = "yes"; then ac_cv_libssl_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBSSL_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lssl -lcrypto $LIB_SOCKET" AC_TRY_LINK(, [SSL_write();], [ac_cv_found_ssl_lib=yes], ac_cv_found_ssl_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_LIBSSL_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libssl libraries in $i) CMU_LIBSSL_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, ssl) if test "$ac_cv_found_ssl_lib" = "yes" ; then ac_cv_libssl_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBSSL], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_WITH(libssl, [ --with-libssl=PREFIX Compile with Libssl support], [if test "X$with_libssl" = "X"; then with_libssl=yes fi]) AC_ARG_WITH(libssl-lib, [ --with-libssl-lib=dir use libssl libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libssl-lib]) fi]) AC_ARG_WITH(libssl-include, [ --with-libssl-include=dir use libssl headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libssl-include]) fi]) if test "X$with_libssl" != "X"; then if test "$with_libssl" != "yes" -a "$with_libssl" != no; then ac_cv_libssl_where_lib=$with_libssl/$CMU_LIB_SUBDIR ac_cv_libssl_where_inc=$with_libssl/include fi fi if test "$with_libssl" != "no"; then if test "X$with_libssl_lib" != "X"; then ac_cv_libssl_where_lib=$with_libssl_lib fi if test "X$ac_cv_libssl_where_lib" = "X"; then CMU_LIBSSL_LIB_WHERE(/usr/local/$CMU_LIB_SUBDIR/openssl /usr/$CMU_LIB_SUBDIR/openssl /usr/local/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR) fi if test "X$with_libssl_include" != "X"; then ac_cv_libssl_where_inc=$with_libssl_include fi if test "X$ac_cv_libssl_where_inc" = "X"; then CMU_LIBSSL_INC_WHERE(/usr/local/include /usr/include) fi fi AC_MSG_CHECKING(whether to include libssl) if test "X$ac_cv_libssl_where_lib" = "X" -a "X$ac_cv_libssl_where_inc" = "X"; then ac_cv_found_libssl=no AC_MSG_RESULT(no) else ac_cv_found_libssl=yes AC_MSG_RESULT(yes) LIBSSL_INC_DIR=$ac_cv_libssl_where_inc LIBSSL_LIB_DIR=$ac_cv_libssl_where_lib LIBSSL_INC_FLAGS="-I${LIBSSL_INC_DIR}" LIBSSL_LIB_FLAGS="-L${LIBSSL_LIB_DIR} -lssl -lcrypto" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBSSL_LIB_DIR}" else RPATH="${RPATH}:${LIBSSL_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${LIBSSL_LIB_DIR}" else RPATH="${RPATH}:${LIBSSL_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBSSL_LIB_DIR}" else RPATH="${RPATH}:${LIBSSL_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${LIBSSL_LIB_DIR}" else RPATH="${RPATH}:${LIBSSL_LIB_DIR}" fi else RPATH="${RPATH} -R${LIBSSL_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi AC_SUBST(LIBSSL_INC_DIR) AC_SUBST(LIBSSL_LIB_DIR) AC_SUBST(LIBSSL_INC_FLAGS) AC_SUBST(LIBSSL_LIB_FLAGS) ]) cyrus-sasl-2.1.25/cmulocal/openssl.m4.libsocket.diff0000666000076400007640000000106511175366402017263 00000000000000? openssl.m4.libsocket.diff Index: openssl.m4 =================================================================== RCS file: /afs/andrew/system/cvs/src/cmulocal/openssl.m4,v retrieving revision 1.11 diff -u -r1.11 openssl.m4 --- openssl.m4 17 May 2006 18:30:19 -0000 1.11 +++ openssl.m4 27 Apr 2009 17:36:01 -0000 @@ -33,7 +33,8 @@ AC_CHECK_HEADER(openssl/evp.h, [ AC_CHECK_LIB(crypto, EVP_DigestInit, with_openssl="yes", - with_openssl="no", $LIB_RSAREF)], + with_openssl="no", + $LIB_RSAREF $LIB_SOCKET)], with_openssl=no) ;; esac cyrus-sasl-2.1.25/cmulocal/libnet.m40000666000076400007640000001201210233511400014142 00000000000000dnl libnet.m4--libnet and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: libnet.m4,v 1.8 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_LIBNET_CFG_WHERE1], [ ac_cv_found_libnet_bin=no if test -f "$1/libnet-config" ; then ac_cv_found_libnet_cfg=yes fi ]) AC_DEFUN([CMU_LIBNET_CFG_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libnet config in $i) CMU_LIBNET_CFG_WHERE1($i) if test "$ac_cv_found_libnet_cfg" = "yes"; then ac_cv_libnet_where_cfg=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBNET_INC_WHERE1], [ ac_cv_found_libnet_inc=no if test -f "$1/libnet.h" ; then ac_cv_found_libnet_inc=yes fi ]) AC_DEFUN([CMU_LIBNET_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libnet header in $i) CMU_LIBNET_INC_WHERE1($i) if test "$ac_cv_found_libnet_inc" = "yes"; then ac_cv_libnet_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBNET_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lnet" AC_TRY_LINK(, [open_link_interface("","");], [ac_cv_found_libnet_lib=yes], AC_TRY_LINK(, [libnet_open_link_interface("","");], [ CMU_LIBNET_CFLAGS_ADD="-DNEW_LIBNET_INTERFACE" ac_cv_found_libnet_lib=yes ], ac_cv_found_libnet_lib=no) ) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_LIBNET_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libnet library in $i) CMU_LIBNET_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, net) if test "$ac_cv_found_libnet_lib" = "yes" ; then ac_cv_libnet_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBNET], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(libnet, [ --with-libnet=PREFIX Compile with LIBNET support], [if test "X$with_libnet" = "X"; then with_libnet=yes fi]) AC_ARG_WITH(libnet-config, [ --with-libnet-config=dir use libnet config program in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libnet-config]) fi]) AC_ARG_WITH(libnet-lib, [ --with-libnet-lib=dir use libnet libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libnet-lib]) fi]) AC_ARG_WITH(libnet-include, [ --with-libnet-include=dir use libnet headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libnet-include]) fi]) if test "X$with_libnet" != "X"; then if test "$with_libnet" != "yes"; then if test -f "$with_libnet/libnet-config"; then ac_cv_libnet_where_cfg=$with_libnet else ac_cv_libnet_where_cfg=$with_libnet/bin fi ac_cv_libnet_where_lib=$with_libnet/$CMU_LIB_SUBDIR ac_cv_libnet_where_inc=$with_libnet/include fi fi if test "X$with_libnet_cfg" != "X"; then ac_cv_libnet_where_cfg=$with_libnet_cfg fi if test "X$ac_cv_libnet_where_cfg" = "X"; then CMU_LIBNET_CFG_WHERE(/usr/ng/bin /usr/bin /usr/local/bin) fi if test "X$with_libnet_lib" != "X"; then ac_cv_libnet_where_lib=$with_libnet_lib fi if test "X$ac_cv_libnet_where_lib" = "X"; then CMU_LIBNET_LIB_WHERE(/usr/ng/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi if test "X$with_libnet_include" != "X"; then ac_cv_libnet_where_inc=$with_libnet_include fi if test "X$ac_cv_libnet_where_inc" = "X"; then CMU_LIBNET_INC_WHERE(/usr/ng/include /usr/include /usr/local/include) fi AC_MSG_CHECKING(whether to include libnet) if test "X$ac_cv_libnet_where_lib" = "X" -o "X$ac_cv_libnet_where_inc" = "X" -o "X$ac_cv_libnet_where_cfg" = "X"; then ac_cv_found_libnet=no AC_MSG_RESULT(no) else ac_cv_found_libnet=yes AC_MSG_RESULT(yes) LIBNET_CONFIG=$ac_cv_libnet_where_cfg/libnet-config LIBNET_INC_DIR=$ac_cv_libnet_where_inc LIBNET_LIB_DIR=$ac_cv_libnet_where_lib LIBNET_CFLAGS="`$LIBNET_CONFIG --cflags` ${CMU_LIBNET_CFLAGS_ADD}" LIBNET_DEF_FLAGS="`$LIBNET_CONFIG --defines`" LIBNET_INC_FLAGS="-I${LIBNET_INC_DIR}" LIBNET_LIB_FLAGS="-L${LIBNET_LIB_DIR} `${LIBNET_CONFIG} --libs`" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBNET_LIB_DIR}" else RPATH="${RPATH}:${LIBNET_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${LIBNET_LIB_DIR}" else RPATH="${RPATH}:${LIBNET_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBNET_LIB_DIR}" else RPATH="${RPATH}:${LIBNET_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${LIBNET_LIB_DIR}" else RPATH="${RPATH}:${LIBNET_LIB_DIR}" fi else RPATH="${RPATH} -R${LIBNET_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/common.m40000646000076400007640000000353310414247622014200 00000000000000dnl $Id: common.m4,v 1.13 2006/02/25 18:29:46 cg2v Exp $ AC_DEFUN([CMU_TEST_LIBPATH], [ changequote(<<, >>) define(<>, translit(ac_cv_found_$2_lib, <<- *>>, <<__p>>)) changequote([, ]) if test "$CMU_AC_CV_FOUND" = "yes"; then if test \! -r "$1/lib$2.a" -a \! -r "$1/lib$2.so" -a \! -r "$1/lib$2.sl" -a \! -r "$1/lib$2.dylib"; then CMU_AC_CV_FOUND=no fi fi ]) AC_DEFUN([CMU_TEST_INCPATH], [ changequote(<<, >>) define(<>, translit(ac_cv_found_$2_inc, [ *], [_p])) changequote([, ]) if test "$CMU_AC_CV_FOUND" = "yes"; then if test \! -r "$1/$2.h"; then CMU_AC_CV_FOUND=no fi fi ]) dnl CMU_CHECK_HEADER_NOCACHE(HEADER-FILE, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]) AC_DEFUN([CMU_CHECK_HEADER_NOCACHE], [dnl Do the transliteration at runtime so arg 1 can be a shell variable. ac_safe=`echo "$1" | sed 'y%./+-%__p_%'` AC_MSG_CHECKING([for $1]) AC_TRY_CPP([#include <$1>], eval "ac_cv_header_$ac_safe=yes", eval "ac_cv_header_$ac_safe=no") if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then AC_MSG_RESULT(yes) ifelse([$2], , :, [$2]) else AC_MSG_RESULT(no) ifelse([$3], , , [$3 ])dnl fi ]) AC_DEFUN([CMU_FIND_LIB_SUBDIR], [dnl AC_ARG_WITH([lib-subdir], AC_HELP_STRING([--with-lib-subdir=DIR],[Find libraries in DIR instead of lib])) AC_CHECK_SIZEOF(long) AC_CACHE_CHECK([what directory libraries are found in], [ac_cv_cmu_lib_subdir], [test "X$with_lib_subdir" = "Xyes" && with_lib_subdir= test "X$with_lib_subdir" = "Xno" && with_lib_subdir= if test "X$with_lib_subdir" = "X" ; then ac_cv_cmu_lib_subdir=lib if test $ac_cv_sizeof_long -eq 4 ; then test -d /usr/lib32 && ac_cv_cmu_lib_subdir=lib32 fi if test $ac_cv_sizeof_long -eq 8 ; then test -d /usr/lib64 && ac_cv_cmu_lib_subdir=lib64 fi else ac_cv_cmu_lib_subdir=$with_lib_subdir fi]) AC_SUBST(CMU_LIB_SUBDIR, $ac_cv_cmu_lib_subdir) ]) cyrus-sasl-2.1.25/cmulocal/kerberos_v5.m40000666000076400007640000001237510233511400015127 00000000000000dnl kerberos_v5.m4--Kerberos 5 libraries and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: kerberos_v5.m4,v 1.9 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_KRB5_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [krb5_keyblock foo;], ac_cv_found_krb5_inc=yes, ac_cv_found_krb5_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_KRB5_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for krb5 headers in $i) CMU_KRB5_INC_WHERE1($i) CMU_TEST_INCPATH($i, krb5) if test "$ac_cv_found_krb5_inc" = "yes"; then ac_cv_krb5_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) # # Test for kerberos lib files # AC_DEFUN([CMU_KRB5_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lkrb5 -lk5crypto" AC_TRY_LINK(, [krb5_get_in_tkt();], [ac_cv_found_krb5_lib=yes], ac_cv_found_krb5_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_KRB5_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for krb5 libraries in $i) CMU_KRB5_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, krb5) if test "$ac_cv_found_krb5_lib" = "yes" ; then ac_cv_krb5_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_KRB5], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_USE_COMERR]) AC_ARG_WITH(krb5, [ --with-krb5=PREFIX Compile with Kerberos 5 support], [if test "X$with_krb5" = "X"; then with_krb5=yes fi]) AC_ARG_WITH(krb5-lib, [ --with-krb5-lib=dir use kerberos 5 libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-krb5-lib]) fi]) AC_ARG_WITH(krb5-include, [ --with-krb5-include=dir use kerberos 5 headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-krb5-include]) fi]) AC_ARG_WITH(krb5-impl, [ --with-krb5-impl=heimdal use heimdal kerberos 5 libraries --with-krb5-impl=mit use MIT kerberos 5 libraries], [if test "$withval" != "heimdal" -a "$withval" != "mit"; then AC_MSG_ERROR([Invalid argument for --with-krb5-impl]) fi]) if test "X$with_krb5" != "X"; then if test "$with_krb5" != "yes" -a "$with_krb5" != "no"; then ac_cv_krb5_where_lib=$with_krb5/$CMU_LIB_SUBDIR ac_cv_krb5_where_inc=$with_krb5/include ac_cv_krb5_impl=mit fi fi if test "$with_krb5" != "no"; then if test "X$with_krb5_lib" != "X"; then ac_cv_krb5_where_lib=$with_krb5_lib ac_cv_krb5_impl=mit fi if test "X$with_krb5_impl" != "X"; then ac_cv_krb5_impl=$with_krb5_impl fi if test "X$ac_cv_krb5_where_lib" = "X" -a "X$with_krb5_impl" != "Xheimdal"; then CMU_KRB5_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) if test "X$ac_cv_krb5_where_lib" != "X"; then ac_cv_krb5_impl=mit fi fi if test "X$ac_cv_krb5_where_lib" = "X" -a "X$with_krb5_impl" != "Xmit"; then CMU_LIBHEIMDAL_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/heimdal/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) if test "X$ac_cv_libheimdal_where_lib" != "X"; then ac_cv_krb5_where_lib=$ac_cv_libheimdal_where_lib ac_cv_krb5_impl=heimdal fi fi if test "X$with_krb5_include" != "X"; then ac_cv_krb5_where_inc=$with_krb5_include fi if test "X$ac_cv_krb5_where_inc" = "X"; then CMU_KRB5_INC_WHERE(/usr/athena/include /usr/include/kerberos /usr/local/include /usr/include) fi fi AC_MSG_CHECKING(whether to include kerberos 5) if test "X$ac_cv_krb5_where_lib" = "X" -o "X$ac_cv_krb5_where_inc" = "X"; then ac_cv_found_krb5=no AC_MSG_RESULT(no) else ac_cv_found_krb5=yes AC_MSG_RESULT(yes) KRB5_INC_DIR=$ac_cv_krb5_where_inc KRB5_LIB_DIR=$ac_cv_krb5_where_lib if test "X$ac_cv_krb5_impl" != "Xheimdal"; then KRB5_LIB_FLAGS="-L${KRB5_LIB_DIR} -lkrb5 -lk5crypto" else CMU_LIBHEIMDAL_LIBDES($KRB5_LIB_DIR) KRB5_LIB_FLAGS="-L${KRB5_LIB_DIR} -lkadm5clnt -lkrb5 -lasn1 ${HEIM_LIBDES} -lroken $LIB_SOCKET" AC_DEFINE(HEIMDAL,,[we found heimdal krb5 and not MIT krb5]) fi KRB5_INC_FLAGS="-I${KRB5_INC_DIR}" AC_SUBST(KRB5_INC_FLAGS) AC_SUBST(KRB5_LIB_FLAGS) AC_DEFINE(HAVE_KRB5,,[Kerberos V5 is present])dnl zephyr uses this AC_DEFINE(KRB5,,[Use Kerberos 5. (maybe find what needs this and nuke it)]) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${KRB5_LIB_DIR}" else RPATH="${RPATH}:${KRB5_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${KRB5_LIB_DIR}" else RPATH="${RPATH}:${KRB5_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${KRB5_LIB_DIR}" else RPATH="${RPATH}:${KRB5_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${KRB5_LIB_DIR}" else RPATH="${RPATH}:${KRB5_LIB_DIR}" fi else RPATH="${RPATH} -R${KRB5_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/COPYING0000666000076400007640000000325211306006125013471 00000000000000 Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name "Carnegie Mellon University" must not be used to endorse or promote products derived from this software without prior written permission. For permission or any legal details, please contact Carnegie Mellon University Center for Technology Transfer and Enterprise Creation 4615 Forbes Avenue Suite 302 Pittsburgh, PA 15213 (412) 268-7393, fax: (412) 268-7395 innovation@andrew.cmu.edu 4. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/)." CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. cyrus-sasl-2.1.25/cmulocal/c-fpic.m40000646000076400007640000000075111326340101014035 00000000000000dnl dnl $Id: c-fpic.m4,v 1.4 2010/01/06 17:01:27 murch Exp $ dnl dnl dnl Test for -fPIC dnl AC_DEFUN([CMU_C_FPIC], [ AC_MSG_CHECKING(if compiler supports -fPIC) AC_CACHE_VAL(ac_cv_fpic, [ save_CFLAGS=$CFLAGS CFLAGS="${CFLAGS} -fPIC" AC_TRY_COMPILE([ #include static void foo(void) { exit(1); } ], [ ], ac_cv_fpic=yes, ac_cv_fpic=no) CFLAGS=$save_CFLAGS ]) if test "$ac_cv_fpic" = "yes"; then FPIC_CFLAGS="-fPIC" else FPIC_CFLAGS="" fi AC_MSG_RESULT($ac_cv_fpic) ]) cyrus-sasl-2.1.25/cmulocal/berkdb.m40000646000076400007640000001632411326340101014130 00000000000000dnl $Id: berkdb.m4,v 1.24 2010/01/06 17:01:27 murch Exp $ AC_DEFUN([CMU_DB_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" AC_TRY_COMPILE([#include ], [DB *db; db_create(&db, NULL, 0); db->open(db, "foo.db", NULL, DB_UNKNOWN, DB_RDONLY, 0644);], ac_cv_found_db_inc=yes, ac_cv_found_db_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_DB_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for db headers in $i) CMU_DB_INC_WHERE1($i) CMU_TEST_INCPATH($i, db) if test "$ac_cv_found_db_inc" = "yes"; then ac_cv_db_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) # # Test for lib files # AC_DEFUN([CMU_DB3_LIB_WHERE1], [ AC_REQUIRE([CMU_AFS]) AC_REQUIRE([CMU_KRB4]) saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -ldb-3" AC_TRY_LINK([#include ], [db_env_create(NULL, 0);], [ac_cv_found_db_3_lib=yes], ac_cv_found_db_3_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_DB4_LIB_WHERE1], [ AC_REQUIRE([CMU_AFS]) AC_REQUIRE([CMU_KRB4]) saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -ldb-4" AC_TRY_LINK([#include ], [db_env_create(NULL, 0);], [ac_cv_found_db_4_lib=yes], ac_cv_found_db_4_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_DB_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for db libraries in $i) if test "$enable_db4" = "yes"; then CMU_DB4_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, [db-4]) ac_cv_found_db_lib=$ac_cv_found_db_4_lib else CMU_DB3_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, [db-3]) ac_cv_found_db_lib=$ac_cv_found_db_3_lib fi if test "$ac_cv_found_db_lib" = "yes" ; then ac_cv_db_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_USE_DB], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(db, [ --with-db=PREFIX Compile with db support], [if test "X$with_db" = "X"; then with_db=yes fi]) AC_ARG_WITH(db-lib, [ --with-db-lib=dir use db libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-db-lib]) fi]) AC_ARG_WITH(db-include, [ --with-db-include=dir use db headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-db-include]) fi]) AC_ARG_ENABLE(db4, [ --enable-db4 use db 4.x libraries]) if test "X$with_db" != "X"; then if test "$with_db" != "yes"; then ac_cv_db_where_lib=$with_db/$CMU_LIB_SUBDIR ac_cv_db_where_inc=$with_db/include fi fi if test "X$with_db_lib" != "X"; then ac_cv_db_where_lib=$with_db_lib fi if test "X$ac_cv_db_where_lib" = "X"; then CMU_DB_LIB_WHERE(/usr/athena/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi if test "X$with_db_include" != "X"; then ac_cv_db_where_inc=$with_db_include fi if test "X$ac_cv_db_where_inc" = "X"; then CMU_DB_INC_WHERE(/usr/athena/include /usr/local/include) fi AC_MSG_CHECKING(whether to include db) if test "X$ac_cv_db_where_lib" = "X" -o "X$ac_cv_db_where_inc" = "X"; then ac_cv_found_db=no AC_MSG_RESULT(no) else ac_cv_found_db=yes AC_MSG_RESULT(yes) DB_INC_DIR=$ac_cv_db_where_inc DB_LIB_DIR=$ac_cv_db_where_lib DB_INC_FLAGS="-I${DB_INC_DIR}" if test "$enable_db4" = "yes"; then DB_LIB_FLAGS="-L${DB_LIB_DIR} -ldb-4" else DB_LIB_FLAGS="-L${DB_LIB_DIR} -ldb-3" fi dnl Do not force configure.in to put these in CFLAGS and LIBS unconditionally dnl Allow makefile substitutions.... AC_SUBST(DB_INC_FLAGS) AC_SUBST(DB_LIB_FLAGS) if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${DB_LIB_DIR}" else RPATH="${RPATH}:${DB_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${DB_LIB_DIR}" else RPATH="${RPATH}:${DB_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${DB_LIB_DIR}" else RPATH="${RPATH}:${DB_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${DB_LIB_DIR}" else RPATH="${RPATH}:${DB_LIB_DIR}" fi else RPATH="${RPATH} -R${DB_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) dnl ---- CUT HERE --- dnl These are the Cyrus Berkeley DB macros. In an ideal world these would be dnl identical to the above. dnl They are here so that they can be shared between Cyrus IMAPd dnl and Cyrus SASL with relative ease. dnl The big difference between this and the ones above is that we don't assume dnl that we know the name of the library, and we try a lot of permutations dnl instead. We also assume that DB4 is acceptable. dnl When we're done, there will be a BDB_LIBADD and a BDB_INCADD which should dnl be used when necessary. We should probably be smarter about our RPATH dnl handling. dnl Call these with BERKELEY_DB_CHK. dnl We will also set $dblib to "berkeley" if we are successful, "no" otherwise. dnl this is unbelievably painful due to confusion over what db-3 should be dnl named and where the db-3 header file is located. arg. AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB], [ BDB_SAVE_LDFLAGS=$LDFLAGS if test -d $with_bdb_lib; then CMU_ADD_LIBPATH_TO($with_bdb_lib, LDFLAGS) CMU_ADD_LIBPATH_TO($with_bdb_lib, BDB_LIBADD) else BDB_LIBADD="" fi saved_LIBS=$LIBS for dbname in ${with_bdb} db-4.7 db4.7 db47 db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db do LIBS="$saved_LIBS -l$dbname" AC_TRY_LINK([#include #include ], [db_create(NULL, NULL, 0);], BDB_LIBADD="$BDB_LIBADD -l$dbname"; dblib="berkeley"; dbname=db, dblib="no") if test "$dblib" = "berkeley"; then break; fi done if test "$dblib" = "no"; then LIBS="$saved_LIBS -ldb" AC_TRY_LINK([#include #include ], [db_open(NULL, 0, 0, 0, NULL, NULL, NULL);], BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db, dblib="no") fi LIBS=$saved_LIBS LDFLAGS=$BDB_SAVE_LDFLAGS ]) AC_DEFUN([CYRUS_BERKELEY_DB_OPTS], [ AC_ARG_WITH(bdb-libdir, [ --with-bdb-libdir=DIR Berkeley DB lib files are in DIR], with_bdb_lib=$withval, [ test "${with_bdb_lib+set}" = set || with_bdb_lib=none]) AC_ARG_WITH(bdb-incdir, [ --with-bdb-incdir=DIR Berkeley DB include files are in DIR], with_bdb_inc=$withval, [ test "${with_bdb_inc+set}" = set || with_bdb_inc=none ]) ]) AC_DEFUN([CYRUS_BERKELEY_DB_CHK], [ AC_REQUIRE([CYRUS_BERKELEY_DB_OPTS]) cmu_save_CPPFLAGS=$CPPFLAGS if test -d $with_bdb_inc; then CPPFLAGS="$CPPFLAGS -I$with_bdb_inc" BDB_INCADD="-I$with_bdb_inc" else BDB_INCADD="" fi dnl Note that FreeBSD puts it in a wierd place dnl (but they should use with-bdb-incdir) AC_CHECK_HEADER(db.h, [CYRUS_BERKELEY_DB_CHK_LIB()], dblib="no") CPPFLAGS=$cmu_save_CPPFLAGS ]) cyrus-sasl-2.1.25/cmulocal/zlib.m40000646000076400007640000000145511326340101013636 00000000000000dnl dnl macros for configure.in to detect zlib dnl $Id: zlib.m4,v 1.4 2010/01/06 17:01:28 murch Exp $ dnl AC_DEFUN([CMU_HAVE_ZLIB], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(zlib,[ --with-zlib=PATH use zlib from PATH], with_zlib=$withval, with_zlib="yes") save_CPPFLAGS=$CPPFLAGS save_LDFLAGS=$LDFLAGS if test -d $with_zlib; then CPPFLAGS="${CPPFLAGS} -I${with_lib}/include" CMU_ADD_LIBPATH(${with_zlib}/$CMU_LIB_SUBDIR) fi ZLIB="" case "$with_zlib" in no) with_zlib="no";; *) AC_CHECK_HEADER(zlib.h, [ AC_CHECK_LIB(z, deflate, LIBS="${LIBS} -lz"; with_zlib="yes", with_zlib="no",)], with_zlib=no) ;; esac if test "$with_zlib" != "no"; then AC_DEFINE(HAVE_ZLIB,[],[Do we have zlib?]) ZLIB="-lz" else CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS fi ]) cyrus-sasl-2.1.25/cmulocal/libwrap.m40000666000076400007640000000202710233511400014332 00000000000000dnl libwrap.m4 --- do we have libwrap, the access control library? dnl $Id: libwrap.m4,v 1.10 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_LIBWRAP], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_WITH(libwrap, [ --with-libwrap=DIR use libwrap (rooted in DIR) [yes] ], with_libwrap=$withval, with_libwrap=yes) if test "$with_libwrap" != no; then if test -d "$with_libwrap"; then CPPFLAGS="$CPPFLAGS -I${with_libwrap}/include" LDFLAGS="$LDFLAGS -L${with_libwrap}/$CMU_LIB_SUBDIR" fi cmu_save_LIBS="$LIBS" AC_CHECK_LIB(wrap, request_init, [ AC_CHECK_HEADER(tcpd.h,, with_libwrap=no)], with_libwrap=no, ${LIB_SOCKET}) LIBS="$cmu_save_LIBS" fi AC_MSG_CHECKING(libwrap support) AC_MSG_RESULT($with_libwrap) LIB_WRAP="" if test "$with_libwrap" != no; then AC_DEFINE(HAVE_LIBWRAP,[],[Do we have TCP wrappers?]) LIB_WRAP="-lwrap" AC_CHECK_LIB(nsl, yp_get_default_domain, LIB_WRAP="${LIB_WRAP} -lnsl") fi AC_SUBST(LIB_WRAP) ]) cyrus-sasl-2.1.25/cmulocal/librestrict.m40000646000076400007640000000502410414247622015233 00000000000000dnl librestrict.m4--restrict libraries and includes dnl Derrick Brashear dnl from KTH krb and Arla dnl $Id: librestrict.m4,v 1.6 2006/02/25 18:26:22 cg2v Exp $ AC_DEFUN([CMU_RESTRICT_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lrestrict" AC_TRY_LINK(, [ConsoleInUse();], [ac_cv_found_restrict_lib=yes], ac_cv_found_restrict_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_RESTRICT_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for restrict library in $i) CMU_RESTRICT_LIB_WHERE1($i) CMU_TEST_LIBPATH($i, restrict) if test "$ac_cv_found_restrict_lib" = "yes" ; then ac_cv_restrict_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(no found) fi done ]) AC_DEFUN([CMU_RESTRICT], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(restrict, [ --with-restrict=PREFIX Compile with RESTRICT support], [if test "X$with_restrict" = "X"; then with_restrict=yes fi]) if test "X$with_restrict" != "X"; then if test "$with_restrict" != "yes"; then ac_cv_restrict_where_lib=$with_restrict/$CMU_LIB_SUBDIR fi fi if test "X$with_restrict_lib" != "X"; then ac_cv_restrict_where_lib=$with_restrict_lib fi if test "X$ac_cv_restrict_where_lib" = "X"; then CMU_RESTRICT_LIB_WHERE(/usr/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR) fi AC_MSG_CHECKING(whether to include restrict) if test "X$ac_cv_restrict_where_lib" = "X"; then ac_cv_found_restrict=no AC_MSG_RESULT(no) else ac_cv_found_restrict=yes AC_DEFINE(HAVE_RESTRICT,, [Use librestrict]) AC_MSG_RESULT(yes) RESTRICT_LIB_DIR=$ac_cv_restrict_where_lib RESTRICT_LIB_FLAGS="-L${RESTRICT_LIB_DIR} -lrestrict" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${RESTRICT_LIB_DIR}" else RPATH="${RPATH}:${RESTRICT_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${RESTRICT_LIB_DIR}" else RPATH="${RPATH}:${RESTRICT_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${RESTRICT_LIB_DIR}" else RPATH="${RPATH}:${RESTRICT_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${RESTRICT_LIB_DIR}" else RPATH="${RPATH}:${RESTRICT_LIB_DIR}" fi else RPATH="${RPATH} -R${RESTRICT_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi ]) cyrus-sasl-2.1.25/cmulocal/sasl.m40000666000076400007640000000445010233511400013636 00000000000000dnl sasl.m4--sasl libraries and includes dnl Derrick Brashear dnl from KTH sasl and Arla dnl $Id: sasl.m4,v 1.23 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_SASL_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" CMU_CHECK_HEADER_NOCACHE(sasl.h, ac_cv_found_sasl_inc=yes, ac_cv_found_sasl_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_SASL_INC_WHERE], [ for i in $1; do CMU_SASL_INC_WHERE1($i) CMU_TEST_INCPATH($i, sasl) if test "$ac_cv_found_sasl_inc" = "yes"; then ac_cv_sasl_where_inc=$i break fi done ]) AC_DEFUN([CMU_SASL_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lsasl" AC_TRY_LINK(, [sasl_getprop();], [ac_cv_found_sasl_lib=yes], ac_cv_found_sasl_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_SASL_LIB_WHERE], [ for i in $1; do CMU_SASL_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, sasl) if test "$ac_cv_found_sasl_lib" = "yes" ; then ac_cv_sasl_where_lib=$i break fi done ]) AC_DEFUN([CMU_SASL], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(sasl, [ --with-sasl=DIR Compile with libsasl in ], with_sasl="$withval", with_sasl="yes") SASLFLAGS="" LIB_SASL="" cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_LDFLAGS=$LDFLAGS cmu_saved_LIBS=$LIBS if test -d ${with_sasl}; then ac_cv_sasl_where_lib=${with_sasl}/$CMU_LIB_SUBDIR ac_cv_sasl_where_inc=${with_sasl}/include SASLFLAGS="-I$ac_cv_sasl_where_inc" LIB_SASL="-L$ac_cv_sasl_where_lib" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" fi AC_CHECK_HEADER(sasl.h, AC_CHECK_LIB(sasl, sasl_getprop, ac_cv_found_sasl=yes, ac_cv_found_sasl=no), ac_cv_found_sasl=no) LIBS="$cmu_saved_LIBS" LDFLAGS="$cmu_saved_LDFLAGS" CPPFLAGS="$cmu_saved_CPPFLAGS" if test "$ac_cv_found_sasl" = yes; then LIB_SASL="$LIB_SASL -lsasl" else LIB_SASL="" SASLFLAGS="" fi AC_SUBST(LIB_SASL) AC_SUBST(SASLFLAGS) ]) AC_DEFUN([CMU_SASL_REQUIRED], [AC_REQUIRE([CMU_SASL]) if test "$ac_cv_found_sasl" != "yes"; then AC_ERROR([Cannot continue without libsasl. Get it from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.]) fi]) cyrus-sasl-2.1.25/cmulocal/ax_path_bdb.m40000666000076400007640000005001410167317224015142 00000000000000dnl @synopsis AX_PATH_BDB([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) dnl dnl This macro finds the latest version of Berkeley DB on the system, dnl and ensures that the header file and library versions match. If dnl MINIMUM-VERSION is specified, it will ensure that the library dnl found is at least that version. dnl dnl It determines the name of the library as well as the path to the dnl header file and library. It will check both the default environment dnl as well as the default Berkeley DB install location. When found, it dnl sets BDB_LIBS, BDB_CPPFLAGS, and BDB_LDFLAGS to the necessary values dnl to add to LIBS, CPPFLAGS, and LDFLAGS, as well as setting BDB_VERSION dnl to the version found. HAVE_DB_H is defined also. dnl dnl The option --with-bdb-dir=DIR can be used to specify a specific dnl Berkeley DB installation to use. dnl dnl An example of it's use is: dnl AX_PATH_BDB([3],[ dnl LIBS="$BDB_LIBS $LIBS" dnl LDFLAGS="$BDB_LDFLAGS $LDFLAGS" dnl CPPFLAGS="$CPPFLAGS $BDB_CPPFLAGS" dnl ]) dnl which will locate the latest version of Berkeley DB on the system, dnl and ensure that it is version 3.0 or higher. dnl dnl Details: This macro does not use either AC_CHECK_HEADERS or dnl AC_CHECK_LIB because, first, the functions inside the library are dnl sometimes renamed to contain a version code that is only available dnl from the db.h on the system, and second, because it is common to dnl have multiple db.h and libdb files on a system it is important to dnl make sure the ones being used correspond to the same version. dnl Additionally, there are many different possible names for libdb dnl when installed by an OS distribution, and these need to be checked dnl if db.h does not correspond to libdb. dnl dnl When cross compiling, only header versions are verified since it dnl would be difficult to check the library version. Additionally dnl the default Berkeley DB installation locations /usr/local/BerkeleyDB* dnl are not searched for higher versions of the library. dnl dnl The format for the list of library names to search came from the dnl Cyrus IMAP distribution, although they are generated dynamically dnl here, and only for the version found in db.h. dnl dnl The macro AX_COMPARE_VERSION is required to use this macro, and dnl should be available from the Autoconf Macro Archive. dnl dnl The author would like to acknowledge the generous and valuable feedback dnl from Guido Draheim, without which this macro would be far less robust, dnl and have poor and inconsistent cross compilation support. dnl dnl @version $Id: ax_path_bdb.m4,v 1.1 2005/01/06 20:24:52 shadow Exp $ dnl @author Tim Toolan dnl dnl ######################################################################### AC_DEFUN([AX_PATH_BDB], [ dnl # Used to indicate success or failure of this function. ax_path_bdb_ok=no # Add --with-bdb-dir option to configure. AC_ARG_WITH([bdb-dir], [AC_HELP_STRING([--with-bdb-dir=DIR], [Berkeley DB installation directory])]) # Check if --with-bdb-dir was specified. if test "x$with_bdb_dir" = "x" ; then # No option specified, so just search the system. AX_PATH_BDB_NO_OPTIONS([$1], [HIGHEST], [ ax_path_bdb_ok=yes ]) else # Set --with-bdb-dir option. ax_path_bdb_INC="$with_bdb_dir/include" ax_path_bdb_LIB="$with_bdb_dir/lib" dnl # Save previous environment, and modify with new stuff. ax_path_bdb_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="-I$ax_path_bdb_INC $CPPFLAGS" ax_path_bdb_save_LDFLAGS=$LDFLAGS LDFLAGS="-L$ax_path_bdb_LIB $LDFLAGS" # Check for specific header file db.h AC_MSG_CHECKING([db.h presence in $ax_path_bdb_INC]) if test -f "$ax_path_bdb_INC/db.h" ; then AC_MSG_RESULT([yes]) # Check for library AX_PATH_BDB_NO_OPTIONS([$1], [ENVONLY], [ ax_path_bdb_ok=yes BDB_CPPFLAGS="-I$ax_path_bdb_INC" BDB_LDFLAGS="-L$ax_path_bdb_LIB" ]) else AC_MSG_RESULT([no]) AC_MSG_NOTICE([no usable Berkeley DB not found]) fi dnl # Restore the environment. CPPFLAGS="$ax_path_bdb_save_CPPFLAGS" LDFLAGS="$ax_path_bdb_save_LDFLAGS" fi dnl # Execute ACTION-IF-FOUND / ACTION-IF-NOT-FOUND. if test "$ax_path_bdb_ok" = "yes" ; then m4_ifvaln([$2],[$2],[:])dnl m4_ifvaln([$3],[else $3])dnl fi ]) dnl AX_PATH_BDB dnl ######################################################################### dnl Check for berkeley DB of at least MINIMUM-VERSION on system. dnl dnl The OPTION argument determines how the checks occur, and can be one of: dnl dnl HIGHEST - Check both the environment and the default installation dnl directories for Berkeley DB and choose the version that dnl is highest. (default) dnl ENVFIRST - Check the environment first, and if no satisfactory dnl library is found there check the default installation dnl directories for Berkeley DB which is /usr/local/BerkeleyDB* dnl ENVONLY - Check the current environment only. dnl dnl Requires AX_PATH_BDB_PATH_GET_VERSION, AX_PATH_BDB_PATH_FIND_HIGHEST, dnl AX_PATH_BDB_ENV_CONFIRM_LIB, AX_PATH_BDB_ENV_GET_VERSION, and dnl AX_COMPARE_VERSION macros. dnl dnl Result: sets ax_path_bdb_no_options_ok to yes or no dnl sets BDB_LIBS, BDB_CPPFLAGS, BDB_LDFLAGS, BDB_VERSION dnl dnl AX_PATH_BDB_NO_OPTIONS([MINIMUM-VERSION], [OPTION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([AX_PATH_BDB_NO_OPTIONS], [ dnl # Used to indicate success or failure of this function. ax_path_bdb_no_options_ok=no # Values to add to environment to use Berkeley DB. BDB_VERSION='' BDB_LIBS='' BDB_CPPFLAGS='' BDB_LDFLAGS='' # Check cross compilation here. if test "x$cross_compiling" = "xyes" ; then # If cross compiling, can't use AC_RUN_IFELSE so do these tests. # The AC_PREPROC_IFELSE confirms that db.h is preprocessable, # and extracts the version number from it. AC_MSG_CHECKING([for db.h]) AS_VAR_PUSHDEF([HEADER_VERSION],[ax_path_bdb_no_options_HEADER_VERSION])dnl HEADER_VERSION='' AC_PREPROC_IFELSE([ AC_LANG_SOURCE([[ #include AX_PATH_BDB_STUFF DB_VERSION_MAJOR,DB_VERSION_MINOR,DB_VERSION_PATCH ]]) ],[ # Extract version from preprocessor output. HEADER_VERSION=`eval "$ac_cpp conftest.$ac_ext" 2> /dev/null \ | grep AX_PATH_BDB_STUFF | sed 's/[[^0-9,]]//g;s/,/./g;1q'` ],[]) if test "x$HEADER_VERSION" = "x" ; then AC_MSG_RESULT([no]) else AC_MSG_RESULT([$HEADER_VERSION]) # Check that version is high enough. AX_COMPARE_VERSION([$HEADER_VERSION],[ge],[$1],[ # get major and minor version numbers AS_VAR_PUSHDEF([MAJ],[ax_path_bdb_no_options_MAJOR])dnl MAJ=`echo $HEADER_VERSION | sed 's,\..*,,'` AS_VAR_PUSHDEF([MIN],[ax_path_bdb_no_options_MINOR])dnl MIN=`echo $HEADER_VERSION | sed 's,^[[0-9]]*\.,,;s,\.[[0-9]]*$,,'` dnl # Save LIBS. ax_path_bdb_no_options_save_LIBS="$LIBS" # Check that we can link with the library. AC_SEARCH_LIBS([db_version], [db db-$MAJ.$MIN db$MAJ.$MIN db$MAJ$MIN db-$MAJ db$MAJ],[ # Sucessfully found library. ax_path_bdb_no_options_ok=yes BDB_VERSION=$HEADER_VERSION # Extract library from LIBS ax_path_bdb_no_options_LEN=` \ echo "x$ax_path_bdb_no_options_save_LIBS" \ | awk '{print(length)}'` BDB_LIBS=`echo "x$LIBS " \ | sed "s/.\{$ax_path_bdb_no_options_LEN\}\$//;s/^x//;s/ //g"` ],[]) dnl # Restore LIBS LIBS="$ax_path_bdb_no_options_save_LIBS" AS_VAR_POPDEF([MAJ])dnl AS_VAR_POPDEF([MIN])dnl ]) fi AS_VAR_POPDEF([HEADER_VERSION])dnl else # Not cross compiling. # Check version of Berkeley DB in the current environment. AX_PATH_BDB_ENV_GET_VERSION([ AX_COMPARE_VERSION([$ax_path_bdb_env_get_version_VERSION],[ge],[$1],[ # Found acceptable version in current environment. ax_path_bdb_no_options_ok=yes BDB_VERSION="$ax_path_bdb_env_get_version_VERSION" BDB_LIBS="$ax_path_bdb_env_get_version_LIBS" ]) ]) # Determine if we need to search /usr/local/BerkeleyDB* ax_path_bdb_no_options_DONE=no if test "x$2" = "xENVONLY" ; then ax_path_bdb_no_options_DONE=yes elif test "x$2" = "xENVFIRST" ; then ax_path_bdb_no_options_DONE=$ax_path_bdb_no_options_ok fi if test "$ax_path_bdb_no_options_DONE" = "no" ; then # Check for highest in /usr/local/BerkeleyDB* AX_PATH_BDB_PATH_FIND_HIGHEST([ if test "$ax_path_bdb_no_options_ok" = "yes" ; then # If we already have an acceptable version use this if higher. AX_COMPARE_VERSION( [$ax_path_bdb_path_find_highest_VERSION],[gt],[$BDB_VERSION]) else # Since we didn't have an acceptable version check if this one is. AX_COMPARE_VERSION( [$ax_path_bdb_path_find_highest_VERSION],[ge],[$1]) fi ]) dnl # If result from _AX_COMPARE_VERSION is true we want this version. if test "$ax_compare_version" = "true" ; then ax_path_bdb_no_options_ok=yes BDB_LIBS="-ldb" BDB_CPPFLAGS="-I$ax_path_bdb_path_find_highest_DIR/include" BDB_LDFLAGS="-L$ax_path_bdb_path_find_highest_DIR/lib" BDB_VERSION="$ax_path_bdb_path_find_highest_VERSION" fi fi fi dnl # Execute ACTION-IF-FOUND / ACTION-IF-NOT-FOUND. if test "$ax_path_bdb_no_options_ok" = "yes" ; then AC_MSG_NOTICE([using Berkeley DB version $BDB_VERSION]) AC_DEFINE([HAVE_DB_H],[1], [Define to 1 if you have the header file.]) m4_ifvaln([$3],[$3])dnl else AC_MSG_NOTICE([no Berkeley DB version $1 or higher found]) m4_ifvaln([$4],[$4])dnl fi ]) dnl AX_PATH_BDB_NO_OPTIONS dnl ######################################################################### dnl Check the default installation directory for Berkeley DB which is dnl of the form /usr/local/BerkeleyDB* for the highest version. dnl dnl Result: sets ax_path_bdb_path_find_highest_ok to yes or no, dnl sets ax_path_bdb_path_find_highest_VERSION to version, dnl sets ax_path_bdb_path_find_highest_DIR to directory. dnl dnl AX_PATH_BDB_PATH_FIND_HIGHEST([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([AX_PATH_BDB_PATH_FIND_HIGHEST], [ dnl # Used to indicate success or failure of this function. ax_path_bdb_path_find_highest_ok=no AS_VAR_PUSHDEF([VERSION],[ax_path_bdb_path_find_highest_VERSION])dnl VERSION='' ax_path_bdb_path_find_highest_DIR='' # find highest verison in default install directory for Berkeley DB AS_VAR_PUSHDEF([CURDIR],[ax_path_bdb_path_find_highest_CURDIR])dnl AS_VAR_PUSHDEF([CUR_VERSION],[ax_path_bdb_path_get_version_VERSION])dnl for CURDIR in `ls -d /usr/local/BerkeleyDB* 2> /dev/null` do AX_PATH_BDB_PATH_GET_VERSION([$CURDIR],[ AX_COMPARE_VERSION([$CUR_VERSION],[gt],[$VERSION],[ ax_path_bdb_path_find_highest_ok=yes ax_path_bdb_path_find_highest_DIR="$CURDIR" VERSION="$CUR_VERSION" ]) ]) done AS_VAR_POPDEF([VERSION])dnl AS_VAR_POPDEF([CUR_VERSION])dnl AS_VAR_POPDEF([CURDIR])dnl dnl # Execute ACTION-IF-FOUND / ACTION-IF-NOT-FOUND. if test "$ax_path_bdb_path_find_highest_ok" = "yes" ; then m4_ifvaln([$1],[$1],[:])dnl m4_ifvaln([$2],[else $2])dnl fi ]) dnl AX_PATH_BDB_PATH_FIND_HIGHEST dnl ######################################################################### dnl Checks for Berkeley DB in specified directory's lib and include dnl subdirectories. dnl dnl Result: sets ax_path_bdb_path_get_version_ok to yes or no, dnl sets ax_path_bdb_path_get_version_VERSION to version. dnl dnl AX_PATH_BDB_PATH_GET_VERSION(BDB-DIR, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([AX_PATH_BDB_PATH_GET_VERSION], [ dnl # Used to indicate success or failure of this function. ax_path_bdb_path_get_version_ok=no # Indicate status of checking for Berkeley DB header. AC_MSG_CHECKING([in $1/include for db.h]) ax_path_bdb_path_get_version_got_header=no test -f "$1/include/db.h" && ax_path_bdb_path_get_version_got_header=yes AC_MSG_RESULT([$ax_path_bdb_path_get_version_got_header]) # Indicate status of checking for Berkeley DB library. AC_MSG_CHECKING([in $1/lib for library -ldb]) ax_path_bdb_path_get_version_VERSION='' if test -d "$1/include" && test -d "$1/lib" && test "$ax_path_bdb_path_get_version_got_header" = "yes" ; then dnl # save and modify environment ax_path_bdb_path_get_version_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="-I$1/include $CPPFLAGS" ax_path_bdb_path_get_version_save_LIBS="$LIBS" LIBS="$LIBS -ldb" ax_path_bdb_path_get_version_save_LDFLAGS="$LDFLAGS" LDFLAGS="-L$1/lib $LDFLAGS" # Compile and run a program that compares the version defined in # the header file with a version defined in the library function # db_version. AC_RUN_IFELSE([ AC_LANG_SOURCE([[ #include #include int main(int argc,char **argv) { int major,minor,patch; db_version(&major,&minor,&patch); if (argc > 1) printf("%d.%d.%d\n",DB_VERSION_MAJOR,DB_VERSION_MINOR,DB_VERSION_PATCH); if (DB_VERSION_MAJOR == major && DB_VERSION_MINOR == minor && DB_VERSION_PATCH == patch) return 0; else return 1; } ]]) ],[ # Program compiled and ran, so get version by adding argument. ax_path_bdb_path_get_version_VERSION=`./conftest$ac_exeext x` ax_path_bdb_path_get_version_ok=yes ],[],[]) dnl # restore environment CPPFLAGS="$ax_path_bdb_path_get_version_save_CPPFLAGS" LIBS="$ax_path_bdb_path_get_version_save_LIBS" LDFLAGS="$ax_path_bdb_path_get_version_save_LDFLAGS" fi dnl # Finally, execute ACTION-IF-FOUND / ACTION-IF-NOT-FOUND. if test "$ax_path_bdb_path_get_version_ok" = "yes" ; then AC_MSG_RESULT([$ax_path_bdb_path_get_version_VERSION]) m4_ifvaln([$2],[$2])dnl else AC_MSG_RESULT([no]) m4_ifvaln([$3],[$3])dnl fi ]) dnl AX_PATH_BDB_PATH_GET_VERSION ############################################################################# dnl Checks if version of library and header match specified version. dnl Only meant to be used by AX_PATH_BDB_ENV_GET_VERSION macro. dnl dnl Requires AX_COMPARE_VERSION macro. dnl dnl Result: sets ax_path_bdb_env_confirm_lib_ok to yes or no. dnl dnl AX_PATH_BDB_ENV_CONFIRM_LIB(VERSION, [LIBNAME]) AC_DEFUN([AX_PATH_BDB_ENV_CONFIRM_LIB], [ dnl # Used to indicate success or failure of this function. ax_path_bdb_env_confirm_lib_ok=no dnl # save and modify environment to link with library LIBNAME ax_path_bdb_env_confirm_lib_save_LIBS="$LIBS" LIBS="$LIBS $2" # Compile and run a program that compares the version defined in # the header file with a version defined in the library function # db_version. AC_RUN_IFELSE([ AC_LANG_SOURCE([[ #include #include int main(int argc,char **argv) { int major,minor,patch; db_version(&major,&minor,&patch); if (argc > 1) printf("%d.%d.%d\n",DB_VERSION_MAJOR,DB_VERSION_MINOR,DB_VERSION_PATCH); if (DB_VERSION_MAJOR == major && DB_VERSION_MINOR == minor && DB_VERSION_PATCH == patch) return 0; else return 1; } ]]) ],[ # Program compiled and ran, so get version by giving an argument, # which will tell the program to print the output. ax_path_bdb_env_confirm_lib_VERSION=`./conftest$ac_exeext x` # If the versions all match up, indicate success. AX_COMPARE_VERSION([$ax_path_bdb_env_confirm_lib_VERSION],[eq],[$1],[ ax_path_bdb_env_confirm_lib_ok=yes ]) ],[],[]) dnl # restore environment LIBS="$ax_path_bdb_env_confirm_lib_save_LIBS" ]) dnl AX_PATH_BDB_ENV_CONFIRM_LIB ############################################################################# dnl Finds the version and library name for Berkeley DB in the dnl current environment. Tries many different names for library. dnl dnl Requires AX_PATH_BDB_ENV_CONFIRM_LIB macro. dnl dnl Result: set ax_path_bdb_env_get_version_ok to yes or no, dnl set ax_path_bdb_env_get_version_VERSION to the version found, dnl and ax_path_bdb_env_get_version_LIBNAME to the library name. dnl dnl AX_PATH_BDB_ENV_GET_VERSION([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([AX_PATH_BDB_ENV_GET_VERSION], [ dnl # Used to indicate success or failure of this function. ax_path_bdb_env_get_version_ok=no ax_path_bdb_env_get_version_VERSION='' ax_path_bdb_env_get_version_LIBS='' AS_VAR_PUSHDEF([HEADER_VERSION],[ax_path_bdb_env_get_version_HEADER_VERSION])dnl AS_VAR_PUSHDEF([TEST_LIBNAME],[ax_path_bdb_env_get_version_TEST_LIBNAME])dnl # Indicate status of checking for Berkeley DB library. AC_MSG_CHECKING([for db.h]) # Compile and run a program that determines the Berkeley DB version # in the header file db.h. HEADER_VERSION='' AC_RUN_IFELSE([ AC_LANG_SOURCE([[ #include #include int main(int argc,char **argv) { if (argc > 1) printf("%d.%d.%d\n",DB_VERSION_MAJOR,DB_VERSION_MINOR,DB_VERSION_PATCH); return 0; } ]]) ],[ # Program compiled and ran, so get version by adding an argument. HEADER_VERSION=`./conftest$ac_exeext x` AC_MSG_RESULT([$HEADER_VERSION]) ],[AC_MSG_RESULT([no])],[AC_MSG_RESULT([no])]) # Have header version, so try to find corresponding library. # Looks for library names in the order: # nothing, db, db-X.Y, dbX.Y, dbXY, db-X, dbX # and stops when it finds the first one that matches the version # of the header file. if test "x$HEADER_VERSION" != "x" ; then AC_MSG_CHECKING([for library containing Berkeley DB $HEADER_VERSION]) AS_VAR_PUSHDEF([MAJOR],[ax_path_bdb_env_get_version_MAJOR])dnl AS_VAR_PUSHDEF([MINOR],[ax_path_bdb_env_get_version_MINOR])dnl # get major and minor version numbers MAJOR=`echo $HEADER_VERSION | sed 's,\..*,,'` MINOR=`echo $HEADER_VERSION | sed 's,^[[0-9]]*\.,,;s,\.[[0-9]]*$,,'` # see if it is already specified in LIBS TEST_LIBNAME='' AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) if test "$ax_path_bdb_env_confirm_lib_ok" = "no" ; then # try format "db" TEST_LIBNAME='-ldb' AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) fi if test "$ax_path_bdb_env_confirm_lib_ok" = "no" ; then # try format "db-X.Y" TEST_LIBNAME="-ldb-${MAJOR}.$MINOR" AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) fi if test "$ax_path_bdb_env_confirm_lib_ok" = "no" ; then # try format "dbX.Y" TEST_LIBNAME="-ldb${MAJOR}.$MINOR" AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) fi if test "$ax_path_bdb_env_confirm_lib_ok" = "no" ; then # try format "dbXY" TEST_LIBNAME="-ldb$MAJOR$MINOR" AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) fi if test "$ax_path_bdb_env_confirm_lib_ok" = "no" ; then # try format "db-X" TEST_LIBNAME="-ldb-$MAJOR" AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) fi if test "$ax_path_bdb_env_confirm_lib_ok" = "no" ; then # try format "dbX" TEST_LIBNAME="-ldb$MAJOR" AX_PATH_BDB_ENV_CONFIRM_LIB([$HEADER_VERSION], [$TEST_LIBNAME]) fi dnl # Found a valid library. if test "$ax_path_bdb_env_confirm_lib_ok" = "yes" ; then if test "x$TEST_LIBNAME" = "x" ; then AC_MSG_RESULT([none required]) else AC_MSG_RESULT([$TEST_LIBNAME]) fi ax_path_bdb_env_get_version_VERSION="$HEADER_VERSION" ax_path_bdb_env_get_version_LIBS="$TEST_LIBNAME" ax_path_bdb_env_get_version_ok=yes else AC_MSG_RESULT([no]) fi AS_VAR_POPDEF([MAJOR])dnl AS_VAR_POPDEF([MINOR])dnl fi AS_VAR_POPDEF([HEADER_VERSION])dnl AS_VAR_POPDEF([TEST_LIBNAME])dnl dnl # Execute ACTION-IF-FOUND / ACTION-IF-NOT-FOUND. if test "$ax_path_bdb_env_confirm_lib_ok" = "yes" ; then m4_ifvaln([$1],[$1],[:])dnl m4_ifvaln([$2],[else $2])dnl fi ]) dnl BDB_ENV_GET_VERSION ############################################################################# cyrus-sasl-2.1.25/cmulocal/cyrus.m40000646000076400007640000000260511326340101014041 00000000000000dnl dnl Additional macros for configure.in packaged up for easier theft. dnl $Id: cyrus.m4,v 1.6 2010/01/06 17:01:27 murch Exp $ dnl tjs@andrew.cmu.edu 6-may-1998 dnl dnl It would be good if ANDREW_ADD_LIBPATH could detect if something was dnl already there and not redundantly add it if it is. dnl add -L(arg), and possibly (runpath switch)(arg), to LDFLAGS dnl (so the runpath for shared libraries is set). AC_DEFUN([CMU_ADD_LIBPATH], [ # this is CMU ADD LIBPATH if test "$andrew_cv_runpath_switch" = "none" ; then LDFLAGS="-L$1 ${LDFLAGS}" else LDFLAGS="-L$1 $andrew_cv_runpath_switch$1 ${LDFLAGS}" fi ]) dnl add -L(1st arg), and possibly (runpath switch)(1st arg), to (2nd arg) dnl (so the runpath for shared libraries is set). AC_DEFUN([CMU_ADD_LIBPATH_TO], [ # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then $2="-L$1 ${$2}" else $2="-L$1 ${$2} $andrew_cv_runpath_switch$1" fi ]) dnl runpath initialization AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ # CMU GUESS RUNPATH SWITCH AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ # first, try -R SAVE_LDFLAGS="${LDFLAGS}" LDFLAGS="-R /usr/lib" AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ LDFLAGS="-Wl,-rpath,/usr/lib" AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], [andrew_cv_runpath_switch="none"]) ]) LDFLAGS="${SAVE_LDFLAGS}" ])]) cyrus-sasl-2.1.25/cmulocal/nadine.m40000666000076400007640000001057107741072415014155 00000000000000dnl nadine.m4--The nadine event library dnl Derrick Brashear dnl from KTH kafs and Arla dnl $Id: nadine.m4,v 1.6 2003/10/08 20:35:25 rjs3 Exp $ AC_DEFUN([CMU_NADINE_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1" CMU_CHECK_HEADER_NOCACHE(libevent/libevent.h, ac_cv_found_event_inc=yes, ac_cv_found_event_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_NADINE_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for nadine headers in $i) CMU_NADINE_INC_WHERE1($i) dnl CMU_TEST_INCPATH($i, ssl) dnl CMU_TEST_INCPATH isn't very versatile if test "$ac_cv_found_event_inc" = "yes"; then if test \! -f $i/libevent/libevent.h ; then ac_cv_found_event_inc=no fi fi if test "$ac_cv_found_event_inc" = "yes"; then ac_cv_event_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_NADINE_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -levent" AC_TRY_LINK(, [libevent_Initialize();], [ac_cv_found_event_lib=yes], ac_cv_found_event_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_NADINE_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for event libraries in $i) CMU_NADINE_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, event) if test "$ac_cv_found_event_lib" = "yes" ; then ac_cv_event_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_NADINE], [ AC_REQUIRE([CMU_SOCKETS]) AC_ARG_WITH(nadine, [ --with-nadine=PREFIX Compile with nadine libevent support], [if test "X$with_nadine" = "X"; then with_nadine=yes fi]) AC_ARG_WITH(nadine-lib, [ --with-nadine-lib=dir use nadine libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-nadine-lib]) fi]) AC_ARG_WITH(nadine-include, [ --with-nadine-include=dir use nadine headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-nadine-include]) fi]) if test "$with_ucdsnmp" = "no" ; then AC_MSG_WARN([Nadine requires UCD SNMP. Disabling Nadine support]) with_nadine=no with_nadine_lib=no with_nadine_include=no fi if test "X$with_nadine" != "X"; then if test "$with_nadine" != "yes" -a "$with_nadine" != no; then ac_cv_event_where_lib=$with_nadine/lib ac_cv_event_where_inc=$with_nadine/include fi fi if test "$with_nadine" != "no"; then if test "X$with_nadine_lib" != "X"; then ac_cv_event_where_lib=$with_nadine_lib fi if test "X$ac_cv_event_where_lib" = "X"; then CMU_NADINE_LIB_WHERE(/usr/local/lib /usr/ng/lib /usr/lib) fi if test "X$with_nadine_include" != "X"; then ac_cv_event_where_inc=$with_nadine_include fi if test "X$ac_cv_event_where_inc" = "X"; then CMU_NADINE_INC_WHERE(/usr/local/include /usr/ng/include /usr/include) fi fi AC_MSG_CHECKING(whether to include nadine) if test "X$ac_cv_event_where_lib" = "X" -a "X$ac_cv_event_where_inc" = "X"; then ac_cv_found_event=no AC_MSG_RESULT(no) else ac_cv_found_event=yes AC_MSG_RESULT(yes) NADINE_INC_DIR=$ac_cv_event_where_inc NADINE_LIB_DIR=$ac_cv_event_where_lib NADINE_INC_FLAGS="-I${NADINE_INC_DIR}" NADINE_LIB_FLAGS="-L${NADINE_LIB_DIR} -levent" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${NADINE_LIB_DIR}" else RPATH="${RPATH}:${NADINE_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${NADINE_LIB_DIR}" else RPATH="${RPATH}:${NADINE_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${NADINE_LIB_DIR}" else RPATH="${RPATH}:${NADINE_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${NADINE_LIB_DIR}" else RPATH="${RPATH}:${NADINE_LIB_DIR}" fi else RPATH="${RPATH} -R${NADINE_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi AC_SUBST(NADINE_INC_DIR) AC_SUBST(NADINE_LIB_DIR) AC_SUBST(NADINE_INC_FLAGS) AC_SUBST(NADINE_LIB_FLAGS) ]) cyrus-sasl-2.1.25/cmulocal/init_automake.m40000666000076400007640000000036707741072414015551 00000000000000dnl init_automake.m4--cmulocal automake setup macro dnl Rob Earhart dnl $Id: init_automake.m4,v 1.4 2003/10/08 20:35:24 rjs3 Exp $ AC_DEFUN([CMU_INIT_AUTOMAKE], [ AC_REQUIRE([AM_INIT_AUTOMAKE]) ACLOCAL="$ACLOCAL -I \$(top_srcdir)/cmulocal" ]) cyrus-sasl-2.1.25/cmulocal/sql.m40000666000076400007640000001311411321140750013475 00000000000000dnl $Id: sql.m4,v 1.2 2010/01/06 17:01:28 murch Exp $ dnl These are the Cyrus MySQL macros. dnl They are here so that they can be shared between Cyrus IMAPd dnl and Cyrus SASL with relative ease. dnl When we're done, there will be a MYSQL_LIBADD and a MYSQL_INCADD which dnl should dnl be used when necessary. dnl We should probably be smarter about our RPATH dnl handling. dnl Call these with CYRUS_MYSQL_CHK. dnl We will also set $mysqllib to "yes" if we are successful, "no" otherwise. AC_DEFUN([CYRUS_MYSQL_CHK_LIB], [ MYSQL_SAVE_LDFLAGS=$LDFLAGS if test -d $with_mysql_lib; then CMU_ADD_LIBPATH_TO($with_mysql_lib, LDFLAGS) CMU_ADD_LIBPATH_TO($with_mysql_lib, MYSQL_LIBADD) else MYSQL_LIBADD="" fi saved_LIBS=$LIBS for libname in ${with_mysql} mysqlclient do LIBS="$saved_LIBS -l$libname" AC_TRY_LINK([#include #include ], [mysql_select_db(NULL, NULL);], MYSQL_LIBADD="$MYSQL_LIBADD -l$libname"; mysqllib="yes", mysqllib="no") if test "$mysqllib" = "yes"; then break; fi done LIBS=$saved_LIBS LDFLAGS=$MYSQL_SAVE_LDFLAGS ]) AC_DEFUN([CYRUS_MYSQL_OPTS], [ AC_ARG_WITH(mysql-libdir, [ --with-mysql-libdir=DIR MySQL lib files are in DIR], with_mysql_lib=$withval, [ test "${with_mysql_lib+set}" = set || with_mysql_lib=none]) AC_ARG_WITH(mysql-incdir, [ --with-mysql-incdir=DIR MySQL include files are in DIR], with_mysql_inc=$withval, [ test "${with_mysql_inc+set}" = set || with_mysql_inc=none ]) ]) AC_DEFUN([CYRUS_MYSQL_CHK], [ AC_REQUIRE([CYRUS_MYSQL_OPTS]) cmu_save_CPPFLAGS=$CPPFLAGS if test -d $with_mysql_inc; then CPPFLAGS="$CPPFLAGS -I$with_mysql_inc" MYSQL_INCADD="-I$with_mysql_inc" else MYSQL_INCADD="" fi AC_CHECK_HEADER(mysql.h, [CYRUS_MYSQL_CHK_LIB()], mysqllib="no") CPPFLAGS=$cmu_save_CPPFLAGS ]) dnl These are the Cyrus PgSQL macros. dnl They are here so that they can be shared between Cyrus IMAPd dnl and Cyrus SASL with relative ease. dnl When we're done, there will be a PGSQL_LIBADD and a PGSQL_INCADD which dnl should dnl be used when necessary. dnl We should probably be smarter about our RPATH dnl handling. dnl Call these with CYRUS_PGSQL_CHK. dnl We will also set $pgsqllib to "yes" if we are successful, "no" otherwise. AC_DEFUN([CYRUS_PGSQL_CHK_LIB], [ PGSQL_SAVE_LDFLAGS=$LDFLAGS if test -d $with_pgsql_lib; then CMU_ADD_LIBPATH_TO($with_pgsql_lib, LDFLAGS) CMU_ADD_LIBPATH_TO($with_pgsql_lib, PGSQL_LIBADD) else PGSQL_LIBADD="" fi saved_LIBS=$LIBS for libname in ${with_pgsql} pq do LIBS="$saved_LIBS -l$libname" AC_TRY_LINK([#include #include ], [PQconnectdb(NULL);], PGSQL_LIBADD="$PGSQL_LIBADD -l$libname"; pgsqllib="yes", pgsqllib="no") if test "$pgsqllib" = "yes"; then break; fi done LIBS=$saved_LIBS LDFLAGS=$PGSQL_SAVE_LDFLAGS ]) AC_DEFUN([CYRUS_PGSQL_OPTS], [ AC_ARG_WITH(pgsql-libdir, [ --with-pgsql-libdir=DIR Pgsql lib files are in DIR], with_pgsql_lib=$withval, [ test "${with_pgsql_lib+set}" = set || with_pgsql_lib=none]) AC_ARG_WITH(pgsql-incdir, [ --with-pgsql-incdir=DIR Pgsql include files are in DIR], with_pgsql_inc=$withval, [ test "${with_pgsql_inc+set}" = set || with_pgsql_inc=none ]) ]) AC_DEFUN([CYRUS_PGSQL_CHK], [ AC_REQUIRE([CYRUS_PGSQL_OPTS]) cmu_save_CPPFLAGS=$CPPFLAGS if test -d $with_pgsql_inc; then CPPFLAGS="$CPPFLAGS -I$with_pgsql_inc" PGSQL_INCADD="-I$with_pgsql_inc" else PGSQL_INCADD="" fi AC_CHECK_HEADER(libpq-fe.h, [CYRUS_PGSQL_CHK_LIB()], pgsqllib="no") CPPFLAGS=$cmu_save_CPPFLAGS ]) dnl These are the Cyrus SQLite macros. dnl They are here so that they can be shared between Cyrus IMAPd dnl and Cyrus SASL with relative ease. dnl When we're done, there will be a SQLITE_LIBADD and a SQLITE_INCADD which dnl should dnl be used when necessary. dnl We should probably be smarter about our RPATH dnl handling. dnl Call these with CYRUS_SQLITE_CHK. dnl We will also set $sqlitelib to "yes" if we are successful, "no" otherwise. AC_DEFUN([CYRUS_SQLITE_CHK_LIB], [ SQLITE_SAVE_LDFLAGS=$LDFLAGS if test -d $with_sqlite_lib; then CMU_ADD_LIBPATH_TO($with_sqlite_lib, LDFLAGS) CMU_ADD_LIBPATH_TO($with_sqlite_lib, SQLITE_LIBADD) else SQLITE_LIBADD="" fi saved_LIBS=$LIBS for libname in ${with_sqlite} sqlite3 do LIBS="$saved_LIBS -l$libname" AC_TRY_LINK([#include #include ], [sqlite3_open(NULL, NULL);], SQLITE_LIBADD="$SQLITE_LIBADD -l$libname"; sqlitelib="yes", sqlitelib="no") if test "$sqlitelib" = "yes"; then break; fi done LIBS=$saved_LIBS LDFLAGS=$SQLITE_SAVE_LDFLAGS ]) AC_DEFUN([CYRUS_SQLITE_OPTS], [ AC_ARG_WITH(sqlite-libdir, [ --with-sqlite-libdir=DIR SQLite lib files are in DIR], with_sqlite_lib=$withval, [ test "${with_sqlite_lib+set}" = set || with_sqlite_lib=none]) AC_ARG_WITH(sqlite-incdir, [ --with-sqlite-incdir=DIR SQLite include files are in DIR], with_sqlite_inc=$withval, [ test "${with_sqlite_inc+set}" = set || with_sqlite_inc=none ]) ]) AC_DEFUN([CYRUS_SQLITE_CHK], [ AC_REQUIRE([CYRUS_SQLITE_OPTS]) cmu_save_CPPFLAGS=$CPPFLAGS if test -d $with_sqlite_inc; then CPPFLAGS="$CPPFLAGS -I$with_sqlite_inc" SQLITE_INCADD="-I$with_sqlite_inc" else SQLITE_INCADD="" fi AC_CHECK_HEADER(sqlite3.h, [CYRUS_SQLITE_CHK_LIB()], sqlitelib="no") CPPFLAGS=$cmu_save_CPPFLAGS ]) cyrus-sasl-2.1.25/cmulocal/pthreads.m40000666000076400007640000000115707741072415014531 00000000000000dnl pthreads.m4--pthreads setup macro dnl Rob Earhart dnl $Id: pthreads.m4,v 1.11 2003/10/08 20:35:25 rjs3 Exp $ AC_DEFUN([CMU_PTHREADS], [ AC_REQUIRE([AC_CANONICAL_HOST]) cmu_save_LIBS="$LIBS" AC_CHECK_LIB(pthread, pthread_create,LIB_PTHREAD="-lpthread", AC_CHECK_LIB(c_r, pthread_create,LIB_PTHREAD="-lc_r", AC_ERROR([Can't compile without pthreads]))) LIBS="$cmu_save_LIBS" AC_SUBST(LIB_PTHREAD) AC_DEFINE(_REENTRANT) case "$host_os" in solaris2*) AC_DEFINE(_POSIX_PTHREAD_SEMANTICS) AC_DEFINE(__EXTENSIONS__) ;; irix6*) AC_DEFINE(_SGI_REENTRANT_FUNCTIONS) ;; esac ]) cyrus-sasl-2.1.25/cmulocal/c-attribute.m40000646000076400007640000000106411326340101015115 00000000000000dnl dnl $Id: c-attribute.m4,v 1.5 2010/01/06 17:01:27 murch Exp $ dnl dnl dnl Test for __attribute__ dnl AC_DEFUN([CMU_C___ATTRIBUTE__], [ AC_MSG_CHECKING(for __attribute__) AC_CACHE_VAL(ac_cv___attribute__, [ AC_TRY_COMPILE([ #include static void foo(void) __attribute__ ((noreturn)); static void foo(void) { exit(1); } ], [ ], ac_cv___attribute__=yes, ac_cv___attribute__=no)]) if test "$ac_cv___attribute__" = "yes"; then AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__]) fi AC_MSG_RESULT($ac_cv___attribute__) ]) cyrus-sasl-2.1.25/cmulocal/sasl2.m40000646000076400007640000004133311630151330013723 00000000000000# sasl2.m4--sasl2 libraries and includes # Rob Siemborski # $Id: sasl2.m4,v 1.60 2011/05/23 14:47:11 mel Exp $ # SASL2_CRYPT_CHK # --------------- AC_DEFUN([SASL_GSSAPI_CHK], [AC_REQUIRE([SASL2_CRYPT_CHK]) AC_REQUIRE([CMU_SOCKETS]) AC_ARG_ENABLE([gssapi], [AC_HELP_STRING([--enable-gssapi=], [enable GSSAPI authentication [yes]])], [gssapi=$enableval], [gssapi=yes]) AC_ARG_WITH([gss_impl], [AC_HELP_STRING([--with-gss_impl={heimdal|mit|cybersafe|seam|auto}], [choose specific GSSAPI implementation [[auto]]])], [gss_impl=$withval], [gss_impl=auto]) if test "$gssapi" != no; then platform= case "${host}" in *-*-linux*) platform=__linux ;; *-*-hpux*) platform=__hpux ;; *-*-irix*) platform=__irix ;; *-*-solaris2*) # When should we use __sunos? platform=__solaris ;; *-*-aix*) ###_AIX platform=__aix ;; *) AC_WARN([The system type is not recognized. If you believe that CyberSafe GSSAPI works on this platform, please update the configure script]) if test "$gss_impl" = "cybersafe"; then AC_ERROR([CyberSafe was forced, cannot continue as platform is not supported]) fi ;; esac cmu_saved_CPPFLAGS=$CPPFLAGS if test -d ${gssapi}; then CPPFLAGS="$CPPFLAGS -I$gssapi/include" # We want to keep -I in our CPPFLAGS, but only if we succeed cmu_saved_CPPFLAGS=$CPPFLAGS ### I am not sure how useful is this (and whether this is required at all ### especially when we have to provide two -L flags for new CyberSafe LDFLAGS="$LDFLAGS -L$gssapi/lib" if test -n "$platform"; then if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi fi fi fi AC_CHECK_HEADER([gssapi.h],, [AC_CHECK_HEADER([gssapi/gssapi.h],, [AC_WARN([Disabling GSSAPI - no include files found]); gssapi=no])]) AC_CHECK_HEADERS(gssapi/gssapi_ext.h) CPPFLAGS=$cmu_saved_CPPFLAGS fi if test "$gssapi" != no; then if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then AC_DEFINE(HAVE_GSSAPI_H,,[Define if you have the gssapi.h header file]) fi # We need to find out which gssapi implementation we are # using. Supported alternatives are: MIT Kerberos 5, # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), # CyberSafe Kerberos 5 (http://www.cybersafe.com/) # and Sun SEAM (http://wwws.sun.com/software/security/kerberos/) # # The choice is reflected in GSSAPIBASE_LIBS AC_CHECK_LIB(resolv,res_search) if test -d ${gssapi}; then gssapi_dir="${gssapi}/lib" GSSAPIBASE_LIBS="-L$gssapi_dir" GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" else # FIXME: This is only used for building cyrus, and then only as # a real hack. it needs to be fixed. gssapi_dir="/usr/local/lib" fi # Check a full link against the Heimdal libraries. # If this fails, check a full link against the MIT libraries. # If this fails, check a full link against the CyberSafe libraries. # If this fails, check a full link against the Solaris 8 and up libgss. if test "$gss_impl" = "auto" -o "$gss_impl" = "heimdal"; then gss_failed=0 AC_CHECK_LIB(gssapi,gss_unwrap,gss_impl="heimdal",gss_failed=1, ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET}) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then # check for libkrb5support first AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET}) gss_failed=0 AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1, ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET}) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi # For Cybersafe one has to set a platform define in order to make compilation work if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_GSSAPIBASE_LIBS=$GSSAPIBASE_LIBS # FIXME - Note that the libraries are in .../lib64 for 64bit kernels if test -d "${gssapi}/appsec-rt/lib"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -L${gssapi}/appsec-rt/lib" fi CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi gss_failed=0 # Check for CyberSafe with two libraries first, than fall back to a single # library (older CyberSafe) unset ac_cv_lib_gss_csf_gss_acq_user AC_CHECK_LIB(gss,csf_gss_acq_user,gss_impl="cybersafe03", [unset ac_cv_lib_gss_csf_gss_acq_user; AC_CHECK_LIB(gss,csf_gss_acq_user,gss_impl="cybersafe", gss_failed=1,$GSSAPIBASE_LIBS -lgss)], [${GSSAPIBASE_LIBS} -lgss -lcstbk5]) if test "$gss_failed" = "1"; then # Restore variables GSSAPIBASE_LIBS=$cmu_saved_GSSAPIBASE_LIBS CPPFLAGS=$cmu_saved_CPPFLAGS if test "$gss_impl" != "auto"; then gss_impl="failed" fi fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "seam"; then gss_failed=0 AC_CHECK_LIB(gss,gss_unwrap,gss_impl="seam",gss_failed=1,-lgss) if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "mit"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP}" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}" elif test "$gss_impl" = "heimdal"; then CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" elif test "$gss_impl" = "cybersafe03"; then # Version of CyberSafe with two libraries CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss -lcstbk5" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "seam"; then GSSAPIBASE_LIBS=-lgss # there is no static libgss on Solaris 8 and up GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "failed"; then gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= AC_WARN([Disabling GSSAPI - specified library not found]) else gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= AC_WARN([Disabling GSSAPI - no library]) fi fi # # Cybersafe defines both GSS_C_NT_HOSTBASED_SERVICE and GSS_C_NT_USER_NAME # in gssapi\rfckrb5.h # if test "$gssapi" != "no"; then if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then AC_EGREP_CPP(hostbased_service_gss_nt_yes, [#include #ifdef GSS_C_NT_HOSTBASED_SERVICE hostbased_service_gss_nt_yes #endif], [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])], [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])]) elif test "$ac_cv_header_gssapi_gssapi_h"; then AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi/gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,, [Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])]) fi if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then AC_EGREP_CPP(user_name_yes_gss_nt, [#include #ifdef GSS_C_NT_USER_NAME user_name_yes_gss_nt #endif], [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implementation defines GSS_C_NT_USER_NAME])], [AC_WARN([Cybersafe define not found])]) elif test "$ac_cv_header_gssapi_h" = "yes"; then AC_EGREP_HEADER(GSS_C_NT_USER_NAME, gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implementation defines GSS_C_NT_USER_NAME])]) AC_EGREP_HEADER(gss_inquire_attrs_for_mech, gssapi.h, rfc5587=yes) AC_EGREP_HEADER(gss_inquire_mech_for_saslname, gssapi.h, rfc5801=yes) elif test "$ac_cv_header_gssapi_gssapi_h"; then AC_EGREP_HEADER(GSS_C_NT_USER_NAME, gssapi/gssapi.h, [AC_DEFINE(HAVE_GSS_C_NT_USER_NAME,, [Define if your GSSAPI implementation defines GSS_C_NT_USER_NAME])]) AC_EGREP_HEADER(gss_inquire_attrs_for_mech, gssapi/gssapi.h, rfc5587=yes) AC_EGREP_HEADER(gss_inquire_mech_for_saslname, gssapi.h, rfc5801=yes) fi fi GSSAPI_LIBS="" AC_MSG_CHECKING([GSSAPI]) if test "$gssapi" != no; then AC_MSG_RESULT([with implementation ${gss_impl}]) AC_CHECK_LIB(resolv,res_search,GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv") SASL_MECHS="$SASL_MECHS libgssapiv2.la" SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" if test "$rfc5587" = "yes" -a "$rfc5801" = "yes"; then SASL_MECHS="$SASL_MECHS libgs2.la" SASL_STATIC_OBJS="$SASL_STATIC_OBJS gs2.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gs2.c" fi cmu_save_LIBS="$LIBS" LIBS="$LIBS $GSSAPIBASE_LIBS" AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) AC_CHECK_FUNCS(gss_decapsulate_token) AC_CHECK_FUNCS(gss_encapsulate_token) AC_CHECK_FUNCS(gss_oid_equal) LIBS="$cmu_save_LIBS" cmu_save_LIBS="$LIBS" LIBS="$LIBS $GSSAPIBASE_LIBS" AC_CHECK_FUNCS(gss_get_name_attribute) LIBS="$cmu_save_LIBS" else AC_MSG_RESULT([disabled]) fi AC_SUBST(GSSAPI_LIBS) AC_SUBST(GSSAPIBASE_LIBS) ])# SASL_GSSAPI_CHK # SASL_SET_GSSAPI_LIBS # -------------------- AC_DEFUN([SASL_SET_GSSAPI_LIBS], [SASL_GSSAPI_LIBS_SET="yes" ]) # CMU_SASL2 # --------- # What we want to do here is setup LIB_SASL with what one would # generally want to have (e.g. if static is requested, make it that, # otherwise make it dynamic. # # We also want to create LIB_DYN_SASL and DYNSASLFLAGS. # # Also sets using_static_sasl to "no" "static" or "staticonly" # AC_DEFUN([CMU_SASL2], [AC_REQUIRE([SASL_GSSAPI_CHK]) AC_ARG_WITH(sasl, [AC_HELP_STRING([--with-sasl=DIR],[Compile with libsasl2 in ])], with_sasl="$withval", with_sasl="yes") AC_ARG_WITH(staticsasl, [AC_HELP_STRING([--with-staticsasl=DIR], [Compile with staticly linked libsasl2 in ])], [with_staticsasl="$withval"; if test $with_staticsasl != "no"; then using_static_sasl="static" fi], [with_staticsasl="no"; using_static_sasl="no"]) SASLFLAGS="" LIB_SASL="" cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_LDFLAGS=$LDFLAGS cmu_saved_LIBS=$LIBS if test ${with_staticsasl} != "no"; then if test -d ${with_staticsasl}; then if test -d ${with_staticsasl}/lib64 ; then ac_cv_sasl_where_lib=${with_staticsasl}/lib64 else ac_cv_sasl_where_lib=${with_staticsasl}/lib fi ac_cv_sasl_where_lib=${with_staticsasl}/lib ac_cv_sasl_where_inc=${with_staticsasl}/include SASLFLAGS="-I$ac_cv_sasl_where_inc" LIB_SASL="-L$ac_cv_sasl_where_lib" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" else with_staticsasl="/usr" fi AC_CHECK_HEADER(sasl/sasl.h, [AC_CHECK_HEADER(sasl/saslutil.h, [for i42 in lib64 lib; do if test -r ${with_staticsasl}/$i42/libsasl2.a; then ac_cv_found_sasl=yes AC_MSG_CHECKING([for static libsasl]) LIB_SASL="$LIB_SASL ${with_staticsasl}/$i42/libsasl2.a" fi done if test ! "$ac_cv_found_sasl" = "yes"; then AC_MSG_CHECKING([for static libsasl]) AC_ERROR([Could not find ${with_staticsasl}/lib*/libsasl2.a]) fi])]) AC_MSG_RESULT([found]) if test "x$SASL_GSSAPI_LIBS_SET" = "x"; then LIB_SASL="$LIB_SASL $GSSAPIBASE_STATIC_LIBS" else SASL_GSSAPI_LIBS_SET="" cmu_saved_LIBS="$GSSAPIBASE_STATIC_LIBS $cmu_saved_LIBS" fi fi if test -d ${with_sasl}; then ac_cv_sasl_where_lib=${with_sasl}/lib ac_cv_sasl_where_inc=${with_sasl}/include DYNSASLFLAGS="-I$ac_cv_sasl_where_inc" if test "$ac_cv_sasl_where_lib" != ""; then CMU_ADD_LIBPATH_TO($ac_cv_sasl_where_lib, LIB_DYN_SASL) fi LIB_DYN_SASL="$LIB_DYN_SASL -lsasl2" CPPFLAGS="${cmu_saved_CPPFLAGS} -I${ac_cv_sasl_where_inc}" LDFLAGS="${cmu_saved_LDFLAGS} -L${ac_cv_sasl_where_lib}" fi # be sure to check for a SASLv2 specific function AC_CHECK_HEADER(sasl/sasl.h, [AC_CHECK_HEADER(sasl/saslutil.h, [AC_CHECK_LIB(sasl2, prop_get, ac_cv_found_sasl=yes, ac_cv_found_sasl=no)], ac_cv_found_sasl=no)], ac_cv_found_sasl=no) if test "$ac_cv_found_sasl" = "yes"; then if test "$ac_cv_sasl_where_lib" != ""; then CMU_ADD_LIBPATH_TO($ac_cv_sasl_where_lib, DYNLIB_SASL) fi DYNLIB_SASL="$DYNLIB_SASL -lsasl2" if test "$using_static_sasl" != "static"; then LIB_SASL=$DYNLIB_SASL SASLFLAGS=$DYNSASLFLAGS fi else DYNLIB_SASL="" DYNSASLFLAGS="" using_static_sasl="staticonly" fi if test "x$SASL_GSSAPI_LIBS_SET" != "x"; then SASL_GSSAPI_LIBS_SET="" cmu_saved_LIBS="$GSSAPIBASE_LIBS $cmu_saved_LIBS" fi LIBS="$cmu_saved_LIBS" LDFLAGS="$cmu_saved_LDFLAGS" CPPFLAGS="$cmu_saved_CPPFLAGS" AC_SUBST(LIB_DYN_SASL) AC_SUBST(DYNSASLFLAGS) AC_SUBST(LIB_SASL) AC_SUBST(SASLFLAGS) ])# CMU_SASL2 # CMU_SASL2_REQUIRED # ------------------ AC_DEFUN([CMU_SASL2_REQUIRED], [AC_REQUIRE([CMU_SASL2]) if test "$ac_cv_found_sasl" != "yes"; then AC_ERROR([Cannot continue without libsasl2. Get it from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/.]) fi]) # CMU_SASL2_REQUIRE_VER # --------------------- AC_DEFUN([CMU_SASL2_REQUIRE_VER], [AC_REQUIRE([CMU_SASL2_REQUIRED]) cmu_saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $SASLFLAGS" AC_TRY_CPP([ #include #ifndef SASL_VERSION_MAJOR #error SASL_VERSION_MAJOR not defined #endif #ifndef SASL_VERSION_MINOR #error SASL_VERSION_MINOR not defined #endif #ifndef SASL_VERSION_STEP #error SASL_VERSION_STEP not defined #endif #if SASL_VERSION_MAJOR < $1 || SASL_VERSION_MINOR < $2 || SASL_VERSION_STEP < $3 #error SASL version is less than $1.$2.$3 #endif ],, [AC_ERROR([Incorrect SASL headers found. This package requires SASL $1.$2.$3 or newer.])]) CPPFLAGS=$cmu_saved_CPPFLAGS ])# CMU_SASL2_REQUIRE_VER # CMU_SASL2_CHECKAPOP_REQUIRED # ---------------------------- AC_DEFUN([CMU_SASL2_CHECKAPOP_REQUIRED], [AC_REQUIRE([CMU_SASL2_REQUIRED]) cmu_saved_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_SASL" AC_CHECK_LIB(sasl2, sasl_checkapop, [AC_DEFINE(HAVE_APOP,[],[Does SASL support APOP?])], [AC_MSG_ERROR([libsasl2 without working sasl_checkapop. Cannot continue.])]) LDFLAGS=$cmu_saved_LDFLAGS ])# CMU_SASL2_CHECKAPOP_REQUIRED # SASL2_CRYPT_CHK # --------------- AC_DEFUN([SASL2_CRYPT_CHK], [AC_CHECK_FUNC(crypt, cmu_have_crypt=yes, [AC_CHECK_LIB(crypt, crypt, LIB_CRYPT="-lcrypt"; cmu_have_crypt=yes, cmu_have_crypt=no)]) AC_SUBST(LIB_CRYPT) ])# SASL2_CRYPT_CHK cyrus-sasl-2.1.25/cmulocal/find-func-no-libs.m40000666000076400007640000000050107741072414016120 00000000000000dnl $Id: find-func-no-libs.m4,v 1.2 2003/10/08 20:35:24 rjs3 Exp $ dnl dnl dnl Look for function in any of the specified libraries dnl dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args) AC_DEFUN([AC_FIND_FUNC_NO_LIBS], [ AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])]) cyrus-sasl-2.1.25/cmulocal/libtoolhack.m40000666000076400007640000000146407741072415015213 00000000000000dnl libtoolhack.m4--hack to make libtool behave better dnl Rob Earhart dnl $Id: libtoolhack.m4,v 1.4 2003/10/08 20:35:25 rjs3 Exp $ dnl Libtool tries to compile an empty file to see whether it can build dnl shared libraries, and treats *any* warning as a problem. dnl Solaris's and HP's cc complains about the empty file. So we hack dnl the CFLAGS to make cc not complain. AC_DEFUN([CMU_PROG_LIBTOOL], [ AC_REQUIRE([AC_PROG_CC]) if test "$ac_cv_prog_gcc" = no; then case "$host_os" in solaris2*) save_cflags="${CFLAGS}" CFLAGS="-erroff=E_EMPTY_TRANSLATION_UNIT ${CFLAGS}" ;; hpux*) save_cflags="${CFLAGS}" CFLAGS="-w" ;; esac fi AC_PROG_LIBTOOL if test "$ac_cv_prog_gcc" = no; then case "$host_os" in solaris2*|hpux*) CFLAGS="${save_cflags}" esac fi ]) cyrus-sasl-2.1.25/cmulocal/libcyrus.m40000666000076400007640000001044510233511400014531 00000000000000dnl libcyrus.m4--Cyrus libraries and includes dnl Derrick Brashear dnl from KTH kafs and Arla dnl $Id: libcyrus.m4,v 1.20 2005/04/26 19:14:08 shadow Exp $ AC_DEFUN([CMU_LIBCYRUS_INC_WHERE1], [ saved_CPPFLAGS=$CPPFLAGS CPPFLAGS="$saved_CPPFLAGS -I$1 $SASLFLAGS" CMU_CHECK_HEADER_NOCACHE(cyrus/imclient.h, ac_cv_found_cyrus_inc=yes, ac_cv_found_cyrus_inc=no) CPPFLAGS=$saved_CPPFLAGS ]) AC_DEFUN([CMU_LIBCYRUS_INC_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libcyrus headers in $i) CMU_LIBCYRUS_INC_WHERE1($i) CMU_TEST_INCPATH($i, imclient) if test "$ac_cv_found_cyrus_inc" = "yes"; then ac_cv_cyrus_where_inc=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBCYRUS_LIB_WHERE1], [ saved_LIBS=$LIBS LIBS="$saved_LIBS -L$1 -lcyrus ${LIB_SASL} ${LIBSSL_LIB_FLAGS} ${LIB_SOCKET}" AC_TRY_LINK([void fatal(){}], [imclient_authenticate();], [ac_cv_found_cyrus_lib=yes], ac_cv_found_cyrus_lib=no) LIBS=$saved_LIBS ]) AC_DEFUN([CMU_LIBCYRUS_LIB_WHERE], [ for i in $1; do AC_MSG_CHECKING(for libcyrus libraries in $i) CMU_LIBCYRUS_LIB_WHERE1($i) dnl deal with false positives from implicit link paths CMU_TEST_LIBPATH($i, cyrus) if test "$ac_cv_found_cyrus_lib" = "yes" ; then ac_cv_cyrus_where_lib=$i AC_MSG_RESULT(found) break else AC_MSG_RESULT(not found) fi done ]) AC_DEFUN([CMU_LIBCYRUS], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_REQUIRE([CMU_SOCKETS]) AC_REQUIRE([CMU_SASL2]) AC_REQUIRE([CMU_LIBSSL]) AC_ARG_WITH(libcyrus, [ --with-libcyrus=PREFIX Compile with Libcyrus support], [if test "X$with_libcyrus" = "X"; then with_libcyrus=yes fi]) AC_ARG_WITH(libcyrus-lib, [ --with-libcyrus-lib=dir use libcyrus libraries in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libcyrus-lib]) fi]) AC_ARG_WITH(libcyrus-include, [ --with-libcyrus-include=dir use libcyrus headers in dir], [if test "$withval" = "yes" -o "$withval" = "no"; then AC_MSG_ERROR([No argument for --with-libcyrus-include]) fi]) if test "X$with_libcyrus" != "X"; then if test "$with_libcyrus" != "yes" -a "$with_libcyrus" != no; then ac_cv_cyrus_where_lib=$with_libcyrus/$CMU_LIB_SUBDIR ac_cv_cyrus_where_inc=$with_libcyrus/include fi fi if test "$with_libcyrus" != "no"; then if test "X$with_libcyrus_lib" != "X"; then ac_cv_cyrus_where_lib=$with_libcyrus_lib fi if test "X$ac_cv_cyrus_where_lib" = "X"; then CMU_LIBCYRUS_LIB_WHERE(/usr/cyrus/$CMU_LIB_SUBDIR /usr/local/$CMU_LIB_SUBDIR /usr/$CMU_LIB_SUBDIR) fi if test "X$with_libcyrus_include" != "X"; then ac_cv_cyrus_where_inc=$with_libcyrus_include fi if test "X$ac_cv_cyrus_where_inc" = "X"; then CMU_LIBCYRUS_INC_WHERE(/usr/cyrus/include /usr/local/include /usr/local/include/cyrus /usr/include/cyrus) fi fi AC_MSG_CHECKING(whether to include libcyrus) if test "X$ac_cv_cyrus_where_lib" = "X" -o "X$ac_cv_cyrus_where_inc" = "X"; then ac_cv_found_cyrus=no AC_MSG_RESULT(no) else ac_cv_found_cyrus=yes AC_MSG_RESULT(yes) LIBCYRUS_INC_DIR=$ac_cv_cyrus_where_inc LIBCYRUS_LIB_DIR=$ac_cv_cyrus_where_lib LIBCYRUS_INC_FLAGS="-I${LIBCYRUS_INC_DIR}" LIBCYRUS_LIB_FLAGS="-L${LIBCYRUS_LIB_DIR} -lcyrus" if test "X$RPATH" = "X"; then RPATH="" fi case "${host}" in *-*-linux*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBCYRUS_LIB_DIR}" else RPATH="${RPATH}:${LIBCYRUS_LIB_DIR}" fi ;; *-*-hpux*) if test "X$RPATH" = "X"; then RPATH="-Wl,+b${LIBCYRUS_LIB_DIR}" else RPATH="${RPATH}:${LIBCYRUS_LIB_DIR}" fi ;; *-*-irix*) if test "X$RPATH" = "X"; then RPATH="-Wl,-rpath,${LIBCYRUS_LIB_DIR}" else RPATH="${RPATH}:${LIBCYRUS_LIB_DIR}" fi ;; *-*-solaris2*) if test "$ac_cv_prog_gcc" = yes; then if test "X$RPATH" = "X"; then RPATH="-Wl,-R${LIBCYRUS_LIB_DIR}" else RPATH="${RPATH}:${LIBCYRUS_LIB_DIR}" fi else RPATH="${RPATH} -R${LIBCYRUS_LIB_DIR}" fi ;; esac AC_SUBST(RPATH) fi AC_SUBST(LIBCYRUS_INC_DIR) AC_SUBST(LIBCYRUS_LIB_DIR) AC_SUBST(LIBCYRUS_INC_FLAGS) AC_SUBST(LIBCYRUS_LIB_FLAGS) ]) cyrus-sasl-2.1.25/cmulocal/openssl.m40000666000076400007640000000232011175366454014400 00000000000000dnl dnl macros for configure.in to detect openssl dnl $Id: openssl.m4,v 1.11 2006/05/17 18:30:19 murch Exp $ dnl AC_DEFUN([CMU_HAVE_OPENSSL], [ AC_REQUIRE([CMU_FIND_LIB_SUBDIR]) AC_ARG_WITH(openssl,[ --with-openssl=PATH use OpenSSL from PATH], with_openssl=$withval, with_openssl="yes") save_CPPFLAGS=$CPPFLAGS save_LDFLAGS=$LDFLAGS if test -d $with_openssl; then CPPFLAGS="${CPPFLAGS} -I${with_openssl}/include" CMU_ADD_LIBPATH(${with_openssl}/$CMU_LIB_SUBDIR) fi case "$with_openssl" in no) with_openssl="no";; *) dnl if openssl has been compiled with the rsaref2 libraries, dnl we need to include the rsaref libraries in the crypto check LIB_RSAREF="" AC_CHECK_LIB(rsaref, RSAPublicEncrypt, cmu_have_rsaref=yes; [AC_CHECK_LIB(RSAglue, RSAPublicEncrypt, LIB_RSAREF="-lRSAglue -lrsaref", LIB_RSAREF="-lrsaref")], cmu_have_rsaref=no) AC_CHECK_HEADER(openssl/evp.h, [ AC_CHECK_LIB(crypto, EVP_DigestInit, with_openssl="yes", with_openssl="no", $LIB_RSAREF)], with_openssl=no) ;; esac if test "$with_openssl" != "no"; then AC_DEFINE(HAVE_OPENSSL,[],[Do we have OpenSSL?]) else CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS fi ]) cyrus-sasl-2.1.25/ChangeLog0000646000076400007640000040570211632147475012435 000000000000002011-09-07 Ken Murchison * plugins/scram.c: Fixed 3 memory leaks in SCRAM 2011-09-07 Alexey Melnikov * configure.in, plugins/NTMakefile, plugins/cram.c: Allow use of cmusaslsecretCRAM-MD5 property to be disabled. 2011-09-02 Alexey Melnikov * config/config.guess, config/config.sub, saslauthd/config/config.guess, saslauthd/config/config.sub: Updated config to the latest GNU snapshot. 2011-09-01 Alexey Melnikov * lib/server.c: Make sure that a failed authorization doesn't preclude further SASL authentication attempts from working. 2011-09-01 Alexey Melnikov * lib/server.c: Fixed some aspects of mech_avail callback handling in the server side SASL code. 2011-09-01 Alexey Melnikov * config/ltconfig, saslauthd/config/ltconfig: Fix SASL's libtool MacOS/X 64-bit file magic. (Patch by Kurt Zeilenga) 2011-09-01 Alexey Melnikov * plugins/scram.c: Fixed some additional Windows warnings and a memory leak in SCRAM. 2011-09-01 Alexey Melnikov * plugins/scram.c: Fix size_t * v. unsigned * bug. (Patch by Kurt Zeilenga) 2011-09-01 Alexey Melnikov * lib/server.c: Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. 2011-09-01 Alexey Melnikov * include/md5.h, include/sasl.h, include/saslplug.h, lib/auxprop.c, lib/canonusr.c, lib/client.c, lib/common.c, lib/saslint.h, lib/server.c, lib/seterror.c, plugins/otp.c, plugins/plugin_common.c, sasldb/db_berkeley.c, sample/sample-client.c, sample/sample-server.c, utils/pluginviewer.c, utils/sasldblistusers.c, utils/saslpasswd.c, utils/testsuite.c: Many of the SASL includes define function pointers without specifying arguments. In C, the () is treated as unspecified, rather than (void), hence this is technically not a prototype, and gcc warns about it. (Patch by Dave Cridland and Alexey Melnikov) 2011-09-01 Alexey Melnikov * lib/server.c: Better server plugin API mismatch reporting 2011-05-23 Alexey Melnikov * plugins/gs2.c, plugins/gs2_token.c, plugins/gs2_token.h, cmulocal/sasl2.m4: Use draft-josefsson-gss-capsulate-01 if present. Negative SASL errors are fatal. (Patch from Luke Howard.) 2011-05-13 Ken Murchison * include/sasl.h, plugins/digest-md5.c: Allow for non-persistent connections when using DIGEST-MD5 plugin for server-side HTTP Digest (RFC 2617). Also make sure that an HTTP request is handed to plugin when required. 2011-04-19 Alexey Melnikov * plugins/gssapi.c: Fix to build GSSAPI with Heimdal (patch from Russ Allbery from Debian) 2011-04-18 Alexey Melnikov * plugins/gs2_token.h: Added gs2_token.h for the "make dist" target (patch by Dan White) 2011-04-13 Alexey Melnikov * cmulocal/sasl2.m4: Only enable GS2 plugin if gss_inquire_mech_for_saslname is defined in gssapi.h 2011-04-12 Alexey Melnikov * plugins/Makefile.am, plugins/makeinit.sh, plugins/ldapdb.c: LDAPDB build fixes from Dan White 2011-04-05 Alexey Melnikov * configure.in, plugins/Makefile.am, plugins/NTMakefile, plugins/makeinit.sh, lib/staticopen.h, win32/include/config.h: Enabled SCRAM plugin build 2011-03-25 Alexey Melnikov * plugins/Makefile.am, plugins/makeinit.sh, plugins/gs2_token.h, plugins/gs2_token.c, README.GS2, cmulocal/sasl2.m4: GS2 plugin from Luke Howard 2011-01-25 Ken Murchison * include/sasl.h, include/saslplug.h, lib/client.c, lib/common.c, plugins/digest-md5.c sample/http_digest_client.c: Allow DIGEST-MD5 plugin to be used for client-side HTTP Digest (RFC 2617) 2011-01-21 Alexey Melnikov * plugins/scram.c: Added support for channel bindings to SCRAM-SHA-1. 2011-01-21 Alexey Melnikov * lib/client.c, lib/server.c, lib/common.c, lib/saslint.h: Fixed libsasl to accept *-PLUS SASL mechanism names in client_mech_list/mech_list options. As *-PLUS mechanism names were synthesized and didn't correspond to real plugin names, setting client_mech_list to "SCRAM-SHA-1-PLUS" (for example) was resulting in authentication failure due to inability to find a matching SASL plugin. 2011-01-21 Alexey Melnikov * include/saslplug.h, lib/client.c: Fixed handling of channel bindings on the client side. The client side was failing to select a suitable SASL mechanism when the application specified channel bindings, but didn't make them mandatory to use. In such a configuration, if a non channel binding capable mechanism was selected through "client_mech_list" SASL option, sasl_client_start would fail. For example if the server supports both SCRAM-SHA-1[-PLUS] and PLAIN and "client_mech_list" was set to "PLAIN", authentication would never work. 2011-01-21 Alexey Melnikov * lib/client.c, lib/server.c: Better default ordering of SASL mechanisms. Ordering by plugins max_ssf produces wrong result in case an application using SASL doesn't care about SASL security layers. Before this change DIGEST-MD5 was always preferred over SCRAM-SHA-1[-PLUS]. In particular this change takes support for channel bindings into considerations. 2011-01-19 Ken Murchison * include/sasl.h, include/saslplug.h, lib/common.c, lib/server.c, plugins/digest-md5.c: Changed server-side of HTTP Digest so that the application must pass an HTTP Request structure (Method/URI/Entity-Body) rather than just the HTTP Method 2011-01-19 Alexey Melnikov * lib/server.c: Server side SASL context should list *-PLUS SASL mechanisms before the corresponding non-PLUS mechanisms for naive SASL clients. 2011-01-19 Alexey Melnikov * lib/common.c: Fixed some Windows warnings in SASL security layer handling. 2011-01-19 Alexey Melnikov * plugins/scram.c: Made the default number of SCRAM hash iterations configurable using a new SASL option called "scram_iteration_counter". Also fixed a couple of error messages. 2011-01-19 Alexey Melnikov * utils/pluginviewer.c: Fixed some Linux warnings in pluginviewer. 2011-01-19 Alexey Melnikov * plugins/scram.c: Added support for storing SCRAM secrets in authPassword attribute. Also added the "scram_secret_generate" option for controlling if authPassword SCRAM secret should be generated or not. By default (when not specified) the authPassword SCRAM secret is NOT generated. 2011-01-19 Alexey Melnikov * plugins/scram.c: Updated the SCRAM plugin not to use the hardcoded SCRAM-SHA-1 plugin name in logging. 2011-01-18 Alexey Melnikov * plugins/digestmd5.c: Use the same username for reauthentication cache lookup and update. Thanks to Ken for pointing out the problem. 2011-01-14 Ken Murchison * plugins/ntlm.c: Flag NTLM plugin as HTTP-ready 2011-01-14 Ken Murchison * include/sasl.h, include/saslplug.h, lib/common.c, lib/server.c, plugins/digest-md5.c: Allow DIGEST-MD5 plugin to be used for server-side HTTP Digest (RFC 2617) 2010-12-01 Alexey Melnikov * lib/server.c: Some reformatting and safer handling of 'free after SASL server shutdown' condition in server_dispose. 2010-12-01 Alexey Melnikov * lib/server.c: server_idle needs to obey server's SASL mechanism list from the server context. 2010-12-01 Alexey Melnikov * lib/client.c, lib/saslint.h: Added support for ordering SASL mechanisms by strength (on the client side), or using the client_mech_list option. 2010-12-01 Alexey Melnikov * include/sasl.h, include/saslplug.h, lib/client.c, lib/common.c, lib/saslint.h, lib/server.c, sample/Makefile.am, sample/client.c, sample/server.c: Added support for channel bindings (patch by Luke Howard). 2010-12-01 Alexey Melnikov * lib/saslutil.c: Fixed the random number generator on Windows to actually produce random output on each run. 2010-12-01 Alexey Melnikov * lib/common.c: Updated textual representations of some error messages 2010-11-30 Alexey Melnikov * plugins/digestmd5.c: Eliminated some "signed/unsigned mismatch" warnings. 2010-11-30 Alexey Melnikov * plugins/digestmd5.c, plugins/srp.c, plugins/otp.c, plugins/ntlm.c, plugins/login.c, plugins/cram.c: Be protective against calling sasl_server_step once authentication has failed. 2010-11-30 Alexey Melnikov * plugins/digestmd5.c: Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. 2010-11-30 Alexey Melnikov * plugins/digestmd5.c: Updated digestmd5_server_mech_step2() to be more defensive against empty client input. 2010-11-30 Alexey Melnikov * plugins/digestmd5.c: Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. 2010-11-30 Alexey Melnikov * plugins/digestmd5.c: Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. This affected some XMPP clients. Patch by Dave Cridland . 2010-11-30 Alexey Melnikov * plugins/digestmd5.c: Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. 2009-08-14 Alexey Melnikov * saslauthd/auth_shadow.c: Rolled back the previous commit (#define _XOPEN_SOURCE before including unistd.h), as this seems to break Solaris 8 build. Note that crypt.h should be present on a Solaris 8 machine, as well is on Debian, so this shouldn't be a problem. 2009-08-04 Alexey Melnikov * plugins/gssapi.c: Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. 2009-07-24 Alexey Melnikov * plugins/gssapi.c: Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. 2009-05-20 Ken Murchison * configure.in, cmulocal/sasl2.m4, config/kerberos_v4.m4, config/plain.m4, config/sasldb.m4, lib/Makefile.am: Fixes to allow static libs to be built in the CMU build environment 2009-05-07 Ken Murchison * configure.in, include/sasl.h, lib/Makefile.am, plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am, win32/common.mak, win32/include/config.h: 2.1.24 2009-05-03 Alexey Melnikov * sample/sample-client.c, sample/sample-server.c, utils/smtptest.c: Fixed bug # 2895 (passing LF to sasl_decode64) 2009-05-03 Alexey Melnikov * lib/NTMakefile: Disabled annoying warnings about use of deprecated standard C library functions, enabled warnings about Windows64 portability 2009-05-03 Alexey Melnikov * configure.in: Added support for SQLite3 (patch by Maxim Gorbachyov) 2009-04-27 Ken Murchison * lib/saslutil.c: Fixed CERT VU#238019 (make sure sasl_encode64() always NUL terminates output or returns SASL_BUFOVER). 2009-04-11 Alexey Melnikov * plugins/sql.c: Fixed SQLite lookup function. Also fixed SASL PLAIN authentication when used with SQLite auxprop backend. 2009-04-11 Alexey Melnikov * lib/dlopen.c: Updated to use .plugin extension on MacOS 2009-04-08 Alexey Melnikov * lib/client.c, lib/server.c: Removed unused mutexes (bug # 3141) 2009-03-10 Alexey Melnikov * include/sasl.h, include/saslplug.h, lib/canonusr.c, lib/checkpw.c, plugins/sasldb.c, plugins/sql.c: Added direct support for hashed password to auxprop API 2009-03-10 Alexey Melnikov * include/sasl.h, lib/canonusr.c, lib/external.c, plugins/gssapi.c, plugins/kerberos4.c: Make auxprop lookup calls in SASL GSSAPI/EXTERNAL optional 2009-03-10 Alexey Melnikov * plugins/sasldb.c: A better fix for spurious 'user not found' errors caused by an attempt to delete a non-existent property 2009-02-21 Alexey Melnikov * include/saslutil.h, lib/saslint.h: Made sasl_config_init public 2009-02-20 Alexey Melnikov * lib/saslint.h, lib/client.c, lib/common.c, lib/server.c: Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called [patch from Debian by fabbe@debian.org] 2009-02-20 Alexey Melnikov * plugins/digestmd5.c: GCC 4.4 requires that the #elif preprocessor directive have a test condition [patch from Debian by fabbe@paniq.net] 2009-02-20 Alexey Melnikov * saslauthd/lak.c: Define LDAP_DEPRECATED so that ldap_get_values is properly defined when compiling [patch from Debian by Dann Frazier ] 2009-02-20 Alexey Melnikov * saslauthd/auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 [patch from Debian by Sam Hocevar ] 2009-02-20 Alexey Melnikov * saslauthd/auth_sasldb.c: Include config.h so that MAXHOSTNAMELEN is available when building on hurd-i386 [patch from Debian by mbanck@debian.org] 2009-02-20 Alexey Melnikov * saslauthd/auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined [patch from Debian by dannf@debian.org] 2009-02-14 Alexey Melnikov * utils/pluginviewer.c: Code cleanup, improved human readable messages 2009-02-14 Alexey Melnikov * lib/config.c: Strip trailing spaces from config file option values (bug # 3139, bug # 3041) 2009-02-14 Alexey Melnikov * plugins/otp.c: Don't use a stack variable for an OTP prompt (bug # 2822) 2009-02-13 Alexey Melnikov * saslauthd/auth_getpwent.c: Fixed Solaris build (patch by Leena Heino for bug # 2666) 2009-02-13 Alexey Melnikov * include/saslplug.h, lib/server.c, plugins/anonymous.c, plugins/gssapi.c, plugins/otp.c: Partial support for the SASL_FEAT_DONTUSE_USERPASSWD feature 2009-01-28 Alexey Melnikov * include/sasl.h, lib/auxprop.c, lib/common.c, lib/server.c: Don't treat a constraint violation as an error to store an auxprop property 2009-01-28 Alexey Melnikov * include/sasl.h, lib/server.c: Extended libsasl (auxprop) to support user deletion 2009-01-28 Alexey Melnikov * plugins/otp.c: Downgrade the failure to store OTP secret to debug level 2009-01-25 Alexey Melnikov * lib/windlopen.c: Free handles of shared libraries on Windows that were loaded but are not SASL plugins (patch by Petr Prazak) [Bug # 2089]. 2008-11-23 Alexey Melnikov * plugins/NTMakefile, win32/common.mak: Added support for building SQLite3 on Windows. 2008-11-23 Alexey Melnikov * plugins/ldapdb.c: Updated LDAPDB lookup function to match auxprop API changes 2008-11-15 Alexey Melnikov * plugins/sql.c: Added SQLITE3 support (patch by Maxim Gorbachyov) 2008-10-31 Ken Murchison * lib/saslint.h, lib/server.c: order advertised mechanisms per the specified 'mech_list' option or by relative "strength" 2008-10-30 Alexey Melnikov * plugins/digestmd5.c: Fixed more portability warnings. Fixed some rare memory leaks. More detailed error reporting. 2008-10-30 Alexey Melnikov * win32/include/config.h, lib/canonusr.c, lib/config.c, sasldb/allockey.c, utils/saslpasswd.c, utils/testsuite.c, sample/sample-server.c, plugins/anonymous.c, plugins/digestmd5.c, plugins/login.c, plugins/ntlm.c, plugins/otp.c: Fixed Windows 64 portability and other types of warnings 2008-10-29 Alexey Melnikov * win32/common.mak: Added support for building libraries. Added support for Windows64. 2008-10-29 Alexey Melnikov * lib/common.c: Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. 2008-10-29 Alexey Melnikov * lib/saslint.h, lib/canonusr.c, lib/checkpw.c, lib/client.c, lib/server.c: Further fixes to auxprop lookup and _sasl_canon_user cleanup 2008-10-29 Alexey Melnikov * include/saslplug.h, lib/auxprop.c, lib/canonusr.c, lib/saslint.h, plugins/sasldb.c, plugins/sql.c: Extended SASL auxprop_lookup to return error code 2008-10-29 Alexey Melnikov * lib/saslutil.c: Fixed Mac OS X 10.3 build. 2008-10-29 Alexey Melnikov * plugins/sql.c: Uninitialized variables cause crash when the searched user is not found (patch from Maxim Gorbachyov ) 2008-10-23 Alexey Melnikov * sasldb/db_berkeley.c: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist 2008-10-23 Alexey Melnikov * lib/checkpw.c: Updated sasl_user_exists so that it can handle passwordless accounts (e.g. disabled) 2008-10-23 Alexey Melnikov * include/saslutil.h, lib/saslint.h, lib/client.c, lib/common.c, lib/saslutil.c, lib/server.c: Added hostname canonicalization 2008-10-22 Alexey Melnikov * lib/NTMakefile, utils/NTMakefile, sample/NTMakefile, plugins/NTMakefile: Updated to build with VC 8.0 (VC++ 2005) 2008-10-22 Alexey Melnikov * lib/NTMakefile: Don't install .exp and .manifest files. Updated build dependencies. 2008-10-21 Alexey Melnikov * lib/saslint.h, lib/client.c, lib/common.c, lib/server.c: Implemented sasl_client_done/sasl_server_done 2008-10-19 Alexey Melnikov * plugins/login.c, plugins/plain.c: Advertise SASL_SEC_PASS_CREDENTIALS feature in PLAIN and LOGIN 2008-10-02 Ken Murchison * lib/checkpw.c: Fixed potential buffer overflow in saslautd_verify_password(). 2008-09-30 Alexey Melnikov * lib/common.c: Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init/ sasl_client_init is called. Failure to do this is causing a crash while locking mutexes. [Bug # 3083] 2008-01-24 Ken Murchison * plugins/ntlm.c: Fixed crash in calculating NTv2 reponse (patch from Tim Costen from Isode) 2008-01-23 Ken Murchison * plugins/ntlm.c, doc/options.html: allow a comma separated list of servernames in 'ntlm_server' option (patch from Enrico Persiani ) 2008-01-23 Ken Murchison * plugins/ldapdb.c, plugins/makeinit.sh, doc/options.html: Added code to extend ldapdb into a canon_user plugin in addition to its existing auxprop plugin functionality (patch from Howard Chu and Torsten Schlabach ) 2008-01-23 Ken Murchison * saslauthd/auth_rimap.c: fixed bug counting double-quotes in username/password. Also fixed bug zeroing password. (patch from Robert Sanderson ) 2008-01-23 Ken Murchison * saslauthd/auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. Now, detailed krb5 error information will be given out in the LOG_DEBUG syslog channel (based on patch from Enrico Scholz ) 2007-06-13 Alexey Melnikov * lib/dlopen.c: 64bit HP-UX uses .so for shared libraries (patch by Nathan Kinder ). 2007-06-13 Alexey Melnikov * plugins/digestmd5.c: Fixed a memory leak in the DIGEST-MD5 security layer (based on patch from Nathan Kinder ). 2007-05-14 Alexey Melnikov * man/*: updated to reference RFC 4422 instead of RFC 2222. 2007-03-02 Alexey Melnikov * plugins/sasldb.c, plugins/sql.c: Ignore properties starting with '*' in the auxprop store function. 2007-02-14 Alexey Melnikov * plugins/digestmd5.c: Fixed parsing of challenges/ responses with extra commas. 2007-01-29 Alexey Melnikov * plugins/gssapi.c: Check that params->serverFQDN is not NULL before using strlen on it (reported by Steven Simon ) 2006-12-01 Alexey Melnikov * lib/common.c: Typecast iov_base to (char *), in case it is defined as "void *" on a platform like HPUX (Olaf Flebbe). 2006-11-27 Alexey Melnikov * plugins/digestmd5.c: Cleaned up comments and some error messages. 2006-08-24 Alexey Melnikov * lib/dlopen.c: Fixed segfault in dlclose on HPUX, based on feedback from . 2006-07-16 Alexey Melnikov * win32/common.mak: Abstracted out compiler command line options for exception handling. 2006-07-04 Alexey Melnikov * saslauthd/auth_shadow.c: Include crypt.h, so that crypt() is defined. This fixes crash on x64 Suse where sizeof(int) != sizeof(char *). Based on patch from rhafer@suse.de. 2006-06-26 Alexey Melnikov * plugins/digestmd5.c: Allow for multiple qop options from the server and require a single qop option from the client. 2006-05-19 Ken Murchison * Makefile.am: include INSTALL.TXT in distro *** Ready for 2.1.22 2006-05-18 Ken Murchison * cmulocal/sasl2.m4: patch to compile with MIT krb5 1.4.3 (Philip Guenther ) 2006-05-18 Alexey Melnikov * configure.in: Fixed default value in help for the --with-authdaemond command line option (Philip Guenther). 2006-05-17 Alexey Melnikov * NEWS: Ready for 2.1.22 2006-05-17 Alexey Melnikov * utils/Makefile.am: enable pluginviewer in the default build. 2006-04-26 Ken Murchison * lib/server.c: call do_authorization() after successful APOP 2006-04-26 Alexey Melnikov * plugins/digestmd5.c: If neither DES nor RC4 cipher is selected, advertise maxssf of 1 (integrity protection). 2006-04-26 Alexey Melnikov * utils/pluginviewer.c: Must set fully qualified domain name in sasl_client_new, or some plugins will not be shown. 2006-04-26 Alexey Melnikov * lib/client.c: Replaced wrong "break" statement with "continue" in the client side list function. 2006-04-25 Alexey Melnikov * plugins/NTMakefile: Enable RC4 cipher in Windows build. 2006-04-25 Alexey Melnikov * plugins/digestmd5.c: Make sure that SASL packets shorter than 16 bytes don't cause buffer overrun. Also prevent an error report from BoundsChecker regarding pointer being out of range. 2006-04-25 Alexey Melnikov * win32/common.mak: Fixed bug of not setting CODEGEN (code generation option) if STATIC is set. 2006-04-24 Alexey Melnikov * plugins/passdss.c, plugins/srp.c: Added include files required by OpenSSL 0.9.8 (original patch by Dan Nicholson). 2006-04-24 Alexey Melnikov * utils/NTMakefile: testsuite.exe doesn't depend on saslSASLDB.dll. 2006-04-24 Alexey Melnikov * doc/windows.html: Updated Windows build instructions. 2006-04-20 Alexey Melnikov * utils/testsuite.c: Removed sasl_encode test which is no longer valid due to changed in sasl_encodev. Also properly terminated all property request lists with NULL. 2006-04-19 Ken Murchison * saslauthd/auth_shadow.c, saslauthd/configure.in: Check for 4/5 argument versions of getXXname_r(). 2006-04-19 Alexey Melnikov * lib/common.c: Andrey V. Malyshev pointed out that the SASL context is always NULL when the default logging callback _sasl_syslog is called. In particular this means that the log_level configuration option is always ignored. 2006-04-19 Alexey Melnikov * configure.in: Search for application configuration files in /usr/lib/sasl2 by default and fall back to /etc/sasl2 if not found. 2006-04-19 Alexey Melnikov * plugins/digestmd5.c: Handle missing realm option from the client as the empty string. This match the behavior prescribed in RFC 2831. 2006-04-19 Alexey Melnikov * saslauthd/Makefile.am: Enable testsaslauthd build by default. 2006-04-18 Alexey Melnikov * lib/saslint.h, lib/common.c: Added support for spliting big data blocks (bigger than maxbuf) into multiple SASL packets in sasl_encodev. 2006-04-10 Alexey Melnikov * utils/Makefile.am: Added the pluginviewer man page. Reordered link dependencies for saslpasswds/sasldblistusers2. 2006-04-10 Alexey Melnikov * utils/pluginviewer.8: Added man page for pluginviewer. 2006-04-10 Alexey Melnikov * utils/pluginviewer.c: Deleted unused command line parameters and cleaned up usage output. 2006-04-10 Alexey Melnikov * include/gai.h: Use HAVE_GETADDRINFO (instead of HAVE_GETNAMEINFO) to protect definition of getaddrinfo(). 2006-04-10 Alexey Melnikov * include/sasl.h: Allocated some GSSAPI specific properties for Nico Williams (Sun) 2006-04-10 Alexey Melnikov * lib/common.c: Free default_plugin_path and default_conf_path variables in sasl_done. 2006-04-10 Alexey Melnikov * sasldb/allockey.c: Cleaned up some warnings 2006-04-10 Alexey Melnikov * win32/include/config.h: Deleted a misleading comment 2006-04-06 Jeffrey Teaton * saslauthd/auth_rimap.c: patch from Dale Sedivec to prevent segfault when saslauth free()s returned string * plugins/sql.c: patch from Matthew Hardin to do better error checking for mysql_real_query 2006-04-03 Alexey Melnikov * configure.in, plugins/NTMakefile, plugins/sasldb.c, sasldb/db_berkeley.c, sasldb/sasldb.h: Patch to keep BerkleyDB handle open between operations (for performance reason). New behavior can be enabled with --enable-keep-db-open. Original patch by Curtis King. 2006-03-14 Alexey Melnikov * lib/server.c: Fixed bug # 2796: load_config now looks in all directories for the config file, not just in the first one. 2006-03-14 Alexey Melnikov * include/saslplug.h, lib/auxprop.c, lib/client.c lib/server.c, utils/Makefile.am, utils/NTMakefile, utils/pluginviewer.c [new]: Added support for reporting information about loaded auxprop plugins. Changed the first parameter to sasl_server_plugin_info/sasl_client_plugin_info to be "const char *". Added new utility for reporting information about client and server side authentication plugins and auxprop plugins (e.g. supported features, methods, etc.). 2006-03-13 Alexey Melnikov * saslauthd/Makefile.am, saslauthd/auth_httpform.c, saslauthd/auth_httpform.h, saslauthd/configure.in, saslauthd/mechanisms.c, saslauthd/mechanisms.h: Added support for HTTP POST password validation in saslauthd (patch by Joe Ammann ) 2006-03-13 Alexey Melnikov * cmulocal/openldap.m4: Allow for compilation with OpenLDAP 2.3+. 2006-03-13 Alexey Melnikov * lib/saslutil.c, utils/testsuite.c: Various fixes to sasl_decode64: don't ignore partial base64 data, don't allow any data after the '=' sign, etc.). 2006-03-13 Alexey Melnikov * lib/saslint.h: Increase canonicalization buffer size to 1024 bytes, as Luke Howard has reported that 256 is too small for some certificates. 2006-03-13 Alexey Melnikov * lib/NTMakefile: Include Cyrus version of getnameinfo() when compiling with Visual Studio 6, as Windows SDK emulation is not available. 2006-02-13 Alexey Melnikov * include/sasl.h, lib/common.c: Added sasl_set_path function (for a more convenient way of setting plugin and config paths. Changed the default sasl_getpath_t/sasl_getconfpath_t callbacks to calculate the value only once and cache it for later use. 2006-02-13 Alexey Melnikov * configure.in, include/sasl.h, lib/common.c, lib/saslinit.h, lib/server.c, man/Makefile.am, man/sasl_callbacks.3, man/sasl_getconfpath_t.3, win32/include/config.h: Added a new sasl_getconf_t callback for specifying where SASL configuration files can be found. Based on patch from Artur Frysiak for SASL v1, updated by Gentoo folks for SASL v2 and further modified by Andreas Hasenack . 2006-01-31 Alexey Melnikov * INSTALL, INSTALL.TXT: Renamed INSTALL to INSTALL.TXT as the former conflicts with Windows "install" target (and Windows file names are case-insensitive). 2005-08-11 Alexey Melnikov * plugins/sasldb.c: Return SASL_NOUSER only if all calls to _sasldb_putdata() return SASL_NOUSER. This prevents spurious SASL_NOUSER errors. 2005-07-07 Alexey Melnikov * plugins/ntlm.c: Added include in order to fix building with OpenSSL 0.9.8. 2005-05-19 Derrick Brashear * config/libtool.m4: do proper quoting, from Andreas Winkelmann * configure.in: clean up enable switches, from Patrick Welche * config/sasldb.m4: fix macro names, from Andreas Winkelmann * lib/client.c: deal with gcc4 strictness, from Steven Simon 2005-05-16 Derrick Brashear * configure.in, include/sasl.h, lib/Makefile.am, plugins/Makefile.am, saslauthd/configure.in, sasldb/Makefile.am, win32/common.mak, win32/include/config.h: 2.1.21 * Makefile.am: fix dist-hook to run makeinit.sh in plugins/ 2005-05-15 Derrick Brashear * saslauthd/lak.c: leak fix from Igor Brezac 2005-05-15 Alexey Melnikov * plugins/NTMakefile: ldapdb on Windows might depend on OpenSSL. 2005-05-06 Derrick Brashear * configure.in, saslauthd/auth_pam.c: detect pam header location also where MacOS provides it, and use it there * utils/Makefile.am: change link order for MacOS * configure.in: provide option to disable installing MacOS SASL2 framework * configure.in, config/kerberos_v4.m4, config/plain.m4, config/sasldb.m4, lib/Makefile.am, sasldb/Makefile.am, (cmulocal/sasl2.m4): fix case where we are building --enable-static --with-dblib=none causing automake's dependancy stuff to screw us when we try to build files with .. in their path 2005-04-11 Derrick Brashear * configure.in, plugins/digestmd5.c: detect and include des.h if it exists, otherwise assume we don't need it (Solaris 9) 2005-04-11 Derrick Brashear * sasldb/Makefile.am, config/sasldb.m4: work around HP-UX make's inability to have pipes in $(shell ...) by setting LOCAL_SASL_DB_BACKEND_STATIC at the same time as SASL_DB_BACKEND_STATIC. 2005-03-15 Alexey Melnikov * lib/dlopen.c: log the reason for opendir() failure when loading plugin. 2005-03-08 Alexey Melnikov * man/sasl_auxprop.3, man/sasl_auxprop_getctx.3, man/sasl_auxprop_request.3, man/sasl_canon_user_t.3, man/sasl_client_init.3, man/sasl_client_new.3, man/sasl_client_start.3, man/sasl_client_step.3, man/sasl_decode.3, man/sasl_errdetail.3, man/sasl_errstring.3, man/sasl_getpath_t.3, man/sasl_getrealm_t.3, man/sasl_getsecret_t.3, man/sasl_server_init.3, man/sasl_server_new.3, man/sasl_server_start.3, man/sasl_server_step.3, man/sasl_setpass.3, man/sasl_user_exists.3, man/sasl_verifyfile_t.3: multiple spelling corrections from Steven Simon . 2005-03-07 Alexey Melnikov * utils/saslpasswd2.8, utils/sasldblistusers2.8: updated manpages. 2005-03-01 Derrick Brashear * lib/common.c: honor log level setting 2005-02-28 Derrick Brashear * README.ldapdb: ldapdb license info 2005-02-25 Alexey Melnikov * include/sasl.h, lib/common.c: Added SASL_VERSION_FULL define 2005-02-22 Alexey Melnikov * plugins/NTMakefile, win32/common.mak: Windows build of the ldapdb auxprop plugin 2005-02-16 Derrick Brashear * configure.in, doc/install.html, doc/options.html, doc/readme.html, doc/sysadmin.html, lib/staticopen.h, plugins/Makefile.am, plugins/ldapdb.c, plugins/makeinit.sh: pull in ldapdb auxprop plugin, from Igor Brezac (Howard Chu's plugin) 2005-02-14 Derrick Brashear * saslauthd/krbtf.c: updated from CMUCS * saslauthd/auth_krb5.c: log the krb5 error return if get_creds fails 2005-02-01 Alexey Melnikov * win32/include/config.h: Updated to match gai.h changes. * win32/include/config.h: added define for the OTP plugin. 2005-01-27 Derrick Brashear * configure.in, include/gai.h: move AI_NUMERICHOSTS definitions to config.h because gai.h is not always included. 2005-01-10 Derrick Brashear * saslauthd/auth_krb5.c, saslauthd/auth_krb4.c, saslauthd/krbtf.h (added), saslauthd/krbtf.c (added), saslauthd/cfile.h (added), saslauthd/cfile.c (added), saslauthd/Makefile.am: Kerberos V4/V5 alternate keytab in saslauthd, plus common code merging (from David Eckhardt via Dale Moore) 2004-12-08 Alexey Melnikov * doc/windows.html: Updated as per recent build changes. * plugins/ntlm.c: Fixed NTLM build on Windows, as compiler was complaining about array size not being a const. * lib/NTMakefile, plugins/NTMakefile, win32/common.mak, win32/include/config.h: Use native IPv6 support on Windows, falling back to Microsoft emulation. Cleaner support for Visual Studio 6. 2004-11-24 Ken Murchison * plugins/sql.c: squashed unused parameter warnings 2004-11-24 Ken Murchison * plugins/passdss.c: added; PASSDSS-3DES-1 implementation * configure.in, plugins/Makefile.am, plugins/makeinit.sh: added support for PASSDSS * doc/draft-newman-sasl-passdss-xx.txt: added * doc/index.html, doc/Makefile.am: added PASSDSS draft 2004-11-19 Derrick Brashear * saslauthd/auth_krb5.c: verify against the service we were passed. needs to be made configurable. 2004-11-10 Alexey Melnikov * doc/draft-burdis-cat-srp-sasl-08.txt: deleted * doc/draft-ietf-sasl-anon-02.txt: deleted * doc/draft-ietf-sasl-crammd5-01.txt: deleted * doc/draft-ietf-sasl-gssapi-00.txt: deleted * doc/draft-ietf-sasl-plain-03.txt: deleted * doc/draft-ietf-sasl-rfc2222bis-03.txt: deleted * doc/draft-ietf-sasl-rfc2831bis-02.txt: deleted * doc/draft-ietf-sasl-saslprep-04.txt: deleted * doc/draft-newman-sasl-c-api-01.txt: deleted * doc/draft-burdis-cat-srp-sasl-xx.txt: added * doc/draft-ietf-sasl-anon-xx.txt: added * doc/draft-ietf-sasl-crammd5-xx.txt: added * doc/draft-ietf-sasl-gssapi-xx.txt: added * doc/draft-ietf-sasl-plain-xx.txt: added * doc/draft-ietf-sasl-rfc2222bis-xx.txt: added * doc/draft-ietf-sasl-rfc2831bis-xx.txt: added * doc/draft-ietf-sasl-saslprep-xx.txt: added * doc/draft-newman-sasl-c-api-xx.txt: added * doc/index.html, doc/Makefile.am: Renamed the files 2004-11-02 Alexey Melnikov * include/saslplug.h, lib/common.c, lib/saslint.h, lib/client.c: Added sasl_client_plugin_info(). 2004-10-26 Alexey Melnikov * sample/sample-client.c, sample/sample-server.c: Fixed several 64 bit portability warnings. * utils/testsuite.c: Fixed several 64 bit portability warnings. * utils/saslpasswd.c: Fixed typo in an auxprop name. * include/saslplug.h, lib/common.c, lib/saslint.h, lib/server.c: Added sasl_server_plugin_info(). 2004-10-24 Derrick Brashear * lib/common.c: initialize path in case caller didn't. 2004-10-24 Derrick Brashear * Prep for 2.1.20 2004-10-19 Derrick Brashear * Makefile.am, saslauthd/Makefile.am: require automake 1.7; prior versions require AM_CONFIG_HEADER and dislike AM_LDFLAGS 2004-10-14 Ken Murchison * plugins/ntlm.c: portability fixes from Alexey, and squashed a signed/unsigned warning 2004-10-14 Alexey Melnikov * lib/NTMakefile: Don't install intermediate file libsasl.res 2004-09-22 Derrick Brashear * lib/common.c: don't honor SASL_PATH in setuid environment. from Gentoo 2004-09-08 Alexey Melnikov * plugins/cram.c, plugins/anonymous.c, plugins/login.c, plugins/plain.c, plugins/sasldb.c: Fixed several 64 bit portability warnings 2004-09-02 Derrick Brashear * plugins/kerberosv4.c: simple explanation in the code of one possible error you might see in strange circumstances; i should probably make openssl's des unable to be used if mit krb5 is being used. 2004-08-06 Derrick Brashear * plugins/cram.c: initialize authid to null so stack garbage is not pushed into _sasl_canon_user 2004-07-29 Rob Siemborski * plugins/digestmd5.c: Fix handling of client realm callback (Alexey Melnikov ) 2004-07-21 Rob Siemborski * plugins/gssapi.c: Memory management cleanup (Alexey Melnikov ) 2004-07-15 Rob Siemborski * configure.in, plugins/gssapi.c: Wrap all GSS calls in mutexes when required by the implementation. (based on a patch by Simon Wilkinson ) 2004-07-06 Rob Siemborski * plugins/digestmd5.c: Fix potential buffer overflow, call add_to_challenge in 2 more places (Alexey Melnikov ) * lib/server.c, lib/saslint.h, lib/common.c: don't directly store buffers in the params structure * plugins/gssapi.c: Fix server side maxoutbuf calculation (Sam Hartman ) * plugins/gssapi.c: Use gss_wrap_size_limit on client side too * Ready for 2.1.19 2004-07-01 Rob Siemborski * Prep for 2.1.19 2004-06-30 Rob Siemborski * saslauthd/auth_rimap.c: Fix Tru64 compilation problem * plugins/sql.c: Don't leak settings variable if init fails * utils/testsuite.c: Update for current library * plugins/digestmd5.c: Quoting fixes for client side (Alexey Melnikov ) 2004-06-23 Rob Siemborski * saslauthd/lak.c: Minor bugfixes, support %R token (Igor Brezac ) * plugins/otp.c: Use plugin supplied authid for mech calculations (Alexey Melnikov ) * lib/auxprop.c: Use getopt callback from connection context when storing auxprops (Alexey Melnikov ) * plugins/otp.c, plugins/srp.c, plugins/plugin_common.c: Use correct form of userid (user@realm) when running setpass methods (Alexey Melnikov ) * saslauthd/configure.in: Handle LTLIBOBJS 2004-06-18 Rob Siemborski * plugins/NTMakefile: Remove only recognized (generated) .rc files, not just *.rc. This will allow for plugins with own resource files. Also corrected spelling mistake in OPENSSL (Alexey Melnikov ) * lib/server.c, include/sasl.h: Support for SASL_SET_CURMECH_ONLY flag to sasl_setpass() (Alexey Melnikov ) 2004-06-16 Ken Murchison * lib/server.c: use more accurate errors codes for mech_permitted() 2004-06-16 Ken Murchison * plugins/srp.c: don't used the parsed authid for calculations (Alexey Melnikov ) 2004-06-16 Rob Siemborski * Support for forwarding of GSSAPI credentials (Morten Olsen ) 2004-06-03 Rob Siemborski * win32/config.mak: Remove unneeded libraries (Alexey Melnikov ) 2004-06-02 Rob Siemborski * Spelling Fixes (selsky@columbia.edu) 2004-05-27 Rob Siemborski * SQLite support (Norikatsu Shigemura ) * SQLite support on windows (Alexey Melnikov ) 2004-05-25 Ken Murchison * plugins/digest-md5.c: use separate global contexts for client/server 2004-05-21 Rob Siemborski * configure.in, lib/Makefile.am: Better handling of -ldoor library addition (only add it to base library, don't add -lpthread) * saslauthd/auth_krb5.c: zero out the krb5_data structure before use 2004-05-20 Rob Siemborski * include/sasl.h, lib/common.c, lib/saslint.h, lib/server.c: Add SASL_APPNAME to sasl_getprop/sasl_setprop for further compatibilty with SASL C API draft (Alexey Melnikov ) 2004-05-18 Ken Murchison * plugins/digest-md5.c: made the global context a struct containing the reauth_cache so we can NULL it after we free it 2004-05-07 Ken Murchison * contrib/stripplus_canonuser.patch: added 2004-04-27 Rob Siemborski * saslauthd/auth_shadow.c: Make thread-safe (Steve Barber ) 2004-04-26 Rob Siemborski * saslauthd/auth_krb5.c: Alternate realm support for Kerberos 5 2004-04-16 Ken Murchison * plugins/ntlm.c: Mac OS X fix (Chris Ridd ) 2004-04-14 Ken Murchison * plugins/plain.c: don't include authzid in response unless specified by client 2004-03-29 Rob Siemborski * sample/server.c: Ensure that len has a value 2004-03-25 Rob Siemborski * saslauthd/saslauthd-main.c: add -r option to saslauthd for combining user and realm into user@realm (for the userid). Based on a patch by Jeremy Rumpf . 2004-03-17 Rob Siemborski * lib/checkpw.c: Include errno.h when HAVE_AUTHDAEMON is defined * doc/windows.html: Updates (Alexey Melnikov ) 2004-03-16 Rob Siemborski * configure.in: Properly use CMU_ADD_LIBPATH_TO for pgsql and mysql 2004-03-10 Rob Siemborski * lib/dlopen.c: HPUX 11 Fix (Alexey Melnikov ) * Add sasl_version_info() (Alexey Melnikov ) * Add a bunch of NTMakefile files to EXTRA_DIST in Makefile.am's * Ready for 2.1.18 2004-03-08 Rob Siemborski * NI_WITHSCOPEID fixes (Hajimu UMEMOTO ) - correct Solaris 9 IPLOCALPORT/IPREMOTEPORT issue 2004-02-24 Rob Siemborski * acinclude.m4: move to config/libtool.m4 * saslauthd/lak.[ch]: Added filter based group membership check (Paul Bender , Igor Brezac ) 2004-02-23 Rob Siemborski * plugins/NTMakefile: Enable DO_SRP_SETPASS on windows (Alexey Melnikov ) * doc/windows.html: Updates (Alexey Melnikov ) * win32/: Add version resource info to plugins (Alexey Melnikov ) * plugins/digestmd5.c: Comments and other cleanup 2004-02-20 Rob Siemborski * lib/server.c, include/saslplug.h: Allow "temporary failure" return values from mech_avail * lib/canonusr.c, lib/server.c: Comment Nits (Alexey Melnikov ) * plugins/NTMakefile, plugins/plugin_common.h, plugins/plugin_common.c, plugins/otp.c: build OTP on Windows (Alexey Melnikov ) 2004-02-19 Ken Murchison * plugins/ntlm.c, sample/server.c, sample/client.c: error checking of getnameinfo() (Paul Kranenburg ) * plugins/ntlm.c: alignment and endian fixes in load_session_setup() (Paul Kranenburg ) 2004-02-18 Rob Siemborski * doc/NTMakefile, NTMakefile: nmake install support for doc/ (Alexey Melnikov ) * plugins/digestmd5.c: Check that digest-uri is only sent once (Alexey Melnikov ) * utils/Makefile.am: add LIB_PGSQL to static link line 2004-02-17 Rob Siemborski * win32/include/config.h: caddr_t might be already defined elsewhere (Alexey Melnikov ) * lib/NTMakefile, include/saslutil.h: getopt might be already defined elsewhere. The change will produce libsasl.dll which exports getopt, buat a define can be used to prevent import of getopt from libsasl.dll. (Alexey Melnikov ) 2004-02-16 Rob Siemborski * configure.in: Remove deprecated AC_PROG_RANLIB, CMU_PROG_LIBTOOL (Patrick Welche ) * lib/dlopen.c: OpenBSD ELF patch (J.C. Roberts) 2004-02-06 Rob Siemborski * lib/NTMakefile, utils/NTMakefile: fix "clean" target (Alexey Melnikov ) * General winsock.h -> winsock2.h conversion (Alexey Melnikov ) * plugins/plugin_common.h: add extern "C" wrapper (Alexey Melnikov ) 2004-01-23 Rob Siemborski * Remove "experimental" designation from saslauthd/ldap * Correct handling of sasl_setpass errors when no mechanisms implement the setpass interface (Alexey Melnikov ) 2004-01-20 Rob Siemborski * configure.in: minor sql nit (Edward Rudd ) * lib/staticopen.h: MYSQL should be SQL (Edward Rudd ) 2004-01-12 Rob Siemborski * win32/include/config.h: fix VC++ 6.0 compiles (Alexey Melnikov ) * configure.in: Correct use of AC_LIBOBJ, quote macro names defined by AC_DEFUN, Use enable_shared to determine whether to enable the shared plugin. (Maciej W. Rozycki ) * plugins/srp.c: Fix typos (Maciej W. Rozycki ) * saslauthd/configure.in: Correct use of AC_LIBOBJ (Maciej W. Rozycki ) 2004-01-08 Ken Murchison * plugins/sql.c: better error logging 2004-01-07 Rob Siemborski * lib/checkpw.c & others: Support for Courier-IMAP authdaemond use during password verification (Leandro Santi ) 2003-12-30 Rob Siemborski * saslauthd/lak.c: Fix NULL pointer dereference (Simon Brady ) * saslauthd/lak.c, lak.h, LDAP_SASLAUTHD: Improved retry handler, Improved logging/debug messages, Fixed String checks, config option changes (Igor Brezac ) 2003-12-22 Rob Siemborski * plugins/digestmd5.c: Fix memory leak (Alexey Melnikov ) 2003-12-18 Rob Siemborski * plugins/plugin_common.c: Fix handling of blob unwrapping in _plug_decode * lib/checkpw.c: Fix some file descriptor leaks during failures in the saslauthd code. 2003-12-15 Rob Siemborksi * utils/saslauthd.c: Fix Typo (Alexey Melnikov ) * plugins/plugin_common.c: Fix potential memory leak * lib/external.c: Limit size of authzids in EXTERNAL * plugins/gssapi.c: Pre-init some variables * lib/cram.c: Detect possible buffer overrun * lib/checkpw.c: Post-fence bug (Leandro Santi ) 2003-12-12 Rob Siemborski * saslauthd/lak.c: assign null to free variables (Juan Felipe Garcia ) * saslauthd/lak.c: Improve retry when ldap connection is reset (1st pass) (Igor Brezac ) 2003-12-11 Rolf Braun * Several MacOS X Fixes 2003-12-06 Ken Murchison * lib/checkpw.c, lib/server.c, plugins/cram.c, plugins/digestmd5.c, plugins/ntlm.c, plugins/otp.c, plugins/srp.c: erase the plaintext password property from the context when we're done with it 2003-12-01 Ken Murchison * doc/draft-ietf-sasl-crammd5-01.txt: added * doc/draft-ietf-sasl-gssapi-00.txt: added * doc/draft-ietf-sasl-plain-03.txt: added * doc/draft-ietf-sasl-rfc2222bis-03.txt: added * doc/draft-ietf-sasl-saslprep-04.txt: added * doc/draft-ietf-sasl-crammd5-00.txt: deleted * doc/draft-ietf-cat-sasl-gssapi-05.txt: deleted * doc/draft-ietf-sasl-plain-02.txt: deleted * doc/draft-ietf-sasl-rfc2222bis-02.txt: deleted * doc/draft-ietf-sasl-saslprep-03.txt: deleted * doc/index.html, doc/Makefile.am: updated to latest version of SASL drafts 2003-12-01 Rob Siemborski * Fix build nit in IRIX. * Actual 2.1.17 release. 2003-11-28 Rob Siemborski * Ready for 2.1.17 2003-11-19 Rob Siemborski * config/kerberos_v4.m4: Disable KERBEROS_V4 support by default 2003-11-14 Rob Siemborski * lib/server.c: do authorization callback in sasl_checkpass() (Chris Newman ) 2003-11-11 Ken Murchison * lib/client.c: allow serverFDQN to be NULL in sasl_client_new() * plugins/digestmd5.c, gssapi.c: require that we have serverFQDN for the client side of the plugin 2003-11-07 Rob Siemborski * --with-gss_impl configure option (Alexey Melnikov ) 2003-11-06 Rob Siemborski * nmake install support for Win32 (Alexey Melnikov ) 2003-11-03 Ken Murchison * include/saslplug.h, lib/server.c, plugins/cram.c, plugins/digestmd5.c, plugins/ntlm.c, plugins/otp.c, plugins/srp.c: return SASL_TRANS to the application where appropriate (auto_transition enabled with writable auxprop) 2003-10-30 Rob Siemborski * saslauthd/lak.c: OpenLDAP 2.0 Compatability Fix (Igor Brezac ) * saslauthd/ipc_unix.c: Fix buglet of not using saved errno value (Jeremy Rumpf ) 2003-10-20 Rob Siemborski * Win64 warning squashing (Alexey Melnikov ) * GSSAPI cleanups and fixes (Alexey Melnikov ) 2003-10-14 Rob Siemborski * Ready for 2.1.16-BETA 2003-10-08 Rob Siemborski * Support for autoconf 2.57, automake 1.7 * Minor m4 quoting fixes (Patrick Welche ) 2003-10-07 Ken Murchison * plugins/sql.c: removed sql_delete - don't DELETE rows from the table, just set the properties to NULL; fix a stupid logic error in my PgSQL changes * doc/options.html: removed sql_delete option; clarifications * doc/install.html: note that we require PostgreSQL v7.2+ 2003-10-06 Ken Murchison * plugins/sql.c: use the correct propctx in sql_auxprop_store() 2003-10-06 Maya Nigrosh * plugins/sql.c: tiny bugfix to begin pgsql transactions 2003-10-04 Ken Murchison * plugins/sql.c: only do a txn when we have a property to fetch; _pgsql_open() cleanup/fixes; more intelligient sql_usessl parsing; require sql_select option * doc/options.html: reorganized SQL option descriptions 2003-10-03 Rob Siemborski * sasldb/allockey.c, sasldb/sasldb.h, utils/sasldblistusers.c: Add enumeration capability to the sasldb API (Alexey Melnikov ) 2003-10-02 Ken Murchison * plugins/sql.c: changed abstraction layer for transactions 2003-10-01 Rob Siemborski * doc/: Documentation Update (Alexey Melnikov ) * plugins/NTMakefile, plugins/srp.c: Win32 SRP Support (Alexey Melnikov ) 2003-09-30 Rob Siemborski * plugins/digestmd5.c: Clean up some warnings * lib/canonusr.c, win32/include/config.h, win32/common.mak, include/saslplug.h: Minor Cleanup (Alexey Melnikov ) * utils/NTMakefile, utils/sasldblistusers.c, utils/saslpasswd.c: Add version options to command line utilities (Alexey Melnikov ) 2003-09-29 Ken Murchison * plugins/sql.c, doc/options.html: added sql_update and sql_delete for a complete auxprop_store() implementation; logic cleanup 2003-09-25 Rob Siemborski * utils/saslpasswd.c: Win32 perror() related patch (Alexey Melnikov ) 2003-09-25 Ken Murchison * plugins/sql.c: renamed sql_statement to sql_select, cleanup and bugfixes 2003-09-23 Rob Siemborski * doc/gssapi.html: Misc updates (Alexey Melnikov ) * lib/Makefile.am, plugins/Makefile.am, saslauthd/Makefile.am, sasldb/Makefile.am: Cleanup INCLUDES for different build directories. (Alexey Melnikov ) 2003-09-23 Maya Nigrosh * plugins/sql.c: put transaction handling around the entirety of the queries, and not just per-property; return the result status of bad postgres tuples 2003-09-22 Maya Nigrosh * plugins/sql.c: added semicolon at the end of each sql statement 2003-09-19 Maya Nigrosh * plugins/sql.c: moved transaction handling to a more useful place, minor bugfixes 2003-09-18 Ken Murchison * lib/server.c: log a message when no password change is attempted (Alexey Melnikov ) 2003-09-17 Ken Murchison * plugins/sql.c: misc fixes from Patrick Welche 2003-09-16 Ken Murchison * doc/mechanisms.html: updated to latest versions of LOGIN and SRP drafts 2003-09-15 Ken Murchison * doc/draft-ietf-sasl-rfc2222bis-02.txt: added * doc/draft-ietf-sasl-rfc2222bis-01.txt: deleted * doc/index.html, doc/Makefile.am: updated to latest version of SASL draft 2003-09-14 Ken Murchison * plugins/ntlm.c, plugins/plugin_common.[ch]: Win32 support (Alexey Melnikov ) 2003-09-12 Rob Siemborski * plugins/sql.c: Log errors on connect failures (based on patch from Bruce M Simpson ) * plugins/NTMakefile: Add support for GSSAPI=CyberSafe (Alexey Melnikov ) 2003-09-10 Maya Nigrosh * plugins/sql.c: created generic sql store function, added transaction handling to sql statements * doc/options.html: put pretty new options in the documentation 2003-09-10 Rob Siemborski * plugins/gssapi.c, win32/config.mak, sample/: Win32 Fixes (Alexey Melnikov ) 2003-09-09 Rob Siemborski * lib/NTMakefile: Minor nit (Alexey Melnikov ) 2003-09-09 Ken Murchison * plugins/ntlm.c: use retry_read() instead of just read() * lib/checkpw.c, plugins/ntlm.c, saslauthd/utils.c: squash signed/unsigned warning 2003-09-08 Ken Murchison * plugins/ntlm.c: fix byte-alignment and password handling problems 2003-09-03 Rob Siemborski * lib/checkpw.c: Check return value of door_call (Gary Mills ) * saslauthd/ipc_doors.c: Implement thread limiting, minor cleanup and error checking (Gary Mills ) * plugins/digestmd5.c: Fix minor interop issues, limit maxbuf (Alexey Melnikov ) 2003-09-02 Ken Murchison * plugins/ntlm.c, doc/options.html: added support for NTLMv2 responses; fixed potential buffer overflow 2003-09-02 Rob Siemborski * lib/common.c, lib/server.c, lib/NTMakefile, include/md5.h: more windows compatibility (Alexey Melnikov ) * plugins/NTMakefile: Add ability to build NTLM plugin under Win32 (Alexey Melnikov ) * utils/NTMakefile: Add ability to build testsuite (Alexey Melnikov ) * saslauthd/lak.c: Minor error message fix (Igor Brezac ) 2003-08-29 Ken Murchison * doc/draft-murchison-sasl-login-00.txt: added * doc/draft-sasl-login.txt: deleted * doc/index.html, doc/Makefile.am: updated to "official" LOGIN draft 2003-08-29 Rob Siemborski * plugins/gssapi.c: properly compute GSSAPI MAXOUTBUF (Paul Turgyan ) * Further Win32 cleanup + HIER_DELIMITER usage (Alexey Melnikov ) 2003-08-28 Rob Siemborski * include/md5.h, lib/md5.c: Misc cleanup (Alexey Melnikov ) * utils/sasldblistusers.c: UI Cleanup, Win32 support (Alexey Melnikov ) * acconfig.h: add HIER_DELIMITER 2003-08-27 Ken Murchison * plugins/digestmd5.c: handle OpenSSL 0.9.7+ w/o old DES support 2003-08-26 Ken Murchison * plugins/ntlm.c: only send one NT/LM response to server (NT preferred); don't use canonified authid when proxying 2003-08-24 Ken Murchison * plugins/ntlm.c, doc/options.html: allow NTLM authentication to be optionally proxied to an NT server (ntlm_server option) 2003-08-24 Ken Murchison * lib/common.c: added support for unsigned int types in _sasl_log() 2003-08-18 Rob Siemborski * Improvements in Win32 build system from Alexey Melnikov 2003-08-14 Rob Siemborski * doc/*: Massive documentation updates. 2003-08-13 Ken Murchison * doc/index.html: added reference to a CIFS (SMB/NTLM) document 2003-08-12 Ken Murchison * doc/index.html: added reference to a good NTLM document 2003-07-29 Ken Murchison * plugins/cram.c: don't truncate long secrets to 64 bytes on the client-side of CRAM-MD5 (jiang_xiong@yahoo.com) 2003-07-28 Rob Siemborski * plugins/gssapi.c: another missed pointer init (Will Fiveash ) 2003-07-26 Rob Siemborski * lib/server.c: Missed pointer initialization fix ("Dave Cridland [Home]" ) 2003-07-26 Ken Murchison * plugins/digestmd5.c: merged privacy and integrity security layer code and removed use of tmp buffers for security layer 2003-07-25 Ken Murchison * plugins/srp.c: removed use of tmp buffer for security layer; don't make a big buffer out of iovecs when encoding * lib/server.c, plugins/login.c, plugins/plain.c: better handling of auto_transition -- doesn't try to transition from auxprop to auxprop 2003-07-25 Rob Siemborski * configure.in: Fix up some mysql/pgsql detection * plugins/gssapi.c: improved error reporting (William Fiveash ) * cmulocal/sasl2.m4, saslauthd/mechanisms.h: Improved GSSAPI detection (don't default to MIT, require HAVE_KRB5_H for the kerberos5 saslauthd module) (Rainer Orth ) 2003-07-24 Ken Murchison * plugins/srp.c: updated security layer code to be closer to draft -08 2003-07-23 Rob Siemborksi * saslauthd/utils.[ch], saslauthd/configure.in: Detect/replace strlcpy and strlcat (based on ideas from Igor Brezac ) 2003-07-22 Ken Murchison * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c, plugins/plugin_common.[ch]: moved encoded packet buffering into _plug_decode() 2003-07-21 Ken Murchison * plugins/srp.c: updated auth code to draft -08 (layers still need to be updated) * configure.in, plugins/srp.c: use auxprop_store() instead of direct sasldb access 2003-07-21 Rob Siemborski * configure.in: add runpath information for MySQL and Postgres; better behavior for the interaction of --enable-sql and --with-mysql / --with-pgsql * saslauthd/lak.[ch]: %d to be derived from %u if it can be, otherwise use %r (to account for the recent change in the core library). Add ldap_default_realm parameter (Igor Brezac ) 2003-07-18 Rob Siemborski * plugins/digestmd5.c: Client side of digest md5 doesn't have quotes around its cypher= directive (Bug 2113). * saslauthd/lak.[ch]: support for ldap sasl binds, support for tls (Igor Brezac ) 2003-07-17 Ken Murchison * include/sasl.h, include/saslplug.h, * lib/auxprop.c, lib/common.c, lib/server.c, plugins/sasldb.c: implemented writable auxprops * configure.in, plugins/otp.c, utils/saslpasswd: use auxprop_store() instead of direct sasldb access * doc/options.html, lib/server.c: implemented 'noplain' option for auto_transition 2003-07-17 Rob Siemborski * lib/config.c: Remove sasl_config_getint and sasl_config_getswitch because they are unused and confusing * lib/checkpw.c: Correctly split realm from username in saslauthd_verify_password 2003-07-15 Ken Murchison * plugins/sql.c, doc/options.html: added sql_usessl option 2003-07-15 Ken Murchison * plugins/mysql.c: deleted * plugins/sql.c: added * acconfig.h, configure.in, doc/components.html, doc/options.html, doc/sysadmin.html, plugins/Makefile.am, plugins/makeinit.sh: deprecated MySQL plugin in favor of a new generic SQL plugin (currently supports MySQL and PostgreSQL) 2003-07-15 Rob Siemborski * Ready for 2.1.15 2003-07-03 Rob Siemborski * doc/components.html: added in the hopes that this gives a better description of how all the components interact 2003-07-02 Ken Murchison * doc/draft-ietf-sasl-anon-02.txt: added * doc/draft-ietf-sasl-plain-02.txt: added * doc/draft-ietf-sasl-saslprep-03.txt: added * doc/draft-ietf-sasl-anon-01.txt: deleted * doc/draft-ietf-sasl-plain-01.txt: deleted * doc/index.html, doc/Makefile.am: updated to latest versions of PLAIN, ANONYMOUS, SASLprep drafts 2003-07-02 Rob Siemborski * acconfig.h, cmulocal/sasl2.m4, plugins/gssapi.c: Properly detect HAVE_GSS_C_NT_USER_NAME (Rainer Orth ) 2003-07-01 Rob Siemborski * plugins/kerberos4.c: Fix some maxoutbuf handling issues 2003-07-01 Rob Siemborski * plugins/mysql.c: Check return value of mysql_init (Ivan Kelly ) 2003-07-01 Ken Murchison * doc/draft-burdis-cat-srp-sasl-08.txt: added * doc/draft-ietf-sasl-rfc2222bis-01.txt: added * doc/draft-ietf-sasl-rfc2831bis-02.txt: added * doc/draft-burdis-cat-srp-sasl-06.txt: deleted * doc/draft-ietf-sasl-rfc2222bis-00.txt: deleted * doc/draft-ietf-sasl-rfc2831bis-01.txt: deleted * doc/index.html, doc/Makefile.am: updated to latest versions of SASL, SRP, DIGEST-MD5 drafts 2003-06-30 Rob Siemborski * plugins/mysql.c: Call mysql_init() too (Hajimu UMEMOTO ) 2003-06-28 Rob Siemborski * doc/sysadmin.html: Add more text about how to use realms. 2003-06-27 Rob Siemborski * Ready for 2.1.14 2003-06-11 Rolf Braun * config/kerberos_v4.m4: fix fallback to -lkrb4 when --enable-krb4 is specified * config/ltconfig: * config/ltmain.sh: make the darwin libtool work on OS X v10.2 (bash/zsh shell syntax, and don't link bundles with extra args) * dlcompat-20010505/dlopen.c: back out bogus delimiter change * doc/macosx.html: update for 10.2 and add known problems section * mac/osx_cfm_glue/cfmglue.c: fix sasl_done followed by client_init 2003-06-11 Rob Siemborski * man/sasl_client_new.3, man/sasl_server_new.3: Security flags don't belong here, connection flags do. 2003-06-10 Ken Murchison * doc/draft-ietf-sasl-crammd5-00.txt: added * doc/draft-nerenberg-sasl-crammd5-03.txt: deleted * doc/index.html, doc/Makefile.am: updated to WG version of CRAM-MD5 draft 2003-05-30 Rob Siemborski * plugins/gssapi.c: If we get an empty output token back from gss_accept_sec_context, return an empty string to transmit to the client. 2003-05-30 Ken Murchison * doc/draft-ietf-sasl-rfc2831bis-01.txt: added * doc/draft-ietf-sasl-rfc2831bis-00.txt: deleted * doc/index.html, doc/Makefile.am: updated to latest version of DIGEST-MD5 draft 2003-05-28 Ken Murchison * doc/draft-ietf-sasl-anon-01.txt: added * doc/draft-ietf-sasl-plain-01.txt: added * doc/draft-ietf-sasl-rfc2222bis-00.txt: added * doc/draft-ietf-sasl-anon-00.txt: deleted * doc/draft-ietf-sasl-plain-00.txt: deleted * doc/draft-myers-saslrev-02.txt: deleted * doc/index.html, doc/Makefile.am: updated to latest versions of SASL, PLAIN, ANONYMOUS drafts 2003-05-21 Rob Siemborski * saslauthd/ipc_unix.c: Accept File Descriptor Locking Fixes (found by Leena Heino ) * saslauthd/cache.c: Similar fixes (Jeremy Rumpf ) 2003-05-15 Rob Siemborski * configure.in: Actually listen to --disable-java (Maciej W. Rozycki ) * saslauthd/saslauthd-main.h: Increase listen backlog to match Cyrus master process (Igor Brezac ) 2003-05-14 Rob Siemborski * config/kerberos_v4.m4: Minor nit (Carlos Velasco ) * plugins/gssapi.c: Use GSS_C_NT_USER_NAME to work around Solaris 8/9 libgss bug. (gssapi_client_mech_step): Pass GSS_C_NO_BUFFER to first invocation of gss_init_sec_context to work around Solaris 8/9 mech_krb5 bug. (Rainer Orth ) * cmulocal/sasl2.m4: Check for Sun SEAM GSS-API implementation (Rainer Orth ) * saslauthd/configure.in: Check for krb5.h. Don't define if GSSAPI is present. (Rainer Orth ) * saslauthd/mechanisms.h: Test for HAVE_KRB5_H instead of HAVE_GSSAPI_H to activate AUTH_KRB5. (Rainer Orth ) * plugins/mysql.c: Use mysql_real_connect() instead of mysql_connect() (Petri Riihikallio ) * saslauthd/: Misc ANSI C cleanups (Jeremy Rumpf ) 2003-05-13 Rob Siemborski * config/sasldb.m4, utils/Makefile.am: fix installation of man pages that are homed in the utils/ directory * include/*.h: Add extern "C" blocks for C++ compiles 2003-05-06 Rob Siemborski * saslauthd/saslauthd-main.c: misc spelling and UI cleanups 2003-04-16 Rob Siemborski * saslauthd/saslauthd-main.c: Don't set the auth mech until all options have been processed. (Peter Stamfest ) * lib/client.c, lib/common.c, lib/saslint.h, lib/server.c: Do reference counting of the number of times sasl has been inited/doned. 2003-04-15 Rob Siemborski * config/ltmain.sh: fix some portability problems in the use of expr (Oliver Eikemeier ) 2003-04-14 Rob Siemborski * Ready for 2.1.13 2003-04-08 Rob Siemborski * lib/external.c, lib/server.c: use mech_avail to disable EXTERNAL instead of special casing it (Chris Newman ) 2003-03-31 Rob Siemborski * saslauthd/ipc_unix.c, saslauthd/saslauthd-main.c, saslauthd/saslauthd-main.h: use the pidfile locking from the Cyrus IMAPd master process (implemented for saslauthd by Igor Brezac ) * configure.in, acconfig.h: Add configure option to set what we use for /dev/random 2003-03-28 Rob Siemborski * saslauthd/: Unify the source files so that the IPC methods are broken out into a separate API. Cacheing of authentication credentials is also available as a command-line option. Other changes include: Remove Time of Day Flag, omit SO_REUSEADDR on AF_UNIX sockets, make using the accept-socket locking runtime configurable, and misc other cleanup. (Jeremy Rumpf ) 2003-03-26 Rob Siemborski * plugins/plain.c: Defend against memory leak on canon_user failure (Chris Newman ) 2003-03-19 Rob Siemborski * lib/auxprop.c, lib/checkpw.c, lib/common.c, lib/saslutil.c, lib/server.c: Assorted minor fixes from Sun Microsystems (provided by Chris Newman ) 2003-03-13 Rob Siemborski * saslauthd/lak.c: Fix a memset length. (Igor Brezac ) 2003-03-06 Rob Siemborski * plugins/digestmd5.c: fix parity of digest-uri test * lib/client.c, common.c, saslint.h, server.c: Pass global callbacks to global utils structure (Howard Chu ) * saslauthd/auth_krb5.c: Fix memory/file descriptor leak in krb5 authentication (Jonathen Chen ) * saslauthd/lak.c, lak.h, LDAP_SASLAUTHD: Remove ldap_cache code, and rename MAX() to LAK_MAX() 2003-02-20 Ken Murchison * doc/draft-ietf-sasl-rfc2831bis-00.txt: added * doc/draft-melnikov-rfc2831bis-02.txt: deleted * doc/draft-newman-sasl-c-api-01.txt: added * doc/draft-newman-sasl-c-api-00.txt: deleted * doc/index.html: updated to WG version of DIGEST-MD5 draft, updated to latest C API draft * doc/Makefile.am: updated to WG version of DIGEST-MD5 draft, updated to latest C API draft 2003-02-12 Lawrence Greenfield * plugins/digestmd5.c: verify the service component of digest-uri 2003-02-11 Ken Murchison * doc/draft-ietf-sasl-anon-00.txt: added * doc/draft-ietf-sasl-plain-00.txt: added * doc/draft-zeilenga-sasl-anon-01.txt: deleted * doc/draft-zeilenga-sasl-plain-01.txt: deleted * doc/index.html: updated to WG versions of ANONYMOUS, PLAIN drafts 2003-02-03 Rob Siemborski * cmulocal/sasl2.m4: Don't use -ldes to check for Heimdal * saslauthd/auth_krb4.c, saslauthd/auth_shadow.c, saslauthd/auth_getpwent.c, lib/kerberos4.c: Smarter checking of #includs for des.h (Mark Keasling ) * saslauthd/testsaslauthd.c, saslauthd/saslauthd-doors.c: retry_read() should use a char * buffer not a void * buffer (Mark Keasling ) * cmulocal/berkdb.m4: Set CPPFLAGS around tests (based on patch from Leena Heino ) * config/sasldb.m4: Actually use results of Berkeley DB tests (Leena Heino ) * Ready for 2.1.12 2003-01-31 Rob Siemborski * Ready for 2.1.11 * utils/Makefile.am: Ensure that dbconverter-2 can see the sasldb include directory. 2003-01-29 Rob Siemborski * plugins/digestmd5.c: Fix a situation where the realm wasn't being set for the client context, causing a segfault * config/kerberos_v4.m4: first check des_* then check DES_* during OpenSSL tests (based on ideas from Leena Heino ) 2003-01-28 Rob Siemborski * config/sasldb.m4: Don't build sasldb plugin if compiling --with-dblib=none, since it will only fail to load anyway. 2003-01-27 Rob Siemborski * saslauthd/configure.in: use CMU_ADD_LIBPATH for LDAP support (Simon Brady ) 2003-01-23 Rob Siemborski * saslauthd/acconfig.h: protect file from being included more than once (reported by Jeremy Rumpf ) * saslauthd/configure.in, configure.in: Move OpenSSL detection into cmulocal, detect openssl for use with lak.c 2003-01-21 Ken Murchison * plugins/ntlm.c: only _require_ one response (LM and/or NT), not both 2003-01-09 Rob Siemborski * saslauthd/lak.c, saslauthd/lak.h: Add the fastbind auth method (Simon Brady ) 2003-01-01 Ken Murchison * saslauthd/configure.in, saslauthd/Makefile.am: don't make -lcrypt dependent upon --enable-plain 2002-12-11 Ken Murchison * plugins/otp.c: set SASL_FEAT_ALLOWS_PROXY on client side 2002-12-10 Ken Murchison * plugins/otp.c: explicitly #include to resolve OpenBSD/OpenSSL cruftiness 2002-12-10 Rob Siemborksi * saslauthd/saslauthd-doors.c: Fix a potential memory leak when we call door_return() 2002-12-09 Rob Siemborski * lib/auxprop.c: Correct leak in prop_clear, also update list_end in prop_request. * doc/options.html: Update use of saslauthd_path to be correct 2002-12-06 Rob Siemborski * Ready for 2.1.10 2002-12-05 Larry Greenfield * plugins/digestmd5.c: DES key fixes. stupid DES libraries want the key in the stupid DES parity format. * plugins/digestmd5.c: refactored some of the cipher code so that there isn't RC4 state around when we're using DES and vice versa 2002-12-05 Rob Siemborski * saslauthd/lak.c: Allocate a large enough buffer to account for a completely escaped username. (lak_escape and lak_filter) * lib/common.c: Ensure there is enough space for the trailing \0 in _sasl_log 2002-12-04 Rob Siemborski * lib/canonusr.c: Check for potential buffer overflow 2002-12-03 Ken Murchison * plugins/digestmd5.c: major fast reauth rewrite, mech_step cleanup * doc/options.html: server-side reauth is disabled by default 2002-11-24 Ken Murchison * plugins/login.c: allow authid to be passed in initial response * doc/draft-sasl-login.txt, doc/mechanisms.html: documentation updates re: initial response 2002-11-07 Ken Murchison * doc/draft-nerenberg-sasl-crammd5-03.txt: added * doc/draft-nerenberg-sasl-crammd5-02.txt: deleted * doc/draft-zeilenga-sasl-anon-01.txt: added * doc/draft-zeilenga-sasl-anon-00.txt: deleted * doc/draft-zeilenga-sasl-plain-01.txt: added * doc/draft-zeilenga-sasl-plain-00.txt: deleted * doc/index.html: updated to latest CRAM-MD5, ANONYMOUS, PLAIN drafts 2002-11-01 Rob Siemborski * plugins/kerberos4.c: Make at most 1 canon_user call, not two. (Howard Chu ) 2002-10-25 Rob Siemborski * saslauthd/lak.c: minor cleanups 2002-10-24 Rob Siemborski * saslauthd/lak.c: fix problem where saslauthd stops LDAP authentications when ldap_auth_method is bind. (Igor Brezac ) * doc/sysadmin.html, doc/options.html, saslauthd/saslauthd.mdoc: documentation updates re: saslauthd mux path 2002-10-23 Ken Murchison * lib/external.c: added SASL_SEC_NOANONYMOUS to client side (Howard Chu, ) 2002-10-21 Ken Murchison * plugins/ntlm.c: NTLM probably doesn't offer perfect forward secrecy * doc/mechanisms: added table of properties/features 2002-10-20 Ken Murchison * saslauthd/lak.ch: consolidated hashed password checking code 2002-10-18 Rob Siemborski * saslauthd/lak.[ch], saslauthd/auth_ldap.c: Code cleanup, now support {SHA}, {SSHA}, {MD5}, and {SMD5} hashes, misc other cleanup. (Igor Brezac and Thomas Lussnig ) 2002-10-17 Ken Murchison * doc/draft-melnikov-rfc2831bis-02.txt: added * doc/draft-melnikov-rfc2831bis-01.txt: deleted * doc/index.html: updated to latest RFC 2831bis draft 2002-10-11 Rob Siemborski * lib/Makefile.am: add missing staticopen.h to EXTRA_DIST, fix some dependencies * Ready for 2.1.9 2002-10-10 Rob Siemborski * Ready for 2.1.8 2002-10-09 Rob Siemborski * lib/client.c: Allow plaintext mechanisms under an external security layer. 2002-10-07 Rob Siemborski * sample/server.c: Fix some IPV6 defines (Marshall Rose ) 2002-10-02 Ken Murchison * lib/checkpw.c: return SASL_NOUSER when we can't find APOP secret * lib/server.c: plug APOP memory leak and consolidate canonification * configure.in: force the use of a cache file (Carlos Velasco ) 2002-10-02 Rob Siemborski * lib/checkpw.c: Fix some misuses of sasl_seterror (Martin Exler ) 2002-09-24 Rob Siemborski * config/sasl2.m4, saslauthd/Makefile.am: GSSAPI doesn't need to link ndbm. Also cleanup some sasldb linking in saslauthd. 2002-09-23 Rob Siemborski * config/kerberos_v4.m4: Don't compile with kerberos unless we have both the libs and the headers (Carlos Velasco ) 2002-09-19 Rob Siemborski * plugins/gssapi.c: endinaness corrections * sasldb/db_berkeley.c, utils/dbconverter-2.c: Berkley DB 4.1 support (Mika Iisakkila ) 2002-09-19 Ken Murchison * plugins/plugin_common.[ch]: make SASL_CB_USER and result optional * plugins/anonymous.c: use SASL_CB_USER for fetching trace info, don't require SASL_CB_AUTHNAME * plugins/gssapi.c, plugins/kerberos.c: don't require SASL_CB_USER * lib/external.c: define SASL_FEAT_ALLOWS_PROXY for this mechanism, don't require SASL_CB_USER 2002-09-18 Rob Siemborski * plugins/srp.c, plugins/kerberos4.c: correct maxoutbuf handling * plugins/digestmd5.c: correct maxoutbuf handling, actually send maxbuf to the remote. * lib/common.c: sanity check security properties 2002-09-17 Ken Murchison * plugins/ntlm.c: home-grown client/server NTLM implementation * configure.in: NTLM depends on OpenSSL libcrypto * doc/sysadmin.html: added NTLM blurb 2002-09-16 Rob Siemborski * lib/canonusr.c: don't index begin_u with -1 (Randy Kunkee ) * doc/sysadmin.html: cleanup * utils/saslpasswd.c: don't exit with -SASL_FAIL * saslauthd/saslauthd-unix.c: use a char* instead of a void* in retry_read 2002-09-12 Ken Murchison * lib/common.c: NULL outbuf if we get no output from sasl_decode() 2002-09-11 Rob Siemborski * plugins/mysql.c: Actually loop through the potential servers properly (Seow Kok Heng ) * acinclude.m4: Added copy of the correct libtool macros as acinclude.m4 * configure.in: fix for gcc 3.x (Carlos Velasco ) 2002-09-10 Rob Siemborski * lib/server.c: Better handling of add_plugin failures 2002-09-10 Ken Murchison * acconfig.h, configure.in: enable/disable NTLM * lib/staticopen.h, plugins/Makefile.am, makeinit.sh, ntlm.c: added NTLM support (client-side only) 2002-09-07 Rob Siemborski * saslauthd/configure.in, saslauthd/Makefile.am: don't do configure substitutions for the saslauthd_SOURCES variable (Carlos Velasco ) 2002-09-05 Rob Siemborski * doc/os390.html: added * doc/index.html: referenced os390.html and macosx.html * lib/Makefile.am: better handling of plugin_common 2002-09-04 Rob Siemborski * (throughout) Extensive cleanup of how we build static and shared versions of libsasl. Also some more portability fixes (Howard Chu ) 2002-09-04 Rob Siemborski * acconfig.h, configure.in: Actually check for sysexits.h, varargs.h, and stdarg.h * lib/checkpw.c: compatibility patch for retry_read (Howard Chu ) 2002-09-03 Rob Siemborski * (throughout) fix handling of sys/param.h * (throughout) fix handling of time.h and sys/time.h * include/exits.h: include a replacement for sysexits.h * acconfig.h: define MAXHOSTNAMELEN if it isn't * lib/getaddrinfo.c, config/ipv6.m4: minor fixes for partial getaddrinfo/getnameinfo implementations * (Above changes are all from or based on ideas from Howard Chu ) 2002-08-28 Rob Siemborski * lib/client.c, lib/saslint.h: Properly handle client-side serverFQDN and clientFQDN 2002-08-19 Rob Siemborski * lib/dlopen.c: use correct paths when a .la file is not present (Justin Gibbs ) 2002-08-13 Rob Siemborski * doc/sysadmin.html: fix some /usr/lib/sasl references to /usr/lib/sasl2 (Andrew Jones ) 2002-08-09 Rob Siemborski * saslauthd/Makefile.am: fix small parts of the saslauthd.8 build process. * Ready for 2.1.7 2002-08-06 Ken Murchison * plugins/digestmd5.c: disable/remove server-side fast reauth 2002-08-02 Rob Siemborski * include/sasl.h, lib/common.c: Add SASL_AUTHUSER as a parameter to sasl_getprop 2002-08-01 Rob Siemborski * saslauthd/lak.c: allow use of more than one %u or %r in the filter (Laurent Larquère ) 2002-07-30 Rob Siemborski * lib/client.c, lib/server.c: Add checks for SASL_NEED_PROXY and SASL_FEAT_ALLOWS_PROXY * include/sasl.h, include/saslplug.h: Add SASL_NEED_PROXY and SASL_FEAT_ALLOWS_PROXY * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c, plugins/otp.c, plugins/plain.c, plugins/srp.c: define SASL_FEAT_ALLOWS_PROXY for these mechanisms 2002-07-27 Rob Siemborski * saslauthd/auth_sasldb.c: Include mechanisms.h in a reasonable place. 2002-07-24 Rob Siemborski * saslauthd/Makefile.am: Fix DEFS to still supply -I. and -I.. * configure.in: Make --with-ldap show up in top level configure script, make saslauthd compile by default * lib/saslutil.c: use read() and not fread() on /dev/random to preserve entropy * doc/sysadmin.html: Add note about using /dev/urandom 2002-07-19 Rob Siemborski * doc/sysadmin.html, doc/readme.html, doc/upgrading.html: Misc. documentation cleanup (Joe Rhett ) 2002-07-17 Ken Murchison * lib/canonusr.c: update length of user string to length of output from callback 2002-07-16 Rob Siemborski * plugins/cram.c: Fix a security problem in the verification of the digest string. (Andrew Jones ) * Ready for 2.1.6 2002-07-06 Rob Siemborski * plugins/mysql.c: Further memory management cleanup. (never strdup the options, and therefore don't free staticly allocated strings) * man/sasl_getopt_t.3: Clarify semantics of memory management 2002-07-05 Rob Siemborski * saslauthd/lak.c: Better handling of downed ldap servers (Igor Brezac ) * sasldb/db_berkeley.c, utils/dbconverter-2.c: Use db_strerror() rather than strerror() for Berkeley DB error values. (J.H.M. Dassen (Ray) ) * saslauthd/Makefile.am, saslauthd/auth_ldap.c: don't hardwire the saslauthd conf file (J.H.M. Dassen (Ray) ) 2002-07-03 Rob Siemborski * man/sasl_user_exists.3: fix sasl_idle reference 2002-07-02 Rob Siemborski * lib/auxprop.c: Can now select multiple auxprop plugins * doc/options.html: updated for above * lib/client.c: improve mechanism selection to include number of security flags 2002-06-27 Ken Murchison * doc/draft-zeilenga-sasl-plain-00.txt: added * doc/index.html: added PLAIN draft 2002-06-26 Ken Murchison * doc/draft-zeilenga-sasl-anon-00.txt: added * doc/index.html: added ANONYMOUS draft 2002-06-20 Rob Siemborski * lib/auxprop.c: Make "cound not find auxprop plugin" warning log at LOG_DEBUG 2002-06-19 Rob Siemborski * plugins/digestmd5.c: create layer keys for integrity as well as privacy * saslauthd/auth_ldap.[ch], saslauthd/lak.[ch]: Large rewrite (Igor Brezac ) * lib/client.c, lib/server.c, lib/common.c: Actually set most of the sparams and cparams structures 2002-06-19 Ken Murchison * doc/draft-melnikov-rfc2831bis-01.txt: added * doc/draft-melnikov-rfc2831bis-00.txt: deleted * doc/index.html: updated to latest RFC 2831bis draft 2002-06-18 Ken Murchison * doc/draft-nerenberg-sasl-crammd5-02.txt: added * doc/draft-nerenberg-sasl-crammd5-01.txt: deleted * doc/index.html: updated to latest CRAM-MD5 draft 2002-06-17 Rob Siemborski * plugins/login.c, plugins/plain.c: Canonicalize username before doing checkpass 2002-06-14 Rob Siemborski * lib/client.c, lib/server.c, lib/saslint.h, lib/common.c. lib/seterror.c: continued size_t vs unsigned cleanups 2002-06-13 Rob Siemborski * saslauthd/ : remove LDAP support * Ready for 2.1.5 2002-06-12 Rob Siemborski * plugins/digestmd5.c: rename get_realm to get_server_realm, and pay attention to its return value * lib/external.c, lib/seterror.c: cleanup size_t/unsigned confusion 2002-06-10 Rob Siemborski * sasldb/Makefile.am: fix handling of allockey (only include it once) * plugins/kerberos4.c: fix a reference count leak * Ready for 2.1.4 2002-05-28 Rob Siemborski * saslauthd/LDAP_SASLAUTHD, saslauthd/saslauthd.mdoc: Update documentation for LDAP and Saslauthd as per Igor Brezac 2002-05-22 Lawrence Greenfield * lib/checkpw.c: close door file descriptor in saslauthd_verify_password 2002-05-21 Rob Siemborski * saslauthd/auth_krb5.c: fix a leak due to not calling krb5_cc_destroy on failure 2002-05-17 Rob Siemborski * saslauthd/saslauthd-*.c: support a generic mechanism option -O instead of -H * saslauthd/auth_ldap.c, lak.c, et. al: auth_ldap overhaul (Igor Brezac ) * lib/common.c, include/sasl.h: add sasl_version 2002-05-13 Rob Siemborski * lib/checkpw.c: use "*cmusaslsecretPLAIN" in auxprop_verify_password (Howard Chu, ), also only make a single canon_user call. 2002-05-13 Ken Murchison * plugins/plugin_common.c: set the return code to SASL_FAIL, and NULL the results of the _plug_get_*() functions before we get started * plugins/digestmd5.c, otp.c, plain.c, srp.c: check for NULL or empty authzid from callback 2002-05-09 Rob Siemborski * saslauthd/configure.in: --with-ldap now takes a path 2002-05-08 Rob Siemborski * saslauthd/acconfig.h, auth_ldap.c, configure.in, lak.c, lak.h: Misc compile/portability fixes (mostly header-related) * utils/testsuite.c: minor getopt() parameter fix (Claus Assmann ) * lib/checkpw.c: fix some warnings 2002-05-07 Rob Siemborski * Ready for 2.1.3-BETA 2002-05-06 Rob Siemborski * include/saslplug.h: add name member for canon_user plugins * lib/canonusr.c: use name member 2002-05-06 Ken Murchison * plugins/digestmd5.c: added client-side reauth 2002-05-05 Ken Murchison * lib/client.c: pass global_context to mech_new() * lib/server.c: don't free global_context (the plugin should free it) * utils/testsuite: swapped serverlast tests so that the descriptions are correct 2002-05-03 Ken Murchison * plugins/digestmd5.c: added server-side reauth * doc/index.html: added Marshall Rose's SASL papers * doc/options.html: added 'reauth_timeout' 2002-05-03 Rob Siemborski * plugins/kerberos4.c: fix compile errors * config/kerberos_v4.m4, plugins/digestmd5.c: fix des_cbc_encrypt interoperability problem (OpenSSL) * saslauthd/Makefile.am, acconfig.h, auth_ldap.c, auth_ldap.h, configure.in, lak.c, lak.h, mechanisms.c, mechanisms.h, saslauthd.conf: added experimental LDAP saslauthd module (by Igor Brezac ) * include/saslplug.h: give auxprop plugins a name * plugins/sasldb.c: give sasldb plugin a name * lib/auxprop.c: allow auxprop selection * doc/options.html: document auxprop_plugin option 2002-05-01 Ken Murchison * plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: general plugin cleanup - standardizing structure 2002-04-30 Rob Siemborski * plugins/gssapi.c: Minor cleanup of struct hack in context structure 2002-04-30 Ken Murchison * plugins/plugin_common.[ch], anonymous.c, cram.c, login.c, otp.c, plain.c, sasldb.c, srp.c, lib/client.c, external.c, saslint.h, server.c: general plugin cleanup - reusing more common code, standardizing structure 2002-04-28 Ken Murchison * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, lib/external.c:finalize movement of callback/interaction stuff into plugin_common 2002-04-27 Ken Murchison * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, lib/external.c: move make_prompts stuff into plugin_common * utils/testsuite.c: allow for testing of EXTERNAL 2002-04-26 Rob Siemborski * sasldb/allockey.c: be sure to set userPassword and not *userPassword 2002-04-26 Ken Murchison * lib/client.c, server.c: check 'doneflag' just before mech_step() * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, lib/external.c, Makefile.am: move callback/interaction stuff into plugin_common * plugins/plugin_common.[ch], digestmd5.c, gssapi.c, kerberosv4.c, srp.c: move decode/concatenation of multiple packets into plugin_common * utils/testsuite.c: set SASL_AUTH_EXTERNAL so we can test EXTERNAL 2002-04-25 Ken Murchison * plugins/otp.c: don't free the secret when we get data from a callback (and don't copy it) * plugins/gssapi.c, plain.c: make sure to set 'doneflag' when done * lib/client.c, server.c: don't call mech_step() if 'doneflag' is set 2002-04-24 Rob Siemborski * plugins/cram.c, digestmd5.c, login.c, plain.c, srp.c: don't free the secret when we get data from a callback (and don't copy it) 2002-04-22 Rob Siemborski * include/gai.h: Fix for compatibility with older glibc versions (Howard Chu, ) * plugins/gssapi.c: Don't always send authzid on client side (Howard Chu, ) 2002-04-18 Rob Siemborski * saslauthd/auth_sasldb.c: Use "use_realm" instead of "realm" for lookup of secret. (Jonas Oberg ) * plugins/gssapi.c: Correct handling of client-side authid and authzid (Howard Chu, ) * lib/external.c: Better handling of user canonicalization (Howard Chu, ) * plugins/cram.c, digestmd5.c, gssapi.c, kerberos4.c, login.c, otp.c, plain.c, srp.c: zero out prompt_need structures before use 2002-04-17 Rob Siemborski * plugins/cram.c, digestmd5.c, srp.c: Adjust cmusaslsecretFOO to *cmusaslsecretFOO * plugins/sasldb.c: correctly handle *(property) * lib/canonusr.c, server.c: Lookup authzid and authid auxprops correctly (and in the same place). * include/sasl.h, saslplug.h: Fix auxprop lookups (e.g. SASL_AUXPROP_AUTHZID) 2002-04-15 Rob Siemborski * plugins/gssapi.c: Handle null authzid's correctly * lib/server.c: fix a strcmp() that should be a memcmp() 2002-04-15 Rob Siemborski * plugins/gssapi.c: fix how name_token and name_without_realm are freed. 2002-04-12 Ken Murchison * doc/draft-melnikov-rfc2831bis-00.txt: added * doc/draft-myers-saslrev-02.txt: moved TOC * doc/draft-myers-saslrev-02.txt: added * doc/draft-myers-saslrev-01.txt: deleted * doc/index.html: changed link to updated saslrev draft, added KERBEROS_V4 notation, added link to rfc2831bis draft 2002-04-08 Ken Murchison * lib/server.c, doc/options.html: allow multiple pwcheck_methods 2002-04-03 Rob Siemborski * saslauthd/configure.in: properly define AUTH_KRB5 * saslauthd/auth_krb5.c: changes for MIT KRB5 2002-03-27 Rob Siemborski * Removed check for db3/db.h (people can just use --with-bdb-incdir) 2002-03-26 Rob Siemborski * Ready for 2.1.2 2002-03-11 Rob Siemborski * plugins/kerberos4.c: Fix a race condition during mutex allocation 2002-03-04 Rob Siemborski * lib/checkpw.c: Stop logging "authentication failed" message * plugins/gssapi.c: Reduce log level of "gss_accept_context" message 2002-02-27 Rob Siemborski * saslauthd/saslauthd.mdoc: Clarify that sasldb with saslauthd is not what you want to be doing. * doc/sysadmin.html: Update "sasldb" verifier to "auxprop" 2002-02-22 Rob Siemborski * lib/checkpw.c: made retry_read static 2002-02-21 Rob Siemborski * lib/checkpw.c (auxprop_verify_password) report SASL_NOUSER instead of SASL_FAIL. * lib/client.c, lib/server.c: More Complete returning of SASL_NOTINIT * utils/testsuite.c: Better checking for SASL_NOTINIT 2002-02-11 Ken Murchison * plugins/srp.c: removed OpenSSL 0.9.6 dependencies, small bugfix * configure.in: cleaned up OpenSSL (libcrypto) check 2002-02-05 Rob Siemborski * contrib/tclsasl: Add Marshall Rose's tclsasl patch. * plugins/anonymous.c: No longer append extra NUL to client response 2002-02-04 Rob Siemborski * utils/saslpasswd.c: Added -n option (Ken Murchison) * lib/dlopen.c: Removed confusing entry point message. * Ready for 2.1.1 2002-02-01 Ken Murchison * plugins/srp.c: fixed srp_setpass() 2002-01-31 Ken Murchison * include/sasl.h, lib/server.c, plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: added SASL_SEC_MUTUAL_AUTH * plugins/srp.c: cleanup error messages and return codes 2002-01-30 Ken Murchison * plugins/otp.c, plugins/otp.h: added non-OPIE client/server implementation (requires OpenSSL) * configure.in: OTP now requires OpenSSL, OPIE is optional * doc/options.html, doc/readme.html, doc/sysadmin.html, doc/TODO: updated for new OTP implementation 2002-01-25 Rob Siemborski * saslauthd/Makefile.am: Correct multiple EXTRA_DIST bug * saslauthd/Makefile.am: small typo fixed (Leena Heino ) 2002-01-23 Rob Siemborski * utils/dbconverter-2.c (main): More intelligent default paths * acconfig.h: #ifndef's for _GNU_SOURCE (Assar ) 2002-01-22 Rob Siemborski * lib/common.c: Complete definition of sasl_global_listmech (from Love ) * lib/client.c: added checks for _sasl_client_active to sasl_client_new and sasl_client_start 2002-01-21 Ken Murchison * doc/draft-myers-saslrev-01.txt: moved TOC * doc/draft-ietf-cat-sasl-gssapi-05.txt: moved TOC * doc/draft-nerenberg-sasl-crammd5-01.txt: added * doc/draft-nerenberg-sasl-crammd5-00.txt: deleted * doc/index.html: changed link to updated draft * plugins/login.c (login_client_mech_step): fix client-first handling 2002-01-21 Rob Siemborski * lib/server.c (sasl_server_start): null out *serverout and *serveroutlen, just in case. * lib/external.c: Added correct required_prompts * saslauthd/testsaslauthd.c: Added simple saslauthd client * saslauthd/Makefile.am: rules for testsaslauthd * doc/sysadmin.html: updated to reference testsaslauthd * saslauthd/saslauthd.c: allow -n 0 (for fork-per-connection) * saslauthd/saslauthd.mdoc: documentation of -n 0 * plugins/cram.c (crammd5_client_mech_step): fix client-first handling * sasldb/db_gdbm.c: improved error reporting (Courtesy Marshall T. Rose * config/sasldb.m4: improved gdbm configure handling (Courtesy Marshall T. Rose * config/kerberos_v4.m4: Detect OpenSSL libdes first. (Courtesy Marshall T. Rose * plugins/cram.c, digestmd5.c, kervberos4.c, login.c, lib/client.c, server.c, include/saslplug.h: Cleaner client-first ABI. 2002-01-19 Ken Murchison * plugins/otp.c: set serverout to NULL where we have nothing to send instead of the empty string * plugins/srp.c: let glue code handle client-last/server-last situation by setting serverout appropriately 2002-01-19 Rob Siemborski * plugins/plain.c, plugins/login.c, plugins/digestmd5.c: set serverout to NULL where we have nothing to send instead of the empty string * include/saslplug.h, lib/client.c, lib/server.c: eliminated SASL_FEAT_WANT_SERVER_LAST in favor of clever setting of serverout * plugins/digestmd5.c: removed SASL_FEAT_WANT_SERVER_LAST 2002-01-18 Ken Murchison * plugins/srp.c: updated to draft-burdis-cat-srp-sasl-06 * plugins/srp.c: server uses external SSF * plugins/srp.c: server sends mandatory options based on min SSF * doc/draft-burdis-cat-srp-sasl-06.txt: added * doc/draft-burdis-cat-srp-sasl-05.txt: deleted * doc/index.html: changed link to updated draft 2002-01-17 Rob Siemborski * plugins/kerberos4.c: Actually allocate a mutex on the client side 2002-01-16 Rob Siemborski * lib/server.c (mech_permitted): fixed incorrect return value of SASL_NOMECH that should have been 0. * lib/common.c (sasl_errdetail): fixed core if passed in conn is NULL * plugins/digestmd5.c (encode_tmp_buf): removed unneeded buffer 2002-01-16 Ken Murchison * plugins/srp.c: fixed layer decoding to handle multiple packets * plugins/srp.c: plugged memory leaks (now passes testsuite) * plugins/srp.c: more logging * plugins/srp.c: lots of other nits, bug fixes * utils/testsuite.c: added SSF=0/56 test 2002-01-14 Rob Siemborski * saslauthd/auth_krb4.c (auth_krb4): fix tf_name memory leak, and other efficency fixes 2002-01-11 Rob Siemborski * include/saslplug.h: Add flags member to params structures * lib/client.c, lib/server.c: flags parameter to sasl_*_new now gets to the plugins 2002-01-10 Rob Siemborski * include/sasl.h: Update for sasl_global_listmech API * lib/common.c, lib/client.c, lib/server.c: sasl_global_listmech() * lib/dlopen.c (_parse_la): fix parseing of dlname= line * Ready for 2.1.0 2002-01-09 Ken Murchison * plugins/otp.c: fixed security_flags * plugins/srp.c: corrected integrity layer encoding * plugins/srp.c: finished maxbuffersize handling * plugins/srp.c: fixed security_flags * doc/index.html: added reference to SRP paper 2002-01-09 Rob Siemborski * lib/common.c (sasl_decode): Removed maxoutbuf check * man/sasl_setprop.3: Minor clarifications * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c: Assorted security layer fixes (maxoutbuf setting, mech_ssf setting) * lib/common.c, lib/client.c, lib/server.c, lib/saslint.h: Allowed client-side sasl_listmech calls. * include/sasl.h: Minor cosmetic fix to comments * doc/programming.html: Interaction memory management clarifications * lib/common.c: Fix several crash problems in getprop (Courtesy Marshall T. Rose ) 2002-01-05 Lawrence Greenfield * saslauthd/saslauthd.c: F_SETLK doesn't block; F_SETLKW does * saslauthd/saslauthd.c: detect errors somewhat better 2002-01-04 Rob Siemborski * lib/common.c: Allow sasl_setprop for SASL_DEFUSERREALM 2002-01-04 Ken Murchison * plugins/srp.c: don't send M2 if using a confidentiality layer * plugins/srp.c: more constraint checks * plugins/otp.c: improve standard hex/word response detection * doc/install.html, doc/sysadmin.html, contrib/opie-2.4-fixes: add patch for OPIE 2.4 to enable extended responses 2002-01-03 Ken Murchison * configure.in: removed check fpr gmp * plugins/srp.c: migrated to OpenSSL's BN (removed GNU MP dependency) 2001-12-20 Rob Siemborski * sasldb/db_ndbm.c: Fixed small memory leak (Courtesy Howard Chu ) 2001-12-18 Ken Murchison * plugins/srp.c: more constraint checks 2001-12-17 Rob Siemborski * saslauthd/saslauthd.c: Prefork a number of processes to handle connections. * saslauthd/auth_krb4.c: Handle concurrent accesses better. 2001-12-15 Ken Murchison * plugins/srp.c: added confidentiality layers 2001-12-14 Ken Murchison * plugins/srp.c: improved client/server layer option handling * plugins/srp.c: added client-side support for mandatory options * plugins/srp.c: added framework for confidentiality layers * plugins/srp.c: added some data sanity checking (thanks to Tom Holroyd for feedback) 2001-12-13 Rob Siemborski * lib/server.c, lib/common.c: Fix handling of global callbacks so that plugin_list works again 2001-12-12 Rob Siemborski * pwcheck/Makefile.am: Added include of ../lib (from Hajimu UMEMOTO ) 2001-12-11 Rob Siemborski * sasldb/db_ndbm.c: fix call to dbm_nextkey, from Scot W. Hetzel 2001-12-10 Rob Siemborski * doc/plugprog.html: Update for new user canonicalization usage. * man/sasl_canon_user.3: Update for new user canonicalization usage. * configure.in: Actually set STATIC_GSSAPIV2 when necessary 2001-12-08 Ken Murchison * plugins/srp.c: make sure we have the HMAC before trying to use it * plugins/srp.c: don't advertise server integrity w/o HMAC-SHA-1 * plugins/srp.c: move EVP_cleanup() to mech_free so mech can be reused 2001-12-07 Ken Murchison * configure.in: SRP now requires OpenSSL * plugins/srp.c: migrated to OpenSSL's MDA/cipher abstraction API * plugins/srp.c: added RIPEMD-160 support * plugins/srp.c: using "standard ACSII names" for MDA-names as documented by [SCAN] (until determined otherwise) * plugins/srp.c: using updated canon_user API to allow separate canonicalization of authid and authzid. 2001-12-06 Rob Siemborski * lib/canonusr.c: Better logging when desired plugin is not found. * lib/checkpw.c: spelling error fixed. * lib/canonusr.c, lib/checkpw.c, lib/client.c, lib/external.c, lib/saslint.h, lib/server.c, include/sasl.h, include/saslplug.h, plugins/*.c: Updated canon_user API to allow separate canonicalization of authid and authzid. 2001-12-05 Rob Siemborski * saslauthd/Makefile.am, saslauthd/acconfig.h, saslauthd/configure.in: Solaris 7 and FreeBSD (FreeBSD is courtesy of Claus Assmann ) * sasldb/Makefile.am: link order fix (Courtesy Claus Assmann ) 2001-12-05 Ken Murchison * configure.in: * plugins/Makefile.am: only build SRP with sasldb libs when srp_setpass() is enabled * plugins/srp.c: added HMAC-SHA-160 integrity layer * plugins/srp.c: don't offer integrity layers unless HMAC-SHA-160 is available (mandatory) * plugins/srp.c: fixed multiple integrity/confidentiality layer client-side bug * plugins/srp.c: fixed delete SRP secret bug * plugins/srp.c: removed VL() stuff 2001-12-04 Rob Siemborski * utils/Makefile.am, config/sasldb.m4: Build sasldblistusers2 and saslpasswd2. Default database now /etc/sasldb2 * INSTALL, README, doc/index.html, doc/upgrading.html: Update with upgrading instructions in preparation for release. * doc/, /: Documentation reorganization, convert README and INSTALL to HTML format. * Bumped appropriate version numbers, Ready for 2.0.5-BETA 2001-12-04 Ken Murchison * acconfig.h, configure.in: dependency checking for SRP * acconfig.h, configure.in: * plugins/srp.c: made srp_setpass() a compile-time option (default=off) * plugins/srp.c: use auxprop to fetch cmusaslsecretSRP/userPassword * plugins/srp.c: code cleanup * acconfig.h, configure.in: * doc/sysadmin.html: * plugins/otp.c: made otp_setpass() a compile-time option (default=off) 2001-12-02 Ken Murchison * plugins/srp.c: fixed SHA1 support * plugins/srp.c: changed calculation of 'x' to coincide with draft -05 * plugins/srp.c: code cleanup 2001-12-01 Ken Murchison * plugins/srp.c: abstracted MDA interface * plugins/srp.c: added SHA1 support (not working) 2001-11-30 Ken Murchison * plugins/srp.c: renumbered steps to start at 1 * plugins/srp.c: check plugin API version instead of SRP_VERSION * plugins/srp.c: changed data exchanges to conform to draft -05 2001-11-29 Ken Murchison * plugins/srp.c: code now compiles and runs * plugins/Makefile.am: added sasldb libs to SRP build 2001-11-24 Ken Murchison * lib/external.c: made EXTERNAL a client-send-first mechanism * doc/index.html: added CRAM-MD5 draft 2001-11-22 Ken Murchison * plugins/otp.c: fixed otp_setpass() bug * doc/sysadmin.html: OTP additions/changes 2001-11-19 Rob Siemborski * utils/saslpasswd.c: Corrected disable handling 2001-11-17 Ken Murchison * doc/index.html, rfc2945.txt, rfc3174.txt: specification additions * doc/Makefile.am: Updated included RFCs and IDs 2001-11-14 Ken Murchison * lib/server.c, doc/options.html: added 'mech_list' option 2001-11-14 Rob Siemborski * sasldb/allockey.c: removed an assert() call * sasldb/db_ndmb.c, sasldb/db_gdbm.c: Fixed cntxt's to be conn's 2001-11-13 Ken Murchison * acconfig.h, configure.in: * plugins/otp.c: support client-side OTP without OPIE 2001-11-08 Ken Murchison * plugins/otp.c: allow entry of one-time password via SASL_CB_ECHOPROMPT callback * plugins/otp.c: code cleanup * doc/index.html, draft*.txt: specification updates/additions 2001-11-08 Rob Siemborski * plugins/cram.c, digestmd5.c, sasldb.c: Removed all assert() calls from supported plugins. 2001-11-07 Rob Siemborski * utils/testsuite.c: added proxy policy checks * lib/checkpw.c (_sasl_auxprop_verify_apop): correct handling of seterror calls 2001-11-06 Rob Siemborski * lib/canonusr.c (_canonuser_internal): added necessary seterror calls * doc/Makefile.am: Updated included RFCs and IDs * lib/canonusr.c, lib/server.c: Corrected authzid/authid handling * plugins/digestmd5.c: Unconfused authzid/authid in server call to canon_user 2001-11-01 Rob Siemborski * plugins/gssapi.c, plugins/kerberos4.c: Get rid of unnecessary buffer copy in security layer encodes. 2001-10-24 Ken Murchison * plugins/otp.c: added otp_setpass() so that saslpasswd can be used instead of opiepasswd on closed systems * doc/sysadmin.html: OTP additions/changes 2001-10-22 Ken Murchison * acconfig.h, configure.in: detect OPIE, enable/disable OTP * plugins/Makefile.am, makeinit.sh, otp.c: added OTP support (still need work on RFC2444 compliance - depends on OPIE changes) * doc/index.html, options.html, sysadmin.html, rfc*.txt: OTP additions/changes 2001-10-18 Rob Siemborski * utils/testsuite.c: Test DES harder for DIGEST-MD5 * plugins/digestmd5.c (enc_des): Get rid of one buffer copy. * plugins/digestmd5.c (dec_des, dec_3des): correct handling of padding length check. 2001-10-17 Rob Siemborski * config/sasldb.m4: detect berkeley db 4 * plugins/gssapi.c, cram.c, kerberos4.c, digestmd5.c: have dispose calls deal with the possibility of a null context 2001-10-16 Rob Siemborski * saslauthd/Makefile.am: Link LIB_PAM as well, if needed * plugins/digestmd5.c: Don't send a trailing nul on challenge and responses. * lib/server.c (sasl_server_start, sasl_server_step): Deal with authentication failures better. (Reported by Larry Rosenbaum ) 2001-10-02 Rob Siemborski * saslauthd/Makefile.am, saslauthd/auth_sasldb.c, saslauthd/configure.in: Changes to allow extraction of saslauthd as needed. 2001-09-19 Rob Siemborski * lib/getaddrinfo.c (getaddrinfo): Correct fix for AI_PASSIVE bug from Hajimu UMEMOTO * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): revert to previous versions. * plugins/Makefile.am: Include necessry compatibility objects as needed. * lib/Makefile.am: compatibility code for static libsasl * configure.in: small changes to make compatibility objects easy to use. 2001-09-18 Rob Siemborski * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): no longer use AI_PASSIVE hint for getaddrinfo 2001-09-13 Rob Siemborski * saslauthd/auth_sasldb.c, saslauthd/auth_sasldb.h: Added experimental sasldb saslauthd module * saslauthd/configure.in: sasldb related config changes, do not config if disabled 2001-09-12 Rob Siemborski * saslauthd/*, lib/checkpw.c (saslauthd_verify_password): merged new saslauthd protocol from Ken Murchison 2001-08-30 Rob Siemborski * configure.in, saslauthd/configure.in: check for inet_aton in libresolv.so, so as to link it if necessary * config/sasldb.m4 (BERKELEY_DB_CHK_LIB): set runpath of library if necessary 2001-08-29 Rob Siemborski * utils/testsuite.c: Minor testsuite fix (include paths) * Ready for 2.0.4-BETA 2001-08-24 Rolf Braun * Mac OS 9 and X support, including Carbon Mac OS 9 Classic support based on the SASL v1 code by Aaron Wohl * updated ltconfig and ltmain.sh * acconfig.h: * configure.in: * lib/saslutil.c: use random() when jrand48() isn't available * dlcompat-20010505: dlcompat included for OS X support, compiles separately * lib/dlopen.c: prefix symbols with underscore on OS X, as on OpenBSD note that this is also detected automatically by configure, this only helps when cross-compiling (for OS X?) * acconfig.h: * configure.in: * config/kerberos_v4.m4 look for libdes524 when libdes doesn't exist. look for libkrb4 when libkrb doesn't exist. * lib/saslint.h: * lib/common.c: * lib/seterror.c: * lib/Makefile.am: split sasl_seterror() into a new file. add_string -> _sasl_add_string and made this non-static so seterror can use it. added _sasl_get_errorbuf to go into the conn_t struct so we don't have to know the format of that struct when seterror.c is linked from glue code (i.e., the Mac OS X CFM glue) * acconfig.h: fix the order of the fake iovec struct for systems that don't have it (like Mac OS 9) so it's the same order as most Unixes that do (like Mac OS X) -- the CFM glue needs this * acconfig.h: include before we include * plugins/kerberos4.c: * lib/checkpw.c: * acconfig.h: * configure.in: check for krb_get_err_txt in the kerberos 4 library, and use it instead of the krb_err_txt[] array if available * plugins/kerberos4.c: define KEYFILE to "/etc/srvtab" if not already defined by the kerberos 4 headers (needed for MIT KfM 4.0) * doc/macosx.html: added this * README: point Mac OS X users to doc/macosx.html * doc/Makefile.am: add doc/macosx.html to distfiles * Makefile.am: * lib/Makefile.am: * include/Makefile.am: * config/Info.plist: * configure.in: when building on Mac OS X, install a framework in /Library/Frameworks * mac/*: projects and support files for Mac OS 9, classic and Carbon * mac/osx_cfm_glue: the glue to allow CFM Carbon applications under Mac OS X call the Unix-layer SASL library * lib/common.c: * lib/canonusr.c: don't do the auxprop stuff on Mac OS 9 * lib/getaddrinfo.c: don't look up hostnames on Mac OS 9 (we only officially support passing IP address strings anyway) * lib/getaddrinfo.c: * plugins/plugin_common.c: * plugins/plugin_common.h: don't include headers on Mac OS 9 that we don't have. * sample/sample-client.c: add a cast for Mac OS 9 (different type handling of char) * plugins/makeinit.sh: include the stub header to export the right symbols on Mac OS 9 2001-08-20 Rob Siemborski * plugins/gssapi.c (gssapi_server_mech_step): fixed accidental back link into glue code * config/kerberos4.m4: Actually link in -lkrb 2001-08-15 Rob Siemborski * lib/common.c (_sasl_iptostring): #if 0'd out. * lib/server.c (sasl_user_exists): only check the verifier we are using * config/kerberos_v4.m4 (SASL_DES_CHK): added * config/kerberos_v4.m4 (SASL_KERBEROS_V4_CHK): included entire check from configure.in * configure.in: moved kerberos 4 code completely out. * saslauthd/acconfig.h (WITH_DES, WITH_SSL_DES): Added DES-related symbols 2001-08-14 Rob Siemborski * configure.in: Check for sys/uio.h * saslauthd/configure.in: Check for sys/uio.h * config.h: Do the Right Thing for struct iovec (and no longer include sys/uio.h elsewhere) * saslauthd/config.h: Do the Right Thing for struct iovec (and no longer include sys/uio.h elsewhere) 2001-08-13 Rob Siemborski * plugins/digestmd5.c (init_des, init_3des, enc_des, dec_des, enc_3des, dec_3des): fixed interoperability problems, 3des was not decrypting with correct key and des was not setting up the initial vector. * lib/checkpw.c (always_true): log users who log in via this verifier 2001-08-13 Rob Siemborski * utils/testsuite.c (giveokpath): fix memory leak * lib/common.c (sasl_ipfromstring): add call to freeaddrinfo() * plugins/plugin_common.c (_plug_ipfromstring): add call to freeaddrinfo() * lib/saslutil.c (sasl_randseed): actually initialize the randpool * saslauthd/auth_getpwent.c (auth_getpwent): clear a warning * saslauthd/auth_shadow.c (auth_shadow): clear a similar warning * utils/Makefile.am (EXTRA_DIST): Actually include the needed files * saslauthd/configure.in: Handle shadow passwords correctly * saslauthd/acconfig.h: Handle shadow passwords correctly * lib/checkpw.c (always_true): added * configure.in: added check for alwaystrue verifier * acconfig.h: added HAVE_ALWAYSTRUE * doc/options.html: alwaystrue verifier documented 2001-08-11 Rob Siemborski * saslauthd/: Now configures separately from SASL, so as to localize tests for that package within that package * utils/dbconverter-2.c (listusers_cb): fix handling of APOP 2001-08-10 Rob Siemborski * saslauthd/Makefile.am (install-data-local): correct handling of $(DESTDIR) (and create the directory if it isn't there) [Amos Gouaux ] * lib/server.c (sasl_server_init): Added plugname to add_plugin call for EXTERNAL * doc/index.html: updated * doc/appconvert.html: cleaned up 2001-08-09 Rob Siemborski * plugins/digestmd5.c (digestmd5_client_mech_step): handle missing authorization name * plugins/plain.c (plain_client_mech_step): handle missing authorization name * include/sasl.h: better documentation of SASL_CB_CANON_USER 2001-08-08 Rob Siemborski * saslauthd/saslauthd.mdoc: updated re: pam * saslauthd/saslauthd.8: regenerated * saslauthd/Makefile.am: Link against PLAIN_LIBS also (from Ken Murchison ) 2001-08-07 Rob Siemborski * lib/client.c (sasl_server_step): corrected maxoutbuf handleing * lib/server.c (sasl_server_step): corrected maxoutbuf handleing * lib/saslint.h (DEFAULT_MAXOUTBUF): removed * lib/common.c (sasl_encodev, sasl_decode): maxbufsize checking * utils/testsuite.c (testseclayer,doauth): more security layer checking. Added parameter to doauth to disable fatal() calls, updated all callers. * utils/smtptest.c (main): added ability to support LMTP * plugins/gssapi.c: conform with draft-ietf-cat-sasl-gssapi-05.txt * doc/draft-ietf-cat-sasl-gssapi-05.txt: added * doc/Makefile.am (EXTRA_DIST): added above to EXTRA_DIST 2001-08-06 Rob Siemborski * utils/dbconverter-2.c (listusers_cb): handle PLAIN-APOP * lib/client.c (sasl_client_add_plugin, client_done): save plugin name * lib/server.c (sasl_server_add_plugin, server_done): save plugin name * lib/dlopen.c (_sasl_plugin_load): correctly pass pluginname * lib/common.c (sasl_getprop): implement SASL_AUTHSOURCE properly * lib/saslint.h (cmechanism_t, mechanism_t): added plugname field * lib/canonusr.c (internal_canonuser_init): no longer limit based on plugname * plugins/sasldb.c (sasldb_auxprop_plug_init): no longer limit based on plugname 2001-08-01 Rob Siemborski * utils/smtptest.c (iptostring): better behaved w.r.t endianness * plugins/cram.c (crammd5_server_mech_step): support for old-style secrets * plugins/digestmd5.c (digestmd5_server_mech_step): support for old-style secrets * lib/checkpw.c (auxprop_verify_password,_sasl_make_plain_secret): support for old-style secrets * utils/dbconverter-2.c: added * utils/sasldblistusers.c (listusers): Print out property names as well as username@realm format. * utils/saslpasswd.c (_sasl_sasldb_set_pass): Correctly handle updates that concern old-style secrets * sasldb/allockey.c: Added a missing null to propName in key parser 2001-07-31 Rob Siemborski * plugins/kerberos4.c (mech_avail): made static * plugins/kerberos4.c (mech_avail): fixed ipv4 check (patch from Hajimu UMEMOTO ) * doc/appconvert.html: vague guide documenting our experience porting Cyrus IMAPd to use SASLv2 * doc/Makefile.am: added appconvert.html * lib/client.c (sasl_client_new): fixed ip address setting to hit relevant params structures as well * lib/server.c (sasl_server_new): fixed ip address setting to hit relevant params structures as well * lib/common.c (sasl_setprop): fixed ip address setting to hit relevant params structures as well * lib/common.c (sasl_seterror): fixed spelling error 2001-07-30 Rob Siemborski * sasldb/db_berkeley.c: utils->seterror() calls * sasldb/db_gdbm.c: utils->seterror() calls * sasldb/db_ndbm.c: utils->seterror() calls * sasldb/allockey.c: utils->seterror() calls * lib/common.c (sasl_seterror): still call logging callback with a null sasl_conn_t * plugins/sasldb.c (sasldb_auxprop_lookup): support for multiple properties * plugins/Makefile.am: added -module to LDFLAGS * config/sasldb.m4: Allow specification of exact berkeley db lib and include paths * sasldb/Makefile.am: Add proper include directory * sasldb/sasldb.m4 (SASL_DB_BACKEND_STATIC): include allockey.o * Ready for 2.0.3-BETA * plugins/kerberos4.c (kerberos4_server_plug_init): reset srvtab when we do not load correctly. * lib/staticopen.c (_sasl_load_plugins): do not fail if a single plugin load fails * include/sasl.h (SASL_CLIENT_FALLBACK): removed 2001-07-27 Rob Siemborski * configure.in: extracted SASLDB-related checking * config/sasldb.m4: added * configure.in: now cache the JNI include directory path * utils/testsuite.c: switch some sasl_errstrings to sasl_errdetail * plugins/gssapi.c: Fix error reporting * plugins/gssapi.c: Required SASL_CB_USER instead of SASL_CB_AUTHNAME * plugins/anonymous.c: Function name standardization * plugins/cram.c: Function name standardization * plugins/digestmd5.c: Function name standardization * plugins/gssapi.c: Function name standardization * plugins/kerberos.c: Function name standardization * plugins/login.c: Function name standardization * plugins/plain.c: Function name standardization * sasldb/allockey.c: Generalized SASLdb API * sasldb/db_berkeley.c: Generalized SASLdb API * sasldb/db_gdbm.c: Generalized SASLdb API * sasldb/db_ndbm.c: Generalized SASLdb API * sasldb/db_none.c: Generalized SASLdb API * sasldb/db_testw32.c: Added #error to block compile so the API will be fixed when we do the Win 32 port * plugins/sasldb.c: Use new SASLdb API * utils/saslpasswd.c: Use new SASLdb API 2001-07-26 Rob Siemborski * lib/common.c (_sasl_getcallback): fixed reference to possibly NULL conn * configure.in: only build saslpasswd and sasldblistusers if we have a meaningfull libsasldb (e.g. not db_none), * utils/Makefile.am: only build saslpasswd and sasldblistusers if we have a meaningfull libsasldb (e.g. not db_none), * configure.in: conditionally build smtptest * utils/Makefile.am: conditionally build smtptest * sasldb/allockey.c (_sasldb_parse_key): added * sasldb/sasldb.h: New key list access API, added parameter to sasl_check_db (all callers updated, all callees updated) * sasldb/db_berkeley.c: Implement key list access API * sasldb/db_gdbm.c: Implement key list access API * sasldb/db_ndbm.c: Implement key list access API * sasldb/db_none.c: Implement key list access API * utils/sasldblistuser.c: Use libsasldb instead of internal functions. * utils/saslpasswd.c: No longer have separate global_utils, call sasl_dispose and sasl_done * acconfig.h: check for inttypes.h * configure.in: check for inttypes.h * plugins/plugin_common.c: include, if necessary, inttypes.h, reference uint32_t instead of u_int32_t 2001-07-25 Rob Siemborski * lib/saslint.h: changed "sasldb" verifier to "auxprop" * lib/server.c: changed "sasldb" verifier to "auxprop" * lib/checkpw.c: changed "sasldb" verifier to "auxprop" * utils/testsuite.c: changed "sasldb" verifier to "auxprop" * doc/options.html: changed "sasldb" verifier to "auxprop" * README: updated upgrade information * utils/Makefile.am (CLEANFILES): added * sasldb/allockey.c (alloc_key): single place for alloc_key() Removed alloc_key from other source files. * sasldb/sasldb.h: added declaration of alloc_key() * configure.in: added checks for db-3.3 and db3.3 * plugins/digestmd5.c (get_realm): now error on empty user_realm * plugins/cram.c (client_required_prompts): removed redundant required_prompts * plugins/plain.c (client_continue_step): server-send-last error * utils/testsuite.c (main): detailed client-send-first, server-send-last checking 2001-07-24 Rob Siemborski * plugins/sasldb.c: Cleaned up calls into the glue code * java/Test/*: Cleaned up java test utilities * configure.in: Minor GSSAPI configure changes * utils/saslpasswd.c: Clarfied -d option for saslpasswd * utils/saslpasswd.8: Clarfied -d option for saslpasswd * doc/plugprog.html: Added plugin programmer's guide * doc/index.html: linked to plugin programmer's guide * configure.in: corrected configure checking of Berkeley DB (from Scot W. Hetzel ) * configure.in: corrected checking for libcom_err (from Scot W. Hetzel ) 2001-07-23 Rob Siemborski * configure.in: Added check for db3/db.h * plugins/kerberos4.c Added mech_avail (checks for IP info) * lib/common.c: Fixed setting of serverFQDN in _sasl_conn_init * lib/server.c: Fully Implemented mech_avail calls in glue code * lib/server.c: Fixed allocation/destruction of sasl_conn_t's * lib/client.c: Fixed allocation/destruction of sasl_conn_t's * lib/common.c: Rely on earlier initialization in server.c and client.c * doc/options.html: added * ChangeLog: back to standard format 2001-07-20 Rob Siemborski * Can now deal with variable client-first mechs such as DIGEST-MD5, though this interface is subject to change * Modified parseuser to deal better with default realms * Simplified realm handling in DIGEST-MD5 (getrealm callback is no longer required). * Cleaned up some memory management issues in DIGEST-MD5 2001-07-19 Rob Siemborski * Fixed prototype of sasl_getpath_t to be in conformance with memory allocation rules * Fixed up samples directory * Try to dlopen using information in .la file if available (based on patch from Stoned Elipot ) * Resolution of most of the server-send-first and client-send-last issues (using mechanism feature flags) 2001-07-18 Rob Siemborski * Updated config.guess and config.sub * Better underscore checking for dlsym * Resolved possible global_utils namespace collision * Updated sasldb library to be expandable to multiple properties if the need arises in the future. * IPv6 support from Hajimu UMEMOTO 2001-07-17 Rob Siemborski * Extricated sasldb support to an auxprop plugin only. sasldb modifications can now only be done through the saslpasswd interface. 2001-07-13 Rob Siemborski * Fixed buffer overrun problem in sasldb auxprop plugin * Removed severe memory leak from testsuite * Version 2.0.2-ALPHA Released 2001-07-11 Rob Siemborski * error reporting in KERBEROS_V4 plugin * vague handling of SASL_AUTHSOURCE for getprop * random misc error reporting bugs * basic error messages for GSSAPI plugin 2001-07-10 Rob Siemborski * added client-send-first logic in glue code * removed some client-send-first logic in mechanisms * removed IPv4 specifics from sasl_conn_t * Much gluecode error revamping (store the error code in sasl_conn_t) 2001-07-09 Rob Siemborski * Removed dependency on "name" in canonuser plugin structure * Update configure.in from a new configure.scan * Update copyright info in man pages, finished all API man pages * Added auxprop tests to testsuite * Added userdb callback support 2001-07-09 Rob Siemborski * First attempt at making the java code work again * Minor memory and byte order bugfixes * Added testing support for dmalloc (--with-dmalloc) 2001-07-06 Rob Siemborski * Loading of auxprop and canonuser plugins from DSOs (This still sucks performance wise, and will be fixed soon) * Fixed some lack of indirection in the plugins * Reverted to the v1 entry points for the plugins * Cleaned up a good deal of the library loading code so it now only gets called from the sasl_*_init functions, and all the cleanup happens in the common sasl_done function * Added SASL_IPREMOTEPORT and SASL_IPLOCALPORT to setprop, and now _sasl_conn_init calls it to do the same work. 2001-07-05 Rob Siemborski * Working libsfsasl and smtptest program (--with-sfio) * Fixed sasldblistusers (atleast for Berkeley DB) * seterror() calls in ANONYMOUS, CRAM, PLAIN and LOGIN * Some new manpages 2001-07-03 Rob Siemborski * Static library compilation now optional (--with-staticsasl) Note that this is different from --enable-static, which causes libtool to build static versions of everything is is almost certainly NOT what you want. * Removed all references to the ancient NANA code. * Updated some documentation. 2001-07-02 Rob Siemborski * Improved allocation efficiency of KERBEROS_V4, DIGEST-MD5, and GSSAPI security layers. * Fixed a decode bug in DIGEST-MD5 (and testsuite improvements to help find similar ones) * Fixed a number of solaris compiler warnings * Static Library Build Support 2001-06-30 Rob Siemborski * Cleanup of some man pages (added sasl_errors.3) 2001-06-29 Rob Siemborski * Cleanup of APOP Code + new man page (Ken Murchison ) * Cleanup of comments in some files (Ken Murchison ) * Fixed some compiler errors on Solaris using /opt/SUNWspro/bin/cc (Reported by Mei-Hui Su 2001-06-28 Rob Siemborski * Improved memory allocation in default sasl_decode handler * Added ability to disable sasl_checkapop (--disable-checkapop) * Re-initialized kerberos mutex to NULL after it was freed 2001-06-28 Rob Siemborski * Fixed a severe bug in DIGEST-MD5 Plugin * KERBEROS_V4 plugin now thread safe * Version 2.0.1-ALPHA Released (due to DIGEST-MD5 problem) 2001-06-27 Rob Siemborski * Version 2.0.0-ALPHA Released cyrus-sasl-2.1.25/doc/0000777000076400007640000000000011632367341011476 500000000000000cyrus-sasl-2.1.25/doc/testing.txt0000666000076400007640000000632107403206001013620 00000000000000** This document is mainly useful for people doing libsasl development or users having a lot of difficulty getting libsasl to work. Testing the CMU SASL Library with the included sample applications ################################################################## The CMU SASL library comes with two small sample programs: sample-client and sample-server. Each of these programs dump base-64 SASL iterations to STDOUT, and read the next iteration from STDIN. Lines preceded by "C: " are from the client, and from "S: " are from the server. This makes it fairly straightforward to test mechanisms; simply run the sample-client on the "client" machine, and sample-server on the "server" machine. Both programs take a -m MECH command line argument; this can be used to force the mechanism used in the exchange. KERBEROS_V4 requires that the IP addresses of both client and server be set, along with the service name, and the server's fully-qualified hostname; these are done through more command line arguments. Example: Here's the client side of an exchange. The mechanism selection code chooses KERBEROS_V4; negotiation takes place, and the client is authenticated. This is being run on the machine SPOOKY.ANDREW.CMU.EDU (128.2.121.162), pretending to be talking to an "rcmd" service running on port 23 (note the semicolons in the IP address. There is a strong chance these will need to be escaped for proper interpretation by the shell): > ./sample-client -i local=128.2.121.162;23,remote=128.2.121.162;23 -s rcmd -n SPOOKY.ANDREW.CMU.EDU Waiting for mechanism list from server... S: UExBSU4gQU5PTllNT1VTIEtFUkJFUk9TX1Y0IERJR0VTVC1NRDUgQ1JBTS1NRDUgAAAAAED5EEA= Choosing best mechanism from: PLAIN ANONYMOUS KERBEROS_V4 DIGEST-MD5 CRAM-MD5 Using mechanism KERBEROS_V4 Preparing initial. Sending initial response... C: S0VSQkVST1NfVjQA Waiting for server reply... S: hVQFjA== Sending response... C: BAYCQU5EUkVXLkNNVS5FRFUAOCDnIsZLQRdjLHXvzPNgpURYVj1iMqBIcTRaMpEQ8vWeYnfB+mTCVEa2URpkVgpzS1161MAX7ERzFV/EfGKlrAhGJCdN56mQ3eL2PzJlK7Z9ctKv4gKErcmV Waiting for server reply... S: BgcvFb63CLs= Sending response... C: ohBT+Jqab9zmDzclN7GSTw== Negotiation complete > Here's the server side of the same dialog: > ./sample-server -s rcmd -i local=128.2.121.162;23,remote=128.2.121.162;23 Generating client mechanism list... Sending list of 5 mechanism(s) S: UExBSU4gQU5PTllNT1VTIEtFUkJFUk9TX1Y0IERJR0VTVC1NRDUgQ1JBTS1NRDUgAAAAAED5EEA= Waiting for client mechanism... C: S0VSQkVST1NfVjQA Sending response... S: hVQFjA== Waiting for client reply... C: BAYCQU5EUkVXLkNNVS5FRFUAOCDnIsZLQRdjLHXvzPNgpURYVj1iMqBIcTRaMpEQ8vWeYnfB+mTCVEa2URpkVgpzS1161MAX7ERzFV/EfGKlrAhGJCdN56mQ3eL2PzJlK7Z9ctKv4gKErcmV Sending response... S: BgcvFb63CLs= Waiting for client reply... C: ohBT+Jqab9zmDzclN7GSTw== Negotiation complete Username: rob Realm: ANDREW.CMU.EDU SSF: 56 > Running the Testsuite application ################################# The Testsuite application in the utils directory trys out all the functionality of libsasl against itself. When you run the application it displays some requirments for running, such as being able to read and write to the sasldb file. If this program is set up correctly and still fails we'd like to hear about it at cyrus-bugs@andrew.cmu.edu. cyrus-sasl-2.1.25/doc/TODO0000666000076400007640000000227407466006506012116 00000000000000Library ~~~~~~~ ) Better/FASTER random numbers (init time is pretty miserable) ) Test suite [still] needs work ) better support for including missing routines ) check return settings (ssf, etc.) on auth failure Documentation ~~~~~~~~~~~~~ ) so much to do here ) man pages (check spelling) ) programmers/sysadmin guide updates and clarifications ) update INSTALL to have clearer step-by-step instructions Mechs to write ~~~~~~~~~~~~~~ SRP ~~~ ) Testing OTP ~~~ ) Checking edge cases ) Testing Digest-MD5 ~~~~~~~~~~ ) Checking wacko cases or even not so wacko cases ) Testing Kerberos_V4 ~~~~~~~~~~~ ) client-side should set realm ) is prompt_need callback set default value GSSAPI ~~~~~~ ) Allow specification of alternate keytab file Plain ~~~~~ Cram-MD5 ~~~~~~~~ ) needs snprintf support Database stuff ~~~~~~~~~~~~~~ ) transactions? ) version the database? ) atomic updates of passwords (we can crash and leave the user with different passwords for different mechanisms) [through failure to make setpass calls] ) locks (to help fortify protection against OTP race attack)? ABI ~~~ ) Consider IRIX ABI issues for plugins - /usr/lib32/sasl? - /usr/lib/sasl/{ABI}? ) Standardize the plugin ABI cyrus-sasl-2.1.25/doc/server-plugin-flow.fig0000666000076400007640000001053707403027535015661 00000000000000#FIG 3.2 Landscape Center Inches Letter 100.00 Single -2 1200 2 6 14100 14100 17100 18450 2 2 0 1 0 0 50 0 4 0.000 0 0 -1 0 0 5 14100 14100 17100 14100 17100 18450 14100 18450 14100 14100 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 16950 18150 16950 16500 14325 16500 14325 18150 16950 18150 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 16950 16275 16950 14775 14250 14775 14250 16275 16950 16275 4 0 0 50 0 18 18 0.0000 4 210 1545 14325 14550 user_canon\001 4 0 0 50 0 18 18 0.0000 4 210 2520 14400 15150 canon_user_server\001 4 0 0 50 0 18 18 0.0000 4 270 2415 14475 16875 canon_user_client\001 -6 6 14100 11175 17100 13500 2 2 0 1 0 0 50 0 4 0.000 0 0 -1 0 0 5 14100 11175 17100 11175 17100 13500 14100 13500 14100 11175 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 16950 13275 16950 11925 14250 11925 14250 13275 16950 13275 4 0 0 50 0 18 18 0.0000 4 210 1095 14325 11625 auxprop\001 4 0 0 50 0 18 18 0.0000 4 270 2175 14475 12375 auxprop_lookup\001 -6 2 4 0 1 0 7 50 0 -1 0.000 0 0 7 0 0 5 11700 3000 11700 1200 8100 1200 8100 3000 11700 3000 2 4 0 1 0 7 50 0 -1 0.000 0 0 7 0 0 5 11700 5400 11700 3600 8100 3600 8100 5400 11700 5400 2 4 0 1 0 7 50 0 -1 0.000 0 0 7 0 0 5 11700 7800 11700 6000 8100 6000 8100 7800 11700 7800 2 4 0 1 0 7 50 0 -1 0.000 0 0 7 0 0 5 11700 10200 11700 8400 8100 8400 8100 10200 11700 10200 2 4 0 1 0 7 50 0 -1 0.000 0 0 7 0 0 5 11700 12300 11700 10800 8100 10800 8100 12300 11700 12300 2 2 0 1 0 0 50 0 4 0.000 0 0 -1 0 0 5 4500 8700 7500 8700 7500 17175 4500 17175 4500 8700 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 7275 13050 7275 11475 4725 11475 4725 13050 7275 13050 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 7275 14925 7275 13350 4725 13350 4725 14925 7275 14925 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 7275 16800 7275 15225 4725 15225 4725 16800 7275 16800 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 7275 11025 7275 9450 4725 9450 4725 11025 7275 11025 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 11700 15000 11700 13200 8100 13200 8100 15000 11700 15000 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 7275 12000 8100 13725 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 11700 13800 14250 15000 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14250 15225 11700 14100 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 11700 14400 14250 12375 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14250 12675 11700 14700 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 8100 14100 7275 12375 2 1 0 3 0 0 50 0 -1 0.000 0 0 7 1 1 2 0 0 3.00 180.00 360.00 0 0 3.00 180.00 360.00 8100 11400 7275 11925 2 1 0 3 0 0 50 0 -1 0.000 0 0 7 1 1 2 0 0 3.00 180.00 360.00 0 0 3.00 180.00 360.00 8100 9300 7275 10200 2 2 0 1 0 0 50 0 4 0.000 0 0 -1 0 0 5 14100 3600 17100 3600 17100 8700 14100 8700 14100 3600 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 4500 11700 2100 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 5100 11700 4500 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 5700 11700 6900 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 6600 11700 9300 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 7500 11700 11100 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 7800 11700 11400 2 1 0 3 0 0 50 0 -1 0.000 0 0 -1 1 0 2 0 0 3.00 180.00 360.00 14100 8550 11700 12150 2 4 0 1 0 0 50 0 -1 0.000 0 0 7 0 0 5 11625 17400 11625 15600 8100 15600 8100 17400 11625 17400 4 0 0 50 0 18 18 0.0000 4 270 1575 4650 9150 server_plug\001 4 0 0 50 0 18 18 0.0000 4 270 1590 4875 9825 mech_new()\001 4 0 0 50 0 18 18 0.0000 4 270 1650 4875 11850 mech_step()\001 4 0 0 50 0 18 18 0.0000 4 270 2145 4875 13800 mech_dispose()\001 4 0 0 50 0 18 18 0.0000 4 270 1755 8400 13725 canon_user()\001 4 0 0 50 0 18 18 0.0000 4 270 3105 8400 14415 [user information hook]\001 4 0 0 50 0 18 18 0.0000 4 270 1470 14400 4050 application\001 4 0 0 50 0 18 18 0.0000 4 45 225 12750 10125 ...\001 4 0 0 50 0 18 18 0.0000 4 270 1965 8400 16125 sasl_dispose()\001 4 0 0 50 0 18 18 0.0000 4 270 2445 8400 11400 sasl_server_step()\001 4 0 0 50 0 18 18 0.0000 4 270 2445 8400 9000 sasl_server_start()\001 4 0 0 50 0 18 18 0.0000 4 270 1980 8400 6600 sasl_listmech()\001 4 0 0 50 0 18 18 0.0000 4 270 2385 8400 4200 sasl_server_new()\001 4 0 0 50 0 18 18 0.0000 4 270 2265 8400 1725 sasl_server_init()\001 cyrus-sasl-2.1.25/doc/appconvert.html0000666000076400007640000001135507777054727014512 00000000000000 Converting Applications from SASLv1 to SASLv2

Application Conversion Guide for SASLv2

This documents our conversion experience with Cyrus IMAPd, an application that uses almost every part of SASL, so it should give a good idea what caveats need to be looked for when one is converting an application which uses SASLv1 to use SASLv2.

The major changes in the SASLv2 API have to do with memory management. That is, the rule "If you allocate it, you free it" is now enforced. That means that if the application allocates something (for example, an interaction or callback response), it must free it. Likewise, the application does NOT free anything handed to it by the SASL library, such as responses given by sasl_client_step or sasl_decode.

  • Tips for both clients and servers:

    • Change configure scripts to search for libsasl2 and include files prefixed with sasl/ (sasl/sasl.h, sasl/saslutil.h, etc)
    • sasl_decode64 now takes an additional parameter that is the size of the buffer it is passed.
    • External authentication properties are no longer handled by a sasl_external_properties_t. Instead you make 2 separate calls to sasl_setprop. One with SASL_SSF_EXTERNAL to tell the SASL library what SSF is being provided by the external layer. The other sets SASL_AUTH_EXTERNAL to indicate the authentication name.
    • sasl_getprop now returns its value in a const void **
    • sasl_encode and sasl_decode now return a constant output buffer, which you do not need to free (it is only valid until the next call for this sasl_ conn_t, however)
    • The SASL_IP_REMOTE and SASL_IP_LOCAL properties are now SASL_IPLOCALPORT and SASL_IPREMOTEPORT and take strings instead of sockaddrs. These strings may also be passed to the sasl_[client/server]_new functions. They are in one of the following formats:
      • a.b.c.d;p (IPv4, with port)
      • e:f:g:h:i:j:k:l;p (IPv6, with port)
      • e:j:k:l;p (IPv6, abbreviated zero fields, with port)
    • Error handling and reporting is different. All of the functions that used to return a "reply" string no longer do. Now you should (always) check sasl_errdetail. Callbacks MUST likewise use sasl_seterror instead of setting their (now nonexistent) reply parameter.
    • Be very careful about your handling of maxoutbuf. If you claim that you can only read 4096 bytes at a time, be sure to only pass at most that much at a time to the SASL library!
  • Tips for clients:
    1. In sasl_client_new you can now pass ip address strings as parameters 3 and 4 instead of calling setprop later on sockaddr's. This is preferred but not required (not passing them by either method disables mechs which require IP address information). You might find the iptostring() function in utils/smtptest.c to be useful for this. If the protocol supports the server sending data on success you should pass SASL_SUCCESS_DATA as a flag.
    2. sasl_client_start loses the 3rd "secret" parameter. Also, NULL clientout and clientoutlen indicates that the protocol does not support client-send-first. A NULL return value indicates that there is no first client send. (as opposed to an empty string, which indicates that the first client send is the empty string).
    3. Both sasl_client_start and sasl_client_step now take const clientout parameters that you are no longer responsible for freeing (it is only valid until the next call for this sasl_conn_t, however)
    4. When interactions and callbacks happen you are responsible for freeing the results.
  • Tips for Servers:
    1. SASL_SECURITY_LAYER flag no longer exists, whether or not to use a security layer is solely determined by the security properties information, namely, the maxbufsize member of the sasl_security_properties_t
    2. sasl_server_new now can take ip address strings.
    3. sasl_checkpass no longer has a "reply" parameter. There are also considerably fewer possible values for the pwcheck_method option (now only auxprop, saslauthd, authdaemond, and pwcheck).
    4. sasl_server_start / sasl_server_step have same output parameter deal as their equivalents on the client side
    5. sasl_listmech has a constant output parameter
    6. If you used to canonicalize the username in a SASL_CB_PROXY_POLICY callback you should now separate the functionality of authorization and canonicalization. That is, only do authorization in SASL_CB_PROXY_POLICY, and do canonicalization in the SASL_CB_CANON_USER callback
cyrus-sasl-2.1.25/doc/windows.html0000757000076400007640000001414410425403654014000 00000000000000 Building Cyrus SASL on Windows

Building Cyrus SASL on Windows

Note, that Cyrus SASL on Windows is still laregely a "work in progress". So far only the main library, plugins (SASLDB using SleepyCat, no MySQL) and several applications (see the list below) can be built. In particular, saslauthd doesn't compile on Windows.

Prerequisites

  • Visual Studio. We have tested Visual Studio 6 and Visual Studio 7 (.NET). By default we are using Visual Studio 7 (both 2002 and 2003 versions were tested). If you want to use Visual Studio 6, you need to remove the leading # character from the line containing "#VCVER=6" in win32/common.mak.
  • The latest Platform SDK. We are currently using March 2006. (The earliest tested version was November 2001.)
  • SleepyCat include files and libraries are required to buil SASLDB plugin, saslpasswd2.exe and sasldblistusers2.exe. We have tested SleepyCat 4.1.X-4.4.X.
  • If you are building directly from CVS, you'll need the Cygwin Unix-compatibility environment to create the _init.c files needed for dynamic loading. Cygwin is not required for building from our tar distribution.

Step by step

These directions assume that you've untarred the library or used CVS and the sources are in C:\SASL.

preparing to build (cvs only!)

Start a cygwin shell and create the dynamic loading stubs: 
% cd /cygdrive/c/sasl/plugins
% sh makeinit.sh

building using NMake

Open a "Windows 2000 build environment" from the SDK's Start Menu and use "nmake /f NTMakefile" to build.

To build a debug verison, use "nmake /f NTMakefile CFG=Debug". For a production version, "nmake /f NTMakefile CFG=Release". If you don't specify CFG parameter, production version will be built by default.

As Windows build requires SleepyCat, there are additional options that has to be provided to NMake on the command line. If SleepyCat sources are located in c:\packages\db\4.1.24 and built library in c:\packages\db\4.1.24\build_win32\Release_static, you should add something like DB_INCLUDE=c:\packages\db\4.1.24\build_win32 and DB_LIBPATH=c:\packages\db\4.1.24\build_win32\Release_static.
Also note, that the DB_LIB defines the name of the SleepyCat library to link against. It defaults to libdb41s.lib.
If you don't pass the parameters described above, NMake will pick the defaults, which is probably not what you want.

Another option of interest is STATIC. It specifies which version of the standard C library to use. The default is "no", meaning that the standard C library from the MSVCRT.DLL will be used.

Example: 

Targeting Windows 2000 and IE 5.0 RETAIL

C:\Program Files\Microsoft SDK> cd \sasl

C:\sasl> nmake /f NTMakefile DB_INCLUDE=c:\packages\db\4.1.24\build_win32
DB_LIBPATH=c:\packages\db\4.1.24\build_win32\Release_static

No configuration specified. Defaulting to Release.
Using MSVCRT.dll as C library by default.
Defaulting SleepyCat library name to libdb41s.lib.
Codegeneration defaulting to /MD.
...

SASL NTMakefile also understands "clean" target that you can use to clean all files generated by the compiler. 

C:\sasl> nmake /f NTMakefile clean

Microsoft (R) Program Maintenance Utility Version 7.00.9466
Copyright (C) Microsoft Corporation.  All rights reserved.

        cd lib && nmake /f NTMakefile                    clean

Microsoft (R) Program Maintenance Utility Version 7.00.9466
Copyright (C) Microsoft Corporation.  All rights reserved.

No configuration specified. Defaulting to Release.
Using MSVCRT.dll as C library by default.
Defaulting SleepyCat library name to libdb41s.lib.
Defaulting SleepyCat include path to c:\work\isode\db\build_win32.
Defaulting SleepyCat library path to c:\work\isode\db\build_win32\Release_static.
...

building additional plugins

Specify "GSSAPI=<type>" parameter if you want to enable GSSAPI plugin. Currently only <type>=CyberSafe is supported and this will build the plugin that links against CyberSafe Kerberos. GSSAPI depends on GSSAPI_INCLUDE and GSSAPI_LIBPATH parameters. You can either specify them on the command line or edit the defaults in win32\common.mak

Specify "SQL=<type>" parameter if you want to enable SQL plugin. Currently only <type>=SQLITE is supported and this will build the plugin that links against SQLITE (www.sqlite.org). SQL=<SQLITE> depends on SQLITE_INCLUDES and SQLITE_LIBPATH parameters. You can either specify them on the command line or edit the defaults in win32\common.mak

Specify "NTLM=1" parameter if you want to enable NTLM plugin. I.e. "nmake /f NTMakefile NTLM=1"

Specify "SRP=1" parameter if you want to enable SRP plugin. You can also specify "DO_SRP_SETPASS=1" if you want to enable SRP setpass functionality.

Specify "OTP=1" parameter if you want to enable OTP plugin.

NTLM, SRP and OTP plugins depend on OpenSSL. You can either specify OPENSSL_INCLUDE and OPENSSL_LIBPATH parameters on the command line or edit the defaults in win32\common.mak Note, that unless you are building one of those plugins, OpenSSL is not required!

If you want to build multiple additional plugins at once, you can specify multiple parameters described above, for example "nmake /f NTMakefile NTLM=1 SRP=1 OPT=1"

limitations

Currently all plugins but KerberosV4 (kerberos4.c) and PASSDSS (passdss.c) can be built on Windows. However limited testings was done for some plugins as listed below:
  • GSSAPI - tested using CyberSafe,
  • SASLDB - only SleepyCat version can be built,
  • SQL - using SQLITE, not tested
The following executables were built and tested (to some extend): In sample:
  • sample-client
  • sample-server
In utils:
  • sasldblistusers2
  • saslpasswd2
  • testsuite
  • pluginviewer
Note that saslauthd is NOT in this list.

testing

creating an MSI

cyrus-sasl-2.1.25/doc/options.html0000646000076400007640000002702011306006125013762 00000000000000 Options for Cyrus SASL

Options for Cyrus SASL

This document contains information on what options are used by the Cyrus SASL library and bundled mechanisms. The most commonly used options (and those that are therefore most commonly misunderstood are pwcheck_method and auxprop_plugin. Please ensure that you have configured these correctly if things don't seem to be working right. Additionally, mech_list can be an easy way to limit what mechanisms a given application will use.

OptionUsed ByDescriptionDefault
authdaemond_pathSASL Library Path to Courier-IMAP authdaemond's unix socket. Only applicable when pwcheck_method is set to authdaemond./dev/null
auto_transitionSASL Library When set to 'yes' or 'noplain', and when using an auxprop plugin, automatically transition users to other mechs when they do a successful plaintext authentication. When set to 'noplain', only non-plaintext secrets will be written. Note that the only mechs (as currently implemented) which don't use plaintext secrets are OTP and SRP.no
auxprop_pluginAuxiliary Property Plugin Name of auxiliary plugin to use, you may specify a space-separated list of plugin names, and the plugins will be queried in order (null) - querys all plugins
canon_user_pluginSASL Library Name of canon_user plugin to useINTERNAL
keytabGSSAPI Location of keytab file/etc/krb5.keytab (system dependant)
ldapdb_uriLDAPDB plugin ldap server uri, you can specify a space-separated list of URIs - ldapi:// or ldaps://ldap1/ ldaps://ldap2/ none
ldapdb_idLDAPDB plugin ldap SASL authentication id none
ldapdb_mechLDAPDB plugin ldap SASL mechanism for authentication none
ldapdb_pwLDAPDB plugin ldap password for SASL authentication id none
ldapdb_rcLDAPDB plugin The filename specified here will be put into the server's LDAPRC environment variable, and libldap-specific config options may be set in that ldaprc file. The main purpose behind this option is to allow a client TLS certificate to be configured, so that SASL/EXTERNAL may be used between the SASL server and the LDAP server. This is the most optimal way to use this plugin when the servers are on separate machines. none
ldapdb_starttlsLDAPDB plugin Use StartTLS. This option may be set to 'try' or 'demand'. When set to "try" any failure in StartTLS is ignored. When set to "demand" then any failure aborts the connection. none
ldapdb_canon_attrLDAPDB plugin Use the value of the specified attribute as the user's canonical name. The attribute will be looked up in the user's LDAP entry. This setting must be configured in order to use LDAPDB as a canonuser plugin. none
log_levelSASL Library Numeric Logging Level (see SASL_LOG_* in sasl.h for values and descriptions 1 (SASL_LOG_ERR)
mech_listSASL Library Whitespace separated list of mechanisms to allow (e.g. 'plain otp'). Used to restrict the mechanisms to a subset of the installed plugins.(use all available plugins)
ntlm_serverNTLM (server) Comma separated list of servernames (WinNT, Win2K, Samba, etc) to which authentication will be proxied. (null) - perform authentication internally
ntlm_v2NTLM (client) Send NTLMv2 responses to the server. no (send NTLMv1)
opiekeysOTP (with OPIE) Location of the opiekeys file/etc/opiekeys
otp_mdaOTP (w/o OPIE) Message digest algorithm for one-time passwords, used by sasl_setpass (possible values: 'md4', 'md5', 'sha1')md5
plugin_listSASL Library Location of Plugin list (Unsupported)none
pwcheck_methodSASL Library Whitespace separated list of mechanisms used to verify passwords, used by sasl_checkpass (possible values: 'auxprop', 'saslauthd', 'pwcheck', 'authdaemond' [if compiled with --with-authdaemond]) and 'alwaystrue' [if compiled with --enable-alwaystrue]) auxprop
reauth_timeoutDIGEST-MD5 Length in time (in minutes) that authentication info will be cached for a fast reauth. A value of 0 will disable reauth. 0
saslauthd_pathSASL Library Path to saslauthd run directory (including the "/mux" named pipe) system dependant (generally won't need to be changed)
sasldb_pathsasldb plugin Path to sasldb file/etc/sasldb2 (system dependant)
sql_engineSQL plugin Name of SQL engine to use (possible values: 'mysql', 'pgsql', 'sqlite', 'sqlite3'). mysql
sql_hostnamesSQL plugin Comma separated list of SQL servers (in host[:port] format). none (engine dependent)
sql_userSQL plugin Username to use for authentication to the SQL server. none (engine dependent)
sql_passwdSQL plugin Password to use for authentication to the SQL server. none (engine dependent)
sql_databaseSQL plugin Name of the database which contains the auxiliary properties. none (engine dependent)
sql_selectSQL plugin SELECT statement to use for fetching properties. This option is required in order to use the SQL plugin. none
sql_insertSQL plugin INSERT statement to use for creating properties for new users. none
sql_updateSQL plugin UPDATE statement to use for modifying properties. none
sql_usesslSQL plugin When set to 'yes', 'on', '1' or 'true', a secure connection will be made to the SQL server. no
srp_mdaSRP Message digest algorithm for SRP calculations (possible values: 'md5', 'sha1', 'rmd160')sha1
srvtabKERBEROS_V4 Location of the srvtab file/etc/srvtab (system dependant)

Notes on SQL auxprop options

The sql_insert and sql_update options are optional and are only needed if you wish to allow the SASL library (e.g., saslpasswd2) and plugins (e.g., OTP) to write properties to the SQL server. If used, both statements MUST be provided so that properties can be added, changed and deleted. NOTE: The columns for writable properites MUST accept NULL values.

The SQL statements provided in the sql_select, sql_insert and sql_update options can contain arguments which will be substituted with the appropriate values. The valid arguments are:

%u
Username whose properties are being fetched/stored.
%p
Name of the property being fetched/stored. This could technically be anything, but SASL authentication will try userPassword and cmusaslsecretMECHNAME (where MECHNAME is the name of a SASL mechanism).
%r
Realm to which the user belongs. This could be the kerberos realm, the FQDN of the computer the SASL application is running on or whatever is after the @ on a username. (read the realm documentation).
%v
Value of the property being stored (INSERT or UPDATE only!). This could technically be anything depending on the property itself, but is generally a userPassword.
NOTE: DO NOT put quotes around the entire SQL statement, but each individual %u, %r and %v argument MUST be quoted.

Examples:

     sql_select: SELECT %p FROM user_table WHERE username = '%u' and realm = '%r'
would send the following statement to SQL for user "bovik" and the default realm for the machine "madoka.surf.org.uk": 
     SELECT userPassword FROM user_table WHERE username = 'bovik' and
     realm = 'madoka.surf.org.uk';



     sql_insert: INSERT INTO user_table (username, realm, %p) VALUES ('%u', '%r', '%v')
would generate the following statement to SQL for user "bovik" in realm "madoka.surf.org.uk" with userPassword "wert": 
     INSERT INTO user_table (username, realm, userPassword) VALUES
     ('bovik', 'madoka.surf.org.uk', 'wert');

Note that all substitutions do not have to be used. For instance, 

     SELECT password FROM auth WHERE username = '%u'
is a valid value for sql_select.

Notes on LDAPDB plugin options

Unlike other LDAP-enabled plugins for other services that are common on the web, this plugin does not require you to configure DN search patterns to map usernames to LDAP DNs. This plugin requires SASL name mapping to be configured on the target slapd. This approach keeps the LDAP-specific configuration details in one place, the slapd.conf, and makes the configuration of remote services much simpler.

This plugin is not for use with slapd itself. When OpenLDAP is built with SASL support, slapd uses its own internal auxprop and canonuser module. By default, without configuring anything else, slapd will fail to load the ldapdb module when it's present. This is as it should be. If you don't like the "auxpropfunc: error -7" message that is sent to syslog by slapd, you can stop it by creating /usr/lib/sasl2/slapd.conf with: 

auxprop_plugin: slapd
which will force the SASL library to ignore all other auxprop modules.

Examples:

ldapdb_uri: ldap://ldap.example.com
ldapdb_id: root
ldapdb_pw: secret
ldapdb_mech: DIGEST-MD5
ldapdb_canon_attr: uid

The LDAP server must be configured to map the SASL authcId "root" into a DN that has proxy authorization privileges to every account that is allowed to login to this server. (See the OpenLDAP Admin Guide section 10 for details.)

ldapdb_uri: ldapi://
ldapdb_mech: EXTERNAL

This configuration assumes an LDAP server is on the same server that is using SASL and the underlying OS is *NIX based (ldapi:// requires UNIX domain sockets). This is fast and secure, and needs no username or password to be stored. The slapd.conf will need to map these usernames to LDAP DNs: 

sasl-regexp uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
    ldap:///dc=example,dc=com??sub?(&(uidNumber=$1)(gidNumber=$2))

sasl-regexp uid=(.*),cn=external,cn=auth
    ldap:///dc=example,dc=com??sub?(uid=$1)

Back to the index cyrus-sasl-2.1.25/doc/advanced.html0000666000076400007640000000330510014247146014043 00000000000000 Cyrus SASL Library -- Advanced Usage

Cyrus SASL library, version 2.0

Notes for Advanced Usage of libsasl

Using Cyrus SASL as a static library

As of v2.0.2-ALPHA, Cyrus SASL supports the option to compile all of the supported mechanisms and glue code into a single static library that may be linked into any application. In practice, this saves memory by avoiding the need to have a jump table for each process's reference into the shared library, and ensures that all the mechanisms are loaded when the application loads (thus reducing the overhead of loading the DSOs).

However, this is not a recommended procedure to use in general. It loses the flexibility of the DSOs that allow one to simply drop in a new mechanism that even currently-running applications will see for each new connection. That is, if you choose to use the static version of the library, not only will you need to recompile the library each time you add a mechanism (provided the mechanisms even support being compiled staticly), but you will need to recompile every application that uses Cyrus SASL as well.

However, if you are sure you wish to use a static version of Cyrus SASL, compile it by giving configure the --enable-static option. This will compile both a dynamic and a static version. Then, whenever an application links to libsasl, it will also need to explicitly pull in any dynamic libraries that may be needed by Cyrus SASL. Most notably, these might include the GSSAPI, Kerberos, and Database libraries. To avoid compiling the dynamic version, pass --disable-shared.

Back to the index cyrus-sasl-2.1.25/doc/readme.html0000666000076400007640000001123510204731165013534 00000000000000 Cyrus SASLv2 README

Read Me First

This document offers a general overview of the Cyrus SASL library. The Cyrus SASL Libray provides applications with an implementation of the Simple Authentication and Security Layer (RFC2222), and several authentication mechanisms. Users interested in the "big picture" of what is provided by the library should read about Cyrus SASL Components.

FEATURES

The following mechanisms are included in this distribution:
  • ANONYMOUS
  • CRAM-MD5
  • DIGEST-MD5
  • EXTERNAL
  • GSSAPI (MIT Kerberos 5, Heimdal Kerberos 5 or CyberSafe)
  • KERBEROS_V4
  • LOGIN
  • NTLM (requires OpenSSL libcrypto)
  • OTP (requires OpenSSL libcrypto)
  • PLAIN
  • SRP (work in progress; requires OpenSSL libcrypto)
The library also supports storing user secrets in either a hash database (e.g. Berkeley DB, gdbm, ndbm), LDAP, or in a SQL database (MySQL, Postgres). Additionally, mechanisms such as PLAIN and LOGIN (where the plaintext password is directly supplied by the client) can perform direct password verification via the saslauthd daemon. This allows the use of LDAP, PAM, and a variety of other password verification routines. The sample directory contains two programs which provide a reference for using the library, as well as making it easy to test a mechanism on the command line. See programming.html for more information.

This library is believed to be thread safe IF:

  • you supply mutex functions (see sasl_set_mutex())
  • you make no libsasl calls until sasl_client/server_init() completes
  • no libsasl calls are made after sasl_done() is begun
  • when using GSSAPI, you use a thread-safe GSS / Kerberos 5 library.

TYPICAL UNIX INSTALLATION

First, if you are upgrading from Cyrus SASLv1, please see upgrading.html.

Please see the file install.html for instructions on how to install this package.

Note that the library can use the environment variable SASL_PATH to locate the directory where the mechanisms are; this should be a colon-separated list of directories containing plugins. Otherwise it will default to the value of --with-plugindir as supplied to configure (which itself defaults to /usr/local/lib).

INSTALLATION ON MAC OS X

Please read macosx.html

INSTALLATION ON WINDOWS

Please read windows.html. This configuration has not been extensively tested.

CONFIGURATION

There are two main ways to configure the SASL library for a given application. The first (and typically easiest) is to make use of the application's configuration files. Provided the application supports it (via the SASL_CB_GETOPT callback), please refer to that documetation for how to supply SASL options.

Alternatively, Cyrus SASL looks for configuration files in /usr/lib/sasl/Appname.conf where Appname is settable by the application (for example, Sendmail 8.10 and later set this to "Sendmail").

Configuration using the application's configuration files (via the getopt callback) will override those supplied by the SASL configuration files.

For a detailed guide on configuring libsasl, please look at sysadmin.html and options.html

KNOWN BUGS

  • libtool doesn't always link libraries together. In our environment, we only have static Krb5 libraries; the GSSAPI plugin should link these libraries in on platforms that support it (Solaris and Linux among them) but it does not. It also doesn't always get the runpath of libraries correct.
  • Also see our bugzilla.

AUTHORS

For any comments/suggestions/bug reports, please contact cyrus-bugs@andrew.cmu.edu. Be sure to include the version of libsasl and your operating system; messages without this information will not be answered.

Major contributors to the libsasl code can be found in the top-level file AUTHORS. Additionally saslauthd has an AUTHORS file that lists major contributors as well.

People considering doing binary distributions that include saslauthd should be aware that the code is covered by several slightly different (but compatible) licenses, due to how it was contributed. Details can be found within the source code.

Back to the index cyrus-sasl-2.1.25/doc/plugprog.html0000646000076400007640000004024611631664415014150 00000000000000 SASL Plugin Programmer's Guide

SASL Plugin Programmer's Guide

NOTE: This is a work in progress. Any contributions would be very appreciated

Introduction

About this Guide

This guide gives a very brief overview on the things that one needs to know to write a mechanism for the SASLv2 API (and thus Cyrus SASLv2). Note that this page is a brief overview only and that the authoritative documentation are the header files included in the SASL distribution. If you have any questions, please feel free to contact the Cyrus development team at cyrus-bugs@andrew.cmu.edu or the cyrus-sasl mailing list at cyrus-sasl@andrew.cmu.edu .

Please note that this guide is only intended for developers looking to write mechanisms for the SASLv2 API, and that application programmers should be reading this document instead.

What is SASL?

A description of SASL is covered in detail in the programmer's guide, which mechanism developers should probably read first anyway to become familiar with development using the SASL library.

Common Section

Overview of Plugin Programming

The basic idea behind programming plugins for Cyrus SASL rests in the ability to dlopen a shared library. Thus, all plugins should be shared libraries. It is recommended that they are libtool libraries for portability reasons (Cyrus SASL parses .la files to get the appropriate name to dlopen), but they can have an extention of .so as well.

All plugins should live in the same directory (generally /usr/lib/sasl2), which the glue code (that is, the interface layer that sits between the plugins and the application) scans when one of the init functions (sasl_server_init or sasl_client_init) is called. Cyrus SASL then attempts to open each library and run an initialization function. If the initialization function succeeds, and the versions match, then the glue code determines that the load was successful and the plugin is available for use.

There are serveral types of plugins (note that a given plugin library may contain any or all of the following in combination, though such a plugin would be a beast!):

  • Mechanism Plugins - These plugins implement mechanisms for authentication, and are the majority of the plugins included with Cyrus SASL. Generally implementing both a client and a server side they take care of the authentication process.
  • User Canonicalization Plugins - These plugins enable differing ways of canonicalizing authentication and authorization IDs.
  • Auxiliary Property Plugins - These plugins allow auxilliary properties about user accounts to be looked up, such as passwords. Cyrus SASL includes a plugin to read sasldb files, for example.

Use of sasl_utils_t

Because of the way that shared library plugins are loaded for both speed and namespace reasons, the symbol tables are not shared across plugins. Thus, the only interface that the plugin should assume it has to the outside world is through the sasl_utils_t structure (or through links that it specifically requires). Likewise, the glue code has no (and will use no) interface into the plugin other than the contents of the structures that are passed back to it by the initialization function.

This should be stressed again: do not assume you have access to any functions except through links that your library explicitly makes or through what is provided via the sasl_utils_t structure.

Error Reporting

Error reporting is very important for failed authentication tracking and helping to debug installations or authentication problems. For that reason, in addition to the standard SASL return codes, the glue code provides an interface to its seterror function (via sasl_utils_t). This function sets detailed error information for a given connection.

In order to ensure consistency of this information, it is the responsibility of the deepest function with access to the sasl_conn_t make the call to set the errdetail string.

Memory Allocation

Memory allocation in SASLv2 follows the simple paradigm that if you allocate it, you free it. This improves portability, and allows for a large performance improvement over SASLv1. To prevent memory leaks (especially in the mechanism plugins), please ensure that you follow this paradigm.

Client Send First / Server Send Last

Mechanism plugins used to have to worry about the situation where they needed clients to send first (or server to send last), yet the protocol did not support it. Luckily, this is now handled by the glue code, provided that the plugin declares the appropriate flags in the structure returned by its init function. Thus, the step functions will not have to worry about these issues and can be implemented knowing they will be called only when the application actually has data for them and/or will allow them to send data. These flags are as follows:

  • SASL_FEAT_WANT_CLIENT_FIRST: The mechanism has the client side send first always. (e.g. PLAIN)
  • SASL_FEAT_SERVER_FIRST: The mechanism has the server side send first always. (e.g. CRAM-MD5)

If neither flag is set, the mechanism will handle the client-send first situation internally, because the client may or may not send first. (e.g. DIGEST-MD5). In this case, the plugin must intelligently check for the presence (or absence) of clientin/serverin data. Note that the optional client send-first is only possible when the protocol permits an initial response.

The server send last situation is handled by the plugin intelligently setting *serverout when the step function returns SASL_OK. For mechanisms which never send last (e.g. PLAIN), *serverout must be set to NULL. For mechanisms which always send last (e.g. DIGEST-MD5), *serverout must point to the success data. For mechanisms in which the server may or may not send last (e.g. SRP), *serverout must be set accordingly.

Client Plugins

Client-side mechanism plugins are generally included in the same plugin with their server counterpart, though this is not a requirement. They take care of the client-side of the SASL negotiation. For a simple example, see the ANONYMOUS plugin.

Client plugins must export sasl_client_plug_init which returns a sasl_client_plug_t in order to load. The structure has several functional members and a global context (which applies to all connections using the plugin). The important ones are described briefly here.

  • mech_new - Called at the beginning of each connection, (on a call to sasl_client_start), mech_new does mechanism-specific initialization, and if necessary allocates a connection context (which the glue code keeps track of for it). mech_new does not actually send any data to the client, it simply allocates the context.
  • mech_step - Called from sasl_client_start and sasl_client_step, this function does the actual work of the client side of the authentication. If authentication is successful, it should return SASL_OK, otherwise it should return a valid SASL error code (and call seterror). This should also set up the oparams structure before returning SASL_OK, including any security layer information (in the way of callbacks). Note that as soon as the client has both the authentication and authorization IDs, it MUST call the canon_user function provided in its params structure (for both the authentication and authorization IDs, with SASL_CU_AUTHID and SASL_CU_AUTHZID respectively).
  • mech_dispose - Called to dispose of a connection context. This is only called when the connection will no longer be used (e.g. when sasl_dispose is called)
  • mech_free - Called when the sasl library is shutting down (by sasl_client_done/sasl_server_done/sasl_done). Intended to free any global state of the plugin.

Server Plugins

Server-side mechanism plugins are generally included in the same plugin with their client counterpart, though this is not a requirement. They take care of the server-side of the SASL negotiation, and are generally more complicated than their client-side counterparts. For a simple example, see the ANONYMOUS plugin.

Server plugins must export sasl_server_plug_init which returns a sasl_server_plug_t in order to load. The structure has several functional members and a global context (which applies to all connections using the plugin). The important ones are described briefly here.

  • mech_new - Called at the beginning of each connection, (on a call to sasl_client_start), mech_new does mechanism-specific initialization, and if necessary allocates a connection context (which the glue code keeps track of for it). mech_new does not actually send any data to the client, it simply allocates the context.
  • mech_step - Called from sasl_server_start and sasl_server_step, this function does the actual work of the server side of the authentication. If authentication is successful, it should return SASL_OK, otherwise it should return a valid SASL error code (and call seterror). This should also set up the oparams structure before returning SASL_OK, including any security layer information (in the way of callbacks and SSF information). Also, as soon as the mechanism has computed both the authentication and the authorization IDs, it MUST call the canon_user function provided in the server params structure (for both the authentication and authorization IDs, with SASL_CU_AUTHID and SASL_CU_AUTHZID respectively). This action will also fill in its propctx, so any auxiliary property requests (for example, to lookup the password) should be done before the request to canonicalize the authentication id. Authorization ID lookups do not occur until after the plugin returns success to the SASL library.

    Before returning SASL_OK, mech_step must fill in the oparams fields for which it is responsible, that is, doneflag (set to 1 to indicate a complete exchange), maxoutbuf, or the maximum output size it can do at once for a security layer, mech_ssf or the supplied SSF of the security layer, and encode, decode, encode_context, and decode_context, which are what the glue code will call on calls to sasl_encode, sasl_encodev, and sasl_decode.

  • mech_dispose - Called to dispose of a connection context. This is only called when the connection will no longer be used (e.g. when sasl_dispose is called)
  • mech_free - Called when the sasl library is shutting down (by sasl_client_done/sasl_server_done/sasl_done). Intended to free any global state of the plugin.
  • setpass - Called to set a user's password. This allows mechanisms to support their own internal password or secret database.
  • mech_avail - Called by the first call to sasl_listmech, it checks to see if the mechanism is available for the given user, and MAY allocate a connection context (thus avoiding a call to mech_new). However it should not do this without significant performance benefit as it forces the glue code to keep track of extra contexts that may not be used.

User Canonicalization (canon_user) Plugins

User Canonicalization plugins allow for nonstandard ways of canonicalizing the username. They are subject to the following requirements:

  • They must copy their output into the provided output buffers.
  • The output buffers may be the same as the input buffers.
  • They must function for the case which is only an authentication ID (flags == SASL_CU_AUTHID) or only an authorization ID (flags == SASL_CU_AUTHZID) or both (flags == SASL_CU_AUTHID | SASL_CU_AUTHZID)

User canonicalization plugins must export a sasl_canonuser_init function which returns a sasl_canonuser_plug_t in order to load successfully. They must implement at least one of the canon_user_client or canon_user_server members of the sasl_canonuser_plug_t. The INTERNAL canon_user plugin that is inside of the glue code implements both in the same way.

Auxiliary Property (auxprop) Plugins

Perhaps the most exciting addition in SASLv2, Auxprop plugins allow for an easy way to perform password and secret lookups (as well as other information needed for authentication and authorization) from directory services, and in the same request allow the application to receive properties that it needs to provide the service.

Auxprop plugins need to export the sasl_auxprop_init function and pass back a sasl_auxprop_plug_t in order to load successfully. The sasldb plugin included with the Cyrus SASL distribution would be a good place to start.

Interfacing with property contexts is extremely well documented in prop.h and so that is omitted here. The only important note is to be sure that you are using the interfaces provided through the sasl_utils_t structure and not calling the functions directly.

To successfully implement an auxprop plugin there is only one required function to implement, that is the auxprop_lookup member of the sasl_auxprop_plug_t. This is called just after canonicalization of the username, with the canonicalized username. It can then do whatever lookups are necessary for any of the requested auxiliary properties.

Back to the index cyrus-sasl-2.1.25/doc/install.html0000666000076400007640000002420410204731165013745 00000000000000 Cyrus SASLv2 INSTALL Documentation

Installation Procedure

This document offers a general overview of installing the SASL library.

Quick and Dirty

  cd (directory it was untarred into)
  ./configure
  make
  make install
  ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

If you're checking this directly out of CVS, you'll need to run "sh ./SMakefile" to build the configure script first.

Read the System Administrator's Guide to learn how to configure libsasl in depth. There is also a document that covers migrating from libsasl v1 to libsasl v2 applications.

You may also be interested in the contents of configure --help which can reveal the many possible configure options that can be used to build Cyrus SASL.

Details

Note that the library looks for plugins in /usr/lib/sasl2, but installs them into ${prefix}/lib/sasl2, where ${prefix} is usually something like /usr/local. This is intentional - we want the plugins installed with the rest of the package (wherever things get installed at your site), but we want the library to always be able to find its plugins under /usr/lib/sasl2, no matter where you install things, so that the SASL plugin ABI on all platforms is roughly the same.

If you don't want to do this for some reason, you can set the location where the library will look for plugins by setting the environment variable SASL_PATH to the path the library should use.

Slower and Cleaner

Before reading this section, please be sure you are comfortable with the concepts presented in the components discussion and in the Read Me First document.

You will want to have answered the following questions about your intended installation:

  1. What mechanisms do you want to support? Are they plaintext (LOGIN, PLAIN), shared secret (DIGEST-MD5, CRAM-MD5), or Kerberos (KERBEROS_V4, GSSAPI)? Perhaps you will use some combination (generally plaintext with one of the other two types).
  2. Given the answer to the previous question, how will the mechanisms perform user verification?
    • The Kerberos mechanisms just need your existing Kerberos infroastructure.
    • The shared secret mechanisms will need an auxprop plugin backend.
    • The plaintext mechanisms can make do with saslauthd, Courier authdaemond (not included), *or* by using an auxprop plugin backend.
    • To use Kerberos and Plaintext, you'll likely want to use saslauthd with a kerberos module for plaintext authentication. To use Shared Secret and plaintext, you'll want to use the auxprop plugin for password verification.
  3. If you are using an auxprop plugin, will you be using SASLdb (and if so, Berkeley DB [recommended], GDBM, or NDBM?), LDAP or an SQL backend (Postgres? MySQL?).
  4. If you are using saslauthd, what module will you be using? LDAP? Kerberos? PAM?
  5. Also if you are using saslauthd, what communication (IPC) method do you want to use? On most systems, the correct answer is the default (unix sockets), but on Solaris you can use IPC doors, which have proven to be more stable than equivilant Solaris systems using unix sockets.
Once you have answered these questions, properly configuring a working configuration of Cyrus SASL becomes significantly easier.

Requirements

You'll probably need the GNU make program, available as of this writing here.

If you are using SASLdb, you will need to pick your backend. libsasl2 can use gdbm, Berkeley db, or ndbm to implement its user/password lookup. Most systems come with ndbm these days; as of this writing, gdbm is available here. Berkeley DB is available from: Sleepycat

If you are using SQL, you'll need to properly configure your server/tables, and build the necessary client libraries on the system where you will be building and using SASL. Currently we support PostgreSQL v7.2 (or higher) and MySQL.

If you are using LDAPDB, you'll need SASL enabled OpenLDAP libraries. OpenLDAP 2.1.27 (or higher) or 2.2.6 (or higher) is support.

For Kerberos support, you'll need the kerberos libraries. At CMU, the version we use comes from here.

For GSSAPI support you will need either MIT Kerberos 5 , the Heimdal or CyberSafe implementation.

Build Configuration

Once you have ansered all the necessary questions and installed (and tested!) any required packages for your configuration, you are ready to build SASL. Building SASL is done with the aid of an autoconf configure script, which has a lot of options. Be sure to read the outpit of configure --help to be sure you aren't missing any (they are all documented). Note that often times a --enable-foo option has a counterpart like --disable-foo to not enable that feature.

Some of the most important configuration options are those which allow you to turn off the comiplation of modules you do not need. This is often the easiest way to solve compilation problems with Cyrus SASL. If you're not going to need a particular mechanism, don't build it! Not building them can also add performance improvements as it does take system resources to load a given plugin, even if that plugin is otherwise unused (even when it is disabled via the mech_list option).

As of this writing, modules that are enabled by default but may not be applicable to all systems include CRAM-MD5, DIGEST-MD5, OTP, KERBEROS_V4, GSSAPI, PLAIN, and ANONYMOUS. These can be disabled with --disable-cram, --disable-digest, --disable-otp, --disable-krb4, --disable-gssapi, --disable-plain, and --disable-anon respecively.

If you are using an SQL auxprop plugin, you may want to specify one or more of --enable-sql, --with-mysql=PATH, and --with-pgsql=PATH, note that PATH in the later two should be replaced with the path where you installed the necessary client libraries.

If you are using LDAPDB auxprop plugin, you will need to specify --enable-ldapdb and --with-ldap=PATH. Warning: LDAPDB auxprop plugin (and LDAP enabled saslauthd) introduces a circular dependency between OpenLDAP and SASL. I.e., you must have OpenLDAP already built when building LDAPDB in SASL. In order for LDAPDB to work at runtime, you must have OpenLDAP already built with SASL support. One way to solve this issue is to build Cyrus SASL first without ldap support, then build OpenLDAP, and then come back to SASL and build LDAPDB.

Given the myriad of ways that Berkeley DB can be installed on a system, people useing it may want to look at the --with-bdb-libdir and --with-bdb-incdir as alternatives to --with-dbbase for specifying the paths to the Berkeley DB Library and Include directories.

In fact, if you're not planning on using SASLdb at all, it may be worth your time to disable its use entirely with the --with-dblib=none option.

If you are planning on using LDAP with saslauthd, be sure to specify the --with-ldap=PATH option to configure.

Building and Installation

After configure runs, you should be able to build SASL just by running make. If this runs into problems, be sure that you have disabled everything that your system doesn't need, and that you have correctly specified paths to any dependencies you may have.

To install the library, run make install as root followed by ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 (modified for your installation path as appropriate). Be sure to do this last step or SASL will not be able to locate your plugins!

Compilation Hints

You may need to play with your CPPFLAGS and LDFLAGS a little if you're using vendor compilers. We use gcc extensively, but you'll probably have more luck if you use the same compiler for the library as you do for your applications. You can see what compilers we use on our platforms by looking at the "SMakefile".

Application Configuration

Plesae read about the SASL Options to learn what needs to be configured so that applications can successfully use the SASL library. This is also covered in the Read Me First document.

You will want to ensure that the settings of pwcheck_method and auxprop_plugin match the decisions you made about your authentication infrastructure. (For example, if you are using saslauthd as a password verifier, you'll want to be sure to set pwcheck_method: saslauthd).

If you are using saslauthd, you will want to arrange for saslauthd -a pam (or ldap, or kerberos4, etc) to be run at boot. If you are not going to be using saslauthd, then this is not necessary.

Many of these pieces are covered in more detail in the SASL System Administrator's Guide.

Supported platforms

This has been tested under Linux 2.2, Linux 2.4, Solaris 2.7 and Solaris 2.8. It should work under any platform where dynamic objects can be linked against other dynamic objects, and where the dynamic library file extension is ".so", or where libtool creates the .la files correctly. There is also documentation for Win32, MacOS X, and OS/390.

Back to the index cyrus-sasl-2.1.25/doc/ONEWS0000666000076400007640000001110207403206001012211 00000000000000New in 1.5.26 ------------- * Interoperability bug in DIGEST-MD5's layers was fixed. * DIGEST-MD5's DES layer has been disabled until the interoperability can be worked out. New in 1.5.25 ------------- * The DIGEST-MD5 plugin now includes an implementation of RC4, since it's a lot easier to get working than interfacing with OpenSSL. * A delayed-open plugin mode has been implemented, but not yet documented. New in 1.5.24 ------------- * be a little paranoid about what we give PAM * small bugfixes New in 1.5.22 ------------- * fixed some DIGEST-MD5 buglets * fixed serious bug that a client could avoid the authorization callback * added pwcheck method "sia" for Digital Unix * now should try libdb-3 before libdb. New in 1.5.21 ------------- * build process fixes New in 1.5.20 ------------- * bug fixes * LOGIN mechanism has a compatibility tweak New in 1.5.19 ------------- * Initial srp work * Programmers Guide more complete * bug fixes (of course) New in 1.5.18 ------------- * javasasl library in conformance with internet draft * man pages for all functions written * bug fixes (of course) New in 1.5.17 ------------- * give application authentication name and realm more uniformly * sasldblistusers utility to list users in sasldb * memory leaks eliminated; boundary cases tested New in 1.5.16 ------------- * pwcheck_method now defaults to sasldb. READ UPGRADE INSTRUCTIONS IN README * sanity checking inputs throughout the code. * Unsupported LOGIN plugin added to the Windows build. * calling sasl_checkpass() with pwcheck_method: kerberos_v4 restores the old ticket file before returning. New in 1.5.15 ------------- * configure now correctly detects Berkeley DB 3.x (Claus Assmann). New in 1.5.14 ------------- * Upgraded to libtool 1.3.4. * External SSF handled more uniformly, and handle min/max SSF requests correctly. * Unsupported LOGIN plugin added, by Rainer Schoepf . Please don't enable it unless you know you need it. * HP/UX support, contributed by Claus Assmann. New in 1.5.13 ------------- * Sanity check to make sure there's at least something in sasldb READ UPGRADE INSTRUCTIONS IN README * Fixes to how external layers are handled (some fixes by Alexey Melnikov) * Berkeley DB 3.x support contributed by Greg Shapiro * Additional pwcheck fixes (Joe Hohertz) * Fixed Heimdal krb5 configure checks * other random fixes New in 1.5.12 ------------- * lots of bugfixes * DIGEST-MD5 more in conformance with spec * support for Berkeley DB * support for OpenSSL's version of RC4 New in 1.5.11 ------------- * bugfix in realm support for DIGEST-MD5 New in 1.5.10 ------------- * DIGEST-MD5 layer support * dbconversion utility added New in 1.5.9 ------------ * Bug fixes * More win32 support * Realm support in the database (database format changed again, sorry) Other realm support in plugins; need to document it * Preliminary code for pwcheck added; not yet tested (and probably not working) * config stuff should be less case/whitespace sensitive * more error conditions logged New in 1.5.5 ------------ * Bug fixes * sasldb plaintext support (database format changed!!!) * Handles multiple realms in DIGEST * New Windows compatibility (tested!) New in 1.5.3 ------------ * Bug fixes * Tested GSSAPI & added layers * Some changes for Windows compatibility (next release) New in 1.5.2 ------------ * A few bug fixes * Better portability * Upgraded libtool New in 1.5.0 ------------ * Lots of bug fixes * A few API changes (watch especially sasl_get_prop() and sasl_set_prop()!) * Digest authentication works * Configuration file * Some more documentation (doc/programming) * Code cleanup New in 1.4.1 ------------ * Tested kerberos4, cram, plain, and anonymous fairly extensively * Many bugs fixed * Created sample programs * Added digest * Prototype credential API New in 1.3b1 ------------ * Added saslpasswd for setting sasl passwords * Added sfsasl for people using sfio * Lots of bug fixes New in 1.2b3 ------------ * Slightly better documentation, easier compilation * Plain now understands authorization and callbacks New in 1.2b2 ------------ * Win32 support * Fixes to anonymous, kerberos mechs * Some signed lengths in the API changed to unsigned New in 1.2b1 ------------ * Lots of bug fixes * GSSAPI * Cleaner getopt interface * Cleaner plugin callback lookup interface * Global inits now take callback list, not just a sasl_getopt_t * Preliminary Java support * Authentication database hook * Default AuthDB routines moved from mechanisms to library * Logging hook * Default syslog-based logging hook in library * Preliminary plaintext transition for CRAM/SCRAM cyrus-sasl-2.1.25/doc/NTMakefile0000666000076400007640000000131510014712131013300 00000000000000# Prevent all diagnostic messages VERBOSE=0 !INCLUDE ..\win32\common.mak docdir = $(prefix)\doc all: all-recursive # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # # In order to force xcopy not to confirm if the second parameter is file or directory, # the first parameter has to contain a wildcard character. For example, we use libsasl.l*, # instead of libsasl.lib. Ugly, but works! # install: @xcopy *.txt $(docdir) /I /F /Y @xcopy *.fig $(docdir) /I /F /Y @xcopy *.html $(docdir) /I /F /Y @xcopy TODO $(docdir) /I /F /Y @xcopy ONEWS $(docdir) /I /F /Y all-recursive: @echo Nothing to build for target all clean: @echo Nothing to do for target clean cyrus-sasl-2.1.25/doc/programming.html0000646000076400007640000012134111631664415014627 00000000000000 SASL Application Programmer's Guide

SASL Application Programmer's Guide

NOTE: This is a work in progress. Any contributions would be very appreciated

Contents

Introduction

About this Guide

This guide gives a tutorial on the use of the Cyrus SASL library for a client or server application. It complies with versions including and after 2.0.0. The following pages should only be considered a guide, not the final word on programming with the Cyrus SASL library. Consult the header files in the distribution in the case of ambiguities.

What is SASL?

SASL stands for Simple Authentication Security Layer and is explained in RFC 2222. That document is very difficult to understand however and it should be unnecessary to consult it.

Background

How did the world work before SASL?

Before SASL, when a new protocol was written which required authentication (users proving who they are to an entity), the protocol had to allow explicitly for each individual authentication mechanism. There had to be a distinct way to say "I want to log in with Kerberos V4". There had to be another distinct way to say "I want to log in with CRAM-MD5". There had to be yet a different way to say "I want to log in anonymously," and so on. This was non-ideal for both the protocol and application writers.

Additionally, many programmers were not very familiar with security, so the protocol did support many mechanisms, or worse, they were supported incorrectly. Moreover, when a new authentication method was invented the protocol needed to be modified to support that mechanism.

This system also was not ideal for application writer. She had to have a special case for each mechanism she wished her application to support. Also, the mechanisms were difficult to implement. Even with a good library, an understanding of how the mechanism worked was still necessary. Finally if an application used more than one protocol (for example a mail client might use IMAP, POP, and SMTP) then "Kerberos V4 for IMAP", "Kerberos V4 for POP", "Kerberos V4 for SMTP", "CRAM MD5 for IMAP", "CRAM-MD5 for POP", etc... would need to be written. This could quickly create a huge number of different mechanism-protocol pairs to implement.

SASL to the rescue!

SASL hopefully solves all these problems. In practice it makes many of them easier to deal with.

Protocol designers simply have to support SASL (in particular RFC 2222). Consequently, any mechanism that supports SASL (just about anything you would want to use does now) is supported by the protocol. If a new authentication mechanism is invented the protocol automatically supports it without any modifications.

Application writers, instead of having to support every mechanism for every protocol, only need to support SASL for every protocol. Application writers do not need to understand the authentication mechanisms at all: the SASL library handles all that. Also with the Cyrus SASL library if a new mechanism is invented you do not have rewrite your application at all. You may not even have to restart your application if it is a long running process. This is because the Cyrus SASL library loads each mechanism from a shared library. Simply copying a shared library into a directory will magically make your application support a new mechanism.

Cyrus SASL version 2 supports a much improved API over version 1, that allows for much smarter and faster memory allocation for the mechanisms as well as the applications. It is also provides for several new types of plugins to allow for greater overall flexibility. Unfortunately, though similar, this new API is completely incompatible with the old API, and applications will need to be rewritten.

Briefly

What is the Cyrus SASL library good for?

The Cyrus SASL library is good for applications that wish to use protocols that support SASL authentication. An non-exhaustive list of these are: IMAP, SMTP, ACAP, and LDAP. Also if you are making a proprietary system and wish to support authentication it is a good way of supporting many different authentication types.

What does the Cyrus SASL library do?

From a client point of view, the Cyrus SASL library, given a list of mechanisms the server supports it will decide the best mechanism to use and tell you what to send to the server at each step of the authentication. From a server perspective, it handles authentication requests from clients.

What doesn't the Cyrus SASL library do?

The Cyrus SASL library is neither network nor protocol aware. It is up to the application to send the data over the wire as well as to send the data in the protocol specific manner. With IMAP this means putting it in the form: + [base64'ed data]\r\n. LDAP just sends data in binary via bind requests. The Cyrus SASL library has utility base64 encode and decode routines to help with this.

Client-only Section

A typical interaction from the client's perspective

  1. A client makes a few calls (explained later) to initialize SASL.
  2. Every time the client application makes a new connection it should make a new context that is kept for the life of the connection.
  3. Ask the server for the list of supported mechanisms
  4. Feed this list to the library
  5. Start the authentication with the mechanism the library chose
  6. The server will return some bytes
  7. Give these to the library
  8. The library returns some bytes to the application
  9. Application sends these bytes over the network
  10. repeat the last 4 steps until the server tells you that the authentication is completed

How does this look in code

Initialize the library. (done once). 
    
        int result;

        /* attempt to start sasl 
         * See the section on Callbacks and Interactions for an 
         * explanation of the variable callbacks
         */ 

        result=sasl_client_init(callbacks);
            
            /* check to see if that worked */
            if (result!=SASL_OK) [failure]
For every network connection, make a new SASL connection: 
       
            /* The SASL context kept for the life of the connection */
            sasl_conn_t *conn;

 
            /* client new connection */
            result=sasl_client_new("imap",     /* The service we are using */
                       serverFQDN, /* The fully qualified domain
                                                  name of the server we're
                                                  connecting to */
                       NULL, NULL, /* Local and remote IP
                                                  address strings
                                                  (NULL disables mechanisms
                                                   which require this info)*/
                                   NULL,       /* connection-specific
                                                  callbacks */
                       0,          /* security flags */
                       &conn);     /* allocated on success */

            /* check to see if that worked */
            if (result!=SASL_OK) [failure]
Next get the list of SASL mechanisms the server supports. This is usually done through a capability command. Format the list as a single string separated by spaces. Feed this string into SASL to begin the authentication process. 
       
            sasl_interact_t *client_interact=NULL;
            const char *out, *mechusing;
            unsigned outlen;

            do {

              result=sasl_client_start(conn,      /* the same context from
                                                     above */ 
                                       mechlist,  /* the list of mechanisms
                                                     from the server */
                                       &client_interact, /* filled in if an
                                                            interaction is needed */
                       &out,      /* filled in on success */
                                       &outlen,   /* filled in on success */
                       &mechusing);

              if (result==SASL_INTERACT)
              {
                 [deal with the interactions. See interactions section below]
              }


           } while (result==SASL_INTERACT); /* the mechanism may ask us to fill
                                               in things many times. result is 
                                               SASL_CONTINUE on success */
           if (result!=SASL_CONTINUE) [failure]
Note that you do not need to worry about the allocation and freeing of the output buffer out. This is all handled inside of the mechanism. It is important to note, however, that the output buffer is not valid after the next call to sasl_client_start or sasl_client_step.

If this is successful send the protocol specific command to start the authentication process. This may or may not allow for initial data to be sent (see the documentation of the protocol to see).

        For IMAP this might look like:
          {tag} "AUTHENTICATE" {mechusing}\r\n
          A01 AUTHENTICATE KERBEROS_V4\r\n
           
        SMTP looks like:
         "AUTH" {mechusing}[ {out base64 encoded}]
         AUTH DIGEST-MD5 GHGJJGDDFDKHGHJG=

Check Results
Next, read what the server sent back. It can be one of three things:
  1. Authentication failure. Authentication process is halted. This might look like A01 NO Authentication failure in IMAP or 501 Failed in SMTP. Either retry the authentication or abort.
  2. Authentication success. We're now successfully authenticated. This might look like A01 OK Authenticated successful in IMAP or 235 Authentication successful in SMTP. Go here
  3. Another step in the authentication process is necessary. This might look like + HGHDS1HAFJ= in IMAP or 334 PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4= in SMTP. Note it could be an empty string such as + \r\n in IMAP.
Convert the continuation data to binary format (for example, this may include base64 decoding it). Perform another step in the authentication. 
              do {
                result=sasl_client_step(conn,  /* our context */
                        in,    /* the data from the server */
                        inlen, /* it's length */
                        &client_interact,  /* this should be
                                                              unallocated and NULL */
                        &out,     /* filled in on success */
                        &outlen); /* filled in on success */

                if (result==SASL_INTERACT)
                {
                   [deal with the interactions. See below]
                }


              } while (result==SASL_INTERACT || result == SASL_CONTINUE);

              if (result!=SASL_OK) [failure]
Format the output (variable out of length outlen) in the protocol specific manner and send it across the network to the server.
Goto here (this process repeats until authentication either succeeds or fails.


Authentication Successful

Before we're done we need to call sasl_client_step() one more time to make sure the server isn't trying to fool us. Some protocols include data along with the last step. If so this data should be used here. If not use a length of zero.

                result=sasl_client_step(conn,  /* our context */
                        in,    /* the data from the server */
                        inlen, /* it's length */
                        &client_interact,  /* this should be unallocated and NULL */
                        &out,     /* filled in on success */
                        &outlen); /* filled in on success */

                if (result!=SASL_OK) [failure]

Congratulations. You have successfully authenticated to the server.

Don't throw away the SASL connection object (sasl_conn_t *) yet though. If a security layer was negotiated you will need it to encode and decode the data sent over the network.


When you are finally done with connection to server, dispose of SASL connection. 
      
               sasl_dispose(&conn);
If you are done with SASL forever (application quiting for example): 
            sasl_client_done();
Or if your application is both a SASL client and a SASL server: 
            sasl_done();
But note that applications should be using sasl_client_done()/sasl_server_done() whenever possible.

sasl_client_init

    int sasl_client_init(const sasl_callback_t *callbacks);
Parameters:
  • callbacks - List of callbacks. See Callbacks section
This function initializes the SASL library. This must be called before any other SASL calls. See the callbacks section for complete description of callbacks.

sasl_client_new

    int sasl_client_new(const char *service,
                const char *serverFQDN,
                        const char *iplocalport,
                        const char *ipremoteport,
                const sasl_callback_t *prompt_supp,
                unsigned secflags,
                sasl_conn_t **pconn);
Parameters:
  • service - the service name being used. This usually is the protocol name (e.g. "ldap")
  • serverFQDN - Fully qualified domain name of server
  • iplocalport and ipremoteport - a string of the format "a.b.c.d;p" detailing the local or remote IP and port, or NULL (which will disable mechanisms that require this information)
  • prompt_supp - List off callbacks specific to this connection
  • secflags - security flags ORed together requested (e.g. SASL_SEC_NOPLAINTEXT)
  • pconn - the SASL connection object allocated upon success
This function creates a new SASL connection object. It should be called once for every connection you want to authenticate for.

sasl_client_start

    int sasl_client_start(sasl_conn_t *conn,
                  const char *mechlist,
              sasl_interact_t **prompt_need,
              const char **clientout,
              unsigned *clientoutlen,
              const char **mech);
Parameters:
  • conn - the SASL connection object gotten from sasl_client_new()
  • mechlist - the list of mechanisms to try (separated by spaces)
  • prompt_need - filled in when a SASL_INTERACT is returned
  • clientout - filled in upon success with data to send to server
  • clientoutlen - length of that data
  • mech - filled in with mechanism being used
This function starts an authentication session. It takes a list of possible mechanisms (usually gotten from the server through a capability command) and chooses the "best" mechanism to try. Upon success clientout points at data to send to the server.

sasl_client_step

    int sasl_client_step(sasl_conn_t *conn,
         const char *serverin,
         unsigned serverinlen,
         sasl_interact_t **prompt_need,
         const char **clientout,
         unsigned *clientoutlen);
Parameters:
  • conn - the SASL connection object gotten from sasl_client_new()
  • serverin - data from the server
  • serverinlen - length of data from the server
  • prompt_need - filled in with a SASL_INTERACT is returned
  • clientout - filled in upon success with data to send to server
  • clientoutlen - length of that data
This step preforms a step in the authentication process. It takes the data from the server (serverin) and outputs data to send to the server (clientout) upon success. SASL_CONTINUE is returned if another step in the authentication process is necessary. SASL_OK is returned if we're all done.

Server-only Section

A typical interaction from the server's perspective

The server makes a few Cyrus SASL calls for initialization. When it gets a new connection it should make a new context for that connection immediately. The client may then request a list of mechanisms the server supports. The client also may request to authenticate at some point. The client will specify the mechanism it wishes to use. The server should negotiate this authentication and keep around the context afterwards for encoding and decoding the layers.

How does this look in code?

Initialization (done once). The application name is used for reading configuration information. 
    
    int result;

    /* Initialize SASL */
    result=sasl_server_init(callbacks,      /* Callbacks supported */
                            "TestServer");  /* Name of the application */
This should be called for each new connection. It probably should be called right when the socket is accepted. 
    sasl_conn_t *conn;
    int result;

    /* Make a new context for this connection */
    result=sasl_server_new("smtp", /* Registered name of service */
                   NULL, /* my fully qualified domain name; 
                        NULL says use gethostname() */
                           NULL, /* The user realm used for password
                        lookups; NULL means default to serverFQDN
                                    Note: This does not affect Kerberos */
                       NULL, NULL, /* IP Address information strings */
                   NULL, /* Callbacks supported only for this connection */
                       0, /* security flags (security layers are enabled
                               * using security properties, separately)
               &conn);
When a client requests the list of mechanisms supported by the server. This particular call might produce the string: "{PLAIN, KERBEROS_V4, CRAM-MD5, DIGEST-MD5}" 
    result=sasl_listmech(conn,  /* The context for this connection */
             NULL,  /* not supported */
             "{",   /* What to prepend the string with */
             ", ",  /* What to separate mechanisms with */
             "}",   /* What to append to the string */
             &result_string, /* The produced string. */
                         &string_length, /* length of the string */
                         &number_of_mechanisms); /* Number of mechanisms in
                                                the string */
When a client requests to authenticate: 
    int result;
    const char *out;
    unsigned outlen;

    result=sasl_server_start(conn, /* context */
                             mechanism_client_chose,
                             clientin,    /* the optional string the client gave us */
                             clientinlen, /* and it's length */
                             &out, /* The output of the library.
                                      Might not be NULL terminated */
                             &outlen);

    if ((result!=SASL_OK) && (result!=SASL_CONTINUE))
      [failure. Send protocol specific message that says authentication failed]
    else if (result==SASL_OK)
      [authentication succeeded. Send client the protocol specific message 
       to say that authentication is complete]
    else 
      [send data 'out' with length 'outlen' over the network in protocol
       specific format]
When a response is returned by the client. clientin is the data from the client decoded from protocol specific format to a string of bytes of length clientinlen. This step may occur zero or more times. An application must be able to deal with it occurring an arbitrary number of times. 
    int result;
   
    result=sasl_server_step(conn,
                            clientin,      /* what the client gave */
                            clientinlen,   /* it's length */
                            &out,          /* allocated by library on success. 
                                              Might not be NULL terminated */
                            &outlen);

    if ((result!=SASL_OK) && (result!=SASL_CONTINUE))
      [failure. Send protocol specific message that says authentication failed]
    else if (result==SASL_OK)
      [authentication succeeded. Send client the protocol specific message 
       to say that authentication is complete]
    else 
      [send data 'out' with length 'outlen' over the network in protocol
       specific format]
This continues until authentication succeeds. When the connection is concluded, make a call to sasl_dispose as with the client connection.

sasl_server_init

    int sasl_server_init(const sasl_callback_t *callbacks,
                         const char *appname);
Parameters:
  • callbacks - A list of callbacks supported by the application (see Interaction and Callbacks section)
  • appname - A string of the name of the application. This string is what is used when loading configuration options.
sasl_server_init() initializes the session. This should be the first function called. In this function the shared library authentication mechanisms are loaded.

sasl_server_new

    int sasl_server_new(const char *service,
            const char *serverFQDN,
            const char *user_realm,
                        const char *iplocalport,
                        const char *ipremoteport,
            const sasl_callback_t *callbacks,
            unsigned secflags,
            sasl_conn_t **pconn);
Parameters:
  • service - The name of the service you are supporting. This might be "acap" or "smtp". This is used by Kerberos mechanisms and possibly other mechanisms. It is also used for PAM authentication.
  • serverFQDN - This is the fully qualified domain name of the server (i.e. your hostname); if NULL, the library calls gethostbyname().
  • user_realm - The realm the connected client is in. The Kerberos mechanisms ignore this parameter and default to the local Kerberos realm. A value of NULL makes the library default, usually to the serverFQDN; a value of "" specifies that the client should specify the realm; this also changes the semantics of "@" in a username for mechanisms that don't support realms.
  • iplocalport and ipremoteport - a string of the format "a.b.c.d;p" detailing the local or remote IP and port, or NULL (which will disable mechanisms that require this information)
  • callbacks - Additional callbacks that you wish only to apply to this connection.
  • secflags - security flags.
  • pconn - Context. Filled in on success.

sasl_server_start

     int sasl_server_start(sasl_conn_t *conn,
               const char *mech,
               const char *clientin,
               unsigned clientinlen,
               const char **serverout,
               unsigned *serveroutlen);
Parameters:
  • conn - The context for the connection
  • mech - The authentication mechanism the client wishes to try (e.g. KERBEROS_V4)
  • clientin - Initial client challenge bytes. Note: some protocols do not allow this. If this is the case passing NULL is valid
  • clientinlen - The length of the challenge. 0 is there is none.
  • serverout - allocated and filled in by the function. These are the bytes that should be encoded as per the protocol and sent over the network back to the client.
  • serveroutlen - length of bytes to send to client
This function begins the authentication process with a client. If the program returns SASL_CONTINUE that means serverout should be sent to the client. If SASL_OK is returned that means authentication is complete and the application should tell the client the authentication was successful. Any other return code means the authentication failed and the client should be notified of this.

sasl_server_step

    int sasl_server_step(sasl_conn_t *conn,
                 const char *clientin,
                 unsigned clientinlen,
                 const char **serverout,
                 unsigned *serveroutlen);
Parameters:
  • conn - The context for the connection
  • clientin - Data sent by the client.
  • clientinlen - The length of the client data. Note that this may be 0
  • serverout - allocated and filled in by the function. These are the bytes that should be encoded as per the protocol and sent over the network back to the client.
  • serveroutlen - length of bytes to send to client. Note that this may be 0
This function preforms a step of the authentication. This may need to be called an arbitrary number of times. If the program returns SASL_CONTINUE that means serverout should be sent to the client. If SASL_OK is returned that means authentication is complete and the application should tell the client the authentication was successful. Any other return code means the authentication failed and the client should be notified of this.

sasl_listmech

    int sasl_listmech(sasl_conn_t *conn,
              const char *user,
              const char *prefix,
              const char *sep,
              const char *suffix,
              const char **result,
              unsigned *plen,
              unsigned *pcount);
Parameters:
  • conn - The context for this connection
  • user - Currently not implemented
  • prefix - The string to prepend
  • sep - The string to separate mechanisms with
  • suffix - The string to end with
  • result - Resultant string
  • plen - Number of characters in the result string
  • pcount - Number of mechanisms listed in the result string
This function is used to create a string with a list of SASL mechanisms supported by the server. This string is often needed for a capability statement.

sasl_checkpass

    int sasl_checkpass(sasl_conn_t *conn,
                       const char *user,
                       unsigned userlen,
               const char *pass,
               unsigned passlen);
Parameters:
  • conn - The context for this connection
  • user - The user trying to check the password for
  • userlen - The user length
  • pass - The password
  • passlen - The password length
This checks a plaintext password pass for user user Some protocols have legacy systems for plaintext authentication where this might be used.

Common Section

Callbacks and Interactions

When the application starts and calls sasl_client_init() you must specify for what data you support callbacks and/or interactions. These are for the library getting information needed for authentication from the application. This is needed for things like authentication name and password. If you do not declare supporting a callback you will not be able to use mechanisms that need that data. A callback is for when you have the information before you start the authentication. The SASL library calls a function you specify and your function fills in the requested information. For example if you had the userid of the user already for some reason. An interaction is usually for things you support but will need to ask the user for (e.g. password). sasl_client_start() or sasl_client_step() will return SASL_INTERACT. This will be a list of sasl_interact_t's which contain a human readable string you can prompt the user with, a possible computer readable string, and a default result. The nice thing about interactions is you get them all at once so if you had a GUI application you could bring up a dialog box asking for authentication name and password together instead of one at a time.

Any memory that is given to the SASL library for the purposes of callbacks and interactions must persist until the exchange completes in either success or failure. That is, the data must persist until sasl_client_start or sasl_client_step returns something other than SASL_INTERACT or SASL_CONTINUE.

Memory management:As in the rest of the SASLv2 API, whoever allocates the memory is responsible for freeing it. In almost all cases this should be fairly easy to manage, however a slight exception where the interaction sasl_interact_t structure is allocated and freed by the library, while the results are allocated and freed by the application. As noted above, however, the results may not be freed until after the exchange completes, in either success or failure.

For a detailed description of what each of the callback types are see the sasl.h file. Here are some brief explanations:

  • SASL_CB_AUTHNAME - the name of the user authenticating
  • SASL_CB_USER - the name of the user acting for. (for example postman delivering mail for tmartin might have an AUTHNAME of postman and a USER of tmartin)
  • SASL_CB_PASS - password for AUTHNAME
  • SASL_CB_GETREALM - Realm of the server
An example of a way to handle callbacks: 
    /* callbacks we support. This is a global variable at the 
       top of the program */
    static sasl_callback_t callbacks[] = {
    {
      SASL_CB_GETREALM, NULL, NULL  /* we'll just use an interaction if this comes up */
    }, {
      SASL_CB_USER, NULL, NULL      /* we'll just use an interaction if this comes up */
    }, {
      SASL_CB_AUTHNAME, &getauthname_func, NULL /* A mechanism should call getauthname_func
                                                   if it needs the authentication name */
    }, { 
      SASL_CB_PASS, &getsecret_func, NULL      /* Call getsecret_func if need secret */
    }, {
      SASL_CB_LIST_END, NULL, NULL
    }
    };


    static int getsecret_func(sasl_conn_t *conn,
      void *context __attribute__((unused)),
      int id,
      sasl_secret_t **psecret)
    {
       [ask the user for their secret]

       [allocate psecret and insert the secret]

      return SASL_OK;
    }

    static int getauthname_func(void *context,
                                int id,
                                const char **result,
                                unsigned *len)
    {
       if (id!=SASL_CB_AUTHNAME) return SASL_FAIL;

       [fill in result and len]

       return SASL_OK;
     }

    
    in the main program somewhere
    
    sasl_client_init(callbacks);

Security layers

All is well and good to securely authenticate, but if you don't have some sort of integrity or privacy layer, anyone can hijack your TCP session after authentication. If your application has indicated that it can support a security layer, one might be negotiated.

To set that you support a security layer, set a security property structure with max_ssf set to a non-zero number:

   sasl_security_properties_t secprops;

   secprops.min_ssf = 0;
   secprops.max_ssf = 256;
   secprops.maxbufsize = /* SEE BELOW */;

   secprops.property_names = NULL;
   secprops.property_values = NULL;
   secprops.security_flags = SASL_SEC_NOANONYMOUS; /* as appropriate */

   sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
The secprops variable will be copied during the call to sasl_setprop, so you may free its memory immediately. The SSF stands for security strength factor and is a rough indication of how "secure" the connection is. A connection supplying only integrity with no privacy would have an SSF of 1. A connection secured by 56-bit DES would have an SSF of 56.

To require a security layer, set min_ssf to the minimum acceptable security layer strength.

After authentication is successful, you can determine whether or not a security layer has been negotiated by looking at the SASL_SSF property:

   const int *ssfp;

   result = sasl_getprop(conn, SASL_SSF, (const **) &ssfp);
   if (result != SASL_OK) {
       /* ??? */
   }
   if (*ssfp > 0) {
       /* yay, we have a security layer! */
   }

If a security layer has been negotiated, your application must make use of the sasl_encode() and sasl_decode() calls. All output must be passed through sasl_encode() before being written to the wire; all input must be passed through sasl_decode() before being looked at by the application. Your application must also be prepared to deal with sasl_decode() not returning any data in the rare case that the peer application did something strange (by splitting a single SASL blob into two seperate TCP packets).

The only subtlety dealing with security layers is the maximum size of data that can be passed through sasl_encode() or sasl_decode(). This must be limited to make sure that only a finite amount of data needs to be buffered. The simple rules to follow:

  • Before starting authentication, set maxbufsize in your security properties to be the buffer size that you pass to the read() system call—that is, the amount of data you're prepared to read at any one time.
  • After authentication finishes, use sasl_getprop() to retrieve the SASL_MAXOUTBUF value, and call sasl_encode() with chunks of data of that size or less. sasl_encode() will throw an error if you call it with a larger chunk of data, so be careful!

Memory management: As usual, whoever allocates the memory must free it. The SASL library will keep the data returned from sasl_encode() until the next call to sasl_encode() on that connection. (sasl_decode() results persist until the next call to sasl_decode() on that connection.) The application must not attempt to free the memory returned from either function.

Internally:

  • your application sets SASL_SEC_PROPS with the buffer size X of the amount of data it will be using to read() from the socket.
  • libsasl passes this number to the mechanism.
  • the mechanism passes this number to the other side. the other side gives the corresponding read() size to our side.
  • the mechanism subtracts the overhead of the layers from the size retrieved from the other side and returns it to the libsasl.
  • libsasl then returns (via SASL_MAXOUTBUF) this number as the maximum amount of plaintext material that can be encoded at any one time, Y.
  • sasl_encode() enforces the restriction of the length Y.

Example applications that come with the Cyrus SASL library

sample-client and sample-server

The sample client and server included with this distribution were initially written to help debug mechanisms. They base64 encode all the data and print it out on standard output.

Make sure that you set the IP addresses, the username, the authenticate name, and anything else on the command line (some mechanisms depend on these being present).

Also, sometimes you will receive a get "realm: Information not available" message, or similar; this is due to the fact that some mechanisms do not support realms and therefore never set it.

Cyrus imapd v2.1.0 or later

The Cyrus IMAP server now incorporates SASLv2 for all its authentication needs. It is a good example of a fairly large server application. Also of interest is the prot layer, included in libcyrus. This is a stdio-like interface that automatically takes care of layers using a simple "prot_setsasl()" call.

Cyrus imapd also sets a SASL_CB_PROXY_POLICY callback, which should be of interest to many applications.

imtest, from Cyrus 2.1.0 or later

imtest is an application included with Cyrus imapd. It is a very simple IMAP client, but should be of interest to those writing applications. It also uses the prot layer, but it is easy to incorporate similar support without using the prot layer. Likewise, there are other sample client applications that you can look at including smtptest and pop3test in the SASL distribution and the Cyrus IMAPd distribution, respectively.

Miscellaneous Information

Empty exchanges

Some SASL mechanisms intentionally send no data; an application should be prepared to either send or receive an empty exchange. The SASL profile for the protocol should define how to send an empty string; make sure to send an empty string when requested, and when receiving an empty string make sure that the "inlength" passed in is 0.

Note especially that the distinction between the empty string "" and the lack of a string (NULL) is extremely important in many cases (most notably, the client-send first scenario), and the application must ensure that it is passing the correct values to the SASL library at all times.

Idle

While the implementation and the plugins correctly implement the idle calls, none of them currently do anything.
Please send any questions or comments to:
cyrus-bugs@andrew.cmu.edu

Back to the index cyrus-sasl-2.1.25/doc/sysadmin.html0000646000076400007640000005355311306006125014130 00000000000000 Cyrus SASL for System Administrators

Cyrus SASL for System Administrators

This document covers configuring SASL for system administrators, specifically those administrators who are installing a server that uses the Cyrus SASL library. You may want to read this document which presents an overview of the major components of the Cyrus SASL distribution and describes how they interact, as well as the installation guide.

What SASL is

SASL, the Simple Authentication and Security Layer, is a generic mechanism for protocols to accomplish authentication. Since protocols (such as SMTP or IMAP) use SASL, it is a natural place for code sharing between applications. Some notable applications that use the Cyrus SASL library include Sendmail, Cyrus imapd, and OpenLDAP.

Applications use the SASL library to tell them how to accomplish the SASL protocol exchange, and what the results were.

SASL is only a framework: specific SASL mechanisms govern the exact protocol exchange. If there are n protocols and m different ways of authenticating, SASL attempts to make it so only n plus m different specifications need be written instead of n times m different specifications. With the Cyrus SASL library, the mechanisms need only be written once, and they'll work with all servers that use it.

Authentication and authorization identifiers

An important concept to become familiar with is the difference between an "authorization identifier" and an "authentication identifier".
userid (user id, authorization id)
The userid is the identifier an application uses to check allowable options. On my Unix system, the user "bovik" (the account of Harry Q. Bovik) is allowed to write to "/home/bovik" and its subdirectories but not to "/etc".
authid (authentication id)
The authentication identifier is the identifier that is being checked. "bovik"'s password might be "qqqq", and the system will authenticate anyone who knows "qqqq" as "bovik". However, it's possible to authenticate as one user but act as another user. For instance, Harry might be away on vacation and assign one of his graduate students, Jane, to read his mail. He might then allow Jane to act as him merely by supplying her password and her id as authentication but requesting authorization as "bovik". So Jane might log in with an authentication identifier of "jane" and an authorization id of "bovik" and her own (Jane's) password.

Applications can set their own proxy policies; by default, the SASL library will only allow the same user to act for another (that is, userid must equal authid). See your application's documentation for details about changing the default proxy/authorization policies.

Realms

The Cyrus SASL library supports the concept of "realms". A realm is an abstract set of users and certain mechanisms authenticate users in a certain realm.

In the simplest case, a single server on a single machine, the realm might be the fully-qualified domain name of the server. If the applications don't specify a realm to SASL, most mechanisms will default to this.

If a site wishes to share passwords between multiple machines, it might choose it's authentication realm as a domain name, such as "CMU.EDU". On the other hand, in order to prevent the entire site's security from being compromised when one machine is compromised, each server could have it's own realm. Certain mechanisms force the user (client side) to manually configure what realm they're in, making it harder for users to authenticate.

A single site might support multiple different realms. This can confuse applications that weren't written in anticipation of this; make sure your application can support it before adding users from different realms into your databases.

To add users of different realms to sasldb, you can use the -u option to saslpasswd2. The SQL plugin has a way of integrating the realm name into the query string with the '%r' macro.

The Kerberos mechanisms treat the SASL realm as the Kerberos realm. Thus, the realm for Kerberos mechanisms defaults to the default Kerberos realm on the server. They may support cross-realm authentication; check your application on how it deals with this.

Realms will be passed to saslauthd as part of the saslauthd protocol, however the way each saslauthd module deals with the situation is different (for example, the LDAP plugin allows you to use the realm to query the server, while the rimap and PAM plugins ignore it entirely).

Realms are represented in a username string by any text followinhg the '@' sign. So, usernames like rjs3@ANDREW.CMU.EDU, is user 'rjs3' in the realm 'ANDREW.CMU.EDU'. If no realm is provided, the server's FQDN is assumed (likewise when specifying a realm for saslpasswd2).

How SASL works

How SASL works is governed by what mechanism the client and server choose to use and the exact implementation of that mechanism. This section describes the way these mechanisms act in the Cyrus SASL implementation.

The PLAIN mechanism, sasl_checkpass(), and plaintext passwords

The PLAIN mechanism is not a secure method of authentication by itself. It is intended for connections that are being encrypted by another level. (For example, the IMAP command "STARTTLS" creates an encrypted connection over which PLAIN might be used.) The PLAIN mechanism works by transmitting a userid, an authentication id, and a password to the server, and the server then determines whether that is an allowable triple.

The principal concern for system administrators is how the authentication identifier and password are verified. The Cyrus SASL library is flexible in this regard:

auxprop
checks passwords agains the userPassword attribute supplied by an auxiliary property plugin. For example, SASL ships with a sasldb auxiliary property plugin, that can be used to authenticate against the passwords stored in /etc/sasldb2. Since other mechanisms also use this database for passwords, using this method will allow SASL to provide a uniform password database to a large number of mechanisms.
saslauthd
contacts the saslauthd daemon to to check passwords using a variety of mechanisms. More information about the various invocations of saslauthd can be can be found in saslauthd(8). Generally you want something like saslauthd -a pam. If plaintext authentications seem to be taking some time under load, increasing the value of the -n parameter can help.

Saslauthd keeps its named socket in "/var/state/saslauthd" by default. This can be overridden by specifying an alternate value to --with-saslauthd=/foo/bar at compile time, or by passing the -m parameter to saslauthd (along with setting the saslauthd_path SASL option). Whatever directory this is, it must exist in order for saslauthd to function.

Once you configure (and start) saslauthd, there is a testsaslauthd program that can be built with make testsaslauthd in the saslauthd subdirectory of the source. This can be used to check that that the saslauthd daemon is installed and running properly. An invocation like testsaslauthd -u rjs3 -p 1234 with appropriate values for the username and password should do the trick.

If you are using the PAM method to verify passwords with saslauthd, keep in mind that your PAM configuration will need to be configured for each service name that is using saslauthd for authentication. Common service names are "imap", "sieve", and "smtp".

Courier-IMAP authdaemond
contacts Courier-IMAP's authdaemond daemon to check passwords. This daemon is simliar in functionality to saslauthd, and is shipped separately with the Courier mail server.

Note: this feature is not compiled in the library by default, and its provided for sites with custom/special requirements only (because the internal authentication protocol its not documented anywhere so it could change at any time). We have tested against the authdaemond included with Courier-IMAP 2.2.1.

To enable authdaemond support, pass --with-authdaemon to the configuration script, set pwcheck_method to ``authdaemond'' and point authdaemond_path to authdaemond's unix socket. Optionally, you can specify --with-authdaemond=PATH to the configure script so that authdaemond_path points to a default, static, location.

pwcheck
checks passwords with the use of a separate, helper daemon. This feature is for backwards-compatibility only. New installations should use saslauthd.

write your own
Last, but not least, the most flexible method of authentication for PLAIN is to write your own. If you do so, any application that calls the "sasl_checkpass()" routine or uses PLAIN will invoke your code. The easiest place to modify the plaintext authentication routines is to modify the routine "_sasl_checkpass()" in the file lib/server.c to support a new method, and to add that method to lib/checkpw.c. Be sure to add a prototype in lib/saslint.h!

However, the more flexible and preferred method of adding a routine is to create a new saslauthd mechanism.

The LOGIN mechanism (not to be confused with IMAP4's LOGIN command) is an undocumented, unsupported mechanism. It's included in the Cyrus SASL distribution for the sake of SMTP servers that might want to interoperate with old clients. Do not enable this mechanism unless you know you're going to need it. When enabled, it verifies passwords the same way the PLAIN mechanism does.

Shared secrets mechanisms

The Cyrus SASL library also supports some "shared secret" authentication methods: CRAM-MD5 and its successor DIGEST-MD5. These methods rely on the client and the server sharing a "secret", usually a password. The server generates a challenge and the client a response proving that it knows the shared secret. This is much more secure than simply sending the secret over the wire proving that the client knows it.

There's a downside: in order to verify such responses, the server must keep passwords or password equivalents in a database; if this database is compromised, it is the same as if all the passwords for the realm are compromised.

Put another way, you cannot use saslauthd with these methods. If you do not wish to advertise these methods for that reason (i.e. you are only using saslauthd for password verification), then either remove the non-plaintext plugins (those other than login and plain) from the plugin directory, or use the mech_list option to disable them.

For simplicity sake, the Cyrus SASL library stores plaintext passwords only in the /etc/sasldb2 database. These passwords are then shared among all mechanisms which choose to use it. Depending on the exact database method used (gdbm, ndbm, or db) the file may have different suffixes or may even have two different files ("sasldb.dir" and "sasldb.pag"). It is also possible for a server to define it's own way of storing authentication secrets. Currently, no application is known to do this.

The principle problem for a system administrator is to make sure that sasldb is properly protected. Only the servers that need to read it to verify passwords should be able to. If there are any normal shell users on the system, they must not be able to read it.

This point is important, so we will repeat it: sasldb stores the plaintext versions of all of its passwords. If it is compromised so are all of the passwords that it stores.

Managing password changes is outside the scope of the library. However, system administrators should probably make a way of letting user's change their passwords available to users. The "saslpasswd2" utility is provided to change the secrets in sasldb. It does not affect PAM, /etc/passwd, or any other standard system library; it only affects secrets stored in sasldb.

Finally, system administrators should think if they want to enable "auto_transition". If set, the library will automatically create secrets in sasldb when a user uses PLAIN to successfully authenticate. However, this means that the individual servers, such as imapd, need read/write access to sasldb, not just read access. By default, "auto_transition" is set to false; set it to true to enable. (There's no point in enabling this option if "pwcheck_method" is "auxprop", and the sasldb plugin is installed, since you'll be transitioning from a plaintext store to a plaintext store)

Kerberos mechanisms

The Cyrus SASL library also comes with two mechanisms that make use of Kerberos: KERBEROS_V4, which should be able to use any Kerberos v4 implementation, and GSSAPI (tested against MIT Kerberos 5, Heimdal Kerberos 5 and CyberSafe Kerberos 5). These mechanisms make use of the kerberos infrastructure and thus have no password database.

Applications that wish to use a kerberos mechanism will need access to a service key, stored either in a "srvtab" file (Kerberos 4) or a "keytab" file (Kerberos 5). Currently, the keytab file location is not configurable and defaults to the system default (probably /etc/krb5.keytab).

The Kerberos 4 srvtab file location is configurable; by default it is /etc/srvtab, but this is modifiable by the "srvtab" option. Different SASL applications can use different srvtab files.

A SASL application must be able to read its srvtab or keytab file.

You may want to consult the GSSAPI Tutorial.

The OTP mechanism

The Cyrus SASL library also supports the One-Time-Password (OTP) mechanism. This mechanism is similar to CRAM-MD5 and DIGEST-MD5 in that is uses a shared secret and a challenge/response exchange. However, OTP is more secure than the other shared secret mechanisms in that the secret is used to generate a sequence of one-time (single use) passwords which prevents reply attacks, and that secret need not be stored on the system. These one-time passwords are stored in the /etc/sasldb2 database. See the Shared secrets mechanisms section for a discussion of the /etc/sasldb2 database.

OTP via OPIE

For sites with an existing OTP infrastructure using OPIE, Cyrus SASL can be configured to use OPIE v2.4 instead of using its own database and server-side routines. OPIE should be configured with the --disable-user-locking option if the SASL server application will not be running as "root".

OPIE uses its own "opiekeys" database for storing the data necessary for generating the server challenges. The location of the opiekeys file is configurable in SASL; by default it is /etc/opiekeys, but this is modifiable by the "opiekeys" option.

A SASL server application must be able to read and write the opiekeys file.

Auxiliary Properties

SASLv2 introduces the concept of Auxilliary Properties. That is, the ability for information related to authentication and authorization to all be looked up at once from a directory during the authentication process. SASL Plugins internally take advantage of this to do password lookups in directories such as the SASLdb, LDAP or a SQL database. Applications can look up arbitrary properties through them.

Note that this means that if your password database is in a SASLdb, and you wish to use it for plaintext password lookups through the sasldb, you will need to set the sasl option pwcheck_method to be auxprop.

How to set configuration options

The Cyrus SASL library comes with a built-in configuration file reader. However, it is also possible for applications to redefine where the library gets it's configuration options from.

The default configuration file

By default, the Cyrus SASL library reads it's options from /usr/lib/sasl2/App.conf (where "App" is the application defined name of the application). For instance, Sendmail reads it's configuration from "/usr/lib/sasl2/Sendmail.conf" and the sample server application included with the library looks in "/usr/lib/sasl2/sample.conf".

A standard Cyrus SASL configuration file looks like: 

srvtab: /var/app/srvtab
pwcheck_method: saslauthd

Application configuration

Applications can redefine how the SASL library looks for configuration information. Check your application's documentation for specifics.

For instance, Cyrus imapd reads its sasl options from it's own configuration file, /etc/imapd.conf, by prepending all SASL options with "sasl_": the SASL option "pwcheck_method" is set by changing "sasl_pwcheck_method" in /etc/imapd.conf.

Troubleshooting

Q: Why doesn't KERBEROS_V4 doesn't appear as an available mechanism?

A: Check that the srvtab file is readable by the user running as the daemon. For Cyrus imapd, it must be readable by the Cyrus user. By default, the library looks for the srvtab in /etc/srvtab, but it's configurable using the srvtab option.

Q: Why doesn't OTP doesn't appear as an available mechanism?

A: If using OPIE, check that the opiekeys file is readable by the user running the daemon. For Cyrus imapd, it must be readable by the Cyrus user. By default, the library looks for the opiekeys in /etc/opiekeys, but it's configurable using the opiekeys option.

Q: Why don't CRAM-MD5 and DIGEST-MD5 work with my old sasldb?

A: Because sasldb now stores plaintext passwords only, the old sasldb is completely incompatible.

Q: I'm having performance problems on each authentication, there is a noticeable slowdown when sasl initializes, what can I do?

A:libsasl reads from /dev/random as part of its initialization. /dev/random is a "secure" source of entropy, and will block your application until a sufficient amount of randomness has been collected to meet libsasl's needs.

To improve performance, you can change DEV_RANDOM in config.h to be /dev/urandom and recompile libsasl. /dev/urandom offers less secure random numbers but should return immediately. The included mechanisms, besides OTP and SRP, use random numbers only to generate nonces, so using /dev/urandom is safe if you aren't using OTP or SRP.

Q: I've converted the sasldb database to the new format. Why can't anybody authenticate?

A: sasldb is now a plugin module for the auxprop method. Make sure you changed the /usr/lib/sasl2/*.conf files to reflect
pwcheck_method: auxprop

...and if you're using cyrus-imapd, /etc/imapd.conf must reflect: sasl_pwcheck_method: auxprop

Q: Is LOGIN supported?

A: The LOGIN mechanism is a non-standard, undocumented plaintext mechanism. It's included in the SASL distribution purely for sites that need it to interoperate with old clients; we don't support it. Don't enable it unless you know you need it.

Q: Is NTLM supported?

A: The NTLM mechanism is a non-standard, undocumented mechanism developed by Microsoft. It's included in the SASL distribution purely for sites that need it to interoperate with Microsoft clients (ie, Outlook) and/or servers (ie, Exchange); we don't support it. Don't enable it unless you know you need it.

Q: How can I get a non-root application to check plaintext passwords?

A: Use the "saslauthd" daemon and setting "pwcheck_method" to "saslauthd".

Q: I want to use Berkeley DB, but it's installed in /usr/local/BerkeleyDB.3.1 and configure can't find it.

A: Try setting "CPPFLAGS" and "LDFLAGS" environment variables before running configure, like so: 

env CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include" \
  LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib -R/usr/local/BerkeleyDB.3.1/lib" \
  ./configure --with-dblib=berkeley

Q: It's not working and won't tell me why! Help!

A: Check syslog output (usually stored in /var/log) for more information. You might want to change your syslog configuration (usually /etc/syslogd.conf) to log "*.debug" to a file while debugging a problem.

The developers make heavy use of strace or truss when debugging a problem that isn't outputting any useful information.

Q: Is there a mailing list to discuss the Cyrus SASL library?

A: cyrus-sasl@lists.andrew.cmu.edu is available for discussion. To subscribe, send a message to majordomo@lists.andrew.cmu.edu with the body of 'subscribe cyrus-sasl'.

An archive is available via

Note: If you are not subscribed, your posts go through human approval before they go out to the list and so posting may be (greatly) delayed.

Back to the index cyrus-sasl-2.1.25/doc/components.html0000646000076400007640000002174711306006125014466 00000000000000 SASL Components

SASL Components

As the SASL library is a 'glue layer' between many different parts of the authentication system, there are a lot of different components that often cause confusion to users of the library who are trying to configure it for use on their system. This document will try to provide some structure to all of these components, though you will also need to read the System Administration to have a full understanding of how to install SASL on your system.

The first thing to realize is that there is a difference between SASL, the protocol, and Cyrus SASL, the library. The first is a specification that describes how authentication mechanisms can be plugged into an application protocol on the wire. The later is an implementation that aims to make this easier for application developers to integrate authentication mechanisms into their application in a generic way. It is quite possible to have an application that uses SASL (the specification) without using Cyrus SASL (the implementation).

The remainder of this document will refer to components of the Cyrus SASL implementation, though some of these will necessarily have a broader scope.

The Application

The application is a client of the SASL library. It can be a client or server application (or both, in the case of a proxy). It takes care of the on-the-wire representation of the SASL negotiation, however it performs no analysis of the exchange itself. It relies on the judgment of the SASL library whether authentication has occurred or not. The application is also responsible for determining if the authenticated user may authorize as another user id (For more details on authentication and authorization identities and their differences, see Cyrus SASL for System Administrators)

Examples of applications are Cyrus IMAPd, OpenLDAP, Sendmail, Mutt, sieveshell, cyradm, and many others.

The SASL Glue Layer

The first component of the SASL library is affectionately called the "glue" layer. It takes care of ensuring that the application and the mechanisms can work together successfully. To this end, it does a variety of basic tasks:

  • Loading of any plugins (more on these below)
  • Ascertaining necessary security properties from the application to aid in the choice of mechanism (or to limit the available mechanisms)
  • Listing of available plugins to the application (mostly used on the server side)
  • Choosing the "best" mechanism from a list of available mechanisms for a particular authentication attempt (client-side)
  • Routing the authentication (and in the case of a mechanism with a security layer, encrypted) data packets between the application and the chosen mechanism.
  • Providing information about the SASL negotiation back to the application (authenticated user, requested authorization identity, security strength of any negotiated security layer, and so on).

The Cyrus SASL implementation also provides several other services to both its plugins and applications. Some of these are simply general utilities, such as MIME Base-64 encoding and decoding, and random number generation. Others are more specific to the task of authentication, such as providing password verification services. Such services are capable of taking a username and a plaintext password and saying "yes" or "no". Details of available password verification services are discussed below.

Finally, the glue code allows the mechanisms and applications access to two special types of plugins, Auxiliary Property or "auxprop" plugins, which provide a simple database interface and can return properties about the user such as password, home directory, or mail routing address, and Username Canonicalization, which might provide site-specific ways to canonicalize a username or perform other tasks.

In the Cyrus SASL Implementation, the glue code is entirely contained within libsasl2.so (or libsasl2.a)

Plugins (General)

The Cyrus SASL architechure is very modular, using loadable modules for things such as the mechanism profiles and the database access done by the auxillary property plugins. This means that it is easy to limit what parts are loaded by a given application, and that third parties can write their own modules to provide services, just by adhering to the API description in saslplug.h.

Plugins (SASL Mechanisms)

The simplest types of plugins to understand are those which provide SASL mechanisms, such as CRAM-MD5, DIGEST-MD5, GSSAPI, PLAIN, SRP, and so on. These mechanisms take care of both server-side and client-side parts of the SASL negotiation. If the given mechanism supports a security layer (that is, makes guarantees about privacy or integrity of data after the negotiation is complete), the plugin provides that functionality as well.

SASL mechanisms are generally defined by the IETF standards process, however, some mechanisms are not (For example, NTLM). This is in contrast to the other types of plugins, which provide database and username canonicalization services to other plugins and thus aren't standardized in their behavior (they are specific to our implementation). Password verifiers are also an implementation detail (though saslauthd makes use of standards such as PAM and LDAP to perform that verification)

There are several types of mechanisms, in broad strokes we have:

  • Password Verification Mechanisms - For example, PLAIN. These receive a raw password from the remote and then pass it into the glue code for verification by a password verifier. These require the existence of an outside security layer to hide the otherwise plaintext password from people who might be snooping on the wire. These mechanisms do not require that the server have access to a plaintext (or plaintext-equivalent) version of the password.
  • Shared Secret Mechanisms - For these mechanisms, such as CRAM-MD5, DIGEST-MD5, and SRP, there is a shared secret between the server and client (e.g. a password). However, in this case the password itself does not travel on the wire. Instead, the client passes a server a token that proves that it knows the secret (without actually sending the secret across the wire). For these mechanisms, the server generally needs a plaintext equivalent of the secret to be in local storage (not true for SRP).
  • Kerberos Mechanisms - Kerberos mechanisms use a trusted third party to authenticate the client. These mechanisms don't require the server to share any secret information with the client, it is all performed through the Kerberos protocol.

Mechanism plugins are generally contained in a .so file that has a name similar to the mechanism's name. Though, in a static compilation they can also be a part of libsasl2.a

Plugins (Auxiliary Property)

Auxiliary Property (or auxprop) plugins provide a database service for the glue layer (and through it, to the mechanisms and application). Cyrus SASL ships with two auxprop plugins: SASLdb and SQL. Though they can be use in much more generic ways, auxprop plugins are mostly only used by shared secret mechanisms (or by the auxprop password verify) to access the "userPassword" attribute. This provides a plaintext copy of the password that allows for authentication to take place.

Like the mechanism plugins, these are named similarly to the databases that they implement an interface for.

Plugins (Username Canonicalization)

Username Canonicalization plugins are not widely used, however it may be useful to use as a hook if your site has specific requirements for how userids are presented to the applications.

Password Verification Services

As described above, the password verifiers take a username and plaintext password, and say either "yes" or "no". It is not possible to use them to verify hashes that might be provided by the shared secret mechanisms.

Password verifiers are selected using the "pwcheck_method" SASL option. There are two main password verifiers provided with Cyrus SASL:

  • auxprop - This uses an auxprop plugin to fetch the password and then compares it with the client-provided copy to make the determination.
  • saslauthd - This calls out to the saslauthd daemon, which also ships with the distribution. The saslauthd daemon has a number of modules of its own, which allow it to do verification of passwords in a variety of ways, including PAM, LDAP, against a Kerberos database, and so on. This is how you would want to, for example, use the data contained in /etc/shadow to authenticate users.
Back to the index. cyrus-sasl-2.1.25/doc/index.html0000666000076400007640000001256310151146550013412 00000000000000 Cyrus SASL library

Cyrus SASL library, version 2

SASL (Simple Authentication Security Layer) is an Internet standards-track method for remote computers to authenticate. The Cyrus SASL library makes supporting various SASL mechanisms easy for both client and server writers.

The Cyrus project is the implementation of an enterprise mail system by the Carnegie Mellon University Computing Services Department. We are interested in scalable, easy to administer systems.

The Cyrus SASL library distribution

Cyrus SASL library distribution

Documentation

Special Platforms RFCs and drafts Other Documentation & Resources

Go to the Project Cyrus Home Page
Go to the Andrew Systems Group homepage. cyrus-sasl-2.1.25/doc/Makefile.am0000666000076400007640000000557710151146550013460 00000000000000# Makefile.am for SASL documentation # Rob Earhart # $Id: Makefile.am,v 1.34 2004/11/24 18:05:28 ken3 Exp $ # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ EXTRA_DIST = rfc1321.txt \ rfc1939.txt \ rfc2104.txt \ rfc2195.txt \ rfc2222.txt \ rfc2243.txt \ rfc2245.txt \ rfc2289.txt \ rfc2444.txt \ rfc2595.txt \ rfc2831.txt \ rfc2945.txt \ rfc3174.txt \ testing.txt \ server-plugin-flow.fig \ draft-burdis-cat-srp-sasl-xx.txt \ draft-ietf-sasl-anon-xx.txt \ draft-ietf-sasl-crammd5-xx.txt \ draft-ietf-sasl-gssapi-xx.txt \ draft-ietf-sasl-plain-xx.txt \ draft-ietf-sasl-rfc2222bis-xx.txt \ draft-ietf-sasl-rfc2831bis-xx.txt \ draft-ietf-sasl-saslprep-xx.txt \ draft-murchison-sasl-login-xx.txt \ draft-newman-sasl-c-api-xx.txt \ draft-newman-sasl-passdss-xx.txt \ programming.html \ sysadmin.html \ gssapi.html \ advanced.html \ options.html \ plugprog.html \ appconvert.html \ macosx.html \ windows.html \ readme.html \ mechanisms.html \ upgrading.html \ index.html \ components.html \ install.html \ TODO \ ONEWS \ NTMakefile cyrus-sasl-2.1.25/doc/gssapi.html0000666000076400007640000001713007734364115013600 00000000000000 Configuring GSSAPI and Cyrus SASL

Configuring GSSAPI and Cyrus SASL

This document was contributed by Ken Hornstein and updated by Alexey Melnikov.

A couple of people have asked me privately, "Hey, how did you get the GSSAPI mechanism to work? I tried, but the sample apps kept failing". (The short answer: I'm a tenacious bastard).

I figured that it couldn't hurt to give a quick explanation as to how you get GSSAPI working with the sample apps, since it wasn't obvious to me, and I consider myself not completely ignorant of GSSAPI and Kerberos.

  1. Compile the Cyrus-SASL distribution with the GSSAPI plugin for your favorite GSS-API mechanism. I personally use the GSSAPI libraries included with the MIT Kerberos 5 distribution; Heimdal and CyberSafe work as well.
  2. Start up the sample-server. The command-line used for sample-server needs to specify the GSSAPI service name and the location of the plug-ins; your sample command line might look something like this: 
      ./sample-server -s host -p ../plugins/.libs
    on UNIX and like 
      sample-server -s host -p ..\plugins
    on Windows.

    In this example, I am using "host", which already exists on my machine, but only root can read it, so I an running this as root. If you want to use an alternate service name, you will need to create that service in Kerberos, place it in a keytab readable by you, _and_ point your Kerberos library at it. Unix: both MIT Kerberos and Heimdal, use /etc/krb5.keytab on Unix by default, but this can be changed by setting the KRB5_KTNAME environment variable; the default for CyberSafe Kerberos is /krb5/v5srvtab for UNIX systems and can be changed by setting the CSFC5KTNAME environment variable. Windows: the default service key table location for CyberSafe is C:\Program Files\CyberSafe\v5srvtab, unless the CyberSafe registry setting for the KeyTab key is set to an alternate path. MIT Kerberos on Windows uses the keytab filename krb5kt.

    You should get a response similar to: 

      Generating client mechanism list...
  Sending list of 3 mechanism(s)
  S: R1NTQVBJIFBMQUlOIEFOT05ZTU9VUw==

    Note that later on (assuming everything works) you might need to paste in lines that are longer than canonical input processing buffer on your system. You can get around that by messing around with stty; while the details vary from system to system, on Solaris you can do something like: 

      ( stty -icanon min 1 time 0 ; ./sample-server -s host -p ../plugins/.libs )
  3. Obtain a Kerberos ticket for the user you want to authenticate as. 
      kinit kenh
  4. Start up the sample client. You need to specify the service name, the hostname, and the userid. An example might be 
      ./sample-client -s host -n your.fqdn.here -u kenh -p ../plugins/.libs

    You should get a response similar to this: 

      Waiting for mechanism list from server...
  5. Cut-and-paste the initial mechanism line from the server process (this includes the "S: ") into the client process. You should get something similar to: 
      S: R1NTQVBJIFBMQUlOIEFOT05ZTU9VUw==
  Choosing best mechanism from: GSSAPI PLAIN ANONYMOUS
  Using mechanism GSSAPI
  Preparing initial.
  Sending initial response...
  C: <.... lots of base 64 data ...>
  Waiting for server reply...

    If GSSAPI isn't selected as the mechanism, there is a few things that might have gone wrong:

    • The mechanism might not have been offered by the server. The decoded mechanism list offered by the server appears in the "Choosing best mechanism" line. If GSSAPI didn't appear in that list, then something is wrong on the server. Make sure that you specified the correct plugins directory. If the plugin directory is correct, but the library fails to load, you might be running across a bug in libtool on some platforms. If you have your Kerberos/gssapi libraries not installed in the system library path, those libraries are likely not able to be found when the SASL GSSAPI plugin loads. The solution varies from system to system; what I did was take the linker line generated by libtool and run it by hand, adding a -R/path/to/kerberos/libraries switch (this was on Solaris). You can check with a system call tracer to see exactly what it is trying to do.
    • The client doesn't know about the mechanism. The reasons for this happening are the same as the server: check the -p switch, check to make sure the correct libraries are being loaded with the GSSAPI plugin.

    You can turn on a healthy amount of debugging information by changing the definition in config.h of the VL macro to (and recompiling libsasl): 

      #define VL(foo) printf foo;

    There is a possibility you might get an error that looks like this: 

      sample-client: Starting SASL negotiation: generic failure

    This can mean that you didn't provide all of the required information to the sample-client (did you provide a service name with -s, the hostname of the service with -n, and a username with -u ?), or that GSSAPI has failed (unfortunately, on the client you cannot find out the internal GSSAPI error; you will need to break out the debugger for that).

  6. Cut and paste the client response (The _entire_ line that begins with C:, including the initial "C: ") to the server process. You should get a response back that starts with "S: ". Cut and paste that to the client, and continue this exchange until you either get "Negotiation complete", or an error. If you get an error on the server you should get a complete error message (including the GSSAPI error string); on the client you unfortunately will only probably get "generic failure", which will again require the use of a debugger (but the VL macro should help with this).

    One common thing that happens is that on your server you might see the error: 

      sample-server: Performing SASL negotiation: authentication failure
	(Requested identity not authenticated identity)

    This comes from not having a requested identity (the -u option) that matches the identity that you were authenticated to via the GSSAPI. This is of course mechanism specific, but if for example you're using Kerberos, the Cyrus SASL library strips out the @REALM from your identity if you are in the same realm as the server. So if your Kerberos identity is user@SOME.REALM and the server is in SOME.REALM, you need to specify "user" to the -u flag of the client. If you're accessing a server in a foreign realm, you need to pass the full principal name via the -u option to make this work correctly.

    If you complete the negotiation successfully, you should see something that looks like (on both the client and server): 

      Negotiation complete
  Username: kenh
  sample-server: realm: can't request info until later in exchange
  SSF: 56

    If you get to that, then you've done it, and GSSAPI works successfully! If you have questions about any of this, feel free to drop me a line.

    Back to the index cyrus-sasl-2.1.25/doc/mechanisms.html0000646000076400007640000001647611306006125014433 00000000000000 SASL Mechanism Properties/Features

    SASL Mechanism Properties/Features

    This table shows what security flags and features are supported by each of the mechanisms provided by the Cyrus SASL Library.


    		 MAX
    SSF    		 SECURITY PROPERTIES FEATURES
    NOPLAIN
    NOACTIVE
    NODICT
    FORWARD
    NOANON
    CRED
    MUTUAL
    CLT FIRST
    SRV FIRST
    SRV LAST
    PROXY
    ANONYMOUS
    0
    X






    X



    CRAM-MD5
    0
    X



    X



    X


    DIGEST-MD5
    128
    X



    X

    X
    reauth
    initial auth
    X
    X
    EXTERNAL
    0
    X

    X

    X


    X


    X
    GSSAPI
    56
    X
    X


    X

    X
    X


    X
    KERBEROS_V4
    56
    X
    X


    X

    X

    X

    X
    LOGIN
    0




    X
    X


    X


    NTLM
    0
    X



    X


    X



    OTP
    0
    X


    X
    X


    X


    X
    PASSDSS-3DES-1
    112
    X
    X
    X
    X
    X
    X
    X
    X


    X
    PLAIN
    0




    X
    X

    X


    X
    SRP
    128
    X
    X
    X
    X
    X

    X
    X

    X
    X

    Understanding this table:

    • MAX SSF - The maximum Security Strength Factor supported by the mechanism (roughly the number of bits of encryption provided, but may have other meanings, for example an SSF of 1 indicates integrity protection only, no encryption).
    • NOPLAIN - Mechanism is not susceptable to simple passive (eavesdropping) attack.
    • NOACTIVE - Protection from active (non-dictionary) attacks during authentication exchange. (Implies MUTUAL).
    • NODICT - Not susceptable to passive dictionary attack.
    • FORWARD - Breaking one session won't help break the next.
    • NOANON - Don't permit anonymous logins.
    • CRED - Mechanism can pass client credentials.
    • MUTUAL - Supports mutual authentication (authenticates the server to the client)
    • CLTFIRST - The client should send first in this mechanism.
    • SRVFIRST - The server must send first in this mechanism.
    • SRVLAST - This mechanism supports server-send-last configurations.
    • PROXY - This mechanism supports proxy authentication.
    cyrus-sasl-2.1.25/doc/upgrading.html0000666000076400007640000001010707716774515014300 00000000000000 Upgrading from Cyrus SASLv1 to Cyrus SASLv2

    Upgrading from Cyrus SASLv1 to Cyrus SASLv2

    This document covers issues with upgrading from SASLv1 to SASLv2. To upgrade:
    • Install Cyrus SASL v2 as normal according to the installation guide. This will overwrite some manpages, but will not affect your current applications. Do NOT attempt to make it use the same directories, otherwise old Cyrus SASLv1 applications will no longer function.
    • Install your new Cyrus SASL v2 applications. Applications that use Cyrus SASLv1 will not use the Cyrus SASL v2 infrastructure (and vice-versa).
    • If you used /etc/sasldb for authentication, you'll need to take the following steps to convert to using /etc/sasldb2 with Cyrus SASL v2:
      1. run utils/dbconverter-2 after installation.
      2. change the pwcheck_method in any config files to auxprop
      3. (optional) add auxprop_plugin to the config files, set to sasldb
    • If you used passwd, shadow, pam, kerberos_v4 or sia as your pwcheck_method in libsasl v1, you'll need to convert to using saslauthd. Arrange to start saslauthd -a method on boot. Change pwcheck_method in any configuration files to saslauthd.
    • If you used pwcheck with libsasl v1, you can either continue to use pwcheck with libsasl v1 or you can switch to saslauthd, which offers more flexibility and a potentially much more efficient implementation.
    • If you are continuing to use some libsasl v1 applications, read onwards to understand the ramifications.
    • If you want to learn how to port applications from libsasl v1 to libsasl v2, you should read this document.

    Backwards Compatibility

    Cyrus SASLv2 is completely incompatible with applications that use Cyrus SASLv1. This means that applications are unable to simultaneously link both versions of the library, and developers are encouraged to instead develop or upgrade their applications to link against the new libsasl.

    Likewise, the format for the sasldb database has been completely revamped. See here for a discussion of the relevant upgrade issues related to sasldb. All new passwords stored in the sasldb database will be in plaintext, meaning that a compromised sasldb will compromise all services with the same passwords. (This situation isn't significantly worse, cryptographicly speaking, than the old method and allows the database to be easy to transition to another format, when the need arises.) Mechanisms requiring a more secure password database backend (e.g. SRP) should implement their own or use alternate property names within sasldb.

    Coexistence with SASLv1

    The two library versions and the associated utilities should be able to coexist on the same system. The man pages will be unable to coexist (but luckily the new manpages are much better!). The libsasl v2-specific utilities have had a "2" appended to their name for this purpose (e.g. saslpasswd2, sasldblistusers2). The new-style sasldb now defaults to the name /etc/sasldb2, but this is configurable.

    Database Upgrades

    While there does not seem to be any conflict with the keys stored in the database, it is not recommended for both versions of the library to use the same database file. Included in the utils directory is a program called dbconverter-2 which will allow you to convert from the old-format database to the new format. Note that if you continue to run older applications that rely on Cyrus SASLv1, the databases for SASLv1 and SASLv2 will not automatically be kept in sync.

    Back to the index cyrus-sasl-2.1.25/doc/macosx.html0000666000076400007640000002711307766207427013615 00000000000000 Building and Using Cyrus SASL on Mac OS X

    Cyrus SASL v2 on Mac OS X (and 9)

    The Cyrus SASL v2 distribution now supports Mac OS X, including applications written to Apple's Carbon and Cocoa interfaces, as well as the standard Unix-like API. It includes the following components:

    • A port of the Unix SASL library, which lives in /usr/local/lib/libsasl2.dylib (or something like that) and with plugins in /usr/lib/sasl (which should be a symlink to /usr/local/lib/sasl).
    • A framework which lives in /Library/Frameworks/SASL2.framework, and allows the use of the -framework option to Apple's ld, or linking with the framework in Project Builder. This framework is in fact a wrapper for a symlink to /usr/local/lib/libsasl2.dylib with the necessary information to recognize it as a framework. This is what we expect many Cocoa and Carbon Mach-O applications will want to use, and the framework is required for CFBundle to work, which is used by the CFM glue library.
    • A CFM glue library (/Library/CFMSupport/SASL2GlueCFM) which can be linked in by Carbon CFM applications, that uses CFBundle to bind the framework and thus load the Unix-level library. It automatically loads the important functions at sasl_client_init or sasl_server_init time; it also automatically makes sure memory allocation works if you're using the metrowerks malloc; if you're not, sasl_set_alloc works as usual.
    • A Carbon port of the existing CFM library for Mac OS 9. Note that this could probably be modified fairly easily to work on OS X, but there's not much point. The CFM glue layer to the Unix library supports many more functions, including the entire server API; also, the Unix implementation is mostly independent of Kerberos implementation, while the Mac OS 9 Carbon port specifically requires MIT Kerberos for Macintosh 3.5 or later in order to get Kerberos support. The Mac OS 9 code implements only the client API, but this is mostly what is wanted from SASL on OS 9 anyway.

    If you are building a Carbon CFM application and intend it to run on both OS 9 and OS X, you should link against the OS 9 Carbon SASL library, since it exports fewer APIs (client side only, specifically) than the OS X CFM glue. Your application should work seamlessly with both libraries if you do this, despite the different implementations underneath.

    If you need a Carbon CFM application to support server-side SASL functionality, you need to link against the SASL2GlueCFM library, but be aware that your application will not run on OS 9.

    Compiling and Using the Unix library

    The Unix library is mostly ready to build on Mac OS X, but it does depend on the dlcompat package in order to load its plugins. dlcompat-20010505 is a relatively simple version known to work with SASL; it is provided with the distribution in a tarball. You should make and make install the dlcompat library (which probably goes into /usr/local/lib/libdl.dylib) before attempting to ./configure the SASL distribution itself. SASL will then pretend it's a real Unix libdl, and link against it.

    Since there are, at this point, newer and far more complex versions of dlcompat, you may prefer to use those instead if other software requires their functionality. The dlcompat homepage is located on the OpenDarwin site. Many users may want to install the /sw tree from the Fink project to get this, as well as possibly newer autotools and other software.

    As of version 2.1.16, SASL uses and requires a recent version of GNU autotools (autoconf, automake, and libtool) to build its configuration scripts. If you are building from CVS, you will need to have the autotools installed on your system. The version included with all releases of the developer tools for OS X 10.2.x is too old for this; if you aren't using OS X 10.3 or later, you should upgrade to more recent patchlevels of these tools. The easiest way to do this is to install the Fink environment and then apt-get install autoconf2.5 automake1.7 libtool14.

    Recent versions of SASL ship with Kerberos v4 disabled by default. If you need Kerberos v4 for some reason, and you are using MIT Kerberos for Macintosh 4.0 or later, you should ./configure with the added options "--enable-krb4=/usr --without-openssl --disable-digest" so that it finds the correct location for the header files, and does not use OpenSSL or build anything that depends on it (such as the digest-md5 plugin), since OpenSSL provides its own DES routines which do not work with Kerberos v4. Please read the "Known Problems" section at the end of this document for more information on this issue.

    You must be root to make install, since /usr/local is only modifiable by root. You need not enable the root account using NetInfo; the recommended (but underdocumented) method is to use sudo -s from the Terminal window when you are logged into an administrator's account, and enter the password for that account. When building on Mac OS X, make install will automatically add the framework to /Library/Frameworks.

    This does not build the CFM glue library. Building the CFM glue library requires Metrowerks CodeWarrior Pro 6 or later (tested with 6), and the files necessary to build it are in the mac/osx_cfm_glue folder.

    Changes to the Unix library to make it work on OS X

    This is provided for reference purposes only. The build system will automatically take care of all of these issues when building on Darwin or Mac OS X.

    • The random code supports the preferred way to generate random numbers in Darwin. (In SASL v2, it does this on all unix-like platforms that lack jrand48). Note that Mac OS X "Jaguar", version 10.2, now has the standard jrand48 function, and that SASL will use this instead of the previous workaround.
    • Symbols which are dlopened have an underscore prefixed. (This behavior is detected by configure in SASL v2.)
    • Plugins are linked with the -module option to libtool, which causes the -bundle option to be supplied to Apple's ld. (This is done on all platforms in SASL v2.)
    • The MD5 symbols are renamed to avoid library conflicts. This allows proper compilations against Heimdal and MIT's unix kerberos distribution, and prevents crashes when linked against MIT Kerberos for Macintosh (which also duplicates the symbols, but in a different way). Note that the MD5 symbols have local names on all platforms with SASL v2; this was only different in SASL v1.
    • MIT Kerberos for Macintosh 4.0 and later are fully supported. This was accomplished by using krb_get_err_text if available and checking for additional names for the krb4 libraries.

    Changes to the Mac OS 9 projects to support Carbon

    Please read these notes before you attempt to build SASL for OS 9 Carbon!

    • Important! You must make sure that all files have their correct HFS filetype before starting to build this code! In particular, all source and text files must be of type 'TEXT', which is not the default if you use the Mac OS X cvs client to check out the projects. If you run into this problem, you may want to use a utility such as FileTyper to recursively change the type on all files. CodeWarrior is less picky about the projects' filetypes, but setting them to filetype 'MMPr', creator code 'CWIE' may be helpful in opening the projects from the Finder. Users on Mac OS X familiar with the Unix find command should be able to rig /Developer/Tools/SetFile to do this job as well.
    • Many of the important projects (for libdes, libsasl, build_plugins, and the sample client sc_shlb) have Carbon versions.
    • Plugins are loaded from a Carbon subfolder of the SASL v2 folder in the Extensions folder. Plugins directly in the SASL v2 folder are considered to be for the Classic libraries.
    • Note that when using the build_plugins project, you must generate the plugin init files using the makeinit.sh script in the plugins directory. The easiest way to do this is to run the script from a Unix shell, such as Mac OS X. You must then fix the filetypes of the generated source files (see above).
    • There is a new folder in CommonKClient called mac_kclient3 which contains code compatible with MIT's new KClient 3.0 API. This folder must be in your CodeWarrior access paths, the old mac_kclient folder must not, and it must precede the project's main folder.
    • The kerberos4 plugin uses this new code. The kerberos4 plugin also statically links the Carbon libdes, and no other part of Carbon SASL uses libdes directly. Your application should not link against libdes.shlb under Carbon! (It causes problems due to DES symbols also existing in the MIT Kerberos library, which loads first.)
    • To build the projects, you should have the MIT Kerberos for Macintosh 3.5 installation disk images mounted, since the access paths include the absolute paths to the library directories from that image. It's easier than you having to find the paths yourself, and smaller than having to distribute the libraries with SASL.

    Known Problems

    • The Kerberos v4 headers bundled with Mac OS X (and Kerberos for Macintosh) are not compatible with OS X's OpenSSL headers. (Kerberos v4 support is disabled by default.) If you actually need krb4 support, the easiest solution is to build without using OpenSSL's libcrypto. To do this, specify the --without-openssl option to configure. As of version 2.1.18, this automatically disables using libcrypto for DES as well. You will probably also need to specify --disable-digest since the digestmd5 plugin does not build against Kerberos v4's DES headers or library. Note that this disables several features (digestmd5, NTLM, OTP) which require OpenSSL. If both Kerberos v4 and functionality that requires OpenSSL are needed, it is probably possible to build the Kerberos v4 plugin against the correct K4 DES libraries, and everything else against OpenSSL; however, we do not support that configuration.
    • Versions of Cyrus SASL prior to 2.1.14 with support for Carbon CFM applications on Mac OS X have a known bug involving the CFM glue code (in mac/osx_cfm_glue). If sasl_done is called to unload the SASL library, and then one of the initialization functions (such as sasl_client_init) is called to reinitialize it from the same process, the application will crash. A fix for one obvious cause of this problem is included in 2.1.14; however, as of this writing, it has not been tested. It is possible that other bugs in Cyrus SASL, or deficiencies in Apple's libraries, will make this fix insufficient to resolve this issue.
    cyrus-sasl-2.1.25/doc/Makefile.in0000666000076400007640000003361411631670662013474 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for SASL documentation # Rob Earhart # $Id: Makefile.am,v 1.34 2004/11/24 18:05:28 ken3 Exp $ # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = doc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in TODO ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = rfc1321.txt \ rfc1939.txt \ rfc2104.txt \ rfc2195.txt \ rfc2222.txt \ rfc2243.txt \ rfc2245.txt \ rfc2289.txt \ rfc2444.txt \ rfc2595.txt \ rfc2831.txt \ rfc2945.txt \ rfc3174.txt \ testing.txt \ server-plugin-flow.fig \ draft-burdis-cat-srp-sasl-xx.txt \ draft-ietf-sasl-anon-xx.txt \ draft-ietf-sasl-crammd5-xx.txt \ draft-ietf-sasl-gssapi-xx.txt \ draft-ietf-sasl-plain-xx.txt \ draft-ietf-sasl-rfc2222bis-xx.txt \ draft-ietf-sasl-rfc2831bis-xx.txt \ draft-ietf-sasl-saslprep-xx.txt \ draft-murchison-sasl-login-xx.txt \ draft-newman-sasl-c-api-xx.txt \ draft-newman-sasl-passdss-xx.txt \ programming.html \ sysadmin.html \ gssapi.html \ advanced.html \ options.html \ plugprog.html \ appconvert.html \ macosx.html \ windows.html \ readme.html \ mechanisms.html \ upgrading.html \ index.html \ components.html \ install.html \ TODO \ ONEWS \ NTMakefile all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/man/0000777000076400007640000000000011632367341011504 500000000000000cyrus-sasl-2.1.25/man/sasl_server_userdb_checkpass_t.30000666000076400007640000000604711306006126017747 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_server_userdb_checkpass_t(sasl_conn_t " *conn "," .BI " void " *context "," .BI " const char " *user "," .BI " const char " *pass "," .BI " unsigned " passlen "," .BI " struct propctx " *propctx ")" .fi .SH DESCRIPTION .B sasl_server_userdb_checkpass_t is used to verify a plaintext password against the callback supplier's user database. This is to allow additional ways to encode the userPassword property. .I context context from the callback record .I user NUL terminated user name with user@realm syntax .I pass password to check (may not be NUL terminated) .I passlen length of the password .I propctx property context to fill in with userPassword .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_userdb_setpass_t(3)cyrus-sasl-2.1.25/man/sasl_getopt_t.30000646000076400007640000000625711306006126014354 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getopt_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_getopt_t \- The SASL get option callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getopt_t(void " *context ", " .BI " const char " *plugin_name ", " .BI " const char " *option ", " .BI " const char ** " result ", " .BI " unsigned * " len ")"; .fi .SH DESCRIPTION .B sasl_getopt_t is used to retrieve an option, often mechanism specific, from the application. An example of this is requested what KERBEROS_V4 srvtab file to use. .I plugin_name is the plugin this value if for. .I option is a string representing the option. A common option that all server applications should handle is \"pwcheck_method\" which represents the method for checking plaintext passwords. See the administrators guide for a full description of this option. .PP Memory management of options supplied by the getopt callback should be done by the application, however, any requested option must remain available until the callback is no longer valid. That is, when sasl_dispose is called for a the connection it is associated with, or sasl_done is called for global callbacks. .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_getpath_t.30000646000076400007640000000512711306006126014501 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getpath_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_getpath_t \- The SASL callback to indicate location of the mechanism drivers .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getpath_t(void " *context ", " .BI " char ** " path ")"; .fi .SH DESCRIPTION .B sasl_getpath_t is used if the application wishes to use a different location for the SASL mechanism drivers (the shared library files). If this callback is not used SASL will either use the location in the environment variable SASL_PATH or /usr/lib/sasl2 by default. .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_auxprop.30000646000076400007640000001632211306006126014217 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_auxprop 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_auxprop \- How to work with SASL auxiliary properties .SH SYNOPSIS .nf .B #include .BI "struct propctx *prop_new(unsigned " estimate ") " .BI "int prop_dup(struct propctx " *src_ctx ", " .BI " struct propctx " *dst_ctx ")" .BI "int prop_request(struct propctx " *ctx ", " .BI " const char " **names ")" .BI "const struct propval *prop_get(struct propctx " *ctx ")" .BI "int prop_getnames(struct propctx " *ctx ", const char " **names "," .BI " struct porpval " *vals ")" .BI "void prop_clear(struct propctx " *ctx ", int " requests ")" .BI "void prop_erase(struct propctx " *ctx ", const char " *name ")" .BI "void prop_dispose(struct propctx " **ctx ")" .BI "int prop_format(struct propctx " *ctx ", const char " *sep ", int " seplen ", " .BI " char " *outbuf ", unsigned " outmax ", unsigned " *outlen ")" .BI "int prop_set(struct propctx " *ctx ", const char " *name "," .BI " const char " *value ", int " vallen ")" .BI "int prop_setvals(struct propctx " *ctx ", const char " *name "," .BI " const char " **values ")" .SH DESCRIPTION .B SASL auxiliary properties are used to obtain properties from external sources during the authentication process. For example, a mechanism might need to query an LDAP server to obtain the authentication secret. The application probably needs other information from there as well, such as home directory or UID. The auxiliary property interface allows the two to cooperate, and only results in a single query against the LDAP server (or other property sources). Property lookups take place directly after user canonicalization occurs. Therefore, all requests should be registered with he context before that time. Note that requests can also be registered using the sasl_auxprop_request(3) function. Most of the functions listed below, however, require a property context which can be obtained by calling sasl_auxprop_getctx(3). .SH API Description .TP 0.8i struct propctx *prop_new(unsigned estimate) Create a new property context. Probably unnecessary for application developers to call this at any point. .I estimate is the estimate of storage needed total for requests & responses. A value of 0 will imply the library default. .TP 0.8i int prop_dup(struct propctx *src_ctx, struct propctx *dst_ctx) Duplicate a given property context. .TP 0.8i int prop_request(struct propctx *ctx, const char **names) Add properties to the request list of a given context. .I names is the NULL-terminated array of property names, and must persist until the requests are cleared or the context is disposed of with a call to prop_dispose. .TP 0.8i const struct propval *prop_get(struct propctx *ctx) Returns a NULL-terminated array of struct propval from the given context. .TP 0.8i int prop_getnames(struct propctx *ctx, const char **names, struct porpval *vals) Fill in a (provided) array of struct propval based on a list of property names. This implies that the vals array is at least as long as the names array. The values that are filled in by this call persist until next call to prop_request, prop_clear, or prop_dispose on context. If a name specified here was never requested, that its associated values entry will be set to NULL. Returns number of matching properties that were found, or a SASL error code. .TP 0.8i void prop_clear(struct propctx *ctx, int requests) Clear values and optionally requests from a property context. .I requests is 1 if the requests should be cleared, 0 otherwise. .TP 0.8i void prop_erase(struct propctx *ctx, const char *name) Securely erase the value of a property. .I name is the name of the property to erase. .TP 0.8i void prop_dispose(struct propctx **ctx) Disposes of a property context and NULLifys the pointer. .TP 0.8i int prop_format(struct propctx *ctx, const char *sep, int seplen, char *outbuf, unsigned outmax, unsigned *outlen) Format the requested property names into a string. This not intended for use by the application (only by auxprop plugins). .I sep Is the separator to use for the string .I outbuf Is the caller-allocated buffer of length .I outmax that the resulting string will be placed in (including NUL terminator). .I outlen if non-NULL, will contain the length of the resulting string (excluding NUL terminator). .TP 0.8i int prop_set(struct propctx *ctx, const char *name, const char *value, int vallen) Adds a property value to the context. This is intended for use by auxprop plugins only. .I name is the name of the property to receive the new value, or NULL, which implies that the value will be added to the same property as the last call to either prop_set or prop_setvals. .I value is a value for the property of length .I vallen .TP 0.8i int prop_setvals(struct propctx *ctx, const char *name, const char **values) Adds multiple values to a single property. This is intended for use by auxprop plugins only. .I name has the same meaning as in .B prop_set .I values are a NULL-terminated array of values to be added the property. .SH "RETURN VALUE" The property functions that return an int return SASL error codes. See sasl_errors(3). Those that return pointers will return a valid pointer on success, or NULL on any error. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_auxprop_request(3), sasl_auxprop_getctx(3) cyrus-sasl-2.1.25/man/sasl_getsimple_t.30000666000076400007640000000552711306006126015044 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getsimple_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_getsimple_t \- The SASL callback for username/authname/realm .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getsimple_t(void " *context ", " .BI " int " id ", " .BI " const char ** " result ", " .BI " unsigned * " len ")"; .fi .SH DESCRIPTION .B sasl_getsimple_t is used to retrieve simple things from the application. In practice this is authentication name, authorization name, and realm. The .BI id parameter indicates which value is being requested. Possible values include: .nf SASL_CB_USER - Client user identity to login as SASL_CB_AUTHNAME - Client authentication name SASL_CB_LANGUAGE - Comma-separated list of RFC 1766 languages SASL_CB_CNONCE - Client-nonce (for testing mostly) .fi .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3)cyrus-sasl-2.1.25/man/sasl_dispose.30000666000076400007640000000461211306006126014170 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_dispose 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_dispose \- Dispose of a SASL connection object .SH SYNOPSIS .nf .B #include .sp .BI "void sasl_dispose(" sasl_conn_t " **pconn )"; .fi .SH DESCRIPTION .B sasl_dispose is called when a SASL connection object is no longer needed. Note that this is usually when the protocol session is done NOT when the authentication is done since a security layer may have been negotiated. .PP .SH "RETURN VALUE" No return values .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_server_new(3), sasl_client_new(3)cyrus-sasl-2.1.25/man/sasl_errors.30000646000076400007640000000754011306006126014037 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_errors 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_errors \- SASL error codes .SH SYNOPSIS .nf .B #include .fi .SH DESCRIPTION The following are the general error codes that may be returned by calls into the SASL library, and their meanings (that may vary slightly based on context): .SH Common Result Codes .TP 0.8i SASL_OK Success .TP 0.8i SASL_CONTINUE Another step is needed in authentication .TP 0.8i SASL_FAIL Generic Failure .TP 0.8i SASL_NOMEM Memory shortage failure .TP 0.8i SASL_BUFOVER Overflowed buffer .TP 0.8i SASL_NOMECH Mechanism not supported / No mechanisms matched requirements .TP 0.8i SASL_BADPROT Bad / Invalid Protocol or Protocol cancel .TP 0.8i SASL_NOTDONE Can't request information / Not applicable until later in exchange .TP 0.8i SASL_BADPARAM Invalid Parameter Supplied .TP 0.8i SASL_TRYAGAIN Transient Failure (e.g. weak key) .TP 0.8i SASL_BADMAC Integrity Check Failed .TP 0.8i SASL_NOTINIT SASL library not initialized .SH Client-only Result Codes .TP 0.8i SASL_INTERACT Needs user interaction .TP 0.8i SASL_BADSERV Server failed mutual authentication step .TP 0.8i SASL_WRONGMECH Mechanism does not support requested feature .SH Server-only Result Codes .TP 0.8i SASL_BADAUTH Authentication Failure .TP 0.8i SASL_NOAUTHZ Authorization Failure .TP 0.8i SASL_TOOWEAK Mechanism too weak for this user .TP 0.8i SASL_ENCRYPT Encryption needed to use mechanism .TP 0.8i SASL_TRANS One time use of a plaintext password will enable requested mechanism for user .TP 0.8i SASL_EXPIRED Passphrase expired, must be reset .TP 0.8i SASL_DISABLED Account Disabled .TP 0.8i SASL_NOUSER User Not Found .TP 0.8i SASL_BADVERS Version mismatch with plug-in .TP 0.8i SASL_NOVERIFY USer exists, but no verifier for user .SH Password Setting Result Codes .TP 0.8i SASL_PWLOCK Passphrase locked .TP 0.8i SASL_NOCHANGE Requested change was not needed .TP 0.8i SASL_WEAKPASS Passphrase is too week for security policy. .TP 0.8i SASL_NOUSERPASS User supplied passwords are not permitted .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3) cyrus-sasl-2.1.25/man/sasl_client_init.30000646000076400007640000000611111306006126015015 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_client_init 3 "21 June 2001" SASL "SASL man pages" .SH NAME sasl_client_init \- SASL client authentication initialization .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_client_init(const sasl_callback_t " *callbacks ");" .fi .SH DESCRIPTION .B sasl_client_init() initializes SASL. It must be called before any calls to sasl_client_start. This call initializes all SASL client drivers (e.g. authentication mechanisms). These are usually found in the /usr/lib/sasl2 directory but the directory may be overridden with the SASL_PATH environment variable. .PP .I callbacks specifies the base callbacks for all client connections. See the sasl_callbacks man page for more information .SH "RETURN VALUE" sasl_client_init returns an integer which corresponds to one of the following codes. SASL_OK is the only one that indicates success. All others indicate errors and should either be handled or the authentication session should be quit. .SH ERRORS .TP 0.8i .B SASL_OK Success .TP 0.8i .B SASL_BADVERS Mechanism version mismatch .TP 0.8i .B SASL_BADPARAM Error in config file .TP 0.8i .B SASL_NOMEM Not enough memory to complete operation .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_client_new(3), sasl_client_start(3), sasl_client_step(3) cyrus-sasl-2.1.25/man/sasl_client_new.30000646000076400007640000001057711306006126014656 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_client_new 3 "21 June 2001" SASL "SASL man pages" .SH NAME sasl_client_new \- Create a new client authentication object .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_client_new(const char " *service ", " .BI " const char " *serverFQDN ", " .BI " const char " *iplocalport ", " .BI " const char " *ipremoteport ", " .BI " const sasl_callback_t " *prompt_supp, .BI " unsigned " flags ", " .BI " sasl_conn_t ** " pconn ");" .fi .SH DESCRIPTION .B sasl_client_new() creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentication and integrity/encryption layers after authentication. .PP .I service is the registered name of the service (usually the protocol name) using SASL (e.g. "imap"). .PP .I serverFQDN is the fully qualified domain name of the server (e.g. "serverhost.cmu.edu"). .PP .I iplocalport is the IP and port of the local side of the connection, or NULL. If iplocalport is NULL it will disable mechanisms that require IP address information. This strings must be in one of the following formats: "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port" (IPv6), or "e:f:g:h:i:j:a.b.c.d;port" (IPv6) .PP .I ipremoteport is the IP and port of the remote side of the connection, or NULL (see iplocalport) .PP .I prompt_supp is a list of client interactions supported that is unique to this connection. If this parameter is NULL the global callbacks (specified in sasl_client_init) will be used. See sasl_callback for more information. .PP .I flags are connection flags (see below) .PP .I pconn is the connection context allocated by the library. This structure will be used for all future SASL calls for this connection. .PP .B Connection Flags .PP Flags that may be passed to .B sasl_server_new() include .TP 0.8i .B SASL_SUCCESS_DATA The protocol supports a server-last send .TP 0.8i .B SASL_NEED_PROXY Force the use of a mechanism that supports an authorization id that is not the authentication id. .SH "RETURN VALUE" sasl_client_new returns an integer which corresponds to one of the following codes. SASL_OK is the only one that indicates success. All others indicate errors and should either be handled or the authentication session should be quit. .SH ERRORS .TP 0.8i .B SASL_OK Success .TP 0.8i .B SASL_BADPARAM Error in config file or passed parameters .TP 0.8i .B SASL_NOMECH No mechanism meets requested properties .TP 0.8i .B SASL_NOMEM Not enough memory to complete operation .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3) cyrus-sasl-2.1.25/man/sasl_getconfpath_t.30000646000076400007640000000515411306006126015347 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2006 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getconfpath_t 3 "12 February 2006" SASL "SASL man pages" .SH NAME sasl_getconfpath_t \- The SASL callback to indicate location of the config files .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getconfpath_t(void " *context ", " .BI " char ** " path ")"; .fi .SH DESCRIPTION .B sasl_getconfpath_t is used if the application wishes to use a different location for the SASL configuration files. If this callback is not used SASL will either use the location in the environment variable SASL_CONF_PATH (provided we are not SUID or SGID) or /etc/sasl2 by default. .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_setpass.30000666000076400007640000000576411306006126014215 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_setpass 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_setpass \- Check a plaintext password .SH SYNOPSIS .nf .B #include .BI "int sasl_setpass(sasl_conn_t *" conn ", " .BI " const char *" user ", " .BI " const char *" pass ", unsigned " passlen "," .BI " const char *" oldpass ", unsigned " oldpasslen "," .BI " unsigned " flags ")" .SH DESCRIPTION .B sasl_setpass will set passwords in the sasldb, and trigger the setpass callbacks for all available mechanisms. .I user is the username to set the password for. .I pass and .I passlen are the password to set and its length .I oldpass and .I oldpasslen are the old password & its length (and are optional) .I flags Are flags including SASL_SET_CREATE and SASL_SET_DISABLE (to cause the creating of nonexistent accounts and the disabling of an account, respectively) .SH NOTES .I oldpass and .I oldpasslen are unused in the Cyrus SASL implementation, though are passed on to any mechanisms that may require them. .SH "RETURN VALUE" Returns SASL_OK on success. SASL error code on failure. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_checkpass(3)cyrus-sasl-2.1.25/man/sasl_getprop.30000646000076400007640000000664111306006126014204 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getprop 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_getprop \- Get a SASL property .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getprop(sasl_conn_t " *conn ", " .BI " int " propnum ", " .BI " const void ** " pvalue ");" .fi .SH DESCRIPTION .B sasl_getprop gets the value of a SASL property. For example after successful authentication a server may wish to know the authorization name. Or a client application may wish to know the strength of the negotiated security layer. .I conn is the SASL connection object. .I propnum is the identifier for the property requested and .I pvalue is filled in on success. List of properties follows: .nf SASL_USERNAME - pointer to NUL terminated user name SASL_SSF - security layer security strength factor, if 0, call to sasl_encode, sasl_decode unnecessary SASL_MAXOUTBUF - security layer max output buf unsigned SASL_DEFUSERREALM - server authentication realm used SASL_GETOPTCTX - context for getopt callback SASL_IPLOCALPORT - local address string SASL_IPREMOTEPORT - remote address string SASL_SERVICE - service passed to sasl_*_new SASL_SERVERFQDN - serverFQDN passed to sasl_*_new SASL_AUTHSOURCE - name of auth source last used, useful for failed authentication tracking SASL_MECHNAME - active mechanism name, if any SASL_PLUGERR - similar to sasl_errdetail .fi .PP .SH "RETURN VALUE" Returns SASL_OK on success. SASL error code on failure. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_server_new(3), sasl_client_new(3) cyrus-sasl-2.1.25/man/sasl_canon_user_t.30000646000076400007640000000651311306006126015201 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_userdb_checkpass_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_server_userdb_checkpass_t \- Plaintext Password Verification Callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_canon_user_t(sasl_conn_t " *conn "," .BI " void " *context "," .BI " const char " *user ", unsigned " ulen "," .BI " unsigned " flags "," .BI " const char " *user_realm "," .BI " char " *out_user ", unsigned " out_umax "," .BI " unsigned " *out_ulen ")" .fi .SH DESCRIPTION .B sasl_canon_user_t Is the callback for an application-supplied user canonicalization function. This function is subject to the requirements that all user canonicalization functions are: It must copy the result into the output buffers, but the output buffers and the input buffers may be the same. .I context context from the callback record .I user and .I ulen Un-canonicalized username (and length) .I flags Either SASL_CU_AUTHID (indicating the authentication ID is being canonicalized) or SASL_CU_AUTHZID (indicating the authorization ID is to be canonicalized) or a bitwise OR of the the two. .I user_realm Realm of authentication. .I out_user and .I out_umax and .I out_ulen The output buffer, max length, and actual length for the username. .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_listmech.30000646000076400007640000000656511306006126014341 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_listmech \- Retrieve a list of the supported SASL mechanisms .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_listmech(sasl_conn_t *" conn ", " .BI " const char *" user ", " .BI " const char *" prefix ", " .BI " const char *" sep ", " .BI " const char *" suffix ", " .BI " const char **" result ", " .BI " unsigned *" plen ", " .BI " int *" pcount ");" .fi .SH DESCRIPTION .B sasl_listmech() returns a string listing the SASL names of all the mechanisms available to the specified user. This is typically given to the client through a capability command or initial server response. Client applications need this list so that they know what mechanisms the server supports. .I conn the SASL context for this connection .I user (optional) restricts the mechanism list to only those available to the user. .I prefix appended to beginning of result .I sep appended between mechanisms .I suffix appended to end of result .I result NULL terminated result string (allocated/freed by library) .I plen length of result filled in by library. May be NULL .I pcount Number of mechanisms available (filled in by library). May be NULL .nf Example: sasl_listmech(conn,NULL,"(",",",")",&mechlist,NULL,NULL); may give the string .BI (ANONYMOUS,KERBEROS_V4,DIGEST-MD5) as a result .PP .SH "RETURN VALUE" Returns SASL_OK on success. SASL error code on failure. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_server_new(3), sasl_client_new(3) cyrus-sasl-2.1.25/man/sasl_auxprop_getctx.30000666000076400007640000000471511306006126015602 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_auxprop_getctx 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_auxprop_getctx \- Acquire an auxiliary property context .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_auxprop_getctx(sasl_conn_t " *conn ")" .fi .SH DESCRIPTION .B sasl_auxprop_getctx will return an auxiliary property context for the given sasl_conn_t on which the functions described in sasl_auxprop(3) can operate. .I conn the sasl_conn_t for which the request is being made. .SH "RETURN VALUE" Returns a pointer the the context on success. Returns NULL on failure. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_auxprop(3), sasl_auxprop_request(3)cyrus-sasl-2.1.25/man/sasl_errstring.30000646000076400007640000000610311306006126014534 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_errstring 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_errstring \- Translate a SASL return code to a human-readable form .SH SYNOPSIS .nf .B #include .sp .BI "const char * sasl_errstring(int " saslerr ", " .BI " const char * " langlist ", " .BI " const char ** " outlang ");" .fi .SH DESCRIPTION .B sasl_usererr is called to convert a SASL return code (an integer) into a human readable string. At this time the only language available is american english written by programmers (aka gobbledygook). Note that a server should call sasl_usererr on a return code first if the string is going to be sent to the client. .PP .I saslerr specifies the error number to convert. .PP .I langlist is currently unused; Use NULL. .PP .I outlang specifies the desired RFC 1766 language for output. NULL defaults to "en-us," currently the only supported language. .PP It should be noted that this function is not the recommended means of extracting error code information from SASL, instead application should use sasl_errdetail(3), which contains this information (and more) .PP .SH "RETURN VALUE" Returns the string. If langlist is NULL, US-ASCII is used. .PP .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errdetail(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_getrealm_t.30000646000076400007640000000555311306006126014650 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getrealm_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_getrealm_t \- Realm Acquisition Callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getrealm_t(void " *context ", int " id ", " .BI " const char " **availrealms "," .BI " const char " **result ")" .fi .SH DESCRIPTION .B sasl_getrealm_t is used when there is an interaction with SASL_CB_GETREALM as the type. If a mechanism would use this callback, but it is not present, then the first realm listed is automatically selected. (Note that a mechanism may still force the existence of a getrealm callback by SASL_CB_GETREALM to its required_prompts list). .I context context from the callback record .I id callback ID (SASL_CB_GETREALM) .I availrealms A string list of the available realms. NULL terminated, may be empty. .I result The chosen realm. (a NUL terminated string) .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3) cyrus-sasl-2.1.25/man/sasl_checkpass.30000646000076400007640000000556011306006126014467 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_checkpass 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_checkpass \- Check a plaintext password .SH SYNOPSIS .nf .B #include .BI "int sasl_checkpass(sasl_conn_t *" conn ", " .BI " const char *" user ", " .BI " unsigned " userlen ", " .BI " const char *" pass ", " .BI " unsigned " passlen "); " .SH DESCRIPTION .B sasl_checkpass() will check a plaintext password. This is needed for protocols that had a login method before SASL (for example the LOGIN command in IMAP). The password is checked with the .I pwcheck_method See sasl_callbacks(3) for information on how this parameter is set. .SH "RETURN VALUE" sasl_checkpass returns an integer which corresponds to one of the following codes. SASL_OK indicates that the authentication is complete. All other return codes indicate errors and should either be handled or the authentication session should be quit. See sasl_errors(3) for meanings of return codes. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_callbacks(3), sasl_setpass(3) cyrus-sasl-2.1.25/man/sasl_decode.30000666000076400007640000000567311306006126013755 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_decode 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_decode \- Decode data received .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_decode(sasl_conn_t " *conn ", " .BI " const char * " input ", " .BI " unsigned " inputlen ", " .BI " const char ** " output ", " .BI " unsigned * " outputlen ");" .fi .SH DESCRIPTION .B sasl_decode decodes data received. After successful authentication this function should be called on all data received. It decodes the data from encrypted or signed form to plain data. If there was no security layer negotiated the output is identical to the input. .I output contains the decoded data and is allocated/freed by the library. One should not to give sasl_decode more data than the negotiated maxbufsize (see sasl_getprop). Note that sasl_decode can succeed and outputlen can be zero. If this is the case simply wait for more data and call sasl_decode again. .PP .SH "RETURN VALUE" Returns SASL_OK on success. See sasl_errors(3) for meanings of other return codes. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_encode(3)cyrus-sasl-2.1.25/man/sasl_encodev.30000666000076400007640000000612311306006126014144 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_encode 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_encode \- Encode data for transport to authenticated host .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_encode(sasl_conn_t " *conn ", " .BI " const char * " input ", " .BI " unsigned " inputlen ", " .BI " const char ** " output ", " .BI " unsigned * " outputlen ");" .BI "int sasl_encodev(sasl_conn_t " *conn ", " .BI " const struct iovec * " invec ", " .BI " unsigned " numiov ", " .BI " const char ** " output ", " .BI " unsigned * " outputlen ");" .fi .SH DESCRIPTION .B sasl_encode encodes data to be sent to be sent to a remote host who we've had a successful authentication session with. If there is a negotiated security the data in signed/encrypted and the output should be sent without modification to the remote host. If there is no security layer the output is identical to the input. .B sasl_encodev does the same, but for a struct iovec instead of a character buffer. .I output contains the encoded data and is allocated/freed by the library. .SH "RETURN VALUE" Returns SASL_OK on success. See sasl_errors(3) for meanings of other return codes. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_decode(3)cyrus-sasl-2.1.25/man/sasl_idle.30000646000076400007640000000457111306006126013441 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_idle 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_idle \- Perform precalculations during an idle period .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_idle( sasl_conn_t " *conn ")" .fi .SH DESCRIPTION .B sasl_idle may be called during an idle period to allow the SASL library or any mechanisms to perform any necessary precalculation. .I conn may be NULL to do precalculation prior to a connection taking place. .SH "RETURN VALUE" Returns 1 if action was taken, 0 if no action was taken. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3) cyrus-sasl-2.1.25/man/sasl_chalprompt_t.30000666000076400007640000000547111306006126015222 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_chalprompt_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_chalprompt_t \- Realm Acquisition Callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_chalprompt_t(void " *context ", int " id ", " .BI " const char " *challenge "," .BI " const char " *prompt ", const char " *defresult "," .BI " const char " **result ", unsigned " *len ")" .fi .SH DESCRIPTION .B sasl_chalprompt_t is used to prompt for input in response to a server challenge. .I context context from the callback record .I id callback id (either SASL_CB_ECHOPROMPT or SASL_CB_NOECHOPROMPT) .I challenge the server's challenge .I prompt A prompt for the user .I defresult Default result (may be NULL) .I result The user's response (a NUL terminated string) .I len Length of the user's response. .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3)cyrus-sasl-2.1.25/man/sasl_errdetail.30000666000076400007640000000470411306006126014477 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_errdetail 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_errdetail \- Retrieve detailed information about an error .SH SYNOPSIS .nf .B #include .sp .BI "const char *sasl_errdetail( sasl_conn_t *conn )"; .fi .SH DESCRIPTION .B sasl_errdetail provides more detailed information about the most recent error to occur, beyond the information contained in the SASL result code. .I conn the connection context to inquire about. .SH "RETURN VALUE" Returns the string describing the error that occurred, or NULL if no error has occurred, or there was an error retrieving it. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3)cyrus-sasl-2.1.25/man/sasl_auxprop_request.30000646000076400007640000000572511306006126015774 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_auxprop_request 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_auxprop_request \- Request Auxiliary Properties from SASL .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_auxprop_request(sasl_conn_t " *conn ", " .BI " const char ** " propnames ")" .fi .SH DESCRIPTION .B sasl_auxprop_request will request that the SASL library obtain properties from any auxiliary property plugins that might be installed (such as the user's home directory from an LDAP server for example). Such lookup occurs just after username canonicalization is complete. Therefore, the request should be made before the call to sasl_server_start(3), but after the call to sasl_server_new(3). .I conn the sasl_conn_t for which the request is being made. .I propnames a NULL-terminated array of property names to request. Note that this array must persist until a call to sasl_dispose on the sasl_conn_t. .SH "RETURN VALUE" Returns SASL_OK on success. See sasl_errors(3) for meanings of other return codes. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_auxprop(3), sasl_auxprop_getctx(3), sasl_server_new(3), sasl_server_start(3) cyrus-sasl-2.1.25/man/sasl_log_t.30000666000076400007640000000464711306006126013636 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_log_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_log_t \- The SASL logging callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_log_t(void " *context ", " .BI " int " level ", " .BI " const char * " message ")"; .fi .SH DESCRIPTION .B sasl_log_t is used to log warning/error messages from the SASL library. If not specified syslog will be used. .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3)cyrus-sasl-2.1.25/man/sasl.30000646000076400007640000000627111306006126012443 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH SASL 3 "10 July 2001" SASL "SASL man pages" .SH NAME SASL \- SASL authentication library .SH DESCRIPTION The CMU Cyrus SASL library is a general purpose authentication library for sever and client applications. .B System Administrators: For information on setting up/configuring the SASL library see the .I System Administrators Guide in the doc/ directory of the SASL distribution. .B Programmers: See man pages for individual sasl functions or the .I Programmers Guide in the doc/ directory of the SASL distribution. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl_authorize_t(3), sasl_auxprop(3), sasl_auxprop_getctx(3), sasl_auxprop_request(3), sasl_canon_user_t(3), sasl_callbacks(3), sasl_chalprompt_t(3), sasl_checkapop(3), sasl_checkpass(3), sasl_client_init(3), sasl_client_new(3), sasl_client_start(3), sasl_client_step(3), sasl_decode(3), sasl_dispose(3), sasl_done(3), sasl_encode(3), sasl_encodev(3), sasl_errdetail(3), sasl_errors(3), sasl_errstring(3), sasl_errors(3), sasl_getopt_t(3), sasl_getpath_t(3), sasl_getprop(3), sasl_getrealm_t(3), sasl_getsecret_t(3), sasl_getsimple_t(3), sasl_idle(3), sasl_listmech(3), sasl_log_t(3), sasl_server_init(3), sasl_server_new(3), sasl_server_start(3), sasl_server_step(3), sasl_server_userdb_checkpass_t(3), sasl_server_userdb_setpass_t(3), sasl_setpass(3), sasl_setprop(3), sasl_user_exists(3), sasl_verifyfile_t(3), sasl_global_listmech(3) cyrus-sasl-2.1.25/man/sasl_user_exists.30000646000076400007640000000512111306006126015071 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_user_exists 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_user_exists \- Check if a user exists on server .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_user_exists( sasl_conn_t " *conn "," .BI " const char " *service ", const char " *user_realm "," .BI " const char " *user ")" .fi .SH DESCRIPTION .B sasl_user_exists will check if a user exists on the server. .I conn a connection context .I service Service name or NULL (for service name of connection context) .I user_realm Realm to check in or NULL (for default realm) .I user User name to check for existence of. .SH "RETURN VALUE" Returns SASL_OK on success. SASL error code on failure. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_server_step.30000646000076400007640000000633311306006126015063 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_step 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_server_step \- Perform a step in the authentication negotiation .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_server_step(sasl_conn_t " *conn ", " .BI " const char " *clientin ", " .BI " unsigned " clientinlen ", " .BI " const char ** " serverout ", " .BI " unsigned * " serveroutlen ");" .SH DESCRIPTION .B sasl_server_step() performs a step in the authentication negotiation. It returns SASL_OK if the whole negotiation is successful and SASL_CONTINUE if this step is ok but at least one more step is needed. .PP .I conn is the SASL connection context .PP .I clientin is the data given by the client (decoded if the protocol encodes requests sent over the wire) .I clientinlen is the length of .I clientin .PP .I serverout and .I serveroutlen are set by the library and should be sent to the client. .PP .SH "RETURN VALUE" sasl_server_step returns an integer which corresponds to one of the SASL error codes. SASL_CONTINUE indicates success and that there are more steps needed in the authentication. SASL_OK indicates that the authentication is complete. All other return codes indicate errors and should either be handled or the authentication session should be quit. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_new(3), sasl_server_start(3) cyrus-sasl-2.1.25/man/sasl_encode.30000666000076400007640000000612311306006126013756 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_encode 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_encode \- Encode data for transport to authenticated host .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_encode(sasl_conn_t " *conn ", " .BI " const char * " input ", " .BI " unsigned " inputlen ", " .BI " const char ** " output ", " .BI " unsigned * " outputlen ");" .BI "int sasl_encodev(sasl_conn_t " *conn ", " .BI " const struct iovec * " invec ", " .BI " unsigned " numiov ", " .BI " const char ** " output ", " .BI " unsigned * " outputlen ");" .fi .SH DESCRIPTION .B sasl_encode encodes data to be sent to be sent to a remote host who we've had a successful authentication session with. If there is a negotiated security the data in signed/encrypted and the output should be sent without modification to the remote host. If there is no security layer the output is identical to the input. .B sasl_encodev does the same, but for a struct iovec instead of a character buffer. .I output contains the encoded data and is allocated/freed by the library. .SH "RETURN VALUE" Returns SASL_OK on success. See sasl_errors(3) for meanings of other return codes. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_decode(3)cyrus-sasl-2.1.25/man/sasl_callbacks.30000646000076400007640000001013511306006126014434 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2006 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_callbacks 3 "12 February 2006" SASL "SASL man pages" .SH NAME sasl_callbacks \- How to work with SASL callbacks .SH SYNOPSIS .nf .B #include .fi .SH DESCRIPTION .B sasl_callbacks are used when the application needs some information from the application. Common reasons are getting for getting usernames and passwords. A client MUST specify what callbacks they support in the sasl_client/server_init() or sasl_client/server_new() calls. If an authentication mechanism needs a callback that the application does not state it supports it cannot be used. If a callback has an .B id parameter that should be checked to make sure you are giving the appropriate value. If an application is using the client side of the library functions to handle the callbacks are not necessary. Instead the application may deal with callbacks via SASL_INTERACT's. See sasl_client_start/step() for more information. The list of callbacks follows: .SH Common Callbacks .TP 0.8i sasl_getopt_t Get an option value .TP 0.8i sasl_log_t Log message handler .TP 0.8i sasl_getpath_t Get path to search for plugins (e.g. SASL mechanisms) .TP 0.8i sasl_verifyfile_t Verify files for use by SASL .TP 0.8i sasl_canon_user_t Username canonicalization function. .SH Client-only Callbacks .TP 0.8i sasl_getsimple_t Get user/language list .TP 0.8i sasl_getsecret_t Get authentication secret .TP 0.8i sasl_chalprompt_t Display challenge and prompt for response .TP 0.8i sasl_getrealm_t Get the realm for authentication .SH Server-only Callbacks .TP 0.8i sasl_authorize_t Authorize policy callback .TP 0.8i sasl_server_userdb_checkpass_t verify plaintext password .TP 0.8i sasl_server_userdb_setpass_t set plaintext password .TP 0.8i sasl_getconfpath_t Get path to search for SASL configuration file (server side only). New in SASL 2.1.22. .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK typically indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_authorize_t(3), sasl_log_t(3), sasl_getpath_t(3), sasl_getconfpath_t(3), sasl_verifyfile_t(3), sasl_canon_user_t(3), sasl_getsimple(3), sasl_getsecret_t(3), sasl_chalprompt_t(3), sasl_getrealm_t(3), sasl_authorize_t(3), sasl_server_userdb_checkpass_t(3), sasl_server_userdb_setpass_t(3) cyrus-sasl-2.1.25/man/sasl_getsecret_t.30000666000076400007640000000532111306006126015030 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_getsecret_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_getsecret_t \- The SASL callback for secrets (passwords) .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_getsecret_t(sasl_conn_t " *conn ", " .BI " void " *context ", " .BI " int " id ", " .BI " sasl_secret_t ** " psecret ")"; .fi .SH DESCRIPTION .B sasl_getsecret_t is used to retrieve the secret from the application. A sasl_secret_t should be allocated to length sizeof(sasl_secret_t)+. It has two fields .I len which is the length of the secret in bytes and .I data which contains the secret itself (does not need to be null terminated). .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3)cyrus-sasl-2.1.25/man/sasl_client_start.30000646000076400007640000001031211306006126015205 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_client_start 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_client_start \- Begin an authentication negotiation .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_client_start(sasl_conn_t * " conn ", " .BI " const char * " mechlist ", " .BI " sasl_interact_t ** " prompt_need ", " .BI " const char ** " clientout ", " .BI " unsigned * " clientoutlen ", " .BI " const char ** " mech ");" .fi .SH DESCRIPTION .B sasl_client_start() selects a mechanism for authentication and starts the authentication session. The mechlist is the list of mechanisms the client might like to use. The mechanisms in the list are not necessarily supported by the client or even valid. SASL determines which of these to use based upon the security preferences specified earlier. The list of mechanisms is typically a list of mechanisms the server supports acquired from a capability request. If SASL_INTERACT is returned the library needs some values to be filled in before it can proceed. The prompt_need structure will be filled in with requests. The application should fulfill these requests and call sasl_client_start again with identical parameters (the prompt_need parameter will be the same pointer as before but filled in by the application). .PP .I mechlist is a list of mechanisms the server has available. Punctuation is ignored. .PP .I prompt_need is filled in with a list of prompts needed to continue (if necessary). .PP .I clientout and .I clientoutlen is created. It is the initial client response to send to the server. It is the job of the client to send it over the network to the server. Any protocol specific encoding (such as base64 encoding) necessary needs to be done by the client. If the protocol lacks client-send-first capability, then set .I clientout to NULL. If there is no initial client-send, then .I *clientout will be set to NULL on return. .I mech contains the name of the chosen SASL mechanism (on success) .SH "RETURN VALUE" sasl_client_start returns an integer which corresponds to one of the following codes. SASL_CONTINUE indicates success and that there are more steps needed in the authentication. All other return codes indicate errors and should either be handled or the authentication session should be quit. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_step(3) cyrus-sasl-2.1.25/man/Makefile.am0000646000076400007640000000544410414247650013462 00000000000000# Makefile.am for SASL documentation # ################################################################ # Copyright (c) 2001 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ man_MANS = sasl_authorize_t.3 sasl_done.3 sasl_listmech.3 sasl_callbacks.3 \ sasl_encode.3 sasl_encodev.3 sasl_log_t.3 sasl_checkpass.3 \ sasl_errstring.3 sasl_dispose.3 sasl_canon_user_t.3 \ sasl_server_init.3 sasl_client_init.3 sasl_getopt_t.3 \ sasl_server_new.3 sasl_client_new.3 sasl_getpath_t.3 \ sasl_server_start.3 sasl_client_start.3 sasl_getprop.3 \ sasl_server_step.3 sasl_client_step.3 sasl_getsecret_t.3 \ sasl_setprop.3 sasl_decode.3 sasl_getsimple_t.3 sasl.3 \ sasl_checkapop.3 sasl_errors.3 sasl_verifyfile_t.3 \ sasl_getrealm_t.3 sasl_chalprompt_t.3 sasl_auxprop_request.3 \ sasl_auxprop_getctx.3 sasl_auxprop.3 sasl_idle.3 \ sasl_errdetail.3 sasl_user_exists.3 sasl_setpass.3 \ sasl_server_userdb_checkpass_t.3 sasl_server_userdb_setpass_t.3 \ sasl_global_listmech.3 sasl_getconfpath_t.3 EXTRA_DIST = $(man_MANS) cyrus-sasl-2.1.25/man/sasl_done.30000666000076400007640000000435111306006126013447 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_done 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_done \- Dispose of a SASL connection object .SH SYNOPSIS .nf .B #include .sp .BI "void sasl_done( void )"; .fi .SH DESCRIPTION .B sasl_done is called when the application is completely done with the SASL library. .PP .SH "RETURN VALUE" No return values .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_server_init(3), sasl_client_init(3)cyrus-sasl-2.1.25/man/sasl_client_step.30000646000076400007640000001006611306006126015031 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_client_step 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_client_step \- Perform a step in the authentication negotiation .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_client_step(sasl_conn_t " *conn ", " .BI " const char " *serverin ", " .BI " unsigned " serverinlen ", " .BI " sasl_interact_t ** " prompt_need ", " .BI " const char ** " clientout ", " .BI " unsigned * " clientoutlen ");" .fi .SH DESCRIPTION .B sasl_client_step() performs a step in the authentication negotiation. It returns SASL_OK if the whole negotiation is successful and SASL_CONTINUE if this step is ok but at least one more step is needed. A client should not assume an authentication negotiation is successful just because the server signaled success via protocol (i.e. if the server said ". OK Authentication succeeded" in IMAP sasl_client_step should still be called one more time with a serverinlen of zero. If SASL_INTERACT is returned the library needs some values to be filled in before it can proceed. The prompt_need structure will be filled in with requests. The application should fulfill these requests and call sasl_client_start again with identical parameters (the prompt_need parameter will be the same pointer as before but filled in by the application). .I conn is the SASL connection context .PP .I serverin is the data given by the server (decoded if the protocol encodes requests sent over the wire) .PP .I serverinlen is the length of serverin .PP .I clientout and .I clientoutlen is created. It is the initial client response to send to the server. It is the job of the client to send it over the network to the server. Any protocol specific encoding (such as base64 encoding) necessary needs to be done by the client. .SH "RETURN VALUE" sasl_client_step returns an integer which corresponds to one of the following codes. SASL_CONTINUE indicates success and that there are more steps needed in the authentication. SASL_OK indicates that the authentication is complete. All other return codes indicate errors and should either be handled or the authentication session should be quit. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_client_init(3), sasl_client_new(3), sasl_client_start(3) cyrus-sasl-2.1.25/man/sasl_global_listmech.30000646000076400007640000000465511306006126015657 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_listmech 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_listmech \- Retrieve a list of the supported SASL mechanisms .SH SYNOPSIS .nf .B #include .sp .BI "const char ** sasl_global_listmech()" .fi .SH DESCRIPTION .B sasl_global_listmech() returns a null-terminated array of strings that lists all mechanisms that are loaded by either the client or server side of the library. .SH "RETURN VALUE" Returns a pointer to the array on success. NULL on failure (sasl library uninitialized). .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_listmech(3), sasl_server_init(3), sasl_client_init(3) cyrus-sasl-2.1.25/man/sasl_checkapop.30000666000076400007640000000604611306006126014462 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_checkapop 3 "29 June 2001" SASL "SASL man pages" .SH NAME sasl_checkapop \- Check an APOP challenge/response .SH SYNOPSIS .nf .B #include .BI "int sasl_checkapop(sasl_conn_t *" conn ", " .BI " const char *" challenge ", " .BI " unsigned " challen ", " .BI " const char *" response ", " .BI " unsigned " resplen "); " .SH DESCRIPTION .B sasl_checkapop() will check an APOP challenge/response. APOP is an optional POP3 (RFC 1939) authentication command which uses a shared secret (password). The password is stored in the SASL secrets database. For information on the SASL shared secrets database see the .I System Administrators Guide in the doc/ directory of the SASL distribution. .sp If called with a .BI "NULL" " challenge" "," .B sasl_checkapop() will check to see if the APOP mechanism is enabled. .SH "RETURN VALUE" sasl_checkapop returns an integer which corresponds to one of the following codes. SASL_OK indicates that the authentication is complete. All other return codes indicate errors and should either be handled or the authentication session should be quit. See sasl_errors(3) for meanings of return codes. .SH "CONFORMING TO" RFC 4422, RFC 1939 .SH "SEE ALSO" sasl(3), sasl_errors(3)cyrus-sasl-2.1.25/man/sasl_server_init.30000646000076400007640000000615111306006126015051 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_init 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_server_init \- SASL server authentication initialization .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_server_init(const sasl_callback_t " *callbacks ", " .BI " const char " *appname ");" .fi .SH DESCRIPTION .B sasl_server_init() initializes SASL. It must be called before any calls to sasl_server_start, and only once per process. This call initializes all SASL mechanism drivers (e.g. authentication mechanisms). These are usually found in the /usr/lib/sasl2 directory but the directory may be overridden with the SASL_PATH environment variable (or at compile time). .PP .I callbacks specifies the base callbacks for all client connections. See the sasl_callbacks man page for more information. .PP .I appname is the name of the application. It is used for where to find the default configuration file. .PP .SH "RETURN VALUE" sasl_server_init returns an integer which corresponds to one of the SASL error codes. SASL_OK is the only one that indicates success. All others indicate errors and should either be handled or the authentication session should be quit. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_new(3), sasl_server_start(3), sasl_server_step(3) cyrus-sasl-2.1.25/man/Makefile.in0000666000076400007640000004237411631670663013506 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for SASL documentation # ################################################################ # Copyright (c) 2001 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = man DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man3dir = $(mandir)/man3 am__installdirs = "$(DESTDIR)$(man3dir)" NROFF = nroff MANS = $(man_MANS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ man_MANS = sasl_authorize_t.3 sasl_done.3 sasl_listmech.3 sasl_callbacks.3 \ sasl_encode.3 sasl_encodev.3 sasl_log_t.3 sasl_checkpass.3 \ sasl_errstring.3 sasl_dispose.3 sasl_canon_user_t.3 \ sasl_server_init.3 sasl_client_init.3 sasl_getopt_t.3 \ sasl_server_new.3 sasl_client_new.3 sasl_getpath_t.3 \ sasl_server_start.3 sasl_client_start.3 sasl_getprop.3 \ sasl_server_step.3 sasl_client_step.3 sasl_getsecret_t.3 \ sasl_setprop.3 sasl_decode.3 sasl_getsimple_t.3 sasl.3 \ sasl_checkapop.3 sasl_errors.3 sasl_verifyfile_t.3 \ sasl_getrealm_t.3 sasl_chalprompt_t.3 sasl_auxprop_request.3 \ sasl_auxprop_getctx.3 sasl_auxprop.3 sasl_idle.3 \ sasl_errdetail.3 sasl_user_exists.3 sasl_setpass.3 \ sasl_server_userdb_checkpass_t.3 sasl_server_userdb_setpass_t.3 \ sasl_global_listmech.3 sasl_getconfpath_t.3 EXTRA_DIST = $(man_MANS) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" @list=''; test -n "$(man3dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.3[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ done; } uninstall-man3: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man3dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.3[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man3dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man3 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man3 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man3 \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ uninstall uninstall-am uninstall-man uninstall-man3 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/man/sasl_server_new.30000646000076400007640000001010511306006126014671 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_new 3 "16 May 2001" SASL "SASL man pages" .SH NAME sasl_server_new \- Create a new server authentication object .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_server_new(const char " *service ", " .BI " const char " *serverFQDN ", " .BI " const char " *user_realm ", " .BI " const char " *iplocalport ", " .BI " const char " *ipremoteport ", " .BI " const sasl_callback_t " *callbacks ", " .BI " unsigned " flags ", " .BI " sasl_conn_t ** " pconn ");" .fi .SH DESCRIPTION .B sasl_server_new() creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentication and integrity/encryption layers after authentication. .PP .I service is the registered name of the service (usually the protocol name) using SASL (e.g. "imap"). .PP .I serverFQDN is the fully qualified server domain name. NULL means use gethostname(). This is useful for multi-homed servers. .PP .I user_realm is the domain of the user agent. This is usually not necessary (NULL is default) .PP .I iplocalport is the IP and port of the local side of the connection, or NULL. If iplocalport is NULL it will disable mechanisms that require IP address information. This strings must be in one of the following formats: "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port" (IPv6), or "e:f:g:h:i:j:a.b.c.d;port" (IPv6) .PP .I ipremoteport is the IP and port of the remote side of the connection, or NULL (see iplocalport) .PP .I flags are connection flags (see below) .PP .I pconn is a pointer to the connection context allocated by the library. This structure will be used for all future SASL calls for this connection. .PP .B Connection Flags .TP 0.8i .B SASL_SUCCESS_DATA The protocol supports a server-last send .TP 0.8i .B SASL_NEED_PROXY Force the use of a mechanism that supports an authorization id that is not the authentication id. .SH "RETURN VALUE" .B sasl_server_new() returns an integer which corresponds to one of the SASL error codes. SASL_OK is the only one that indicates success. All others indicate errors and should either be handled or the authentication session should be quit. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_start(3), sasl_server_step(3), sasl_setprop(3) cyrus-sasl-2.1.25/man/sasl_server_userdb_setpass_t.30000666000076400007640000000620311306006126017457 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_userdb_setpass_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_server_userdb_setpass_t \- UserDB Plaintext Password Setting Callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_server_userdb_setpass_t(sasl_conn_t " *conn "," .BI " void " *context "," .BI " const char " *user "," .BI " const char " *pass "," .BI " unsigned " passlen "," .BI " struct propctx " *propctx "," .BI " unsigned " flags ")" .fi .SH DESCRIPTION .B sasl_server_userdb_setpass_t is used to store or change a plaintext password in the callback-supplier's user database. .I context context from the callback record .I user NUL terminated user name with user@realm syntax .I pass password to check (may not be NUL terminated) .I passlen length of the password .I propctx Auxilliary Properties (not stored) .I flags These are the same flags that are passed to sasl_setpass(3), and are documented on that man page. .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3), sasl_errors(3), sasl_server_userdb_checkpass_t(3), sasl_setpass(3)cyrus-sasl-2.1.25/man/sasl_server_start.30000646000076400007640000000771611306006126015253 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_server_start 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_server_start \- Begin an authentication negotiation .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_server_start(sasl_conn_t * " conn ", " .BI " const char * " mech ", " .BI " const char * " clientin ", " .BI " unsigned * " clientinlen ", " .BI " const char ** " serverout ", " .BI " unsigned * " serveroutlen ");" .fi .SH DESCRIPTION .B sasl_server_start() begins the authentication with the mechanism specified with mech. This fails if the mechanism is not supported. SASL_OK is returned if the authentication is complete and the user is authenticated. SASL_CONTINUE is returned if one or more steps are still required in the authentication. All other return values indicate failure. .PP .I conn is the SASL context for this connection .PP .I mech is the mechanism name that the client requested .PP .I clientin is the client initial response, NULL if the protocol lacks support for client-send-first or if the other end did not have an initial send. Note that no initial client send is distinct from an initial send of a null string, and the protocol MUST account for this difference. .PP .I clientinlen is the length of initial response .PP .I serverout is created by the plugin library. It is the initial server response to send to the client. This is allocated/freed by the library and it is the job of the client to send it over the network to the server. Also protocol specific encoding (such as base64 encoding) must needs to be done by the server. .PP .I serveroutlen is set to the length of initial server challenge .PP .PP .SH "RETURN VALUE" sasl_server_start returns an integer which corresponds to one of the SASL errorcodes. SASL_OK indicates that authentication is completed successfully. SASL_CONTINUE indicates success and that there are more steps needed in the authentication. All other return codes indicate errors and should either be handled or the authentication session should be quit. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_new(3), sasl_server_step(3) cyrus-sasl-2.1.25/man/sasl_setprop.30000646000076400007640000000620011306006126014207 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_setprop 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_setprop \- Set a SASL property .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_setprop(sasl_conn_t " *conn ", " .BI " int " propnum ", " .BI " const void * " pvalue ")" .fi .SH DESCRIPTION .B sasl_setprop sets the value of a SASL property. For example an application should tell the SASL library about any external negotiated security layer (i.e. TLS). .I conn is the SASL connection object. .I propnum is the identifier for the property requested and .I pvalue contains a pointer to the data. It is the applications job to make sure this type is correct. This is an easy way to crash a program. .nf SASL_AUTH_EXTERNAL - external authentication ID (const char *) SASL_SSF_EXTERNAL - external SSF active -- (sasl_ssf_t) SASL_DEFUSERREALM - user realm (const char *) SASL_SEC_PROPS - sasl_security_properties_t (may be freed after call) SASL_IPLOCALPORT - string describing the local ip and port in the form "a.b.c.d;p", or "e:f:g:h:i:j:k:l;port" SASL_IPREMOTEPORT - string describing the remote ip and port in the form "a.b.c.d;p", or "e:f:g:h:i:j:k:l;port" .fi .SH "RETURN VALUE" Returns SASL_OK on success. SASL error code on failure. .SH "CONFORMING TO" RFC 4422 .SH "SEE ALSO" sasl(3), sasl_errors(3) cyrus-sasl-2.1.25/man/sasl_verifyfile_t.30000646000076400007640000000561711306006126015215 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_verifyfile_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_verifyfile_t \- The SASL file verification .SH SYNOPSIS .nf .B #include .sp .BI "typedef enum {" SASL_VRFY_PLUGIN, /* a DLL/shared library plugin */ SASL_VRFY_CONF, /* a configuration file */ SASL_VRFY_PASSWD, /* a password storage file */ SASL_VRFY_OTHER /* some other file type */ .BI "} sasl_verify_type_t" .BI "int sasl_verifyfile_t(void " *context ", " .BI " const char " *file "," .BI " sasl_verify_type_t " type ")" .fi .SH DESCRIPTION .B sasl_verifyfile_t is used to check whether a given file is okay for use by the SASL library. this is intended to allow applications to sanity check the environment to ensure that plugins or the config file cannot be written to, etc. .I context context from the callback record .I file full path of the file to verify .I type type of the file. .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3) cyrus-sasl-2.1.25/man/sasl_authorize_t.30000666000076400007640000000554411306006126015064 00000000000000.\" -*- nroff -*- .\" .\" Copyright (c) 2001 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name "Carnegie Mellon University" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" "This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)." .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH sasl_authorize_t 3 "10 July 2001" SASL "SASL man pages" .SH NAME sasl_authorize_t \- The SASL authorization callback .SH SYNOPSIS .nf .B #include .sp .BI "int sasl_authorize_t(void " *context ", " .BI " const char " *requested_user ", unsigned " alen "," .BI " const char " *auth_identity ", unsigned " alen "," .BI " const char " *def_realm ", unsigned " urlen "," .BI " struct propctx " *propctx ") " .fi .SH DESCRIPTION .B sasl_authorize_t is used to check whether the authorized user .I auth_identity may act as the user .I requested_user. For example the user root may wish to authenticate with his credentials but act as the user tmartin (with all of tmartin's rights not roots). A server application should be very careful, and probably err on the side of caution, when determining which users may proxy as whom. .PP .SH "RETURN VALUE" SASL callback functions should return SASL return codes. See sasl.h for a complete list. SASL_OK indicates success. .SH "SEE ALSO" sasl(3), sasl_callbacks(3)cyrus-sasl-2.1.25/INSTALL0000646000076400007640000002713611214147232011700 00000000000000Installation Instructions ************************* Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. This file is free documentation; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. Basic Installation ================== Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. Running `configure' might take a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package. 4. Type `make install' to install the programs and any data files and documentation. 5. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. 6. Often, you can also type `make uninstall' to remove the installed files again. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or "universal" binaries--by specifying multiple `-arch' options to the compiler but only a single `-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CPP="gcc -E" CXXCPP="g++ -E" This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results using the `lipo' tool if you have problems. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX'. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Optional Features ================= Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Particular systems ================== On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended to try ./configure CC="cc" and if that doesn't work, try ./configure CC="cc -nodtk" On Solaris, don't put `/usr/ucb' early in your `PATH'. This directory contains several dysfunctional programs; working variants of these programs are available in `/usr/bin'. So, if you need `/usr/ucb' in your `PATH', put it _after_ `/usr/bin'. On Haiku, software installed for all users goes in `/boot/common', not `/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Unfortunately, this technique does not work for `CONFIG_SHELL' due to an Autoconf bug. Until the bug is fixed you can use this workaround: CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of all of the options to `configure', and exit. `--help=short' `--help=recursive' Print a summary of the options unique to this package's `configure', and exit. The `short' variant lists options used only in the top level, while the `recursive' variant lists options also present in any nested packages. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--prefix=DIR' Use DIR as the installation prefix. *Note Installation Names:: for more details, including other options available for fine-tuning the installation locations. `--no-create' `-n' Run the configure checks, but stop before creating any output files. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. cyrus-sasl-2.1.25/plugins/0000777000076400007640000000000011632367340012411 500000000000000cyrus-sasl-2.1.25/plugins/plugin_common.h0000646000076400007640000002003410414247652015345 00000000000000 /* Generic SASL plugin utility functions * Rob Siemborski * $Id: plugin_common.h,v 1.21 2006/01/17 12:18:21 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _PLUGIN_COMMON_H_ #define _PLUGIN_COMMON_H_ #include #ifndef macintosh #ifdef WIN32 # include #else # include # include # include # include #endif /* WIN32 */ #endif /* macintosh */ #include #include #include #ifdef WIN32 #define PLUG_API __declspec(dllexport) #else #define PLUG_API extern #endif #define SASL_CLIENT_PLUG_INIT( x ) \ extern sasl_client_plug_init_t x##_client_plug_init; \ PLUG_API int sasl_client_plug_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_client_plug_t **pluglist, \ int *plugcount) { \ return x##_client_plug_init(utils, maxversion, out_version, \ pluglist, plugcount); \ } #define SASL_SERVER_PLUG_INIT( x ) \ extern sasl_server_plug_init_t x##_server_plug_init; \ PLUG_API int sasl_server_plug_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_server_plug_t **pluglist, \ int *plugcount) { \ return x##_server_plug_init(utils, maxversion, out_version, \ pluglist, plugcount); \ } #define SASL_AUXPROP_PLUG_INIT( x ) \ extern sasl_auxprop_init_t x##_auxprop_plug_init; \ PLUG_API int sasl_auxprop_plug_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_auxprop_plug_t **plug, \ const char *plugname) {\ return x##_auxprop_plug_init(utils, maxversion, out_version, \ plug, plugname); \ } #define SASL_CANONUSER_PLUG_INIT( x ) \ extern sasl_canonuser_init_t x##_canonuser_plug_init; \ PLUG_API int sasl_canonuser_init(const sasl_utils_t *utils, \ int maxversion, int *out_version, \ sasl_canonuser_plug_t **plug, \ const char *plugname) {\ return x##_canonuser_plug_init(utils, maxversion, out_version, \ plug, plugname); \ } /* note: msg cannot include additional variables, so if you want to * do a printf-format string, then you need to call seterror yourself */ #define SETERROR( utils, msg ) (utils)->seterror( (utils)->conn, 0, (msg) ) #ifndef MEMERROR #define MEMERROR( utils ) \ (utils)->seterror( (utils)->conn, 0, \ "Out of Memory in " __FILE__ " near line %d", __LINE__ ) #endif #ifndef PARAMERROR #define PARAMERROR( utils ) \ (utils)->seterror( (utils)->conn, 0, \ "Parameter Error in " __FILE__ " near line %d", __LINE__ ) #endif #ifndef SASLINT_H typedef struct buffer_info { char *data; unsigned curlen; /* Current length of data in buffer */ unsigned reallen; /* total length of buffer (>= curlen) */ } buffer_info_t; #endif #ifdef __cplusplus extern "C" { #endif int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, struct sockaddr *out, socklen_t outlen); int _plug_iovec_to_buf(const sasl_utils_t *utils, const struct iovec *vec, unsigned numiov, buffer_info_t **output); int _plug_buf_alloc(const sasl_utils_t *utils, char **rwbuf, unsigned *curlen, unsigned newlen); int _plug_strdup(const sasl_utils_t * utils, const char *in, char **out, int *outlen); void _plug_free_string(const sasl_utils_t *utils, char **str); void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret); #define _plug_get_userid(utils, result, prompt_need) \ _plug_get_simple(utils, SASL_CB_USER, 0, result, prompt_need) #define _plug_get_authid(utils, result, prompt_need) \ _plug_get_simple(utils, SASL_CB_AUTHNAME, 1, result, prompt_need) int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, const char **result, sasl_interact_t **prompt_need); int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **secret, unsigned int *iscopy, sasl_interact_t **prompt_need); int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, const char *challenge, const char *promptstr, const char **result, sasl_interact_t **prompt_need); int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, const char **realm, sasl_interact_t **prompt_need); int _plug_make_prompts(const sasl_utils_t *utils, sasl_interact_t **prompts_res, const char *user_prompt, const char *user_def, const char *auth_prompt, const char *auth_def, const char *pass_prompt, const char *pass_def, const char *echo_chal, const char *echo_prompt, const char *echo_def, const char *realm_chal, const char *realm_prompt, const char *realm_def); typedef struct decode_context { const sasl_utils_t *utils; unsigned int needsize; /* How much of the 4-byte size do we need? */ char sizebuf[4]; /* Buffer to accumulate the 4-byte size */ unsigned int size; /* Absolute size of the encoded packet */ char *buffer; /* Buffer to accumulate an encoded packet */ unsigned int cursize; /* Amount of packet data in the buffer */ unsigned int in_maxbuf; /* Maximum allowed size of an incoming encoded packet */ } decode_context_t; void _plug_decode_init(decode_context_t *text, const sasl_utils_t *utils, unsigned int in_maxbuf); int _plug_decode(decode_context_t *text, const char *input, unsigned inputlen, char **output, unsigned *outputsize, unsigned *outputlen, int (*decode_pkt)(void *rock, const char *input, unsigned inputlen, char **output, unsigned *outputlen), void *rock); void _plug_decode_free(decode_context_t *text); int _plug_parseuser(const sasl_utils_t *utils, char **user, char **realm, const char *user_realm, const char *serverFQDN, const char *input); int _plug_make_fulluser(const sasl_utils_t *utils, char **fulluser, const char * useronly, const char *realm); char * _plug_get_error_message (const sasl_utils_t *utils, #ifdef WIN32 DWORD error #else int error #endif ); void _plug_snprintf_os_info (char * osbuf, int osbuf_len); #ifdef __cplusplus } #endif #endif /* _PLUGIN_COMMON_H_ */ cyrus-sasl-2.1.25/plugins/cram.c0000646000076400007640000004520611631667560013432 00000000000000/* CRAM-MD5 SASL plugin * Rob Siemborski * Tim Martin * $Id: cram.c,v 1.87 2011/09/07 13:19:44 murch Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: cram.c,v 1.87 2011/09/07 13:19:44 murch Exp $"; /* convert a string of 8bit chars to it's representation in hex * using lowercase letters */ static char *convert16(unsigned char *in, int inlen, const sasl_utils_t *utils) { static char hex[]="0123456789abcdef"; int lup; char *out; out = utils->malloc(inlen*2+1); if (out == NULL) return NULL; for (lup=0; lup < inlen; lup++) { out[lup*2] = hex[in[lup] >> 4]; out[lup*2+1] = hex[in[lup] & 15]; } out[lup*2] = 0; return out; } /***************************** Server Section *****************************/ typedef struct server_context { int state; char *challenge; } server_context_t; static int crammd5_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { server_context_t *text; /* holds state are in */ text = sparams->utils->malloc(sizeof(server_context_t)); if (text == NULL) { MEMERROR( sparams->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(server_context_t)); text->state = 1; *conn_context = text; return SASL_OK; } /* * Returns the current time (or part of it) in string form * maximum length=15 */ static char *gettime(sasl_server_params_t *sparams) { char *ret; time_t t; t=time(NULL); ret= sparams->utils->malloc(15); if (ret==NULL) return NULL; /* the bottom bits are really the only random ones so if we overflow we don't want to loose them */ snprintf(ret,15,"%lu",t%(0xFFFFFF)); return ret; } static char *randomdigits(sasl_server_params_t *sparams) { unsigned int num; char *ret; unsigned char temp[5]; /* random 32-bit number */ sparams->utils->rand(sparams->utils->rpool,(char *) temp,4); num=(temp[0] * 256 * 256 * 256) + (temp[1] * 256 * 256) + (temp[2] * 256) + (temp[3] ); ret = sparams->utils->malloc(15); /* there's no way an unsigned can be longer than this right? */ if (ret == NULL) return NULL; sprintf(ret, "%u", num); return ret; } static int crammd5_server_mech_step1(server_context_t *text, sasl_server_params_t *sparams, const char *clientin __attribute__((unused)), unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams __attribute__((unused))) { char *time, *randdigits; /* we shouldn't have received anything */ if (clientinlen != 0) { SETERROR(sparams->utils, "CRAM-MD5 does not accept inital data"); return SASL_BADPROT; } /* get time and a random number for the nonce */ time = gettime(sparams); randdigits = randomdigits(sparams); if ((time == NULL) || (randdigits == NULL)) { MEMERROR( sparams->utils ); return SASL_NOMEM; } /* allocate some space for the challenge */ text->challenge = sparams->utils->malloc(200 + 1); if (text->challenge == NULL) { MEMERROR(sparams->utils); return SASL_NOMEM; } /* create the challenge */ snprintf(text->challenge, 200, "<%s.%s@%s>", randdigits, time, sparams->serverFQDN); *serverout = text->challenge; *serveroutlen = (unsigned) strlen(text->challenge); /* free stuff */ sparams->utils->free(time); sparams->utils->free(randdigits); text->state = 2; return SASL_CONTINUE; } static int crammd5_server_mech_step2(server_context_t *text, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout __attribute__((unused)), unsigned *serveroutlen __attribute__((unused)), sasl_out_params_t *oparams) { char *userid = NULL; sasl_secret_t *sec = NULL; int pos; size_t len; int result = SASL_FAIL; const char *password_request[] = { SASL_AUX_PASSWORD, #if defined(OBSOLETE_CRAM_ATTR) "*cmusaslsecretCRAM-MD5", #endif NULL }; struct propval auxprop_values[3]; HMAC_MD5_CTX tmphmac; HMAC_MD5_STATE md5state; int clear_md5state = 0; char *digest_str = NULL; UINT4 digest[4]; /* extract userid; everything before last space */ pos = clientinlen-1; while ((pos > 0) && (clientin[pos] != ' ')) pos--; if (pos <= 0) { SETERROR( sparams->utils,"need authentication name"); return SASL_BADPROT; } userid = (char *) sparams->utils->malloc(pos+1); if (userid == NULL) { MEMERROR( sparams->utils); return SASL_NOMEM; } /* copy authstr out */ memcpy(userid, clientin, pos); userid[pos] = '\0'; result = sparams->utils->prop_request(sparams->propctx, password_request); if (result != SASL_OK) goto done; /* this will trigger the getting of the aux properties */ result = sparams->canon_user(sparams->utils->conn, userid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto done; result = sparams->utils->prop_getnames(sparams->propctx, password_request, auxprop_values); if (result < 0 || ((!auxprop_values[0].name || !auxprop_values[0].values) #if defined(OBSOLETE_CRAM_ATTR) && (!auxprop_values[1].name || !auxprop_values[1].values) #endif )) { /* We didn't find this username */ sparams->utils->seterror(sparams->utils->conn,0, "no secret in database"); result = sparams->transition ? SASL_TRANS : SASL_NOUSER; goto done; } if (auxprop_values[0].name && auxprop_values[0].values) { len = strlen(auxprop_values[0].values[0]); if (len == 0) { sparams->utils->seterror(sparams->utils->conn,0, "empty secret"); result = SASL_FAIL; goto done; } sec = sparams->utils->malloc(sizeof(sasl_secret_t) + len); if (!sec) goto done; sec->len = (unsigned) len; strncpy((char *)sec->data, auxprop_values[0].values[0], len + 1); clear_md5state = 1; /* Do precalculation on plaintext secret */ sparams->utils->hmac_md5_precalc(&md5state, /* OUT */ sec->data, sec->len); #if defined(OBSOLETE_CRAM_ATTR) } else if (auxprop_values[1].name && auxprop_values[1].values) { /* We have a precomputed secret */ memcpy(&md5state, auxprop_values[1].values[0], sizeof(HMAC_MD5_STATE)); #endif } else { sparams->utils->seterror(sparams->utils->conn, 0, "Have neither type of secret"); return SASL_FAIL; } /* erase the plaintext password */ sparams->utils->prop_erase(sparams->propctx, password_request[0]); /* ok this is annoying: so we have this half-way hmac transform instead of the plaintext that means we half to: -import it back into a md5 context -do an md5update with the nonce -finalize it */ sparams->utils->hmac_md5_import(&tmphmac, (HMAC_MD5_STATE *) &md5state); sparams->utils->MD5Update(&(tmphmac.ictx), (const unsigned char *) text->challenge, (unsigned) strlen(text->challenge)); sparams->utils->hmac_md5_final((unsigned char *) &digest, &tmphmac); /* convert to base 16 with lower case letters */ digest_str = convert16((unsigned char *) digest, 16, sparams->utils); /* if same then verified * - we know digest_str is null terminated but clientin might not be * - verify the length of clientin anyway! */ len = strlen(digest_str); if (clientinlen-pos-1 < len || strncmp(digest_str, clientin+pos+1, len) != 0) { sparams->utils->seterror(sparams->utils->conn, 0, "incorrect digest response"); result = SASL_BADAUTH; goto done; } /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; done: if (userid) sparams->utils->free(userid); if (sec) _plug_free_secret(sparams->utils, &sec); if (digest_str) sparams->utils->free(digest_str); if (clear_md5state) memset(&md5state, 0, sizeof(md5state)); return result; } static int crammd5_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { server_context_t *text = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } /* this should be well more than is ever needed */ if (clientinlen > 1024) { SETERROR(sparams->utils, "CRAM-MD5 input longer than 1024 bytes"); return SASL_BADPROT; } switch (text->state) { case 1: return crammd5_server_mech_step1(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: return crammd5_server_mech_step2(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); default: /* should never get here */ sparams->utils->log(NULL, SASL_LOG_ERR, "Invalid CRAM-MD5 server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void crammd5_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *text = (server_context_t *) conn_context; if (!text) return; if (text->challenge) _plug_free_string(utils,&(text->challenge)); utils->free(text); } static sasl_server_plug_t crammd5_server_plugins[] = { { "CRAM-MD5", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS, /* security_flags */ SASL_FEAT_SERVER_FIRST, /* features */ NULL, /* glob_context */ &crammd5_server_mech_new, /* mech_new */ &crammd5_server_mech_step, /* mech_step */ &crammd5_server_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech avail */ NULL /* spare */ } }; int crammd5_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR( utils, "CRAM version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = crammd5_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { char *out_buf; unsigned out_buf_len; } client_context_t; static int crammd5_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); *conn_context = text; return SASL_OK; } static char *make_hashed(sasl_secret_t *sec, char *nonce, int noncelen, const sasl_utils_t *utils) { unsigned char digest[24]; char *in16; if (sec == NULL) return NULL; /* do the hmac md5 hash output 128 bits */ utils->hmac_md5((unsigned char *) nonce, noncelen, sec->data, sec->len, digest); /* convert that to hex form */ in16 = convert16(digest, 16, utils); if (in16 == NULL) return NULL; return in16; } static int crammd5_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *) conn_context; const char *authid = NULL; sasl_secret_t *password = NULL; unsigned int free_password = 0; /* set if we need to free password */ int auth_result = SASL_OK; int pass_result = SASL_OK; int result; size_t maxsize; char *in16 = NULL; *clientout = NULL; *clientoutlen = 0; /* First check for absurd lengths */ if (serverinlen > 1024) { params->utils->seterror(params->utils->conn, 0, "CRAM-MD5 input longer than 1024 bytes"); return SASL_BADPROT; } /* check if sec layer strong enough */ if (params->props.min_ssf > params->external_ssf) { SETERROR( params->utils, "SSF requested of CRAM-MD5 plugin"); return SASL_TOOWEAK; } /* try to get the userid */ if (oparams->authid == NULL) { auth_result=_plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the password */ if (password == NULL) { pass_result=_plug_get_password(params->utils, &password, &free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) goto cleanup; return SASL_INTERACT; } if (!password) { PARAMERROR(params->utils); return SASL_BADPARAM; } result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; /* * username SP digest (keyed md5 where key is passwd) */ in16 = make_hashed(password, (char *) serverin, serverinlen, params->utils); if (in16 == NULL) { SETERROR(params->utils, "whoops, make_hashed failed us this time"); result = SASL_FAIL; goto cleanup; } maxsize = 32+1+strlen(oparams->authid)+30; result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), (unsigned) maxsize); if (result != SASL_OK) goto cleanup; snprintf(text->out_buf, maxsize, "%s %s", oparams->authid, in16); *clientout = text->out_buf; *clientoutlen = (unsigned) strlen(*clientout); /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; cleanup: /* get rid of private information */ if (in16) _plug_free_string(params->utils, &in16); /* get rid of all sensitive info */ if (free_password) _plug_free_secret(params-> utils, &password); return result; } static void crammd5_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static sasl_client_plug_t crammd5_client_plugins[] = { { "CRAM-MD5", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS, /* security_flags */ SASL_FEAT_SERVER_FIRST, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &crammd5_client_mech_new, /* mech_new */ &crammd5_client_mech_step, /* mech_step */ &crammd5_client_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int crammd5_client_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR( utils, "CRAM version mismatch"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = crammd5_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/anonymous_init.c0000666000076400007640000000133611632367343015556 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( anonymous ) SASL_SERVER_PLUG_INIT( anonymous ) cyrus-sasl-2.1.25/plugins/passdss.c0000646000076400007640000013354211306006126014151 00000000000000/* PASSDSS-3DES-1 SASL plugin * Ken Murchison * $Id: passdss.c,v 1.5 2008/10/29 17:59:41 murch Exp $ */ /* * Copyright (c) 1998-2004 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Notes: * */ #include #include #include #include /* check OpenSSL version */ #include #if (OPENSSL_VERSION_NUMBER < 0x0090700f) #error OpenSSL 0.9.7 or later is required #endif /* for big number support */ #include /* for Diffie-Hellman support */ #include /* for digest and cipher support */ #include #include #include #include #include #include #define MD5_H /* suppress internal MD5 */ #include #include "plugin_common.h" #ifdef macintosh #include #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: passdss.c,v 1.5 2008/10/29 17:59:41 murch Exp $"; const char g[] = "2"; const char N[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF"; #define NO_LAYER_FLAG (1<<0) #define INTEGRITY_LAYER_FLAG (1<<1) #define PRIVACY_LAYER_FLAG (1<<2) #define NO_LAYER_SSF 0 #define INTEGRITY_LAYER_SSF 1 #define PRIVACY_LAYER_SSF 112 typedef struct context { int state; char *authid; /* authentication id (server) */ char *userid; /* authorization id (server) */ sasl_secret_t *password; /* user secret (client) */ unsigned int free_password; /* set if we need to free password */ DH *dh; /* Diffie-Hellman parameters */ /* copy of utils from the params structures */ const sasl_utils_t *utils; /* per-step mem management */ char *out_buf; unsigned out_buf_len; /* security layer foo */ unsigned char secmask; /* bitmask of enabled security layers */ unsigned char padding[EVP_MAX_BLOCK_LENGTH]; /* block of NULs */ HMAC_CTX hmac_send_ctx; HMAC_CTX hmac_recv_ctx; unsigned char send_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */ unsigned char recv_integrity_key[4 + EVP_MAX_MD_SIZE]; /* +4 for pktnum */ unsigned char *cs_integrity_key; /* ptr to bare key in send/recv key */ unsigned char *sc_integrity_key; /* ptr to bare key in send/recv key */ EVP_CIPHER_CTX cipher_enc_ctx; EVP_CIPHER_CTX cipher_dec_ctx; unsigned blk_siz; unsigned char cs_encryption_iv[EVP_MAX_MD_SIZE]; unsigned char sc_encryption_iv[EVP_MAX_MD_SIZE]; unsigned char cs_encryption_key[2 * EVP_MAX_MD_SIZE]; unsigned char sc_encryption_key[2 * EVP_MAX_MD_SIZE]; /* replay detection sequence numbers */ uint32_t pktnum_out; uint32_t pktnum_in; /* for encoding/decoding mem management */ char *encode_buf, *decode_buf, *decode_pkt_buf; unsigned encode_buf_len, decode_buf_len, decode_pkt_buf_len; /* layers buffering */ decode_context_t decode_context; } context_t; static int passdss_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; unsigned long inputlen; unsigned char hmac[EVP_MAX_MD_SIZE]; unsigned i, hmaclen; uint32_t tmpnum; int ret; if (!context || !invec || !numiov || !output || !outputlen) { PARAMERROR( text->utils ); return SASL_BADPARAM; } /* calculate total size of input */ for (i = 0, inputlen = 0; i < numiov; i++) inputlen += invec[i].iov_len; /* allocate a buffer for the output */ ret = _plug_buf_alloc(text->utils, &text->encode_buf, &text->encode_buf_len, 4 + /* length */ inputlen + /* content */ EVP_MAX_MD_SIZE + /* HMAC */ EVP_MAX_BLOCK_LENGTH - 1); /* padding */ if (ret != SASL_OK) return ret; *outputlen = 4; /* skip length */ /* prepend packet number to integrity key */ tmpnum = htonl(text->pktnum_out++); memcpy(text->send_integrity_key, &tmpnum, 4); /* key the HMAC */ HMAC_Init_ex(&text->hmac_send_ctx, text->send_integrity_key, 4+SHA_DIGEST_LENGTH, EVP_sha1(), NULL); /* operate on each iovec */ for (i = 0; i < numiov; i++) { /* hash the content */ HMAC_Update(&text->hmac_send_ctx, invec[i].iov_base, invec[i].iov_len); if (text->secmask & PRIVACY_LAYER_FLAG) { unsigned enclen; /* encrypt the data into the output buffer */ EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen, invec[i].iov_base, invec[i].iov_len); *outputlen += enclen; } else { /* copy the raw input to the output */ memcpy(text->encode_buf + *outputlen, invec[i].iov_base, invec[i].iov_len); *outputlen += invec[i].iov_len; } } /* calculate the HMAC */ HMAC_Final(&text->hmac_send_ctx, hmac, &hmaclen); if (text->secmask & PRIVACY_LAYER_FLAG) { unsigned enclen; unsigned char padlen; /* encrypt the HMAC into the output buffer */ EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen, hmac, hmaclen); *outputlen += enclen; /* pad output buffer to multiple of blk_siz with padlen-1 as last octet */ padlen = text->blk_siz - ((inputlen + hmaclen) % text->blk_siz) - 1; EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen, text->padding, padlen); *outputlen += enclen; EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen, &padlen, 1); *outputlen += enclen; /* encrypt the last block of data into the output buffer */ EVP_EncryptFinal_ex(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen); *outputlen += enclen; } else { /* copy the HMAC to the output */ memcpy(text->encode_buf + *outputlen, hmac, hmaclen); *outputlen += hmaclen; } /* prepend the length of the output */ tmpnum = *outputlen - 4; tmpnum = htonl(tmpnum); memcpy(text->encode_buf, &tmpnum, 4); *output = text->encode_buf; return SASL_OK; } /* Decode a single PASSDSS packet */ static int passdss_decode_packet(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen) { context_t *text = (context_t *) context; uint32_t tmpnum; unsigned char hmac[EVP_MAX_MD_SIZE]; unsigned hmaclen; int ret; if (text->secmask & PRIVACY_LAYER_FLAG) { unsigned declen, padlen; /* allocate a buffer for the output */ ret = _plug_buf_alloc(text->utils, &(text->decode_pkt_buf), &(text->decode_pkt_buf_len), inputlen); if (ret != SASL_OK) return ret; /* decrypt the data into the output buffer */ ret = EVP_DecryptUpdate(&text->cipher_dec_ctx, text->decode_pkt_buf, &declen, (char *) input, inputlen); if (ret) EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */ text->decode_pkt_buf + declen, &declen); if (!ret) { SETERROR(text->utils, "Error decrypting input"); return SASL_BADPROT; } input = text->decode_pkt_buf; /* trim padding */ padlen = text->decode_pkt_buf[inputlen - 1] + 1; inputlen -= padlen; } /* trim HMAC */ inputlen -= SHA_DIGEST_LENGTH; /* prepend packet number to integrity key */ tmpnum = htonl(text->pktnum_in++); memcpy(text->recv_integrity_key, &tmpnum, 4); /* calculate the HMAC */ HMAC(EVP_sha1(), text->recv_integrity_key, 4+SHA_DIGEST_LENGTH, input, inputlen, hmac, &hmaclen); /* verify HMAC */ if (memcmp(hmac, input+inputlen, hmaclen)) { SETERROR(text->utils, "HMAC is incorrect\n"); return SASL_BADMAC; } *output = (char *) input; *outputlen = inputlen; return SASL_OK; } /* Decode and concatenate multiple PASSDSS packets */ static int passdss_decode(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; ret = _plug_decode(&text->decode_context, input, inputlen, &text->decode_buf, &text->decode_buf_len, outputlen, passdss_decode_packet, text); *output = text->decode_buf; return ret; } #define MAX_MPI_LEN 2147483643 #define MAX_UTF8_LEN 2147483643 /* * Create/append to a PASSDSS buffer from the data specified by the fmt string. */ static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned offset, unsigned *buflen, unsigned *outlen, const char *fmt, ...) { va_list ap; char *p, *out = NULL, *lptr = NULL; int r, alloclen, len = -1, argc = 0; BIGNUM *mpi; char *os, *str; uint32_t u, nl; /* first pass to calculate size of buffer */ va_start(ap, fmt); for (p = (char *) fmt, alloclen = offset; *p; p++) { if (*p != '%') { alloclen++; continue; } /* check for length prefix ('a', 'o', 'u', and 's' only) */ if (*++p == '*') { /* arg is length of next arg */ len = va_arg(ap, int); p++; } else if (isdigit((int) *p)) { len = 0; while (isdigit((int) *p)) len = 10 * len + *p++ - '0'; } switch (*p) { case 'a': /* insert total length of next N args */ alloclen += 4; break; case 'm': /* MPI */ mpi = va_arg(ap, BIGNUM *); len = BN_num_bytes(mpi); if (len > MAX_MPI_LEN) { utils->log(NULL, SASL_LOG_ERR, "String too long to create mpi string\n"); r = SASL_FAIL; goto done; } alloclen += len + 4; break; case 'o': /* octet sequence (len given by prefix) */ alloclen += len; os = va_arg(ap, char *); break; case 's': /* string */ str = va_arg(ap, char *); if (len == -1) len = strlen(str); if (len > MAX_UTF8_LEN) { utils->log(NULL, SASL_LOG_ERR, "String too long to create utf8 string\n"); r = SASL_FAIL; goto done; } alloclen += len + 4; break; case 'u': /* unsigned int */ u = va_arg(ap, uint32_t); if (len == -1) len = 4; alloclen += len; break; default: alloclen++; break; } len = -1; } va_end(ap); r = _plug_buf_alloc(utils, buf, buflen, alloclen); if (r != SASL_OK) return r; out = *buf + offset; /* second pass to fill buffer */ va_start(ap, fmt); for (p = (char *) fmt; *p; p++) { if (*p != '%') { *out = *p; out++; continue; } /* check for length prefix ('a', 'o', 'u', and 's' only) */ if (*++p == '*') { /* arg is length of next arg */ len = va_arg(ap, int); p++; } else if (isdigit((int) *p)) { len = 0; while (isdigit((int) *p)) len = 10 * len + *p++ - '0'; } switch (*p) { case 'a': /* total length of next N args */ argc = len; len = -1; lptr = out; out += 4; continue; break; case 'm': /* MPI */ mpi = va_arg(ap, BIGNUM *); len = BN_bn2bin(mpi, out+4); nl = htonl(len); memcpy(out, &nl, 4); /* add 4 byte len (network order) */ out += len + 4; break; case 'o': /* octet sequence (len given by prefix) */ os = va_arg(ap, char *); memcpy(out, os, len); /* add data */ out += len; break; case 's': /* string (len possibly given by prefix) */ str = va_arg(ap, char *); /* xxx do actual utf8 conversion */ if (len == -1) len = strlen(str); nl = htonl(len); memcpy(out, &nl, 4); /* add 4 byte len (network order) */ memcpy(out+4, str, len); /* add string */ out += len + 4; break; case 'u': /* unsigned int */ u = va_arg(ap, uint32_t); nl = htonl(u); if (len == -1) len = 4; memcpy(out, &nl + 4 - len, len); out += len; break; default: *out = *p; out++; break; } /* see if we're done counting args */ if (lptr && !--argc) { len = out - lptr - 4; nl = htonl(len); memcpy(lptr, &nl, 4); /* insert 4 byte len (network order) */ lptr = NULL; } len = -1; } done: va_end(ap); *outlen = out - *buf; return r; } /* * Extract a PASSDSS buffer into the data specified by the fmt string. */ static int UnBuffer(const sasl_utils_t *utils, const char *buf, unsigned buflen, const char *fmt, ...) { va_list ap; char *p; BIGNUM **mpi; char **os, **str; uint32_t *u, nl; unsigned len; enum { OCTET_REFERENCE, /* just point to the data (reference it) */ OCTET_COPY, /* copy the data into the given buffer */ OCTET_ALLOC /* alloc space for the data, then copy */ } octet_flag; int r = SASL_OK; va_start(ap, fmt); for (p = (char *) fmt; *p; p++) { if (*p != '%') { if (*buf != *p) { r = SASL_BADPROT; goto done; } buf++; buflen--; continue; } p++; /* check for octet flags */ octet_flag = OCTET_COPY; if (*p == '-') { octet_flag = OCTET_REFERENCE; p++; } else if (*p == '+') { octet_flag = OCTET_ALLOC; p++; } /* check for length prefix ('o', 'u', and 'p' only) */ len = 0; if (*p == '*') { /* arg is length of next arg */ len = va_arg(ap, int); p++; } else if (isdigit((int) *p)) { len = 0; while (isdigit((int) *p)) len = 10 * len + *p++ - '0'; } switch (*p) { case 'm': /* MPI */ mpi = va_arg(ap, BIGNUM **); if (buflen < 4) { SETERROR(utils, "Buffer is not big enough to be PASSDSS MPI\n"); r = SASL_BADPROT; goto done; } /* get the length */ memcpy(&nl, buf, 4); len = ntohl(nl); buf += 4; buflen -= 4; /* make sure it's right */ if (len > buflen) { SETERROR(utils, "Not enough data for this PASSDSS MPI\n"); r = SASL_BADPROT; goto done; } if (mpi) { if (!*mpi) *mpi = BN_new(); BN_init(*mpi); BN_bin2bn(buf, len, *mpi); } break; case 'o': /* octet sequence (len given by prefix) */ os = va_arg(ap, char **); /* make sure it's right */ if (len > buflen) { SETERROR(utils, "Not enough data for this PASSDSS os\n"); r = SASL_BADPROT; goto done; } if (os) { if (octet_flag == OCTET_REFERENCE) *os = (char *) buf; else { if (octet_flag == OCTET_ALLOC && (*os = (char *) utils->malloc(len)) == NULL) { r = SASL_NOMEM; goto done; } memcpy(*os, buf, len); } } break; case 'p': /* padding (max len given by prefix) */ if (buflen < len) len = buflen; break; case 's': /* string */ str = va_arg(ap, char **); if (str) *str = NULL; if (buflen < 4) { SETERROR(utils, "Buffer is not big enough to be PASSDSS string\n"); r = SASL_BADPROT; goto done; } /* get the length */ memcpy(&nl, buf, 4); len = ntohl(nl); buf += 4; buflen -= 4; /* make sure it's right */ if (len > buflen) { SETERROR(utils, "Not enough data for this PASSDSS string\n"); r = SASL_BADPROT; goto done; } if (str) { *str = (char *) utils->malloc(len+1); /* +1 for NUL */ if (!*str) { r = SASL_NOMEM; goto done; } memcpy(*str, buf, len); (*str)[len] = '\0'; } break; case 'u': /* unsigned int */ u = va_arg(ap, uint32_t*); if (!len) len = 4; if (buflen < len) { SETERROR(utils, "Buffer is not big enough to be PASSDSS uint32\n"); r = SASL_BADPROT; goto done; } if (u) { memset(u, 0, 4); memcpy(u + 4 - len, buf, len); *u = ntohl(*u); } break; default: len = 1; if (*buf != *p) { r = SASL_BADPROT; goto done; } break; } buf += len; buflen -= len; } if (buflen != 0) { SETERROR(utils, "Extra data in PASSDSS buffer\n"); r = SASL_BADPROT; } done: va_end(ap); return r; } #define DOHASH(out, in1, len1, in2, len2, in3, len3) \ EVP_DigestInit(&mdctx, EVP_sha1()); \ EVP_DigestUpdate(&mdctx, in1, len1); \ EVP_DigestUpdate(&mdctx, in2, len2); \ EVP_DigestUpdate(&mdctx, in3, len3); \ EVP_DigestFinal(&mdctx, out, NULL) void CalcLayerParams(context_t *text, char *K, unsigned Klen, char *hash, unsigned hashlen) { EVP_MD_CTX mdctx; DOHASH(text->cs_encryption_iv, K, Klen, "A", 1, hash, hashlen); DOHASH(text->sc_encryption_iv, K, Klen, "B", 1, hash, hashlen); DOHASH(text->cs_encryption_key, K, Klen, "C", 1, hash, hashlen); DOHASH(text->cs_encryption_key + hashlen, K, Klen, "", 0, text->cs_encryption_key, hashlen); DOHASH(text->sc_encryption_key, K, Klen, "D", 1, hash, hashlen); DOHASH(text->sc_encryption_key + hashlen, K, Klen, "", 0, text->sc_encryption_key, hashlen); DOHASH(text->cs_integrity_key, K, Klen, "E", 1, hash, hashlen); DOHASH(text->sc_integrity_key, K, Klen, "F", 1, hash, hashlen); } /* * Dispose of a PASSDSS context (could be server or client) */ static void passdss_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { context_t *text = (context_t *) conn_context; if (!text) return; if (text->authid) utils->free(text->authid); if (text->userid) utils->free(text->userid); if (text->free_password) _plug_free_secret(utils, &(text->password)); if (text->dh) DH_free(text->dh); HMAC_CTX_cleanup(&text->hmac_send_ctx); HMAC_CTX_cleanup(&text->hmac_recv_ctx); EVP_CIPHER_CTX_cleanup(&text->cipher_enc_ctx); EVP_CIPHER_CTX_cleanup(&text->cipher_dec_ctx); _plug_decode_free(&text->decode_context); if (text->encode_buf) utils->free(text->encode_buf); if (text->decode_buf) utils->free(text->decode_buf); if (text->decode_pkt_buf) utils->free(text->decode_pkt_buf); if (text->out_buf) utils->free(text->out_buf); utils->free(text); } /***************************** Server Section *****************************/ static int passdss_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { context_t *text; /* holds state are in */ text = sparams->utils->malloc(sizeof(context_t)); if (text == NULL) { MEMERROR(sparams->utils); return SASL_NOMEM; } memset(text, 0, sizeof(context_t)); text->state = 1; text->utils = sparams->utils; text->cs_integrity_key = text->recv_integrity_key + 4; text->sc_integrity_key = text->send_integrity_key + 4; *conn_context = text; return SASL_OK; } static int passdss_server_mech_step1(context_t *text, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams __attribute__((unused))) { BIGNUM *X = NULL; DSA *dsa = NULL; unsigned char *K = NULL; unsigned Klen, hashlen; int need, musthave; EVP_MD_CTX mdctx; unsigned char hash[EVP_MAX_MD_SIZE]; DSA_SIG *sig = NULL; int result; /* Expect: * * (1) string azname ; authorization name * (2) string authname ; authentication name * (3) mpint X ; Diffie-Hellman parameter X */ result = UnBuffer(params->utils, clientin, clientinlen, "%s%s%m", &text->userid, &text->authid, &X); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 1"); goto cleanup; } /* Fetch DSA (XXX create one for now) */ dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); if (!dsa) { result = SASL_FAIL; goto cleanup; } DSA_generate_key(dsa); /* Create Diffie-Hellman parameters */ text->dh = DH_new(); BN_hex2bn(&text->dh->p, N); BN_hex2bn(&text->dh->g, g); DH_generate_key(text->dh); /* Alloc space for shared secret K as mpint */ K = text->utils->malloc(DH_size(text->dh) + 4); if (!K) { params->utils->log(NULL, SASL_LOG_ERR, "Error allocing K\n"); result = SASL_NOMEM; goto cleanup; } /* Calculate DH shared secret (leave space at head for length) */ Klen = DH_compute_key(K+4, X, text->dh); /* Prepend length in network byte order (make it a mpint) */ *((uint32_t *) K) = htonl(Klen); Klen += 4; /* Which layers can we support? */ if (params->props.maxbufsize < 32) { need = musthave = 0; } else { need = params->props.max_ssf - params->external_ssf; musthave = params->props.min_ssf - params->external_ssf; } if (musthave <= NO_LAYER_SSF) text->secmask |= NO_LAYER_FLAG; if ((musthave <= INTEGRITY_LAYER_SSF) && (INTEGRITY_LAYER_SSF <= need)) text->secmask |= INTEGRITY_LAYER_FLAG; if ((musthave <= PRIVACY_LAYER_SSF) && (PRIVACY_LAYER_SSF <= need)) text->secmask |= PRIVACY_LAYER_FLAG; /* Send out: * * (4) uint32 pklength ; length of SSH-style DSA server public key * string "ssh-dss" ; constant string "ssh-dss" (lower case) * mpint p ; DSA public key parameters * mpint q * mpint g * mpint y * (5) mpint Y ; Diffie-Hellman parameter Y * (6) OCTET ssecmask ; SASL security layers offered * (7) 3 OCTET sbuflen ; maximum server security layer block size * (8) uint32 siglength ; length of SSH-style dss signature * string "ssh-dss" ; constant string "ssh-dss" (lower case) * mpint r ; DSA signature parameters * mpint s */ /* Items (4) - (7) */ result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len, serveroutlen, "%5a%s%m%m%m%m%m%1o%3u", "ssh-dss", dsa->p, dsa->q, dsa->g, dsa->pub_key, text->dh->pub_key, &text->secmask, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } /* Hash (1) - (7) and K */ EVP_DigestInit(&mdctx, EVP_sha1()); /* (1) - (3) */ EVP_DigestUpdate(&mdctx, clientin, clientinlen); /* (4) - (7) */ EVP_DigestUpdate(&mdctx, text->out_buf, *serveroutlen); /* K */ EVP_DigestUpdate(&mdctx, K, Klen); EVP_DigestFinal(&mdctx, hash, &hashlen); /* Calculate security layer params */ CalcLayerParams(text, K, Klen, hash, hashlen); /* Start cli-hmac */ HMAC_CTX_init(&text->hmac_recv_ctx); HMAC_Init_ex(&text->hmac_recv_ctx, text->cs_integrity_key, SHA_DIGEST_LENGTH, EVP_sha1(), NULL); /* (1) - (3) */ HMAC_Update(&text->hmac_recv_ctx, clientin, clientinlen); /* (4) - (7) */ HMAC_Update(&text->hmac_recv_ctx, text->out_buf, *serveroutlen); /* Sign the hash */ sig = DSA_do_sign(hash, hashlen, dsa); if (!sig) { params->utils->log(NULL, SASL_LOG_ERR, "Error calculating DSS signature\n"); result = SASL_FAIL; goto cleanup; } /* Item (8) */ result = MakeBuffer(text->utils, &text->out_buf, *serveroutlen, &text->out_buf_len, serveroutlen, "%3a%s%m%m", "ssh-dss", sig->r, sig->s); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } *serverout = text->out_buf; text->state = 2; result = SASL_CONTINUE; cleanup: if (X) BN_free(X); if (K) text->utils->free(K); if (dsa) DSA_free(dsa); if (sig) DSA_SIG_free(sig); return result; } static int passdss_server_mech_step2(context_t *text, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout __attribute__((unused)), unsigned *serveroutlen __attribute__((unused)), sasl_out_params_t *oparams) { char *password = NULL; unsigned declen, hmaclen; unsigned char *csecmask, *cli_hmac, hmac[EVP_MAX_MD_SIZE]; uint32_t cbufsiz; int r, result = SASL_OK; /* Expect (3DES encrypted): * * (9) OCTET csecmask ; SASL security layer selection * 3 OCTET cbuflen ; maximum client block size * string passphrase ; the user's passphrase * 20 OCTET cli-hmac ; a client HMAC-SHA-1 signature */ /* Alloc space for the decrypted input */ result = _plug_buf_alloc(text->utils, &text->decode_pkt_buf, &text->decode_pkt_buf_len, clientinlen); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error allocating decrypt buffer in step 2\n"); goto cleanup; } /* Initialize decrypt cipher */ EVP_CIPHER_CTX_init(&text->cipher_dec_ctx); EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL, text->cs_encryption_key, text->cs_encryption_iv); EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0); text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_dec_ctx); /* Decrypt the blob */ r = EVP_DecryptUpdate(&text->cipher_dec_ctx, text->decode_pkt_buf, &declen, clientin, clientinlen); if (r) r = EVP_DecryptFinal_ex(&text->cipher_dec_ctx, /* should be no output */ text->decode_pkt_buf + declen, &declen); if (!r) { params->utils->seterror(params->utils->conn, 0, "Error decrypting input in step 2"); result = SASL_BADPROT; goto cleanup; } clientin = text->decode_pkt_buf; result = UnBuffer(params->utils, clientin, clientinlen, "%-1o%3u%s%-*o%*p", &csecmask, &cbufsiz, &password, SHA_DIGEST_LENGTH, &cli_hmac, text->blk_siz - 1); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 2"); goto cleanup; } /* Finish cli-hmac */ /* (1) - (7) hashed in step 1 */ /* 1st 4 bytes of (9) */ HMAC_Update(&text->hmac_recv_ctx, clientin, 4); HMAC_Final(&text->hmac_recv_ctx, hmac, &hmaclen); /* Verify cli-hmac */ if (memcmp(cli_hmac, hmac, hmaclen)) { params->utils->seterror(params->utils->conn, 0, "Client HMAC verification failed"); result = SASL_BADMAC; goto cleanup; } /* Canonicalize authentication ID first, so that password verification * is only against the canonical id */ result = params->canon_user(params->utils->conn, text->authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) { return result; } /* Verify password - return sasl_ok on success */ result = params->utils->checkpass(params->utils->conn, oparams->authid, oparams->alen, password, strlen(password)); if (result != SASL_OK) { params->utils->seterror(params->utils->conn, 0, "Password verification failed"); goto cleanup; } /* Canonicalize and store the authorization ID */ /* We need to do this after calling verify_user just in case verify_user * needed to get auxprops itself */ result = params->canon_user(params->utils->conn, *text->userid ? text->userid : text->authid, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; /* See which layer the client selected */ text->secmask &= *csecmask; if (text->secmask & PRIVACY_LAYER_FLAG) { oparams->mech_ssf = PRIVACY_LAYER_SSF; } else if (text->secmask & INTEGRITY_LAYER_FLAG) { oparams->mech_ssf = INTEGRITY_LAYER_SSF; } else if (text->secmask & NO_LAYER_FLAG) { oparams->mech_ssf = NO_LAYER_SSF; } else { /* Mark that we tried */ oparams->mech_ssf = 2; SETERROR(params->utils, "unable to agree on layers with server"); return SASL_BADPROT; } /* Set oparams */ oparams->doneflag = 1; oparams->param_version = 0; if (oparams->mech_ssf > 0) { oparams->encode = &passdss_encode; oparams->decode = &passdss_decode; oparams->maxoutbuf = cbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */ HMAC_CTX_init(&text->hmac_send_ctx); if (oparams->mech_ssf > 1) { oparams->maxoutbuf -= text->blk_siz-1; /* padding */ /* Initialize encrypt cipher */ EVP_CIPHER_CTX_init(&text->cipher_enc_ctx); EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL, text->sc_encryption_key, text->sc_encryption_iv); EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0); } _plug_decode_init(&text->decode_context, text->utils, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); } else { oparams->encode = NULL; oparams->decode = NULL; oparams->maxoutbuf = 0; } result = SASL_OK; cleanup: if (password) _plug_free_string(params->utils, &password); return result; } static int passdss_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; if (!sparams || !serverout || !serveroutlen || !oparams) return SASL_BADPARAM; sparams->utils->log(NULL, SASL_LOG_DEBUG, "PASSDSS server step %d\n", text->state); *serverout = NULL; *serveroutlen = 0; switch (text->state) { case 1: return passdss_server_mech_step1(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: return passdss_server_mech_step2(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); default: sparams->utils->seterror(sparams->utils->conn, 0, "Invalid PASSDSS server step %d", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static sasl_server_plug_t passdss_server_plugins[] = { { "PASSDSS-3DES-1", /* mech_name */ 112, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NOACTIVE | SASL_SEC_NODICTIONARY | SASL_SEC_FORWARD_SECRECY | SASL_SEC_PASS_CREDENTIALS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &passdss_server_mech_new, /* mech_new */ &passdss_server_mech_step, /* mech_step */ &passdss_common_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int passdss_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR(utils, "PASSDSS version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = passdss_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ static int passdss_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(context_t)); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } memset(text, 0, sizeof(context_t)); text->state = 1; text->utils = params->utils; text->cs_integrity_key = text->send_integrity_key + 4; text->sc_integrity_key = text->recv_integrity_key + 4; *conn_context = text; return SASL_OK; } static int passdss_client_mech_step1(context_t *text, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { const char *user = NULL, *authid = NULL; int user_result = SASL_OK; int auth_result = SASL_OK; int pass_result = SASL_OK; int result; /* Expect: absolutely nothing */ if (serverinlen > 0) { SETERROR(params->utils, "Invalid input to first step of PASSDSS\n"); return SASL_BADPROT; } /* check if security layer is strong enough */ if (params->props.min_ssf > PRIVACY_LAYER_SSF + params->external_ssf) { SETERROR(params->utils, "minimum ssf too strong for PASSDSS"); return SASL_TOOWEAK; } /* try to get the authid */ if (oparams->authid == NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the userid */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) return user_result; } /* try to get the password */ if (text->password == NULL) { pass_result = _plug_get_password(params->utils, &text->password, &text->free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) goto cleanup; return SASL_INTERACT; } if (!text->password) { PARAMERROR(params->utils); return SASL_BADPARAM; } if (!user || !*user) { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, user, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); } if (result != SASL_OK) goto cleanup; /* create Diffie-Hellman parameters */ text->dh = DH_new(); BN_hex2bn(&text->dh->p, N); BN_hex2bn(&text->dh->g, g); DH_generate_key(text->dh); /* Send out: * * (1) string azname ; authorization name * (2) string authname ; authentication name * (3) mpint X ; Diffie-Hellman parameter X */ result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len, clientoutlen, "%s%s%m", (user && *user) ? (char *) oparams->user : "", (char *) oparams->authid, text->dh->pub_key); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } *clientout = text->out_buf; text->state = 2; result = SASL_CONTINUE; cleanup: return result; } static int passdss_client_mech_step2(context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { DSA *dsa = DSA_new(); DSA_SIG *sig = DSA_SIG_new(); BIGNUM *Y = NULL; uint32_t siglen; unsigned char *K = NULL; unsigned Klen, hashlen, enclen; unsigned char *ssecmask; uint32_t sbufsiz; EVP_MD_CTX mdctx; unsigned char hash[EVP_MAX_MD_SIZE]; int need, musthave; int result, r; /* Expect: * * (4) uint32 pklength ; length of SSH-style DSA server public key * string "ssh-dss" ; constant string "ssh-dss" (lower case) * mpint p ; DSA public key parameters * mpint q * mpint g * mpint y * (5) mpint Y ; Diffie-Hellman parameter Y * (6) OCTET ssecmask ; SASL security layers offered * (7) 3 OCTET sbuflen ; maximum server security layer block size * (8) uint32 siglength ; length of SSH-style dss signature * string "ssh-dss" ; constant string "ssh-dss" (lower case) * mpint r ; DSA signature parameters * mpint s */ result = UnBuffer(params->utils, serverin, serverinlen, "%u%3p\7ssh-dss%m%m%m%m%m%-1o%3u%u%3p\7ssh-dss%m%m", NULL, &dsa->p, &dsa->q, &dsa->g, &dsa->pub_key, &Y, &ssecmask, &sbufsiz, &siglen, &sig->r, &sig->s); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 2"); goto cleanup; } /* XXX Validate server DSA public key */ /* Alloc space for shared secret K as mpint */ K = text->utils->malloc(DH_size(text->dh) + 4); if (!K) { params->utils->log(NULL, SASL_LOG_ERR, "Error allocing K\n"); result = SASL_NOMEM; goto cleanup; } /* Calculate DH shared secret (leave space at head for length) */ Klen = DH_compute_key(K+4, Y, text->dh); /* Prepend length in network byte order (make it a mpint) */ *((uint32_t *) K) = htonl(Klen); Klen += 4; /* Hash (1) - (7) and K */ EVP_DigestInit(&mdctx, EVP_sha1()); /* (1) - (3) (output from step 1 still in buffer) */ EVP_DigestUpdate(&mdctx, text->out_buf, text->out_buf_len); /* (4) - (7) */ EVP_DigestUpdate(&mdctx, serverin, serverinlen - siglen - 4); /* K */ EVP_DigestUpdate(&mdctx, K, Klen); EVP_DigestFinal(&mdctx, hash, &hashlen); /* Verify signature on the hash */ result = DSA_do_verify(hash, hashlen, sig, dsa); if (result != 1) { params->utils->log(NULL, SASL_LOG_ERR, (result == 0) ? "Incorrect DSS signature\n" : "Error verifying DSS signature\n"); result = (result == 0) ? SASL_BADPROT : SASL_FAIL; goto cleanup; } /* Calculate security layer params */ CalcLayerParams(text, K, Klen, hash, hashlen); /* Initialize encrypt cipher */ EVP_CIPHER_CTX_init(&text->cipher_enc_ctx); EVP_EncryptInit_ex(&text->cipher_enc_ctx, EVP_des_ede3_cbc(), NULL, text->cs_encryption_key, text->cs_encryption_iv); EVP_CIPHER_CTX_set_padding(&text->cipher_enc_ctx, 0); text->blk_siz = EVP_CIPHER_CTX_block_size(&text->cipher_enc_ctx); /* pick a layer */ if (params->props.maxbufsize < 32) { need = musthave = 0; } else { need = params->props.max_ssf - params->external_ssf; musthave = params->props.min_ssf - params->external_ssf; } if ((*ssecmask & PRIVACY_LAYER_FLAG) && (need >= PRIVACY_LAYER_SSF) && (musthave <= PRIVACY_LAYER_SSF)) { text->secmask = PRIVACY_LAYER_FLAG; oparams->mech_ssf = PRIVACY_LAYER_SSF; } else if ((*ssecmask & INTEGRITY_LAYER_FLAG) && (need >= INTEGRITY_LAYER_SSF) && (musthave <= INTEGRITY_LAYER_SSF)) { text->secmask =INTEGRITY_LAYER_FLAG; oparams->mech_ssf = INTEGRITY_LAYER_SSF; } else if ((*ssecmask & NO_LAYER_FLAG) && (musthave <= NO_LAYER_SSF)) { text->secmask = NO_LAYER_FLAG; oparams->mech_ssf = NO_LAYER_SSF; } else { /* Mark that we tried */ oparams->mech_ssf = 2; SETERROR(params->utils, "unable to agree on layers with server"); return SASL_BADPROT; } /* Start cli-hmac */ HMAC_CTX_init(&text->hmac_send_ctx); HMAC_Init_ex(&text->hmac_send_ctx, text->cs_integrity_key, SHA_DIGEST_LENGTH, EVP_sha1(), NULL); /* (1) - (3) (output from step 1 still in buffer) */ HMAC_Update(&text->hmac_send_ctx, text->out_buf, text->out_buf_len); /* (4) - (7) */ HMAC_Update(&text->hmac_send_ctx, serverin, serverinlen - siglen - 4); /* Send out (3DES encrypted): * * (9) OCTET csecmask ; SASL security layer selection * 3 OCTET cbuflen ; maximum client block size * string passphrase ; the user's passphrase * 20 OCTET cli-hmac ; a client HMAC-SHA-1 signature */ result = MakeBuffer(text->utils, &text->out_buf, 0, &text->out_buf_len, clientoutlen, "%1o%3u%*s", &text->secmask, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize, text->password->len, text->password->data); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } /* Finish cli-hmac */ /* 1st 4 bytes of (9) */ HMAC_Update(&text->hmac_send_ctx, text->out_buf, 4); HMAC_Final(&text->hmac_send_ctx, hash, &hashlen); /* Add HMAC and pad to fill no more than current block */ result = MakeBuffer(text->utils, &text->out_buf, *clientoutlen, &text->out_buf_len, clientoutlen, "%*o%*o", hashlen, hash, text->blk_siz - 1, text->padding); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } /* Alloc space for the encrypted output */ result = _plug_buf_alloc(text->utils, &text->encode_buf, &text->encode_buf_len, *clientoutlen); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error allocating encrypt buffer in step 2\n"); goto cleanup; } /* Encrypt (9) (here we calculate the exact number of full blocks) */ r = EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf, clientoutlen, text->out_buf, text->blk_siz * (*clientoutlen / text->blk_siz)); if (r) r = EVP_EncryptFinal_ex(&text->cipher_enc_ctx, /* should be no output */ text->encode_buf + *clientoutlen, &enclen); if (!r) { params->utils->seterror(params->utils->conn, 0, "Error encrypting output in step 2"); result = SASL_FAIL; goto cleanup; } *clientout = text->encode_buf; /* Set oparams */ oparams->doneflag = 1; oparams->param_version = 0; if (oparams->mech_ssf > 0) { oparams->encode = &passdss_encode; oparams->decode = &passdss_decode; oparams->maxoutbuf = sbufsiz - 4 - SHA_DIGEST_LENGTH; /* -len -HMAC */ HMAC_CTX_init(&text->hmac_recv_ctx); if (oparams->mech_ssf > 1) { oparams->maxoutbuf -= text->blk_siz-1; /* padding */ /* Initialize decrypt cipher */ EVP_CIPHER_CTX_init(&text->cipher_dec_ctx); EVP_DecryptInit_ex(&text->cipher_dec_ctx, EVP_des_ede3_cbc(), NULL, text->sc_encryption_key, text->sc_encryption_iv); EVP_CIPHER_CTX_set_padding(&text->cipher_dec_ctx, 0); } _plug_decode_init(&text->decode_context, text->utils, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); } else { oparams->encode = NULL; oparams->decode = NULL; oparams->maxoutbuf = 0; } result = SASL_OK; cleanup: if (Y) BN_free(Y); if (K) text->utils->free(K); if (dsa) DSA_free(dsa); if (sig) DSA_SIG_free(sig); return result; } static int passdss_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; params->utils->log(NULL, SASL_LOG_DEBUG, "PASSDSS client step %d\n", text->state); *clientout = NULL; *clientoutlen = 0; switch (text->state) { case 1: return passdss_client_mech_step1(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); case 2: return passdss_client_mech_step2(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid PASSDSS client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static sasl_client_plug_t passdss_client_plugins[] = { { "PASSDSS-3DES-1", /* mech_name */ 112, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NOACTIVE | SASL_SEC_NODICTIONARY | SASL_SEC_FORWARD_SECRECY | SASL_SEC_PASS_CREDENTIALS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &passdss_client_mech_new, /* mech_new */ &passdss_client_mech_step, /* mech_step */ &passdss_common_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int passdss_client_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "PASSDSS version mismatch"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = passdss_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/login.c0000646000076400007640000003143711475221216013607 00000000000000/* Login SASL plugin * Rob Siemborski (SASLv2 Conversion) * contributed by Rainer Schoepf * based on PLAIN, by Tim Martin * $Id: login.c,v 1.31 2010/11/30 11:41:47 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include "plugin_common.h" /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: login.c,v 1.31 2010/11/30 11:41:47 mel Exp $"; /***************************** Server Section *****************************/ typedef struct context { int state; char *username; unsigned username_len; } server_context_t; static int login_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { server_context_t *text; /* holds state are in */ text = sparams->utils->malloc(sizeof(server_context_t)); if (text == NULL) { MEMERROR( sparams->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(server_context_t)); text->state = 1; *conn_context = text; return SASL_OK; } #define USERNAME_CHALLENGE "Username:" #define PASSWORD_CHALLENGE "Password:" static int login_server_mech_step(void *conn_context, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { server_context_t *text = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } switch (text->state) { case 1: text->state = 2; /* Check inlen, (possibly we have already the user name) */ /* In this case fall through to state 2 */ if (clientinlen == 0) { /* demand username */ *serveroutlen = (unsigned) strlen(USERNAME_CHALLENGE); *serverout = USERNAME_CHALLENGE; return SASL_CONTINUE; } case 2: /* Catch really long usernames */ if (clientinlen > 1024) { SETERROR(params->utils, "username too long (>1024 characters)"); return SASL_BADPROT; } /* get username */ text->username = params->utils->malloc(sizeof(sasl_secret_t) + clientinlen + 1); if (!text->username) { MEMERROR( params->utils ); return SASL_NOMEM; } strncpy(text->username, clientin, clientinlen); text->username_len = clientinlen; text->username[clientinlen] = '\0'; /* demand password */ *serveroutlen = (unsigned) strlen(PASSWORD_CHALLENGE); *serverout = PASSWORD_CHALLENGE; text->state = 3; return SASL_CONTINUE; case 3: { sasl_secret_t *password; int result; /* Catch really long passwords */ if (clientinlen > 1024) { SETERROR(params->utils, "clientinlen is > 1024 characters in LOGIN plugin"); return SASL_BADPROT; } /* get password */ password = params->utils->malloc(sizeof(sasl_secret_t) + clientinlen + 1); if (!password) { MEMERROR(params->utils); return SASL_NOMEM; } strncpy((char *) password->data, clientin, clientinlen); password->data[clientinlen] = '\0'; password->len = clientinlen; /* canonicalize username first, so that password verification is * done against the canonical id */ result = params->canon_user(params->utils->conn, text->username, text->username_len, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; /* verify_password - return sasl_ok on success */ result = params->utils->checkpass(params->utils->conn, oparams->authid, oparams->alen, (char *) password->data, password->len); if (result != SASL_OK) { _plug_free_secret(params->utils, &password); return result; } _plug_free_secret(params->utils, &password); *serverout = NULL; *serveroutlen = 0; oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid LOGIN server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void login_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *text = (server_context_t *) conn_context; if (!text) return; if (text->username) utils->free(text->username); utils->free(text); } static sasl_server_plug_t login_server_plugins[] = { { "LOGIN", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOANONYMOUS | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ 0, /* features */ NULL, /* glob_context */ &login_server_mech_new, /* mech_new */ &login_server_mech_step, /* mech_step */ &login_server_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int login_server_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR(utils, "LOGIN version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = login_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { int state; sasl_secret_t *password; unsigned int free_password; /* set if we need to free password */ } client_context_t; static int login_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); text->state = 1; *conn_context = text; return SASL_OK; } static int login_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *) conn_context; *clientout = NULL; *clientoutlen = 0; switch (text->state) { case 1: { const char *user = NULL; int auth_result = SASL_OK; int pass_result = SASL_OK; int result; /* check if sec layer strong enough */ if (params->props.min_ssf > params->external_ssf) { SETERROR( params->utils, "SSF requested of LOGIN plugin"); return SASL_TOOWEAK; } /* try to get the userid */ /* Note: we want to grab the authname and not the userid, which is * who we AUTHORIZE as, and will be the same as the authname * for the LOGIN mech. */ if (oparams->user == NULL) { auth_result = _plug_get_authid(params->utils, &user, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the password */ if (text->password == NULL) { pass_result = _plug_get_password(params->utils, &text->password, &text->free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } if (!text->password) { PARAMERROR(params->utils); return SASL_BADPARAM; } result = params->canon_user(params->utils->conn, user, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; /* server should have sent request for username - we ignore it */ if (!serverin) { SETERROR( params->utils, "Server didn't issue challenge for USERNAME"); return SASL_BADPROT; } if (!clientout) { PARAMERROR( params->utils ); return SASL_BADPARAM; } if (clientoutlen) *clientoutlen = oparams->alen; *clientout = oparams->authid; text->state = 2; return SASL_CONTINUE; } case 2: /* server should have sent request for password - we ignore it */ if (!serverin) { SETERROR( params->utils, "Server didn't issue challenge for PASSWORD"); return SASL_BADPROT; } if (!clientout) { PARAMERROR(params->utils); return SASL_BADPARAM; } if (clientoutlen) *clientoutlen = text->password->len; *clientout = (char *) text->password->data; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid LOGIN client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void login_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; /* free sensitive info */ if (text->free_password) _plug_free_secret(utils, &(text->password)); utils->free(text); } static sasl_client_plug_t login_client_plugins[] = { { "LOGIN", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOANONYMOUS | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ SASL_FEAT_SERVER_FIRST, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &login_client_mech_new, /* mech_new */ &login_client_mech_step, /* mech_step */ &login_client_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int login_client_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "Version mismatch in LOGIN"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = login_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/makeinit.sh0000646000076400007640000000325011562561303014461 00000000000000# mechanism plugins for mech in anonymous crammd5 digestmd5 scram gssapiv2 kerberos4 login ntlm otp passdss plain srp gs2; do echo " #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include \"plugin_common.h\" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( $mech ) SASL_SERVER_PLUG_INIT( $mech ) " > ${mech}_init.c done # auxprop plugins for auxprop in sasldb sql ldapdb; do echo " #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include \"plugin_common.h\" #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_AUXPROP_PLUG_INIT( $auxprop ) " > ${auxprop}_init.c done # ldapdb is also a canon_user plugin echo "SASL_CANONUSER_PLUG_INIT( ldapdb )" >> ldapdb_init.c cyrus-sasl-2.1.25/plugins/kerberos4_init.c0000666000076400007640000000133611632367343015426 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( kerberos4 ) SASL_SERVER_PLUG_INIT( kerberos4 ) cyrus-sasl-2.1.25/plugins/scram_init.c0000666000076400007640000000132211632367343014626 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( scram ) SASL_SERVER_PLUG_INIT( scram ) cyrus-sasl-2.1.25/plugins/digestmd5.c0000646000076400007640000037467211563302015014372 00000000000000/* DIGEST-MD5 SASL plugin * Ken Murchison * Rob Siemborski * Tim Martin * Alexey Melnikov * $Id: digestmd5.c,v 1.205 2011/05/13 19:18:37 murch Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifndef macintosh #include #include #endif #include #include /* DES support */ #ifdef WITH_DES # ifdef WITH_SSL_DES # include # include # if (OPENSSL_VERSION_NUMBER >= 0x0090700f) && \ !defined(OPENSSL_ENABLE_OLD_DES_SUPPORT) # define des_cblock DES_cblock # define des_key_schedule DES_key_schedule # define des_key_sched(k,ks) \ DES_key_sched((k),&(ks)) # define des_cbc_encrypt(i,o,l,k,iv,e) \ DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) # define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ DES_ede2_cbc_encrypt((i),(o),(l),&(k1),&(k2),(iv),(e)) # endif /* OpenSSL 0.9.7+ w/o old DES support */ # else /* system DES library */ #ifdef HAVE_DES_H # include #endif # endif #endif /* WITH_DES */ #ifdef WIN32 # include #else /* Unix */ # include #endif /* WIN32 */ #include #include #include "plugin_common.h" #ifndef WIN32 extern int strcasecmp(const char *s1, const char *s2); #endif /* end WIN32 */ #ifdef macintosh #include #endif /* external definitions */ #ifdef sun /* gotta define gethostname ourselves on suns */ extern int gethostname(char *, int); #endif #define bool int #ifndef TRUE #define TRUE (1) #define FALSE (0) #endif /* MAX_UIN32_DIV_10 * 10 + MAX_UIN32_MOD_10 == 2^32-1 == 4294967295 */ #define MAX_UIN32_DIV_10 429496729 #define MAX_UIN32_MOD_10 5 #define DEFAULT_BUFSIZE 0xFFFF #define MAX_SASL_BUFSIZE 0xFFFFFF /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: digestmd5.c,v 1.205 2011/05/13 19:18:37 murch Exp $"; /* Definitions */ #define NONCE_SIZE (32) /* arbitrary */ /* Layer Flags */ #define DIGEST_NOLAYER (1) #define DIGEST_INTEGRITY (2) #define DIGEST_PRIVACY (4) /* defines */ #define HASHLEN 16 typedef unsigned char HASH[HASHLEN + 1]; #define HASHHEXLEN 32 typedef unsigned char HASHHEX[HASHHEXLEN + 1]; #define MAC_SIZE 10 #define MAC_OFFS 2 const char *SEALING_CLIENT_SERVER="Digest H(A1) to client-to-server sealing key magic constant"; const char *SEALING_SERVER_CLIENT="Digest H(A1) to server-to-client sealing key magic constant"; const char *SIGNING_CLIENT_SERVER="Digest session key to client-to-server signing key magic constant"; const char *SIGNING_SERVER_CLIENT="Digest session key to server-to-client signing key magic constant"; #define HT (9) #define CR (13) #define LF (10) #define SP (32) #define DEL (127) #define NEED_ESCAPING "\"\\" #define REALM_CHAL_PREFIX "Available realms:" static char *quote (char *str); struct context; /* function definitions for cipher encode/decode */ typedef int cipher_function_t(struct context *, const char *, unsigned, unsigned char[], char *, unsigned *); typedef int cipher_init_t(struct context *, unsigned char [16], unsigned char [16]); typedef void cipher_free_t(struct context *); enum Context_type { SERVER = 0, CLIENT = 1 }; typedef struct cipher_context cipher_context_t; /* cached auth info used for fast reauth */ typedef struct reauth_entry { char *authid; char *realm; unsigned char *nonce; unsigned int nonce_count; unsigned char *cnonce; union { struct { time_t timestamp; } s; /* server stuff */ struct { char *serverFQDN; int protection; struct digest_cipher *cipher; unsigned long server_maxbuf; /* for HTTP mode (RFC 2617) only */ char *algorithm; unsigned char *opaque; } c; /* client stuff */ } u; } reauth_entry_t; typedef struct reauth_cache { /* static stuff */ enum Context_type i_am; /* are we the client or server? */ time_t timeout; void *mutex; unsigned size; reauth_entry_t *e; /* fixed-size hash table of entries */ } reauth_cache_t; /* global context for reauth use */ typedef struct digest_glob_context { reauth_cache_t *reauth; } digest_glob_context_t; /* context that stores info */ typedef struct context { int state; /* state in the authentication we are in */ enum Context_type i_am; /* are we the client or server? */ int http_mode; /* use RFC 2617 compatible protocol? */ reauth_cache_t *reauth; char *authid; char *realm; unsigned char *nonce; unsigned int nonce_count; unsigned char *cnonce; /* only used by the client */ char ** realms; int realm_cnt; char *response_value; unsigned int seqnum; unsigned int rec_seqnum; /* for checking integrity */ HASH Ki_send; HASH Ki_receive; HASH HA1; /* Kcc or Kcs */ /* copy of utils from the params structures */ const sasl_utils_t *utils; /* For general use */ char *out_buf; unsigned out_buf_len; /* for encoding/decoding */ buffer_info_t *enc_in_buf; char *encode_buf, *decode_buf, *decode_packet_buf; unsigned encode_buf_len, decode_buf_len, decode_packet_buf_len; decode_context_t decode_context; /* if privacy mode is used use these functions for encode and decode */ cipher_function_t *cipher_enc; cipher_function_t *cipher_dec; cipher_init_t *cipher_init; cipher_free_t *cipher_free; struct cipher_context *cipher_enc_context; struct cipher_context *cipher_dec_context; } context_t; struct digest_cipher { char *name; sasl_ssf_t ssf; int n; /* bits to make privacy key */ int flag; /* a bitmask to make things easier for us */ cipher_function_t *cipher_enc; cipher_function_t *cipher_dec; cipher_init_t *cipher_init; cipher_free_t *cipher_free; }; #if 0 static const unsigned char *COLON = ":"; #else static const unsigned char COLON[] = { ':', '\0' }; #endif /* Hashes a string to produce an unsigned short */ static unsigned hash(const char *str) { unsigned val = 0; int i; while (str && *str) { i = (int) *str; val ^= i; val <<= 1; str++; } return val; } static void CvtHex(HASH Bin, HASHHEX Hex) { unsigned short i; unsigned char j; for (i = 0; i < HASHLEN; i++) { j = (Bin[i] >> 4) & 0xf; if (j <= 9) Hex[i * 2] = (j + '0'); else Hex[i * 2] = (j + 'a' - 10); j = Bin[i] & 0xf; if (j <= 9) Hex[i * 2 + 1] = (j + '0'); else Hex[i * 2 + 1] = (j + 'a' - 10); } Hex[HASHHEXLEN] = '\0'; } /* * calculate request-digest/response-digest as per HTTP Digest spec */ void DigestCalcResponse(const sasl_utils_t * utils, HASHHEX HA1, /* HEX(H(A1)) */ unsigned char *pszNonce, /* nonce from server */ unsigned int pszNonceCount, /* 8 hex digits */ unsigned char *pszCNonce, /* client nonce */ unsigned char *pszQop, /* qop-value: "", "auth", * "auth-int" */ unsigned char *pszDigestUri, /* requested URL */ unsigned char *pszMethod, HASHHEX HEntity, /* H(entity body) if qop="auth-int" */ HASHHEX Response /* request-digest or response-digest */ ) { MD5_CTX Md5Ctx; HASH HA2; HASH RespHash; HASHHEX HA2Hex; unsigned char ncvalue[10]; /* calculate H(A2) */ utils->MD5Init(&Md5Ctx); if (pszMethod != NULL) { utils->MD5Update(&Md5Ctx, pszMethod, (unsigned) strlen((char *) pszMethod)); } utils->MD5Update(&Md5Ctx, (unsigned char *) COLON, 1); /* utils->MD5Update(&Md5Ctx, (unsigned char *) "AUTHENTICATE:", 13); */ utils->MD5Update(&Md5Ctx, pszDigestUri, (unsigned) strlen((char *) pszDigestUri)); if (strcasecmp((char *) pszQop, "auth") != 0) { /* append ":00000000000000000000000000000000" */ utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, HEntity, HASHHEXLEN); } utils->MD5Final(HA2, &Md5Ctx); CvtHex(HA2, HA2Hex); /* calculate response */ utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, HA1, HASHHEXLEN); utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszNonce, (unsigned) strlen((char *) pszNonce)); utils->MD5Update(&Md5Ctx, COLON, 1); if (*pszQop) { sprintf((char *)ncvalue, "%08x", pszNonceCount); utils->MD5Update(&Md5Ctx, ncvalue, (unsigned) strlen((char *)ncvalue)); utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszCNonce, (unsigned) strlen((char *) pszCNonce)); utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszQop, (unsigned) strlen((char *) pszQop)); utils->MD5Update(&Md5Ctx, COLON, 1); } utils->MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN); utils->MD5Final(RespHash, &Md5Ctx); CvtHex(RespHash, Response); } static bool UTF8_In_8859_1(const unsigned char *base, size_t len) { const unsigned char *scan, *end; end = base + len; for (scan = base; scan < end; ++scan) { if (*scan > 0xC3) break; /* abort if outside 8859-1 */ if (*scan >= 0xC0 && *scan <= 0xC3) { if (++scan == end || *scan < 0x80 || *scan > 0xBF) break; } } /* if scan >= end, then this is a 8859-1 string. */ return (scan >= end); } /* * if the string is entirely in the 8859-1 subset of UTF-8, then translate to * 8859-1 prior to MD5 */ static void MD5_UTF8_8859_1(const sasl_utils_t * utils, MD5_CTX * ctx, bool In_ISO_8859_1, const unsigned char *base, int len) { const unsigned char *scan, *end; unsigned char cbuf; end = base + len; /* if we found a character outside 8859-1, don't alter string */ if (!In_ISO_8859_1) { utils->MD5Update(ctx, base, len); return; } /* convert to 8859-1 prior to applying hash */ do { for (scan = base; scan < end && *scan < 0xC0; ++scan); if (scan != base) utils->MD5Update(ctx, base, (unsigned) (scan - base)); if (scan + 1 >= end) break; cbuf = ((scan[0] & 0x3) << 6) | (scan[1] & 0x3f); utils->MD5Update(ctx, &cbuf, 1); base = scan + 2; } while (base < end); } /** * Returns true if it mangled the username. */ static bool DigestCalcSecret(const sasl_utils_t * utils, unsigned char *pszUserName, unsigned char *pszRealm, unsigned char *Password, int PasswordLen, bool Ignore_8859, HASH HA1) { bool In_8859_1; bool Any_8859_1 = FALSE; MD5_CTX Md5Ctx; /* Chris Newman clarified that the following text in DIGEST-MD5 spec is bogus: "if name and password are both in ISO 8859-1 charset" We shoud use code example instead */ utils->MD5Init(&Md5Ctx); /* We have to convert UTF-8 to ISO-8859-1 if possible */ if (Ignore_8859 == FALSE) { In_8859_1 = UTF8_In_8859_1(pszUserName, strlen((char *) pszUserName)); MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1, pszUserName, (unsigned) strlen((char *) pszUserName)); Any_8859_1 |= In_8859_1; } else { utils->MD5Update(&Md5Ctx, pszUserName, (unsigned) strlen((char *) pszUserName)); } utils->MD5Update(&Md5Ctx, COLON, 1); /* a NULL realm is equivalent to the empty string */ if (pszRealm != NULL && pszRealm[0] != '\0') { if (Ignore_8859 == FALSE) { /* We have to convert UTF-8 to ISO-8859-1 if possible */ In_8859_1 = UTF8_In_8859_1(pszRealm, strlen((char *) pszRealm)); MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1, pszRealm, (unsigned) strlen((char *) pszRealm)); Any_8859_1 |= In_8859_1; } else { utils->MD5Update(&Md5Ctx, pszRealm, (unsigned) strlen((char *) pszRealm)); } } utils->MD5Update(&Md5Ctx, COLON, 1); if (Ignore_8859 == FALSE) { /* We have to convert UTF-8 to ISO-8859-1 if possible */ In_8859_1 = UTF8_In_8859_1(Password, PasswordLen); MD5_UTF8_8859_1(utils, &Md5Ctx, In_8859_1, Password, PasswordLen); Any_8859_1 |= In_8859_1; } else { utils->MD5Update(&Md5Ctx, Password, PasswordLen); } utils->MD5Final(HA1, &Md5Ctx); return Any_8859_1; } static unsigned char *create_nonce(const sasl_utils_t * utils) { unsigned char *base64buf; int base64len; char *ret = (char *) utils->malloc(NONCE_SIZE); if (ret == NULL) return NULL; utils->rand(utils->rpool, (char *) ret, NONCE_SIZE); /* base 64 encode it so it has valid chars */ base64len = (NONCE_SIZE * 4 / 3) + (NONCE_SIZE % 3 ? 4 : 0); base64buf = (unsigned char *) utils->malloc(base64len + 1); if (base64buf == NULL) { utils->seterror(utils->conn, 0, "Unable to allocate final buffer"); return NULL; } /* * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ if (utils->encode64(ret, NONCE_SIZE, (char *) base64buf, base64len, NULL) != SASL_OK) { utils->free(ret); return NULL; } utils->free(ret); return base64buf; } static int add_to_challenge(const sasl_utils_t *utils, char **str, unsigned *buflen, unsigned *curlen, char *name, unsigned char *value, bool need_quotes) { size_t namesize = strlen(name); size_t valuesize = strlen((char *) value); unsigned newlen; int ret; newlen = (unsigned) (*curlen + 1 + namesize + 2 + valuesize + 2); ret = _plug_buf_alloc(utils, str, buflen, newlen); if(ret != SASL_OK) return ret; if (*curlen > 0) { strcat(*str, ","); strcat(*str, name); } else { strcpy(*str, name); } if (need_quotes) { strcat(*str, "=\""); /* Check if the value needs quoting */ if (strpbrk ((char *)value, NEED_ESCAPING) != NULL) { char * quoted = quote ((char *) value); valuesize = strlen(quoted); /* As the quoted string is bigger, make sure we have enough space now */ ret = _plug_buf_alloc(utils, str, buflen, newlen); if (ret == SASL_OK) { strcat(*str, quoted); free (quoted); } else { free (quoted); return ret; } } else { strcat(*str, (char *) value); } strcat(*str, "\""); } else { strcat(*str, "="); strcat(*str, (char *) value); } *curlen = newlen; return SASL_OK; } static int is_lws_char (char c) { return (c == ' ' || c == HT || c == CR || c == LF); } static char *skip_lws (char *s) { if (!s) return NULL; /* skipping spaces: */ while (is_lws_char(s[0])) { if (s[0] == '\0') break; s++; } return s; } /* Same as skip_lws, but do this right to left */ /* skip LWSP at the end of the value (if any), skip_r_lws returns pointer to the first LWSP character, NUL (if there were none) or NULL if the value is entirely from LWSP characters */ static char *skip_r_lws (char *s) { char *end; size_t len; if (!s) return NULL; len = strlen(s); if (len == 0) return NULL; /* the last character before terminating NUL */ end = s + len - 1; /* skipping spaces: */ while (end > s && (end[0] == ' ' || end[0] == HT || end[0] == CR || end[0] == LF)) { end--; } /* If all string from spaces, return NULL */ if (end == s && (end[0] == ' ' || end[0] == HT || end[0] == CR || end[0] == LF)) { return NULL; } else { return (end + 1); } } static char *skip_token (char *s, int caseinsensitive) { if(!s) return NULL; while (s[0]>SP) { if (s[0]==DEL || s[0]=='(' || s[0]==')' || s[0]=='<' || s[0]=='>' || s[0]=='@' || s[0]==',' || s[0]==';' || s[0]==':' || s[0]=='\\' || s[0]=='\'' || s[0]=='/' || s[0]=='[' || s[0]==']' || s[0]== '?' || s[0]=='=' || s[0]== '{' || s[0]== '}') { if (caseinsensitive == 1) { if (!isupper((unsigned char) s[0])) break; } else { break; } } s++; } return s; } /* Convert a string to 32 bit unsigned integer. Any number of trailing spaces is allowed, but not a string entirely comprised of spaces */ static bool str2ul32 (char *str, unsigned long * value) { unsigned int n; char c; if (str == NULL) { return (FALSE); } *value = 0; str = skip_lws (str); if (str[0] == '\0') { return (FALSE); } n = 0; while (str[0] != '\0') { c = str[0]; if (!isdigit((int)c)) { return (FALSE); } /* Will overflow after adding additional digit */ if (n > MAX_UIN32_DIV_10) { return (FALSE); } else if (n == MAX_UIN32_DIV_10 && ((unsigned) (c - '0') > MAX_UIN32_MOD_10)) { return (FALSE); } n = n * 10 + (unsigned) (c - '0'); str++; } *value = n; return (TRUE); } /* NULL - error (unbalanced quotes), otherwise pointer to the first character after the value. The function performs work in place. */ static char *unquote (char *qstr) { char *endvalue; int escaped = 0; char *outptr; if(!qstr) return NULL; if (qstr[0] == '"') { qstr++; outptr = qstr; for (endvalue = qstr; endvalue[0] != '\0'; endvalue++, outptr++) { if (escaped) { outptr[0] = endvalue[0]; escaped = 0; } else if (endvalue[0] == '\\') { escaped = 1; outptr--; /* Will be incremented at the end of the loop */ } else if (endvalue[0] == '"') { break; } else { outptr[0] = endvalue[0]; } } if (endvalue[0] != '"') { return NULL; } while (outptr <= endvalue) { outptr[0] = '\0'; outptr++; } endvalue++; } else { /* not qouted value (token) */ /* qstr already contains output */ endvalue = skip_token(qstr,0); }; return endvalue; } /* Unlike unquote, this function returns an allocated quoted copy */ static char *quote (char *str) { char *p; char *outp; char *result; int num_to_escape; /* How many characters need escaping */ if (!str) return NULL; num_to_escape = 0; p = strpbrk (str, NEED_ESCAPING); while (p != NULL) { num_to_escape++; p = strpbrk (p + 1, NEED_ESCAPING); } if (num_to_escape == 0) { return (strdup (str)); } result = malloc (strlen(str) + num_to_escape + 1); for (p = str, outp = result; *p; p++) { if (*p == '"' || *p == '\\') { *outp = '\\'; outp++; } *outp = *p; outp++; } *outp = '\0'; return (result); } static void get_pair(char **in, char **name, char **value) { char *endpair; char *curp = *in; *name = NULL; *value = NULL; if (curp == NULL) return; while (curp[0] != '\0') { /* skipping spaces: */ curp = skip_lws(curp); /* 'LWS "," LWS "," ...' is allowed by the DIGEST-MD5 ABNF */ if (curp[0] == ',') { curp++; } else { break; } } if (curp[0] == '\0') { /* End of the string is not an error */ *name = ""; return; } *name = curp; curp = skip_token(curp,1); /* strip wierd chars */ if (curp[0] != '=' && curp[0] != '\0') { *curp++ = '\0'; }; curp = skip_lws(curp); if (curp[0] != '=') { /* No '=' sign */ *name = NULL; return; } curp[0] = '\0'; curp++; curp = skip_lws(curp); *value = (curp[0] == '"') ? curp+1 : curp; endpair = unquote (curp); if (endpair == NULL) { /* Unbalanced quotes */ *name = NULL; *value = NULL; return; } /* An optional LWS is allowed after the value. Skip it. */ if (is_lws_char (endpair[0])) { /* Remove the trailing LWS from the value */ *endpair++ = '\0'; endpair = skip_lws(endpair); } /* syntax check: MUST be '\0' or ',' */ if (endpair[0] == ',') { endpair[0] = '\0'; endpair++; /* skipping <,> */ } else if (endpair[0] != '\0') { *name = NULL; *value = NULL; return; } *in = endpair; } #ifdef WITH_DES struct des_context_s { des_key_schedule keysched; /* key schedule for des initialization */ des_cblock ivec; /* initial vector for encoding */ des_key_schedule keysched2; /* key schedule for 3des initialization */ }; typedef struct des_context_s des_context_t; /* slide the first 7 bytes of 'inbuf' into the high seven bits of the first 8 bytes of 'keybuf'. 'keybuf' better be 8 bytes long or longer. */ static void slidebits(unsigned char *keybuf, unsigned char *inbuf) { keybuf[0] = inbuf[0]; keybuf[1] = (inbuf[0]<<7) | (inbuf[1]>>1); keybuf[2] = (inbuf[1]<<6) | (inbuf[2]>>2); keybuf[3] = (inbuf[2]<<5) | (inbuf[3]>>3); keybuf[4] = (inbuf[3]<<4) | (inbuf[4]>>4); keybuf[5] = (inbuf[4]<<3) | (inbuf[5]>>5); keybuf[6] = (inbuf[5]<<2) | (inbuf[6]>>6); keybuf[7] = (inbuf[6]<<1); } /****************************** * * 3DES functions * *****************************/ static int dec_3des(context_t *text, const char *input, unsigned inputlen, unsigned char digest[16] __attribute__((unused)), char *output, unsigned *outputlen) { des_context_t *c = (des_context_t *) text->cipher_dec_context; int padding, p; des_ede2_cbc_encrypt((void *) input, (void *) output, inputlen, c->keysched, c->keysched2, &c->ivec, DES_DECRYPT); /* now chop off the padding */ padding = output[inputlen - 11]; if (padding < 1 || padding > 8) { /* invalid padding length */ return SASL_FAIL; } /* verify all padding is correct */ for (p = 1; p <= padding; p++) { if (output[inputlen - 10 - p] != padding) { return SASL_FAIL; } } /* chop off the padding */ *outputlen = inputlen - padding - 10; return SASL_OK; } static int enc_3des(context_t *text, const char *input, unsigned inputlen, unsigned char digest[16], char *output, unsigned *outputlen) { des_context_t *c = (des_context_t *) text->cipher_enc_context; int len; int paddinglen; /* determine padding length */ paddinglen = 8 - ((inputlen + 10) % 8); /* now construct the full stuff to be ciphered */ memcpy(output, input, inputlen); /* text */ memset(output+inputlen, paddinglen, paddinglen);/* pad */ memcpy(output+inputlen+paddinglen, digest, 10); /* hmac */ len=inputlen+paddinglen+10; des_ede2_cbc_encrypt((void *) output, (void *) output, len, c->keysched, c->keysched2, &c->ivec, DES_ENCRYPT); *outputlen=len; return SASL_OK; } static int init_3des(context_t *text, unsigned char enckey[16], unsigned char deckey[16]) { des_context_t *c; unsigned char keybuf[8]; /* allocate enc & dec context */ c = (des_context_t *) text->utils->malloc(2 * sizeof(des_context_t)); if (c == NULL) return SASL_NOMEM; /* setup enc context */ slidebits(keybuf, enckey); if (des_key_sched((des_cblock *) keybuf, c->keysched) < 0) return SASL_FAIL; slidebits(keybuf, enckey + 7); if (des_key_sched((des_cblock *) keybuf, c->keysched2) < 0) return SASL_FAIL; memcpy(c->ivec, ((char *) enckey) + 8, 8); text->cipher_enc_context = (cipher_context_t *) c; /* setup dec context */ c++; slidebits(keybuf, deckey); if (des_key_sched((des_cblock *) keybuf, c->keysched) < 0) return SASL_FAIL; slidebits(keybuf, deckey + 7); if (des_key_sched((des_cblock *) keybuf, c->keysched2) < 0) return SASL_FAIL; memcpy(c->ivec, ((char *) deckey) + 8, 8); text->cipher_dec_context = (cipher_context_t *) c; return SASL_OK; } /****************************** * * DES functions * *****************************/ static int dec_des(context_t *text, const char *input, unsigned inputlen, unsigned char digest[16] __attribute__((unused)), char *output, unsigned *outputlen) { des_context_t *c = (des_context_t *) text->cipher_dec_context; int p, padding = 0; des_cbc_encrypt((void *) input, (void *) output, inputlen, c->keysched, &c->ivec, DES_DECRYPT); /* Update the ivec (des_cbc_encrypt implementations tend to be broken in this way) */ memcpy(c->ivec, input + (inputlen - 8), 8); /* now chop off the padding */ padding = output[inputlen - 11]; if (padding < 1 || padding > 8) { /* invalid padding length */ return SASL_FAIL; } /* verify all padding is correct */ for (p = 1; p <= padding; p++) { if (output[inputlen - 10 - p] != padding) { return SASL_FAIL; } } /* chop off the padding */ *outputlen = inputlen - padding - 10; return SASL_OK; } static int enc_des(context_t *text, const char *input, unsigned inputlen, unsigned char digest[16], char *output, unsigned *outputlen) { des_context_t *c = (des_context_t *) text->cipher_enc_context; int len; int paddinglen; /* determine padding length */ paddinglen = 8 - ((inputlen+10) % 8); /* now construct the full stuff to be ciphered */ memcpy(output, input, inputlen); /* text */ memset(output+inputlen, paddinglen, paddinglen);/* pad */ memcpy(output+inputlen+paddinglen, digest, 10); /* hmac */ len = inputlen + paddinglen + 10; des_cbc_encrypt((void *) output, (void *) output, len, c->keysched, &c->ivec, DES_ENCRYPT); /* Update the ivec (des_cbc_encrypt implementations tend to be broken in this way) */ memcpy(c->ivec, output + (len - 8), 8); *outputlen = len; return SASL_OK; } static int init_des(context_t *text, unsigned char enckey[16], unsigned char deckey[16]) { des_context_t *c; unsigned char keybuf[8]; /* allocate enc context */ c = (des_context_t *) text->utils->malloc(2 * sizeof(des_context_t)); if (c == NULL) return SASL_NOMEM; /* setup enc context */ slidebits(keybuf, enckey); des_key_sched((des_cblock *) keybuf, c->keysched); memcpy(c->ivec, ((char *) enckey) + 8, 8); text->cipher_enc_context = (cipher_context_t *) c; /* setup dec context */ c++; slidebits(keybuf, deckey); des_key_sched((des_cblock *) keybuf, c->keysched); memcpy(c->ivec, ((char *) deckey) + 8, 8); text->cipher_dec_context = (cipher_context_t *) c; return SASL_OK; } static void free_des(context_t *text) { /* free des contextss. only cipher_enc_context needs to be free'd, since cipher_dec_context was allocated at the same time. */ if (text->cipher_enc_context) text->utils->free(text->cipher_enc_context); } #endif /* WITH_DES */ #ifdef WITH_RC4 /* quick generic implementation of RC4 */ struct rc4_context_s { unsigned char sbox[256]; int i, j; }; typedef struct rc4_context_s rc4_context_t; static void rc4_init(rc4_context_t *text, const unsigned char *key, unsigned keylen) { int i, j; /* fill in linearly s0=0 s1=1... */ for (i=0;i<256;i++) text->sbox[i]=i; j=0; for (i = 0; i < 256; i++) { unsigned char tmp; /* j = (j + Si + Ki) mod 256 */ j = (j + text->sbox[i] + key[i % keylen]) % 256; /* swap Si and Sj */ tmp = text->sbox[i]; text->sbox[i] = text->sbox[j]; text->sbox[j] = tmp; } /* counters initialized to 0 */ text->i = 0; text->j = 0; } static void rc4_encrypt(rc4_context_t *text, const char *input, char *output, unsigned len) { int tmp; int i = text->i; int j = text->j; int t; int K; const char *input_end = input + len; while (input < input_end) { i = (i + 1) % 256; j = (j + text->sbox[i]) % 256; /* swap Si and Sj */ tmp = text->sbox[i]; text->sbox[i] = text->sbox[j]; text->sbox[j] = tmp; t = (text->sbox[i] + text->sbox[j]) % 256; K = text->sbox[t]; /* byte K is Xor'ed with plaintext */ *output++ = *input++ ^ K; } text->i = i; text->j = j; } static void rc4_decrypt(rc4_context_t *text, const char *input, char *output, unsigned len) { int tmp; int i = text->i; int j = text->j; int t; int K; const char *input_end = input + len; while (input < input_end) { i = (i + 1) % 256; j = (j + text->sbox[i]) % 256; /* swap Si and Sj */ tmp = text->sbox[i]; text->sbox[i] = text->sbox[j]; text->sbox[j] = tmp; t = (text->sbox[i] + text->sbox[j]) % 256; K = text->sbox[t]; /* byte K is Xor'ed with plaintext */ *output++ = *input++ ^ K; } text->i = i; text->j = j; } static void free_rc4(context_t *text) { /* free rc4 context structures */ if(text->cipher_enc_context) text->utils->free(text->cipher_enc_context); if(text->cipher_dec_context) text->utils->free(text->cipher_dec_context); } static int init_rc4(context_t *text, unsigned char enckey[16], unsigned char deckey[16]) { /* allocate rc4 context structures */ text->cipher_enc_context= (cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t)); if (text->cipher_enc_context == NULL) return SASL_NOMEM; text->cipher_dec_context= (cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t)); if (text->cipher_dec_context == NULL) return SASL_NOMEM; /* initialize them */ rc4_init((rc4_context_t *) text->cipher_enc_context, (const unsigned char *) enckey, 16); rc4_init((rc4_context_t *) text->cipher_dec_context, (const unsigned char *) deckey, 16); return SASL_OK; } static int dec_rc4(context_t *text, const char *input, unsigned inputlen, unsigned char digest[16] __attribute__((unused)), char *output, unsigned *outputlen) { /* decrypt the text part & HMAC */ rc4_decrypt((rc4_context_t *) text->cipher_dec_context, input, output, inputlen); /* no padding so we just subtract the HMAC to get the text length */ *outputlen = inputlen - 10; return SASL_OK; } static int enc_rc4(context_t *text, const char *input, unsigned inputlen, unsigned char digest[16], char *output, unsigned *outputlen) { /* pad is zero */ *outputlen = inputlen+10; /* encrypt the text part */ rc4_encrypt((rc4_context_t *) text->cipher_enc_context, input, output, inputlen); /* encrypt the HMAC part */ rc4_encrypt((rc4_context_t *) text->cipher_enc_context, (const char *) digest, (output)+inputlen, 10); return SASL_OK; } #endif /* WITH_RC4 */ struct digest_cipher available_ciphers[] = { #ifdef WITH_RC4 { "rc4-40", 40, 5, 0x01, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 }, { "rc4-56", 56, 7, 0x02, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 }, { "rc4", 128, 16, 0x04, &enc_rc4, &dec_rc4, &init_rc4, &free_rc4 }, #endif #ifdef WITH_DES { "des", 55, 16, 0x08, &enc_des, &dec_des, &init_des, &free_des }, { "3des", 112, 16, 0x10, &enc_3des, &dec_3des, &init_3des, &free_des }, #endif { NULL, 0, 0, 0, NULL, NULL, NULL, NULL } }; static int create_layer_keys(context_t *text, const sasl_utils_t *utils, HASH key, int keylen, unsigned char enckey[16], unsigned char deckey[16]) { MD5_CTX Md5Ctx; utils->log(utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 create_layer_keys()"); utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, key, keylen); if (text->i_am == SERVER) { utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_SERVER_CLIENT, (unsigned) strlen(SEALING_SERVER_CLIENT)); } else { utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_CLIENT_SERVER, (unsigned) strlen(SEALING_CLIENT_SERVER)); } utils->MD5Final(enckey, &Md5Ctx); utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, key, keylen); if (text->i_am != SERVER) { utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_SERVER_CLIENT, (unsigned) strlen(SEALING_SERVER_CLIENT)); } else { utils->MD5Update(&Md5Ctx, (const unsigned char *) SEALING_CLIENT_SERVER, (unsigned) strlen(SEALING_CLIENT_SERVER)); } utils->MD5Final(deckey, &Md5Ctx); /* create integrity keys */ /* sending */ utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, text->HA1, HASHLEN); if (text->i_am == SERVER) { utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_SERVER_CLIENT, (unsigned) strlen(SIGNING_SERVER_CLIENT)); } else { utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_CLIENT_SERVER, (unsigned) strlen(SIGNING_CLIENT_SERVER)); } utils->MD5Final(text->Ki_send, &Md5Ctx); /* receiving */ utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, text->HA1, HASHLEN); if (text->i_am != SERVER) { utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_SERVER_CLIENT, (unsigned) strlen(SIGNING_SERVER_CLIENT)); } else { utils->MD5Update(&Md5Ctx, (const unsigned char *)SIGNING_CLIENT_SERVER, (unsigned) strlen(SIGNING_CLIENT_SERVER)); } utils->MD5Final(text->Ki_receive, &Md5Ctx); return SASL_OK; } static const unsigned short version = 1; /* * privacy: * len, CIPHER(Kc, {msg, pag, HMAC(ki, {SeqNum, msg})[0..9]}), x0001, SeqNum * * integrity: * len, HMAC(ki, {SeqNum, msg})[0..9], x0001, SeqNum */ static int digestmd5_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int tmp; unsigned int tmpnum; unsigned short int tmpshort; int ret; char *out; struct buffer_info *inblob, bufinfo; if(!context || !invec || !numiov || !output || !outputlen) { PARAMERROR(text->utils); return SASL_BADPARAM; } if (numiov > 1) { ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf); if (ret != SASL_OK) return ret; inblob = text->enc_in_buf; } else { /* avoid the data copy */ bufinfo.data = invec[0].iov_base; bufinfo.curlen = invec[0].iov_len; inblob = &bufinfo; } /* make sure the output buffer is big enough for this blob */ ret = _plug_buf_alloc(text->utils, &(text->encode_buf), &(text->encode_buf_len), (4 + /* for length */ inblob->curlen + /* for content */ 10 + /* for MAC */ 8 + /* maximum pad */ 6)); /* for ver and seqnum */ if(ret != SASL_OK) return ret; /* skip by the length for now */ out = (text->encode_buf)+4; /* construct (seqnum, msg) * * Use the output buffer so that the message text is already in place * for an integrity-only layer. */ tmpnum = htonl(text->seqnum); memcpy(text->encode_buf, &tmpnum, 4); memcpy(text->encode_buf + 4, inblob->data, inblob->curlen); if (text->cipher_enc) { unsigned char digest[16]; /* HMAC(ki, (seqnum, msg) ) */ text->utils->hmac_md5((const unsigned char *) text->encode_buf, inblob->curlen + 4, text->Ki_send, HASHLEN, digest); /* calculate the encrypted part */ text->cipher_enc(text, inblob->data, inblob->curlen, digest, out, outputlen); out+=(*outputlen); } else { /* HMAC(ki, (seqnum, msg) ) -- put directly into output buffer */ text->utils->hmac_md5((const unsigned char *) text->encode_buf, inblob->curlen + 4, text->Ki_send, HASHLEN, (unsigned char *) text->encode_buf + inblob->curlen + 4); *outputlen = inblob->curlen + 10; /* for message + CMAC */ out+=inblob->curlen + 10; } /* copy in version */ tmpshort = htons(version); memcpy(out, &tmpshort, 2); /* 2 bytes = version */ out+=2; (*outputlen)+=2; /* for version */ /* put in seqnum */ tmpnum = htonl(text->seqnum); memcpy(out, &tmpnum, 4); /* 4 bytes = seq # */ (*outputlen)+=4; /* for seqnum */ /* put the 1st 4 bytes in */ tmp=htonl(*outputlen); memcpy(text->encode_buf, &tmp, 4); (*outputlen)+=4; *output = text->encode_buf; text->seqnum++; return SASL_OK; } static int digestmd5_decode_packet(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int result; unsigned char *digest; int tmpnum; int lup; unsigned short ver; unsigned int seqnum; unsigned char checkdigest[16]; if (inputlen < 16) { text->utils->seterror(text->utils->conn, 0, "DIGEST-MD5 SASL packets must be at least 16 bytes long"); return SASL_FAIL; } /* check the version number */ memcpy(&ver, input+inputlen-6, 2); ver = ntohs(ver); if (ver != version) { text->utils->seterror(text->utils->conn, 0, "Wrong Version"); return SASL_FAIL; } /* check the sequence number */ memcpy(&seqnum, input+inputlen-4, 4); seqnum = ntohl(seqnum); if (seqnum != text->rec_seqnum) { text->utils->seterror(text->utils->conn, 0, "Incorrect Sequence Number: received %u, expected %u", seqnum, text->rec_seqnum); return SASL_FAIL; } /* allocate a buffer large enough for the output */ result = _plug_buf_alloc(text->utils, &text->decode_packet_buf, &text->decode_packet_buf_len, inputlen /* length of message */ - 6 /* skip ver and seqnum */ + 4); /* prepend seqnum */ if (result != SASL_OK) return result; /* construct (seqnum, msg) */ tmpnum = htonl(text->rec_seqnum); memcpy(text->decode_packet_buf, &tmpnum, 4); text->rec_seqnum++; /* now increment it */ *output = text->decode_packet_buf + 4; /* skip seqnum */ if (text->cipher_dec) { /* decrypt message & HMAC into output buffer */ result = text->cipher_dec(text, input, inputlen-6, NULL, *output, outputlen); if (result != SASL_OK) return result; } else { /* copy message & HMAC into output buffer */ memcpy(*output, input, inputlen - 6); *outputlen = inputlen - 16; /* -16 to skip HMAC, ver and seqnum */ } digest = (unsigned char *) *output + (inputlen - 16); /* check the CMAC */ /* HMAC(ki, (seqnum, msg) ) */ text->utils->hmac_md5((const unsigned char *) text->decode_packet_buf, (*outputlen) + 4, text->Ki_receive, HASHLEN, checkdigest); /* now check it */ for (lup = 0; lup < 10; lup++) if (checkdigest[lup] != digest[lup]) { text->utils->seterror(text->utils->conn, 0, "CMAC doesn't match at byte %d!", lup); return SASL_FAIL; } return SASL_OK; } static int digestmd5_decode(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; ret = _plug_decode(&text->decode_context, input, inputlen, &text->decode_buf, &text->decode_buf_len, outputlen, digestmd5_decode_packet, text); *output = text->decode_buf; return ret; } static void digestmd5_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { context_t *text = (context_t *) conn_context; int lup; if (!text || !utils) return; utils->log(utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 common mech dispose"); if (text->authid) utils->free(text->authid); if (text->realm) utils->free(text->realm); if (text->realms) { /* need to free all the realms */ for (lup = 0; lup < text->realm_cnt; lup++) utils->free (text->realms[lup]); utils->free(text->realms); } if (text->nonce) utils->free(text->nonce); if (text->cnonce) utils->free(text->cnonce); if (text->cipher_free) text->cipher_free(text); /* free the stuff in the context */ if (text->response_value) utils->free(text->response_value); _plug_decode_free(&text->decode_context); if (text->encode_buf) utils->free(text->encode_buf); if (text->decode_buf) utils->free(text->decode_buf); if (text->decode_packet_buf) utils->free(text->decode_packet_buf); if (text->out_buf) utils->free(text->out_buf); if (text->enc_in_buf) { if (text->enc_in_buf->data) utils->free(text->enc_in_buf->data); utils->free(text->enc_in_buf); } utils->free(conn_context); } static void clear_reauth_entry(reauth_entry_t *reauth, enum Context_type type, const sasl_utils_t *utils) { if (!reauth) return; if (reauth->authid) utils->free(reauth->authid); if (reauth->realm) utils->free(reauth->realm); if (reauth->nonce) utils->free(reauth->nonce); if (reauth->cnonce) utils->free(reauth->cnonce); if (type == CLIENT) { if (reauth->u.c.serverFQDN) utils->free(reauth->u.c.serverFQDN); } memset(reauth, 0, sizeof(reauth_entry_t)); } static void digestmd5_common_mech_free(void *glob_context, const sasl_utils_t *utils) { digest_glob_context_t *my_glob_context = (digest_glob_context_t *) glob_context; reauth_cache_t *reauth_cache = my_glob_context->reauth; size_t n; utils->log(utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 common mech free"); /* Prevent anybody else from freeing this as well */ my_glob_context->reauth = NULL; if (!reauth_cache) return; for (n = 0; n < reauth_cache->size; n++) { clear_reauth_entry(&reauth_cache->e[n], reauth_cache->i_am, utils); } if (reauth_cache->e) utils->free(reauth_cache->e); if (reauth_cache->mutex) { utils->mutex_free(reauth_cache->mutex); reauth_cache->mutex = NULL; } utils->free(reauth_cache); } /***************************** Server Section *****************************/ typedef struct server_context { context_t common; time_t timestamp; int stale; /* last nonce is stale */ sasl_ssf_t limitssf, requiressf; /* application defined bounds */ } server_context_t; static digest_glob_context_t server_glob_context; static void DigestCalcHA1FromSecret(context_t * text, const sasl_utils_t * utils, HASH HA1, unsigned char *authorization_id, unsigned char *pszNonce, unsigned char *pszCNonce, HASHHEX SessionKey) { MD5_CTX Md5Ctx; /* calculate session key */ utils->MD5Init(&Md5Ctx); if (text->http_mode) { /* per RFC 2617 Errata ID 1649 */ HASHHEX HA1Hex; CvtHex(HA1, HA1Hex); utils->MD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN); } else { /* per RFC 2831 */ utils->MD5Update(&Md5Ctx, HA1, HASHLEN); } utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszNonce, (unsigned) strlen((char *) pszNonce)); utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszCNonce, (unsigned) strlen((char *) pszCNonce)); if (authorization_id != NULL) { utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, authorization_id, (unsigned) strlen((char *) authorization_id)); } utils->MD5Final(HA1, &Md5Ctx); CvtHex(HA1, SessionKey); /* save HA1 because we need it to make the privacy and integrity keys */ memcpy(text->HA1, HA1, sizeof(HASH)); } static char *create_response(context_t * text, const sasl_utils_t * utils, unsigned char *nonce, unsigned int ncvalue, unsigned char *cnonce, char *qop, const sasl_http_request_t *request, HASH Secret, char *authorization_id, char **response_value) { HASHHEX SessionKey; HASH EntityHash; HASHHEX HEntity; HASHHEX Response; char *result; if (qop == NULL) qop = "auth"; DigestCalcHA1FromSecret(text, utils, Secret, (unsigned char *) authorization_id, nonce, cnonce, SessionKey); if (text->http_mode) { /* per RFC 2617 */ MD5_CTX Md5Ctx; utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, request->entity, request->elen); utils->MD5Final(EntityHash, &Md5Ctx); } else { /* per RFC 2831 */ memset(EntityHash, 0, HASHLEN); } CvtHex(EntityHash, HEntity); /* Calculate response for comparison with client's response */ DigestCalcResponse(utils, SessionKey,/* HEX(H(A1)) */ nonce, /* nonce from server */ ncvalue, /* 8 hex digits */ cnonce, /* client nonce */ (unsigned char *) qop, /* qop-value: "", "auth", * "auth-int" */ (unsigned char *) request->uri, /* requested URL */ (unsigned char *) request->method, HEntity, /* H(entity body) if qop="auth-int" */ Response /* request-digest or response-digest */ ); result = utils->malloc(HASHHEXLEN + 1); memcpy(result, Response, HASHHEXLEN); result[HASHHEXLEN] = 0; /* Calculate response value for mutual auth with the client (NO Method) */ if (response_value != NULL) { char * new_response_value; DigestCalcResponse(utils, SessionKey, /* HEX(H(A1)) */ nonce, /* nonce from server */ ncvalue, /* 8 hex digits */ cnonce, /* client nonce */ (unsigned char *) qop, /* qop-value: "", "auth", * "auth-int" */ (unsigned char *) request->uri, /* requested URL */ NULL, HEntity, /* H(entity body) if qop="auth-int" */ Response /* request-digest or response-digest */ ); new_response_value = utils->realloc(*response_value, HASHHEXLEN + 1); if (new_response_value == NULL) { free (*response_value); *response_value = NULL; return NULL; } *response_value = new_response_value; memcpy(*response_value, Response, HASHHEXLEN); (*response_value)[HASHHEXLEN] = 0; } return result; } static int get_server_realm(sasl_server_params_t * params, char **realm) { /* look at user realm first */ if (params->user_realm != NULL) { if(params->user_realm[0] != '\0') { *realm = (char *) params->user_realm; } else { /* Catch improperly converted apps */ params->utils->seterror(params->utils->conn, 0, "user_realm is an empty string!"); return SASL_BADPARAM; } } else if (params->serverFQDN != NULL) { *realm = (char *) params->serverFQDN; } else { params->utils->seterror(params->utils->conn, 0, "no way to obtain DIGEST-MD5 realm"); return SASL_FAIL; } return SASL_OK; } /* * Convert hex string to int */ static int htoi(unsigned char *hexin, unsigned int *res) { size_t lup, inlen; inlen = strlen((char *) hexin); *res = 0; for (lup = 0; lup < inlen; lup++) { switch (hexin[lup]) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': *res = (*res << 4) + (hexin[lup] - '0'); break; case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': *res = (*res << 4) + (hexin[lup] - 'a' + 10); break; case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': *res = (*res << 4) + (hexin[lup] - 'A' + 10); break; default: return SASL_BADPARAM; } } return SASL_OK; } static int digestmd5_server_mech_new(void *glob_context, sasl_server_params_t * sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { context_t *text; if ((sparams->flags & SASL_NEED_HTTP) && !sparams->http_request) { SETERROR(sparams->utils, "DIGEST-MD5 unavailable due to lack of HTTP request"); return SASL_BADPARAM; } /* holds state are in -- allocate server size */ text = sparams->utils->malloc(sizeof(server_context_t)); if (text == NULL) return SASL_NOMEM; memset(text, 0, sizeof(server_context_t)); text->state = 1; text->i_am = SERVER; text->http_mode = (sparams->flags & SASL_NEED_HTTP); text->reauth = ((digest_glob_context_t *) glob_context)->reauth; *conn_context = text; return SASL_OK; } static int digestmd5_server_mech_step1(server_context_t *stext, sasl_server_params_t *sparams, const char *clientin __attribute__((unused)), unsigned clientinlen __attribute__((unused)), const char **serverout, unsigned *serveroutlen, sasl_out_params_t * oparams __attribute__((unused))) { context_t *text = (context_t *) stext; int result; char *realm; unsigned char *nonce; char *charset = "utf-8"; char qop[1024], cipheropts[1024]; struct digest_cipher *cipher; unsigned resplen; int added_conf = 0; char maxbufstr[64]; sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 server step 1"); /* get realm */ result = get_server_realm(sparams, &realm); if(result != SASL_OK) return result; /* what options should we offer the client? */ qop[0] = '\0'; cipheropts[0] = '\0'; if (stext->requiressf == 0) { if (*qop) strcat(qop, ","); strcat(qop, "auth"); } if (stext->requiressf <= 1 && stext->limitssf >= 1) { if (*qop) strcat(qop, ","); strcat(qop, "auth-int"); } cipher = available_ciphers; while (cipher->name) { /* do we allow this particular cipher? */ if (stext->requiressf <= cipher->ssf && stext->limitssf >= cipher->ssf) { if (!added_conf) { if (*qop) strcat(qop, ","); strcat(qop, "auth-conf"); added_conf = 1; } if (*cipheropts) strcat(cipheropts, ","); strcat(cipheropts, cipher->name); } cipher++; } if (*qop == '\0') { /* we didn't allow anything?!? we'll return SASL_TOOWEAK, since that's close enough */ return SASL_TOOWEAK; } /* * digest-challenge = 1#( realm | nonce | qop-options | stale | maxbuf | * charset | cipher-opts | auth-param ) */ nonce = create_nonce(sparams->utils); if (nonce == NULL) { SETERROR(sparams->utils, "internal erorr: failed creating a nonce"); return SASL_FAIL; } resplen = 0; text->out_buf = NULL; text->out_buf_len = 0; if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "nonce", (unsigned char *) nonce, TRUE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge failed"); return SASL_FAIL; } /* add to challenge; if we chose not to specify a realm, we won't * send one to the client */ if (realm && add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "realm", (unsigned char *) realm, TRUE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge failed"); return SASL_FAIL; } /* * qop-options A quoted string of one or more tokens indicating the * "quality of protection" values supported by the server. The value * "auth" indicates authentication; the value "auth-int" indicates * authentication with integrity protection; the value "auth-conf" * indicates authentication with integrity protection and encryption. */ /* add qop to challenge */ if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "qop", (unsigned char *) qop, TRUE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge 3 failed"); return SASL_FAIL; } /* * Cipheropts - list of ciphers server supports */ /* add cipher-opts to challenge; only add if there are some */ if (strcmp(cipheropts,"")!=0) { if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "cipher", (unsigned char *) cipheropts, TRUE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge 4 failed"); return SASL_FAIL; } } /* "stale" is true if a reauth failed because of a nonce timeout */ if (stext->stale && add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "stale", (unsigned char *) "true", FALSE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge failed"); return SASL_FAIL; } /* * maxbuf A number indicating the size of the largest buffer the server * is able to receive when using "auth-int". If this directive is * missing, the default value is 65536. This directive may appear at most * once; if multiple instances are present, the client should abort the * authentication exchange. */ if(sparams->props.maxbufsize) { snprintf(maxbufstr, sizeof(maxbufstr), "%u", sparams->props.maxbufsize); if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "maxbuf", (unsigned char *) maxbufstr, FALSE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge 5 failed"); return SASL_FAIL; } } if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "charset", (unsigned char *) charset, FALSE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge 6 failed"); return SASL_FAIL; } /* * algorithm * This directive is required for backwards compatibility with HTTP * Digest, which supports other algorithms. This directive is * required and MUST appear exactly once; if not present, or if multiple * instances are present, the client should abort the authentication * exchange. * * algorithm = "algorithm" "=" "md5-sess" */ if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "algorithm", (unsigned char *) "md5-sess", FALSE)!=SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge 7 failed"); return SASL_FAIL; } /* * The size of a digest-challenge MUST be less than 2048 bytes!!! */ if (*serveroutlen > 2048) { SETERROR(sparams->utils, "internal error: challenge larger than 2048 bytes"); return SASL_FAIL; } text->authid = NULL; if (_plug_strdup(sparams->utils, realm, &text->realm, NULL) != SASL_OK) { SETERROR(sparams->utils, "internal error: out of memory when saving realm"); return SASL_FAIL; } if (text->http_mode && sparams->http_request->non_persist && sparams->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ /* Create an initial cache entry for non-persistent HTTP connections */ unsigned val = hash((char *) nonce) % text->reauth->size; clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils); text->reauth->e[val].authid = NULL; text->reauth->e[val].realm = text->realm; text->realm = NULL; text->reauth->e[val].nonce = nonce; text->reauth->e[val].nonce_count = 1; text->reauth->e[val].cnonce = NULL; text->reauth->e[val].u.s.timestamp = time(0); sparams->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } else { text->nonce = nonce; text->nonce_count = 1; text->cnonce = NULL; stext->timestamp = time(0); } *serveroutlen = (unsigned) strlen(text->out_buf); *serverout = text->out_buf; text->state = 2; return SASL_CONTINUE; } static int digestmd5_server_mech_step2(server_context_t *stext, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t * oparams) { context_t *text = (context_t *) stext; /* verify digest */ sasl_secret_t *sec = NULL; int result; char *serverresponse = NULL; char *username = NULL; char *authorization_id = NULL; char *realm = NULL; unsigned char *nonce = NULL, *cnonce = NULL; unsigned int noncecount = 0; char *qop = NULL; char *digesturi = NULL; sasl_http_request_t rfc2831_request; const sasl_http_request_t *request; char *response = NULL; /* setting the default value (65536) */ unsigned long client_maxbuf = 65536; int maxbuf_count = 0; /* How many maxbuf instances was found */ char *charset = NULL; char *cipher = NULL; unsigned int n = 0; HASH Secret; HASH SecretBogus; bool Try_8859_1 = FALSE; int client_ignores_realm = 0; char *full_username = NULL; char *internal_username = NULL; int canon_flags; /* password prop_request */ const char *password_request[] = { SASL_AUX_PASSWORD, "*cmusaslsecretDIGEST-MD5", NULL }; size_t len; struct propval auxprop_values[2]; /* can we mess with clientin? copy it to be safe */ char *in_start = NULL; char *in = NULL; cipher_free_t *old_cipher_free = NULL; sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 server step 2"); if (clientinlen == 0) { SETERROR(sparams->utils, "input expected in DIGEST-MD5, step 2"); result = SASL_BADAUTH; goto FreeAllMem; } if (text->http_mode) { /* per RFC 2617 (HTTP Request as set by calling application) */ request = sparams->http_request; } else { /* per RFC 2831 */ rfc2831_request.method = "AUTHENTICATE"; rfc2831_request.uri = NULL; /* to be filled in below from response */ rfc2831_request.entity = NULL; rfc2831_request.elen = 0; rfc2831_request.non_persist = 0; request = &rfc2831_request; } in = sparams->utils->malloc(clientinlen + 1); memcpy(in, clientin, clientinlen); in[clientinlen] = 0; in_start = in; /* parse what we got */ while (in[0] != '\0') { char *name = NULL, *value = NULL; get_pair(&in, &name, &value); if (name == NULL) { SETERROR(sparams->utils, "Parse error"); result = SASL_BADAUTH; goto FreeAllMem; } if (*name == '\0') { break; } /* Extracting parameters */ /* * digest-response = 1#( username | realm | nonce | cnonce | * nonce-count | qop | digest-uri | response | maxbuf | charset | * cipher | auth-param ) */ if (strcasecmp(name, "username") == 0) { _plug_strdup(sparams->utils, value, &username, NULL); } else if (strcasecmp(name, "authzid") == 0) { _plug_strdup(sparams->utils, value, &authorization_id, NULL); } else if (strcasecmp(name, "cnonce") == 0) { _plug_strdup(sparams->utils, value, (char **) &cnonce, NULL); } else if (strcasecmp(name, "nc") == 0) { if (htoi((unsigned char *) value, &noncecount) != SASL_OK) { SETERROR(sparams->utils, "error converting hex to int"); result = SASL_BADAUTH; goto FreeAllMem; } } else if (strcasecmp(name, "realm") == 0) { if (realm) { SETERROR(sparams->utils, "duplicate realm: authentication aborted"); result = SASL_FAIL; goto FreeAllMem; } _plug_strdup(sparams->utils, value, &realm, NULL); } else if (strcasecmp(name, "nonce") == 0) { _plug_strdup(sparams->utils, value, (char **) &nonce, NULL); } else if (strcasecmp(name, "qop") == 0) { if (qop) { SETERROR(sparams->utils, "duplicate qop: authentication aborted"); result = SASL_FAIL; goto FreeAllMem; } _plug_strdup(sparams->utils, value, &qop, NULL); } else if (strcasecmp(name, "digest-uri") == 0 || /* per RFC 2831 */ (text->http_mode && strcasecmp(name, "uri") == 0)) { /* per RFC 2617 */ size_t service_len; if (digesturi) { SETERROR(sparams->utils, "duplicate digest-uri: authentication aborted"); result = SASL_FAIL; goto FreeAllMem; } _plug_strdup(sparams->utils, value, &digesturi, NULL); if (text->http_mode && request && request->uri) { /* Verify digest-uri matches HTTP request (per RFC 2617) */ if (strcmp(digesturi, request->uri)) { result = SASL_BADAUTH; SETERROR(sparams->utils, "bad digest-uri: doesn't match HTTP request"); goto FreeAllMem; } } else { /* Verify digest-uri format (per RFC 2831): * * digest-uri-value = serv-type "/" host [ "/" serv-name ] */ /* make sure it's the service that we're expecting */ service_len = strlen(sparams->service); if (strncasecmp(digesturi, sparams->service, service_len) || digesturi[service_len] != '/') { result = SASL_BADAUTH; SETERROR(sparams->utils, "bad digest-uri: doesn't match service"); goto FreeAllMem; } /* xxx we don't verify the hostname component */ rfc2831_request.uri = digesturi; } } else if (strcasecmp(name, "response") == 0) { _plug_strdup(sparams->utils, value, &response, NULL); } else if (strcasecmp(name, "cipher") == 0) { _plug_strdup(sparams->utils, value, &cipher, NULL); } else if (strcasecmp(name, "maxbuf") == 0) { maxbuf_count++; if (maxbuf_count != 1) { result = SASL_BADAUTH; SETERROR(sparams->utils, "duplicate maxbuf: authentication aborted"); goto FreeAllMem; } else if (str2ul32 (value, &client_maxbuf) == FALSE) { result = SASL_BADAUTH; SETERROR(sparams->utils, "invalid maxbuf parameter"); goto FreeAllMem; } else { if (client_maxbuf <= 16) { result = SASL_BADAUTH; SETERROR(sparams->utils, "maxbuf parameter too small"); goto FreeAllMem; } if (client_maxbuf > MAX_SASL_BUFSIZE) { result = SASL_BADAUTH; SETERROR(sparams->utils, "maxbuf parameter too big"); goto FreeAllMem; } } } else if (strcasecmp(name, "charset") == 0) { if (strcasecmp(value, "utf-8") != 0) { SETERROR(sparams->utils, "client doesn't support UTF-8"); result = SASL_FAIL; goto FreeAllMem; } _plug_strdup(sparams->utils, value, &charset, NULL); } else if (strcasecmp(name,"algorithm") == 0) { /* per RFC 2831: algorithm MUST be ignored if received */ if (text->http_mode && strcasecmp(value, "md5-sess") != 0) { /* per RFC 2617: algorithm MUST match that sent in challenge */ SETERROR(sparams->utils, "'algorithm' isn't 'md5-sess'"); result = SASL_FAIL; goto FreeAllMem; } } else { sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 unrecognized pair %s/%s: ignoring", name, value); } } /* * username = "username" "=" <"> username-value <"> * username-value = qdstr-val * cnonce = "cnonce" "=" <"> cnonce-value <"> * cnonce-value = qdstr-val * nonce-count = "nc" "=" nc-value * nc-value = 8LHEX * qop = "qop" "=" qop-value * digest-uri = "digest-uri" "=" digest-uri-value * digest-uri-value = serv-type "/" host [ "/" serv-name ] * serv-type = 1*ALPHA * host = 1*( ALPHA | DIGIT | "-" | "." ) * service = host * response = "response" "=" <"> response-value <"> * response-value = 32LHEX * LHEX = "0" | "1" | "2" | "3" | "4" | "5" | * "6" | "7" | "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" * cipher = "cipher" "=" cipher-value */ /* Verifing that all required parameters were received */ if ((username == NULL)) { SETERROR(sparams->utils, "required parameters missing: username"); result = SASL_BADAUTH; goto FreeAllMem; } if ((nonce == NULL)) { SETERROR(sparams->utils, "required parameters missing: nonce"); result = SASL_BADAUTH; goto FreeAllMem; } if ((noncecount == 0)) { SETERROR(sparams->utils, "required parameters missing: noncecount"); result = SASL_BADAUTH; goto FreeAllMem; } if ((cnonce == NULL)) { SETERROR(sparams->utils, "required parameters missing: cnonce"); result = SASL_BADAUTH; goto FreeAllMem; } if ((digesturi == NULL)) { SETERROR(sparams->utils, "required parameters missing: digesturi"); result = SASL_BADAUTH; goto FreeAllMem; } if ((response == NULL)) { SETERROR(sparams->utils, "required parameters missing: response"); result = SASL_BADAUTH; goto FreeAllMem; } if (text->state == 1) { unsigned val = hash((char *) nonce) % text->reauth->size; /* reauth attempt or continuation of HTTP Digest on a non-persistent connection, see if we have any info for this nonce */ if (sparams->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ if (text->reauth->e[val].realm && !strcmp(realm, text->reauth->e[val].realm) && ((text->reauth->e[val].nonce_count == 1) || (text->reauth->e[val].authid && !strcmp(username, text->reauth->e[val].authid)))) { _plug_strdup(sparams->utils, text->reauth->e[val].realm, &text->realm, NULL); _plug_strdup(sparams->utils, (char *) text->reauth->e[val].nonce, (char **) &text->nonce, NULL); text->nonce_count = text->reauth->e[val].nonce_count; #if 0 /* XXX Neither RFC 2617 nor RFC 2831 state that the cnonce needs to remain constant for subsequent authentication to work */ _plug_strdup(sparams->utils, (char *) text->reauth->e[val].cnonce, (char **) &text->cnonce, NULL); #endif stext->timestamp = text->reauth->e[val].u.s.timestamp; } sparams->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } if (!text->nonce) { /* we don't have any reauth info, so bail */ sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "No reauth info for '%s' found", nonce); result = SASL_FAIL; goto FreeAllMem; } } /* Sanity check the parameters */ if (realm == NULL) { /* From 2831bis: If the directive is missing, "realm-value" will set to the empty string when computing A1. */ _plug_strdup(sparams->utils, "", &realm, NULL); sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "The client didn't send a realm, assuming empty string."); if (text->realm[0] != '\0') { SETERROR(sparams->utils, "realm changed: authentication aborted"); result = SASL_BADAUTH; goto FreeAllMem; } /* CLAIM: realm is not NULL below */ } else if (text->realm == NULL) { sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "The client specifies a realm when the server hasn't provided one. Using client's realm."); _plug_strdup(sparams->utils, realm, &text->realm, NULL); } else if ((strcmp(realm, text->realm) != 0) && /* XXX - Not sure why the check for text->realm not being empty is needed, as it should always be non-empty */ (text->realm[0] != 0)) { client_ignores_realm = 1; sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG, "The client tries to override server provided realm"); if (text->realm) sparams->utils->free(text->realm); _plug_strdup(sparams->utils, realm, &text->realm, NULL); } if (strcmp((char *) nonce, (char *) text->nonce) != 0) { SETERROR(sparams->utils, "nonce changed: authentication aborted"); result = SASL_BADAUTH; goto FreeAllMem; } if (noncecount != text->nonce_count) { SETERROR(sparams->utils, "incorrect nonce-count: authentication aborted"); result = SASL_BADAUTH; goto FreeAllMem; } #if 0 /* XXX Neither RFC 2617 nor RFC 2831 state that the cnonce needs to remain constant for subsequent authentication to work */ if (text->cnonce && strcmp((char *) cnonce, (char *) text->cnonce) != 0) { SETERROR(sparams->utils, "cnonce changed: authentication aborted"); result = SASL_BADAUTH; goto FreeAllMem; } #endif result = sparams->utils->prop_request(sparams->propctx, password_request); if(result != SASL_OK) { SETERROR(sparams->utils, "unable to obtain user password"); goto FreeAllMem; } /* this will trigger the getting of the aux properties */ /* Note that if we don't have an authorization id, we don't use it... */ if (client_ignores_realm) { if (strlen(text->realm) == 0) { /* Don't put @ at the end of the username, if the realm is empty */ _plug_strdup(sparams->utils, username, &full_username, NULL); } else { full_username = (char *) sparams->utils->malloc(strlen(username) + strlen(text->realm) + 2); full_username[0] = '\0'; sprintf (full_username, "%s@%s", username, text->realm); } internal_username = full_username; } else { internal_username = username; } canon_flags = SASL_CU_AUTHID; if (!authorization_id || !*authorization_id) { canon_flags |= SASL_CU_AUTHZID; } result = sparams->canon_user(sparams->utils->conn, internal_username, 0, canon_flags, oparams); if (result != SASL_OK) { SETERROR(sparams->utils, "unable to canonify user and get auxprops"); goto FreeAllMem; } if (authorization_id != NULL && *authorization_id != '\0') { result = sparams->canon_user(sparams->utils->conn, authorization_id, 0, SASL_CU_AUTHZID, oparams); } if (result != SASL_OK) { SETERROR(sparams->utils, "unable to canonify authorization ID"); goto FreeAllMem; } result = sparams->utils->prop_getnames(sparams->propctx, password_request, auxprop_values); if (result < 0 || ((!auxprop_values[0].name || !auxprop_values[0].values) && (!auxprop_values[1].name || !auxprop_values[1].values))) { /* We didn't find this username */ sparams->utils->seterror(sparams->utils->conn, 0, "no secret in database"); result = sparams->transition ? SASL_TRANS : SASL_NOUSER; goto FreeAllMem; } if (auxprop_values[0].name && auxprop_values[0].values) { len = strlen(auxprop_values[0].values[0]); if (len == 0) { sparams->utils->seterror(sparams->utils->conn,0, "empty secret"); result = SASL_FAIL; goto FreeAllMem; } sec = sparams->utils->malloc(sizeof(sasl_secret_t) + len); if (!sec) { SETERROR(sparams->utils, "unable to allocate secret"); result = SASL_FAIL; goto FreeAllMem; } sec->len = (unsigned) len; strncpy((char *) sec->data, auxprop_values[0].values[0], len + 1); /* * Verifying response obtained from client * * H_URP = H({ username-value,":",realm-value,":",passwd}) sec->data * contains H_URP */ /* Calculate the secret from the plaintext password */ { /* * Secret = { H( { username-value, ":", realm-value, ":", passwd } ) } * * (used to build A1) */ Try_8859_1 = DigestCalcSecret(sparams->utils, (unsigned char *) username, (unsigned char *) text->realm, sec->data, sec->len, FALSE, Secret); Secret[HASHLEN] = '\0'; } if (Try_8859_1) { /* * Secret = { H( { username-value, ":", realm-value, ":", passwd } ) } * * (used to build A1) */ DigestCalcSecret(sparams->utils, (unsigned char *) username, (unsigned char *) text->realm, sec->data, sec->len, TRUE, SecretBogus); SecretBogus[HASHLEN] = '\0'; } /* We're done with sec now. Let's get rid of it */ _plug_free_secret(sparams->utils, &sec); } else if (auxprop_values[1].name && auxprop_values[1].values) { /* NB: This will most likely fail for clients that choose to ignore server-advertised realm */ memcpy(Secret, auxprop_values[1].values[0], HASHLEN); Secret[HASHLEN] = '\0'; } else { sparams->utils->seterror(sparams->utils->conn, 0, "Have neither type of secret"); return SASL_FAIL; } /* erase the plaintext password */ sparams->utils->prop_erase(sparams->propctx, password_request[0]); /* defaulting qop to "auth" if not specified */ if (qop == NULL) { _plug_strdup(sparams->utils, "auth", &qop, NULL); } if (oparams->mech_ssf > 1) { /* Remember the old cipher free function (if any). It will be called later, once we are absolutely sure that authentication was successful. */ old_cipher_free = text->cipher_free; /* free the old cipher context first */ } /* check which layer/cipher to use */ if ((!strcasecmp(qop, "auth-conf")) && (cipher != NULL)) { /* see what cipher was requested */ struct digest_cipher *cptr; cptr = available_ciphers; while (cptr->name) { /* find the cipher requested & make sure it's one we're happy with by policy */ if (!strcasecmp(cipher, cptr->name) && stext->requiressf <= cptr->ssf && stext->limitssf >= cptr->ssf) { /* found it! */ break; } cptr++; } if (cptr->name) { text->cipher_enc = cptr->cipher_enc; text->cipher_dec = cptr->cipher_dec; text->cipher_init = cptr->cipher_init; text->cipher_free = cptr->cipher_free; oparams->mech_ssf = cptr->ssf; n = cptr->n; } else { /* erg? client requested something we didn't advertise! */ sparams->utils->log(sparams->utils->conn, SASL_LOG_WARN, "protocol violation: client requested invalid cipher"); SETERROR(sparams->utils, "client requested invalid cipher"); /* Mark that we attempted security layer negotiation */ oparams->mech_ssf = 2; result = SASL_FAIL; goto FreeAllMem; } oparams->encode=&digestmd5_encode; oparams->decode=&digestmd5_decode; } else if (!strcasecmp(qop, "auth-int") && stext->requiressf <= 1 && stext->limitssf >= 1) { oparams->encode = &digestmd5_encode; oparams->decode = &digestmd5_decode; oparams->mech_ssf = 1; } else if (!strcasecmp(qop, "auth") && stext->requiressf == 0) { oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; } else { SETERROR(sparams->utils, "protocol violation: client requested invalid qop"); result = SASL_FAIL; goto FreeAllMem; } serverresponse = create_response(text, sparams->utils, text->nonce, text->nonce_count, cnonce, qop, request, Secret, authorization_id, &text->response_value); if (serverresponse == NULL) { SETERROR(sparams->utils, "internal error: unable to create response"); result = SASL_NOMEM; goto FreeAllMem; } /* if ok verified */ if (strcmp(serverresponse, response) != 0) { if (Try_8859_1) { serverresponse = create_response(text, sparams->utils, text->nonce, text->nonce_count, cnonce, qop, request, SecretBogus, authorization_id, &text->response_value); if (serverresponse == NULL) { SETERROR(sparams->utils, "internal error: unable to create response"); result = SASL_NOMEM; goto FreeAllMem; } /* if ok verified */ if (strcmp(serverresponse, response) != 0) { SETERROR(sparams->utils, "client response doesn't match what we generated (tried bogus)"); result = SASL_BADAUTH; goto FreeAllMem; } } else { SETERROR(sparams->utils, "client response doesn't match what we generated"); result = SASL_BADAUTH; goto FreeAllMem; } } /* see if our nonce expired */ if (text->reauth->timeout && time(0) - stext->timestamp > text->reauth->timeout) { SETERROR(sparams->utils, "server nonce expired"); stext->stale = 1; result = SASL_BADAUTH; goto FreeAllMem; } /* * nothing more to do; authenticated set oparams information */ oparams->doneflag = 1; oparams->maxoutbuf = client_maxbuf - 4; if (oparams->mech_ssf > 1) { /* MAC block (privacy) */ oparams->maxoutbuf -= 25; } else if(oparams->mech_ssf == 1) { /* MAC block (integrity) */ oparams->maxoutbuf -= 16; } oparams->param_version = 0; text->seqnum = 0; /* for integrity/privacy */ text->rec_seqnum = 0; /* for integrity/privacy */ text->utils = sparams->utils; /* Free the old security layer, if any */ if (old_cipher_free) old_cipher_free(text); /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, sparams->props.maxbufsize ? sparams->props.maxbufsize : DEFAULT_BUFSIZE); if (oparams->mech_ssf > 0) { unsigned char enckey[16]; unsigned char deckey[16]; create_layer_keys(text, sparams->utils,text->HA1,n,enckey,deckey); /* initialize cipher if need be */ if (text->cipher_init) { if (text->cipher_init(text, enckey, deckey) != SASL_OK) { sparams->utils->seterror(sparams->utils->conn, 0, "couldn't init cipher"); } } } /* * The server receives and validates the "digest-response". The server * checks that the nonce-count is "00000001". If it supports subsequent * authentication, it saves the value of the nonce and the nonce-count. */ /* * The "username-value", "realm-value" and "passwd" are encoded according * to the value of the "charset" directive. If "charset=UTF-8" is * present, and all the characters of either "username-value" or "passwd" * are in the ISO 8859-1 character set, then it must be converted to * UTF-8 before being hashed. A sample implementation of this conversion * is in section 8. */ /* add to challenge */ { unsigned resplen = 0; if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "rspauth", (unsigned char *) text->response_value, text->http_mode ? TRUE : FALSE) != SASL_OK) { SETERROR(sparams->utils, "internal error: add_to_challenge failed"); result = SASL_FAIL; goto FreeAllMem; } if (text->http_mode) { /* per RFC 2617 */ char ncvalue[10]; if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "cnonce", cnonce, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllMem; } snprintf(ncvalue, sizeof(ncvalue), "%08x", text->nonce_count); if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "nc", (unsigned char *) ncvalue, FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllMem; } if (add_to_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, &resplen, "qop", (unsigned char *) qop, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllMem; } } /* self check */ if (strlen(text->out_buf) > 2048) { result = SASL_FAIL; goto FreeAllMem; } } *serveroutlen = (unsigned) strlen(text->out_buf); *serverout = text->out_buf; result = SASL_OK; FreeAllMem: if (clientinlen > 0 && text->reauth->timeout && sparams->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ /* Look for an entry for the nonce value */ unsigned val = hash((char *) nonce) % text->reauth->size; switch (result) { case SASL_OK: /* successful auth, setup for future reauth */ if (text->nonce_count == 1) { /* successful initial auth, create new entry */ clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils); text->reauth->e[val].authid = username; username = NULL; text->reauth->e[val].realm = text->realm; text->realm = NULL; text->reauth->e[val].nonce = text->nonce; text->nonce = NULL; text->reauth->e[val].cnonce = cnonce; cnonce = NULL; } if (text->nonce_count < text->reauth->e[val].nonce_count) { /* paranoia. prevent replay attacks */ clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils); } else { text->reauth->e[val].nonce_count = ++text->nonce_count; text->reauth->e[val].u.s.timestamp = time(0); } break; default: if (text->nonce_count > 1) { /* failed reauth, clear entry */ clear_reauth_entry(&text->reauth->e[val], SERVER, sparams->utils); } else { /* failed initial auth, leave existing cache */ } } sparams->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } /* free everything */ if (in_start) sparams->utils->free (in_start); if (full_username != NULL) sparams->utils->free (full_username); if (username != NULL) sparams->utils->free (username); if (authorization_id != NULL) sparams->utils->free (authorization_id); if (realm != NULL) sparams->utils->free (realm); if (nonce != NULL) sparams->utils->free (nonce); if (cnonce != NULL) sparams->utils->free (cnonce); if (response != NULL) sparams->utils->free (response); if (cipher != NULL) sparams->utils->free (cipher); if (serverresponse != NULL) sparams->utils->free(serverresponse); if (charset != NULL) sparams->utils->free (charset); if (digesturi != NULL) sparams->utils->free (digesturi); if (qop!=NULL) sparams->utils->free (qop); if (sec) _plug_free_secret(sparams->utils, &sec); return result; } static int digestmd5_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; server_context_t *stext = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; if (clientinlen > 4096) return SASL_BADPROT; if (text == NULL) { return SASL_BADPROT; } switch (text->state) { case 1: /* setup SSF limits */ if (!text->http_mode && /* HTTP Digest doesn't need buffer */ !sparams->props.maxbufsize) { stext->limitssf = 0; stext->requiressf = 0; } else { if (sparams->props.max_ssf < sparams->external_ssf) { stext->limitssf = 0; } else { stext->limitssf = sparams->props.max_ssf - sparams->external_ssf; } if (sparams->props.min_ssf < sparams->external_ssf) { stext->requiressf = 0; } else { stext->requiressf = sparams->props.min_ssf - sparams->external_ssf; } } if (clientin && text->reauth->timeout) { /* here's where we attempt fast reauth if possible */ if (digestmd5_server_mech_step2(stext, sparams, clientin, clientinlen, serverout, serveroutlen, oparams) == SASL_OK) { return SASL_OK; } sparams->utils->log(NULL, SASL_LOG_WARN, "DIGEST-MD5 reauth failed\n"); /* re-initialize everything for a fresh start */ memset(oparams, 0, sizeof(sasl_out_params_t)); /* fall through and issue challenge */ } return digestmd5_server_mech_step1(stext, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: return digestmd5_server_mech_step2(stext, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); default: sparams->utils->log(NULL, SASL_LOG_ERR, "Invalid DIGEST-MD5 server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void digestmd5_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *stext = (server_context_t *) conn_context; if (!stext || !utils) return; digestmd5_common_mech_dispose(conn_context, utils); } static sasl_server_plug_t digestmd5_server_plugins[] = { { "DIGEST-MD5", /* mech_name */ #ifdef WITH_RC4 128, /* max_ssf */ #elif defined(WITH_DES) 112, #else 1, #endif SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_ALLOWS_PROXY | SASL_FEAT_SUPPORTS_HTTP, /* features */ &server_glob_context, /* glob_context */ &digestmd5_server_mech_new, /* mech_new */ &digestmd5_server_mech_step, /* mech_step */ &digestmd5_server_mech_dispose, /* mech_dispose */ &digestmd5_common_mech_free, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech avail */ NULL /* spare */ } }; int digestmd5_server_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { reauth_cache_t *reauth_cache; const char *timeout = NULL; unsigned int len; if (maxversion < SASL_SERVER_PLUG_VERSION) { return SASL_BADVERS; } /* reauth cache */ reauth_cache = utils->malloc(sizeof(reauth_cache_t)); if (reauth_cache == NULL) { return SASL_NOMEM; } memset(reauth_cache, 0, sizeof(reauth_cache_t)); reauth_cache->i_am = SERVER; /* fetch and canonify the reauth_timeout */ utils->getopt(utils->getopt_context, "DIGEST-MD5", "reauth_timeout", &timeout, &len); if (timeout) { reauth_cache->timeout = (time_t) 60 * strtol(timeout, NULL, 10); } if (reauth_cache->timeout < 0) { reauth_cache->timeout = 0; } if (reauth_cache->timeout) { /* mutex */ reauth_cache->mutex = utils->mutex_alloc(); if (!reauth_cache->mutex) { utils->free(reauth_cache); return SASL_FAIL; } /* entries */ reauth_cache->size = 100; reauth_cache->e = utils->malloc(reauth_cache->size * sizeof(reauth_entry_t)); if (reauth_cache->e == NULL) { utils->mutex_free(reauth_cache->mutex); utils->free(reauth_cache); return SASL_NOMEM; } memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t)); } ((digest_glob_context_t *) digestmd5_server_plugins[0].glob_context)->reauth = reauth_cache; *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = digestmd5_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { context_t common; sasl_secret_t *password; /* user password */ unsigned int free_password; /* set if we need to free password */ int protection; struct digest_cipher *cipher; unsigned long server_maxbuf; /* for HTTP mode (RFC 2617) only */ char *algorithm; unsigned char *opaque; } client_context_t; static digest_glob_context_t client_glob_context; /* calculate H(A1) as per spec */ static void DigestCalcHA1(context_t * text, const sasl_utils_t * utils, char *pszAlg, unsigned char *pszUserName, unsigned char *pszRealm, sasl_secret_t * pszPassword, unsigned char *pszAuthorization_id, unsigned char *pszNonce, unsigned char *pszCNonce, HASHHEX SessionKey) { MD5_CTX Md5Ctx; HASH HA1; DigestCalcSecret(utils, pszUserName, pszRealm, (unsigned char *) pszPassword->data, pszPassword->len, FALSE, HA1); if (!text->http_mode || /* per RFC 2831 */ (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)) { /* per RFC 2617 */ /* calculate the session key */ utils->MD5Init(&Md5Ctx); if (text->http_mode) { /* per RFC 2617 Errata ID 1649 */ HASHHEX HA1Hex; CvtHex(HA1, HA1Hex); utils->MD5Update(&Md5Ctx, HA1Hex, HASHHEXLEN); } else { /* per RFC 2831 */ utils->MD5Update(&Md5Ctx, HA1, HASHLEN); } utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszNonce, (unsigned) strlen((char *) pszNonce)); utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszCNonce, (unsigned) strlen((char *) pszCNonce)); if (pszAuthorization_id != NULL) { utils->MD5Update(&Md5Ctx, COLON, 1); utils->MD5Update(&Md5Ctx, pszAuthorization_id, (unsigned) strlen((char *) pszAuthorization_id)); } utils->MD5Final(HA1, &Md5Ctx); } CvtHex(HA1, SessionKey); /* xxx rc-* use different n */ /* save HA1 because we'll need it for the privacy and integrity keys */ memcpy(text->HA1, HA1, sizeof(HASH)); } static char *calculate_response(context_t * text, const sasl_utils_t * utils, char *algorithm, unsigned char *username, unsigned char *realm, unsigned char *nonce, unsigned int ncvalue, unsigned char *cnonce, char *qop, const sasl_http_request_t *request, sasl_secret_t * passwd, unsigned char *authorization_id, char **response_value) { HASHHEX SessionKey; HASH EntityHash; HASHHEX HEntity; HASHHEX Response; char *result; /* Verifing that all parameters was defined */ if(!username || !cnonce || !nonce || !ncvalue || !request || !passwd) { PARAMERROR( utils ); return NULL; } if (realm == NULL) { /* a NULL realm is equivalent to the empty string */ realm = (unsigned char *) ""; } if (qop == NULL) { /* default to a qop of just authentication */ qop = "auth"; } DigestCalcHA1(text, utils, algorithm, username, realm, passwd, authorization_id, nonce, cnonce, SessionKey); if (text->http_mode) { /* per RFC 2617 */ MD5_CTX Md5Ctx; utils->MD5Init(&Md5Ctx); utils->MD5Update(&Md5Ctx, request->entity, request->elen); utils->MD5Final(EntityHash, &Md5Ctx); } else { /* per RFC 2831 */ memset(EntityHash, 0, HASHLEN); } CvtHex(EntityHash, HEntity); DigestCalcResponse(utils, SessionKey,/* HEX(H(A1)) */ nonce, /* nonce from server */ ncvalue, /* 8 hex digits */ cnonce, /* client nonce */ (unsigned char *) qop, /* qop-value: "", "auth", * "auth-int" */ (unsigned char *) request->uri, /* requested URL */ (unsigned char *) request->method, HEntity, /* H(entity body) if qop="auth-int" */ Response /* request-digest or response-digest */ ); result = utils->malloc(HASHHEXLEN + 1); memcpy(result, Response, HASHHEXLEN); result[HASHHEXLEN] = 0; if (response_value != NULL) { char * new_response_value; DigestCalcResponse(utils, SessionKey, /* HEX(H(A1)) */ nonce, /* nonce from server */ ncvalue, /* 8 hex digits */ cnonce, /* client nonce */ (unsigned char *) qop, /* qop-value: "", "auth", * "auth-int" */ (unsigned char *) request->uri, /* requested URL */ NULL, HEntity, /* H(entity body) if qop="auth-int" */ Response /* request-digest or response-digest */ ); new_response_value = utils->realloc(*response_value, HASHHEXLEN + 1); if (new_response_value == NULL) { free (*response_value); *response_value = NULL; return NULL; } *response_value = new_response_value; memcpy(*response_value, Response, HASHHEXLEN); (*response_value)[HASHHEXLEN] = 0; } return result; } static int make_client_response(context_t *text, sasl_client_params_t *params, sasl_out_params_t *oparams) { client_context_t *ctext = (client_context_t *) text; char *qop = NULL; unsigned nbits = 0; char *digesturi = NULL; bool IsUTF8 = FALSE; char ncvalue[10]; char maxbufstr[64]; char *response = NULL; unsigned resplen = 0; int result = SASL_OK; cipher_free_t *old_cipher_free = NULL; sasl_http_request_t rfc2831_request; const sasl_http_request_t *request; params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 make_client_response()"); if (oparams->mech_ssf > 1) { /* Remember the old cipher free function (if any). It will be called later, once we are absolutely sure that authentication was successful. */ old_cipher_free = text->cipher_free; /* free the old cipher context first */ } switch (ctext->protection) { case DIGEST_PRIVACY: qop = "auth-conf"; oparams->encode = &digestmd5_encode; oparams->decode = &digestmd5_decode; oparams->mech_ssf = ctext->cipher->ssf; nbits = ctext->cipher->n; text->cipher_enc = ctext->cipher->cipher_enc; text->cipher_dec = ctext->cipher->cipher_dec; text->cipher_free = ctext->cipher->cipher_free; text->cipher_init = ctext->cipher->cipher_init; break; case DIGEST_INTEGRITY: qop = "auth-int"; oparams->encode = &digestmd5_encode; oparams->decode = &digestmd5_decode; oparams->mech_ssf = 1; break; case DIGEST_NOLAYER: default: qop = "auth"; oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; } if (text->http_mode) { /* per RFC 2617 (HTTP Request as set by calling application) */ request = params->http_request; } else { /* per RFC 2831 */ digesturi = params->utils->malloc(strlen(params->service) + 1 + strlen(params->serverFQDN) + 1 + 1); if (digesturi == NULL) { result = SASL_NOMEM; goto FreeAllocatedMem; } /* allocated exactly this. safe */ strcpy(digesturi, params->service); strcat(digesturi, "/"); strcat(digesturi, params->serverFQDN); /* * strcat (digesturi, "/"); strcat (digesturi, params->serverFQDN); */ rfc2831_request.method = "AUTHENTICATE"; rfc2831_request.uri = digesturi; rfc2831_request.entity = NULL; rfc2831_request.elen = 0; rfc2831_request.non_persist = 0; request = &rfc2831_request; } /* response */ response = calculate_response(text, params->utils, ctext->algorithm, (unsigned char *) oparams->authid, (unsigned char *) text->realm, text->nonce, text->nonce_count, text->cnonce, qop, request, ctext->password, strcmp(oparams->user, oparams->authid) ? (unsigned char *) oparams->user : NULL, &text->response_value); resplen = 0; text->out_buf = NULL; text->out_buf_len = 0; if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "username", (unsigned char *) oparams->authid, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "realm", (unsigned char *) text->realm, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (strcmp(oparams->user, oparams->authid)) { if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "authzid", (unsigned char *) oparams->user, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } } if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "nonce", text->nonce, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "cnonce", text->cnonce, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } snprintf(ncvalue, sizeof(ncvalue), "%08x", text->nonce_count); if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "nc", (unsigned char *) ncvalue, FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "qop", (unsigned char *) qop, FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (ctext->cipher != NULL) { if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "cipher", (unsigned char *) ctext->cipher->name, FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } } if (params->props.maxbufsize) { snprintf(maxbufstr, sizeof(maxbufstr), "%d", params->props.maxbufsize); if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "maxbuf", (unsigned char *) maxbufstr, FALSE) != SASL_OK) { SETERROR(params->utils, "internal error: add_to_challenge maxbuf failed"); goto FreeAllocatedMem; } } if (IsUTF8) { if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "charset", (unsigned char *) "utf-8", FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } } if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, text->http_mode ? "uri" /* per RFC 2617 */ : "digest-uri", /* per RFC 2831 */ (unsigned char *) request->uri, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (text->http_mode) { /* per RFC 2617: algorithm & opaque MUST be sent back to server */ if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "algorithm", (unsigned char *) ctext->algorithm, FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } if (ctext->opaque) { if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "opaque", ctext->opaque, TRUE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } } } if (add_to_challenge(params->utils, &text->out_buf, &text->out_buf_len, &resplen, "response", (unsigned char *) response, FALSE) != SASL_OK) { result = SASL_FAIL; goto FreeAllocatedMem; } /* self check */ if (strlen(text->out_buf) > 2048) { result = SASL_FAIL; goto FreeAllocatedMem; } /* set oparams */ oparams->maxoutbuf = ctext->server_maxbuf; if(oparams->mech_ssf > 1) { /* MAC block (privacy) */ oparams->maxoutbuf -= 25; } else if(oparams->mech_ssf == 1) { /* MAC block (integrity) */ oparams->maxoutbuf -= 16; } text->seqnum = 0; /* for integrity/privacy */ text->rec_seqnum = 0; /* for integrity/privacy */ text->utils = params->utils; /* Free the old security layer, if any */ if (old_cipher_free) old_cipher_free(text); /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, params->props.maxbufsize ? params->props.maxbufsize : DEFAULT_BUFSIZE); if (oparams->mech_ssf > 0) { unsigned char enckey[16]; unsigned char deckey[16]; create_layer_keys(text, params->utils, text->HA1, nbits, enckey, deckey); /* initialize cipher if need be */ if (text->cipher_init) { text->cipher_init(text, enckey, deckey); } } result = SASL_OK; FreeAllocatedMem: if (digesturi) params->utils->free(digesturi); if (response) params->utils->free(response); return result; } static int parse_server_challenge(client_context_t *ctext, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, char ***outrealms, int *noutrealm) { context_t *text = (context_t *) ctext; int result = SASL_OK; char *in_start = NULL; char *in = NULL; char **realms = NULL; int nrealm = 0; sasl_ssf_t limit, musthave = 0; sasl_ssf_t external; int protection = 0; int saw_qop = 0; int ciphers = 0; int maxbuf_count = 0; bool IsUTF8 = FALSE; int algorithm_count = 0; int opaque_count = 0; params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 parse_server_challenge()"); if (!serverin || !serverinlen) { params->utils->seterror(params->utils->conn, 0, "no server challenge"); return SASL_FAIL; } in_start = in = params->utils->malloc(serverinlen + 1); if (in == NULL) return SASL_NOMEM; memcpy(in, serverin, serverinlen); in[serverinlen] = 0; ctext->server_maxbuf = 65536; /* Default value for maxbuf */ /* create a new cnonce */ text->cnonce = create_nonce(params->utils); if (text->cnonce == NULL) { params->utils->seterror(params->utils->conn, 0, "failed to create cnonce"); result = SASL_FAIL; goto FreeAllocatedMem; } /* parse the challenge */ while (in[0] != '\0') { char *name, *value; get_pair(&in, &name, &value); /* if parse error */ if (name == NULL) { params->utils->seterror(params->utils->conn, 0, "Parse error"); result = SASL_BADAUTH; goto FreeAllocatedMem; } if (*name == '\0') { break; } if (strcasecmp(name, "realm") == 0) { nrealm++; if(!realms) realms = params->utils->malloc(sizeof(char *) * (nrealm + 1)); else realms = params->utils->realloc(realms, sizeof(char *) * (nrealm + 1)); if (realms == NULL) { result = SASL_NOMEM; goto FreeAllocatedMem; } _plug_strdup(params->utils, value, &realms[nrealm-1], NULL); realms[nrealm] = NULL; } else if (strcasecmp(name, "nonce") == 0) { _plug_strdup(params->utils, value, (char **) &text->nonce, NULL); text->nonce_count = 1; } else if (strcasecmp(name, "qop") == 0) { saw_qop = 1; while (value && *value) { char *comma; char *end_val; SKIP_SPACES_IN_QOP: /* skipping spaces: */ value = skip_lws(value); if (*value == '\0') { break; } /* check for an extreme case when there is no data: LWSP ',' */ if (*value == ',') { value++; goto SKIP_SPACES_IN_QOP; } comma = strchr(value, ','); if (comma != NULL) { *comma++ = '\0'; } /* skip LWSP at the end of the value (if any), skip_r_lws returns pointer to the first LWSP character, NUL (if there were none) or NULL if the value is entirely from LWSP characters */ end_val = skip_r_lws (value); if (end_val == NULL) { value = comma; continue; } else { /* strip LWSP */ *end_val = '\0'; } if (strcasecmp(value, "auth-conf") == 0) { protection |= DIGEST_PRIVACY; } else if (strcasecmp(value, "auth-int") == 0) { protection |= DIGEST_INTEGRITY; } else if (strcasecmp(value, "auth") == 0) { protection |= DIGEST_NOLAYER; } else { params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "Server supports unknown layer: %s\n", value); } value = comma; } } else if (strcasecmp(name, "cipher") == 0) { while (value && *value) { struct digest_cipher *cipher = available_ciphers; char *comma; char *end_val; SKIP_SPACES_IN_CIPHER: /* skipping spaces: */ value = skip_lws(value); if (*value == '\0') { break; } /* check for an extreme case when there is no data: LWSP ',' */ if (*value == ',') { value++; goto SKIP_SPACES_IN_CIPHER; } comma = strchr(value, ','); if (comma != NULL) { *comma++ = '\0'; } /* skip LWSP at the end of the value, skip_r_lws returns pointer to the first LWSP character or NULL */ end_val = skip_r_lws (value); if (end_val == NULL) { value = comma; continue; } else { /* strip LWSP */ *end_val = '\0'; } /* do we support this cipher? */ while (cipher->name) { if (!strcasecmp(value, cipher->name)) break; cipher++; } if (cipher->name) { ciphers |= cipher->flag; } else { params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "Server supports unknown cipher: %s\n", value); } value = comma; } } else if (strcasecmp(name, "stale") == 0 && ctext->password) { /* clear any cached password */ if (ctext->free_password) _plug_free_secret(params->utils, &ctext->password); ctext->password = NULL; } else if (strcasecmp(name, "maxbuf") == 0) { /* maxbuf A number indicating the size of the largest * buffer the server is able to receive when using * "auth-int". If this directive is missing, the default * value is 65536. This directive may appear at most once; * if multiple instances are present, the client should * abort the authentication exchange. */ maxbuf_count++; if (maxbuf_count != 1) { result = SASL_BADAUTH; params->utils->seterror(params->utils->conn, 0, "At least two maxbuf directives found. Authentication aborted"); goto FreeAllocatedMem; } if (str2ul32 (value, &ctext->server_maxbuf) == FALSE) { result = SASL_BADAUTH; params->utils->seterror(params->utils->conn, 0, "Invalid maxbuf parameter received from server (%s)", value); goto FreeAllocatedMem; } if (ctext->server_maxbuf <= 16) { result = SASL_BADAUTH; params->utils->seterror(params->utils->conn, 0, "Invalid maxbuf parameter received from server (too small: %s)", value); goto FreeAllocatedMem; } if (ctext->server_maxbuf > MAX_SASL_BUFSIZE) { result = SASL_BADAUTH; params->utils->seterror(params->utils->conn, 0, "Invalid maxbuf parameter received from server (too big: %s)", value); goto FreeAllocatedMem; } } else if (strcasecmp(name, "charset") == 0) { if (strcasecmp(value, "utf-8") != 0) { result = SASL_BADAUTH; params->utils->seterror(params->utils->conn, 0, "Charset must be UTF-8"); goto FreeAllocatedMem; } else { IsUTF8 = TRUE; } } else if (strcasecmp(name,"algorithm")==0) { if (text->http_mode && strcasecmp(value, "md5") == 0) { /* per RFC 2617: need to support both "md5" and "md5-sess" */ } else if (strcasecmp(value, "md5-sess") != 0) { params->utils->seterror(params->utils->conn, 0, "'algorithm' isn't 'md5-sess'"); result = SASL_FAIL; goto FreeAllocatedMem; } if (text->http_mode) { /* per RFC 2617: algorithm MUST be saved */ _plug_strdup(params->utils, value, (char **) &ctext->algorithm, NULL); } algorithm_count++; if (algorithm_count > 1) { params->utils->seterror(params->utils->conn, 0, "Must see 'algorithm' only once"); result = SASL_FAIL; goto FreeAllocatedMem; } } else if (strcasecmp(name,"opaque")==0) { /* per RFC 2831: opaque MUST be ignored if received */ if (text->http_mode) { /* per RFC 2617: opaque MUST be saved */ _plug_strdup(params->utils, value, (char **) &ctext->opaque, NULL); opaque_count++; if (opaque_count > 1) { params->utils->seterror(params->utils->conn, 0, "Must see 'opaque' only once"); result = SASL_FAIL; goto FreeAllocatedMem; } } } else { params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 unrecognized pair %s/%s: ignoring", name, value); } } if (protection == 0) { /* From RFC 2831[bis]: This directive is optional; if not present it defaults to "auth". */ if (saw_qop == 0) { protection = DIGEST_NOLAYER; } else { result = SASL_BADAUTH; params->utils->seterror(params->utils->conn, 0, "Server doesn't support any known qop level"); goto FreeAllocatedMem; } } if (algorithm_count != 1) { params->utils->seterror(params->utils->conn, 0, "Must see 'algorithm' once. Didn't see at all"); result = SASL_FAIL; goto FreeAllocatedMem; } /* make sure we have everything we require */ if (text->nonce == NULL) { params->utils->seterror(params->utils->conn, 0, "Don't have nonce."); result = SASL_FAIL; goto FreeAllocatedMem; } /* get requested ssf */ external = params->external_ssf; /* what do we _need_? how much is too much? */ if (!text->http_mode && /* HTTP Digest doesn't need buffer */ params->props.maxbufsize == 0) { musthave = 0; limit = 0; } else { if (params->props.max_ssf > external) { limit = params->props.max_ssf - external; } else { limit = 0; } if (params->props.min_ssf > external) { musthave = params->props.min_ssf - external; } else { musthave = 0; } } /* we now go searching for an option that gives us at least "musthave" and at most "limit" bits of ssf. */ if ((limit > 1) && (protection & DIGEST_PRIVACY)) { struct digest_cipher *cipher; /* let's find an encryption scheme that we like */ cipher = available_ciphers; while (cipher->name) { /* examine each cipher we support, see if it meets our security requirements, and see if the server supports it. choose the best one of these */ if ((limit >= cipher->ssf) && (musthave <= cipher->ssf) && (ciphers & cipher->flag) && (!ctext->cipher || (cipher->ssf > ctext->cipher->ssf))) { ctext->cipher = cipher; } cipher++; } if (ctext->cipher) { /* we found a cipher we like */ ctext->protection = DIGEST_PRIVACY; } else { /* we didn't find any ciphers we like */ params->utils->seterror(params->utils->conn, 0, "No good privacy layers"); } } if (ctext->cipher == NULL) { /* we failed to find an encryption layer we liked; can we use integrity or nothing? */ if ((limit >= 1) && (musthave <= 1) && (protection & DIGEST_INTEGRITY)) { /* integrity */ ctext->protection = DIGEST_INTEGRITY; } else if (musthave <= 0) { /* no layer */ ctext->protection = DIGEST_NOLAYER; /* See if server supports not having a layer */ if ((protection & DIGEST_NOLAYER) != DIGEST_NOLAYER) { params->utils->seterror(params->utils->conn, 0, "Server doesn't support \"no layer\""); result = SASL_FAIL; goto FreeAllocatedMem; } } else { params->utils->seterror(params->utils->conn, 0, "Can't find an acceptable layer"); result = SASL_TOOWEAK; goto FreeAllocatedMem; } } *outrealms = realms; *noutrealm = nrealm; FreeAllocatedMem: if (in_start) params->utils->free(in_start); if (result != SASL_OK && realms) { int lup; /* need to free all the realms */ for (lup = 0;lup < nrealm; lup++) params->utils->free(realms[lup]); params->utils->free(realms); } return result; } static int ask_user_info(client_context_t *ctext, sasl_client_params_t *params, char **realms, int nrealm, sasl_interact_t **prompt_need, sasl_out_params_t *oparams) { context_t *text = (context_t *) ctext; int result = SASL_OK; const char *authid = NULL, *userid = NULL, *realm = NULL; char *realm_chal = NULL; int user_result = SASL_OK; int auth_result = SASL_OK; int pass_result = SASL_OK; int realm_result = SASL_FAIL; int i; size_t len; params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 ask_user_info()"); /* try to get the authid */ if (oparams->authid == NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) { return auth_result; } } /* try to get the userid */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &userid, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) { return user_result; } } /* try to get the password */ if (ctext->password == NULL) { pass_result = _plug_get_password(params->utils, &ctext->password, &ctext->free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) { return pass_result; } } /* try to get the realm */ if (text->realm == NULL) { if (realms) { if(nrealm == 1) { /* only one choice */ realm = realms[0]; realm_result = SASL_OK; } else { /* ask the user */ realm_result = _plug_get_realm(params->utils, (const char **) realms, (const char **) &realm, prompt_need); } } /* fake the realm if we must */ if ((realm_result != SASL_OK) && (realm_result != SASL_INTERACT)) { if (params->serverFQDN) { realm = params->serverFQDN; } else { return realm_result; } } } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT) || (realm_result == SASL_INTERACT)) { /* make our default realm */ if (realm_result == SASL_INTERACT) { if (realms) { len = strlen(REALM_CHAL_PREFIX); for (i = 0; i < nrealm; i++) { len += strlen(realms[i]) + 4 /* " {}," */; } realm_chal = params->utils->malloc(len + 1); strcpy (realm_chal, REALM_CHAL_PREFIX); for (i = 0; i < nrealm; i++) { strcat (realm_chal, " {"); strcat (realm_chal, realms[i]); strcat (realm_chal, "},"); } /* Replace the terminating comma with dot */ realm_chal[len-1] = '.'; } else if (params->serverFQDN) { realm_chal = params->utils->malloc(3+strlen(params->serverFQDN)); if (realm_chal) { sprintf(realm_chal, "{%s}", params->serverFQDN); } else { return SASL_NOMEM; } } } /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, realm_chal ? realm_chal : "{}", realm_result == SASL_INTERACT ? "Please enter your realm" : NULL, params->serverFQDN ? params->serverFQDN : NULL); if (result == SASL_OK) return SASL_INTERACT; return result; } if (oparams->authid == NULL) { if (!userid || !*userid) { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) return result; result = params->canon_user(params->utils->conn, userid, 0, SASL_CU_AUTHZID, oparams); } if (result != SASL_OK) return result; } /* Get an allocated version of the realm into the structure */ if (realm && text->realm == NULL) { _plug_strdup(params->utils, realm, (char **) &text->realm, NULL); } return result; } static int digestmd5_client_mech_new(void *glob_context, sasl_client_params_t * params, void **conn_context) { context_t *text; if ((params->flags & SASL_NEED_HTTP) && !params->http_request) { SETERROR(params->utils, "DIGEST-MD5 unavailable due to lack of HTTP request"); return SASL_BADPARAM; } /* holds state are in -- allocate client size */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) return SASL_NOMEM; memset(text, 0, sizeof(client_context_t)); text->state = 1; text->i_am = CLIENT; text->http_mode = (params->flags & SASL_NEED_HTTP); text->reauth = ((digest_glob_context_t *) glob_context)->reauth; *conn_context = text; return SASL_OK; } static int digestmd5_client_mech_step1(client_context_t *ctext, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) ctext; int result = SASL_FAIL; unsigned val; params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 client step 1"); result = ask_user_info(ctext, params, NULL, 0, prompt_need, oparams); if (result != SASL_OK) return result; /* check if we have cached info for this user on this server */ val = hash(params->serverFQDN) % text->reauth->size; if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ if (text->reauth->e[val].u.c.serverFQDN && !strcasecmp(text->reauth->e[val].u.c.serverFQDN, params->serverFQDN) && !strcmp(text->reauth->e[val].authid, oparams->authid)) { /* we have info, so use it */ if (text->realm) params->utils->free(text->realm); _plug_strdup(params->utils, text->reauth->e[val].realm, &text->realm, NULL); _plug_strdup(params->utils, (char *) text->reauth->e[val].nonce, (char **) &text->nonce, NULL); text->nonce_count = ++text->reauth->e[val].nonce_count; _plug_strdup(params->utils, (char *) text->reauth->e[val].cnonce, (char **) &text->cnonce, NULL); if (text->http_mode) { /* per RFC 2617: algorithm & opaque MUST be sent back to server */ _plug_strdup(params->utils, (char *) text->reauth->e[val].u.c.algorithm, (char **) &ctext->algorithm, NULL); if (text->reauth->e[val].u.c.opaque) { _plug_strdup(params->utils, (char *) text->reauth->e[val].u.c.opaque, (char **) &ctext->opaque, NULL); } } ctext->protection = text->reauth->e[val].u.c.protection; ctext->cipher = text->reauth->e[val].u.c.cipher; ctext->server_maxbuf = text->reauth->e[val].u.c.server_maxbuf; } params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } if (!text->nonce) { /* we don't have any reauth info, so just return * that there is no initial client send */ text->state = 2; return SASL_CONTINUE; } /* * (username | realm | nonce | cnonce | nonce-count | qop digest-uri | * response | maxbuf | charset | auth-param ) */ result = make_client_response(text, params, oparams); if (result != SASL_OK) return result; *clientoutlen = (unsigned) strlen(text->out_buf); *clientout = text->out_buf; text->state = 3; return SASL_CONTINUE; } static int digestmd5_client_mech_step2(client_context_t *ctext, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) ctext; int result = SASL_FAIL; char **realms = NULL; int nrealm = 0; params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 client step 2"); if (params->props.min_ssf > params->props.max_ssf) { return SASL_BADPARAM; } /* don't bother parsing the challenge more than once */ if (text->nonce == NULL) { result = parse_server_challenge(ctext, params, serverin, serverinlen, &realms, &nrealm); if (result != SASL_OK) goto FreeAllocatedMem; if (nrealm == 1) { /* only one choice! */ text->realm = realms[0]; /* free realms */ params->utils->free(realms); realms = NULL; } else { /* Save realms for later use */ text->realms = realms; text->realm_cnt = nrealm; } } else { /* Restore the list of realms */ realms = text->realms; nrealm = text->realm_cnt; } result = ask_user_info(ctext, params, realms, nrealm, prompt_need, oparams); if (result != SASL_OK) goto FreeAllocatedMem; /* * (username | realm | nonce | cnonce | nonce-count | qop | digest-uri | * response | maxbuf | charset | auth-param ) */ result = make_client_response(text, params, oparams); if (result != SASL_OK) goto FreeAllocatedMem; *clientoutlen = (unsigned) strlen(text->out_buf); *clientout = text->out_buf; text->state = 3; result = SASL_CONTINUE; FreeAllocatedMem: return result; } static int digestmd5_client_mech_step3(client_context_t *ctext, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout __attribute__((unused)), unsigned *clientoutlen __attribute__((unused)), sasl_out_params_t *oparams) { context_t *text = (context_t *) ctext; char *in = NULL; char *in_start; int result = SASL_FAIL; params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 client step 3"); /* Verify that server is really what he claims to be */ in_start = in = params->utils->malloc(serverinlen + 1); if (in == NULL) return SASL_NOMEM; memcpy(in, serverin, serverinlen); in[serverinlen] = 0; /* parse the response */ while (in[0] != '\0') { char *name, *value; get_pair(&in, &name, &value); if (name == NULL) { params->utils->seterror(params->utils->conn, 0, "DIGEST-MD5 Received Garbage"); result = SASL_BADAUTH; break; } if (*name == '\0') { break; } if (strcasecmp(name, "rspauth") == 0) { if (strcmp(text->response_value, value) != 0) { params->utils->seterror(params->utils->conn, 0, "DIGEST-MD5: This server wants us to believe that he knows shared secret"); result = SASL_BADSERV; } else { oparams->doneflag = 1; oparams->param_version = 0; result = SASL_OK; } break; } else { params->utils->log(params->utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 unrecognized pair %s/%s: ignoring", name, value); } } params->utils->free(in_start); if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ unsigned val = hash(params->serverFQDN) % text->reauth->size; switch (result) { case SASL_OK: if (text->nonce_count == 1) { /* successful initial auth, setup for future reauth */ clear_reauth_entry(&text->reauth->e[val], CLIENT, params->utils); _plug_strdup(params->utils, oparams->authid, &text->reauth->e[val].authid, NULL); text->reauth->e[val].realm = text->realm; text->realm = NULL; text->reauth->e[val].nonce = text->nonce; text->nonce = NULL; text->reauth->e[val].nonce_count = text->nonce_count; text->reauth->e[val].cnonce = text->cnonce; text->cnonce = NULL; _plug_strdup(params->utils, params->serverFQDN, &text->reauth->e[val].u.c.serverFQDN, NULL); if (text->http_mode) { /* per RFC 2617: algorithm & opaque MUST be saved */ text->reauth->e[val].u.c.algorithm = ctext->algorithm; ctext->algorithm = NULL; text->reauth->e[val].u.c.opaque = ctext->opaque; ctext->opaque = NULL; } text->reauth->e[val].u.c.protection = ctext->protection; text->reauth->e[val].u.c.cipher = ctext->cipher; text->reauth->e[val].u.c.server_maxbuf = ctext->server_maxbuf; } else { /* reauth, we already incremented nonce_count */ } break; default: if (text->nonce_count > 1) { /* failed reauth, clear cache */ clear_reauth_entry(&text->reauth->e[val], CLIENT, params->utils); } else { /* failed initial auth, leave existing cache */ } } params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } return result; } static int digestmd5_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; client_context_t *ctext = (client_context_t *) conn_context; unsigned val = hash(params->serverFQDN) % text->reauth->size; if (serverinlen > 2048) return SASL_BADPROT; *clientout = NULL; *clientoutlen = 0; switch (text->state) { case 1: if (!serverin) { /* here's where we attempt fast reauth if possible */ int reauth = 0; /* check if we have saved info for this server */ if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ reauth = text->reauth->e[val].u.c.serverFQDN && !strcasecmp(text->reauth->e[val].u.c.serverFQDN, params->serverFQDN); params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } if (reauth) { return digestmd5_client_mech_step1(ctext, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); } else { /* we don't have any reauth info, so just return * that there is no initial client send */ text->state = 2; return SASL_CONTINUE; } } /* fall through and respond to challenge */ case 3: if (serverin && !strncasecmp(serverin, "rspauth=", 8)) { return digestmd5_client_mech_step3(ctext, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); } /* fall through and respond to challenge */ text->state = 2; /* cleanup after a failed reauth attempt */ if (params->utils->mutex_lock(text->reauth->mutex) == SASL_OK) { /* LOCK */ clear_reauth_entry(&text->reauth->e[val], CLIENT, params->utils); params->utils->mutex_unlock(text->reauth->mutex); /* UNLOCK */ } if (text->realm) params->utils->free(text->realm); if (text->nonce) params->utils->free(text->nonce); if (text->cnonce) params->utils->free(text->cnonce); text->realm = NULL; text->nonce = text->cnonce = NULL; ctext->cipher = NULL; case 2: return digestmd5_client_mech_step2(ctext, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid DIGEST-MD5 client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void digestmd5_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *ctext = (client_context_t *) conn_context; if (!ctext || !utils) return; utils->log(utils->conn, SASL_LOG_DEBUG, "DIGEST-MD5 client mech dispose"); if (ctext->free_password) _plug_free_secret(utils, &ctext->password); digestmd5_common_mech_dispose(conn_context, utils); } static sasl_client_plug_t digestmd5_client_plugins[] = { { "DIGEST-MD5", #ifdef WITH_RC4 /* mech_name */ 128, /* max ssf */ #elif defined(WITH_DES) 112, #else 1, #endif SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_NEEDSERVERFQDN | SASL_FEAT_ALLOWS_PROXY | SASL_FEAT_SUPPORTS_HTTP, /* features */ NULL, /* required_prompts */ &client_glob_context, /* glob_context */ &digestmd5_client_mech_new, /* mech_new */ &digestmd5_client_mech_step, /* mech_step */ &digestmd5_client_mech_dispose, /* mech_dispose */ &digestmd5_common_mech_free, /* mech_free */ NULL, /* idle */ NULL, /* spare1 */ NULL /* spare2 */ } }; int digestmd5_client_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { reauth_cache_t *reauth_cache; if (maxversion < SASL_CLIENT_PLUG_VERSION) return SASL_BADVERS; /* reauth cache */ reauth_cache = utils->malloc(sizeof(reauth_cache_t)); if (reauth_cache == NULL) return SASL_NOMEM; memset(reauth_cache, 0, sizeof(reauth_cache_t)); reauth_cache->i_am = CLIENT; /* mutex */ reauth_cache->mutex = utils->mutex_alloc(); if (!reauth_cache->mutex) return SASL_FAIL; /* entries */ reauth_cache->size = 10; reauth_cache->e = utils->malloc(reauth_cache->size * sizeof(reauth_entry_t)); if (reauth_cache->e == NULL) return SASL_NOMEM; memset(reauth_cache->e, 0, reauth_cache->size * sizeof(reauth_entry_t)); ((digest_glob_context_t *) digestmd5_client_plugins[0].glob_context)->reauth = reauth_cache; *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = digestmd5_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/kerberos4.c0000646000076400007640000011152211563272261014375 00000000000000/* Kerberos4 SASL plugin * Rob Siemborski * Tim Martin * $Id: kerberos4.c,v 1.100 2009/03/10 16:27:52 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifdef WITH_DES # ifdef WITH_SSL_DES # include # else # include # endif /* WITH_SSL_DES */ #endif /* WITH_DES */ #ifdef WIN32 # include #elif defined(macintosh) #include #else # include # include # include # include # include #endif /* WIN32 */ #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh /* * krb.h doenst include some functions and mac compiler is picky * about declartions */ #include #include #endif #ifdef WIN32 /* This must be after sasl.h, saslutil.h */ # include "saslKERBEROSV4.h" /* KClient doesn't define this */ typedef struct krb_principal { char name[ANAME_SZ]; char instance[INST_SZ]; char realm[REALM_SZ]; } krb_principal; /* This isn't defined under WIN32. For access() */ #ifndef R_OK #define R_OK 04 #endif /* we also need io.h for access() prototype */ #include #endif /* WIN32 */ #ifdef sun /* gotta define gethostname ourselves on suns */ extern int gethostname(char *, int); #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: kerberos4.c,v 1.100 2009/03/10 16:27:52 mel Exp $"; #ifndef KEYFILE #define KEYFILE "/etc/srvtab"; #endif #define KRB_SECFLAG_NONE (1) #define KRB_SECFLAG_INTEGRITY (2) #define KRB_SECFLAG_ENCRYPTION (4) #define KRB_SECFLAGS (7) #define KRB_SECFLAG_CREDENTIALS (8) #define KRB_DES_SECURITY_BITS (56) #define KRB_INTEGRITY_BITS (1) typedef enum Krb_sec { KRB_SEC_NONE = 0, KRB_SEC_INTEGRITY = 1, KRB_SEC_ENCRYPTION = 2 } Krb_sec_t; typedef struct context { int state; int challenge; /* this is the challenge (32 bit int) used for the authentication */ char *service; /* kerberos service */ char instance[ANAME_SZ]; char pname[ANAME_SZ]; char pinst[INST_SZ]; char prealm[REALM_SZ]; char *hostname; /* hostname */ char *realm; /* kerberos realm */ char *auth; /* */ CREDENTIALS credentials; des_cblock key; /* session key */ des_cblock session; /* session key */ des_key_schedule init_keysched; /* key schedule for initialization */ des_key_schedule enc_keysched; /* encryption key schedule */ des_key_schedule dec_keysched; /* decryption key schedule */ struct sockaddr_in ip_local; /* local ip address and port. needed for layers */ struct sockaddr_in ip_remote; /* remote ip address and port. needed for layers */ const sasl_utils_t *utils; /* this is useful to have around */ Krb_sec_t sec_type; char *encode_buf; /* For encoding/decoding mem management */ char *decode_buf; char *decode_once_buf; unsigned encode_buf_len; unsigned decode_buf_len; unsigned decode_once_buf_len; buffer_info_t *enc_in_buf; decode_context_t decode_context; char *out_buf; /* per-step mem management */ unsigned out_buf_len; const char *user; /* used by client */ int secflags; /* client/server supports layers? */ long time_sec; /* These are used to make sure we are getting */ char time_5ms; /* strictly increasing timestamps */ } context_t; #define KRB_LOCK_MUTEX(utils) \ if(((sasl_utils_t *)(utils))->mutex_lock(krb_mutex) != 0) { \ ((sasl_utils_t *)(utils))->seterror(((sasl_utils_t *)(utils))->conn, \ 0, "error locking mutex"); \ return SASL_FAIL; \ } #define KRB_UNLOCK_MUTEX(utils) \ if(((sasl_utils_t *)(utils))->mutex_unlock(krb_mutex) != 0) { \ ((sasl_utils_t *)(utils))->seterror(((sasl_utils_t *)(utils))->conn, \ 0, "error unlocking mutex"); \ return SASL_FAIL; \ } /* Mutex for not-thread-safe kerberos 4 library */ static void *krb_mutex = NULL; static char *srvtab = NULL; static unsigned refcount = 0; static int kerberosv4_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { int len, ret; context_t *text = (context_t *)context; struct buffer_info *inblob, bufinfo; if(numiov > 1) { ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf); if(ret != SASL_OK) return ret; inblob = text->enc_in_buf; } else { bufinfo.data = invec[0].iov_base; bufinfo.curlen = invec[0].iov_len; inblob = &bufinfo; } ret = _plug_buf_alloc(text->utils, &(text->encode_buf), &text->encode_buf_len, inblob->curlen+40); if(ret != SASL_OK) return ret; KRB_LOCK_MUTEX(text->utils); if (text->sec_type == KRB_SEC_ENCRYPTION) { /* Type incompatibility on 4th arg probably means you're building against krb4 in MIT krb5, but got the OpenSSL headers in your way. You need to not use openssl/des.h with MIT kerberos. */ len=krb_mk_priv(inblob->data, (text->encode_buf+4), inblob->curlen, text->init_keysched, &text->session, &text->ip_local, &text->ip_remote); } else if (text->sec_type == KRB_SEC_INTEGRITY) { len=krb_mk_safe(inblob->data, (text->encode_buf+4), inblob->curlen, &text->session, &text->ip_local, &text->ip_remote); } else { len = -1; } KRB_UNLOCK_MUTEX(text->utils); /* returns -1 on error */ if (len==-1) return SASL_FAIL; /* now copy in the len of the buffer in network byte order */ *outputlen=len+4; len=htonl(len); memcpy(text->encode_buf, &len, 4); /* Setup the const pointer */ *output = text->encode_buf; return SASL_OK; } static int kerberosv4_decode_packet(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int result; MSG_DAT data; memset(&data,0,sizeof(MSG_DAT)); KRB_LOCK_MUTEX(text->utils); if (text->sec_type == KRB_SEC_ENCRYPTION) { result=krb_rd_priv(input, inputlen, text->init_keysched, &text->session, &text->ip_remote, &text->ip_local, &data); } else if (text->sec_type == KRB_SEC_INTEGRITY) { result = krb_rd_safe(input, inputlen, &text->session, &text->ip_remote, &text->ip_local, &data); } else { KRB_UNLOCK_MUTEX(text->utils); text->utils->seterror(text->utils->conn, 0, "KERBEROS_4 decode called with KRB_SEC_NONE"); return SASL_FAIL; } KRB_UNLOCK_MUTEX(text->utils); /* see if the krb library gave us a failure */ if (result != 0) { text->utils->seterror(text->utils->conn, 0, get_krb_err_txt(result)); return SASL_FAIL; } /* check to make sure the timestamps are ok */ if ((data.time_sec < text->time_sec) || /* if an earlier time */ (((data.time_sec == text->time_sec) && /* or the exact same time */ (data.time_5ms < text->time_5ms)))) { text->utils->seterror(text->utils->conn, 0, "timestamps not ok"); return SASL_FAIL; } text->time_sec = data.time_sec; text->time_5ms = data.time_5ms; result = _plug_buf_alloc(text->utils, &text->decode_once_buf, &text->decode_once_buf_len, data.app_length + 1); if(result != SASL_OK) return result; *output = text->decode_once_buf; *outputlen = data.app_length; memcpy(*output, data.app_data, data.app_length); (*output)[*outputlen] = '\0'; return SASL_OK; } static int kerberosv4_decode(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; ret = _plug_decode(&text->decode_context, input, inputlen, &text->decode_buf, &text->decode_buf_len, outputlen, kerberosv4_decode_packet, text); *output = text->decode_buf; return ret; } static int new_text(const sasl_utils_t *utils, context_t **text) { context_t *ret = (context_t *) utils->malloc(sizeof(context_t)); if (ret == NULL) { MEMERROR(utils); return SASL_NOMEM; } memset(ret, 0, sizeof(context_t)); ret->state = 1; ret->utils = utils; *text = ret; return SASL_OK; } static void kerberosv4_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { context_t *text = (context_t *)conn_context; if(!text) return; _plug_decode_free(&text->decode_context); if (text->encode_buf) utils->free(text->encode_buf); if (text->decode_buf) utils->free(text->decode_buf); if (text->decode_once_buf) utils->free(text->decode_once_buf); if (text->out_buf) utils->free(text->out_buf); if (text->enc_in_buf) { if(text->enc_in_buf->data) utils->free(text->enc_in_buf->data); utils->free(text->enc_in_buf); } /* no need to free userid, it's just the interaction result */ utils->free(text); } static void kerberosv4_common_mech_free(void *glob_context __attribute__((unused)), const sasl_utils_t *utils) { if (krb_mutex) { utils->mutex_free(krb_mutex); krb_mutex = NULL; /* in case we need to re-use it */ } refcount--; if (srvtab && !refcount) { utils->free(srvtab); srvtab = NULL; } } /***************************** Server Section *****************************/ static int cando_sec(sasl_security_properties_t *props, int external_ssf, int secflag) { int need; int musthave; if(props->maxbufsize == 0) { need = musthave = 0; } else { need = props->max_ssf - external_ssf; musthave = props->min_ssf - external_ssf; } switch (secflag) { case KRB_SECFLAG_NONE: if (musthave <= 0) return 1; break; case KRB_SECFLAG_INTEGRITY: if ((musthave <= KRB_INTEGRITY_BITS) && (KRB_INTEGRITY_BITS <= need)) return 1; break; case KRB_SECFLAG_ENCRYPTION: if ((musthave <= KRB_DES_SECURITY_BITS) && (KRB_DES_SECURITY_BITS <= need)) return 1; break; case KRB_SECFLAG_CREDENTIALS: if (props->security_flags & SASL_SEC_PASS_CREDENTIALS) return 1; break; } return 0; } static int ipv4_ipfromstring(const sasl_utils_t *utils, const char *addr, struct sockaddr_in *out) { struct sockaddr_storage ss; int result; result = _plug_ipfromstring(utils, addr, (struct sockaddr *)&ss, sizeof(ss)); if (result != SASL_OK) { /* couldn't get local IP address */ return result; } /* Kerberos_V4 supports only IPv4 */ if (((struct sockaddr *)&ss)->sa_family != AF_INET) return SASL_FAIL; memcpy(out, &ss, sizeof(struct sockaddr_in)); return SASL_OK; } #ifndef macintosh static int kerberosv4_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { return new_text(sparams->utils, (context_t **) conn_context); } static int kerberosv4_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; int result; *serverout = NULL; *serveroutlen = 0; switch (text->state) { case 1: { /* random 32-bit number */ int randocts, nchal; /* shouldn't we check for erroneous client input here?!? */ sparams->utils->rand(sparams->utils->rpool,(char *) &randocts , sizeof(randocts)); text->challenge=randocts; nchal = htonl(text->challenge); result = _plug_buf_alloc(text->utils, &text->out_buf, &text->out_buf_len, 5); if (result != SASL_OK) return result; memcpy(text->out_buf,&nchal,4); *serverout = text->out_buf; *serveroutlen = 4; text->state = 2; return SASL_CONTINUE; } case 2: { int nchal; unsigned char sout[8]; AUTH_DAT ad; KTEXT_ST ticket; unsigned lup; struct sockaddr_in addr; char *dot; /* received authenticator */ /* create ticket */ if (clientinlen > MAX_KTXT_LEN) { text->utils->seterror(text->utils->conn,0, "request larger than maximum ticket size"); return SASL_FAIL; } ticket.length=clientinlen; for (lup = 0; lup < clientinlen; lup++) ticket.dat[lup] = clientin[lup]; KRB_LOCK_MUTEX(sparams->utils); text->realm = krb_realmofhost(sparams->serverFQDN); /* get instance */ strncpy (text->instance, krb_get_phost (sparams->serverFQDN), sizeof (text->instance)); KRB_UNLOCK_MUTEX(sparams->utils); text->instance[sizeof(text->instance)-1] = 0; /* At some sites, krb_get_phost() sensibly but * atypically returns FQDNs, versus the first component, * which is what we need for RFC2222 section 7.1 */ dot = strchr(text->instance, '.'); if (dot) *dot = '\0'; memset(&addr, 0, sizeof(struct sockaddr_in)); #ifndef KRB4_IGNORE_IP_ADDRESS /* (we ignore IP addresses in krb4 tickets at CMU to facilitate moving from machine to machine) */ /* get ip number in addr*/ result = ipv4_ipfromstring(sparams->utils, sparams->ipremoteport, &addr); if (result != SASL_OK || !sparams->ipremoteport) { SETERROR(text->utils, "couldn't get remote IP address"); return result; } #endif /* check ticket */ KRB_LOCK_MUTEX(sparams->utils); result = krb_rd_req(&ticket, (char *) sparams->service, text->instance, addr.sin_addr.s_addr, &ad, srvtab); KRB_UNLOCK_MUTEX(sparams->utils); if (result) { /* if fails mechanism fails */ text->utils->seterror(text->utils->conn,0, "krb_rd_req failed service=%s instance=%s error code=%s (%i)", sparams->service, text->instance,get_krb_err_txt(result),result); return SASL_BADAUTH; } /* 8 octets of data * 1-4 checksum+1 * 5 security layers * 6-8max cipher text buffer size * use DES ECB in the session key */ nchal=htonl(text->challenge+1); memcpy(sout, &nchal, 4); sout[4]= 0; if (cando_sec(&sparams->props, sparams->external_ssf, KRB_SECFLAG_NONE)) sout[4] |= KRB_SECFLAG_NONE; if (cando_sec(&sparams->props, sparams->external_ssf, KRB_SECFLAG_INTEGRITY)) sout[4] |= KRB_SECFLAG_INTEGRITY; if (cando_sec(&sparams->props, sparams->external_ssf, KRB_SECFLAG_ENCRYPTION)) sout[4] |= KRB_SECFLAG_ENCRYPTION; if (cando_sec(&sparams->props, sparams->external_ssf, KRB_SECFLAG_CREDENTIALS)) sout[4] |= KRB_SECFLAG_CREDENTIALS; if(sparams->props.maxbufsize) { int tmpmaxbuf = (sparams->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : sparams->props.maxbufsize; sout[5]=((tmpmaxbuf >> 16) & 0xFF); sout[6]=((tmpmaxbuf >> 8) & 0xFF); sout[7]=(tmpmaxbuf & 0xFF); } else { /* let's say we can support up to 64K */ /* no inherent inability with our layers to support more */ sout[5]=0x00; /* max ciphertext buffer size */ sout[6]=0xFF; sout[7]=0xFF; } memcpy(text->session, ad.session, 8); memcpy(text->pname, ad.pname, sizeof(text->pname)); memcpy(text->pinst, ad.pinst, sizeof(text->pinst)); memcpy(text->prealm, ad.prealm, sizeof(text->prealm)); des_key_sched(&ad.session, text->init_keysched); /* make keyschedule for encryption and decryption */ des_key_sched(&ad.session, text->enc_keysched); des_key_sched(&ad.session, text->dec_keysched); des_ecb_encrypt((des_cblock *)sout, (des_cblock *)sout, text->init_keysched, DES_ENCRYPT); result = _plug_buf_alloc(text->utils, &text->out_buf, &text->out_buf_len, 9); if(result != SASL_OK) return result; memcpy(text->out_buf,&sout,8); *serverout = text->out_buf; *serveroutlen = 8; text->state = 3; return SASL_CONTINUE; } case 3: { int result; int testnum; int flag; unsigned char *in; if ((clientinlen == 0) || (clientinlen % 8 != 0)) { text->utils->seterror(text->utils->conn,0, "Response to challengs is not a multiple of 8 octets (a DES block)"); return SASL_FAIL; } /* we need to make a copy because des does in place decrpytion */ in = sparams->utils->malloc(clientinlen + 1); if (in == NULL) { MEMERROR(sparams->utils); return SASL_NOMEM; } memcpy(in, clientin, clientinlen); in[clientinlen] = '\0'; /* decrypt; verify checksum */ des_pcbc_encrypt((des_cblock *)in, (des_cblock *)in, clientinlen, text->init_keysched, &text->session, DES_DECRYPT); testnum = (in[0]*256*256*256)+(in[1]*256*256)+(in[2]*256)+in[3]; if (testnum != text->challenge) { SETERROR(sparams->utils, "incorrect response to challenge"); return SASL_BADAUTH; } if (!cando_sec(&sparams->props, sparams->external_ssf, in[4] & KRB_SECFLAGS)) { SETERROR(sparams->utils, "invalid security property specified"); return SASL_BADPROT; } oparams->encode = &kerberosv4_encode; oparams->decode = &kerberosv4_decode; switch (in[4] & KRB_SECFLAGS) { case KRB_SECFLAG_NONE: text->sec_type = KRB_SEC_NONE; oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; break; case KRB_SECFLAG_INTEGRITY: text->sec_type = KRB_SEC_INTEGRITY; oparams->mech_ssf = KRB_INTEGRITY_BITS; break; case KRB_SECFLAG_ENCRYPTION: text->sec_type = KRB_SEC_ENCRYPTION; oparams->mech_ssf = KRB_DES_SECURITY_BITS; break; default: /* Mark that we tried */ oparams->mech_ssf = 2; SETERROR(sparams->utils, "not a supported encryption layer"); return SASL_BADPROT; } /* get ip data */ /* get ip number in addr*/ result = ipv4_ipfromstring(sparams->utils, sparams->iplocalport, &(text->ip_local)); if (result != SASL_OK) { SETERROR(sparams->utils, "couldn't get local ip address"); /* couldn't get local IP address */ return result; } result = ipv4_ipfromstring(sparams->utils, sparams->ipremoteport, &(text->ip_remote)); if (result != SASL_OK) { SETERROR(sparams->utils, "couldn't get remote ip address"); /* couldn't get remote IP address */ return result; } /* fill in oparams */ oparams->maxoutbuf = (in[5] << 16) + (in[6] << 8) + in[7]; if(oparams->mech_ssf) { /* FIXME: Likely to be too large */ oparams->maxoutbuf -= 50; } if (sparams->canon_user) { char *user=NULL, *authid=NULL; size_t ulen = 0, alen = strlen(text->pname); int ret, cflag = SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED; if (text->pinst[0]) { alen += strlen(text->pinst) + 1 /* for the . */; } flag = 0; if (strcmp(text->realm, text->prealm)) { alen += strlen(text->prealm) + 1 /* for the @ */; flag = 1; } authid = sparams->utils->malloc(alen + 1); if (!authid) { MEMERROR(sparams->utils); return SASL_NOMEM; } strcpy(authid, text->pname); if (text->pinst[0]) { strcat(authid, "."); strcat(authid, text->pinst); } if (flag) { strcat(authid, "@"); strcat(authid, text->prealm); } if (in[8]) { user = sparams->utils->malloc(strlen((char *) in + 8) + 1); if (!user) { MEMERROR(sparams->utils); return SASL_NOMEM; } strcpy(user, (char *) in + 8); ulen = strlen(user); } else { cflag |= SASL_CU_AUTHZID; } ret = sparams->canon_user(sparams->utils->conn, authid, alen, cflag, oparams); sparams->utils->free(authid); if (ret != SASL_OK) { if (user) sparams->utils->free(user); return ret; } if (user) { ret = sparams->canon_user(sparams->utils->conn, user, ulen, SASL_CU_AUTHZID, oparams); sparams->utils->free(user); } if (ret != SASL_OK) return ret; } /* nothing more to do; authenticated */ oparams->doneflag = 1; oparams->param_version = 0; /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, (sparams->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : sparams->props.maxbufsize); sparams->utils->free(in); return SASL_OK; } default: sparams->utils->log(NULL, SASL_LOG_ERR, "Invalid Kerberos server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static int kerberosv4_mech_avail(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, void **conn_context __attribute__((unused))) { struct sockaddr_in addr; if (!sparams->iplocalport || !sparams->ipremoteport || ipv4_ipfromstring(sparams->utils, sparams->iplocalport, &addr) != SASL_OK || ipv4_ipfromstring(sparams->utils, sparams->ipremoteport, &addr) != SASL_OK) { SETERROR(sparams->utils, "KERBEROS_V4 unavailable due to lack of IPv4 information"); return SASL_NOMECH; } return SASL_OK; } static sasl_server_plug_t kerberosv4_server_plugins[] = { { "KERBEROS_V4", /* mech_name */ KRB_DES_SECURITY_BITS, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_SERVER_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &kerberosv4_server_mech_new, /* mech_new */ &kerberosv4_server_mech_step, /* mech_step */ &kerberosv4_common_mech_dispose,/* mech_dispose */ &kerberosv4_common_mech_free, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ &kerberosv4_mech_avail, /* mech_avail */ NULL /* spare */ } }; #endif /* macintosh */ int kerberos4_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { #ifdef macintosh return SASL_BADVERS; #else const char *ret; unsigned int rl; if (maxversion < SASL_SERVER_PLUG_VERSION) { return SASL_BADVERS; } if (!krb_mutex) { krb_mutex = utils->mutex_alloc(); if(!krb_mutex) { return SASL_FAIL; } } if (!srvtab) { utils->getopt(utils->getopt_context, "KERBEROS_V4", "srvtab", &ret, &rl); if (ret == NULL) { ret = KEYFILE; rl = strlen(ret); } srvtab = utils->malloc(sizeof(char) * (rl + 1)); if(!srvtab) { MEMERROR(utils); return SASL_NOMEM; } strcpy(srvtab, ret); } refcount++; /* fail if we can't open the srvtab file */ if (access(srvtab, R_OK) != 0) { utils->log(NULL, SASL_LOG_ERR, "can't access srvtab file %s: %m", srvtab, errno); if(!(--refcount)) { utils->free(srvtab); srvtab=NULL; } return SASL_FAIL; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = kerberosv4_server_plugins; *plugcount = 1; return SASL_OK; #endif } /***************************** Client Section *****************************/ static int kerberosv4_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { return new_text(params->utils, (context_t **) conn_context); } static int kerberosv4_client_mech_step(void *conn_context, sasl_client_params_t *cparams, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; KTEXT_ST authent; int ret; *clientout = NULL; *clientoutlen = 0; authent.length = MAX_KTXT_LEN; switch (text->state) { case 1: { /* We should've just recieved a 32-bit number in network byte order. * We want to reply with an authenticator. */ int result; KTEXT_ST ticket; char *dot; memset(&ticket, 0L, sizeof(ticket)); ticket.length = MAX_KTXT_LEN; if (serverinlen != 4) { text->utils->seterror(text->utils->conn, 0, "server challenge not 4 bytes long"); return SASL_BADPROT; } memcpy(&text->challenge, serverin, 4); text->challenge=ntohl(text->challenge); if (cparams->serverFQDN == NULL) { cparams->utils->log(NULL, SASL_LOG_ERR, "no 'serverFQDN' set"); SETERROR(text->utils, "paramater error"); return SASL_BADPARAM; } if (cparams->service == NULL) { cparams->utils->log(NULL, SASL_LOG_ERR, "no 'service' set"); SETERROR(text->utils, "paramater error"); return SASL_BADPARAM; } KRB_LOCK_MUTEX(cparams->utils); text->realm=krb_realmofhost(cparams->serverFQDN); text->hostname=(char *) cparams->serverFQDN; /* the instance of the principal we're authenticating with */ strncpy (text->instance, krb_get_phost (cparams->serverFQDN), sizeof (text->instance)); /* text->instance is NULL terminated unless it was too long */ text->instance[sizeof(text->instance)-1] = '\0'; /* At some sites, krb_get_phost() sensibly but * atypically returns FQDNs, versus the first component, * which is what we need for RFC2222 section 7.1 */ dot = strchr(text->instance, '.'); if (dot) *dot = '\0'; #ifndef macintosh if ((result = krb_mk_req(&ticket, (char *) cparams->service, text->instance, text->realm, text->challenge))) #else memset(&text->credentials,0,sizeof(text->credentials)); if (kcglue_krb_mk_req(ticket.dat, &ticket.length, cparams->service, text->instance, text->realm, text->challenge, &text->credentials.session, text->credentials.pname, text->credentials.pinst) != 0) #endif { KRB_UNLOCK_MUTEX(cparams->utils); text->utils->seterror(text->utils->conn,SASL_NOLOG, "krb_mk_req() failed"); cparams->utils->log(NULL, SASL_LOG_ERR, "krb_mk_req() failed: %s (%d)", get_krb_err_txt(result), result); return SASL_FAIL; } KRB_UNLOCK_MUTEX(cparams->utils); ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), ticket.length); if (ret != SASL_OK) return ret; memcpy(text->out_buf, ticket.dat, ticket.length); *clientout = text->out_buf; *clientoutlen = ticket.length; text->state = 2; return SASL_CONTINUE; } /* challenge #2 */ case 2: { int need = 0; int musthave = 0; int testnum; int nchal; unsigned char *sout = NULL; unsigned len; unsigned char in[8]; int result; int servermaxbuf; char *buf; int user_result = SASL_OK; /* try to get the authid */ if (text->user == NULL) { user_result = _plug_get_userid(cparams->utils, &text->user, prompt_need); if (user_result != SASL_OK && user_result != SASL_INTERACT) return user_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { cparams->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (user_result == SASL_INTERACT) { /* make the prompt list */ int result = _plug_make_prompts(cparams->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result!=SASL_OK) return result; return SASL_INTERACT; } /* must be 8 octets */ if (serverinlen!=8) { SETERROR(cparams->utils, "server response not 8 bytes long"); return SASL_BADAUTH; } memcpy(in, serverin, 8); #ifndef macintosh /* get credentials */ KRB_LOCK_MUTEX(cparams->utils); result = krb_get_cred((char *)cparams->service, text->instance, text->realm, &text->credentials); KRB_UNLOCK_MUTEX(cparams->utils); if(result != 0) { cparams->utils->log(NULL, SASL_LOG_ERR, "krb_get_cred() failed: %s (%d)", get_krb_err_txt(result), result); SETERROR(cparams->utils, "krb_get_cred() failed"); return SASL_BADAUTH; } #endif memcpy(text->session, text->credentials.session, 8); /* make key schedule for encryption and decryption */ des_key_sched(&text->session, text->init_keysched); des_key_sched(&text->session, text->enc_keysched); des_key_sched(&text->session, text->dec_keysched); /* decrypt from server */ des_ecb_encrypt((des_cblock *)in, (des_cblock *)in, text->init_keysched, DES_DECRYPT); /* convert to 32bit int */ testnum = (in[0]*256*256*256)+(in[1]*256*256)+(in[2]*256)+in[3]; /* verify data 1st 4 octets must be equal to chal+1 */ if (testnum != text->challenge+1) { SETERROR(cparams->utils,"server response incorrect"); return SASL_BADAUTH; } /* construct 8 octets * 1-4 - original checksum * 5 - bitmask of sec layer * 6-8 max buffer size */ if (cparams->props.min_ssf > KRB_DES_SECURITY_BITS + cparams->external_ssf) { SETERROR(cparams->utils, "minimum ssf too strong for this mechanism"); return SASL_TOOWEAK; } else if (cparams->props.min_ssf > cparams->props.max_ssf) { SETERROR(cparams->utils, "minimum ssf larger than maximum ssf"); return SASL_BADPARAM; } /* create stuff to send to server */ sout = (char *) cparams->utils->malloc(9+(text->user ? strlen(text->user) : 0)+9); if (!sout) { MEMERROR(cparams->utils); return SASL_NOMEM; } nchal = htonl(text->challenge); memcpy(sout, &nchal, 4); /* need bits of layer */ if(cparams->props.maxbufsize == 0) { need = musthave = 0; } else { need = cparams->props.max_ssf - cparams->external_ssf; musthave = cparams->props.min_ssf - cparams->external_ssf; } oparams->decode = &kerberosv4_decode; oparams->encode = &kerberosv4_encode; if ((in[4] & KRB_SECFLAG_ENCRYPTION) && (need>=56) && (musthave <= 56)) { /* encryption */ text->sec_type = KRB_SEC_ENCRYPTION; oparams->mech_ssf = 56; sout[4] = KRB_SECFLAG_ENCRYPTION; /* using encryption layer */ } else if ((in[4] & KRB_SECFLAG_INTEGRITY) && (need >= 1) && (musthave <= 1)) { /* integrity */ text->sec_type = KRB_SEC_INTEGRITY; oparams->mech_ssf=1; sout[4] = KRB_SECFLAG_INTEGRITY; /* using integrity layer */ } else if ((in[4] & KRB_SECFLAG_NONE) && (musthave <= 0)) { /* no layer */ text->sec_type = KRB_SEC_NONE; oparams->encode=NULL; oparams->decode=NULL; oparams->mech_ssf=0; sout[4] = KRB_SECFLAG_NONE; } else { /* Mark that we tried */ oparams->mech_ssf=2; SETERROR(cparams->utils, "unable to agree on layers with server"); return SASL_BADPROT; } servermaxbuf = in[5]*256*256+in[6]*256+in[7]; oparams->maxoutbuf = servermaxbuf; if (oparams->mech_ssf) { /* FIXME: Likely to be too large */ oparams->maxoutbuf -= 50; } if(cparams->props.maxbufsize) { int tmpmaxbuf = ( cparams->props.maxbufsize > 0xFFFFFF ) ? 0xFFFFFF : cparams->props.maxbufsize; sout[5]=((tmpmaxbuf >> 16) & 0xFF); sout[6]=((tmpmaxbuf >> 8) & 0xFF); sout[7]=(tmpmaxbuf & 0xFF); } else { /* let's say we can support up to 64K */ /* no inherent inability with our layers to support more */ sout[5]=0x00; /* max ciphertext buffer size */ sout[6]=0xFF; sout[7]=0xFF; } sout[8] = 0x00; /* just to be safe */ /* append userid */ len = 9; /* 8 + trailing NULL */ if (text->user) { strcpy((char *)sout + 8, text->user); len += strlen(text->user); } /* append 0 based octets so is multiple of 8 */ while(len % 8) { sout[len]=0; len++; } sout[len]=0; des_pcbc_encrypt((des_cblock *)sout, (des_cblock *)sout, len, text->init_keysched, (des_cblock *)text->session, DES_ENCRYPT); result = _plug_buf_alloc(text->utils, &text->out_buf, &text->out_buf_len, len); if (result != SASL_OK) return result; memcpy(text->out_buf, sout, len); *clientout = text->out_buf; *clientoutlen = len; /* nothing more to do; should be authenticated */ if(cparams->iplocalport) { result = ipv4_ipfromstring(cparams->utils, cparams->iplocalport, &(text->ip_local)); if (result != SASL_OK) { /* couldn't get local IP address */ return result; } } if (cparams->ipremoteport) { result = ipv4_ipfromstring(cparams->utils, cparams->ipremoteport, &(text->ip_remote)); if (result != SASL_OK) { /* couldn't get local IP address */ return result; } } buf = cparams->utils->malloc(strlen(text->credentials.pname) + strlen(text->credentials.pinst) + 2); if (!buf) { MEMERROR(cparams->utils); return SASL_NOMEM; } strcpy(buf, text->credentials.pname); if (text->credentials.pinst[0]) { strcat(buf, "."); strcat(buf, text->credentials.pinst); } if (text->user && !text->user[0]) { text->user = NULL; } ret = cparams->canon_user(cparams->utils->conn, buf, 0, SASL_CU_AUTHID, oparams); if (ret != SASL_OK) { cparams->utils->free(buf); cparams->utils->free(sout); return ret; } if (!text->user) { /* 0 in length fields means use strlen() */ ret = cparams->canon_user(cparams->utils->conn, buf, 0, SASL_CU_AUTHZID, oparams); } else { ret = cparams->canon_user(cparams->utils->conn, text->user, 0, SASL_CU_AUTHZID, oparams); } cparams->utils->free(buf); oparams->doneflag = 1; oparams->param_version = 0; /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, (cparams->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : cparams->props.maxbufsize); if (sout) cparams->utils->free(sout); return SASL_OK; } default: cparams->utils->log(NULL, SASL_LOG_ERR, "Invalid Kerberos client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static const long kerberosv4_required_prompts[] = { SASL_CB_LIST_END }; static sasl_client_plug_t kerberosv4_client_plugins[] = { { "KERBEROS_V4", /* mech_name */ KRB_DES_SECURITY_BITS, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_NEEDSERVERFQDN | SASL_FEAT_SERVER_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ kerberosv4_required_prompts, /* required_prompts */ NULL, /* glob_context */ &kerberosv4_client_mech_new, /* mech_new */ &kerberosv4_client_mech_step, /* mech_step */ &kerberosv4_common_mech_dispose,/* mech_dispose */ &kerberosv4_common_mech_free, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int kerberos4_client_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "Wrong KERBEROS_V4 version"); return SASL_BADVERS; } if(!krb_mutex) { krb_mutex = utils->mutex_alloc(); if(!krb_mutex) { return SASL_FAIL; } } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = kerberosv4_client_plugins; *plugcount = 1; refcount++; return SASL_OK; } cyrus-sasl-2.1.25/plugins/srp.c0000646000076400007640000023744211475221216013307 00000000000000/* SRP SASL plugin * Ken Murchison * Tim Martin 3/17/00 * $Id: srp.c,v 1.59 2010/11/30 11:41:47 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Notes: * * - The authentication exchanges *should* be correct (per draft -08) * but we won't know until we do some interop testing. * * - The security layers don't conform to draft -08: * o We don't use eos() and os() elements in an SRP buffer, we send * just the bare octets. * o We don't yet use the PRNG() and KDF() primatives described in * section 5.1. * * - Are we using cIV and sIV correctly for encrypt/decrypt? * * - We don't implement fast reauth. */ #include #include #include #include #include #include #ifndef UINT32_MAX #define UINT32_MAX 4294967295U #endif #if UINT_MAX == UINT32_MAX typedef unsigned int uint32; #elif ULONG_MAX == UINT32_MAX typedef unsigned long uint32; #elif USHRT_MAX == UINT32_MAX typedef unsigned short uint32; #else #error dont know what to use for uint32 #endif /* for big number support */ #include /* for digest and cipher support */ #include #include #include #include #define MD5_H /* suppress internal MD5 */ #include #include "plugin_common.h" #ifdef macintosh #include #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: srp.c,v 1.59 2010/11/30 11:41:47 mel Exp $"; /* Size limit of cipher block size */ #define SRP_MAXBLOCKSIZE 16 /* Size limit of SRP buffer */ #define SRP_MAXBUFFERSIZE 2147483643 #define DEFAULT_MDA "SHA-1" #define OPTION_MDA "mda=" #define OPTION_REPLAY_DETECTION "replay_detection" #define OPTION_INTEGRITY "integrity=" #define OPTION_CONFIDENTIALITY "confidentiality=" #define OPTION_MANDATORY "mandatory=" #define OPTION_MAXBUFFERSIZE "maxbuffersize=" /* Table of recommended Modulus (base 16) and Generator pairs */ struct Ng { char *N; unsigned long g; } Ng_tab[] = { /* [264 bits] */ { "115B8B692E0E045692CF280B436735C77A5A9E8A9E7ED56C965F87DB5B2A2ECE3", 2 }, /* [384 bits] */ { "8025363296FB943FCE54BE717E0E2958A02A9672EF561953B2BAA3BAACC3ED5754EB764C7AB7184578C57D5949CCB41B", 2 }, /* [512 bits] */ { "D4C7F8A2B32C11B8FBA9581EC4BA4F1B04215642EF7355E37C0FC0443EF756EA2C6B8EEB755A1C723027663CAA265EF785B8FF6A9B35227A52D86633DBDFCA43", 2 }, /* [640 bits] */ { "C94D67EB5B1A2346E8AB422FC6A0EDAEDA8C7F894C9EEEC42F9ED250FD7F0046E5AF2CF73D6B2FA26BB08033DA4DE322E144E7A8E9B12A0E4637F6371F34A2071C4B3836CBEEAB15034460FAA7ADF483", 2 }, /* [768 bits] */ { "B344C7C4F8C495031BB4E04FF8F84EE95008163940B9558276744D91F7CC9F402653BE7147F00F576B93754BCDDF71B636F2099E6FFF90E79575F3D0DE694AFF737D9BE9713CEF8D837ADA6380B1093E94B6A529A8C6C2BE33E0867C60C3262B", 2 }, /* [1024 bits] */ { "EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3", 2 }, /* [1280 bits] */ { "D77946826E811914B39401D56A0A7843A8E7575D738C672A090AB1187D690DC43872FC06A7B6A43F3B95BEAEC7DF04B9D242EBDC481111283216CE816E004B786C5FCE856780D41837D95AD787A50BBE90BD3A9C98AC0F5FC0DE744B1CDE1891690894BC1F65E00DE15B4B2AA6D87100C9ECC2527E45EB849DEB14BB2049B163EA04187FD27C1BD9C7958CD40CE7067A9C024F9B7C5A0B4F5003686161F0605B", 2 }, /* [1536 bits] */ { "9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB", 2 }, /* [2048 bits] */ { "AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73", 2 } }; #define NUM_Ng (sizeof(Ng_tab) / sizeof(struct Ng)) typedef struct layer_option_s { const char *name; /* name used in option strings */ unsigned enabled; /* enabled? determined at run-time */ unsigned bit; /* unique bit in bitmask */ sasl_ssf_t ssf; /* ssf of layer */ const char *evp_name; /* name used for lookup in EVP table */ } layer_option_t; static layer_option_t digest_options[] = { { "SHA-1", 0, (1<<0), 1, "sha1" }, { "RIPEMD-160", 0, (1<<1), 1, "rmd160" }, { "MD5", 0, (1<<2), 1, "md5" }, { NULL, 0, 0, 0, NULL } }; static layer_option_t *default_digest = &digest_options[0]; static layer_option_t *server_mda = NULL; static layer_option_t cipher_options[] = { { "DES", 0, (1<<0), 56, "des-ofb" }, { "3DES", 0, (1<<1), 112, "des-ede-ofb" }, { "AES", 0, (1<<2), 128, "aes-128-ofb" }, { "Blowfish", 0, (1<<3), 128, "bf-ofb" }, { "CAST-128", 0, (1<<4), 128, "cast5-ofb" }, { "IDEA", 0, (1<<5), 128, "idea-ofb" }, { NULL, 0, 0, 0, NULL} }; /* XXX Hack until OpenSSL 0.9.7 */ #if OPENSSL_VERSION_NUMBER < 0x00907000L static layer_option_t *default_cipher = &cipher_options[0]; #else static layer_option_t *default_cipher = &cipher_options[2]; #endif enum { BIT_REPLAY_DETECTION= (1<<0), BIT_INTEGRITY= (1<<1), BIT_CONFIDENTIALITY= (1<<2) }; typedef struct srp_options_s { unsigned mda; /* bitmask of MDAs */ unsigned replay_detection; /* replay detection on/off flag */ unsigned integrity; /* bitmask of integrity layers */ unsigned confidentiality; /* bitmask of confidentiality layers */ unsigned mandatory; /* bitmask of mandatory layers */ unsigned long maxbufsize; /* max # bytes processed by security layer */ } srp_options_t; /* The main SRP context */ typedef struct context { int state; BIGNUM N; /* safe prime modulus */ BIGNUM g; /* generator */ BIGNUM v; /* password verifier */ BIGNUM b; /* server private key */ BIGNUM B; /* server public key */ BIGNUM a; /* client private key */ BIGNUM A; /* client public key */ char K[EVP_MAX_MD_SIZE]; /* shared context key */ int Klen; char M1[EVP_MAX_MD_SIZE]; /* client evidence */ int M1len; char *authid; /* authentication id (server) */ char *userid; /* authorization id (server) */ sasl_secret_t *password; /* user secret (client) */ unsigned int free_password; /* set if we need to free password */ char *client_options; char *server_options; srp_options_t client_opts; /* cache between client steps */ char cIV[SRP_MAXBLOCKSIZE]; /* cache between client steps */ char *salt; /* password salt */ int saltlen; const EVP_MD *md; /* underlying MDA */ /* copy of utils from the params structures */ const sasl_utils_t *utils; /* per-step mem management */ char *out_buf; unsigned out_buf_len; /* Layer foo */ unsigned layer; /* bitmask of enabled layers */ const EVP_MD *hmac_md; /* HMAC for integrity */ HMAC_CTX hmac_send_ctx; HMAC_CTX hmac_recv_ctx; const EVP_CIPHER *cipher; /* cipher for confidentiality */ EVP_CIPHER_CTX cipher_enc_ctx; EVP_CIPHER_CTX cipher_dec_ctx; /* replay detection sequence numbers */ int seqnum_out; int seqnum_in; /* for encoding/decoding mem management */ char *encode_buf, *decode_buf, *decode_pkt_buf; unsigned encode_buf_len, decode_buf_len, decode_pkt_buf_len; /* layers buffering */ decode_context_t decode_context; } context_t; static int srp_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; unsigned i; char *input; unsigned long inputlen, tmpnum; int ret; if (!context || !invec || !numiov || !output || !outputlen) { PARAMERROR( text->utils ); return SASL_BADPARAM; } /* calculate total size of input */ for (i = 0, inputlen = 0; i < numiov; i++) inputlen += invec[i].iov_len; /* allocate a buffer for the output */ ret = _plug_buf_alloc(text->utils, &text->encode_buf, &text->encode_buf_len, 4 + /* for length */ inputlen + /* for content */ SRP_MAXBLOCKSIZE + /* for PKCS padding */ EVP_MAX_MD_SIZE); /* for HMAC */ if (ret != SASL_OK) return ret; *outputlen = 4; /* length */ /* operate on each iovec */ for (i = 0; i < numiov; i++) { input = invec[i].iov_base; inputlen = invec[i].iov_len; if (text->layer & BIT_CONFIDENTIALITY) { unsigned enclen; /* encrypt the data into the output buffer */ EVP_EncryptUpdate(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen, input, inputlen); *outputlen += enclen; /* switch the input to the encrypted data */ input = text->encode_buf + 4; inputlen = *outputlen - 4; } else { /* copy the raw input to the output */ memcpy(text->encode_buf + *outputlen, input, inputlen); *outputlen += inputlen; } } if (text->layer & BIT_CONFIDENTIALITY) { unsigned enclen; /* encrypt the last block of data into the output buffer */ EVP_EncryptFinal(&text->cipher_enc_ctx, text->encode_buf + *outputlen, &enclen); *outputlen += enclen; } if (text->layer & BIT_INTEGRITY) { unsigned hashlen; /* hash the content */ HMAC_Update(&text->hmac_send_ctx, text->encode_buf+4, *outputlen-4); if (text->layer & BIT_REPLAY_DETECTION) { /* hash the sequence number */ tmpnum = htonl(text->seqnum_out); HMAC_Update(&text->hmac_send_ctx, (char *) &tmpnum, 4); text->seqnum_out++; } /* append the HMAC into the output buffer */ HMAC_Final(&text->hmac_send_ctx, text->encode_buf + *outputlen, &hashlen); *outputlen += hashlen; } /* prepend the length of the output */ tmpnum = *outputlen - 4; tmpnum = htonl(tmpnum); memcpy(text->encode_buf, &tmpnum, 4); *output = text->encode_buf; return SASL_OK; } /* decode a single SRP packet */ static int srp_decode_packet(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; if (text->layer & BIT_INTEGRITY) { const char *hash; char myhash[EVP_MAX_MD_SIZE]; unsigned hashlen, myhashlen, i; unsigned long tmpnum; hashlen = EVP_MD_size(text->hmac_md); if (inputlen < hashlen) { text->utils->seterror(text->utils->conn, 0, "SRP input is smaller " "than hash length: %d vs %d\n", inputlen, hashlen); return SASL_BADPROT; } inputlen -= hashlen; hash = input + inputlen; /* create our own hash from the input */ HMAC_Update(&text->hmac_recv_ctx, input, inputlen); if (text->layer & BIT_REPLAY_DETECTION) { /* hash the sequence number */ tmpnum = htonl(text->seqnum_in); HMAC_Update(&text->hmac_recv_ctx, (char *) &tmpnum, 4); text->seqnum_in++; } HMAC_Final(&text->hmac_recv_ctx, myhash, &myhashlen); /* compare hashes */ for (i = 0; i < hashlen; i++) { if ((myhashlen != hashlen) || (myhash[i] != hash[i])) { SETERROR(text->utils, "Hash is incorrect\n"); return SASL_BADMAC; } } } ret = _plug_buf_alloc(text->utils, &(text->decode_pkt_buf), &(text->decode_pkt_buf_len), inputlen); if (ret != SASL_OK) return ret; if (text->layer & BIT_CONFIDENTIALITY) { unsigned declen; /* decrypt the data into the output buffer */ EVP_DecryptUpdate(&text->cipher_dec_ctx, text->decode_pkt_buf, &declen, (char *) input, inputlen); *outputlen = declen; EVP_DecryptFinal(&text->cipher_dec_ctx, text->decode_pkt_buf + declen, &declen); *outputlen += declen; } else { /* copy the raw input to the output */ memcpy(text->decode_pkt_buf, input, inputlen); *outputlen = inputlen; } *output = text->decode_pkt_buf; return SASL_OK; } /* decode and concatenate multiple SRP packets */ static int srp_decode(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; ret = _plug_decode(&text->decode_context, input, inputlen, &text->decode_buf, &text->decode_buf_len, outputlen, srp_decode_packet, text); *output = text->decode_buf; return ret; } /* * Convert a big integer to it's byte representation */ static int BigIntToBytes(BIGNUM *num, char *out, int maxoutlen, int *outlen) { int len; len = BN_num_bytes(num); if (len > maxoutlen) return SASL_FAIL; *outlen = BN_bn2bin(num, out); return SASL_OK; } /* * Compare a big integer against a word. */ static int BigIntCmpWord(BIGNUM *a, BN_ULONG w) { BIGNUM *b = BN_new(); int r; BN_set_word(b, w); r = BN_cmp(a, b); BN_free(b); return r; } /* * Generate a random big integer. */ static void GetRandBigInt(BIGNUM *out) { BN_init(out); /* xxx likely should use sasl random funcs */ BN_rand(out, SRP_MAXBLOCKSIZE*8, 0, 0); } #define MAX_BUFFER_LEN 2147483643 #define MAX_MPI_LEN 65535 #define MAX_UTF8_LEN 65535 #define MAX_OS_LEN 255 /* * Make an SRP buffer from the data specified by the fmt string. */ static int MakeBuffer(const sasl_utils_t *utils, char **buf, unsigned *buflen, unsigned *outlen, const char *fmt, ...) { va_list ap; char *p, *out = NULL; int r, alloclen, len; BIGNUM *mpi; char *os, *str, c; uint32 u; short ns; long totlen; /* first pass to calculate size of buffer */ va_start(ap, fmt); for (p = (char *) fmt, alloclen = 0; *p; p++) { if (*p != '%') { alloclen++; continue; } switch (*++p) { case 'm': /* MPI */ mpi = va_arg(ap, BIGNUM *); len = BN_num_bytes(mpi); if (len > MAX_MPI_LEN) { utils->log(NULL, SASL_LOG_ERR, "String too long to create mpi string\n"); r = SASL_FAIL; goto done; } alloclen += len + 2; break; case 'o': /* octet sequence (len followed by data) */ len = va_arg(ap, int); if (len > MAX_OS_LEN) { utils->log(NULL, SASL_LOG_ERR, "String too long to create os string\n"); r = SASL_FAIL; goto done; } alloclen += len + 1; os = va_arg(ap, char *); break; case 's': /* string */ str = va_arg(ap, char *); len = strlen(str); if (len > MAX_UTF8_LEN) { utils->log(NULL, SASL_LOG_ERR, "String too long to create utf8 string\n"); r = SASL_FAIL; goto done; } alloclen += len + 2; break; case 'u': /* unsigned int */ u = va_arg(ap, uint32); alloclen += sizeof(uint32); break; case 'c': /* char */ c = va_arg(ap, int) & 0xFF; alloclen += 1; break; default: alloclen += 1; break; } } va_end(ap); if (alloclen > MAX_BUFFER_LEN) { utils->log(NULL, SASL_LOG_ERR, "String too long to create SRP buffer string\n"); return SASL_FAIL; } alloclen += 4; r = _plug_buf_alloc(utils, buf, buflen, alloclen); if (r != SASL_OK) return r; out = *buf + 4; /* skip size for now */ /* second pass to fill buffer */ va_start(ap, fmt); for (p = (char *) fmt; *p; p++) { if (*p != '%') { *out = *p; out++; continue; } switch (*++p) { case 'm': /* MPI */ mpi = va_arg(ap, BIGNUM *); r = BigIntToBytes(mpi, out+2, BN_num_bytes(mpi), &len); if (r) goto done; ns = htons(len); memcpy(out, &ns, 2); /* add 2 byte len (network order) */ out += len + 2; break; case 'o': /* octet sequence (len followed by data) */ len = va_arg(ap, int); os = va_arg(ap, char *); *out = len & 0xFF; /* add 1 byte len */ memcpy(out+1, os, len); /* add data */ out += len+1; break; case 's': /* string */ str = va_arg(ap, char *); /* xxx do actual utf8 conversion */ len = strlen(str); ns = htons(len); memcpy(out, &ns, 2); /* add 2 byte len (network order) */ memcpy(out+2, str, len); /* add string */ out += len + 2; break; case 'u': /* unsigned int */ u = va_arg(ap, uint32); u = htonl(u); memcpy(out, &u, sizeof(uint32)); out += sizeof(uint32); break; case 'c': /* char */ c = va_arg(ap, int) & 0xFF; *out = c; out++; break; default: *out = *p; out++; break; } } done: va_end(ap); *outlen = out - *buf; /* add 4 byte len (network order) */ totlen = htonl(*outlen - 4); memcpy(*buf, &totlen, 4); return r; } /* * Extract an SRP buffer into the data specified by the fmt string. * * A '-' flag means don't allocate memory for the data ('o' only). */ static int UnBuffer(const sasl_utils_t *utils, const char *buf, unsigned buflen, const char *fmt, ...) { va_list ap; char *p; int r = SASL_OK, noalloc; BIGNUM *mpi; char **os, **str; uint32 *u; unsigned short ns; unsigned len; if (!buf || buflen < 4) { utils->seterror(utils->conn, 0, "Buffer is not big enough to be SRP buffer: %d\n", buflen); return SASL_BADPROT; } /* get the length */ memcpy(&len, buf, 4); len = ntohl(len); buf += 4; buflen -= 4; /* make sure it's right */ if (len != buflen) { SETERROR(utils, "SRP Buffer isn't of the right length\n"); return SASL_BADPROT; } va_start(ap, fmt); for (p = (char *) fmt; *p; p++) { if (*p != '%') { if (*buf != *p) { r = SASL_BADPROT; goto done; } buf++; buflen--; continue; } /* check for noalloc flag */ if ((noalloc = (*++p == '-'))) ++p; switch (*p) { case 'm': /* MPI */ if (buflen < 2) { SETERROR(utils, "Buffer is not big enough to be SRP MPI\n"); r = SASL_BADPROT; goto done; } /* get the length */ memcpy(&ns, buf, 2); len = ntohs(ns); buf += 2; buflen -= 2; /* make sure it's right */ if (len > buflen) { SETERROR(utils, "Not enough data for this SRP MPI\n"); r = SASL_BADPROT; goto done; } mpi = va_arg(ap, BIGNUM *); BN_init(mpi); BN_bin2bn(buf, len, mpi); break; case 'o': /* octet sequence (len followed by data) */ if (buflen < 1) { SETERROR(utils, "Buffer is not big enough to be SRP os\n"); r = SASL_BADPROT; goto done; } /* get the length */ len = (unsigned char) *buf; buf++; buflen--; /* make sure it's right */ if (len > buflen) { SETERROR(utils, "Not enough data for this SRP os\n"); r = SASL_BADPROT; goto done; } *(va_arg(ap, int *)) = len; os = va_arg(ap, char **); if (noalloc) *os = (char *) buf; else { *os = (char *) utils->malloc(len); if (!*os) { r = SASL_NOMEM; goto done; } memcpy(*os, buf, len); } break; case 's': /* string */ if (buflen < 2) { SETERROR(utils, "Buffer is not big enough to be SRP UTF8\n"); r = SASL_BADPROT; goto done; } /* get the length */ memcpy(&ns, buf, 2); len = ntohs(ns); buf += 2; buflen -= 2; /* make sure it's right */ if (len > buflen) { SETERROR(utils, "Not enough data for this SRP UTF8\n"); r = SASL_BADPROT; goto done; } str = va_arg(ap, char **); *str = (char *) utils->malloc(len+1); /* +1 for NUL */ if (!*str) { r = SASL_NOMEM; goto done; } memcpy(*str, buf, len); (*str)[len] = '\0'; break; case 'u': /* unsigned int */ if (buflen < sizeof(uint32)) { SETERROR(utils, "Buffer is not big enough to be SRP uint\n"); r = SASL_BADPROT; goto done; } len = sizeof(uint32); u = va_arg(ap, uint32*); memcpy(u, buf, len); *u = ntohs(*u); break; case 'c': /* char */ if (buflen < 1) { SETERROR(utils, "Buffer is not big enough to be SRP char\n"); r = SASL_BADPROT; goto done; } len = 1; *(va_arg(ap, char *)) = *buf; break; default: len = 1; if (*buf != *p) { r = SASL_BADPROT; goto done; } break; } buf += len; buflen -= len; } done: va_end(ap); if (buflen != 0) { SETERROR(utils, "Extra data in SRP buffer\n"); r = SASL_BADPROT; } return r; } /* * Apply the hash function to the data specifed by the fmt string. */ static int MakeHash(const EVP_MD *md, unsigned char hash[], int *hashlen, const char *fmt, ...) { va_list ap; char *p, buf[4096], *in; int inlen; EVP_MD_CTX mdctx; int r = 0, hflag; EVP_DigestInit(&mdctx, md); va_start(ap, fmt); for (p = (char *) fmt; *p; p++) { if (*p != '%') { in = p; inlen = 1; hflag = 0; } else { if ((hflag = (*++p == 'h'))) ++p; switch (*p) { case 'm': { /* MPI */ BIGNUM *mval = va_arg(ap, BIGNUM *); in = buf; r = BigIntToBytes(mval, buf, sizeof(buf)-1, &inlen); if (r) goto done; break; } case 'o': { /* octet sequence (len followed by data) */ inlen = va_arg(ap, int); in = va_arg(ap, char *); break; } case 's': /* string */ in = va_arg(ap, char *); inlen = strlen(in); break; case 'u': { /* unsigned int */ uint32 uval = va_arg(ap, uint32); in = buf; inlen = sizeof(uint32); *((uint32 *) buf) = htonl(uval); break; } default: in = p; inlen = 1; break; } } if (hflag) { /* hash data separately before adding to current hash */ EVP_MD_CTX tmpctx; EVP_DigestInit(&tmpctx, md); EVP_DigestUpdate(&tmpctx, in, inlen); EVP_DigestFinal(&tmpctx, buf, &inlen); in = buf; } EVP_DigestUpdate(&mdctx, in, inlen); } done: va_end(ap); EVP_DigestFinal(&mdctx, hash, hashlen); return r; } static int CalculateX(context_t *text, const char *salt, int saltlen, const char *user, const char *pass, int passlen, BIGNUM *x) { char hash[EVP_MAX_MD_SIZE]; int hashlen; /* x = H(salt | H(user | ':' | pass)) */ MakeHash(text->md, hash, &hashlen, "%s:%o", user, passlen, pass); MakeHash(text->md, hash, &hashlen, "%o%o", saltlen, salt, hashlen, hash); BN_init(x); BN_bin2bn(hash, hashlen, x); return SASL_OK; } static int CalculateM1(context_t *text, BIGNUM *N, BIGNUM *g, char *U, char *salt, int saltlen, BIGNUM *A, BIGNUM *B, char *K, int Klen, char *I, char *L, char *M1, int *M1len) { int r, i, len; unsigned char Nhash[EVP_MAX_MD_SIZE]; unsigned char ghash[EVP_MAX_MD_SIZE]; unsigned char Ng[EVP_MAX_MD_SIZE]; /* bytes(H( bytes(N) )) ^ bytes( H( bytes(g) )) ^ is the bitwise XOR operator. */ r = MakeHash(text->md, Nhash, &len, "%m", N); if (r) return r; r = MakeHash(text->md, ghash, &len, "%m", g); if (r) return r; for (i = 0; i < len; i++) { Ng[i] = (Nhash[i] ^ ghash[i]); } r = MakeHash(text->md, M1, M1len, "%o%hs%o%m%m%o%hs%hs", len, Ng, U, saltlen, salt, A, B, Klen, K, I, L); return r; } static int CalculateM2(context_t *text, BIGNUM *A, char *M1, int M1len, char *K, int Klen, char *I, char *o, char *sid, uint32 ttl, char *M2, int *M2len) { int r; r = MakeHash(text->md, M2, M2len, "%m%o%o%hs%hs%s%u", A, M1len, M1, Klen, K, I, o, sid, ttl); return r; } /* Parse an option out of an option string * Place found option in 'option' * 'nextptr' points to rest of string or NULL if at end */ static int ParseOption(const sasl_utils_t *utils, char *in, char **option, char **nextptr) { char *comma; int len; int i; if (strlen(in) == 0) { *option = NULL; return SASL_OK; } comma = strchr(in,','); if (comma == NULL) comma = in + strlen(in); len = comma - in; *option = utils->malloc(len + 1); if (!*option) return SASL_NOMEM; /* lowercase string */ for (i = 0; i < len; i++) { (*option)[i] = tolower((int)in[i]); } (*option)[len] = '\0'; if (*comma) { *nextptr = comma+1; } else { *nextptr = NULL; } return SASL_OK; } static int FindBit(char *name, layer_option_t *opts) { while (opts->name) { if (!strcasecmp(name, opts->name)) { return opts->bit; } opts++; } return 0; } static layer_option_t *FindOptionFromBit(unsigned bit, layer_option_t *opts) { while (opts->name) { if (opts->bit == bit) { return opts; } opts++; } return NULL; } static int ParseOptionString(const sasl_utils_t *utils, char *str, srp_options_t *opts, int isserver) { if (!strncasecmp(str, OPTION_MDA, strlen(OPTION_MDA))) { int bit = FindBit(str+strlen(OPTION_MDA), digest_options); if (isserver && (!bit || opts->mda)) { opts->mda = -1; if (!bit) utils->seterror(utils->conn, 0, "SRP MDA %s not supported\n", str+strlen(OPTION_MDA)); else SETERROR(utils, "Multiple SRP MDAs given\n"); return SASL_BADPROT; } opts->mda |= bit; } else if (!strcasecmp(str, OPTION_REPLAY_DETECTION)) { if (opts->replay_detection) { SETERROR(utils, "SRP Replay Detection option appears twice\n"); return SASL_BADPROT; } opts->replay_detection = 1; } else if (!strncasecmp(str, OPTION_INTEGRITY, strlen(OPTION_INTEGRITY)) && !strncasecmp(str+strlen(OPTION_INTEGRITY), "HMAC-", 5)) { int bit = FindBit(str+strlen(OPTION_INTEGRITY)+5, digest_options); if (isserver && (!bit || opts->integrity)) { opts->integrity = -1; if (!bit) utils->seterror(utils->conn, 0, "SRP Integrity option %s not supported\n", str+strlen(OPTION_INTEGRITY)); else SETERROR(utils, "Multiple SRP Integrity options given\n"); return SASL_BADPROT; } opts->integrity |= bit; } else if (!strncasecmp(str, OPTION_CONFIDENTIALITY, strlen(OPTION_CONFIDENTIALITY))) { int bit = FindBit(str+strlen(OPTION_CONFIDENTIALITY), cipher_options); if (isserver && (!bit || opts->confidentiality)) { opts->confidentiality = -1; if (!bit) utils->seterror(utils->conn, 0, "SRP Confidentiality option %s not supported\n", str+strlen(OPTION_CONFIDENTIALITY)); else SETERROR(utils, "Multiple SRP Confidentiality options given\n"); return SASL_FAIL; } opts->confidentiality |= bit; } else if (!isserver && !strncasecmp(str, OPTION_MANDATORY, strlen(OPTION_MANDATORY))) { char *layer = str+strlen(OPTION_MANDATORY); if (!strcasecmp(layer, OPTION_REPLAY_DETECTION)) opts->mandatory |= BIT_REPLAY_DETECTION; else if (!strncasecmp(layer, OPTION_INTEGRITY, strlen(OPTION_INTEGRITY)-1)) opts->mandatory |= BIT_INTEGRITY; else if (!strncasecmp(layer, OPTION_CONFIDENTIALITY, strlen(OPTION_CONFIDENTIALITY)-1)) opts->mandatory |= BIT_CONFIDENTIALITY; else { utils->seterror(utils->conn, 0, "Mandatory SRP option %s not supported\n", layer); return SASL_BADPROT; } } else if (!strncasecmp(str, OPTION_MAXBUFFERSIZE, strlen(OPTION_MAXBUFFERSIZE))) { opts->maxbufsize = strtoul(str+strlen(OPTION_MAXBUFFERSIZE), NULL, 10); if (opts->maxbufsize > SRP_MAXBUFFERSIZE) { utils->seterror(utils->conn, 0, "SRP Maxbuffersize %lu too big (> %lu)\n", opts->maxbufsize, SRP_MAXBUFFERSIZE); return SASL_BADPROT; } } else { /* Ignore unknown options */ } return SASL_OK; } static int ParseOptions(const sasl_utils_t *utils, char *in, srp_options_t *out, int isserver) { int r; memset(out, 0, sizeof(srp_options_t)); out->maxbufsize = SRP_MAXBUFFERSIZE; while (in) { char *opt; r = ParseOption(utils, in, &opt, &in); if (r) return r; if (opt == NULL) return SASL_OK; utils->log(NULL, SASL_LOG_DEBUG, "Got option: [%s]\n",opt); r = ParseOptionString(utils, opt, out, isserver); utils->free(opt); if (r) return r; } return SASL_OK; } static layer_option_t *FindBest(int available, sasl_ssf_t min_ssf, sasl_ssf_t max_ssf, layer_option_t *opts) { layer_option_t *best = NULL; if (!available) return NULL; while (opts->name) { if (opts->enabled && (available & opts->bit) && (opts->ssf >= min_ssf) && (opts->ssf <= max_ssf) && (!best || (opts->ssf > best->ssf))) { best = opts; } opts++; } return best; } static int OptionsToString(const sasl_utils_t *utils, srp_options_t *opts, char **out) { char *ret = NULL; int alloced = 0; int first = 1; layer_option_t *optlist; ret = utils->malloc(1); if (!ret) return SASL_NOMEM; alloced = 1; ret[0] = '\0'; optlist = digest_options; while(optlist->name) { if (opts->mda & optlist->bit) { alloced += strlen(OPTION_MDA)+strlen(optlist->name)+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_MDA); strcat(ret, optlist->name); first = 0; } optlist++; } if (opts->replay_detection) { alloced += strlen(OPTION_REPLAY_DETECTION)+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_REPLAY_DETECTION); first = 0; } optlist = digest_options; while(optlist->name) { if (opts->integrity & optlist->bit) { alloced += strlen(OPTION_INTEGRITY)+5+strlen(optlist->name)+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_INTEGRITY); strcat(ret, "HMAC-"); strcat(ret, optlist->name); first = 0; } optlist++; } optlist = cipher_options; while(optlist->name) { if (opts->confidentiality & optlist->bit) { alloced += strlen(OPTION_CONFIDENTIALITY)+strlen(optlist->name)+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_CONFIDENTIALITY); strcat(ret, optlist->name); first = 0; } optlist++; } if ((opts->integrity || opts->confidentiality) && opts->maxbufsize < SRP_MAXBUFFERSIZE) { alloced += strlen(OPTION_MAXBUFFERSIZE)+10+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_MAXBUFFERSIZE); sprintf(ret+strlen(ret), "%lu", opts->maxbufsize); first = 0; } if (opts->mandatory & BIT_REPLAY_DETECTION) { alloced += strlen(OPTION_MANDATORY)+strlen(OPTION_REPLAY_DETECTION)+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_MANDATORY); strcat(ret, OPTION_REPLAY_DETECTION); first = 0; } if (opts->mandatory & BIT_INTEGRITY) { alloced += strlen(OPTION_MANDATORY)+strlen(OPTION_INTEGRITY)-1+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_MANDATORY); strncat(ret, OPTION_INTEGRITY, strlen(OPTION_INTEGRITY)-1); /* terminate string */ ret[alloced-1] = '\0'; first = 0; } if (opts->mandatory & BIT_CONFIDENTIALITY) { alloced += strlen(OPTION_MANDATORY)+strlen(OPTION_CONFIDENTIALITY)-1+1; ret = utils->realloc(ret, alloced); if (!ret) return SASL_NOMEM; if (!first) strcat(ret, ","); strcat(ret, OPTION_MANDATORY); strncat(ret, OPTION_CONFIDENTIALITY, strlen(OPTION_CONFIDENTIALITY)-1); /* terminate string */ ret[alloced-1] = '\0'; first = 0; } *out = ret; return SASL_OK; } /* * Set the selected MDA. */ static int SetMDA(srp_options_t *opts, context_t *text) { layer_option_t *opt; opt = FindOptionFromBit(opts->mda, digest_options); if (!opt) { text->utils->log(NULL, SASL_LOG_ERR, "Unable to find SRP MDA option now\n"); return SASL_FAIL; } text->md = EVP_get_digestbyname(opt->evp_name); return SASL_OK; } /* * Setup the selected security layer. */ static int LayerInit(srp_options_t *opts, context_t *text, sasl_out_params_t *oparams, char *enc_IV, char *dec_IV, unsigned maxbufsize) { layer_option_t *opt; if ((opts->integrity == 0) && (opts->confidentiality == 0)) { oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; text->utils->log(NULL, SASL_LOG_DEBUG, "Using no protection\n"); return SASL_OK; } oparams->encode = &srp_encode; oparams->decode = &srp_decode; oparams->maxoutbuf = opts->maxbufsize - 4; /* account for 4-byte length */ _plug_decode_init(&text->decode_context, text->utils, maxbufsize); if (opts->replay_detection) { text->utils->log(NULL, SASL_LOG_DEBUG, "Using replay detection\n"); text->layer |= BIT_REPLAY_DETECTION; /* If no integrity layer specified, use default */ if (!opts->integrity) opts->integrity = default_digest->bit; } if (opts->integrity) { text->utils->log(NULL, SASL_LOG_DEBUG, "Using integrity protection\n"); text->layer |= BIT_INTEGRITY; opt = FindOptionFromBit(opts->integrity, digest_options); if (!opt) { text->utils->log(NULL, SASL_LOG_ERR, "Unable to find SRP integrity layer option\n"); return SASL_FAIL; } oparams->mech_ssf = opt->ssf; /* Initialize the HMACs */ text->hmac_md = EVP_get_digestbyname(opt->evp_name); HMAC_Init(&text->hmac_send_ctx, text->K, text->Klen, text->hmac_md); HMAC_Init(&text->hmac_recv_ctx, text->K, text->Klen, text->hmac_md); /* account for HMAC */ oparams->maxoutbuf -= EVP_MD_size(text->hmac_md); } if (opts->confidentiality) { text->utils->log(NULL, SASL_LOG_DEBUG, "Using confidentiality protection\n"); text->layer |= BIT_CONFIDENTIALITY; opt = FindOptionFromBit(opts->confidentiality, cipher_options); if (!opt) { text->utils->log(NULL, SASL_LOG_ERR, "Unable to find SRP confidentiality layer option\n"); return SASL_FAIL; } oparams->mech_ssf = opt->ssf; /* Initialize the ciphers */ text->cipher = EVP_get_cipherbyname(opt->evp_name); EVP_CIPHER_CTX_init(&text->cipher_enc_ctx); EVP_EncryptInit(&text->cipher_enc_ctx, text->cipher, text->K, enc_IV); EVP_CIPHER_CTX_init(&text->cipher_dec_ctx); EVP_DecryptInit(&text->cipher_dec_ctx, text->cipher, text->K, dec_IV); } return SASL_OK; } static void LayerCleanup(context_t *text) { if (text->layer & BIT_INTEGRITY) { HMAC_cleanup(&text->hmac_send_ctx); HMAC_cleanup(&text->hmac_recv_ctx); } if (text->layer & BIT_CONFIDENTIALITY) { EVP_CIPHER_CTX_cleanup(&text->cipher_enc_ctx); EVP_CIPHER_CTX_cleanup(&text->cipher_dec_ctx); } } /* * Dispose of a SRP context (could be server or client) */ static void srp_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { context_t *text = (context_t *) conn_context; if (!text) return; BN_clear_free(&text->N); BN_clear_free(&text->g); BN_clear_free(&text->v); BN_clear_free(&text->b); BN_clear_free(&text->B); BN_clear_free(&text->a); BN_clear_free(&text->A); if (text->authid) utils->free(text->authid); if (text->userid) utils->free(text->userid); if (text->free_password) _plug_free_secret(utils, &(text->password)); if (text->salt) utils->free(text->salt); if (text->client_options) utils->free(text->client_options); if (text->server_options) utils->free(text->server_options); LayerCleanup(text); _plug_decode_free(&text->decode_context); if (text->encode_buf) utils->free(text->encode_buf); if (text->decode_buf) utils->free(text->decode_buf); if (text->decode_pkt_buf) utils->free(text->decode_pkt_buf); if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static void srp_common_mech_free(void *global_context __attribute__((unused)), const sasl_utils_t *utils __attribute__((unused))) { EVP_cleanup(); } /***************************** Server Section *****************************/ /* A large safe prime (N = 2q+1, where q is prime) * * Use N with the most bits from our table. * * All arithmetic is done modulo N */ static int generate_N_and_g(BIGNUM *N, BIGNUM *g) { int result; BN_init(N); result = BN_hex2bn(&N, Ng_tab[NUM_Ng-1].N); if (!result) return SASL_FAIL; BN_init(g); BN_set_word(g, Ng_tab[NUM_Ng-1].g); return SASL_OK; } static int CalculateV(context_t *text, BIGNUM *N, BIGNUM *g, const char *user, const char *pass, unsigned passlen, BIGNUM *v, char **salt, int *saltlen) { BIGNUM x; BN_CTX *ctx = BN_CTX_new(); int r; /* generate */ *saltlen = SRP_MAXBLOCKSIZE; *salt = (char *)text->utils->malloc(*saltlen); if (!*salt) return SASL_NOMEM; text->utils->rand(text->utils->rpool, *salt, *saltlen); r = CalculateX(text, *salt, *saltlen, user, pass, passlen, &x); if (r) { text->utils->seterror(text->utils->conn, 0, "Error calculating 'x'"); return r; } /* v = g^x % N */ BN_init(v); BN_mod_exp(v, g, &x, N, ctx); BN_CTX_free(ctx); BN_clear_free(&x); return r; } static int CalculateB(context_t *text __attribute__((unused)), BIGNUM *v, BIGNUM *N, BIGNUM *g, BIGNUM *b, BIGNUM *B) { BIGNUM v3; BN_CTX *ctx = BN_CTX_new(); /* Generate b */ GetRandBigInt(b); /* Per [SRP]: make sure b > log[g](N) -- g is always 2 */ BN_add_word(b, BN_num_bits(N)); /* B = (3v + g^b) % N */ BN_init(&v3); BN_set_word(&v3, 3); BN_mod_mul(&v3, &v3, v, N, ctx); BN_init(B); BN_mod_exp(B, g, b, N, ctx); #if OPENSSL_VERSION_NUMBER >= 0x00907000L BN_mod_add(B, B, &v3, N, ctx); #else BN_add(B, B, &v3); BN_mod(B, B, N, ctx); #endif BN_CTX_free(ctx); return SASL_OK; } static int ServerCalculateK(context_t *text, BIGNUM *v, BIGNUM *N, BIGNUM *A, BIGNUM *b, BIGNUM *B, char *K, int *Klen) { unsigned char hash[EVP_MAX_MD_SIZE]; int hashlen; BIGNUM u; BIGNUM base; BIGNUM S; BN_CTX *ctx = BN_CTX_new(); int r; /* u = H(A | B) */ r = MakeHash(text->md, hash, &hashlen, "%m%m", A, B); if (r) return r; BN_init(&u); BN_bin2bn(hash, hashlen, &u); /* S = (Av^u) ^ b % N */ BN_init(&base); BN_mod_exp(&base, v, &u, N, ctx); BN_mod_mul(&base, &base, A, N, ctx); BN_init(&S); BN_mod_exp(&S, &base, b, N, ctx); /* per Tom Wu: make sure Av^u != 1 (mod N) */ if (BN_is_one(&base)) { SETERROR(text->utils, "Unsafe SRP value for 'Av^u'\n"); r = SASL_BADPROT; goto err; } /* per Tom Wu: make sure Av^u != -1 (mod N) */ BN_add_word(&base, 1); if (BN_cmp(&S, N) == 0) { SETERROR(text->utils, "Unsafe SRP value for 'Av^u'\n"); r = SASL_BADPROT; goto err; } /* K = H(S) */ r = MakeHash(text->md, K, Klen, "%m", &S); if (r) goto err; r = SASL_OK; err: BN_CTX_free(ctx); BN_clear_free(&u); BN_clear_free(&base); BN_clear_free(&S); return r; } static int ParseUserSecret(const sasl_utils_t *utils, char *secret, size_t seclen, char **mda, BIGNUM *v, char **salt, int *saltlen) { int r; /* The secret data is stored as suggested in RFC 2945: * * { utf8(mda) mpi(v) os(salt) } (base64 encoded) */ r = utils->decode64(secret, seclen, secret, seclen, &seclen); if (!r) r = UnBuffer(utils, secret, seclen, "%s%m%o", mda, v, saltlen, salt); if (r) { utils->seterror(utils->conn, 0, "Error UnBuffering user secret"); } return r; } static int CreateServerOptions(sasl_server_params_t *sparams, char **out) { srp_options_t opts; sasl_ssf_t limitssf, requiressf; layer_option_t *optlist; /* zero out options */ memset(&opts,0,sizeof(srp_options_t)); /* Add mda */ opts.mda = server_mda->bit; if(sparams->props.maxbufsize == 0) { limitssf = 0; requiressf = 0; } else { if (sparams->props.max_ssf < sparams->external_ssf) { limitssf = 0; } else { limitssf = sparams->props.max_ssf - sparams->external_ssf; } if (sparams->props.min_ssf < sparams->external_ssf) { requiressf = 0; } else { requiressf = sparams->props.min_ssf - sparams->external_ssf; } } /* * Add integrity options * Can't advertise integrity w/o support for default HMAC */ if (default_digest->enabled) { optlist = digest_options; while(optlist->name) { if (optlist->enabled && /*(requiressf <= 1) &&*/ (limitssf >= 1)) { opts.integrity |= optlist->bit; } optlist++; } } /* if we set any integrity options we can advertise replay detection */ if (opts.integrity) { opts.replay_detection = 1; } /* * Add confidentiality options * Can't advertise confidentiality w/o support for default cipher */ if (default_cipher->enabled) { optlist = cipher_options; while(optlist->name) { if (optlist->enabled && (requiressf <= optlist->ssf) && (limitssf >= optlist->ssf)) { opts.confidentiality |= optlist->bit; } optlist++; } } /* Add mandatory options */ if (requiressf >= 1) opts.mandatory = BIT_REPLAY_DETECTION | BIT_INTEGRITY; if (requiressf > 1) opts.mandatory |= BIT_CONFIDENTIALITY; /* Add maxbuffersize */ opts.maxbufsize = SRP_MAXBUFFERSIZE; if (sparams->props.maxbufsize && sparams->props.maxbufsize < opts.maxbufsize) opts.maxbufsize = sparams->props.maxbufsize; return OptionsToString(sparams->utils, &opts, out); } static int srp_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *params, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(context_t)); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } memset(text, 0, sizeof(context_t)); text->state = 1; text->utils = params->utils; text->md = EVP_get_digestbyname(server_mda->evp_name); *conn_context = text; return SASL_OK; } static int srp_server_mech_step1(context_t *text, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { int result; char *sid = NULL; char *cn = NULL; int cnlen; char *realm = NULL; char *user = NULL; const char *password_request[] = { "*cmusaslsecretSRP", SASL_AUX_PASSWORD, NULL }; struct propval auxprop_values[3]; /* Expect: * * U - authentication identity * I - authorization identity * sid - session id * cn - client nonce * * { utf8(U) utf8(I) utf8(sid) os(cn) } * */ result = UnBuffer(params->utils, clientin, clientinlen, "%s%s%s%o", &text->authid, &text->userid, &sid, &cnlen, &cn); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 1"); return result; } /* Get the realm */ result = _plug_parseuser(params->utils, &user, &realm, params->user_realm, params->serverFQDN, text->authid); if (result) { params->utils->seterror(params->utils->conn, 0, "Error getting realm"); goto cleanup; } /* Generate N and g */ result = generate_N_and_g(&text->N, &text->g); if (result) { params->utils->seterror(text->utils->conn, 0, "Error calculating N and g"); return result; } /* Get user secret */ result = params->utils->prop_request(params->propctx, password_request); if (result != SASL_OK) goto cleanup; /* this will trigger the getting of the aux properties */ result = params->canon_user(params->utils->conn, text->authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) goto cleanup; result = params->canon_user(params->utils->conn, text->userid, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; result = params->utils->prop_getnames(params->propctx, password_request, auxprop_values); if (result < 0 || ((!auxprop_values[0].name || !auxprop_values[0].values) && (!auxprop_values[1].name || !auxprop_values[1].values))) { /* We didn't find this username */ params->utils->seterror(params->utils->conn,0, "no secret in database"); result = params->transition ? SASL_TRANS : SASL_NOUSER; goto cleanup; } if (auxprop_values[0].name && auxprop_values[0].values) { char *mda = NULL; /* We have a precomputed verifier */ result = ParseUserSecret(params->utils, (char*) auxprop_values[0].values[0], auxprop_values[0].valsize, &mda, &text->v, &text->salt, &text->saltlen); if (result) { /* ParseUserSecret sets error, if any */ if (mda) params->utils->free(mda); goto cleanup; } /* find mda */ server_mda = digest_options; while (server_mda->name) { if (!strcasecmp(server_mda->name, mda)) break; server_mda++; } if (!server_mda->name) { params->utils->seterror(params->utils->conn, 0, "unknown SRP mda '%s'", mda); params->utils->free(mda); result = SASL_FAIL; goto cleanup; } params->utils->free(mda); } else if (auxprop_values[1].name && auxprop_values[1].values) { /* We only have the password -- calculate the verifier */ int len = strlen(auxprop_values[1].values[0]); if (len == 0) { params->utils->seterror(params->utils->conn,0, "empty secret"); result = SASL_FAIL; goto cleanup; } result = CalculateV(text, &text->N, &text->g, text->authid, auxprop_values[1].values[0], len, &text->v, &text->salt, &text->saltlen); if (result) { params->utils->seterror(params->utils->conn, 0, "Error calculating v"); goto cleanup; } } else { params->utils->seterror(params->utils->conn, 0, "Have neither type of secret"); result = SASL_FAIL; goto cleanup; } /* erase the plaintext password */ params->utils->prop_erase(params->propctx, password_request[1]); /* Calculate B */ result = CalculateB(text, &text->v, &text->N, &text->g, &text->b, &text->B); if (result) { params->utils->seterror(params->utils->conn, 0, "Error calculating B"); return result; } /* Create L */ result = CreateServerOptions(params, &text->server_options); if (result) { params->utils->seterror(params->utils->conn, 0, "Error creating server options"); goto cleanup; } /* Send out: * * N - safe prime modulus * g - generator * s - salt * B - server's public key * L - server options (available layers etc) * * { 0x00 mpi(N) mpi(g) os(s) mpi(B) utf8(L) } * */ result = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, serveroutlen, "%c%m%m%o%m%s", 0x00, &text->N, &text->g, text->saltlen, text->salt, &text->B, text->server_options); if (result) { params->utils->seterror(params->utils->conn, 0, "Error creating SRP buffer from data in step 1"); goto cleanup; } *serverout = text->out_buf; text->state = 2; result = SASL_CONTINUE; cleanup: if (sid) params->utils->free(sid); if (cn) params->utils->free(cn); if (user) params->utils->free(user); if (realm) params->utils->free(realm); return result; } static int srp_server_mech_step2(context_t *text, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { int result; char *M1 = NULL, *cIV = NULL; /* don't free */ int M1len, cIVlen; srp_options_t client_opts; char myM1[EVP_MAX_MD_SIZE]; int myM1len; int i; char M2[EVP_MAX_MD_SIZE]; int M2len; char sIV[SRP_MAXBLOCKSIZE]; /* Expect: * * A - client's public key * M1 - client evidence * o - client option list * cIV - client's initial vector * * { mpi(A) os(M1) utf8(o) os(cIV) } * */ result = UnBuffer(params->utils, clientin, clientinlen, "%m%-o%s%-o", &text->A, &M1len, &M1, &text->client_options, &cIVlen, &cIV); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 2"); goto cleanup; } /* Per [SRP]: reject A <= 0 */ if (BigIntCmpWord(&text->A, 0) <= 0) { SETERROR(params->utils, "Illegal value for 'A'\n"); result = SASL_BADPROT; goto cleanup; } /* parse client options */ result = ParseOptions(params->utils, text->client_options, &client_opts, 1); if (result) { params->utils->seterror(params->utils->conn, 0, "Error parsing user's options"); if (client_opts.confidentiality) { /* Mark that we attempted confidentiality layer negotiation */ oparams->mech_ssf = 2; } else if (client_opts.integrity || client_opts.replay_detection) { /* Mark that we attempted integrity layer negotiation */ oparams->mech_ssf = 1; } return result; } result = SetMDA(&client_opts, text); if (result) { params->utils->seterror(params->utils->conn, 0, "Error setting options"); return result; } /* Calculate K */ result = ServerCalculateK(text, &text->v, &text->N, &text->A, &text->b, &text->B, text->K, &text->Klen); if (result) { params->utils->seterror(params->utils->conn, 0, "Error calculating K"); return result; } /* See if M1 is correct */ result = CalculateM1(text, &text->N, &text->g, text->authid, text->salt, text->saltlen, &text->A, &text->B, text->K, text->Klen, text->userid, text->server_options, myM1, &myM1len); if (result) { params->utils->seterror(params->utils->conn, 0, "Error calculating M1"); goto cleanup; } if (myM1len != M1len) { params->utils->seterror(params->utils->conn, 0, "SRP M1 lengths do not match"); result = SASL_BADAUTH; goto cleanup; } for (i = 0; i < myM1len; i++) { if (myM1[i] != M1[i]) { params->utils->seterror(params->utils->conn, 0, "client evidence does not match what we " "calculated. Probably a password error"); result = SASL_BADAUTH; goto cleanup; } } /* calculate M2 to send */ result = CalculateM2(text, &text->A, M1, M1len, text->K, text->Klen, text->userid, text->client_options, "", 0, M2, &M2len); if (result) { params->utils->seterror(params->utils->conn, 0, "Error calculating M2 (server evidence)"); goto cleanup; } /* Create sIV (server initial vector) */ text->utils->rand(text->utils->rpool, sIV, sizeof(sIV)); /* * Send out: * M2 - server evidence * sIV - server's initial vector * sid - session id * ttl - time to live * * { os(M2) os(sIV) utf8(sid) uint(ttl) } */ result = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, serveroutlen, "%o%o%s%u", M2len, M2, sizeof(sIV), sIV, "", 0); if (result) { params->utils->seterror(params->utils->conn, 0, "Error making output buffer in SRP step 3"); goto cleanup; } *serverout = text->out_buf; /* configure security layer */ result = LayerInit(&client_opts, text, oparams, cIV, sIV, params->props.maxbufsize); if (result) { params->utils->seterror(params->utils->conn, 0, "Error initializing security layer"); return result; } /* set oparams */ oparams->doneflag = 1; oparams->param_version = 0; result = SASL_OK; cleanup: return result; } static int srp_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; if (!sparams || !serverout || !serveroutlen || !oparams) return SASL_BADPARAM; *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "SRP server step %d\n", text->state); switch (text->state) { case 1: return srp_server_mech_step1(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: return srp_server_mech_step2(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); default: sparams->utils->seterror(sparams->utils->conn, 0, "Invalid SRP server step %d", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } #ifdef DO_SRP_SETPASS static int srp_setpass(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *userstr, const char *pass, unsigned passlen __attribute__((unused)), const char *oldpass __attribute__((unused)), unsigned oldpasslen __attribute__((unused)), unsigned flags) { int r; char *user = NULL; char *user_only = NULL; char *realm = NULL; sasl_secret_t *sec = NULL; struct propctx *propctx = NULL; const char *store_request[] = { "cmusaslsecretSRP", NULL }; /* Do we have a backend that can store properties? */ if (!sparams->utils->auxprop_store || sparams->utils->auxprop_store(NULL, NULL, NULL) != SASL_OK) { SETERROR(sparams->utils, "SRP: auxprop backend can't store properties"); return SASL_NOMECH; } /* NB: Ideally we need to canonicalize userstr here */ r = _plug_parseuser(sparams->utils, &user_only, &realm, sparams->user_realm, sparams->serverFQDN, userstr); if (r) { sparams->utils->seterror(sparams->utils->conn, 0, "Error parsing user"); return r; } r = _plug_make_fulluser(sparams->utils, &user, user_only, realm); if (r) { goto end; } if ((flags & SASL_SET_DISABLE) || pass == NULL) { sec = NULL; } else { context_t *text; BIGNUM N; BIGNUM g; BIGNUM v; char *salt; int saltlen; char *buffer = NULL; int bufferlen, alloclen, encodelen; text = sparams->utils->malloc(sizeof(context_t)); if (text == NULL) { MEMERROR(sparams->utils); return SASL_NOMEM; } memset(text, 0, sizeof(context_t)); text->utils = sparams->utils; text->md = EVP_get_digestbyname(server_mda->evp_name); r = generate_N_and_g(&N, &g); if (r) { sparams->utils->seterror(sparams->utils->conn, 0, "Error calculating N and g"); goto end; } /* user is a full username here */ r = CalculateV(text, &N, &g, user, pass, passlen, &v, &salt, &saltlen); if (r) { sparams->utils->seterror(sparams->utils->conn, 0, "Error calculating v"); goto end; } /* The secret data is stored as suggested in RFC 2945: * * { utf8(mda) mpi(v) os(salt) } (base64 encoded) */ r = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, &bufferlen, "%s%m%o", server_mda->name, &v, saltlen, salt); if (r) { sparams->utils->seterror(sparams->utils->conn, 0, "Error making buffer for secret"); goto end; } buffer = text->out_buf; /* Put 'buffer' into sasl_secret_t. * This will be base64 encoded, so make sure its big enough. */ alloclen = (bufferlen/3 + 1) * 4 + 1; sec = sparams->utils->malloc(sizeof(sasl_secret_t)+alloclen); if (!sec) { r = SASL_NOMEM; goto end; } sparams->utils->encode64(buffer, bufferlen, sec->data, alloclen, &encodelen); sec->len = encodelen; /* Clean everything up */ end: if (buffer) sparams->utils->free((void *) buffer); BN_clear_free(&N); BN_clear_free(&g); BN_clear_free(&v); sparams->utils->free(text); if (r) return r; } /* do the store */ propctx = sparams->utils->prop_new(0); if (!propctx) r = SASL_FAIL; if (!r) r = sparams->utils->prop_request(propctx, store_request); if (!r) r = sparams->utils->prop_set(propctx, "cmusaslsecretSRP", (sec ? sec->data : NULL), (sec ? sec->len : 0)); if (!r) r = sparams->utils->auxprop_store(sparams->utils->conn, propctx, user); if (propctx) sparams->utils->prop_dispose(&propctx); if (r) { sparams->utils->seterror(sparams->utils->conn, 0, "Error putting SRP secret"); goto cleanup; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "Setpass for SRP successful\n"); cleanup: if (user) _plug_free_string(sparams->utils, &user); if (user_only) _plug_free_string(sparams->utils, &user_only); if (realm) _plug_free_string(sparams->utils, &realm); if (sec) _plug_free_secret(sparams->utils, &sec); return r; } #endif /* DO_SRP_SETPASS */ static int srp_mech_avail(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, void **conn_context __attribute__((unused))) { /* Do we have access to the selected MDA? */ if (!server_mda || !server_mda->enabled) { SETERROR(sparams->utils, "SRP unavailable due to selected MDA unavailable"); return SASL_NOMECH; } return SASL_OK; } static sasl_server_plug_t srp_server_plugins[] = { { "SRP", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NOACTIVE | SASL_SEC_NODICTIONARY | SASL_SEC_FORWARD_SECRECY | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &srp_server_mech_new, /* mech_new */ &srp_server_mech_step, /* mech_step */ &srp_common_mech_dispose, /* mech_dispose */ &srp_common_mech_free, /* mech_free */ #ifdef DO_SRP_SETPASS &srp_setpass, /* setpass */ #else NULL, #endif NULL, /* user_query */ NULL, /* idle */ &srp_mech_avail, /* mech avail */ NULL /* spare */ } }; int srp_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, const sasl_server_plug_t **pluglist, int *plugcount, const char *plugname __attribute__((unused))) { const char *mda; unsigned int len; layer_option_t *opts; if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR(utils, "SRP version mismatch"); return SASL_BADVERS; } utils->getopt(utils->getopt_context, "SRP", "srp_mda", &mda, &len); if (!mda) mda = DEFAULT_MDA; /* Add all digests and ciphers */ OpenSSL_add_all_algorithms(); /* See which digests we have available and set max_ssf accordingly */ opts = digest_options; while (opts->name) { if (EVP_get_digestbyname(opts->evp_name)) { opts->enabled = 1; srp_server_plugins[0].max_ssf = opts->ssf; } /* Locate the server MDA */ if (!strcasecmp(opts->name, mda) || !strcasecmp(opts->evp_name, mda)) { server_mda = opts; } opts++; } /* See which ciphers we have available and set max_ssf accordingly */ opts = cipher_options; while (opts->name) { if (EVP_get_cipherbyname(opts->evp_name)) { opts->enabled = 1; if (opts->ssf > srp_server_plugins[0].max_ssf) { srp_server_plugins[0].max_ssf = opts->ssf; } } opts++; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = srp_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ /* Check to see if N,g is in the recommended list */ static int check_N_and_g(const sasl_utils_t *utils, BIGNUM *N, BIGNUM *g) { char *N_prime; unsigned long g_prime; unsigned i; int r = SASL_FAIL; N_prime = BN_bn2hex(N); g_prime = BN_get_word(g); for (i = 0; i < NUM_Ng; i++) { if (!strcasecmp(N_prime, Ng_tab[i].N) && (g_prime == Ng_tab[i].g)) { r = SASL_OK; break; } } if (N_prime) utils->free(N_prime); return r; } static int CalculateA(context_t *text __attribute__((unused)), BIGNUM *N, BIGNUM *g, BIGNUM *a, BIGNUM *A) { BN_CTX *ctx = BN_CTX_new(); /* Generate a */ GetRandBigInt(a); /* Per [SRP]: make sure a > log[g](N) -- g is always 2 */ BN_add_word(a, BN_num_bits(N)); /* A = g^a % N */ BN_init(A); BN_mod_exp(A, g, a, N, ctx); BN_CTX_free(ctx); return SASL_OK; } static int ClientCalculateK(context_t *text, char *salt, int saltlen, char *user, char *pass, int passlen, BIGNUM *N, BIGNUM *g, BIGNUM *a, BIGNUM *A, BIGNUM *B, char *K, int *Klen) { int r; unsigned char hash[EVP_MAX_MD_SIZE]; int hashlen; BIGNUM x; BIGNUM u; BIGNUM aux; BIGNUM gx; BIGNUM gx3; BIGNUM base; BIGNUM S; BN_CTX *ctx = BN_CTX_new(); /* u = H(A | B) */ r = MakeHash(text->md, hash, &hashlen, "%m%m", A, B); if (r) goto err; BN_init(&u); BN_bin2bn(hash, hashlen, &u); /* per Tom Wu: make sure u != 0 */ if (BN_is_zero(&u)) { SETERROR(text->utils, "SRP: Illegal value for 'u'\n"); r = SASL_BADPROT; goto err; } /* S = (B - 3(g^x)) ^ (a + ux) % N */ r = CalculateX(text, salt, saltlen, user, pass, passlen, &x); if (r) return r; /* a + ux */ BN_init(&aux); BN_mul(&aux, &u, &x, ctx); BN_add(&aux, &aux, a); /* gx3 = 3(g^x) % N */ BN_init(&gx); BN_mod_exp(&gx, g, &x, N, ctx); BN_init(&gx3); BN_set_word(&gx3, 3); BN_mod_mul(&gx3, &gx3, &gx, N, ctx); /* base = (B - 3(g^x)) % N */ BN_init(&base); #if OPENSSL_VERSION_NUMBER >= 0x00907000L BN_mod_sub(&base, B, &gx3, N, ctx); #else BN_sub(&base, B, &gx3); BN_mod(&base, &base, N, ctx); if (BigIntCmpWord(&base, 0) < 0) { BN_add(&base, &base, N); } #endif /* S = base^aux % N */ BN_init(&S); BN_mod_exp(&S, &base, &aux, N, ctx); /* K = H(S) */ r = MakeHash(text->md, K, Klen, "%m", &S); if (r) goto err; r = SASL_OK; err: BN_CTX_free(ctx); BN_clear_free(&x); BN_clear_free(&u); BN_clear_free(&aux); BN_clear_free(&gx); BN_clear_free(&gx3); BN_clear_free(&base); BN_clear_free(&S); return r; } static int CreateClientOpts(sasl_client_params_t *params, srp_options_t *available, srp_options_t *out) { layer_option_t *opt; sasl_ssf_t external; sasl_ssf_t limit; sasl_ssf_t musthave; /* zero out output */ memset(out, 0, sizeof(srp_options_t)); params->utils->log(NULL, SASL_LOG_DEBUG, "Available MDA = %d\n", available->mda); /* mda */ opt = FindBest(available->mda, 0, 256, digest_options); if (opt) { out->mda = opt->bit; } else { SETERROR(params->utils, "Can't find an acceptable SRP MDA\n"); return SASL_BADAUTH; } /* get requested ssf */ external = params->external_ssf; /* what do we _need_? how much is too much? */ if(params->props.maxbufsize == 0) { musthave = 0; limit = 0; } else { if (params->props.max_ssf > external) { limit = params->props.max_ssf - external; } else { limit = 0; } if (params->props.min_ssf > external) { musthave = params->props.min_ssf - external; } else { musthave = 0; } } /* we now go searching for an option that gives us at least "musthave" and at most "limit" bits of ssf. */ params->utils->log(NULL, SASL_LOG_DEBUG, "Available confidentiality = %d " "musthave = %d limit = %d", available->confidentiality, musthave, limit); /* confidentiality */ if (limit > 1) { opt = FindBest(available->confidentiality, musthave, limit, cipher_options); if (opt) { out->confidentiality = opt->bit; /* we've already satisfied the SSF with the confidentiality * layer, but we'll also use an integrity layer if we can */ musthave = 0; } else if (musthave > 1) { SETERROR(params->utils, "Can't find an acceptable SRP confidentiality layer\n"); return SASL_TOOWEAK; } } params->utils->log(NULL, SASL_LOG_DEBUG, "Available integrity = %d " "musthave = %d limit = %d", available->integrity, musthave, limit); /* integrity */ if ((limit >= 1) && (musthave <= 1)) { opt = FindBest(available->integrity, musthave, limit, digest_options); if (opt) { out->integrity = opt->bit; /* if we set an integrity option we can set replay detection */ out->replay_detection = available->replay_detection; } else if (musthave > 0) { SETERROR(params->utils, "Can't find an acceptable SRP integrity layer\n"); return SASL_TOOWEAK; } } /* Check to see if we've satisfied all of the servers mandatory layers */ params->utils->log(NULL, SASL_LOG_DEBUG, "Mandatory layers = %d\n",available->mandatory); if ((!out->replay_detection && (available->mandatory & BIT_REPLAY_DETECTION)) || (!out->integrity && (available->mandatory & BIT_INTEGRITY)) || (!out->confidentiality && (available->mandatory & BIT_CONFIDENTIALITY))) { SETERROR(params->utils, "Mandatory SRP layer not supported\n"); return SASL_BADAUTH; } /* Add maxbuffersize */ out->maxbufsize = SRP_MAXBUFFERSIZE; if (params->props.maxbufsize && params->props.maxbufsize < out->maxbufsize) out->maxbufsize = params->props.maxbufsize; return SASL_OK; } static int srp_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(context_t)); if (text == NULL) { MEMERROR( params->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(context_t)); text->state = 1; text->utils = params->utils; *conn_context = text; return SASL_OK; } static int srp_client_mech_step1(context_t *text, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { const char *authid = NULL, *userid = NULL; int auth_result = SASL_OK; int pass_result = SASL_OK; int user_result = SASL_OK; int result; /* Expect: * absolutely nothing * */ if (serverinlen > 0) { SETERROR(params->utils, "Invalid input to first step of SRP\n"); return SASL_BADPROT; } /* try to get the authid */ if (oparams->authid==NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the userid */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &userid, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) return user_result; } /* try to get the password */ if (text->password == NULL) { pass_result=_plug_get_password(params->utils, &text->password, &text->free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((auth_result == SASL_INTERACT) || (user_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } if (!userid || !*userid) { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) return result; result = params->canon_user(params->utils->conn, userid, 0, SASL_CU_AUTHZID, oparams); } if (result != SASL_OK) return result; /* Send out: * * U - authentication identity * I - authorization identity * sid - previous session id * cn - client nonce * * { utf8(U) utf8(I) utf8(sid) os(cn) } */ result = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, clientoutlen, "%s%s%s%o", (char *) oparams->authid, (char *) oparams->user, "", 0, ""); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } *clientout = text->out_buf; text->state = 2; result = SASL_CONTINUE; cleanup: return result; } static int srp_client_mech_step2(context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { int result; char reuse; srp_options_t server_opts; /* Expect: * * { 0x00 mpi(N) mpi(g) os(s) mpi(B) utf8(L) } */ result = UnBuffer(params->utils, serverin, serverinlen, "%c%m%m%o%m%s", &reuse, &text->N, &text->g, &text->saltlen, &text->salt, &text->B, &text->server_options); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 2"); goto cleanup; } /* Check N and g to see if they are one of the recommended pairs */ result = check_N_and_g(params->utils, &text->N, &text->g); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Values of 'N' and 'g' are not recommended\n"); goto cleanup; } /* Per [SRP]: reject B <= 0, B >= N */ if (BigIntCmpWord(&text->B, 0) <= 0 || BN_cmp(&text->B, &text->N) >= 0) { SETERROR(params->utils, "Illegal value for 'B'\n"); result = SASL_BADPROT; goto cleanup; } /* parse server options */ memset(&server_opts, 0, sizeof(srp_options_t)); result = ParseOptions(params->utils, text->server_options, &server_opts, 0); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error parsing SRP server options\n"); goto cleanup; } /* Create o */ result = CreateClientOpts(params, &server_opts, &text->client_opts); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error creating client options\n"); goto cleanup; } result = OptionsToString(params->utils, &text->client_opts, &text->client_options); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error converting client options to an option string\n"); goto cleanup; } result = SetMDA(&text->client_opts, text); if (result) { params->utils->seterror(params->utils->conn, 0, "Error setting MDA"); goto cleanup; } /* Calculate A */ result = CalculateA(text, &text->N, &text->g, &text->a, &text->A); if (result) { params->utils->seterror(params->utils->conn, 0, "Error calculating A"); return result; } /* Calculate shared context key K */ result = ClientCalculateK(text, text->salt, text->saltlen, (char *) oparams->authid, text->password->data, text->password->len, &text->N, &text->g, &text->a, &text->A, &text->B, text->K, &text->Klen); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error creating K\n"); goto cleanup; } /* Calculate M1 (client evidence) */ result = CalculateM1(text, &text->N, &text->g, (char *) oparams->authid, text->salt, text->saltlen, &text->A, &text->B, text->K, text->Klen, (char *) oparams->user, text->server_options, text->M1, &text->M1len); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error creating M1\n"); goto cleanup; } /* Create cIV (client initial vector) */ text->utils->rand(text->utils->rpool, text->cIV, sizeof(text->cIV)); /* Send out: * * A - client's public key * M1 - client evidence * o - client option list * cIV - client initial vector * * { mpi(A) os(M1) utf8(o) os(cIV) } */ result = MakeBuffer(text->utils, &text->out_buf, &text->out_buf_len, clientoutlen, "%m%o%s%o", &text->A, text->M1len, text->M1, text->client_options, sizeof(text->cIV), text->cIV); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error making output buffer\n"); goto cleanup; } *clientout = text->out_buf; text->state = 3; result = SASL_CONTINUE; cleanup: return result; } static int srp_client_mech_step3(context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout __attribute__((unused)), unsigned *clientoutlen __attribute__((unused)), sasl_out_params_t *oparams) { int result; char *M2 = NULL, *sIV = NULL; /* don't free */ char *sid = NULL; int M2len, sIVlen; uint32 ttl; int i; char myM2[EVP_MAX_MD_SIZE]; int myM2len; /* Expect: * * M2 - server evidence * sIV - server initial vector * sid - session id * ttl - time to live * * { os(M2) os(sIV) utf8(sid) uint(ttl) } */ result = UnBuffer(params->utils, serverin, serverinlen, "%-o%-o%s%u", &M2len, &M2, &sIVlen, &sIV, &sid, &ttl); if (result) { params->utils->seterror(params->utils->conn, 0, "Error UnBuffering input in step 3"); goto cleanup; } /* calculate our own M2 */ result = CalculateM2(text, &text->A, text->M1, text->M1len, text->K, text->Klen, (char *) oparams->user, text->client_options, "", 0, myM2, &myM2len); if (result) { params->utils->log(NULL, SASL_LOG_ERR, "Error calculating our own M2 (server evidence)\n"); goto cleanup; } /* compare to see if is server spoof */ if (myM2len != M2len) { SETERROR(params->utils, "SRP Server M2 length wrong\n"); result = SASL_BADSERV; goto cleanup; } for (i = 0; i < myM2len; i++) { if (M2[i] != myM2[i]) { SETERROR(params->utils, "SRP Server spoof detected. M2 incorrect\n"); result = SASL_BADSERV; goto cleanup; } } /* * Send out: nothing */ /* configure security layer */ result = LayerInit(&text->client_opts, text, oparams, sIV, text->cIV, params->props.maxbufsize); if (result) { params->utils->seterror(params->utils->conn, 0, "Error initializing security layer"); return result; } /* set oparams */ oparams->doneflag = 1; oparams->param_version = 0; result = SASL_OK; cleanup: if (sid) params->utils->free(sid); return result; } static int srp_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *) conn_context; params->utils->log(NULL, SASL_LOG_DEBUG, "SRP client step %d\n", text->state); *clientout = NULL; *clientoutlen = 0; switch (text->state) { case 1: return srp_client_mech_step1(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); case 2: return srp_client_mech_step2(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); case 3: return srp_client_mech_step3(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid SRP client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static sasl_client_plug_t srp_client_plugins[] = { { "SRP", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NOACTIVE | SASL_SEC_NODICTIONARY | SASL_SEC_FORWARD_SECRECY | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &srp_client_mech_new, /* mech_new */ &srp_client_mech_step, /* mech_step */ &srp_common_mech_dispose, /* mech_dispose */ &srp_common_mech_free, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int srp_client_plug_init(const sasl_utils_t *utils __attribute__((unused)), int maxversion, int *out_version, const sasl_client_plug_t **pluglist, int *plugcount, const char *plugname __attribute__((unused))) { layer_option_t *opts; if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "SRP version mismatch"); return SASL_BADVERS; } /* Add all digests and ciphers */ OpenSSL_add_all_algorithms(); /* See which digests we have available and set max_ssf accordingly */ opts = digest_options; while (opts->name) { if (EVP_get_digestbyname(opts->evp_name)) { opts->enabled = 1; srp_client_plugins[0].max_ssf = opts->ssf; } opts++; } /* See which ciphers we have available and set max_ssf accordingly */ opts = cipher_options; while (opts->name) { if (EVP_get_cipherbyname(opts->evp_name)) { opts->enabled = 1; if (opts->ssf > srp_client_plugins[0].max_ssf) { srp_client_plugins[0].max_ssf = opts->ssf; } } opts++; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = srp_client_plugins; *plugcount=1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/gssapi.c0000646000076400007640000015250111562561303013762 00000000000000/* GSSAPI SASL plugin * Leif Johansson * Rob Siemborski (SASL v2 Conversion) * $Id: gssapi.c,v 1.112 2011/04/19 09:19:18 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifdef HAVE_GSSAPI_H #include #else #include #endif #ifdef WIN32 # include # ifndef R_OK # define R_OK 04 # endif /* we also need io.h for access() prototype */ # include #else # include # include # include # include # include #endif /* WIN32 */ #include #include #include #include #include #include "plugin_common.h" #ifdef HAVE_UNISTD_H #include #endif #include /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: gssapi.c,v 1.112 2011/04/19 09:19:18 mel Exp $"; static const char * GSSAPI_BLANK_STRING = ""; #if !defined(HAVE_GSS_C_NT_HOSTBASED_SERVICE) && !defined(GSS_C_NT_HOSTBASED_SERVICE) extern gss_OID gss_nt_service_name; #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name #endif #ifdef WANT_KERBEROS5_3DES /* Check if CyberSafe flag is defined */ #ifdef CSF_GSS_C_DES3_FLAG #define K5_MAX_SSF 112 #endif /* Heimdal and MIT use the following */ #ifdef GSS_KRB5_CONF_C_QOP_DES3_KD #define K5_MAX_SSF 112 #endif #endif #ifndef K5_MAX_SSF /* All Kerberos implementations support DES */ #define K5_MAX_SSF 56 #endif /* GSSAPI SASL Mechanism by Leif Johansson * inspired by the kerberos mechanism and the gssapi_server and * gssapi_client from the heimdal distribution by Assar Westerlund * and Johan Danielsson . * See the configure.in file for details on dependencies. * * Important contributions from Sam Hartman . * * This code was tested with the following distributions of Kerberos: * Heimdal (http://www.pdc.kth.se/heimdal), MIT (http://web.mit.edu/kerberos/www/) * CyberSafe (http://www.cybersafe.com/) and SEAM. */ #ifdef GSS_USE_MUTEXES #define GSS_LOCK_MUTEX(utils) \ if(((sasl_utils_t *)(utils))->mutex_lock(gss_mutex) != 0) { \ return SASL_FAIL; \ } #define GSS_UNLOCK_MUTEX(utils) \ if(((sasl_utils_t *)(utils))->mutex_unlock(gss_mutex) != 0) { \ return SASL_FAIL; \ } static void *gss_mutex = NULL; #else #define GSS_LOCK_MUTEX(utils) #define GSS_UNLOCK_MUTEX(utils) #endif typedef struct context { int state; gss_ctx_id_t gss_ctx; gss_name_t client_name; gss_name_t server_name; gss_cred_id_t server_creds; gss_cred_id_t client_creds; sasl_ssf_t limitssf, requiressf; /* application defined bounds, for the server */ unsigned char qop; /* as allowed by GSSAPI */ const sasl_utils_t *utils; /* layers buffering */ decode_context_t decode_context; char *encode_buf; /* For encoding/decoding mem management */ char *decode_buf; char *decode_once_buf; unsigned encode_buf_len; unsigned decode_buf_len; unsigned decode_once_buf_len; buffer_info_t *enc_in_buf; char *out_buf; /* per-step mem management */ unsigned out_buf_len; char *authid; /* hold the authid between steps - server */ const char *user; /* hold the userid between steps - client */ } context_t; enum { SASL_GSSAPI_STATE_AUTHNEG = 1, SASL_GSSAPI_STATE_SSFCAP = 2, SASL_GSSAPI_STATE_SSFREQ = 3, SASL_GSSAPI_STATE_AUTHENTICATED = 4 }; #define LAYER_CONFIDENTIALITY 4 #define LAYER_INTEGRITY 2 #define LAYER_NONE 1 /* sasl_gss_log: only logs status string returned from gss_display_status() */ #define sasl_gss_log(x,y,z) sasl_gss_seterror_(x,y,z,1) #define sasl_gss_seterror(x,y,z) sasl_gss_seterror_(x,y,z,0) static int sasl_gss_seterror_(const sasl_utils_t *utils, OM_uint32 maj, OM_uint32 min, int logonly) { OM_uint32 maj_stat, min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; int ret; char *out = NULL; size_t len, curlen = 0; const char prefix[] = "GSSAPI Error: "; if (!utils) return SASL_OK; len = sizeof(prefix); ret = _plug_buf_alloc(utils, &out, &curlen, 256); if (ret != SASL_OK) return SASL_NOMEM; strcpy(out, prefix); msg_ctx = 0; while (1) { GSS_LOCK_MUTEX(utils); maj_stat = gss_display_status(&min_stat, maj, GSS_C_GSS_CODE, GSS_C_NULL_OID, &msg_ctx, &msg); GSS_UNLOCK_MUTEX(utils); if(GSS_ERROR(maj_stat)) { if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "GSSAPI Failure: (could not get major error message)"); } else { utils->seterror(utils->conn, 0, "GSSAPI Failure " "(could not get major error message)"); } utils->free(out); return SASL_OK; } len += len + msg.length; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, msg.value); GSS_LOCK_MUTEX(utils); gss_release_buffer(&min_stat, &msg); GSS_UNLOCK_MUTEX(utils); if (!msg_ctx) break; } /* Now get the minor status */ len += 2; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, " ("); msg_ctx = 0; while (1) { GSS_LOCK_MUTEX(utils); maj_stat = gss_display_status(&min_stat, min, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &msg); GSS_UNLOCK_MUTEX(utils); if(GSS_ERROR(maj_stat)) { if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "GSSAPI Failure: (could not get minor error message)"); } else { utils->seterror(utils->conn, 0, "GSSAPI Failure " "(could not get minor error message)"); } utils->free(out); return SASL_OK; } len += len + msg.length; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, msg.value); GSS_LOCK_MUTEX(utils); gss_release_buffer(&min_stat, &msg); GSS_UNLOCK_MUTEX(utils); if (!msg_ctx) break; } len += 1; ret = _plug_buf_alloc(utils, &out, &curlen, len); if(ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, ")"); if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, out); } else { utils->seterror(utils->conn, 0, out); } utils->free(out); return SASL_OK; } static int sasl_gss_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen, int privacy) { context_t *text = (context_t *)context; OM_uint32 maj_stat, min_stat; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; int ret; struct buffer_info *inblob, bufinfo; if (!output) return SASL_BADPARAM; if (numiov > 1) { ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf); if (ret != SASL_OK) return ret; inblob = text->enc_in_buf; } else { bufinfo.data = invec[0].iov_base; bufinfo.curlen = invec[0].iov_len; inblob = &bufinfo; } if (text->state != SASL_GSSAPI_STATE_AUTHENTICATED) return SASL_NOTDONE; input_token = &real_input_token; real_input_token.value = inblob->data; real_input_token.length = inblob->curlen; output_token = &real_output_token; output_token->value = NULL; output_token->length = 0; GSS_LOCK_MUTEX(text->utils); maj_stat = gss_wrap (&min_stat, text->gss_ctx, privacy, GSS_C_QOP_DEFAULT, input_token, NULL, output_token); GSS_UNLOCK_MUTEX(text->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) { GSS_LOCK_MUTEX(text->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(text->utils); } return SASL_FAIL; } if (output_token->value && output) { unsigned char * p = (unsigned char *) text->encode_buf; ret = _plug_buf_alloc(text->utils, &(text->encode_buf), &(text->encode_buf_len), output_token->length + 4); if (ret != SASL_OK) { GSS_LOCK_MUTEX(text->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(text->utils); return ret; } p[0] = (output_token->length>>24) & 0xFF; p[1] = (output_token->length>>16) & 0xFF; p[2] = (output_token->length>>8) & 0xFF; p[3] = output_token->length & 0xFF; memcpy(text->encode_buf + 4, output_token->value, output_token->length); } if (outputlen) { *outputlen = output_token->length + 4; } *output = text->encode_buf; if (output_token->value) { GSS_LOCK_MUTEX(text->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(text->utils); } return SASL_OK; } static int gssapi_privacy_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { return sasl_gss_encode(context,invec,numiov,output,outputlen,1); } static int gssapi_integrity_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { return sasl_gss_encode(context,invec,numiov,output,outputlen,0); } static int gssapi_decode_packet(void *context, const char *input, unsigned inputlen, char **output, unsigned *outputlen) { context_t *text = (context_t *) context; OM_uint32 maj_stat, min_stat; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; int result; if (text->state != SASL_GSSAPI_STATE_AUTHENTICATED) { SETERROR(text->utils, "GSSAPI Failure"); return SASL_NOTDONE; } input_token = &real_input_token; real_input_token.value = (char *) input; real_input_token.length = inputlen; output_token = &real_output_token; output_token->value = NULL; output_token->length = 0; GSS_LOCK_MUTEX(text->utils); maj_stat = gss_unwrap (&min_stat, text->gss_ctx, input_token, output_token, NULL, NULL); GSS_UNLOCK_MUTEX(text->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils,maj_stat,min_stat); if (output_token->value) { GSS_LOCK_MUTEX(text->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(text->utils); } return SASL_FAIL; } if (outputlen) { *outputlen = output_token->length; } if (output_token->value) { if (output) { result = _plug_buf_alloc(text->utils, &text->decode_once_buf, &text->decode_once_buf_len, *outputlen); if (result != SASL_OK) { GSS_LOCK_MUTEX(text->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(text->utils); return result; } *output = text->decode_once_buf; memcpy(*output, output_token->value, *outputlen); } GSS_LOCK_MUTEX(text->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(text->utils); } return SASL_OK; } static int gssapi_decode(void *context, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { context_t *text = (context_t *) context; int ret; ret = _plug_decode(&text->decode_context, input, inputlen, &text->decode_buf, &text->decode_buf_len, outputlen, gssapi_decode_packet, text); *output = text->decode_buf; return ret; } static context_t *sasl_gss_new_context(const sasl_utils_t *utils) { context_t *ret; ret = utils->malloc(sizeof(context_t)); if(!ret) return NULL; memset(ret,0,sizeof(context_t)); ret->utils = utils; return ret; } static int sasl_gss_free_context_contents(context_t *text) { OM_uint32 maj_stat, min_stat; if (!text) return SASL_OK; GSS_LOCK_MUTEX(text->utils); if (text->gss_ctx != GSS_C_NO_CONTEXT) { maj_stat = gss_delete_sec_context(&min_stat,&text->gss_ctx, GSS_C_NO_BUFFER); text->gss_ctx = GSS_C_NO_CONTEXT; } if (text->client_name != GSS_C_NO_NAME) { maj_stat = gss_release_name(&min_stat,&text->client_name); text->client_name = GSS_C_NO_NAME; } if (text->server_name != GSS_C_NO_NAME) { maj_stat = gss_release_name(&min_stat,&text->server_name); text->server_name = GSS_C_NO_NAME; } if ( text->server_creds != GSS_C_NO_CREDENTIAL) { maj_stat = gss_release_cred(&min_stat, &text->server_creds); text->server_creds = GSS_C_NO_CREDENTIAL; } if ( text->client_creds != GSS_C_NO_CREDENTIAL) { maj_stat = gss_release_cred(&min_stat, &text->client_creds); text->client_creds = GSS_C_NO_CREDENTIAL; } GSS_UNLOCK_MUTEX(text->utils); if (text->out_buf) { text->utils->free(text->out_buf); text->out_buf = NULL; } if (text->encode_buf) { text->utils->free(text->encode_buf); text->encode_buf = NULL; } if (text->decode_buf) { text->utils->free(text->decode_buf); text->decode_buf = NULL; } if (text->decode_once_buf) { text->utils->free(text->decode_once_buf); text->decode_once_buf = NULL; } if (text->enc_in_buf) { if(text->enc_in_buf->data) text->utils->free(text->enc_in_buf->data); text->utils->free(text->enc_in_buf); text->enc_in_buf = NULL; } _plug_decode_free(&text->decode_context); if (text->authid) { /* works for both client and server */ text->utils->free(text->authid); text->authid = NULL; } return SASL_OK; } static void gssapi_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { sasl_gss_free_context_contents((context_t *)(conn_context)); utils->free(conn_context); } static void gssapi_common_mech_free(void *global_context __attribute__((unused)), const sasl_utils_t *utils) { #ifdef GSS_USE_MUTEXES if (gss_mutex) { utils->mutex_free(gss_mutex); gss_mutex=NULL; } #endif } /***************************** Server Section *****************************/ static int gssapi_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *params, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { context_t *text; text = sasl_gss_new_context(params->utils); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } text->gss_ctx = GSS_C_NO_CONTEXT; text->client_name = GSS_C_NO_NAME; text->server_name = GSS_C_NO_NAME; text->server_creds = GSS_C_NO_CREDENTIAL; text->client_creds = GSS_C_NO_CREDENTIAL; text->state = SASL_GSSAPI_STATE_AUTHNEG; *conn_context = text; return SASL_OK; } static int gssapi_server_mech_step(void *conn_context, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *)conn_context; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; OM_uint32 maj_stat = 0, min_stat = 0; OM_uint32 max_input; gss_buffer_desc name_token; int ret, out_flags = 0 ; gss_cred_id_t server_creds = params->gss_creds; input_token = &real_input_token; output_token = &real_output_token; output_token->value = NULL; output_token->length = 0; input_token->value = NULL; input_token->length = 0; if(!serverout) { PARAMERROR(text->utils); return SASL_BADPARAM; } *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } switch (text->state) { case SASL_GSSAPI_STATE_AUTHNEG: if (text->server_name == GSS_C_NO_NAME) { /* only once */ if (params->serverFQDN == NULL || strlen(params->serverFQDN) == 0) { SETERROR(text->utils, "GSSAPI Failure: no serverFQDN"); sasl_gss_free_context_contents(text); return SASL_FAIL; } name_token.length = strlen(params->service) + 1 + strlen(params->serverFQDN); name_token.value = (char *)params->utils->malloc((name_token.length + 1) * sizeof(char)); if (name_token.value == NULL) { MEMERROR(text->utils); sasl_gss_free_context_contents(text); return SASL_NOMEM; } sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); GSS_LOCK_MUTEX(params->utils); maj_stat = gss_import_name (&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, &text->server_name); GSS_UNLOCK_MUTEX(params->utils); params->utils->free(name_token.value); name_token.value = NULL; if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } if ( text->server_creds != GSS_C_NO_CREDENTIAL) { GSS_LOCK_MUTEX(params->utils); maj_stat = gss_release_cred(&min_stat, &text->server_creds); GSS_UNLOCK_MUTEX(params->utils); text->server_creds = GSS_C_NO_CREDENTIAL; } /* If caller didn't provide creds already */ if ( server_creds == GSS_C_NO_CREDENTIAL) { GSS_LOCK_MUTEX(params->utils); maj_stat = gss_acquire_cred(&min_stat, text->server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, &text->server_creds, NULL, NULL); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } server_creds = text->server_creds; } } if (clientinlen) { real_input_token.value = (void *)clientin; real_input_token.length = clientinlen; } GSS_LOCK_MUTEX(params->utils); maj_stat = gss_accept_sec_context(&min_stat, &(text->gss_ctx), server_creds, input_token, GSS_C_NO_CHANNEL_BINDINGS, &text->client_name, NULL, /* resulting mech_name */ output_token, &out_flags, NULL, /* context validity period */ &(text->client_creds)); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_log(text->utils, maj_stat, min_stat); text->utils->seterror(text->utils->conn, SASL_NOLOG, "GSSAPI Failure: gss_accept_sec_context"); if (output_token->value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } sasl_gss_free_context_contents(text); return SASL_BADAUTH; } /* When GSS_Accept_sec_context returns GSS_S_COMPLETE, the server examines the context to ensure that it provides a level of protection permitted by the server's security policy. In particular, if the integ_avail flag is not set in the context, then no security layer can be offered or accepted. If the conf_avail flag is not set in the context, then no security layer with confidentiality can be offered or accepted. */ if ((out_flags & GSS_C_INTEG_FLAG) == 0) { /* if the integ_avail flag is not set in the context, then no security layer can be offered or accepted. */ text->qop = LAYER_NONE; } else if ((out_flags & GSS_C_CONF_FLAG) == 0) { /* If the conf_avail flag is not set in the context, then no security layer with confidentiality can be offered or accepted. */ text->qop = LAYER_NONE | LAYER_INTEGRITY; } else { text->qop = LAYER_NONE | LAYER_INTEGRITY | LAYER_CONFIDENTIALITY; } if ((params->props.security_flags & SASL_SEC_PASS_CREDENTIALS) && (!(out_flags & GSS_C_DELEG_FLAG) || text->client_creds == GSS_C_NO_CREDENTIAL) ) { text->utils->seterror(text->utils->conn, SASL_LOG_WARN, "GSSAPI warning: no credentials were passed"); /* continue with authentication */ } if (serveroutlen) *serveroutlen = output_token->length; if (output_token->value) { if (serverout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *serveroutlen); if(ret != SASL_OK) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); return ret; } memcpy(text->out_buf, output_token->value, *serveroutlen); *serverout = text->out_buf; } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } else { /* No output token, send an empty string */ *serverout = GSSAPI_BLANK_STRING; *serveroutlen = 0; } if (maj_stat == GSS_S_COMPLETE) { /* Switch to ssf negotiation */ text->state = SASL_GSSAPI_STATE_SSFCAP; if (*serveroutlen != 0) { return SASL_CONTINUE; } /* Pretend that we just got an empty response from the client */ clientinlen = 0; /* fall through */ } else { return SASL_CONTINUE; } case SASL_GSSAPI_STATE_SSFCAP: { unsigned char sasldata[4]; gss_buffer_desc name_token; gss_buffer_desc name_without_realm; gss_name_t without = NULL; int equal; name_token.value = NULL; name_without_realm.value = NULL; if (clientinlen != 0) { SETERROR(text->utils, "GSSAPI server is not expecting data at this stage"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } GSS_LOCK_MUTEX(params->utils); maj_stat = gss_display_name (&min_stat, text->client_name, &name_token, NULL); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } /* If the id contains a realm get the identifier for the user without the realm and see if it's the same id (i.e. tmartin == tmartin@ANDREW.CMU.EDU. If this is the case we just want to return the id (i.e. just "tmartin" */ if (strchr((char *) name_token.value, (int) '@') != NULL) { /* NOTE: libc malloc, as it is freed below by a gssapi internal * function! */ name_without_realm.value = params->utils->malloc(strlen(name_token.value)+1); if (name_without_realm.value == NULL) { if (name_token.value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, &name_token); GSS_UNLOCK_MUTEX(params->utils); } MEMERROR(text->utils); return SASL_NOMEM; } strcpy(name_without_realm.value, name_token.value); /* cut off string at '@' */ (strchr(name_without_realm.value,'@'))[0] = '\0'; name_without_realm.length = strlen( (char *) name_without_realm.value ); GSS_LOCK_MUTEX(params->utils); maj_stat = gss_import_name (&min_stat, &name_without_realm, /* Solaris 8/9 gss_import_name doesn't accept GSS_C_NULL_OID here, so use GSS_C_NT_USER_NAME instead if available. */ #ifdef HAVE_GSS_C_NT_USER_NAME GSS_C_NT_USER_NAME, #else GSS_C_NULL_OID, #endif &without); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { params->utils->free(name_without_realm.value); if (name_token.value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, &name_token); GSS_UNLOCK_MUTEX(params->utils); } SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } GSS_LOCK_MUTEX(params->utils); maj_stat = gss_compare_name(&min_stat, text->client_name, without, &equal); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { params->utils->free(name_without_realm.value); if (name_token.value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, &name_token); GSS_UNLOCK_MUTEX(params->utils); } if (without) { GSS_LOCK_MUTEX(params->utils); gss_release_name(&min_stat, &without); GSS_UNLOCK_MUTEX(params->utils); } SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_BADAUTH; } GSS_LOCK_MUTEX(params->utils); gss_release_name(&min_stat,&without); GSS_UNLOCK_MUTEX(params->utils); } else { equal = 0; } if (equal) { text->authid = strdup(name_without_realm.value); if (text->authid == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } } else { text->authid = strdup(name_token.value); if (text->authid == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } } if (name_token.value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, &name_token); GSS_UNLOCK_MUTEX(params->utils); } if (name_without_realm.value) { params->utils->free(name_without_realm.value); } /* we have to decide what sort of encryption/integrity/etc., we support */ if (params->props.max_ssf < params->external_ssf) { text->limitssf = 0; } else { text->limitssf = params->props.max_ssf - params->external_ssf; } if (params->props.min_ssf < params->external_ssf) { text->requiressf = 0; } else { text->requiressf = params->props.min_ssf - params->external_ssf; } /* build up our security properties token */ if (text->requiressf != 0 && (text->qop & (LAYER_INTEGRITY|LAYER_CONFIDENTIALITY))) { if (params->props.maxbufsize > 0xFFFFFF) { /* make sure maxbufsize isn't too large */ /* maxbufsize = 0xFFFFFF */ sasldata[1] = sasldata[2] = sasldata[3] = 0xFF; } else { sasldata[1] = (params->props.maxbufsize >> 16) & 0xFF; sasldata[2] = (params->props.maxbufsize >> 8) & 0xFF; sasldata[3] = (params->props.maxbufsize >> 0) & 0xFF; } } else { /* From RFC 4752: "The client verifies that the server maximum buffer is 0 if the server does not advertise support for any security layer." */ sasldata[1] = sasldata[2] = sasldata[3] = 0; } sasldata[0] = 0; if(text->requiressf != 0 && !params->props.maxbufsize) { params->utils->seterror(params->utils->conn, 0, "GSSAPI needs a security layer but one is forbidden"); return SASL_TOOWEAK; } if (text->requiressf == 0) { sasldata[0] |= LAYER_NONE; /* authentication */ } if ((text->qop & LAYER_INTEGRITY) && text->requiressf <= 1 && text->limitssf >= 1 && params->props.maxbufsize) { sasldata[0] |= LAYER_INTEGRITY; } if ((text->qop & LAYER_CONFIDENTIALITY) && text->requiressf <= K5_MAX_SSF && text->limitssf >= K5_MAX_SSF && params->props.maxbufsize) { sasldata[0] |= LAYER_CONFIDENTIALITY; } real_input_token.value = (void *)sasldata; real_input_token.length = 4; GSS_LOCK_MUTEX(params->utils); maj_stat = gss_wrap(&min_stat, text->gss_ctx, 0, /* Just integrity checking here */ GSS_C_QOP_DEFAULT, input_token, NULL, output_token); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } sasl_gss_free_context_contents(text); return SASL_FAIL; } if (serveroutlen) *serveroutlen = output_token->length; if (output_token->value) { if (serverout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *serveroutlen); if(ret != SASL_OK) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); return ret; } memcpy(text->out_buf, output_token->value, *serveroutlen); *serverout = text->out_buf; } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } /* Remember what we want and can offer */ text->qop = sasldata[0]; /* Wait for ssf request and authid */ text->state = SASL_GSSAPI_STATE_SSFREQ; return SASL_CONTINUE; } case SASL_GSSAPI_STATE_SSFREQ: { int layerchoice; real_input_token.value = (void *)clientin; real_input_token.length = clientinlen; GSS_LOCK_MUTEX(params->utils); maj_stat = gss_unwrap(&min_stat, text->gss_ctx, input_token, output_token, NULL, NULL); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } if (output_token->length < 4) { SETERROR(text->utils, "token too short"); GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); sasl_gss_free_context_contents(text); return SASL_FAIL; } layerchoice = (int)(((char *)(output_token->value))[0]); if (layerchoice == LAYER_NONE && (text->qop & LAYER_NONE)) { /* no encryption */ oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; } else if (layerchoice == LAYER_INTEGRITY && (text->qop & LAYER_INTEGRITY)) { /* integrity */ oparams->encode = &gssapi_integrity_encode; oparams->decode = &gssapi_decode; oparams->mech_ssf = 1; } else if ((layerchoice == LAYER_CONFIDENTIALITY || /* For compatibility with broken clients setting both bits */ layerchoice == (LAYER_CONFIDENTIALITY|LAYER_INTEGRITY)) && (text->qop & LAYER_CONFIDENTIALITY)) { /* privacy */ oparams->encode = &gssapi_privacy_encode; oparams->decode = &gssapi_decode; /* FIX ME: Need to extract the proper value here */ oparams->mech_ssf = K5_MAX_SSF; } else { /* not a supported encryption layer */ SETERROR(text->utils, "protocol violation: client requested invalid layer"); /* Mark that we attempted negotiation */ oparams->mech_ssf = 2; if (output_token->value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } sasl_gss_free_context_contents(text); return SASL_FAIL; } if (output_token->length > 4) { int ret; ret = params->canon_user(params->utils->conn, ((char *) output_token->value) + 4, (output_token->length - 4) * sizeof(char), SASL_CU_AUTHZID, oparams); if (ret != SASL_OK) { sasl_gss_free_context_contents(text); return ret; } ret = params->canon_user(params->utils->conn, text->authid, 0, /* strlen(text->authid) */ SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED, oparams); if (ret != SASL_OK) { sasl_gss_free_context_contents(text); return ret; } } else /* if (output_token->length == 4) */ { /* null authzid */ int ret; ret = params->canon_user(params->utils->conn, text->authid, 0, /* strlen(text->authid) */ SASL_CU_AUTHZID | SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED, oparams); if (ret != SASL_OK) { sasl_gss_free_context_contents(text); return ret; } } /* No matter what, set the rest of the oparams */ if (text->client_creds != GSS_C_NO_CREDENTIAL) { oparams->client_creds = &text->client_creds; } else { oparams->client_creds = NULL; } oparams->maxoutbuf = (((unsigned char *) output_token->value)[1] << 16) | (((unsigned char *) output_token->value)[2] << 8) | (((unsigned char *) output_token->value)[3] << 0); if (oparams->mech_ssf) { maj_stat = gss_wrap_size_limit( &min_stat, text->gss_ctx, 1, GSS_C_QOP_DEFAULT, (OM_uint32) oparams->maxoutbuf, &max_input); if(max_input > oparams->maxoutbuf) { /* Heimdal appears to get this wrong */ oparams->maxoutbuf -= (max_input - oparams->maxoutbuf); } else { /* This code is actually correct */ oparams->maxoutbuf = max_input; } } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); text->state = SASL_GSSAPI_STATE_AUTHENTICATED; /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); oparams->doneflag = 1; return SASL_OK; } default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid GSSAPI server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static sasl_server_plug_t gssapi_server_plugins[] = { { "GSSAPI", /* mech_name */ K5_MAX_SSF, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH /* security_flags */ | SASL_SEC_PASS_CREDENTIALS, SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY | SASL_FEAT_DONTUSE_USERPASSWD, /* features */ NULL, /* glob_context */ &gssapi_server_mech_new, /* mech_new */ &gssapi_server_mech_step, /* mech_step */ &gssapi_common_mech_dispose, /* mech_dispose */ &gssapi_common_mech_free, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int gssapiv2_server_plug_init( #ifndef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY const sasl_utils_t *utils __attribute__((unused)), #else const sasl_utils_t *utils, #endif int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { #ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY const char *keytab = NULL; char keytab_path[1024]; unsigned int rl; #endif if (maxversion < SASL_SERVER_PLUG_VERSION) { return SASL_BADVERS; } #ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY /* unfortunately, we don't check for readability of keytab if it's the standard one, since we don't know where it is */ /* FIXME: This code is broken */ utils->getopt(utils->getopt_context, "GSSAPI", "keytab", &keytab, &rl); if (keytab != NULL) { if (access(keytab, R_OK) != 0) { utils->log(NULL, SASL_LOG_ERR, "Could not find keytab file: %s: %m", keytab, errno); return SASL_FAIL; } if(strlen(keytab) > 1024) { utils->log(NULL, SASL_LOG_ERR, "path to keytab is > 1024 characters"); return SASL_BUFOVER; } strncpy(keytab_path, keytab, 1024); gsskrb5_register_acceptor_identity(keytab_path); } #endif *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = gssapi_server_plugins; *plugcount = 1; #ifdef GSS_USE_MUTEXES if (!gss_mutex) { gss_mutex = utils->mutex_alloc(); if (!gss_mutex) { return SASL_FAIL; } } #endif return SASL_OK; } /***************************** Client Section *****************************/ static int gssapi_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { context_t *text; /* holds state are in */ text = sasl_gss_new_context(params->utils); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } text->state = SASL_GSSAPI_STATE_AUTHNEG; text->gss_ctx = GSS_C_NO_CONTEXT; text->client_name = GSS_C_NO_NAME; text->server_creds = GSS_C_NO_CREDENTIAL; text->client_creds = GSS_C_NO_CREDENTIAL; *conn_context = text; return SASL_OK; } static int gssapi_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *)conn_context; gss_buffer_t input_token, output_token; gss_buffer_desc real_input_token, real_output_token; OM_uint32 maj_stat = 0, min_stat = 0; OM_uint32 max_input; gss_buffer_desc name_token; int ret; OM_uint32 req_flags = 0, out_req_flags = 0; input_token = &real_input_token; output_token = &real_output_token; output_token->value = NULL; input_token->value = NULL; input_token->length = 0; gss_cred_id_t client_creds = (gss_cred_id_t)params->gss_creds; *clientout = NULL; *clientoutlen = 0; switch (text->state) { case SASL_GSSAPI_STATE_AUTHNEG: /* try to get the userid */ if (text->user == NULL) { int user_result = SASL_OK; user_result = _plug_get_userid(params->utils, &text->user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) { sasl_gss_free_context_contents(text); return user_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (user_result == SASL_INTERACT) { /* make the prompt list */ int result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } } if (text->server_name == GSS_C_NO_NAME) { /* only once */ if (params->serverFQDN == NULL || strlen(params->serverFQDN) == 0) { SETERROR(text->utils, "GSSAPI Failure: no serverFQDN"); sasl_gss_free_context_contents(text); return SASL_FAIL; } name_token.length = strlen(params->service) + 1 + strlen(params->serverFQDN); name_token.value = (char *)params->utils->malloc((name_token.length + 1) * sizeof(char)); if (name_token.value == NULL) { sasl_gss_free_context_contents(text); return SASL_NOMEM; } sprintf(name_token.value,"%s@%s", params->service, params->serverFQDN); GSS_LOCK_MUTEX(params->utils); maj_stat = gss_import_name (&min_stat, &name_token, GSS_C_NT_HOSTBASED_SERVICE, &text->server_name); GSS_UNLOCK_MUTEX(params->utils); params->utils->free(name_token.value); name_token.value = NULL; if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } } if (serverinlen == 0) input_token = GSS_C_NO_BUFFER; if (serverinlen) { real_input_token.value = (void *)serverin; real_input_token.length = serverinlen; } else if (text->gss_ctx != GSS_C_NO_CONTEXT ) { /* This can't happen under GSSAPI: we have a non-null context * and no input from the server. However, thanks to Imap, * which discards our first output, this happens all the time. * Throw away the context and try again. */ GSS_LOCK_MUTEX(params->utils); maj_stat = gss_delete_sec_context (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER); GSS_UNLOCK_MUTEX(params->utils); text->gss_ctx = GSS_C_NO_CONTEXT; } /* Setup req_flags properly */ req_flags = GSS_C_INTEG_FLAG; if (params->props.max_ssf > params->external_ssf) { /* We are requesting a security layer */ req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; /* Any SSF bigger than 1 is confidentiality. */ /* Let's check if the client of the API requires confidentiality, and it wasn't already provided by an external layer */ if (params->props.max_ssf - params->external_ssf > 1) { /* We want to try for privacy */ req_flags |= GSS_C_CONF_FLAG; } } if (params->props.security_flags & SASL_SEC_PASS_CREDENTIALS) { req_flags = req_flags | GSS_C_DELEG_FLAG; } GSS_LOCK_MUTEX(params->utils); maj_stat = gss_init_sec_context(&min_stat, client_creds, /* GSS_C_NO_CREDENTIAL */ &text->gss_ctx, text->server_name, GSS_C_NO_OID, req_flags, 0, GSS_C_NO_CHANNEL_BINDINGS, input_token, NULL, output_token, &out_req_flags, NULL); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } sasl_gss_free_context_contents(text); return SASL_FAIL; } if ((out_req_flags & GSS_C_INTEG_FLAG) == 0) { /* if the integ_avail flag is not set in the context, then no security layer can be offered or accepted. */ text->qop = LAYER_NONE; } else if ((out_req_flags & GSS_C_CONF_FLAG) == 0) { /* If the conf_avail flag is not set in the context, then no security layer with confidentiality can be offered or accepted. */ text->qop = LAYER_NONE | LAYER_INTEGRITY; } else { text->qop = LAYER_NONE | LAYER_INTEGRITY | LAYER_CONFIDENTIALITY; } if ((out_req_flags & GSS_C_DELEG_FLAG) != (req_flags & GSS_C_DELEG_FLAG)) { text->utils->seterror(text->utils->conn, SASL_LOG_WARN, "GSSAPI warning: no credentials were passed"); /* not a fatal error */ } *clientoutlen = output_token->length; if (output_token->value) { if (clientout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *clientoutlen); if(ret != SASL_OK) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); return ret; } memcpy(text->out_buf, output_token->value, *clientoutlen); *clientout = text->out_buf; } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } if (maj_stat == GSS_S_COMPLETE) { GSS_LOCK_MUTEX(params->utils); maj_stat = gss_inquire_context(&min_stat, text->gss_ctx, &text->client_name, NULL, /* targ_name */ NULL, /* lifetime */ NULL, /* mech */ /* FIX ME: Should check the resulting flags here */ NULL, /* flags */ NULL, /* local init */ NULL); /* open */ GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); return SASL_FAIL; } name_token.length = 0; GSS_LOCK_MUTEX(params->utils); maj_stat = gss_display_name(&min_stat, text->client_name, &name_token, NULL); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { if (name_token.value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, &name_token); GSS_UNLOCK_MUTEX(params->utils); } SETERROR(text->utils, "GSSAPI Failure"); sasl_gss_free_context_contents(text); return SASL_FAIL; } if (text->user && text->user[0]) { ret = params->canon_user(params->utils->conn, text->user, 0, SASL_CU_AUTHZID, oparams); if (ret == SASL_OK) ret = params->canon_user(params->utils->conn, name_token.value, 0, SASL_CU_AUTHID, oparams); } else { ret = params->canon_user(params->utils->conn, name_token.value, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, &name_token); GSS_UNLOCK_MUTEX(params->utils); if (ret != SASL_OK) return ret; /* Switch to ssf negotiation */ text->state = SASL_GSSAPI_STATE_SSFCAP; } return SASL_CONTINUE; case SASL_GSSAPI_STATE_SSFCAP: { sasl_security_properties_t *secprops = &(params->props); unsigned int alen, external = params->external_ssf; sasl_ssf_t need, allowed; char serverhas, mychoice; real_input_token.value = (void *) serverin; real_input_token.length = serverinlen; GSS_LOCK_MUTEX(params->utils); maj_stat = gss_unwrap(&min_stat, text->gss_ctx, input_token, output_token, NULL, NULL); GSS_UNLOCK_MUTEX(params->utils); if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); sasl_gss_free_context_contents(text); if (output_token->value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } return SASL_FAIL; } if (output_token->length != 4) { SETERROR(text->utils, (output_token->length < 4) ? "token too short" : "token too long"); GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); sasl_gss_free_context_contents(text); return SASL_FAIL; } /* taken from kerberos.c */ if (secprops->min_ssf > (K5_MAX_SSF + external)) { return SASL_TOOWEAK; } else if (secprops->min_ssf > secprops->max_ssf) { return SASL_BADPARAM; } /* need bits of layer -- sasl_ssf_t is unsigned so be careful */ if (secprops->max_ssf >= external) { allowed = secprops->max_ssf - external; } else { allowed = 0; } if (secprops->min_ssf >= external) { need = secprops->min_ssf - external; } else { /* good to go */ need = 0; } /* bit mask of server support */ serverhas = ((char *)output_token->value)[0]; /* use the strongest layer available */ if ((text->qop & LAYER_CONFIDENTIALITY) && allowed >= K5_MAX_SSF && need <= K5_MAX_SSF && (serverhas & LAYER_CONFIDENTIALITY)) { const char *ad_compat; /* encryption */ oparams->encode = &gssapi_privacy_encode; oparams->decode = &gssapi_decode; /* FIX ME: Need to extract the proper value here */ oparams->mech_ssf = K5_MAX_SSF; mychoice = LAYER_CONFIDENTIALITY; if (serverhas & LAYER_INTEGRITY) { /* should we send an AD compatible choice of security layers? */ params->utils->getopt(params->utils->getopt_context, "GSSAPI", "ad_compat", &ad_compat, NULL); if (ad_compat && (ad_compat[0] == '1' || ad_compat[0] == 'y' || (ad_compat[0] == 'o' && ad_compat[1] == 'n') || ad_compat[0] == 't')) { mychoice = LAYER_INTEGRITY|LAYER_CONFIDENTIALITY; } } } else if ((text->qop & LAYER_INTEGRITY) && allowed >= 1 && need <= 1 && (serverhas & LAYER_INTEGRITY)) { /* integrity */ oparams->encode = &gssapi_integrity_encode; oparams->decode = &gssapi_decode; oparams->mech_ssf = 1; mychoice = LAYER_INTEGRITY; } else if (need <= 0 && (serverhas & LAYER_NONE)) { /* no layer */ oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; mychoice = LAYER_NONE; } else { /* there's no appropriate layering for us! */ sasl_gss_free_context_contents(text); return SASL_TOOWEAK; } oparams->maxoutbuf = (((unsigned char *) output_token->value)[1] << 16) | (((unsigned char *) output_token->value)[2] << 8) | (((unsigned char *) output_token->value)[3] << 0); if (oparams->mech_ssf) { maj_stat = gss_wrap_size_limit( &min_stat, text->gss_ctx, 1, GSS_C_QOP_DEFAULT, (OM_uint32) oparams->maxoutbuf, &max_input); if (max_input > oparams->maxoutbuf) { /* Heimdal appears to get this wrong */ oparams->maxoutbuf -= (max_input - oparams->maxoutbuf); } else { /* This code is actually correct */ oparams->maxoutbuf = max_input; } } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); /* oparams->user is always set, due to canon_user requirements. * Make sure the client actually requested it though, by checking * if our context was set. */ if (text->user && text->user[0]) { alen = strlen(oparams->user); } else { alen = 0; } input_token->length = 4 + alen; input_token->value = (char *)params->utils->malloc((input_token->length + 1)*sizeof(char)); if (input_token->value == NULL) { sasl_gss_free_context_contents(text); return SASL_NOMEM; } if (alen) memcpy((char *)input_token->value+4,oparams->user,alen); /* build up our security properties token */ if (mychoice > 1) { if (params->props.maxbufsize > 0xFFFFFF) { /* make sure maxbufsize isn't too large */ /* maxbufsize = 0xFFFFFF */ ((unsigned char *)input_token->value)[1] = 0xFF; ((unsigned char *)input_token->value)[2] = 0xFF; ((unsigned char *)input_token->value)[3] = 0xFF; } else { ((unsigned char *)input_token->value)[1] = (params->props.maxbufsize >> 16) & 0xFF; ((unsigned char *)input_token->value)[2] = (params->props.maxbufsize >> 8) & 0xFF; ((unsigned char *)input_token->value)[3] = (params->props.maxbufsize >> 0) & 0xFF; } } else { ((unsigned char *)input_token->value)[1] = 0; ((unsigned char *)input_token->value)[2] = 0; ((unsigned char *)input_token->value)[3] = 0; } ((unsigned char *)input_token->value)[0] = mychoice; GSS_LOCK_MUTEX(params->utils); maj_stat = gss_wrap (&min_stat, text->gss_ctx, 0, /* Just integrity checking here */ GSS_C_QOP_DEFAULT, input_token, NULL, output_token); GSS_UNLOCK_MUTEX(params->utils); params->utils->free(input_token->value); input_token->value = NULL; if (GSS_ERROR(maj_stat)) { sasl_gss_seterror(text->utils, maj_stat, min_stat); if (output_token->value) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } sasl_gss_free_context_contents(text); return SASL_FAIL; } if (clientoutlen) { *clientoutlen = output_token->length; } if (output_token->value) { if (clientout) { ret = _plug_buf_alloc(text->utils, &(text->out_buf), &(text->out_buf_len), *clientoutlen); if (ret != SASL_OK) { GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); return ret; } memcpy(text->out_buf, output_token->value, *clientoutlen); *clientout = text->out_buf; } GSS_LOCK_MUTEX(params->utils); gss_release_buffer(&min_stat, output_token); GSS_UNLOCK_MUTEX(params->utils); } text->state = SASL_GSSAPI_STATE_AUTHENTICATED; oparams->doneflag = 1; /* used by layers */ _plug_decode_init(&text->decode_context, text->utils, (params->props.maxbufsize > 0xFFFFFF) ? 0xFFFFFF : params->props.maxbufsize); return SASL_OK; } default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid GSSAPI client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static const long gssapi_required_prompts[] = { SASL_CB_LIST_END }; static sasl_client_plug_t gssapi_client_plugins[] = { { "GSSAPI", /* mech_name */ K5_MAX_SSF, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ SASL_FEAT_NEEDSERVERFQDN | SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ gssapi_required_prompts, /* required_prompts */ NULL, /* glob_context */ &gssapi_client_mech_new, /* mech_new */ &gssapi_client_mech_step, /* mech_step */ &gssapi_common_mech_dispose, /* mech_dispose */ &gssapi_common_mech_free, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int gssapiv2_client_plug_init(const sasl_utils_t *utils __attribute__((unused)), int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "Version mismatch in GSSAPI"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = gssapi_client_plugins; *plugcount = 1; #ifdef GSS_USE_MUTEXES if(!gss_mutex) { gss_mutex = utils->mutex_alloc(); if(!gss_mutex) { return SASL_FAIL; } } #endif return SASL_OK; } cyrus-sasl-2.1.25/plugins/ntlm.c0000646000076400007640000016523711514057515013462 00000000000000/* NTLM SASL plugin * Ken Murchison * $Id: ntlm.c,v 1.36 2011/01/14 14:35:57 murch Exp $ * * References: * http://www.innovation.ch/java/ntlm.html * http://www.opengroup.org/comsource/techref2/NCH1222X.HTM * http://www.ubiqx.org/cifs/rfc-draft/draft-leach-cifs-v1-spec-02.html */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #ifdef WIN32 # include /* for getpid */ typedef int pid_t; #else # include # include # include # include # include #ifndef SYS_NMLN struct utsname dummy; # define SYS_NMLN sizeof(dummy.sysname) #endif # define closesocket(sock) close(sock) typedef int SOCKET; #endif /* WIN32 */ #include #include #include #include #include #if (OPENSSL_VERSION_NUMBER >= 0x0090700f) && \ !defined(OPENSSL_ENABLE_OLD_DES_SUPPORT) # define des_cblock DES_cblock # define des_key_schedule DES_key_schedule # define des_set_odd_parity(k) \ DES_set_odd_parity((k)) # define des_set_key(k,ks) \ DES_set_key((k),&(ks)) # define des_key_sched(k,ks) \ DES_key_sched((k),&(ks)) # define des_ecb_encrypt(i,o,k,e) \ DES_ecb_encrypt((i),(o),&(k),(e)) #endif /* OpenSSL 0.9.7+ w/o old DES support */ #include #define MD5_H /* suppress internal MD5 */ #include #include "plugin_common.h" /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: ntlm.c,v 1.36 2011/01/14 14:35:57 murch Exp $"; #ifdef WIN32 static ssize_t writev (SOCKET fd, const struct iovec *iov, size_t iovcnt); ssize_t writev (SOCKET fd, const struct iovec *iov, size_t iovcnt) { ssize_t nwritten; /* amount written */ ssize_t nbytes; size_t i; nbytes = 0; for (i = 0; i < iovcnt; i++) { if ((nwritten = send (fd, iov[i].iov_base, iov[i].iov_len, 0)) == SOCKET_ERROR) { /* Unless socket is nonblocking, we should always write everything */ return (-1); } nbytes += nwritten; if (nwritten < iov[i].iov_len) { break; } } return (nbytes); } #endif /* WIN32 */ #ifndef UINT16_MAX #define UINT16_MAX 65535U #endif #if UINT_MAX == UINT16_MAX typedef unsigned int uint16; #elif USHRT_MAX == UINT16_MAX typedef unsigned short uint16; #else #error dont know what to use for uint16 #endif #ifndef UINT32_MAX #define UINT32_MAX 4294967295U #endif #if UINT_MAX == UINT32_MAX typedef unsigned int uint32; #elif ULONG_MAX == UINT32_MAX typedef unsigned long uint32; #elif USHRT_MAX == UINT32_MAX typedef unsigned short uint32; #else #error dont know what to use for uint32 #endif #define NTLM_SIGNATURE "NTLMSSP" enum { NTLM_TYPE_REQUEST = 1, NTLM_TYPE_CHALLENGE = 2, NTLM_TYPE_RESPONSE = 3 }; enum { NTLM_USE_UNICODE = 0x00001, NTLM_USE_ASCII = 0x00002, NTLM_ASK_TARGET = 0x00004, NTLM_AUTH_NTLM = 0x00200, NTLM_ALWAYS_SIGN = 0x08000, NTLM_TARGET_IS_DOMAIN = 0x10000, NTLM_TARGET_IS_SERVER = 0x20000, NTLM_FLAGS_MASK = 0x0ffff }; enum { NTLM_NONCE_LENGTH = 8, NTLM_HASH_LENGTH = 21, NTLM_RESP_LENGTH = 24, NTLM_SESSKEY_LENGTH = 16, }; enum { NTLM_SIG_OFFSET = 0, NTLM_TYPE_OFFSET = 8, NTLM_TYPE1_FLAGS_OFFSET = 12, NTLM_TYPE1_DOMAIN_OFFSET = 16, NTLM_TYPE1_WORKSTN_OFFSET = 24, NTLM_TYPE1_DATA_OFFSET = 32, NTLM_TYPE1_MINSIZE = 16, NTLM_TYPE2_TARGET_OFFSET = 12, NTLM_TYPE2_FLAGS_OFFSET = 20, NTLM_TYPE2_CHALLENGE_OFFSET = 24, NTLM_TYPE2_CONTEXT_OFFSET = 32, NTLM_TYPE2_TARGETINFO_OFFSET= 40, NTLM_TYPE2_DATA_OFFSET = 48, NTLM_TYPE2_MINSIZE = 32, NTLM_TYPE3_LMRESP_OFFSET = 12, NTLM_TYPE3_NTRESP_OFFSET = 20, NTLM_TYPE3_DOMAIN_OFFSET = 28, NTLM_TYPE3_USER_OFFSET = 36, NTLM_TYPE3_WORKSTN_OFFSET = 44, NTLM_TYPE3_SESSIONKEY_OFFSET= 52, NTLM_TYPE3_FLAGS_OFFSET = 60, NTLM_TYPE3_DATA_OFFSET = 64, NTLM_TYPE3_MINSIZE = 52, NTLM_BUFFER_LEN_OFFSET = 0, NTLM_BUFFER_MAXLEN_OFFSET = 2, NTLM_BUFFER_OFFSET_OFFSET = 4, NTLM_BUFFER_SIZE = 8 }; /* return the length of a string (even if it is NULL) */ #define xstrlen(s) (s ? strlen(s) : 0) /* machine-independent routines to convert to/from Intel byte-order */ #define htois(is, hs) \ (is)[0] = hs & 0xff; \ (is)[1] = hs >> 8 #define itohs(is) \ ((is)[0] | ((is)[1] << 8)) #define htoil(il, hl) \ (il)[0] = hl & 0xff; \ (il)[1] = (hl >> 8) & 0xff; \ (il)[2] = (hl >> 16) & 0xff; \ (il)[3] = hl >> 24 #define itohl(il) \ ((il)[0] | ((il)[1] << 8) | ((il)[2] << 16) | ((il)[3] << 24)) /* convert string to all upper case */ static const char *ucase(const char *str, size_t len) { char *cp = (char *) str; if (!len) len = xstrlen(str); while (len && cp && *cp) { *cp = toupper((int) *cp); cp++; len--; } return (str); } /* copy src to dst as unicode (in Intel byte-order) */ static void to_unicode(u_char *dst, const char *src, int len) { for (; len; len--) { *dst++ = *src++; *dst++ = 0; } } /* copy unicode src (in Intel byte-order) to dst */ static void from_unicode(char *dst, u_char *src, int len) { for (; len; len--) { *dst++ = *src & 0x7f; src += 2; } } /* load a string into an NTLM buffer */ static void load_buffer(u_char *buf, const u_char *str, uint16 len, int unicode, u_char *base, uint32 *offset) { if (len) { if (unicode) { to_unicode(base + *offset, str, len); len *= 2; } else { memcpy(base + *offset, str, len); } } htois(buf + NTLM_BUFFER_LEN_OFFSET, len); htois(buf + NTLM_BUFFER_MAXLEN_OFFSET, len); htoil(buf + NTLM_BUFFER_OFFSET_OFFSET, *offset); *offset += len; } /* unload a string from an NTLM buffer */ static int unload_buffer(const sasl_utils_t *utils, const u_char *buf, u_char **str, unsigned *outlen, int unicode, const u_char *base, unsigned msglen) { uint16 len = itohs(buf + NTLM_BUFFER_LEN_OFFSET); if (len) { uint32 offset; *str = utils->malloc(len + 1); /* add 1 for NUL */ if (*str == NULL) { MEMERROR(utils); return SASL_NOMEM; } offset = itohl(buf + NTLM_BUFFER_OFFSET_OFFSET); /* sanity check */ if (offset > msglen || len > (msglen - offset)) return SASL_BADPROT; if (unicode) { len /= 2; from_unicode((char *) *str, (u_char *) base + offset, len); } else memcpy(*str, base + offset, len); (*str)[len] = '\0'; /* add NUL */ } else { *str = NULL; } if (outlen) *outlen = len; return SASL_OK; } /* * NTLM encryption/authentication routines per section 2.10 of * draft-leach-cifs-v1-spec-02 */ static void E(unsigned char *out, unsigned char *K, unsigned Klen, unsigned char *D, unsigned Dlen) { unsigned k, d; des_cblock K64; des_key_schedule ks; unsigned char *Dp; #define KEY_SIZE 7 #define BLOCK_SIZE 8 for (k = 0; k < Klen; k += KEY_SIZE, K += KEY_SIZE) { /* convert 56-bit key to 64-bit */ K64[0] = K[0]; K64[1] = ((K[0] << 7) & 0xFF) | (K[1] >> 1); K64[2] = ((K[1] << 6) & 0xFF) | (K[2] >> 2); K64[3] = ((K[2] << 5) & 0xFF) | (K[3] >> 3); K64[4] = ((K[3] << 4) & 0xFF) | (K[4] >> 4); K64[5] = ((K[4] << 3) & 0xFF) | (K[5] >> 5); K64[6] = ((K[5] << 2) & 0xFF) | (K[6] >> 6); K64[7] = (K[6] << 1) & 0xFF; des_set_odd_parity(&K64); /* XXX is this necessary? */ des_set_key(&K64, ks); for (d = 0, Dp = D; d < Dlen; d += BLOCK_SIZE, Dp += BLOCK_SIZE, out += BLOCK_SIZE) { des_ecb_encrypt((void *) Dp, (void *) out, ks, DES_ENCRYPT); } } } static unsigned char *P16_lm(unsigned char *P16, sasl_secret_t *passwd, const sasl_utils_t *utils __attribute__((unused)), char **buf __attribute__((unused)), unsigned *buflen __attribute__((unused)), int *result) { char P14[14]; unsigned char S8[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; strncpy(P14, passwd->data, sizeof(P14)); ucase(P14, sizeof(P14)); E(P16, P14, sizeof(P14), S8, sizeof(S8)); *result = SASL_OK; return P16; } static unsigned char *P16_nt(unsigned char *P16, sasl_secret_t *passwd, const sasl_utils_t *utils, char **buf, unsigned *buflen, int *result) { if (_plug_buf_alloc(utils, buf, buflen, 2 * passwd->len) != SASL_OK) { SETERROR(utils, "cannot allocate P16_nt unicode buffer"); *result = SASL_NOMEM; } else { to_unicode(*buf, passwd->data, passwd->len); MD4(*buf, 2 * passwd->len, P16); *result = SASL_OK; } return P16; } static unsigned char *P21(unsigned char *P21, sasl_secret_t *passwd, unsigned char * (*P16)(unsigned char *, sasl_secret_t *, const sasl_utils_t *, char **, unsigned *, int *), const sasl_utils_t *utils, char **buf, unsigned *buflen, int *result) { memset(P16(P21, passwd, utils, buf, buflen, result) + 16, 0, 5); return P21; } static unsigned char *P24(unsigned char *P24, unsigned char *P21, unsigned char *C8) { E(P24, P21, NTLM_HASH_LENGTH, C8, NTLM_NONCE_LENGTH); return P24; } static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, const char *authid, const char *target, const unsigned char *challenge, const unsigned char *blob, unsigned bloblen, const sasl_utils_t *utils, char **buf, unsigned *buflen, int *result) { HMAC_CTX ctx; unsigned char hash[EVP_MAX_MD_SIZE]; char *upper; unsigned int len; /* Allocate enough space for the unicode target */ len = (unsigned int) (strlen(authid) + xstrlen(target)); if (_plug_buf_alloc(utils, buf, buflen, 2 * len + 1) != SASL_OK) { SETERROR(utils, "cannot allocate NTLMv2 hash"); *result = SASL_NOMEM; } else { /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ P16_nt(hash, passwd, utils, buf, buflen, result); /* Use the tail end of the buffer for ucase() conversion */ upper = *buf + len; strcpy(upper, authid); if (target) strcat(upper, target); ucase(upper, len); to_unicode(*buf, upper, len); HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ HMAC_Init(&ctx, hash, len, EVP_md5()); HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); HMAC_Update(&ctx, blob, bloblen); HMAC_Final(&ctx, V2, &len); HMAC_cleanup(&ctx); /* the blob is concatenated outside of this function */ *result = SASL_OK; } return V2; } /***************************** Server Section *****************************/ typedef struct server_context { int state; uint32 flags; unsigned char nonce[NTLM_NONCE_LENGTH]; /* per-step mem management */ char *out_buf; unsigned out_buf_len; /* socket to remote authentication host */ SOCKET sock; } server_context_t; #define N(a) (sizeof (a) / sizeof (a[0])) #define SMB_HDR_PROTOCOL "\xffSMB" typedef struct { unsigned char protocol[4]; unsigned char command; uint32 status; unsigned char flags; uint16 flags2; uint16 PidHigh; unsigned char extra[10]; uint16 tid; uint16 pid; uint16 uid; uint16 mid; } SMB_Header; typedef struct { uint16 dialect_index; unsigned char security_mode; uint16 max_mpx_count; uint16 max_number_vcs; uint32 max_buffer_size; uint32 max_raw_size; uint32 session_key; uint32 capabilities; uint32 system_time_low; uint32 system_time_high; uint16 server_time_zone; unsigned char encryption_key_length; } SMB_NegProt_Resp; typedef struct { unsigned char andx_command; unsigned char andx_reserved; uint16 andx_offset; uint16 max_buffer_size; uint16 max_mpx_count; uint16 vc_number; uint32 session_key; uint16 case_insensitive_passwd_len; uint16 case_sensitive_passwd_len; uint32 reserved; uint32 capabilities; } SMB_SessionSetup; typedef struct { unsigned char andx_command; unsigned char andx_reserved; uint16 andx_offset; uint16 action; } SMB_SessionSetup_Resp; enum { NBT_SESSION_REQUEST = 0x81, NBT_POSITIVE_SESSION_RESP = 0x82, NBT_NEGATIVE_SESSION_RESP = 0x83, NBT_ERR_NO_LISTEN_CALLED = 0x80, NBT_ERR_NO_LISTEN_CALLING = 0x81, NBT_ERR_CALLED_NOT_PRESENT = 0x82, NBT_ERR_INSUFFICIENT_RESRC = 0x83, NBT_ERR_UNSPECIFIED = 0x8F, SMB_HDR_SIZE = 32, SMB_COM_NEGOTIATE_PROTOCOL = 0x72, SMB_COM_SESSION_SETUP_ANDX = 0x73, SMB_COM_NONE = 0xFF, SMB_FLAGS_SERVER_TO_REDIR = 0x80, SMB_FLAGS2_ERR_STATUS = 0x4000, SMB_FLAGS2_UNICODE = 0x8000, SMB_NEGPROT_RESP_SIZE = 34, SMB_SECURITY_MODE_USER = 0x1, SMB_SECURITY_MODE_ENCRYPT = 0x2, SMB_SECURITY_MODE_SIGN = 0x4, SMB_SECURITY_MODE_SIGN_REQ = 0x8, SMB_CAP_UNICODE = 0x0004, SMB_CAP_STATUS32 = 0x0040, SMB_CAP_EXTENDED_SECURITY = 0x80000000, SMB_SESSION_SETUP_SIZE = 26, SMB_SESSION_SETUP_RESP_SIZE = 6, SMB_REQUEST_MODE_GUEST = 0x1 }; static const char *SMB_DIALECTS[] = { #if 0 "\x02PC NETWORK PROGRAM 1.0", "\x02PCLAN1.0", "\x02MICROSOFT NETWORKS 1.03", "\x02MICROSOFT NETWORKS 3.0", "\x02LANMAN1.0", "\x02Windows for Workgroups 3.1a", "\x02LM1.2X002", "\x02DOS LM1.2X002", "\x02DOS LANLAM2.1", "\x02LANMAN2.1", #endif "\x02NT LM 0.12" }; static void load_smb_header(unsigned char buf[], SMB_Header *hdr) { unsigned char *p = buf; memcpy(p, SMB_HDR_PROTOCOL, 4); p += 4; *p++ = hdr->command; htoil(p, hdr->status); p += 4; *p++ = hdr->flags; htois(p, hdr->flags2); p += 2; htois(p, hdr->PidHigh); p += 2; memcpy(p, hdr->extra, 10); p += 10; htois(p, hdr->tid); p += 2; htois(p, hdr->pid); p += 2; htois(p, hdr->uid); p += 2; htois(p, hdr->mid); } static void unload_smb_header(unsigned char buf[], SMB_Header *hdr) { unsigned char *p = buf; memcpy(hdr->protocol, p, 4); p += 4; hdr->command = *p++; hdr->status = itohl(p); p += 4; hdr->flags = *p++; hdr->flags2 = itohs(p); p += 2; hdr->PidHigh = itohs(p); p += 2; memcpy(hdr->extra, p, 10); p += 10; hdr->tid = itohs(p); p += 2; hdr->pid = itohs(p); p += 2; hdr->uid = itohs(p); p += 2; hdr->mid = itohs(p); } static void unload_negprot_resp(unsigned char buf[], SMB_NegProt_Resp *resp) { unsigned char *p = buf; resp->dialect_index = itohs(p); p += 2; resp->security_mode = *p++; resp->max_mpx_count = itohs(p); p += 2; resp->max_number_vcs = itohs(p); p += 2; resp->max_buffer_size = itohl(p); p += 4; resp->max_raw_size = itohl(p); p += 4; resp->session_key = itohl(p); p += 4; resp->capabilities = itohl(p); p += 4; resp->system_time_low = itohl(p); p += 4; resp->system_time_high = itohl(p); p += 4; resp->server_time_zone = itohs(p); p += 2; resp->encryption_key_length = *p; } static void load_session_setup(unsigned char buf[], SMB_SessionSetup *setup) { unsigned char *p = buf; *p++ = setup->andx_command; *p++ = setup->andx_reserved; htois(p, setup->andx_offset); p += 2; htois(p, setup->max_buffer_size); p += 2; htois(p, setup->max_mpx_count); p += 2; htois(p, setup->vc_number); p += 2; htoil(p, setup->session_key); p += 4; htois(p, setup->case_insensitive_passwd_len); p += 2; htois(p, setup->case_sensitive_passwd_len); p += 2; htoil(p, setup->reserved); p += 4; htoil(p, setup->capabilities); p += 4; } static void unload_session_setup_resp(unsigned char buf[], SMB_SessionSetup_Resp *resp) { unsigned char *p = buf; resp->andx_command = *p++; resp->andx_reserved = *p++; resp->andx_offset = itohs(p); p += 2; resp->action = itohs(p); } /* * Keep calling the writev() system call with 'fd', 'iov', and 'iovcnt' * until all the data is written out or an error occurs. */ static int retry_writev(SOCKET fd, struct iovec *iov, int iovcnt) { int n; int i; int written = 0; static int iov_max = #ifdef MAXIOV MAXIOV #else #ifdef IOV_MAX IOV_MAX #else 8192 #endif #endif ; for (;;) { while (iovcnt && iov[0].iov_len == 0) { iov++; iovcnt--; } if (!iovcnt) return written; n = (int) writev(fd, iov, iovcnt > iov_max ? iov_max : iovcnt); if (n == -1) { #ifndef WIN32 if (errno == EINVAL && iov_max > 10) { iov_max /= 2; continue; } if (errno == EINTR) continue; #endif return -1; } written += n; for (i = 0; i < iovcnt; i++) { if ((int) iov[i].iov_len > n) { iov[i].iov_base = (char *) iov[i].iov_base + n; iov[i].iov_len -= n; break; } n -= iov[i].iov_len; iov[i].iov_len = 0; } if (i == iovcnt) return written; } } /* * Keep calling the read() system call with 'fd', 'buf', and 'nbyte' * until all the data is read in or an error occurs. */ static int retry_read(SOCKET fd, char *buf0, unsigned nbyte) { int n; int nread = 0; char *buf = buf0; if (nbyte == 0) return 0; for (;;) { /* Can't use read() on sockets on Windows, but recv works on all platforms */ n = recv (fd, buf, nbyte, 0); if (n == -1 || n == 0) { #ifndef WIN32 if (errno == EINTR || errno == EAGAIN) continue; #endif return -1; } nread += n; if (n >= (int) nbyte) return nread; buf += n; nbyte -= n; } } static void make_netbios_name(const char *in, unsigned char out[]) { size_t i, j = 0, n; /* create a NetBIOS name from the DNS name * * - use up to the first 16 chars of the first part of the hostname * - convert to all uppercase * - use the tail end of the output buffer as temp space */ n = strcspn(in, "."); if (n > 16) n = 16; strncpy(out+18, in, n); in = out+18; ucase(in, n); out[j++] = 0x20; for (i = 0; i < n; i++) { out[j++] = ((in[i] >> 4) & 0xf) + 0x41; out[j++] = (in[i] & 0xf) + 0x41; } for (; i < 16; i++) { out[j++] = ((0x20 >> 4) & 0xf) + 0x41; out[j++] = (0x20 & 0xf) + 0x41; } out[j] = 0; } static SOCKET smb_connect_server(const sasl_utils_t *utils, const char *client, const char *server) { struct addrinfo hints; struct addrinfo *ai = NULL, *r; SOCKET s = (SOCKET) -1; int err; char * error_str; #ifdef WIN32 DWORD saved_errno; #else int saved_errno; #endif int niflags; char *port = "139"; char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; unsigned char called[34]; unsigned char calling[34]; struct iovec iov[3]; uint32 pkt; int rc; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; if ((err = getaddrinfo(server, port, &hints, &ai)) != 0) { utils->log(NULL, SASL_LOG_ERR, "NTLM: getaddrinfo %s/%s: %s", server, port, gai_strerror(err)); return -1; } /* Make sure we have AF_INET or AF_INET6 addresses. */ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) { utils->log(NULL, SASL_LOG_ERR, "NTLM: no IP address info for %s", ai->ai_canonname ? ai->ai_canonname : server); freeaddrinfo(ai); return -1; } /* establish connection to authentication server */ for (r = ai; r; r = r->ai_next) { s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if (s < 0) continue; if (connect(s, r->ai_addr, r->ai_addrlen) >= 0) break; #ifdef WIN32 saved_errno = WSAGetLastError(); #else saved_errno = errno; #endif closesocket (s); s = -1; niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (r->ai_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif if (getnameinfo(r->ai_addr, r->ai_addrlen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags) != 0) { strcpy(hbuf, "unknown"); strcpy(pbuf, "unknown"); } /* Can't use errno (and %m), as it doesn't contain * the socket error on Windows */ error_str = _plug_get_error_message (utils, saved_errno); utils->log(NULL, SASL_LOG_WARN, "NTLM: connect %s[%s]/%s: %s", ai->ai_canonname ? ai->ai_canonname : server, hbuf, pbuf, error_str); utils->free (error_str); } if (s < 0) { if (getnameinfo(ai->ai_addr, ai->ai_addrlen, NULL, 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) { strcpy(pbuf, "unknown"); } utils->log(NULL, SASL_LOG_ERR, "NTLM: couldn't connect to %s/%s", ai->ai_canonname ? ai->ai_canonname : server, pbuf); freeaddrinfo(ai); return -1; } freeaddrinfo(ai); /*** send NetBIOS session request ***/ /* get length of data */ pkt = sizeof(called) + sizeof(calling); /* make sure length is less than 17 bits */ if (pkt >= (1 << 17)) { closesocket(s); return -1; } /* prepend the packet type */ pkt |= (NBT_SESSION_REQUEST << 24); pkt = htonl(pkt); /* XXX should determine the real NetBIOS name */ make_netbios_name(server, called); make_netbios_name(client, calling); iov[0].iov_base = (void *) &pkt; iov[0].iov_len = sizeof(pkt); iov[1].iov_base = called; iov[1].iov_len = sizeof(called); iov[2].iov_base = calling; iov[2].iov_len = sizeof(calling); rc = retry_writev(s, iov, N(iov)); if (rc == -1) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error sending NetBIOS session request"); closesocket(s); return -1; } rc = retry_read(s, (char *) &pkt, sizeof(pkt)); pkt = ntohl(pkt); if (rc == -1 || pkt != (uint32) (NBT_POSITIVE_SESSION_RESP << 24)) { unsigned char ec = NBT_ERR_UNSPECIFIED; char *errstr; retry_read(s, (char *) &ec, sizeof(ec)); switch (ec) { case NBT_ERR_NO_LISTEN_CALLED: errstr = "Not listening on called name"; break; case NBT_ERR_NO_LISTEN_CALLING: errstr = "Not listening for calling name"; break; case NBT_ERR_CALLED_NOT_PRESENT: errstr = "Called name not present"; break; case NBT_ERR_INSUFFICIENT_RESRC: errstr = "Called name present, but insufficient resources"; break; default: errstr = "Unspecified error"; } utils->log(NULL, SASL_LOG_ERR, "NTLM: negative NetBIOS session response: %s", errstr); closesocket(s); return -1; } return s; } static int smb_negotiate_protocol(const sasl_utils_t *utils, server_context_t *text, char **domain) { SMB_Header hdr; SMB_NegProt_Resp resp; unsigned char hbuf[SMB_HDR_SIZE], *p; unsigned char wordcount = 0; unsigned char bc[sizeof(uint16)]; uint16 bytecount; uint32 len, nl; int n_dialects = N(SMB_DIALECTS); struct iovec iov[4+N(SMB_DIALECTS)]; int i, n; int rc; pid_t current_pid; /*** create a negotiate protocol request ***/ /* create a header */ memset(&hdr, 0, sizeof(hdr)); hdr.command = SMB_COM_NEGOTIATE_PROTOCOL; #if 0 hdr.flags2 = SMB_FLAGS2_ERR_STATUS; if (text->flags & NTLM_USE_UNICODE) hdr.flags2 |= SMB_FLAGS2_UNICODE; #endif current_pid = getpid(); if (sizeof(current_pid) <= 2) { hdr.pid = (uint16) current_pid; hdr.PidHigh = 0; } else { hdr.pid = (uint16) (((uint32) current_pid) & 0xFFFF); hdr.PidHigh = (uint16) (((uint32) current_pid) >> 16); } load_smb_header(hbuf, &hdr); /* put together all of the pieces of the request */ n = 0; iov[n].iov_base = (void *) &nl; iov[n++].iov_len = sizeof(len); iov[n].iov_base = hbuf; iov[n++].iov_len = SMB_HDR_SIZE; iov[n].iov_base = &wordcount; iov[n++].iov_len = sizeof(wordcount); iov[n].iov_base = (void *) &bc; iov[n++].iov_len = sizeof(bc); /* add our supported dialects */ for (i = 0; i < n_dialects; i++) { iov[n].iov_base = (char *) SMB_DIALECTS[i]; iov[n++].iov_len = (long) strlen(SMB_DIALECTS[i]) + 1; } /* total up the lengths */ len = bytecount = 0; for (i = 1; i < 4; i++) len += iov[i].iov_len; for (i = 4; i < n; i++) bytecount += (uint16) iov[i].iov_len; len += bytecount; nl = htonl(len); htois((char *) &bc, bytecount); /* send it */ rc = retry_writev(text->sock, iov, n); if (rc == -1) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error sending NEGPROT request"); return SASL_FAIL; } /*** read the negotiate protocol response ***/ /* read the total length */ rc = retry_read(text->sock, (char *) &nl, sizeof(nl)); if (rc < (int) sizeof(nl)) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error reading NEGPROT response length"); return SASL_FAIL; } /* read the data */ len = ntohl(nl); if (_plug_buf_alloc(utils, &text->out_buf, &text->out_buf_len, len) != SASL_OK) { SETERROR(utils, "cannot allocate NTLM NEGPROT response buffer"); return SASL_NOMEM; } rc = retry_read(text->sock, text->out_buf, len); if (rc < (int) len) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error reading NEGPROT response"); return SASL_FAIL; } p = text->out_buf; /* parse the header */ if (len < SMB_HDR_SIZE) { utils->log(NULL, SASL_LOG_ERR, "NTLM: not enough data for NEGPROT response header"); return SASL_FAIL; } unload_smb_header(p, &hdr); p += SMB_HDR_SIZE; len -= SMB_HDR_SIZE; /* sanity check the header */ if (memcmp(hdr.protocol, SMB_HDR_PROTOCOL, 4) /* correct protocol */ || hdr.command != SMB_COM_NEGOTIATE_PROTOCOL /* correct command */ || hdr.status /* no errors */ || !(hdr.flags & SMB_FLAGS_SERVER_TO_REDIR)) { /* response */ utils->log(NULL, SASL_LOG_ERR, "NTLM: error in NEGPROT response header: %ld", hdr.status); return SASL_FAIL; } /* get the wordcount */ if (len < 1) { utils->log(NULL, SASL_LOG_ERR, "NTLM: not enough data for NEGPROT response wordcount"); return SASL_FAIL; } wordcount = *p++; len--; /* parse the parameters */ if (wordcount != SMB_NEGPROT_RESP_SIZE / sizeof(uint16)) { utils->log(NULL, SASL_LOG_ERR, "NTLM: incorrect NEGPROT wordcount for NT LM 0.12"); return SASL_FAIL; } unload_negprot_resp(p, &resp); p += SMB_NEGPROT_RESP_SIZE; len -= SMB_NEGPROT_RESP_SIZE; /* sanity check the parameters */ if (resp.dialect_index != 0 || !(resp.security_mode & SMB_SECURITY_MODE_USER) || !(resp.security_mode & SMB_SECURITY_MODE_ENCRYPT) || resp.security_mode & SMB_SECURITY_MODE_SIGN_REQ || resp.capabilities & SMB_CAP_EXTENDED_SECURITY || resp.encryption_key_length != NTLM_NONCE_LENGTH) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error in NEGPROT response parameters"); return SASL_FAIL; } /* get the bytecount */ if (len < 2) { utils->log(NULL, SASL_LOG_ERR, "NTLM: not enough data for NEGPROT response bytecount"); return SASL_FAIL; } bytecount = itohs(p); p += 2; len -= 2; if (len != bytecount) { utils->log(NULL, SASL_LOG_ERR, "NTLM: incorrect bytecount for NEGPROT response data"); return SASL_FAIL; } /* parse the data */ memcpy(text->nonce, p, resp.encryption_key_length); p += resp.encryption_key_length; len -= resp.encryption_key_length; /* if client asked for target, send domain */ if (text->flags & NTLM_ASK_TARGET) { *domain = utils->malloc(len); if (domain == NULL) { MEMERROR(utils); return SASL_NOMEM; } memcpy(*domain, p, len); from_unicode(*domain, *domain, len); text->flags |= NTLM_TARGET_IS_DOMAIN; } return SASL_OK; } static int smb_session_setup(const sasl_utils_t *utils, server_context_t *text, const char *authid, char *domain, unsigned char *lm_resp, unsigned lm_resp_len, unsigned char *nt_resp, unsigned nt_resp_len) { SMB_Header hdr; SMB_SessionSetup setup; SMB_SessionSetup_Resp resp; unsigned char hbuf[SMB_HDR_SIZE], sbuf[SMB_SESSION_SETUP_SIZE], *p; unsigned char wordcount = SMB_SESSION_SETUP_SIZE / sizeof(uint16); unsigned char bc[sizeof(uint16)]; uint16 bytecount; uint32 len, nl; struct iovec iov[12]; int i, n; int rc; #ifdef WIN32 char osbuf[80]; #else char osbuf[2*SYS_NMLN+2]; #endif char lanman[20]; pid_t current_pid; /*** create a session setup request ***/ /* create a header */ memset(&hdr, 0, sizeof(hdr)); hdr.command = SMB_COM_SESSION_SETUP_ANDX; #if 0 hdr.flags2 = SMB_FLAGS2_ERR_STATUS; if (text->flags & NTLM_USE_UNICODE) hdr.flags2 |= SMB_FLAGS2_UNICODE; #endif current_pid = getpid(); if (sizeof(current_pid) <= 2) { hdr.pid = (uint16) current_pid; hdr.PidHigh = 0; } else { hdr.pid = (uint16) (((uint32) current_pid) & 0xFFFF); hdr.PidHigh = (uint16) (((uint32) current_pid) >> 16); } load_smb_header(hbuf, &hdr); /* create a the setup parameters */ memset(&setup, 0, sizeof(setup)); setup.andx_command = SMB_COM_NONE; setup.max_buffer_size = 0xFFFF; if (lm_resp) setup.case_insensitive_passwd_len = lm_resp_len; if (nt_resp) setup.case_sensitive_passwd_len = nt_resp_len; #if 0 if (text->flags & NTLM_USE_UNICODE) setup.capabilities = SMB_CAP_UNICODE; #endif load_session_setup(sbuf, &setup); _plug_snprintf_os_info (osbuf, sizeof(osbuf)); snprintf(lanman, sizeof(lanman), "Cyrus SASL %u.%u.%u", SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP); /* put together all of the pieces of the request */ n = 0; iov[n].iov_base = (void *) &nl; iov[n++].iov_len = sizeof(len); iov[n].iov_base = hbuf; iov[n++].iov_len = SMB_HDR_SIZE; iov[n].iov_base = &wordcount; iov[n++].iov_len = sizeof(wordcount); iov[n].iov_base = sbuf; iov[n++].iov_len = SMB_SESSION_SETUP_SIZE; iov[n].iov_base = (void *) &bc; iov[n++].iov_len = sizeof(bc); if (lm_resp) { iov[n].iov_base = lm_resp; iov[n++].iov_len = NTLM_RESP_LENGTH; } if (nt_resp) { iov[n].iov_base = nt_resp; iov[n++].iov_len = NTLM_RESP_LENGTH; } iov[n].iov_base = (char*) authid; iov[n++].iov_len = (long) strlen(authid) + 1; if (!domain) domain = ""; iov[n].iov_base = domain; iov[n++].iov_len = (long) strlen(domain) + 1; iov[n].iov_base = osbuf; iov[n++].iov_len = (long) strlen(osbuf) + 1; iov[n].iov_base = lanman; iov[n++].iov_len = (long) strlen(lanman) + 1; /* total up the lengths */ len = bytecount = 0; for (i = 1; i < 5; i++) len += iov[i].iov_len; for (i = 5; i < n; i++) bytecount += (uint16) iov[i].iov_len; len += bytecount; nl = htonl(len); htois((char *) &bc, bytecount); /* send it */ rc = retry_writev(text->sock, iov, n); if (rc == -1) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error sending SESSIONSETUP request"); return SASL_FAIL; } /*** read the session setup response ***/ /* read the total length */ rc = retry_read(text->sock, (char *) &nl, sizeof(nl)); if (rc < (int) sizeof(nl)) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error reading SESSIONSETUP response length"); return SASL_FAIL; } /* read the data */ len = ntohl(nl); if (_plug_buf_alloc(utils, &text->out_buf, &text->out_buf_len, len) != SASL_OK) { SETERROR(utils, "cannot allocate NTLM SESSIONSETUP response buffer"); return SASL_NOMEM; } rc = retry_read(text->sock, text->out_buf, len); if (rc < (int) len) { utils->log(NULL, SASL_LOG_ERR, "NTLM: error reading SESSIONSETUP response"); return SASL_FAIL; } p = text->out_buf; /* parse the header */ if (len < SMB_HDR_SIZE) { utils->log(NULL, SASL_LOG_ERR, "NTLM: not enough data for SESSIONSETUP response header"); return SASL_FAIL; } unload_smb_header(p, &hdr); p += SMB_HDR_SIZE; len -= SMB_HDR_SIZE; /* sanity check the header */ if (memcmp(hdr.protocol, SMB_HDR_PROTOCOL, 4) /* correct protocol */ || hdr.command != SMB_COM_SESSION_SETUP_ANDX /* correct command */ || !(hdr.flags & SMB_FLAGS_SERVER_TO_REDIR)) { /* response */ utils->log(NULL, SASL_LOG_ERR, "NTLM: error in SESSIONSETUP response header"); return SASL_FAIL; } /* check auth success */ if (hdr.status) { utils->log(NULL, SASL_LOG_ERR, "NTLM: auth failure: %ld", hdr.status); return SASL_BADAUTH; } /* get the wordcount */ if (len < 1) { utils->log(NULL, SASL_LOG_ERR, "NTLM: not enough data for SESSIONSETUP response wordcount"); return SASL_FAIL; } wordcount = *p++; len--; /* parse the parameters */ if (wordcount < SMB_SESSION_SETUP_RESP_SIZE / sizeof(uint16)) { utils->log(NULL, SASL_LOG_ERR, "NTLM: incorrect SESSIONSETUP wordcount"); return SASL_FAIL; } unload_session_setup_resp(p, &resp); /* check auth success */ if (resp.action & SMB_REQUEST_MODE_GUEST) { utils->log(NULL, SASL_LOG_ERR, "NTLM: authenticated as guest"); return SASL_BADAUTH; } return SASL_OK; } /* * Create a server challenge message (type 2) consisting of: * * signature (8 bytes) * message type (uint32) * target name (buffer) * flags (uint32) * challenge (8 bytes) * context (8 bytes) * target info (buffer) * data */ static int create_challenge(const sasl_utils_t *utils, char **buf, unsigned *buflen, const char *target, uint32 flags, const u_char *nonce, unsigned *outlen) { uint32 offset = NTLM_TYPE2_DATA_OFFSET; u_char *base; if (!nonce) { SETERROR(utils, "need nonce for NTLM challenge"); return SASL_FAIL; } *outlen = offset + 2 * (unsigned) xstrlen(target); if (_plug_buf_alloc(utils, buf, buflen, *outlen) != SASL_OK) { SETERROR(utils, "cannot allocate NTLM challenge"); return SASL_NOMEM; } base = *buf; memset(base, 0, *outlen); memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_CHALLENGE); load_buffer(base + NTLM_TYPE2_TARGET_OFFSET, ucase(target, 0), (uint16) xstrlen(target), flags & NTLM_USE_UNICODE, base, &offset); htoil(base + NTLM_TYPE2_FLAGS_OFFSET, flags); memcpy(base + NTLM_TYPE2_CHALLENGE_OFFSET, nonce, NTLM_NONCE_LENGTH); return SASL_OK; } static int ntlm_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { server_context_t *text; const char *serv; unsigned int len; SOCKET sock = (SOCKET) -1; sparams->utils->getopt(sparams->utils->getopt_context, "NTLM", "ntlm_server", &serv, &len); if (serv) { unsigned int i,j; char *tmp, *next; /* strip any whitespace */ if(_plug_strdup(sparams->utils, serv, &tmp, NULL) != SASL_OK) { MEMERROR( sparams->utils ); return SASL_NOMEM; } for(i=0, j=0; iutils, sparams->serverFQDN, serv); } while(sock == (SOCKET) -1 && next); sparams->utils->free(tmp); if (sock == (SOCKET) -1) return SASL_UNAVAIL; } /* holds state are in */ text = sparams->utils->malloc(sizeof(server_context_t)); if (text == NULL) { MEMERROR( sparams->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(server_context_t)); text->state = 1; text->sock = sock; *conn_context = text; return SASL_OK; } static int ntlm_server_mech_step1(server_context_t *text, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams __attribute__((unused))) { char *domain = NULL; int result; if (!clientin || clientinlen < NTLM_TYPE1_MINSIZE || memcmp(clientin, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) || itohl(clientin + NTLM_TYPE_OFFSET) != NTLM_TYPE_REQUEST) { SETERROR(sparams->utils, "client didn't issue valid NTLM request"); return SASL_BADPROT; } text->flags = itohl(clientin + NTLM_TYPE1_FLAGS_OFFSET); sparams->utils->log(NULL, SASL_LOG_DEBUG, "client flags: %x", text->flags); text->flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */ /* if client can do Unicode, turn off ASCII */ if (text->flags & NTLM_USE_UNICODE) text->flags &= ~NTLM_USE_ASCII; if (text->sock == -1) { /* generate challenge internally */ /* if client asked for target, use FQDN as server target */ if (text->flags & NTLM_ASK_TARGET) { result = _plug_strdup(sparams->utils, sparams->serverFQDN, &domain, NULL); if (result != SASL_OK) return result; text->flags |= NTLM_TARGET_IS_SERVER; } /* generate a nonce */ sparams->utils->rand(sparams->utils->rpool, (char *) text->nonce, NTLM_NONCE_LENGTH); } else { /* proxy the response/challenge */ result = smb_negotiate_protocol(sparams->utils, text, &domain); if (result != SASL_OK) goto cleanup; } result = create_challenge(sparams->utils, &text->out_buf, &text->out_buf_len, domain, text->flags, text->nonce, serveroutlen); if (result != SASL_OK) goto cleanup; *serverout = text->out_buf; text->state = 2; result = SASL_CONTINUE; cleanup: if (domain) sparams->utils->free(domain); return result; } static int ntlm_server_mech_step2(server_context_t *text, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout __attribute__((unused)), unsigned *serveroutlen __attribute__((unused)), sasl_out_params_t *oparams) { unsigned char *lm_resp = NULL, *nt_resp = NULL; char *domain = NULL, *authid = NULL; unsigned lm_resp_len, nt_resp_len, domain_len, authid_len; int result; if (!clientin || clientinlen < NTLM_TYPE3_MINSIZE || memcmp(clientin, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) || itohl(clientin + NTLM_TYPE_OFFSET) != NTLM_TYPE_RESPONSE) { SETERROR(sparams->utils, "client didn't issue valid NTLM response"); return SASL_BADPROT; } result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_LMRESP_OFFSET, (u_char **) &lm_resp, &lm_resp_len, 0, clientin, clientinlen); if (result != SASL_OK) goto cleanup; result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_NTRESP_OFFSET, (u_char **) &nt_resp, &nt_resp_len, 0, clientin, clientinlen); if (result != SASL_OK) goto cleanup; result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_DOMAIN_OFFSET, (u_char **) &domain, &domain_len, text->flags & NTLM_USE_UNICODE, clientin, clientinlen); if (result != SASL_OK) goto cleanup; result = unload_buffer(sparams->utils, clientin + NTLM_TYPE3_USER_OFFSET, (u_char **) &authid, &authid_len, text->flags & NTLM_USE_UNICODE, clientin, clientinlen); if (result != SASL_OK) goto cleanup; /* require at least one response and an authid */ if ((!lm_resp && !nt_resp) || (lm_resp && lm_resp_len < NTLM_RESP_LENGTH) || (nt_resp && nt_resp_len < NTLM_RESP_LENGTH) || !authid) { SETERROR(sparams->utils, "client issued incorrect/nonexistent responses"); result = SASL_BADPROT; goto cleanup; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "client user: %s", authid); if (domain) sparams->utils->log(NULL, SASL_LOG_DEBUG, "client domain: %s", domain); if (text->sock == -1) { /* verify the response internally */ sasl_secret_t *password = NULL; size_t pass_len; const char *password_request[] = { SASL_AUX_PASSWORD, NULL }; struct propval auxprop_values[2]; unsigned char hash[NTLM_HASH_LENGTH]; unsigned char resp[NTLM_RESP_LENGTH]; /* fetch user's password */ result = sparams->utils->prop_request(sparams->propctx, password_request); if (result != SASL_OK) goto cleanup; /* this will trigger the getting of the aux properties */ result = sparams->canon_user(sparams->utils->conn, authid, authid_len, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; result = sparams->utils->prop_getnames(sparams->propctx, password_request, auxprop_values); if (result < 0 || (!auxprop_values[0].name || !auxprop_values[0].values)) { /* We didn't find this username */ SETERROR(sparams->utils, "no secret in database"); result = sparams->transition ? SASL_TRANS : SASL_NOUSER; goto cleanup; } pass_len = strlen(auxprop_values[0].values[0]); if (pass_len == 0) { SETERROR(sparams->utils, "empty secret"); result = SASL_FAIL; goto cleanup; } password = sparams->utils->malloc(sizeof(sasl_secret_t) + pass_len); if (!password) { result = SASL_NOMEM; goto cleanup; } password->len = (unsigned) pass_len; strncpy(password->data, auxprop_values[0].values[0], pass_len + 1); /* erase the plaintext password */ sparams->utils->prop_erase(sparams->propctx, password_request[0]); /* calculate our own response(s) and compare with client's */ result = SASL_OK; if (nt_resp && (nt_resp_len > NTLM_RESP_LENGTH)) { /* Try NTv2 response */ sparams->utils->log(NULL, SASL_LOG_DEBUG, "calculating NTv2 response"); V2(resp, password, authid, domain, text->nonce, nt_resp + MD5_DIGEST_LENGTH, nt_resp_len - MD5_DIGEST_LENGTH, sparams->utils, &text->out_buf, &text->out_buf_len, &result); /* No need to compare the blob */ if (memcmp(nt_resp, resp, MD5_DIGEST_LENGTH)) { SETERROR(sparams->utils, "incorrect NTLMv2 response"); result = SASL_BADAUTH; } } else if (nt_resp) { /* Try NT response */ sparams->utils->log(NULL, SASL_LOG_DEBUG, "calculating NT response"); P24(resp, P21(hash, password, P16_nt, sparams->utils, &text->out_buf, &text->out_buf_len, &result), text->nonce); if (memcmp(nt_resp, resp, NTLM_RESP_LENGTH)) { SETERROR(sparams->utils, "incorrect NTLM response"); result = SASL_BADAUTH; } } else if (lm_resp) { /* Try LMv2 response */ sparams->utils->log(NULL, SASL_LOG_DEBUG, "calculating LMv2 response"); V2(resp, password, authid, domain, text->nonce, lm_resp + MD5_DIGEST_LENGTH, lm_resp_len - MD5_DIGEST_LENGTH, sparams->utils, &text->out_buf, &text->out_buf_len, &result); /* No need to compare the blob */ if (memcmp(lm_resp, resp, MD5_DIGEST_LENGTH)) { /* Try LM response */ sparams->utils->log(NULL, SASL_LOG_DEBUG, "calculating LM response"); P24(resp, P21(hash, password, P16_lm, sparams->utils, &text->out_buf, &text->out_buf_len, &result), text->nonce); if (memcmp(lm_resp, resp, NTLM_RESP_LENGTH)) { SETERROR(sparams->utils, "incorrect LMv1/v2 response"); result = SASL_BADAUTH; } } } _plug_free_secret(sparams->utils, &password); if (result != SASL_OK) goto cleanup; } else { /* proxy the response */ result = smb_session_setup(sparams->utils, text, authid, domain, lm_resp, lm_resp_len, nt_resp, nt_resp_len); if (result != SASL_OK) goto cleanup; result = sparams->canon_user(sparams->utils->conn, authid, authid_len, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; } /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; cleanup: if (lm_resp) sparams->utils->free(lm_resp); if (nt_resp) sparams->utils->free(nt_resp); if (domain) sparams->utils->free(domain); if (authid) sparams->utils->free(authid); return result; } static int ntlm_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { server_context_t *text = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "NTLM server step %d\n", text->state); switch (text->state) { case 1: return ntlm_server_mech_step1(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: return ntlm_server_mech_step2(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); default: sparams->utils->log(NULL, SASL_LOG_ERR, "Invalid NTLM server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void ntlm_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *text = (server_context_t *) conn_context; if (!text) return; if (text->out_buf) utils->free(text->out_buf); if (text->sock != -1) closesocket(text->sock); utils->free(text); } static sasl_server_plug_t ntlm_server_plugins[] = { { "NTLM", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_SUPPORTS_HTTP, /* features */ NULL, /* glob_context */ &ntlm_server_mech_new, /* mech_new */ &ntlm_server_mech_step, /* mech_step */ &ntlm_server_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int ntlm_server_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR(utils, "NTLM version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = ntlm_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { int state; /* per-step mem management */ char *out_buf; unsigned out_buf_len; } client_context_t; /* * Create a client request (type 1) consisting of: * * signature (8 bytes) * message type (uint32) * flags (uint32) * domain (buffer) * workstation (buffer) * data */ static int create_request(const sasl_utils_t *utils, char **buf, unsigned *buflen, const char *domain, const char *wkstn, unsigned *outlen) { uint32 flags = ( NTLM_USE_UNICODE | NTLM_USE_ASCII | NTLM_ASK_TARGET | NTLM_AUTH_NTLM ); uint32 offset = NTLM_TYPE1_DATA_OFFSET; u_char *base; *outlen = (unsigned) (offset + xstrlen(domain) + xstrlen(wkstn)); if (_plug_buf_alloc(utils, buf, buflen, *outlen) != SASL_OK) { SETERROR(utils, "cannot allocate NTLM request"); return SASL_NOMEM; } base = *buf; memset(base, 0, *outlen); memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_REQUEST); htoil(base + NTLM_TYPE1_FLAGS_OFFSET, flags); load_buffer(base + NTLM_TYPE1_DOMAIN_OFFSET, domain, (uint16) xstrlen(domain), 0, base, &offset); load_buffer(base + NTLM_TYPE1_WORKSTN_OFFSET, wkstn, (uint16) xstrlen(wkstn), 0, base, &offset); return SASL_OK; } /* * Create a client response (type 3) consisting of: * * signature (8 bytes) * message type (uint32) * LM/LMv2 response (buffer) * NTLM/NTLMv2 response (buffer) * domain (buffer) * user name (buffer) * workstation (buffer) * session key (buffer) * flags (uint32) * data */ static int create_response(const sasl_utils_t *utils, char **buf, unsigned *buflen, const u_char *lm_resp, const u_char *nt_resp, const char *domain, const char *user, const char *wkstn, const u_char *key, uint32 flags, unsigned *outlen) { uint32 offset = NTLM_TYPE3_DATA_OFFSET; u_char *base; if (!lm_resp && !nt_resp) { SETERROR(utils, "need at least one NT/LM response"); return SASL_FAIL; } *outlen = (unsigned) (offset + (flags & NTLM_USE_UNICODE ? 2 : 1) * (xstrlen(domain) + xstrlen(user) + xstrlen(wkstn))); if (lm_resp) *outlen += NTLM_RESP_LENGTH; if (nt_resp) *outlen += NTLM_RESP_LENGTH; if (key) *outlen += NTLM_SESSKEY_LENGTH; if (_plug_buf_alloc(utils, buf, buflen, *outlen) != SASL_OK) { SETERROR(utils, "cannot allocate NTLM response"); return SASL_NOMEM; } base = *buf; memset(base, 0, *outlen); memcpy(base + NTLM_SIG_OFFSET, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); htoil(base + NTLM_TYPE_OFFSET, NTLM_TYPE_RESPONSE); load_buffer(base + NTLM_TYPE3_LMRESP_OFFSET, lm_resp, lm_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset); load_buffer(base + NTLM_TYPE3_NTRESP_OFFSET, nt_resp, nt_resp ? NTLM_RESP_LENGTH : 0, 0, base, &offset); load_buffer(base + NTLM_TYPE3_DOMAIN_OFFSET, ucase(domain, 0), (uint16) xstrlen(domain), flags & NTLM_USE_UNICODE, base, &offset); load_buffer(base + NTLM_TYPE3_USER_OFFSET, user, (uint16) xstrlen(user), flags & NTLM_USE_UNICODE, base, &offset); load_buffer(base + NTLM_TYPE3_WORKSTN_OFFSET, ucase(wkstn, 0), (uint16) xstrlen(wkstn), flags & NTLM_USE_UNICODE, base, &offset); load_buffer(base + NTLM_TYPE3_SESSIONKEY_OFFSET, key, key ? NTLM_SESSKEY_LENGTH : 0, 0, base, &offset); htoil(base + NTLM_TYPE3_FLAGS_OFFSET, flags); return SASL_OK; } static int ntlm_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR( params->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); text->state = 1; *conn_context = text; return SASL_OK; } static int ntlm_client_mech_step1(client_context_t *text, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams __attribute__((unused))) { int result; /* check if sec layer strong enough */ if (params->props.min_ssf > params->external_ssf) { SETERROR(params->utils, "SSF requested of NTLM plugin"); return SASL_TOOWEAK; } /* we don't care about domain or wkstn */ result = create_request(params->utils, &text->out_buf, &text->out_buf_len, NULL, NULL, clientoutlen); if (result != SASL_OK) return result; *clientout = text->out_buf; text->state = 2; return SASL_CONTINUE; } static int ntlm_client_mech_step2(client_context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { const char *authid = NULL; sasl_secret_t *password = NULL; unsigned int free_password; /* set if we need to free password */ char *domain = NULL; int auth_result = SASL_OK; int pass_result = SASL_OK; uint32 flags = 0; unsigned char hash[NTLM_HASH_LENGTH]; unsigned char resp[NTLM_RESP_LENGTH], *lm_resp = NULL, *nt_resp = NULL; int result; const char *sendv2; if (!serverin || serverinlen < NTLM_TYPE2_MINSIZE || memcmp(serverin, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) || itohl(serverin + NTLM_TYPE_OFFSET) != NTLM_TYPE_CHALLENGE) { SETERROR(params->utils, "server didn't issue valid NTLM challenge"); return SASL_BADPROT; } /* try to get the authid */ if (oparams->authid == NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the password */ if (password == NULL) { pass_result = _plug_get_password(params->utils, &password, &free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) goto cleanup; return SASL_INTERACT; } result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; flags = itohl(serverin + NTLM_TYPE2_FLAGS_OFFSET); params->utils->log(NULL, SASL_LOG_DEBUG, "server flags: %x", flags); flags &= NTLM_FLAGS_MASK; /* mask off the bits we don't support */ result = unload_buffer(params->utils, serverin + NTLM_TYPE2_TARGET_OFFSET, (u_char **) &domain, NULL, flags & NTLM_USE_UNICODE, (u_char *) serverin, serverinlen); if (result != SASL_OK) goto cleanup; params->utils->log(NULL, SASL_LOG_DEBUG, "server domain: %s", domain); /* should we send a NTLMv2 response? */ params->utils->getopt(params->utils->getopt_context, "NTLM", "ntlm_v2", &sendv2, NULL); if (sendv2 && (sendv2[0] == '1' || sendv2[0] == 'y' || (sendv2[0] == 'o' && sendv2[1] == 'n') || sendv2[0] == 't')) { /* put the cnonce in place after the LMv2 HMAC */ char *cnonce = resp + MD5_DIGEST_LENGTH; params->utils->log(NULL, SASL_LOG_DEBUG, "calculating LMv2 response"); params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH); V2(resp, password, oparams->authid, domain, serverin + NTLM_TYPE2_CHALLENGE_OFFSET, cnonce, NTLM_NONCE_LENGTH, params->utils, &text->out_buf, &text->out_buf_len, &result); lm_resp = resp; } else if (flags & NTLM_AUTH_NTLM) { params->utils->log(NULL, SASL_LOG_DEBUG, "calculating NT response"); P24(resp, P21(hash, password, P16_nt, params->utils, &text->out_buf, &text->out_buf_len, &result), (unsigned char *) serverin + NTLM_TYPE2_CHALLENGE_OFFSET); nt_resp = resp; } else { params->utils->log(NULL, SASL_LOG_DEBUG, "calculating LM response"); P24(resp, P21(hash, password, P16_lm, params->utils, &text->out_buf, &text->out_buf_len, &result), (unsigned char *) serverin + NTLM_TYPE2_CHALLENGE_OFFSET); lm_resp = resp; } if (result != SASL_OK) goto cleanup; /* we don't care about workstn or session key */ result = create_response(params->utils, &text->out_buf, &text->out_buf_len, lm_resp, nt_resp, domain, oparams->authid, NULL, NULL, flags, clientoutlen); if (result != SASL_OK) goto cleanup; *clientout = text->out_buf; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; cleanup: if (domain) params->utils->free(domain); if (free_password) _plug_free_secret(params->utils, &password); return result; } static int ntlm_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *) conn_context; *clientout = NULL; *clientoutlen = 0; params->utils->log(NULL, SASL_LOG_DEBUG, "NTLM client step %d\n", text->state); switch (text->state) { case 1: return ntlm_client_mech_step1(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); case 2: return ntlm_client_mech_step2(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid NTLM client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void ntlm_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static sasl_client_plug_t ntlm_client_plugins[] = { { "NTLM", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &ntlm_client_mech_new, /* mech_new */ &ntlm_client_mech_step, /* mech_step */ &ntlm_client_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int ntlm_client_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "NTLM version mismatch"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = ntlm_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/plain.c0000646000076400007640000003321211306006126013565 00000000000000/* Plain SASL plugin * Rob Siemborski * Tim Martin * $Id: plain.c,v 1.67 2009/06/10 16:05:19 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: plain.c,v 1.67 2009/06/10 16:05:19 mel Exp $"; /***************************** Server Section *****************************/ static int plain_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { /* holds state are in */ if (!conn_context) { PARAMERROR( sparams->utils ); return SASL_BADPARAM; } *conn_context = NULL; return SASL_OK; } static int plain_server_mech_step(void *conn_context __attribute__((unused)), sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { const char *author; const char *authen; const char *password; unsigned password_len; unsigned lup = 0; int result; char *passcopy; unsigned canon_flags = 0; *serverout = NULL; *serveroutlen = 0; /* should have received author-id NUL authen-id NUL password */ /* get author */ author = clientin; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; if (lup >= clientinlen) { SETERROR(params->utils, "Can only find author (no password)"); return SASL_BADPROT; } /* get authen */ ++lup; authen = clientin + lup; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; if (lup >= clientinlen) { params->utils->seterror(params->utils->conn, 0, "Can only find author/en (no password)"); return SASL_BADPROT; } /* get password */ lup++; password = clientin + lup; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; password_len = (unsigned) (clientin + lup - password); if (lup != clientinlen) { SETERROR(params->utils, "Got more data than we were expecting in the PLAIN plugin\n"); return SASL_BADPROT; } /* this kinda sucks. we need password to be null terminated but we can't assume there is an allocated byte at the end of password so we have to copy it */ passcopy = params->utils->malloc(password_len + 1); if (passcopy == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } strncpy(passcopy, password, password_len); passcopy[password_len] = '\0'; /* Canonicalize userid first, so that password verification is only * against the canonical id */ if (!author || !*author) { author = authen; canon_flags = SASL_CU_AUTHZID; } else if (strcmp(author, authen) == 0) { /* While this isn't going to find out that and @ are the same thing, this is good enough for many cases */ canon_flags = SASL_CU_AUTHZID; } result = params->canon_user(params->utils->conn, authen, 0, SASL_CU_AUTHID | canon_flags, oparams); if (result != SASL_OK) { _plug_free_string(params->utils, &passcopy); return result; } /* verify password (and possibly fetch both authentication and authorization identity related properties) - return SASL_OK on success */ result = params->utils->checkpass(params->utils->conn, oparams->authid, oparams->alen, passcopy, password_len); _plug_free_string(params->utils, &passcopy); if (result != SASL_OK) { params->utils->seterror(params->utils->conn, 0, "Password verification failed"); return result; } /* Canonicalize and store the authorization ID */ /* We need to do this after calling verify_user just in case verify_user * needed to get auxprops itself */ if (canon_flags == 0) { const struct propval *pr; int i; pr = params->utils->prop_get(params->propctx); if (!pr) { return SASL_FAIL; } /* params->utils->checkpass() might have fetched authorization identity related properties for the wrong user name. Free these values. */ for (i = 0; pr[i].name; i++) { if (pr[i].name[0] == '*') { continue; } if (pr[i].values) { params->utils->prop_erase(params->propctx, pr[i].name); } } result = params->canon_user(params->utils->conn, author, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) { return result; } } /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } static sasl_server_plug_t plain_server_plugins[] = { { "PLAIN", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOANONYMOUS | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &plain_server_mech_new, /* mech_new */ &plain_server_mech_step, /* mech_step */ NULL, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int plain_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR(utils, "PLAIN version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = plain_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { char *out_buf; unsigned out_buf_len; } client_context_t; static int plain_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR( params->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); *conn_context = text; return SASL_OK; } static int plain_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *) conn_context; const char *user = NULL, *authid = NULL; sasl_secret_t *password = NULL; unsigned int free_password = 0; /* set if we need to free password */ int user_result = SASL_OK; int auth_result = SASL_OK; int pass_result = SASL_OK; int result; char *p; *clientout = NULL; *clientoutlen = 0; /* doesn't really matter how the server responds */ /* check if sec layer strong enough */ if (params->props.min_ssf > params->external_ssf) { SETERROR( params->utils, "SSF requested of PLAIN plugin"); return SASL_TOOWEAK; } /* try to get the authid */ if (oparams->authid == NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the userid */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) return user_result; } /* try to get the password */ if (password == NULL) { pass_result = _plug_get_password(params->utils, &password, &free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) goto cleanup; return SASL_INTERACT; } if (!password) { PARAMERROR(params->utils); return SASL_BADPARAM; } if (!user || !*user) { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, user, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); } if (result != SASL_OK) goto cleanup; /* send authorized id NUL authentication id NUL password */ *clientoutlen = ((user && *user ? oparams->ulen : 0) + 1 + oparams->alen + 1 + password->len); /* remember the extra NUL on the end for stupid clients */ result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), *clientoutlen + 1); if (result != SASL_OK) goto cleanup; memset(text->out_buf, 0, *clientoutlen + 1); p = text->out_buf; if (user && *user) { memcpy(p, oparams->user, oparams->ulen); p += oparams->ulen; } memcpy(++p, oparams->authid, oparams->alen); p += oparams->alen; memcpy(++p, password->data, password->len); *clientout = text->out_buf; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; cleanup: /* free sensitive info */ if (free_password) _plug_free_secret(params->utils, &password); return result; } static void plain_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static sasl_client_plug_t plain_client_plugins[] = { { "PLAIN", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOANONYMOUS | SASL_SEC_PASS_CREDENTIALS, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &plain_client_mech_new, /* mech_new */ &plain_client_mech_step, /* mech_step */ &plain_client_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int plain_client_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "PLAIN version mismatch"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = plain_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/gs2_token.h0000646000076400007640000000371411630151332014366 00000000000000/* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GS2_TOKEN_H_ #define _GS2_TOKEN_H_ 1 #include #include #ifdef HAVE_GSSAPI_GSSAPI_EXT_H #include #endif #ifndef HAVE_GSS_DECAPSULATE_TOKEN OM_uint32 gs2_decapsulate_token(const gss_buffer_t input_token, const gss_OID token_oid, gss_buffer_t output_token); #define gss_decapsulate_token gs2_decapsulate_token #endif #ifndef HAVE_GSS_ENCAPSULATE_TOKEN OM_uint32 gs2_encapsulate_token(const gss_buffer_t input_token, const gss_OID token_oid, gss_buffer_t output_token); #define gss_encapsulate_token gs2_encapsulate_token #endif #ifndef HAVE_GSS_OID_EQUAL int gs2_oid_equal(const gss_OID o1, const gss_OID o2); #define gss_oid_equal gs2_oid_equal #endif #endif /* _GS2_TOKEN_H_ */ cyrus-sasl-2.1.25/plugins/gs2.c0000646000076400007640000015644711630151332013175 00000000000000/* * Copyright (c) 2010, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of JANET(UK) nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #ifdef HAVE_GSSAPI_GSSAPI_EXT_H #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef HAVE_UNISTD_H #include #endif #include #include #include "gs2_token.h" #define GS2_CB_FLAG_MASK 0x0F #define GS2_CB_FLAG_N 0x00 #define GS2_CB_FLAG_P 0x01 #define GS2_CB_FLAG_Y 0x02 #define GS2_NONSTD_FLAG 0x10 typedef struct context { gss_ctx_id_t gss_ctx; gss_name_t client_name; gss_name_t server_name; gss_cred_id_t server_creds; gss_cred_id_t client_creds; char *out_buf; unsigned out_buf_len; const sasl_utils_t *utils; char *authid; char *authzid; union { sasl_client_plug_t *client; sasl_server_plug_t *server; } plug; gss_OID mechanism; int gs2_flags; char *cbindingname; struct gss_channel_bindings_struct gss_cbindings; sasl_secret_t *password; unsigned int free_password; OM_uint32 lifetime; } context_t; static gss_OID_set gs2_mechs = GSS_C_NO_OID_SET; static int gs2_get_init_creds(context_t *context, sasl_client_params_t *params, sasl_interact_t **prompt_need, sasl_out_params_t *oparams); static int gs2_verify_initial_message(context_t *text, sasl_server_params_t *sparams, const char *in, unsigned inlen, gss_buffer_t token); static int gs2_make_header(context_t *text, sasl_client_params_t *cparams, const char *authzid, char **out, unsigned *outlen); static int gs2_make_message(context_t *text, sasl_client_params_t *cparams, int initialContextToken, gss_buffer_t token, char **out, unsigned *outlen); static int gs2_get_mech_attrs(const sasl_utils_t *utils, const gss_OID mech, unsigned int *security_flags, unsigned int *features, const unsigned long **prompts); static int gs2_indicate_mechs(const sasl_utils_t *utils); static int gs2_map_sasl_name(const sasl_utils_t *utils, const char *mech, gss_OID *oid); static int gs2_duplicate_buffer(const sasl_utils_t *utils, const gss_buffer_t src, gss_buffer_t dst); static int gs2_unescape_authzid(const sasl_utils_t *utils, char **in, unsigned *inlen, char **authzid); static int gs2_escape_authzid(const sasl_utils_t *utils, const char *in, unsigned inlen, char **authzid); /* sasl_gs_log: only logs status string returned from gss_display_status() */ #define sasl_gs2_log(x,y,z) sasl_gs2_seterror_(x,y,z,1) #define sasl_gs2_seterror(x,y,z) sasl_gs2_seterror_(x,y,z,0) static int sasl_gs2_seterror_(const sasl_utils_t *utils, OM_uint32 maj, OM_uint32 min, int logonly); static context_t * sasl_gs2_new_context(const sasl_utils_t *utils) { context_t *ret; ret = utils->malloc(sizeof(context_t)); if (ret == NULL) return NULL; memset(ret, 0, sizeof(context_t)); ret->utils = utils; return ret; } static int sasl_gs2_free_context_contents(context_t *text) { OM_uint32 min_stat; if (text == NULL) return SASL_OK; if (text->gss_ctx != GSS_C_NO_CONTEXT) { gss_delete_sec_context(&min_stat,&text->gss_ctx, GSS_C_NO_BUFFER); text->gss_ctx = GSS_C_NO_CONTEXT; } if (text->client_name != GSS_C_NO_NAME) { gss_release_name(&min_stat,&text->client_name); text->client_name = GSS_C_NO_NAME; } if (text->server_name != GSS_C_NO_NAME) { gss_release_name(&min_stat,&text->server_name); text->server_name = GSS_C_NO_NAME; } if (text->server_creds != GSS_C_NO_CREDENTIAL) { gss_release_cred(&min_stat, &text->server_creds); text->server_creds = GSS_C_NO_CREDENTIAL; } if (text->client_creds != GSS_C_NO_CREDENTIAL) { gss_release_cred(&min_stat, &text->client_creds); text->client_creds = GSS_C_NO_CREDENTIAL; } if (text->authid != NULL) { text->utils->free(text->authid); text->authid = NULL; } if (text->authzid != NULL) { text->utils->free(text->authzid); text->authzid = NULL; } gss_release_buffer(&min_stat, &text->gss_cbindings.application_data); if (text->out_buf != NULL) { text->utils->free(text->out_buf); text->out_buf = NULL; } text->out_buf_len = 0; if (text->cbindingname != NULL) { text->utils->free(text->cbindingname); text->cbindingname = NULL; } if (text->free_password) _plug_free_secret(text->utils, &text->password); memset(text, 0, sizeof(*text)); return SASL_OK; } static void gs2_common_mech_dispose(void *conn_context, const sasl_utils_t *utils) { sasl_gs2_free_context_contents((context_t *)(conn_context)); utils->free(conn_context); } static void gs2_common_mech_free(void *global_context __attribute__((unused)), const sasl_utils_t *utils) { OM_uint32 minor; if (gs2_mechs != GSS_C_NO_OID_SET) { gss_release_oid_set(&minor, &gs2_mechs); gs2_mechs = GSS_C_NO_OID_SET; } } /***************************** Server Section *****************************/ static int gs2_server_mech_new(void *glob_context, sasl_server_params_t *params, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { context_t *text; int ret; text = sasl_gs2_new_context(params->utils); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } text->gss_ctx = GSS_C_NO_CONTEXT; text->client_name = GSS_C_NO_NAME; text->server_name = GSS_C_NO_NAME; text->server_creds = GSS_C_NO_CREDENTIAL; text->client_creds = GSS_C_NO_CREDENTIAL; text->plug.server = glob_context; ret = gs2_map_sasl_name(params->utils, text->plug.server->mech_name, &text->mechanism); if (ret != SASL_OK) { gs2_common_mech_dispose(text, params->utils); return ret; } *conn_context = text; return SASL_OK; } static int gs2_server_mech_step(void *conn_context, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *)conn_context; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; OM_uint32 maj_stat = GSS_S_FAILURE, min_stat = 0; gss_buffer_desc name_buf = GSS_C_EMPTY_BUFFER; gss_buffer_desc short_name_buf = GSS_C_EMPTY_BUFFER; gss_name_t without = GSS_C_NO_NAME; gss_OID_set_desc mechs; OM_uint32 out_flags = 0; int ret = 0, equal = 0; int initialContextToken = (text->gss_ctx == GSS_C_NO_CONTEXT); char *p; if (serverout == NULL) { PARAMERROR(text->utils); return SASL_BADPARAM; } *serverout = NULL; *serveroutlen = 0; if (initialContextToken) { name_buf.length = strlen(params->service) + 1 + strlen(params->serverFQDN); name_buf.value = params->utils->malloc(name_buf.length + 1); if (name_buf.value == NULL) { MEMERROR(text->utils); ret = SASL_NOMEM; goto cleanup; } snprintf(name_buf.value, name_buf.length + 1, "%s@%s", params->service, params->serverFQDN); maj_stat = gss_import_name(&min_stat, &name_buf, GSS_C_NT_HOSTBASED_SERVICE, &text->server_name); params->utils->free(name_buf.value); name_buf.value = NULL; if (GSS_ERROR(maj_stat)) goto cleanup; assert(text->server_creds == GSS_C_NO_CREDENTIAL); mechs.count = 1; mechs.elements = (gss_OID)text->mechanism; if (params->gss_creds == GSS_C_NO_CREDENTIAL) { maj_stat = gss_acquire_cred(&min_stat, text->server_name, GSS_C_INDEFINITE, &mechs, GSS_C_ACCEPT, &text->server_creds, NULL, &text->lifetime); if (GSS_ERROR(maj_stat)) goto cleanup; } ret = gs2_verify_initial_message(text, params, clientin, clientinlen, &input_token); if (ret != SASL_OK) goto cleanup; } else { input_token.value = (void *)clientin; input_token.length = clientinlen; } maj_stat = gss_accept_sec_context(&min_stat, &text->gss_ctx, (params->gss_creds != GSS_C_NO_CREDENTIAL) ? (gss_cred_id_t)params->gss_creds : text->server_creds, &input_token, &text->gss_cbindings, &text->client_name, NULL, &output_token, &out_flags, &text->lifetime, &text->client_creds); if (GSS_ERROR(maj_stat)) { sasl_gs2_log(text->utils, maj_stat, min_stat); text->utils->seterror(text->utils->conn, SASL_NOLOG, "GS2 Failure: gss_accept_sec_context"); ret = (maj_stat == GSS_S_BAD_BINDINGS) ? SASL_BADBINDING : SASL_BADAUTH; goto cleanup; } *serveroutlen = output_token.length; if (output_token.value != NULL) { ret = _plug_buf_alloc(text->utils, &text->out_buf, &text->out_buf_len, *serveroutlen); if (ret != SASL_OK) goto cleanup; memcpy(text->out_buf, output_token.value, *serveroutlen); *serverout = text->out_buf; } else { /* No output token, send an empty string */ *serverout = ""; serveroutlen = 0; } if (maj_stat == GSS_S_CONTINUE_NEEDED) { ret = SASL_CONTINUE; goto cleanup; } assert(maj_stat == GSS_S_COMPLETE); if ((out_flags & GSS_C_SEQUENCE_FLAG) == 0) { ret = SASL_BADAUTH; goto cleanup; } maj_stat = gss_display_name(&min_stat, text->client_name, &name_buf, NULL); if (GSS_ERROR(maj_stat)) goto cleanup; ret = gs2_duplicate_buffer(params->utils, &name_buf, &short_name_buf); if (ret != 0) goto cleanup; p = (char *)memchr(name_buf.value, '@', name_buf.length); if (p != NULL) { short_name_buf.length = (p - (char *)name_buf.value); maj_stat = gss_import_name(&min_stat, &short_name_buf, GSS_C_NT_USER_NAME, &without); if (GSS_ERROR(maj_stat)) { ret = SASL_FAIL; goto cleanup; } maj_stat = gss_compare_name(&min_stat, text->client_name, without, &equal); if (GSS_ERROR(maj_stat)) { ret = SASL_FAIL; goto cleanup; } if (equal) ((char *)short_name_buf.value)[short_name_buf.length] = '\0'; } text->authid = (char *)short_name_buf.value; short_name_buf.value = NULL; short_name_buf.length = 0; if (text->authzid != NULL) { ret = params->canon_user(params->utils->conn, text->authzid, 0, SASL_CU_AUTHZID, oparams); if (ret != SASL_OK) goto cleanup; } ret = params->canon_user(params->utils->conn, text->authid, 0, text->authzid == NULL ? (SASL_CU_AUTHZID | SASL_CU_AUTHID) : SASL_CU_AUTHID, oparams); if (ret != SASL_OK) goto cleanup; switch (text->gs2_flags & GS2_CB_FLAG_MASK) { case GS2_CB_FLAG_N: oparams->cbindingdisp = SASL_CB_DISP_NONE; break; case GS2_CB_FLAG_P: oparams->cbindingdisp = SASL_CB_DISP_USED; oparams->cbindingname = text->cbindingname; break; case GS2_CB_FLAG_Y: oparams->cbindingdisp = SASL_CB_DISP_WANT; break; } if (text->client_creds != GSS_C_NO_CREDENTIAL) oparams->client_creds = &text->client_creds; else oparams->client_creds = NULL; oparams->gss_peer_name = text->client_name; oparams->gss_local_name = text->server_name; oparams->maxoutbuf = 0xFFFFFF; oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; oparams->doneflag = 1; ret = SASL_OK; cleanup: if (initialContextToken) gss_release_buffer(&min_stat, &input_token); gss_release_buffer(&min_stat, &name_buf); gss_release_buffer(&min_stat, &short_name_buf); gss_release_buffer(&min_stat, &output_token); gss_release_name(&min_stat, &without); if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) { sasl_gs2_seterror(text->utils, maj_stat, min_stat); ret = SASL_FAIL; } if (ret < SASL_OK) sasl_gs2_free_context_contents(text); return ret; } static int gs2_common_plug_init(const sasl_utils_t *utils, size_t plugsize, int (*plug_alloc)(const sasl_utils_t *, void *, const gss_buffer_t, const gss_OID), void **pluglist, int *plugcount) { OM_uint32 major, minor; size_t i, count = 0; void *plugs = NULL; *pluglist = NULL; *plugcount = 0; if (gs2_indicate_mechs(utils) != SASL_OK) { return SASL_NOMECH; } plugs = utils->malloc(gs2_mechs->count * plugsize); if (plugs == NULL) { MEMERROR(utils); return SASL_NOMEM; } memset(plugs, 0, gs2_mechs->count * plugsize); for (i = 0; i < gs2_mechs->count; i++) { gss_buffer_desc sasl_mech_name = GSS_C_EMPTY_BUFFER; major = gss_inquire_saslname_for_mech(&minor, &gs2_mechs->elements[i], &sasl_mech_name, GSS_C_NO_BUFFER, GSS_C_NO_BUFFER); if (GSS_ERROR(major)) continue; #define PLUG_AT(index) (void *)((unsigned char *)plugs + (count * plugsize)) if (plug_alloc(utils, PLUG_AT(count), &sasl_mech_name, &gs2_mechs->elements[i]) == SASL_OK) count++; gss_release_buffer(&minor, &sasl_mech_name); } if (count == 0) { utils->free(plugs); return SASL_NOMECH; } *pluglist = plugs; *plugcount = count; return SASL_OK; } static int gs2_server_plug_alloc(const sasl_utils_t *utils, void *plug, gss_buffer_t sasl_name, gss_OID mech) { int ret; sasl_server_plug_t *splug = (sasl_server_plug_t *)plug; gss_buffer_desc buf; memset(splug, 0, sizeof(*splug)); ret = gs2_get_mech_attrs(utils, mech, &splug->security_flags, &splug->features, NULL); if (ret != SASL_OK) return ret; ret = gs2_duplicate_buffer(utils, sasl_name, &buf); if (ret != SASL_OK) return ret; splug->mech_name = (char *)buf.value; splug->glob_context = plug; splug->mech_new = gs2_server_mech_new; splug->mech_step = gs2_server_mech_step; splug->mech_dispose = gs2_common_mech_dispose; splug->mech_free = gs2_common_mech_free; return SASL_OK; } static sasl_server_plug_t *gs2_server_plugins; static int gs2_server_plugcount; int gs2_server_plug_init(const sasl_utils_t *utils, int maxversion, int *outversion, sasl_server_plug_t **pluglist, int *plugcount) { int ret; *pluglist = NULL; *plugcount = 0; if (maxversion < SASL_SERVER_PLUG_VERSION) return SASL_BADVERS; *outversion = SASL_SERVER_PLUG_VERSION; if (gs2_server_plugins == NULL) { ret = gs2_common_plug_init(utils, sizeof(sasl_server_plug_t), gs2_server_plug_alloc, (void **)&gs2_server_plugins, &gs2_server_plugcount); if (ret != SASL_OK) return ret; } *pluglist = gs2_server_plugins; *plugcount = gs2_server_plugcount; return SASL_OK; } /***************************** Client Section *****************************/ static int gs2_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { context_t *text = (context_t *)conn_context; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc name_buf = GSS_C_EMPTY_BUFFER; OM_uint32 maj_stat = GSS_S_FAILURE, min_stat = 0; OM_uint32 req_flags, ret_flags; int ret = SASL_FAIL; int initialContextToken; *clientout = NULL; *clientoutlen = 0; if (text->gss_ctx == GSS_C_NO_CONTEXT) { ret = gs2_get_init_creds(text, params, prompt_need, oparams); if (ret != SASL_OK) goto cleanup; initialContextToken = 1; } else initialContextToken = 0; if (text->server_name == GSS_C_NO_NAME) { /* only once */ name_buf.length = strlen(params->service) + 1 + strlen(params->serverFQDN); name_buf.value = params->utils->malloc(name_buf.length + 1); if (name_buf.value == NULL) { ret = SASL_NOMEM; goto cleanup; } if (params->serverFQDN == NULL || strlen(params->serverFQDN) == 0) { SETERROR(text->utils, "GS2 Failure: no serverFQDN"); ret = SASL_FAIL; goto cleanup; } snprintf(name_buf.value, name_buf.length + 1, "%s@%s", params->service, params->serverFQDN); maj_stat = gss_import_name(&min_stat, &name_buf, GSS_C_NT_HOSTBASED_SERVICE, &text->server_name); params->utils->free(name_buf.value); name_buf.value = NULL; if (GSS_ERROR(maj_stat)) goto cleanup; } /* From GSSAPI plugin: apparently this is for some IMAP bug workaround */ if (serverinlen == 0 && text->gss_ctx != GSS_C_NO_CONTEXT) { gss_delete_sec_context(&min_stat, &text->gss_ctx, GSS_C_NO_BUFFER); text->gss_ctx = GSS_C_NO_CONTEXT; } input_token.value = (void *)serverin; input_token.length = serverinlen; if (initialContextToken) { if ((text->plug.client->features & SASL_FEAT_GSS_FRAMING) == 0) text->gs2_flags |= GS2_NONSTD_FLAG; switch (params->cbindingdisp) { case SASL_CB_DISP_NONE: text->gs2_flags |= GS2_CB_FLAG_N; break; case SASL_CB_DISP_USED: text->gs2_flags |= GS2_CB_FLAG_P; break; case SASL_CB_DISP_WANT: text->gs2_flags |= GS2_CB_FLAG_Y; break; } ret = gs2_make_header(text, params, strcmp(oparams->user, oparams->authid) ? (char *) oparams->user : NULL, &text->out_buf, &text->out_buf_len); if (ret != 0) goto cleanup; } req_flags = GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG; maj_stat = gss_init_sec_context(&min_stat, (params->gss_creds != GSS_C_NO_CREDENTIAL) ? (gss_cred_id_t)params->gss_creds : text->client_creds, &text->gss_ctx, text->server_name, (gss_OID)text->mechanism, req_flags, GSS_C_INDEFINITE, &text->gss_cbindings, serverinlen ? &input_token : GSS_C_NO_BUFFER, NULL, &output_token, &ret_flags, &text->lifetime); if (GSS_ERROR(maj_stat)) goto cleanup; ret = gs2_make_message(text, params, initialContextToken, &output_token, &text->out_buf, &text->out_buf_len); if (ret != 0) goto cleanup; *clientout = text->out_buf; *clientoutlen = text->out_buf_len; if (maj_stat == GSS_S_CONTINUE_NEEDED) { ret = SASL_CONTINUE; goto cleanup; } if (text->client_name != GSS_C_NO_NAME) gss_release_name(&min_stat, &text->client_name); maj_stat = gss_inquire_context(&min_stat, text->gss_ctx, &text->client_name, NULL, &text->lifetime, NULL, &ret_flags, /* flags */ NULL, NULL); if (GSS_ERROR(maj_stat)) goto cleanup; if ((ret_flags & req_flags) != req_flags) { maj_stat = SASL_BADAUTH; goto cleanup; } maj_stat = gss_display_name(&min_stat, text->client_name, &name_buf, NULL); if (GSS_ERROR(maj_stat)) goto cleanup; oparams->gss_peer_name = text->server_name; oparams->gss_local_name = text->client_name; oparams->encode = NULL; oparams->decode = NULL; oparams->mech_ssf = 0; oparams->maxoutbuf = 0xFFFFFF; oparams->doneflag = 1; cleanup: gss_release_buffer(&min_stat, &output_token); gss_release_buffer(&min_stat, &name_buf); if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) { sasl_gs2_seterror(text->utils, maj_stat, min_stat); ret = SASL_FAIL; } if (ret < SASL_OK) sasl_gs2_free_context_contents(text); return ret; } static int gs2_client_mech_new(void *glob_context, sasl_client_params_t *params, void **conn_context) { context_t *text; int ret; text = sasl_gs2_new_context(params->utils); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } text->gss_ctx = GSS_C_NO_CONTEXT; text->client_name = GSS_C_NO_NAME; text->server_creds = GSS_C_NO_CREDENTIAL; text->client_creds = GSS_C_NO_CREDENTIAL; text->plug.client = glob_context; ret = gs2_map_sasl_name(params->utils, text->plug.client->mech_name, &text->mechanism); if (ret != SASL_OK) { gs2_common_mech_dispose(text, params->utils); return ret; } *conn_context = text; return SASL_OK; } static int gs2_client_plug_alloc(const sasl_utils_t *utils, void *plug, gss_buffer_t sasl_name, gss_OID mech) { int ret; sasl_client_plug_t *cplug = (sasl_client_plug_t *)plug; gss_buffer_desc buf; memset(cplug, 0, sizeof(*cplug)); ret = gs2_get_mech_attrs(utils, mech, &cplug->security_flags, &cplug->features, &cplug->required_prompts); if (ret != SASL_OK) return ret; ret = gs2_duplicate_buffer(utils, sasl_name, &buf); if (ret != SASL_OK) return ret; cplug->mech_name = (char *)buf.value; cplug->features |= SASL_FEAT_NEEDSERVERFQDN; cplug->glob_context = plug; cplug->mech_new = gs2_client_mech_new; cplug->mech_step = gs2_client_mech_step; cplug->mech_dispose = gs2_common_mech_dispose; cplug->mech_free = gs2_common_mech_free; return SASL_OK; } static sasl_client_plug_t *gs2_client_plugins; static int gs2_client_plugcount; int gs2_client_plug_init(const sasl_utils_t *utils, int maxversion, int *outversion, sasl_client_plug_t **pluglist, int *plugcount) { int ret; *pluglist = NULL; *plugcount = 0; if (maxversion < SASL_CLIENT_PLUG_VERSION) return SASL_BADVERS; *outversion = SASL_CLIENT_PLUG_VERSION; if (gs2_client_plugins == NULL) { ret = gs2_common_plug_init(utils, sizeof(sasl_client_plug_t), gs2_client_plug_alloc, (void **)&gs2_client_plugins, &gs2_client_plugcount); if (ret != SASL_OK) return ret; } *pluglist = gs2_client_plugins; *plugcount = gs2_client_plugcount; return SASL_OK; } /* * Copy header and application channel bindings to GSS channel bindings * structure in context. */ static int gs2_save_cbindings(context_t *text, gss_buffer_t header, const sasl_channel_binding_t *cbinding) { gss_buffer_t gss_cbindings = &text->gss_cbindings.application_data; size_t len; unsigned char *p; assert(gss_cbindings->value == NULL); /* * The application-data field MUST be set to the gs2-header, excluding * the initial [gs2-nonstd-flag ","] part, concatenated with, when a * gs2-cb-flag of "p" is used, the application's channel binding data. */ len = header->length; if (text->gs2_flags & GS2_NONSTD_FLAG) { assert(len > 2); len -= 2; } if ((text->gs2_flags & GS2_CB_FLAG_MASK) == GS2_CB_FLAG_P && cbinding != NULL) { len += cbinding->len; } gss_cbindings->length = len; gss_cbindings->value = text->utils->malloc(len); if (gss_cbindings->value == NULL) return SASL_NOMEM; p = (unsigned char *)gss_cbindings->value; if (text->gs2_flags & GS2_NONSTD_FLAG) { memcpy(p, (unsigned char *)header->value + 2, header->length - 2); p += header->length - 2; } else { memcpy(p, header->value, header->length); p += header->length; } if ((text->gs2_flags & GS2_CB_FLAG_MASK) == GS2_CB_FLAG_P && cbinding != NULL) { memcpy(p, cbinding->data, cbinding->len); } return SASL_OK; } #define CHECK_REMAIN(n) do { if (remain < (n)) return SASL_BADPROT; } while (0) /* * Verify gs2-header, save authzid and channel bindings to context. */ static int gs2_verify_initial_message(context_t *text, sasl_server_params_t *sparams, const char *in, unsigned inlen, gss_buffer_t token) { OM_uint32 major, minor; char *p = (char *)in; unsigned remain = inlen; int ret; gss_buffer_desc buf = GSS_C_EMPTY_BUFFER; assert(text->cbindingname == NULL); assert(text->authzid == NULL); token->length = 0; token->value = NULL; /* minimum header includes CB flag and non-zero GSS token */ CHECK_REMAIN(4); /* [pny],,. */ /* non-standard GSS framing flag */ if (remain > 1 && memcmp(p, "F,", 2) == 0) { text->gs2_flags |= GS2_NONSTD_FLAG; remain -= 2; p += 2; } /* SASL channel bindings */ CHECK_REMAIN(1); /* [pny] */ remain--; switch (*p++) { case 'p': CHECK_REMAIN(1); /* = */ remain--; if (*p++ != '=') return SASL_BADPROT; ret = gs2_unescape_authzid(text->utils, &p, &remain, &text->cbindingname); if (ret != SASL_OK) return ret; text->gs2_flags |= GS2_CB_FLAG_P; break; case 'n': text->gs2_flags |= GS2_CB_FLAG_N; break; case 'y': text->gs2_flags |= GS2_CB_FLAG_Y; break; } CHECK_REMAIN(1); /* , */ remain--; if (*p++ != ',') return SASL_BADPROT; /* authorization identity */ if (remain > 1 && memcmp(p, "a=", 2) == 0) { CHECK_REMAIN(2); remain -= 2; p += 2; ret = gs2_unescape_authzid(text->utils, &p, &remain, &text->authzid); if (ret != SASL_OK) return ret; } /* end of header */ CHECK_REMAIN(1); /* , */ remain--; if (*p++ != ',') return SASL_BADPROT; buf.length = inlen - remain; buf.value = (void *)in; /* stash channel bindings to pass into gss_accept_sec_context() */ ret = gs2_save_cbindings(text, &buf, sparams->cbinding); if (ret != SASL_OK) return ret; if (text->gs2_flags & GS2_NONSTD_FLAG) { buf.length = remain; buf.value = p; } else { gss_buffer_desc tmp; tmp.length = remain; tmp.value = p; major = gss_encapsulate_token(&tmp, text->mechanism, &buf); if (GSS_ERROR(major)) return SASL_NOMEM; } token->value = text->utils->malloc(buf.length); if (token->value == NULL) return SASL_NOMEM; token->length = buf.length; memcpy(token->value, buf.value, buf.length); if ((text->gs2_flags & GS2_NONSTD_FLAG) == 0) gss_release_buffer(&minor, &buf); return SASL_OK; } /* * Create gs2-header, save channel bindings to context. */ static int gs2_make_header(context_t *text, sasl_client_params_t *cparams, const char *authzid, char **out, unsigned *outlen) { size_t required = 0; size_t wire_authzid_len = 0, cbnamelen = 0; char *wire_authzid = NULL; char *p; int ret; gss_buffer_desc buf; *out = NULL; *outlen = 0; /* non-standard GSS framing flag */ if (text->gs2_flags & GS2_NONSTD_FLAG) required += 2; /* F, */ /* SASL channel bindings */ switch (text->gs2_flags & GS2_CB_FLAG_MASK) { case GS2_CB_FLAG_P: if (!SASL_CB_PRESENT(cparams)) return SASL_BADPARAM; cbnamelen = strlen(cparams->cbinding->name); required += 1 /*=*/ + cbnamelen; /* fallthrough */ case GS2_CB_FLAG_N: case GS2_CB_FLAG_Y: required += 2; /* [pny], */ break; default: return SASL_BADPARAM; } /* authorization identity */ if (authzid != NULL) { ret = gs2_escape_authzid(text->utils, authzid, strlen(authzid), &wire_authzid); if (ret != SASL_OK) return ret; wire_authzid_len = strlen(wire_authzid); required += 2 /* a= */ + wire_authzid_len; } required += 1; /* trailing comma */ ret = _plug_buf_alloc(text->utils, out, outlen, required); if (ret != SASL_OK) { text->utils->free(wire_authzid); return ret; } *out = text->out_buf; *outlen = required; p = (char *)text->out_buf; if (text->gs2_flags & GS2_NONSTD_FLAG) { *p++ = 'F'; *p++ = ','; } switch (text->gs2_flags & GS2_CB_FLAG_MASK) { case GS2_CB_FLAG_P: memcpy(p, "p=", 2); memcpy(p + 2, cparams->cbinding->name, cbnamelen); p += 2 + cbnamelen; break; case GS2_CB_FLAG_N: *p++ = 'n'; break; case GS2_CB_FLAG_Y: *p++ = 'y'; break; } *p++ = ','; if (wire_authzid != NULL) { memcpy(p, "a=", 2); memcpy(p + 2, wire_authzid, wire_authzid_len); text->utils->free(wire_authzid); p += 2 + wire_authzid_len; } *p++ = ','; assert(p == (char *)text->out_buf + required); buf.length = required; buf.value = *out; ret = gs2_save_cbindings(text, &buf, cparams->cbinding); if (ret != SASL_OK) return ret; return SASL_OK; } /* * Convert a GSS token to a GS2 one */ static int gs2_make_message(context_t *text, sasl_client_params_t *cparams __attribute__((unused)), int initialContextToken, gss_buffer_t token, char **out, unsigned *outlen) { OM_uint32 major, minor; int ret; unsigned header_len = 0; gss_buffer_desc decap_token = GSS_C_EMPTY_BUFFER; if (initialContextToken) { header_len = *outlen; major = gss_decapsulate_token(token, text->mechanism, &decap_token); if ((major == GSS_S_DEFECTIVE_TOKEN && (text->plug.client->features & SASL_FEAT_GSS_FRAMING)) || GSS_ERROR(major)) return SASL_FAIL; token = &decap_token; } ret = _plug_buf_alloc(text->utils, out, outlen, header_len + token->length); if (ret != 0) return ret; memcpy(*out + header_len, token->value, token->length); *outlen = header_len + token->length; if (initialContextToken) gss_release_buffer(&minor, &decap_token); return SASL_OK; } static const unsigned long gs2_required_prompts[] = { SASL_CB_LIST_END }; /* * Map GSS mechanism attributes to SASL ones */ static int gs2_get_mech_attrs(const sasl_utils_t *utils, const gss_OID mech, unsigned int *security_flags, unsigned int *features, const unsigned long **prompts) { OM_uint32 major, minor; int present; gss_OID_set attrs = GSS_C_NO_OID_SET; major = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL); if (GSS_ERROR(major)) { utils->seterror(utils->conn, SASL_NOLOG, "GS2 Failure: gss_inquire_attrs_for_mech"); return SASL_FAIL; } *security_flags = SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE; *features = SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_CHANNEL_BINDING; if (prompts != NULL) *prompts = gs2_required_prompts; #define MA_PRESENT(a) (gss_test_oid_set_member(&minor, (gss_OID)(a), \ attrs, &present) == GSS_S_COMPLETE && \ present) if (MA_PRESENT(GSS_C_MA_PFS)) *security_flags |= SASL_SEC_FORWARD_SECRECY; if (!MA_PRESENT(GSS_C_MA_AUTH_INIT_ANON)) *security_flags |= SASL_SEC_NOANONYMOUS; if (MA_PRESENT(GSS_C_MA_DELEG_CRED)) *security_flags |= SASL_SEC_PASS_CREDENTIALS; if (MA_PRESENT(GSS_C_MA_AUTH_TARG)) *security_flags |= SASL_SEC_MUTUAL_AUTH; if (MA_PRESENT(GSS_C_MA_AUTH_INIT_INIT) && prompts != NULL) *prompts = NULL; if (MA_PRESENT(GSS_C_MA_ITOK_FRAMED)) *features |= SASL_FEAT_GSS_FRAMING; gss_release_oid_set(&minor, &attrs); return SASL_OK; } /* * Enumerate GSS mechanisms that can be used for GS2 */ static int gs2_indicate_mechs(const sasl_utils_t *utils) { OM_uint32 major, minor; gss_OID_desc desired_oids[3]; gss_OID_set_desc desired_attrs; gss_OID_desc except_oids[3]; gss_OID_set_desc except_attrs; if (gs2_mechs != GSS_C_NO_OID_SET) return SASL_OK; desired_oids[0] = *GSS_C_MA_AUTH_INIT; desired_oids[1] = *GSS_C_MA_AUTH_TARG; desired_oids[2] = *GSS_C_MA_CBINDINGS; desired_attrs.count = sizeof(desired_oids)/sizeof(desired_oids[0]); desired_attrs.elements = desired_oids; except_oids[0] = *GSS_C_MA_MECH_NEGO; except_oids[1] = *GSS_C_MA_NOT_MECH; except_oids[2] = *GSS_C_MA_DEPRECATED; except_attrs.count = sizeof(except_oids)/sizeof(except_oids[0]); except_attrs.elements = except_oids; major = gss_indicate_mechs_by_attrs(&minor, &desired_attrs, &except_attrs, GSS_C_NO_OID_SET, &gs2_mechs); if (GSS_ERROR(major)) { utils->seterror(utils->conn, SASL_NOLOG, "GS2 Failure: gss_indicate_mechs_by_attrs"); return SASL_FAIL; } return (gs2_mechs->count > 0) ? SASL_OK : SASL_NOMECH; } /* * Map SASL mechanism name to OID */ static int gs2_map_sasl_name(const sasl_utils_t *utils, const char *mech, gss_OID *oid) { OM_uint32 major, minor; gss_buffer_desc buf; buf.length = strlen(mech); buf.value = (void *)mech; major = gss_inquire_mech_for_saslname(&minor, &buf, oid); if (GSS_ERROR(major)) { utils->seterror(utils->conn, SASL_NOLOG, "GS2 Failure: gss_inquire_mech_for_saslname"); return SASL_FAIL; } return SASL_OK; } static int gs2_duplicate_buffer(const sasl_utils_t *utils, const gss_buffer_t src, gss_buffer_t dst) { dst->value = utils->malloc(src->length + 1); if (dst->value == NULL) return SASL_NOMEM; memcpy(dst->value, src->value, src->length); ((char *)dst->value)[src->length] = '\0'; dst->length = src->length; return SASL_OK; } static int gs2_unescape_authzid(const sasl_utils_t *utils, char **endp, unsigned *remain, char **authzid) { char *in = *endp; size_t i, len, inlen = *remain; char *p; *endp = NULL; for (i = 0, len = 0; i < inlen; i++) { if (in[i] == ',') { *endp = &in[i]; *remain -= i; break; } else if (in[i] == '=') { if (inlen <= i + 2) return SASL_BADPROT; i += 2; } len++; } if (len == 0 || *endp == NULL) return SASL_BADPROT; p = *authzid = utils->malloc(len + 1); if (*authzid == NULL) return SASL_NOMEM; for (i = 0; i < inlen; i++) { if (in[i] == ',') break; else if (in[i] == '=') { if (memcmp(&in[i + 1], "2C", 2) == 0) *p++ = ','; else if (memcmp(&in[i + 1], "3D", 2) == 0) *p++ = '='; else { utils->free(*authzid); *authzid = NULL; return SASL_BADPROT; } i += 2; } else *p++ = in[i]; } *p = '\0'; return SASL_OK; } static int gs2_escape_authzid(const sasl_utils_t *utils, const char *in, unsigned inlen, char **authzid) { size_t i; char *p; p = *authzid = utils->malloc((inlen * 3) + 1); if (*authzid == NULL) return SASL_NOMEM; for (i = 0; i < inlen; i++) { if (in[i] == ',') { memcpy(p, "=2C", 3); p += 3; } else if (in[i] == '=') { memcpy(p, "=3D", 3); p += 3; } else { *p++ = in[i]; } } *p = '\0'; return SASL_OK; } #define GOT_CREDS(text, params) ((text)->client_creds != NULL || (params)->gss_creds != NULL) #define CRED_ERROR(status) ((status) == GSS_S_CRED_UNAVAIL || (status) == GSS_S_NO_CRED) /* * Determine the authentication identity from the application supplied * GSS credential, the application supplied identity, and the default * GSS credential, in that order. Then, acquire credentials. */ static int gs2_get_init_creds(context_t *text, sasl_client_params_t *params, sasl_interact_t **prompt_need, sasl_out_params_t *oparams) { int result = SASL_OK; const char *authid = NULL, *userid = NULL; int user_result = SASL_OK; int auth_result = SASL_OK; int pass_result = SASL_OK; OM_uint32 maj_stat = GSS_S_COMPLETE, min_stat = 0; gss_OID_set_desc mechs; gss_buffer_desc cred_authid = GSS_C_EMPTY_BUFFER; gss_buffer_desc name_buf = GSS_C_EMPTY_BUFFER; mechs.count = 1; mechs.elements = (gss_OID)text->mechanism; /* * Get the authentication identity from the application. */ if (oparams->authid == NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if (auth_result != SASL_OK && auth_result != SASL_INTERACT) { result = auth_result; goto cleanup; } } /* * Get the authorization identity from the application. */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &userid, prompt_need); if (user_result != SASL_OK && user_result != SASL_INTERACT) { result = user_result; goto cleanup; } } /* * Canonicalize the authentication and authorization identities before * calling GSS_Import_name. */ if (auth_result == SASL_OK && user_result == SASL_OK && oparams->authid == NULL) { if (userid == NULL || userid[0] == '\0') { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) goto cleanup; result = params->canon_user(params->utils->conn, userid, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; } if (oparams->authid != NULL) { name_buf.length = strlen(oparams->authid); name_buf.value = (void *)oparams->authid; assert(text->client_name == GSS_C_NO_NAME); maj_stat = gss_import_name(&min_stat, &name_buf, GSS_C_NT_USER_NAME, &text->client_name); if (GSS_ERROR(maj_stat)) goto cleanup; } } /* * If application didn't provide an authid, then use the default * credential. If that doesn't work, give up. */ if (!GOT_CREDS(text, params) && oparams->authid == NULL) { maj_stat = gss_acquire_cred(&min_stat, GSS_C_NO_NAME, GSS_C_INDEFINITE, &mechs, GSS_C_INITIATE, &text->client_creds, NULL, &text->lifetime); if (GSS_ERROR(maj_stat)) goto cleanup; assert(text->client_name == GSS_C_NO_NAME); maj_stat = gss_inquire_cred(&min_stat, params->gss_creds ? (gss_cred_id_t)params->gss_creds : text->client_creds, &text->client_name, NULL, NULL, NULL); if (GSS_ERROR(maj_stat)) goto cleanup; maj_stat = gss_display_name(&min_stat, text->client_name, &cred_authid, NULL); if (GSS_ERROR(maj_stat)) goto cleanup; if (userid == NULL || userid[0] == '\0') { result = params->canon_user(params->utils->conn, cred_authid.value, cred_authid.length, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, cred_authid.value, cred_authid.length, SASL_CU_AUTHID, oparams); if (result != SASL_OK) goto cleanup; result = params->canon_user(params->utils->conn, cred_authid.value, cred_authid.length, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) goto cleanup; } } /* * Armed with the authentication identity, try to get a credential without * a password. */ if (!GOT_CREDS(text, params) && text->client_name != GSS_C_NO_NAME) { maj_stat = gss_acquire_cred(&min_stat, text->client_name, GSS_C_INDEFINITE, &mechs, GSS_C_INITIATE, &text->client_creds, NULL, &text->lifetime); if (GSS_ERROR(maj_stat) && !CRED_ERROR(maj_stat)) goto cleanup; } /* * If that failed, try to get a credential with a password. */ if (!GOT_CREDS(text, params)) { if (text->password == NULL) { pass_result = _plug_get_password(params->utils, &text->password, &text->free_password, prompt_need); if (pass_result != SASL_OK && pass_result != SASL_INTERACT) { result = pass_result; goto cleanup; } } if (text->password != NULL) { gss_buffer_desc password_buf; password_buf.length = text->password->len; password_buf.value = text->password->data; maj_stat = gss_acquire_cred_with_password(&min_stat, text->client_name, &password_buf, GSS_C_INDEFINITE, &mechs, GSS_C_INITIATE, &text->client_creds, NULL, &text->lifetime); if (GSS_ERROR(maj_stat)) goto cleanup; } } maj_stat = GSS_S_COMPLETE; /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (user_result == SASL_INTERACT || auth_result == SASL_INTERACT || pass_result == SASL_INTERACT) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result == SASL_OK) result = SASL_INTERACT; } cleanup: if (result == SASL_OK && maj_stat != GSS_S_COMPLETE) { sasl_gs2_seterror(text->utils, maj_stat, min_stat); result = SASL_FAIL; } gss_release_buffer(&min_stat, &cred_authid); return result; } static int sasl_gs2_seterror_(const sasl_utils_t *utils, OM_uint32 maj, OM_uint32 min, int logonly) { OM_uint32 maj_stat, min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; int ret; char *out = NULL; unsigned int len, curlen = 0; const char prefix[] = "GS2 Error: "; len = sizeof(prefix); ret = _plug_buf_alloc(utils, &out, &curlen, 256); if (ret != SASL_OK) return SASL_OK; strcpy(out, prefix); msg_ctx = 0; while (1) { maj_stat = gss_display_status(&min_stat, maj, GSS_C_GSS_CODE, GSS_C_NULL_OID, &msg_ctx, &msg); if (GSS_ERROR(maj_stat)) { if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "GS2 Failure: (could not get major error message)"); } else { utils->seterror(utils->conn, 0, "GS2 Failure " "(could not get major error message)"); } utils->free(out); return SASL_OK; } len += len + msg.length; ret = _plug_buf_alloc(utils, &out, &curlen, len); if (ret != SASL_OK) { utils->free(out); return SASL_OK; } strcat(out, msg.value); gss_release_buffer(&min_stat, &msg); if (!msg_ctx) break; } /* Now get the minor status */ len += 2; ret = _plug_buf_alloc(utils, &out, &curlen, len); if (ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, " ("); msg_ctx = 0; while (1) { maj_stat = gss_display_status(&min_stat, min, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &msg); if (GSS_ERROR(maj_stat)) { if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, "GS2 Failure: (could not get minor error message)"); } else { utils->seterror(utils->conn, 0, "GS2 Failure " "(could not get minor error message)"); } utils->free(out); return SASL_OK; } len += len + msg.length; ret = _plug_buf_alloc(utils, &out, &curlen, len); if (ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, msg.value); gss_release_buffer(&min_stat, &msg); if (!msg_ctx) break; } len += 1; ret = _plug_buf_alloc(utils, &out, &curlen, len); if (ret != SASL_OK) { utils->free(out); return SASL_NOMEM; } strcat(out, ")"); if (logonly) { utils->log(utils->conn, SASL_LOG_FAIL, out); } else { utils->seterror(utils->conn, 0, out); } utils->free(out); return SASL_OK; } cyrus-sasl-2.1.25/plugins/login_init.c0000666000076400007640000000132211632367343014631 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( login ) SASL_SERVER_PLUG_INIT( login ) cyrus-sasl-2.1.25/plugins/plugin_common.c0000646000076400007640000005272111630151332015336 00000000000000/* Generic SASL plugin utility functions * Rob Siemborski * $Id: plugin_common.c,v 1.22 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifndef macintosh #ifdef WIN32 # include #else # include # include # include # include # include #endif /* WIN32 */ #endif /* macintosh */ #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #include #ifdef HAVE_INTTYPES_H #include #endif #include "plugin_common.h" /* translate IPv4 mapped IPv6 address to IPv4 address */ static void sockaddr_unmapped( #ifdef IN6_IS_ADDR_V4MAPPED struct sockaddr *sa, socklen_t *len #else struct sockaddr *sa __attribute__((unused)), socklen_t *len __attribute__((unused)) #endif ) { #ifdef IN6_IS_ADDR_V4MAPPED struct sockaddr_in6 *sin6; struct sockaddr_in *sin4; uint32_t addr; int port; if (sa->sa_family != AF_INET6) return; sin6 = (struct sockaddr_in6 *)sa; if (!IN6_IS_ADDR_V4MAPPED((&sin6->sin6_addr))) return; sin4 = (struct sockaddr_in *)sa; addr = *(uint32_t *)&sin6->sin6_addr.s6_addr[12]; port = sin6->sin6_port; memset(sin4, 0, sizeof(struct sockaddr_in)); sin4->sin_addr.s_addr = addr; sin4->sin_port = port; sin4->sin_family = AF_INET; #ifdef HAVE_SOCKADDR_SA_LEN sin4->sin_len = sizeof(struct sockaddr_in); #endif *len = sizeof(struct sockaddr_in); #else return; #endif } int _plug_ipfromstring(const sasl_utils_t *utils, const char *addr, struct sockaddr *out, socklen_t outlen) { int i, j; socklen_t len; struct sockaddr_storage ss; struct addrinfo hints, *ai = NULL; char hbuf[NI_MAXHOST]; if(!utils || !addr || !out) { if(utils) PARAMERROR( utils ); return SASL_BADPARAM; } /* Parse the address */ for (i = 0; addr[i] != '\0' && addr[i] != ';'; i++) { if (i >= NI_MAXHOST) { if(utils) PARAMERROR( utils ); return SASL_BADPARAM; } hbuf[i] = addr[i]; } hbuf[i] = '\0'; if (addr[i] == ';') i++; /* XXX/FIXME: Do we need this check? */ for (j = i; addr[j] != '\0'; j++) if (!isdigit((int)(addr[j]))) { PARAMERROR( utils ); return SASL_BADPARAM; } memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; if (getaddrinfo(hbuf, &addr[i], &hints, &ai) != 0) { PARAMERROR( utils ); return SASL_BADPARAM; } len = ai->ai_addrlen; memcpy(&ss, ai->ai_addr, len); freeaddrinfo(ai); sockaddr_unmapped((struct sockaddr *)&ss, &len); if (outlen < len) { PARAMERROR( utils ); return SASL_BUFOVER; } memcpy(out, &ss, len); return SASL_OK; } int _plug_iovec_to_buf(const sasl_utils_t *utils, const struct iovec *vec, unsigned numiov, buffer_info_t **output) { unsigned i; int ret; buffer_info_t *out; char *pos; if(!utils || !vec || !output) { if(utils) PARAMERROR( utils ); return SASL_BADPARAM; } if(!(*output)) { *output = utils->malloc(sizeof(buffer_info_t)); if(!*output) { MEMERROR(utils); return SASL_NOMEM; } memset(*output,0,sizeof(buffer_info_t)); } out = *output; out->curlen = 0; for(i=0; icurlen += vec[i].iov_len; ret = _plug_buf_alloc(utils, &out->data, &out->reallen, out->curlen); if(ret != SASL_OK) { MEMERROR(utils); return SASL_NOMEM; } memset(out->data, 0, out->reallen); pos = out->data; for(i=0; imalloc(newlen); if (*rwbuf == NULL) { *curlen = 0; MEMERROR(utils); return SASL_NOMEM; } *curlen = newlen; } else if(*rwbuf && *curlen < newlen) { size_t needed = 2*(*curlen); while(needed < newlen) needed *= 2; *rwbuf = utils->realloc(*rwbuf, needed); if (*rwbuf == NULL) { *curlen = 0; MEMERROR(utils); return SASL_NOMEM; } *curlen = needed; } return SASL_OK; } /* copy a string */ int _plug_strdup(const sasl_utils_t * utils, const char *in, char **out, int *outlen) { size_t len = strlen(in); if(!utils || !in || !out) { if(utils) PARAMERROR(utils); return SASL_BADPARAM; } *out = utils->malloc(len + 1); if (!*out) { MEMERROR(utils); return SASL_NOMEM; } strcpy((char *) *out, in); if (outlen) *outlen = len; return SASL_OK; } void _plug_free_string(const sasl_utils_t *utils, char **str) { size_t len; if (!utils || !str || !(*str)) return; len = strlen(*str); utils->erasebuffer(*str, len); utils->free(*str); *str=NULL; } void _plug_free_secret(const sasl_utils_t *utils, sasl_secret_t **secret) { if(!utils || !secret || !(*secret)) return; utils->erasebuffer((char *)(*secret)->data, (*secret)->len); utils->free(*secret); *secret = NULL; } /* * Trys to find the prompt with the lookingfor id in the prompt list * Returns it if found. NULL otherwise */ sasl_interact_t *_plug_find_prompt(sasl_interact_t **promptlist, unsigned int lookingfor) { sasl_interact_t *prompt; if (promptlist && *promptlist) { for (prompt = *promptlist; prompt->id != SASL_CB_LIST_END; ++prompt) { if (prompt->id==lookingfor) return prompt; } } return NULL; } /* * Retrieve the simple string given by the callback id. */ int _plug_get_simple(const sasl_utils_t *utils, unsigned int id, int required, const char **result, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getsimple_t *simple_cb; void *simple_context; sasl_interact_t *prompt; *result = NULL; /* see if we were given the result in the prompt */ prompt = _plug_find_prompt(prompt_need, id); if (prompt != NULL) { /* We prompted, and got.*/ if (required && !prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } *result = prompt->result; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, id, (sasl_callback_ft *)&simple_cb, &simple_context); if (ret == SASL_FAIL && !required) return SASL_OK; if (ret == SASL_OK && simple_cb) { ret = simple_cb(simple_context, id, result, NULL); if (ret != SASL_OK) return ret; if (required && !*result) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Retrieve the user password. */ int _plug_get_password(const sasl_utils_t *utils, sasl_secret_t **password, unsigned int *iscopy, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getsecret_t *pass_cb; void *pass_context; sasl_interact_t *prompt; *password = NULL; *iscopy = 0; /* see if we were given the password in the prompt */ prompt = _plug_find_prompt(prompt_need, SASL_CB_PASS); if (prompt != NULL) { /* We prompted, and got.*/ if (!prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } /* copy what we got into a secret_t */ *password = (sasl_secret_t *) utils->malloc(sizeof(sasl_secret_t) + prompt->len + 1); if (!*password) { MEMERROR(utils); return SASL_NOMEM; } (*password)->len=prompt->len; memcpy((*password)->data, prompt->result, prompt->len); (*password)->data[(*password)->len]=0; *iscopy = 1; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, SASL_CB_PASS, (sasl_callback_ft *)&pass_cb, &pass_context); if (ret == SASL_OK && pass_cb) { ret = pass_cb(utils->conn, pass_context, SASL_CB_PASS, password); if (ret != SASL_OK) return ret; if (!*password) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Retrieve the string given by the challenge prompt id. */ int _plug_challenge_prompt(const sasl_utils_t *utils, unsigned int id, const char *challenge, const char *promptstr, const char **result, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_chalprompt_t *chalprompt_cb; void *chalprompt_context; sasl_interact_t *prompt; *result = NULL; /* see if we were given the password in the prompt */ prompt = _plug_find_prompt(prompt_need, id); if (prompt != NULL) { /* We prompted, and got.*/ if (!prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } *result = prompt->result; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, id, (sasl_callback_ft *)&chalprompt_cb, &chalprompt_context); if (ret == SASL_OK && chalprompt_cb) { ret = chalprompt_cb(chalprompt_context, id, challenge, promptstr, NULL, result, NULL); if (ret != SASL_OK) return ret; if (!*result) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Retrieve the client realm. */ int _plug_get_realm(const sasl_utils_t *utils, const char **availrealms, const char **realm, sasl_interact_t **prompt_need) { int ret = SASL_FAIL; sasl_getrealm_t *realm_cb; void *realm_context; sasl_interact_t *prompt; *realm = NULL; /* see if we were given the result in the prompt */ prompt = _plug_find_prompt(prompt_need, SASL_CB_GETREALM); if (prompt != NULL) { /* We prompted, and got.*/ if (!prompt->result) { SETERROR(utils, "Unexpectedly missing a prompt result"); return SASL_BADPARAM; } *realm = prompt->result; return SASL_OK; } /* Try to get the callback... */ ret = utils->getcallback(utils->conn, SASL_CB_GETREALM, (sasl_callback_ft *)&realm_cb, &realm_context); if (ret == SASL_OK && realm_cb) { ret = realm_cb(realm_context, SASL_CB_GETREALM, availrealms, realm); if (ret != SASL_OK) return ret; if (!*realm) { PARAMERROR(utils); return SASL_BADPARAM; } } return ret; } /* * Make the requested prompts. (prompt==NULL means we don't want it) */ int _plug_make_prompts(const sasl_utils_t *utils, sasl_interact_t **prompts_res, const char *user_prompt, const char *user_def, const char *auth_prompt, const char *auth_def, const char *pass_prompt, const char *pass_def, const char *echo_chal, const char *echo_prompt, const char *echo_def, const char *realm_chal, const char *realm_prompt, const char *realm_def) { int num = 1; int alloc_size; sasl_interact_t *prompts; if (user_prompt) num++; if (auth_prompt) num++; if (pass_prompt) num++; if (echo_prompt) num++; if (realm_prompt) num++; if (num == 1) { SETERROR( utils, "make_prompts() called with no actual prompts" ); return SASL_FAIL; } alloc_size = sizeof(sasl_interact_t)*num; prompts = utils->malloc(alloc_size); if (!prompts) { MEMERROR( utils ); return SASL_NOMEM; } memset(prompts, 0, alloc_size); *prompts_res = prompts; if (user_prompt) { (prompts)->id = SASL_CB_USER; (prompts)->challenge = "Authorization Name"; (prompts)->prompt = user_prompt; (prompts)->defresult = user_def; prompts++; } if (auth_prompt) { (prompts)->id = SASL_CB_AUTHNAME; (prompts)->challenge = "Authentication Name"; (prompts)->prompt = auth_prompt; (prompts)->defresult = auth_def; prompts++; } if (pass_prompt) { (prompts)->id = SASL_CB_PASS; (prompts)->challenge = "Password"; (prompts)->prompt = pass_prompt; (prompts)->defresult = pass_def; prompts++; } if (echo_prompt) { (prompts)->id = SASL_CB_ECHOPROMPT; (prompts)->challenge = echo_chal; (prompts)->prompt = echo_prompt; (prompts)->defresult = echo_def; prompts++; } if (realm_prompt) { (prompts)->id = SASL_CB_GETREALM; (prompts)->challenge = realm_chal; (prompts)->prompt = realm_prompt; (prompts)->defresult = realm_def; prompts++; } /* add the ending one */ (prompts)->id = SASL_CB_LIST_END; (prompts)->challenge = NULL; (prompts)->prompt = NULL; (prompts)->defresult = NULL; return SASL_OK; } void _plug_decode_init(decode_context_t *text, const sasl_utils_t *utils, unsigned int in_maxbuf) { memset(text, 0, sizeof(decode_context_t)); text->utils = utils; text->needsize = 4; text->in_maxbuf = in_maxbuf; } /* * Decode as much of the input as possible (possibly none), * using decode_pkt() to decode individual packets. */ int _plug_decode(decode_context_t *text, const char *input, unsigned inputlen, char **output, /* output buffer */ unsigned *outputsize, /* current size of output buffer */ unsigned *outputlen, /* length of data in output buffer */ int (*decode_pkt)(void *rock, const char *input, unsigned inputlen, char **output, unsigned *outputlen), void *rock) { unsigned int tocopy; unsigned diff; char *tmp; unsigned tmplen; int ret; *outputlen = 0; while (inputlen) { /* more input */ if (text->needsize) { /* need to get the rest of the 4-byte size */ /* copy as many bytes (up to 4) as we have into size buffer */ tocopy = (inputlen > text->needsize) ? text->needsize : inputlen; memcpy(text->sizebuf + 4 - text->needsize, input, tocopy); text->needsize -= tocopy; input += tocopy; inputlen -= tocopy; if (!text->needsize) { /* we have the entire 4-byte size */ memcpy(&(text->size), text->sizebuf, 4); text->size = ntohl(text->size); if (!text->size) /* should never happen */ return SASL_FAIL; if (text->size > text->in_maxbuf) { text->utils->log(NULL, SASL_LOG_ERR, "encoded packet size too big (%d > %d)", text->size, text->in_maxbuf); return SASL_FAIL; } if (!text->buffer) text->buffer = text->utils->malloc(text->in_maxbuf); if (text->buffer == NULL) return SASL_NOMEM; text->cursize = 0; } else { /* We do NOT have the entire 4-byte size... * wait for more data */ return SASL_OK; } } diff = text->size - text->cursize; /* bytes needed for full packet */ if (inputlen < diff) { /* not a complete packet, need more input */ memcpy(text->buffer + text->cursize, input, inputlen); text->cursize += inputlen; return SASL_OK; } /* copy the rest of the packet */ memcpy(text->buffer + text->cursize, input, diff); input += diff; inputlen -= diff; /* decode the packet (no need to free tmp) */ ret = decode_pkt(rock, text->buffer, text->size, &tmp, &tmplen); if (ret != SASL_OK) return ret; /* append the decoded packet to the output */ ret = _plug_buf_alloc(text->utils, output, outputsize, *outputlen + tmplen + 1); /* +1 for NUL */ if (ret != SASL_OK) return ret; memcpy(*output + *outputlen, tmp, tmplen); *outputlen += tmplen; /* protect stupid clients */ *(*output + *outputlen) = '\0'; /* reset for the next packet */ text->needsize = 4; } return SASL_OK; } void _plug_decode_free(decode_context_t *text) { if (text->buffer) text->utils->free(text->buffer); } /* returns the realm we should pretend to be in */ int _plug_parseuser(const sasl_utils_t *utils, char **user, char **realm, const char *user_realm, const char *serverFQDN, const char *input) { int ret; char *r; if(!user || !serverFQDN) { PARAMERROR( utils ); return SASL_BADPARAM; } r = strchr(input, '@'); if (!r) { /* hmmm, the user didn't specify a realm */ if(user_realm && user_realm[0]) { ret = _plug_strdup(utils, user_realm, realm, NULL); } else { /* Default to serverFQDN */ ret = _plug_strdup(utils, serverFQDN, realm, NULL); } if (ret == SASL_OK) { ret = _plug_strdup(utils, input, user, NULL); } } else { r++; ret = _plug_strdup(utils, r, realm, NULL); *--r = '\0'; *user = utils->malloc(r - input + 1); if (*user) { strncpy(*user, input, r - input +1); } else { MEMERROR( utils ); ret = SASL_NOMEM; } *r = '@'; } return ret; } int _plug_make_fulluser(const sasl_utils_t *utils, char **fulluser, const char * useronly, const char *realm) { if(!fulluser || !useronly || !realm) { PARAMERROR( utils ); return (SASL_BADPARAM); } *fulluser = utils->malloc (strlen(useronly) + strlen(realm) + 2); if (*fulluser == NULL) { MEMERROR( utils ); return (SASL_NOMEM); } strcpy (*fulluser, useronly); strcat (*fulluser, "@"); strcat (*fulluser, realm); return (SASL_OK); } char * _plug_get_error_message (const sasl_utils_t *utils, #ifdef WIN32 DWORD error #else int error #endif ) { char * return_value; #ifdef WIN32 LPVOID lpMsgBuf; FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ (LPTSTR) &lpMsgBuf, 0, NULL ); if (_plug_strdup (utils, lpMsgBuf, &return_value, NULL) != SASL_OK) { return_value = NULL; } LocalFree( lpMsgBuf ); #else /* !WIN32 */ if (_plug_strdup (utils, strerror(error), &return_value, NULL) != SASL_OK) { return_value = NULL; } #endif /* WIN32 */ return (return_value); } void _plug_snprintf_os_info (char * osbuf, int osbuf_len) { #ifdef WIN32 OSVERSIONINFOEX versioninfo; char *sysname; /* : DWORD dwOSVersionInfoSize; DWORD dwMajorVersion; DWORD dwMinorVersion; DWORD dwBuildNumber; TCHAR szCSDVersion[ 128 ]; //Only NT SP 6 and later WORD wServicePackMajor; WORD wServicePackMinor; WORD wSuiteMask; BYTE wProductType; */ versioninfo.dwOSVersionInfoSize = sizeof (versioninfo); sysname = "Unknown Windows"; if (GetVersionEx ((OSVERSIONINFO *) &versioninfo) == FALSE) { snprintf(osbuf, osbuf_len, "%s", sysname); goto SKIP_OS_INFO; } switch (versioninfo.dwPlatformId) { case VER_PLATFORM_WIN32s: /* Win32s on Windows 3.1 */ sysname = "Win32s on Windows 3.1"; /* I can't test if dwBuildNumber has any meaning on Win32s */ break; case VER_PLATFORM_WIN32_WINDOWS: /* 95/98/ME */ switch (versioninfo.dwMinorVersion) { case 0: sysname = "Windows 95"; break; case 10: sysname = "Windows 98"; break; case 90: sysname = "Windows Me"; break; default: sysname = "Unknown Windows 9X/ME series"; break; } /* Clear the high order word, as it contains major/minor version */ versioninfo.dwBuildNumber &= 0xFFFF; break; case VER_PLATFORM_WIN32_NT: /* NT/2000/XP/.NET */ if (versioninfo.dwMinorVersion > 99) { } else { switch (versioninfo.dwMajorVersion * 100 + versioninfo.dwMinorVersion) { case 351: sysname = "Windows NT 3.51"; break; case 400: sysname = "Windows NT 4.0"; break; case 500: sysname = "Windows 2000"; break; case 501: sysname = "Windows XP/.NET"; /* or Windows .NET Server */ break; default: sysname = "Unknown Windows NT series"; break; } } break; default: break; } snprintf(osbuf, osbuf_len, "%s %s (Build %u)", sysname, versioninfo.szCSDVersion, versioninfo.dwBuildNumber ); SKIP_OS_INFO: ; #else /* !WIN32 */ struct utsname os; uname(&os); snprintf(osbuf, osbuf_len, "%s %s", os.sysname, os.release); #endif /* WIN32 */ } #if defined(WIN32) unsigned int plug_sleep (unsigned int seconds) { long dwSec = seconds*1000; Sleep (dwSec); return 0; } #endif cyrus-sasl-2.1.25/plugins/sql.c0000646000076400007640000010553311306006126013267 00000000000000/* ** ** SQL Auxprop plugin ** ** Ken Murchison ** Maya Nigrosh -- original store() and txn support ** Simon Loader -- original mysql plugin ** Patrick Welche -- original pgsql plugin ** ** $Id: sql.c,v 1.38 2009/04/11 10:48:07 mel Exp $ ** */ #include #include #include #include #include #include "sasl.h" #include "saslutil.h" #include "saslplug.h" #include #include "plugin_common.h" #define sql_max(a, b) ((a) > (b) ? (a) : (b)) #define sql_len(input) ((input) ? strlen(input) : 0) #define sql_exists(input) ((input) && (*input)) typedef struct sql_engine { const char *name; void *(*sql_open)(char *host, char *port, int usessl, const char *user, const char *password, const char *database, const sasl_utils_t *utils); int (*sql_escape_str)(char *to, const char *from); int (*sql_begin_txn)(void *conn, const sasl_utils_t *utils); int (*sql_commit_txn)(void *conn, const sasl_utils_t *utils); int (*sql_rollback_txn)(void *conn, const sasl_utils_t *utils); int (*sql_exec)(void *conn, const char *cmd, char *value, size_t size, size_t *value_len, const sasl_utils_t *utils); void (*sql_close)(void *conn); } sql_engine_t; typedef struct sql_settings { const sql_engine_t *sql_engine; const char *sql_user; const char *sql_passwd; const char *sql_hostnames; const char *sql_database; const char *sql_select; const char *sql_insert; const char *sql_update; int sql_usessl; } sql_settings_t; static const char * SQL_BLANK_STRING = ""; static const char * SQL_WILDCARD = "*"; static const char * SQL_NULL_VALUE = "NULL"; #ifdef HAVE_MYSQL #include static void *_mysql_open(char *host, char *port, int usessl, const char *user, const char *password, const char *database, const sasl_utils_t *utils) { MYSQL *mysql; if (!(mysql = mysql_init(NULL))) { utils->log(NULL, SASL_LOG_ERR, "sql plugin: could not execute mysql_init()"); return NULL; } return mysql_real_connect(mysql, host, user, password, database, port ? strtoul(port, NULL, 10) : 0, NULL, usessl ? CLIENT_SSL : 0); } static int _mysql_escape_str(char *to, const char *from) { return mysql_escape_string(to, from, strlen(from)); } static int _mysql_exec(void *conn, const char *cmd, char *value, size_t size, size_t *value_len, const sasl_utils_t *utils) { MYSQL_RES *result; MYSQL_ROW row; int row_count, len; len = strlen(cmd); /* mysql_real_query() doesn't want a terminating ';' */ if (cmd[len-1] == ';') len--; /* * Run the query. It is important to note that mysql_real_query * will return success even if the sql statement * had an error in it. However, mysql_errno() will alsways * tell us if there was an error. Therefore we can ignore * the result from mysql_real_query and simply check mysql_errno() * to decide if there was really an error. */ (void)mysql_real_query(conn, cmd, len); if(mysql_errno(conn)) { utils->log(NULL, SASL_LOG_ERR, "sql query failed: %s", mysql_error(conn)); return -1; } /* see if we should expect some results */ if (!mysql_field_count(conn)) { /* no results (BEGIN, COMMIT, DELETE, INSERT, UPDATE) */ return 0; } /* get the results */ result = mysql_store_result(conn); if (!result) { /* umm nothing found */ utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); return -1; } /* quick row check */ row_count = mysql_num_rows(result); if (!row_count) { /* umm nothing found */ mysql_free_result(result); utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); return -1; } if (row_count > 1) { utils->log(NULL, SASL_LOG_WARN, "sql plugin: found duplicate row for query %s", cmd); } /* now get the result set value and value_len */ /* we only fetch one because we don't care about the rest */ row = mysql_fetch_row(result); if (!row || !row[0]) { /* umm nothing found */ utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); mysql_free_result(result); return -1; } if (value) { strncpy(value, row[0], size-2); value[size-1] = '\0'; if (value_len) *value_len = strlen(value); } /* free result */ mysql_free_result(result); return 0; } static int _mysql_begin_txn(void *conn, const sasl_utils_t *utils) { return _mysql_exec(conn, #if MYSQL_VERSION_ID >= 40011 "START TRANSACTION", #else "BEGIN", #endif NULL, 0, NULL, utils); } static int _mysql_commit_txn(void *conn, const sasl_utils_t *utils) { return _mysql_exec(conn, "COMMIT", NULL, 0, NULL, utils); } static int _mysql_rollback_txn(void *conn, const sasl_utils_t *utils) { return _mysql_exec(conn, "ROLLBACK", NULL, 0, NULL, utils); } static void _mysql_close(void *conn) { mysql_close(conn); } #endif /* HAVE_MYSQL */ #ifdef HAVE_PGSQL #include static void *_pgsql_open(char *host, char *port, int usessl, const char *user, const char *password, const char *database, const sasl_utils_t *utils) { PGconn *conn = NULL; char *conninfo, *sep; /* create the connection info string */ /* The 64 represents the number of characters taken by * the keyword tokens, plus a small pad */ conninfo = utils->malloc(64 + sql_len(host) + sql_len(port) + sql_len(user) + sql_len(password) + sql_len(database)); if (!conninfo) { MEMERROR(utils); return NULL; } /* add each term that exists */ conninfo[0] = '\0'; sep = ""; if (sql_exists(host)) { strcat(conninfo, sep); strcat(conninfo, "host='"); strcat(conninfo, host); strcat(conninfo, "'"); sep = " "; } if (sql_exists(port)) { strcat(conninfo, sep); strcat(conninfo, "port='"); strcat(conninfo, port); strcat(conninfo, "'"); sep = " "; } if (sql_exists(user)) { strcat(conninfo, sep); strcat(conninfo, "user='"); strcat(conninfo, user); strcat(conninfo, "'"); sep = " "; } if (sql_exists(password)) { strcat(conninfo, sep); strcat(conninfo, "password='"); strcat(conninfo, password); strcat(conninfo, "'"); sep = " "; } if (sql_exists(database)) { strcat(conninfo, sep); strcat(conninfo, "dbname='"); strcat(conninfo, database); strcat(conninfo, "'"); sep = " "; } if (usessl) { strcat(conninfo, sep); strcat(conninfo, "requiressl='1'"); } conn = PQconnectdb(conninfo); free(conninfo); if ((PQstatus(conn) != CONNECTION_OK)) { utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", PQerrorMessage(conn)); return NULL; } return conn; } static int _pgsql_escape_str(char *to, const char *from) { return PQescapeString(to, from, strlen(from)); } static int _pgsql_exec(void *conn, const char *cmd, char *value, size_t size, size_t *value_len, const sasl_utils_t *utils) { PGresult *result; int row_count; ExecStatusType status; /* run the query */ result = PQexec(conn, cmd); /* check the status */ status = PQresultStatus(result); if (status == PGRES_COMMAND_OK) { /* no results (BEGIN, COMMIT, DELETE, INSERT, UPDATE) */ PQclear(result); return 0; } else if (status != PGRES_TUPLES_OK) { /* error */ utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %s ", PQresStatus(status)); PQclear(result); return -1; } /* quick row check */ row_count = PQntuples(result); if (!row_count) { /* umm nothing found */ utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); PQclear(result); return -1; } if (row_count > 1) { utils->log(NULL, SASL_LOG_WARN, "sql plugin: found duplicate row for query %s", cmd); } /* now get the result set value and value_len */ /* we only fetch one because we don't care about the rest */ if (value) { strncpy(value, PQgetvalue(result,0,0), size-2); value[size-1] = '\0'; if (value_len) *value_len = strlen(value); } /* free result */ PQclear(result); return 0; } static int _pgsql_begin_txn(void *conn, const sasl_utils_t *utils) { return _pgsql_exec(conn, "BEGIN;", NULL, 0, NULL, utils); } static int _pgsql_commit_txn(void *conn, const sasl_utils_t *utils) { return _pgsql_exec(conn, "COMMIT;", NULL, 0, NULL, utils); } static int _pgsql_rollback_txn(void *conn, const sasl_utils_t *utils) { return _pgsql_exec(conn, "ROLLBACK;", NULL, 0, NULL, utils); } static void _pgsql_close(void *conn) { PQfinish(conn); } #endif /* HAVE_PGSQL */ #ifdef HAVE_SQLITE #include static void *_sqlite_open(char *host __attribute__((unused)), char *port __attribute__((unused)), int usessl __attribute__((unused)), const char *user __attribute__((unused)), const char *password __attribute__((unused)), const char *database, const sasl_utils_t *utils) { int rc; sqlite *db; char *zErrMsg = NULL; db = sqlite_open(database, 0, &zErrMsg); if (db == NULL) { utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", zErrMsg); sqlite_freemem (zErrMsg); return NULL; } rc = sqlite_exec(db, "PRAGMA empty_result_callbacks = ON", NULL, NULL, &zErrMsg); if (rc != SQLITE_OK) { utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", zErrMsg); sqlite_freemem (zErrMsg); sqlite_close(db); return NULL; } return (void*)db; } static int _sqlite_escape_str(char *to, const char *from) { char s; while ( (s = *from++) != '\0' ) { if (s == '\'' || s == '\\') { *to++ = '\\'; } *to++ = s; } *to = '\0'; return 0; } static int sqlite_my_callback(void *pArg, int argc __attribute__((unused)), char **argv, char **columnNames __attribute__((unused))) { char **result = (char**)pArg; if (argv == NULL) { *result = NULL; /* no record */ } else if (argv[0] == NULL) { *result = strdup(SQL_NULL_VALUE); /* NULL IS SQL_NULL_VALUE */ } else { *result = strdup(argv[0]); } return /*ABORT*/1; } static int _sqlite_exec(void *db, const char *cmd, char *value, size_t size, size_t *value_len, const sasl_utils_t *utils) { int rc; char *result = NULL; char *zErrMsg = NULL; rc = sqlite_exec((sqlite*)db, cmd, sqlite_my_callback, (void*)&result, &zErrMsg); if (rc != SQLITE_OK && rc != SQLITE_ABORT) { utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %s ", zErrMsg); sqlite_freemem (zErrMsg); return -1; } if (rc == SQLITE_OK) { /* no results (BEGIN, COMMIT, DELETE, INSERT, UPDATE) */ return 0; } if (result == NULL) { /* umm nothing found */ utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); return -1; } /* XXX: Duplication cannot be found by this method. */ /* now get the result set value and value_len */ /* we only fetch one because we don't care about the rest */ if (value) { strncpy(value, result, size - 2); value[size - 1] = '\0'; if (value_len) { *value_len = strlen(value); } } /* free result */ free(result); return 0; } static int _sqlite_begin_txn(void *db, const sasl_utils_t *utils) { return _sqlite_exec(db, "BEGIN TRANSACTION", NULL, 0, NULL, utils); } static int _sqlite_commit_txn(void *db, const sasl_utils_t *utils) { return _sqlite_exec(db, "COMMIT TRANSACTION", NULL, 0, NULL, utils); } static int _sqlite_rollback_txn(void *db, const sasl_utils_t *utils) { return _sqlite_exec(db, "ROLLBACK TRANSACTION", NULL, 0, NULL, utils); } static void _sqlite_close(void *db) { sqlite_close((sqlite*)db); } #endif /* HAVE_SQLITE */ #ifdef HAVE_SQLITE3 #include static void *_sqlite3_open(char *host __attribute__((unused)), char *port __attribute__((unused)), int usessl __attribute__((unused)), const char *user __attribute__((unused)), const char *password __attribute__((unused)), const char *database, const sasl_utils_t *utils) { int rc; sqlite3 *db; char *zErrMsg = NULL; rc = sqlite3_open(database, &db); if (SQLITE_OK != rc) { if (db) utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", sqlite3_errmsg(db)); else utils->log(NULL, SASL_LOG_ERR, "sql plugin: %d", rc); sqlite3_close(db); return NULL; } rc = sqlite3_exec(db, "PRAGMA empty_result_callbacks = ON", NULL, NULL, &zErrMsg); if (rc != SQLITE_OK) { if (zErrMsg) { utils->log(NULL, SASL_LOG_ERR, "sql plugin: %s", zErrMsg); sqlite3_free(zErrMsg); } else utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %d", rc); sqlite3_close(db); return NULL; } return (void*)db; } static int _sqlite3_escape_str(char *to, const char *from) { char s; while ( (s = *from++) != '\0' ) { if (s == '\'' || s == '\\') { *to++ = '\\'; } *to++ = s; } *to = '\0'; return 0; } static int sqlite3_my_callback(void *pArg, int argc __attribute__((unused)), char **argv, char **columnNames __attribute__((unused))) { char **result = (char**)pArg; if (argv == NULL) { *result = NULL; /* no record */ } else if (argv[0] == NULL) { *result = strdup(SQL_NULL_VALUE); /* NULL IS SQL_NULL_VALUE */ } else { *result = strdup(argv[0]); } return 0; } static int _sqlite3_exec(void *db, const char *cmd, char *value, size_t size, size_t *value_len, const sasl_utils_t *utils) { int rc; char *result = NULL; char *zErrMsg = NULL; rc = sqlite3_exec((sqlite3*)db, cmd, sqlite3_my_callback, (void*)&result, &zErrMsg); if (rc != SQLITE_OK) { if (zErrMsg) { utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %s", zErrMsg); sqlite3_free(zErrMsg); } else { utils->log(NULL, SASL_LOG_DEBUG, "sql plugin: %d", rc); } return -1; } if (value == NULL && rc == SQLITE_OK) { /* no results (BEGIN, COMMIT, DELETE, INSERT, UPDATE) */ return 0; } if (result == NULL) { /* umm nothing found */ utils->log(NULL, SASL_LOG_NOTE, "sql plugin: no result found"); return -1; } /* XXX: Duplication cannot be found by this method. */ /* now get the result set value and value_len */ /* we only fetch one because we don't care about the rest */ if (value) { strncpy(value, result, size - 2); value[size - 1] = '\0'; if (value_len) { *value_len = strlen(value); } } free(result); return 0; } static int _sqlite3_begin_txn(void *db, const sasl_utils_t *utils) { return _sqlite3_exec(db, "BEGIN TRANSACTION;", NULL, 0, NULL, utils); } static int _sqlite3_commit_txn(void *db, const sasl_utils_t *utils) { return _sqlite3_exec(db, "COMMIT TRANSACTION;", NULL, 0, NULL, utils); } static int _sqlite3_rollback_txn(void *db, const sasl_utils_t *utils) { return _sqlite3_exec(db, "ROLLBACK TRANSACTION;", NULL, 0, NULL, utils); } static void _sqlite3_close(void *db) { sqlite3_close((sqlite3*)db); } #endif /* HAVE_SQLITE3 */ static const sql_engine_t sql_engines[] = { #ifdef HAVE_MYSQL { "mysql", &_mysql_open, &_mysql_escape_str, &_mysql_begin_txn, &_mysql_commit_txn, &_mysql_rollback_txn, &_mysql_exec, &_mysql_close }, #endif /* HAVE_MYSQL */ #ifdef HAVE_PGSQL { "pgsql", &_pgsql_open, &_pgsql_escape_str, &_pgsql_begin_txn, &_pgsql_commit_txn, &_pgsql_rollback_txn, &_pgsql_exec, &_pgsql_close }, #endif #ifdef HAVE_SQLITE { "sqlite", &_sqlite_open, &_sqlite_escape_str, &_sqlite_begin_txn, &_sqlite_commit_txn, &_sqlite_rollback_txn, &_sqlite_exec, &_sqlite_close }, #endif #ifdef HAVE_SQLITE3 { "sqlite3", &_sqlite3_open, &_sqlite3_escape_str, &_sqlite3_begin_txn, &_sqlite3_commit_txn, &_sqlite3_rollback_txn, &_sqlite3_exec, &_sqlite3_close }, #endif { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } }; /* ** Sql_create_statement ** uses statement line and allocate memory to replace ** Parts with the strings provided. ** % = no change ** %% = % ** %u = user ** %p = prop ** %r = realm ** %v = value of prop ** e.g select %p from auth where user = %u and domain = %r; ** Note: calling function must free memory. ** */ static char *sql_create_statement(const char *statement, const char *prop, const char *user, const char *realm, const char *value, const sasl_utils_t *utils) { const char *ptr, *line_ptr; char *buf, *buf_ptr; int filtersize; int ulen, plen, rlen, vlen; int numpercents=0; int biggest; size_t i; /* calculate memory needed for creating the complete query string. */ ulen = (int)strlen(user); rlen = (int)strlen(realm); plen = (int)strlen(prop); vlen = (int)sql_len(value); /* what if we have multiple %foo occurrences in the input query? */ for (i = 0; i < strlen(statement); i++) { if (statement[i] == '%') { numpercents++; } } /* find the biggest of ulen, rlen, plen, vlen */ biggest = sql_max(sql_max(ulen, rlen), sql_max(plen, vlen)); /* plus one for the semicolon...and don't forget the trailing 0x0 */ filtersize = (int)strlen(statement) + 1 + (numpercents*biggest)+1; /* ok, now try to allocate a chunk of that size */ buf = (char *) utils->malloc(filtersize); if (!buf) { MEMERROR(utils); return NULL; } buf_ptr = buf; line_ptr = statement; /* replace the strings */ while ( (ptr = strchr(line_ptr, '%')) ) { /* copy up to but not including the next % */ memcpy(buf_ptr, line_ptr, ptr - line_ptr); buf_ptr += ptr - line_ptr; ptr++; switch (ptr[0]) { case '%': buf_ptr[0] = '%'; buf_ptr++; break; case 'u': memcpy(buf_ptr, user, ulen); buf_ptr += ulen; break; case 'r': memcpy(buf_ptr, realm, rlen); buf_ptr += rlen; break; case 'p': memcpy(buf_ptr, prop, plen); buf_ptr += plen; break; case 'v': if (value != NULL) { memcpy(buf_ptr, value, vlen); buf_ptr += vlen; } else { utils->log(NULL, SASL_LOG_ERR, "'%%v' shouldn't be in a SELECT or DELETE"); } break; default: buf_ptr[0] = '%'; buf_ptr[1] = ptr[0]; buf_ptr += 2; break; } ptr++; line_ptr = ptr; } memcpy(buf_ptr, line_ptr, strlen(line_ptr)+1); /* Make sure the current portion of the statement ends with a semicolon */ if (buf_ptr[strlen(buf_ptr-1)] != ';') { strcat(buf_ptr, ";"); } return (buf); } /* sql_get_settings * * Get the auxprop settings and put them in the global context array */ static void sql_get_settings(const sasl_utils_t *utils, void *glob_context) { sql_settings_t *settings; int r; const char *usessl, *engine_name; const sql_engine_t *e; settings = (sql_settings_t *) glob_context; r = utils->getopt(utils->getopt_context,"SQL", "sql_engine", &engine_name, NULL); if (r || !engine_name) { engine_name = "mysql"; } /* find the correct engine */ e = sql_engines; while (e->name) { if (!strcasecmp(engine_name, e->name)) break; e++; } if (!e->name) { utils->log(NULL, SASL_LOG_ERR, "SQL engine '%s' not supported", engine_name); } settings->sql_engine = e; r = utils->getopt(utils->getopt_context,"SQL","sql_user", &settings->sql_user, NULL); if ( r || !settings->sql_user ) { settings->sql_user = SQL_BLANK_STRING; } r = utils->getopt(utils->getopt_context,"SQL", "sql_passwd", &settings->sql_passwd, NULL); if (r || !settings->sql_passwd ) { settings->sql_passwd = SQL_BLANK_STRING; } r = utils->getopt(utils->getopt_context,"SQL", "sql_hostnames", &settings->sql_hostnames, NULL); if (r || !settings->sql_hostnames ) { settings->sql_hostnames = SQL_BLANK_STRING; } r = utils->getopt(utils->getopt_context,"SQL", "sql_database", &settings->sql_database, NULL); if (r || !settings->sql_database ) { settings->sql_database = SQL_BLANK_STRING; } r = utils->getopt(utils->getopt_context,"SQL", "sql_select", &settings->sql_select, NULL); if (r || !settings->sql_select ) { /* backwards compatibility */ r = utils->getopt(utils->getopt_context,"SQL", "sql_statement", &settings->sql_select, NULL); if (r || !settings->sql_select) { settings->sql_select = SQL_BLANK_STRING; } } r = utils->getopt(utils->getopt_context, "SQL", "sql_insert", &settings->sql_insert, NULL); if (r || !settings->sql_insert) { settings->sql_insert = SQL_BLANK_STRING; } r = utils->getopt(utils->getopt_context, "SQL", "sql_update", &settings->sql_update, NULL); if (r || !settings->sql_update) { settings->sql_update = SQL_BLANK_STRING; } r = utils->getopt(utils->getopt_context, "SQL", "sql_usessl", &usessl, NULL); if (r || !usessl) usessl = "no"; if (*usessl == '1' || *usessl == 'y' || *usessl == 't' || (*usessl == 'o' && usessl[1] == 'n')) { settings->sql_usessl = 1; } else { settings->sql_usessl = 0; } } static void *sql_connect(sql_settings_t *settings, const sasl_utils_t *utils) { void *conn = NULL; char *db_host_ptr = NULL; char *db_host = NULL; char *cur_host, *cur_port; /* loop around hostnames till we get a connection * it should probably save the connection but for * now we will just disconnect everytime */ utils->log(NULL, SASL_LOG_DEBUG, "sql plugin try and connect to a host\n"); /* create a working version of the hostnames */ _plug_strdup(utils, settings->sql_hostnames, &db_host_ptr, NULL); db_host = db_host_ptr; cur_host = db_host; while (cur_host != NULL) { db_host = strchr(db_host,','); if (db_host != NULL) { db_host[0] = '\0'; /* loop till we find some text */ while (!isalnum(db_host[0])) db_host++; } utils->log(NULL, SASL_LOG_DEBUG, "sql plugin trying to open db '%s' on host '%s'%s\n", settings->sql_database, cur_host, settings->sql_usessl ? " using SSL" : ""); /* set the optional port */ if ((cur_port = strchr(cur_host, ':'))) *cur_port++ = '\0'; conn = settings->sql_engine->sql_open(cur_host, cur_port, settings->sql_usessl, settings->sql_user, settings->sql_passwd, settings->sql_database, utils); if (conn) break; utils->log(NULL, SASL_LOG_ERR, "sql plugin could not connect to host %s", cur_host); cur_host = db_host; } if (db_host_ptr) utils->free(db_host_ptr); return conn; } static int sql_auxprop_lookup(void *glob_context, sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen) { char *userid = NULL; /* realm could be used for something clever */ char *realm = NULL; const char *user_realm = NULL; const struct propval *to_fetch, *cur; char value[8192]; size_t value_len; char *user_buf; char *query = NULL; char *escap_userid = NULL; char *escap_realm = NULL; sql_settings_t *settings; int verify_against_hashed_password; int saw_user_password = 0; void *conn = NULL; int do_txn = 0; int ret; if (!glob_context || !sparams || !user) return SASL_BADPARAM; /* setup the settings */ settings = (sql_settings_t *) glob_context; sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin Parse the username %s\n", user); user_buf = sparams->utils->malloc(ulen + 1); if (!user_buf) { ret = SASL_NOMEM; goto done; } memcpy(user_buf, user, ulen); user_buf[ulen] = '\0'; if(sparams->user_realm) { user_realm = sparams->user_realm; } else { user_realm = sparams->serverFQDN; } if ((ret = _plug_parseuser(sparams->utils, &userid, &realm, user_realm, sparams->serverFQDN, user_buf)) != SASL_OK ) { goto done; } /* just need to escape userid and realm now */ /* allocate some memory */ escap_userid = (char *)sparams->utils->malloc(strlen(userid)*2+1); escap_realm = (char *)sparams->utils->malloc(strlen(realm)*2+1); if (!escap_userid || !escap_realm) { ret = SASL_NOMEM; goto done; } /*************************************/ /* find out what we need to get */ /* this corrupts const char *user */ to_fetch = sparams->utils->prop_get(sparams->propctx); if (!to_fetch) { ret = SASL_NOMEM; goto done; } conn = sql_connect(settings, sparams->utils); if (!conn) { sparams->utils->log(NULL, SASL_LOG_ERR, "sql plugin couldn't connect to any host\n"); /* TODO: in the future we might want to extend the internal SQL driver API to return a more detailed error */ ret = SASL_FAIL; goto done; } /* escape out */ settings->sql_engine->sql_escape_str(escap_userid, userid); settings->sql_engine->sql_escape_str(escap_realm, realm); verify_against_hashed_password = flags & SASL_AUXPROP_VERIFY_AGAINST_HASH; /* Assume that nothing is found */ ret = SASL_NOUSER; for (cur = to_fetch; cur->name; cur++) { char *realname = (char *) cur->name; /* Only look up properties that apply to this lookup! */ if (cur->name[0] == '*' && (flags & SASL_AUXPROP_AUTHZID)) continue; if (!(flags & SASL_AUXPROP_AUTHZID)) { if(cur->name[0] != '*') continue; else realname = (char*)cur->name + 1; } /* If it's there already, we want to see if it needs to be * overridden. userPassword is a special case, because it's value is always present if SASL_AUXPROP_VERIFY_AGAINST_HASH is specified. When SASL_AUXPROP_VERIFY_AGAINST_HASH is set, we just clear userPassword. */ if (cur->values && !(flags & SASL_AUXPROP_OVERRIDE) && (verify_against_hashed_password == 0 || strcasecmp(realname, SASL_AUX_PASSWORD_PROP) != 0)) { continue; } else if (cur->values) { sparams->utils->prop_erase(sparams->propctx, cur->name); } if (strcasecmp(realname, SASL_AUX_PASSWORD_PROP) == 0) { saw_user_password = 1; } if (!do_txn) { do_txn = 1; sparams->utils->log(NULL, SASL_LOG_DEBUG, "begin transaction"); if (settings->sql_engine->sql_begin_txn(conn, sparams->utils)) { sparams->utils->log(NULL, SASL_LOG_ERR, "Unable to begin transaction\n"); } } sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin create statement from %s %s %s\n", realname, escap_userid, escap_realm); /* create a statement that we will use */ query = sql_create_statement(settings->sql_select, realname,escap_userid, escap_realm, NULL, sparams->utils); if (query == NULL) { ret = SASL_NOMEM; break; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin doing query %s\n", query); value[0] = '\0'; value_len = 0; /* run the query */ if (!settings->sql_engine->sql_exec(conn, query, value, sizeof(value), &value_len, sparams->utils)) { sparams->utils->prop_set(sparams->propctx, cur->name, value, (int)value_len); ret = SASL_OK; } sparams->utils->free(query); } if (flags & SASL_AUXPROP_AUTHZID) { /* This is a lie, but the caller can't handle when we return SASL_NOUSER for authorization identity lookup. */ if (ret == SASL_NOUSER) { ret = SASL_OK; } } else { if (ret == SASL_NOUSER && saw_user_password == 0) { /* Verify user existence by checking presence of the userPassword attribute */ if (!do_txn) { do_txn = 1; sparams->utils->log(NULL, SASL_LOG_DEBUG, "begin transaction"); if (settings->sql_engine->sql_begin_txn(conn, sparams->utils)) { sparams->utils->log(NULL, SASL_LOG_ERR, "Unable to begin transaction\n"); } } sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin create statement from %s %s %s\n", SASL_AUX_PASSWORD_PROP, escap_userid, escap_realm); /* create a statement that we will use */ query = sql_create_statement(settings->sql_select, SASL_AUX_PASSWORD_PROP, escap_userid, escap_realm, NULL, sparams->utils); if (query == NULL) { ret = SASL_NOMEM; } else { sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin doing query %s\n", query); value[0] = '\0'; value_len = 0; /* run the query */ if (!settings->sql_engine->sql_exec(conn, query, value, sizeof(value), &value_len, sparams->utils)) { ret = SASL_OK; } sparams->utils->free(query); } } } if (do_txn) { sparams->utils->log(NULL, SASL_LOG_DEBUG, "commit transaction"); if (settings->sql_engine->sql_commit_txn(conn, sparams->utils)) { sparams->utils->log(NULL, SASL_LOG_ERR, "Unable to commit transaction\n"); /* Failure of the commit is non fatal when reading values */ } } done: if (escap_userid) sparams->utils->free(escap_userid); if (escap_realm) sparams->utils->free(escap_realm); if (conn) settings->sql_engine->sql_close(conn); if (userid) sparams->utils->free(userid); if (realm) sparams->utils->free(realm); if (user_buf) sparams->utils->free(user_buf); return (ret); } static int sql_auxprop_store(void *glob_context, sasl_server_params_t *sparams, struct propctx *ctx, const char *user, unsigned ulen) { char *userid = NULL; char *realm = NULL; const char *user_realm = NULL; int ret = SASL_FAIL; const struct propval *to_store, *cur; char *user_buf; char *statement = NULL; char *escap_userid = NULL; char *escap_realm = NULL; const char *cmd; sql_settings_t *settings; void *conn = NULL; settings = (sql_settings_t *) glob_context; /* just checking if we are enabled */ if (!ctx && sql_exists(settings->sql_insert) && sql_exists(settings->sql_update)) return SASL_OK; /* make sure our input is okay */ if (!glob_context || !sparams || !user) return SASL_BADPARAM; sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin Parse the username %s\n", user); user_buf = sparams->utils->malloc(ulen + 1); if (!user_buf) { ret = SASL_NOMEM; goto done; } memcpy(user_buf, user, ulen); user_buf[ulen] = '\0'; if (sparams->user_realm) { user_realm = sparams->user_realm; } else { user_realm = sparams->serverFQDN; } ret = _plug_parseuser(sparams->utils, &userid, &realm, user_realm, sparams->serverFQDN, user_buf); if (ret != SASL_OK) goto done; /* just need to escape userid and realm now */ /* allocate some memory */ escap_userid = (char *) sparams->utils->malloc(strlen(userid)*2+1); escap_realm = (char *) sparams->utils->malloc(strlen(realm)*2+1); if (!escap_userid || !escap_realm) { MEMERROR(sparams->utils); goto done; } to_store = sparams->utils->prop_get(ctx); if (!to_store) { ret = SASL_BADPARAM; goto done; } conn = sql_connect(settings, sparams->utils); if (!conn) { sparams->utils->log(NULL, SASL_LOG_ERR, "sql plugin couldn't connect to any host\n"); goto done; } settings->sql_engine->sql_escape_str(escap_userid, userid); settings->sql_engine->sql_escape_str(escap_realm, realm); if (settings->sql_engine->sql_begin_txn(conn, sparams->utils)) { sparams->utils->log(NULL, SASL_LOG_ERR, "Unable to begin transaction\n"); } for (cur = to_store; ret == SASL_OK && cur->name; cur++) { if (cur->name[0] == '*') { continue; } /* determine which command we need */ /* see if we already have a row for this user */ statement = sql_create_statement(settings->sql_select, SQL_WILDCARD, escap_userid, escap_realm, NULL, sparams->utils); if (!settings->sql_engine->sql_exec(conn, statement, NULL, 0, NULL, sparams->utils)) { /* already have a row => UPDATE */ cmd = settings->sql_update; } else { /* new row => INSERT */ cmd = settings->sql_insert; } sparams->utils->free(statement); /* create a statement that we will use */ statement = sql_create_statement(cmd, cur->name, escap_userid, escap_realm, cur->values && cur->values[0] ? cur->values[0] : SQL_NULL_VALUE, sparams->utils); { char *log_statement = sql_create_statement(cmd, cur->name, escap_userid, escap_realm, cur->values && cur->values[0] ? "" : SQL_NULL_VALUE, sparams->utils); sparams->utils->log(NULL, SASL_LOG_DEBUG, "sql plugin doing statement %s\n", log_statement); sparams->utils->free(log_statement); } /* run the statement */ if (settings->sql_engine->sql_exec(conn, statement, NULL, 0, NULL, sparams->utils)) { ret = SASL_FAIL; } sparams->utils->free(statement); } if (ret != SASL_OK) { sparams->utils->log(NULL, SASL_LOG_ERR, "Failed to store auxprop; aborting transaction\n"); if (settings->sql_engine->sql_rollback_txn(conn, sparams->utils)) { sparams->utils->log(NULL, SASL_LOG_ERR, "Unable to rollback transaction\n"); } } else if (settings->sql_engine->sql_commit_txn(conn, sparams->utils)) { sparams->utils->log(NULL, SASL_LOG_ERR, "Unable to commit transaction\n"); } done: if (escap_userid) sparams->utils->free(escap_userid); if (escap_realm) sparams->utils->free(escap_realm); if (conn) settings->sql_engine->sql_close(conn); if (userid) sparams->utils->free(userid); if (realm) sparams->utils->free(realm); if (user_buf) sparams->utils->free(user_buf); return ret; /* do a little dance */ } static void sql_auxprop_free(void *glob_context, const sasl_utils_t *utils) { sql_settings_t *settings; settings = (sql_settings_t *)glob_context; if (!settings) return; utils->log(NULL, SASL_LOG_DEBUG, "sql freeing memory\n"); utils->free(settings); } static sasl_auxprop_plug_t sql_auxprop_plugin = { 0, /* Features */ 0, /* spare */ NULL, /* glob_context */ sql_auxprop_free, /* auxprop_free */ sql_auxprop_lookup, /* auxprop_lookup */ "sql", /* name */ sql_auxprop_store /* auxprop_store */ }; int sql_auxprop_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_auxprop_plug_t **plug, const char *plugname __attribute__((unused))) { sql_settings_t *settings; if (!out_version || !plug) return SASL_BADPARAM; if (max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS; *out_version = SASL_AUXPROP_PLUG_VERSION; *plug = &sql_auxprop_plugin; settings = (sql_settings_t *) utils->malloc(sizeof(sql_settings_t)); if (!settings) { MEMERROR(utils); return SASL_NOMEM; } memset(settings, 0, sizeof(sql_settings_t)); sql_get_settings(utils, settings); if (!settings->sql_engine->name) return SASL_NOMECH; if (!sql_exists(settings->sql_select)) { utils->log(NULL, SASL_LOG_ERR, "sql_select option missing"); utils->free(settings); return SASL_NOMECH; } utils->log(NULL, SASL_LOG_DEBUG, "sql auxprop plugin using %s engine\n", settings->sql_engine->name); sql_auxprop_plugin.glob_context = settings; return SASL_OK; } cyrus-sasl-2.1.25/plugins/srp_init.c0000666000076400007640000000131411632367343014326 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( srp ) SASL_SERVER_PLUG_INIT( srp ) cyrus-sasl-2.1.25/plugins/sasldb_init.c0000666000076400007640000000117011632367343014772 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_AUXPROP_PLUG_INIT( sasldb ) cyrus-sasl-2.1.25/plugins/passdss_init.c0000666000076400007640000000133011632367343015200 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( passdss ) SASL_SERVER_PLUG_INIT( passdss ) cyrus-sasl-2.1.25/plugins/sasldb.c0000646000076400007640000002224011306006126013731 00000000000000/* SASL server API implementation * Rob Siemborski * Tim Martin * $Id: sasldb.c,v 1.17 2009/03/10 14:37:03 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include /* sasldb stuff */ #include #include "sasl.h" #include "saslutil.h" #include "saslplug.h" #include "../sasldb/sasldb.h" #include "plugin_common.h" static int sasldb_auxprop_lookup(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen) { char *userid = NULL; char *realm = NULL; const char *user_realm = NULL; int ret; const struct propval *to_fetch, *cur; char value[8192]; size_t value_len; char *user_buf; int verify_against_hashed_password; int saw_user_password = 0; if (!sparams || !user) return SASL_BADPARAM; user_buf = sparams->utils->malloc(ulen + 1); if(!user_buf) { ret = SASL_NOMEM; goto done; } memcpy(user_buf, user, ulen); user_buf[ulen] = '\0'; if(sparams->user_realm) { user_realm = sparams->user_realm; } else { user_realm = sparams->serverFQDN; } ret = _plug_parseuser(sparams->utils, &userid, &realm, user_realm, sparams->serverFQDN, user_buf); if(ret != SASL_OK) goto done; to_fetch = sparams->utils->prop_get(sparams->propctx); if (!to_fetch) { ret = SASL_NOMEM; goto done; } verify_against_hashed_password = flags & SASL_AUXPROP_VERIFY_AGAINST_HASH; /* Use a fake value to signal that we have no property to lookup */ ret = SASL_CONTINUE; for(cur = to_fetch; cur->name; cur++) { int cur_ret; const char *realname = cur->name; /* Only look up properties that apply to this lookup! */ if(cur->name[0] == '*' && (flags & SASL_AUXPROP_AUTHZID)) continue; if(!(flags & SASL_AUXPROP_AUTHZID)) { if(cur->name[0] != '*') continue; else realname = cur->name + 1; } /* If it's there already, we want to see if it needs to be * overridden. userPassword is a special case, because it's value is always present if SASL_AUXPROP_VERIFY_AGAINST_HASH is specified. When SASL_AUXPROP_VERIFY_AGAINST_HASH is set, we just clear userPassword. */ if (cur->values && !(flags & SASL_AUXPROP_OVERRIDE) && (verify_against_hashed_password == 0 || strcasecmp(realname, SASL_AUX_PASSWORD_PROP) != 0)) { continue; } else if (cur->values) { sparams->utils->prop_erase(sparams->propctx, cur->name); } if (strcasecmp(realname, SASL_AUX_PASSWORD_PROP) == 0) { saw_user_password = 1; } cur_ret = _sasldb_getdata(sparams->utils, sparams->utils->conn, userid, realm, realname, value, sizeof(value), &value_len); /* Assumption: cur_ret is never SASL_CONTINUE */ /* If this is the first property we've tried to fetch ==> always set the global error code. If we had SASL_NOUSER ==> any other error code overrides it (including SASL_NOUSER). */ if (ret == SASL_CONTINUE || ret == SASL_NOUSER) { ret = cur_ret; } else if (ret == SASL_OK) { /* Any error code other than SASL_NOUSER overrides SASL_OK. (And SASL_OK overrides SASL_OK as well) */ if (cur_ret != SASL_NOUSER) { ret = cur_ret; } } /* Any other global error code is left as is */ if (cur_ret != SASL_OK) { if (cur_ret != SASL_NOUSER) { /* No point in continuing if we hit any serious error */ break; } /* We didn't find it, leave it as not found */ continue; } sparams->utils->prop_set(sparams->propctx, cur->name, value, (unsigned) value_len); } /* [Keep in sync with LDAPDB, SQL] If ret is SASL_CONTINUE, it means that no properties were requested (or maybe some were requested, but they already have values and SASL_AUXPROP_OVERRIDE flag is not set). Always return SASL_OK in this case. */ if (ret == SASL_CONTINUE) { ret = SASL_OK; } if (flags & SASL_AUXPROP_AUTHZID) { /* This is a lie, but the caller can't handle when we return SASL_NOUSER for authorization identity lookup. */ if (ret == SASL_NOUSER) { ret = SASL_OK; } } else { if (ret == SASL_NOUSER && saw_user_password == 0) { /* Verify user existence by checking presence of the userPassword attribute */ ret = _sasldb_getdata(sparams->utils, sparams->utils->conn, userid, realm, SASL_AUX_PASSWORD_PROP, value, sizeof(value), &value_len); } } done: if (userid) sparams->utils->free(userid); if (realm) sparams->utils->free(realm); if (user_buf) sparams->utils->free(user_buf); return ret; } static int sasldb_auxprop_store(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, struct propctx *ctx, const char *user, unsigned ulen) { char *userid = NULL; char *realm = NULL; const char *user_realm = NULL; int ret = SASL_FAIL; const struct propval *to_store, *cur; char *user_buf; /* just checking if we are enabled */ if(!ctx) return SASL_OK; if(!sparams || !user) return SASL_BADPARAM; user_buf = sparams->utils->malloc(ulen + 1); if(!user_buf) { ret = SASL_NOMEM; goto done; } memcpy(user_buf, user, ulen); user_buf[ulen] = '\0'; if(sparams->user_realm) { user_realm = sparams->user_realm; } else { user_realm = sparams->serverFQDN; } ret = _plug_parseuser(sparams->utils, &userid, &realm, user_realm, sparams->serverFQDN, user_buf); if(ret != SASL_OK) goto done; to_store = sparams->utils->prop_get(ctx); if(!to_store) { ret = SASL_BADPARAM; goto done; } ret = SASL_OK; for (cur = to_store; cur->name; cur++) { char * value = (cur->values && cur->values[0]) ? cur->values[0] : NULL; if (cur->name[0] == '*') { continue; } /* WARN: We only support one value right now. */ ret = _sasldb_putdata(sparams->utils, sparams->utils->conn, userid, realm, cur->name, value, value ? strlen(value) : 0); if (value == NULL && ret == SASL_NOUSER) { /* Deleting something which is not there is not an error */ ret = SASL_OK; } if (ret != SASL_OK) { /* We've already failed, no point in continuing */ break; } } done: if (userid) sparams->utils->free(userid); if (realm) sparams->utils->free(realm); if (user_buf) sparams->utils->free(user_buf); return ret; } static sasl_auxprop_plug_t sasldb_auxprop_plugin = { 0, /* Features */ 0, /* spare */ NULL, /* glob_context */ sasldb_auxprop_free, /* auxprop_free */ sasldb_auxprop_lookup, /* auxprop_lookup */ "sasldb", /* name */ sasldb_auxprop_store /* auxprop_store */ }; int sasldb_auxprop_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_auxprop_plug_t **plug, const char *plugname __attribute__((unused))) { if(!out_version || !plug) return SASL_BADPARAM; /* Do we have database support? */ /* Note that we can use a NULL sasl_conn_t because our * sasl_utils_t is "blessed" with the global callbacks */ if(_sasl_check_db(utils, NULL) != SASL_OK) return SASL_NOMECH; /* Check if libsasl API is older than ours. If it is, fail */ if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS; *out_version = SASL_AUXPROP_PLUG_VERSION; *plug = &sasldb_auxprop_plugin; return SASL_OK; } cyrus-sasl-2.1.25/plugins/gssapiv2_init.c0000666000076400007640000000133311632367343015261 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( gssapiv2 ) SASL_SERVER_PLUG_INIT( gssapiv2 ) cyrus-sasl-2.1.25/plugins/otp.h0000666000076400007640000004736107622774124013325 00000000000000/* OTP SASL plugin * Ken Murchison * $Id: otp.h,v 1.2 2003/02/13 19:56:04 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _OTP_H_ #define _OTP_H_ /* Standard dictionary from RFC2289 */ #define OTP_STD_DICT_SIZE 2048 #define OTP_4LETTER_OFFSET 571 static const char *otp_std_dict[OTP_STD_DICT_SIZE] = { "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD", "AGO", "AID", "AIM", "AIR", "ALL", "ALP", "AM", "AMY", "AN", "ANA", "AND", "ANN", "ANT", "ANY", "APE", "APS", "APT", "ARC", "ARE", "ARK", "ARM", "ART", "AS", "ASH", "ASK", "AT", "ATE", "AUG", "AUK", "AVE", "AWE", "AWK", "AWL", "AWN", "AX", "AYE", "BAD", "BAG", "BAH", "BAM", "BAN", "BAR", "BAT", "BAY", "BE", "BED", "BEE", "BEG", "BEN", "BET", "BEY", "BIB", "BID", "BIG", "BIN", "BIT", "BOB", "BOG", "BON", "BOO", "BOP", "BOW", "BOY", "BUB", "BUD", "BUG", "BUM", "BUN", "BUS", "BUT", "BUY", "BY", "BYE", "CAB", "CAL", "CAM", "CAN", "CAP", "CAR", "CAT", "CAW", "COD", "COG", "COL", "CON", "COO", "COP", "COT", "COW", "COY", "CRY", "CUB", "CUE", "CUP", "CUR", "CUT", "DAB", "DAD", "DAM", "DAN", "DAR", "DAY", "DEE", "DEL", "DEN", "DES", "DEW", "DID", "DIE", "DIG", "DIN", "DIP", "DO", "DOE", "DOG", "DON", "DOT", "DOW", "DRY", "DUB", "DUD", "DUE", "DUG", "DUN", "EAR", "EAT", "ED", "EEL", "EGG", "EGO", "ELI", "ELK", "ELM", "ELY", "EM", "END", "EST", "ETC", "EVA", "EVE", "EWE", "EYE", "FAD", "FAN", "FAR", "FAT", "FAY", "FED", "FEE", "FEW", "FIB", "FIG", "FIN", "FIR", "FIT", "FLO", "FLY", "FOE", "FOG", "FOR", "FRY", "FUM", "FUN", "FUR", "GAB", "GAD", "GAG", "GAL", "GAM", "GAP", "GAS", "GAY", "GEE", "GEL", "GEM", "GET", "GIG", "GIL", "GIN", "GO", "GOT", "GUM", "GUN", "GUS", "GUT", "GUY", "GYM", "GYP", "HA", "HAD", "HAL", "HAM", "HAN", "HAP", "HAS", "HAT", "HAW", "HAY", "HE", "HEM", "HEN", "HER", "HEW", "HEY", "HI", "HID", "HIM", "HIP", "HIS", "HIT", "HO", "HOB", "HOC", "HOE", "HOG", "HOP", "HOT", "HOW", "HUB", "HUE", "HUG", "HUH", "HUM", "HUT", "I", "ICY", "IDA", "IF", "IKE", "ILL", "INK", "INN", "IO", "ION", "IQ", "IRA", "IRE", "IRK", "IS", "IT", "ITS", "IVY", "JAB", "JAG", "JAM", "JAN", "JAR", "JAW", "JAY", "JET", "JIG", "JIM", "JO", "JOB", "JOE", "JOG", "JOT", "JOY", "JUG", "JUT", "KAY", "KEG", "KEN", "KEY", "KID", "KIM", "KIN", "KIT", "LA", "LAB", "LAC", "LAD", "LAG", "LAM", "LAP", "LAW", "LAY", "LEA", "LED", "LEE", "LEG", "LEN", "LEO", "LET", "LEW", "LID", "LIE", "LIN", "LIP", "LIT", "LO", "LOB", "LOG", "LOP", "LOS", "LOT", "LOU", "LOW", "LOY", "LUG", "LYE", "MA", "MAC", "MAD", "MAE", "MAN", "MAO", "MAP", "MAT", "MAW", "MAY", "ME", "MEG", "MEL", "MEN", "MET", "MEW", "MID", "MIN", "MIT", "MOB", "MOD", "MOE", "MOO", "MOP", "MOS", "MOT", "MOW", "MUD", "MUG", "MUM", "MY", "NAB", "NAG", "NAN", "NAP", "NAT", "NAY", "NE", "NED", "NEE", "NET", "NEW", "NIB", "NIL", "NIP", "NIT", "NO", "NOB", "NOD", "NON", "NOR", "NOT", "NOV", "NOW", "NU", "NUN", "NUT", "O", "OAF", "OAK", "OAR", "OAT", "ODD", "ODE", "OF", "OFF", "OFT", "OH", "OIL", "OK", "OLD", "ON", "ONE", "OR", "ORB", "ORE", "ORR", "OS", "OTT", "OUR", "OUT", "OVA", "OW", "OWE", "OWL", "OWN", "OX", "PA", "PAD", "PAL", "PAM", "PAN", "PAP", "PAR", "PAT", "PAW", "PAY", "PEA", "PEG", "PEN", "PEP", "PER", "PET", "PEW", "PHI", "PI", "PIE", "PIN", "PIT", "PLY", "PO", "POD", "POE", "POP", "POT", "POW", "PRO", "PRY", "PUB", "PUG", "PUN", "PUP", "PUT", "QUO", "RAG", "RAM", "RAN", "RAP", "RAT", "RAW", "RAY", "REB", "RED", "REP", "RET", "RIB", "RID", "RIG", "RIM", "RIO", "RIP", "ROB", "ROD", "ROE", "RON", "ROT", "ROW", "ROY", "RUB", "RUE", "RUG", "RUM", "RUN", "RYE", "SAC", "SAD", "SAG", "SAL", "SAM", "SAN", "SAP", "SAT", "SAW", "SAY", "SEA", "SEC", "SEE", "SEN", "SET", "SEW", "SHE", "SHY", "SIN", "SIP", "SIR", "SIS", "SIT", "SKI", "SKY", "SLY", "SO", "SOB", "SOD", "SON", "SOP", "SOW", "SOY", "SPA", "SPY", "SUB", "SUD", "SUE", "SUM", "SUN", "SUP", "TAB", "TAD", "TAG", "TAN", "TAP", "TAR", "TEA", "TED", "TEE", "TEN", "THE", "THY", "TIC", "TIE", "TIM", "TIN", "TIP", "TO", "TOE", "TOG", "TOM", "TON", "TOO", "TOP", "TOW", "TOY", "TRY", "TUB", "TUG", "TUM", "TUN", "TWO", "UN", "UP", "US", "USE", "VAN", "VAT", "VET", "VIE", "WAD", "WAG", "WAR", "WAS", "WAY", "WE", "WEB", "WED", "WEE", "WET", "WHO", "WHY", "WIN", "WIT", "WOK", "WON", "WOO", "WOW", "WRY", "WU", "YAM", "YAP", "YAW", "YE", "YEA", "YES", "YET", "YOU", "ABED", "ABEL", "ABET", "ABLE", "ABUT", "ACHE", "ACID", "ACME", "ACRE", "ACTA", "ACTS", "ADAM", "ADDS", "ADEN", "AFAR", "AFRO", "AGEE", "AHEM", "AHOY", "AIDA", "AIDE", "AIDS", "AIRY", "AJAR", "AKIN", "ALAN", "ALEC", "ALGA", "ALIA", "ALLY", "ALMA", "ALOE", "ALSO", "ALTO", "ALUM", "ALVA", "AMEN", "AMES", "AMID", "AMMO", "AMOK", "AMOS", "AMRA", "ANDY", "ANEW", "ANNA", "ANNE", "ANTE", "ANTI", "AQUA", "ARAB", "ARCH", "AREA", "ARGO", "ARID", "ARMY", "ARTS", "ARTY", "ASIA", "ASKS", "ATOM", "AUNT", "AURA", "AUTO", "AVER", "AVID", "AVIS", "AVON", "AVOW", "AWAY", "AWRY", "BABE", "BABY", "BACH", "BACK", "BADE", "BAIL", "BAIT", "BAKE", "BALD", "BALE", "BALI", "BALK", "BALL", "BALM", "BAND", "BANE", "BANG", "BANK", "BARB", "BARD", "BARE", "BARK", "BARN", "BARR", "BASE", "BASH", "BASK", "BASS", "BATE", "BATH", "BAWD", "BAWL", "BEAD", "BEAK", "BEAM", "BEAN", "BEAR", "BEAT", "BEAU", "BECK", "BEEF", "BEEN", "BEER", "BEET", "BELA", "BELL", "BELT", "BEND", "BENT", "BERG", "BERN", "BERT", "BESS", "BEST", "BETA", "BETH", "BHOY", "BIAS", "BIDE", "BIEN", "BILE", "BILK", "BILL", "BIND", "BING", "BIRD", "BITE", "BITS", "BLAB", "BLAT", "BLED", "BLEW", "BLOB", "BLOC", "BLOT", "BLOW", "BLUE", "BLUM", "BLUR", "BOAR", "BOAT", "BOCA", "BOCK", "BODE", "BODY", "BOGY", "BOHR", "BOIL", "BOLD", "BOLO", "BOLT", "BOMB", "BONA", "BOND", "BONE", "BONG", "BONN", "BONY", "BOOK", "BOOM", "BOON", "BOOT", "BORE", "BORG", "BORN", "BOSE", "BOSS", "BOTH", "BOUT", "BOWL", "BOYD", "BRAD", "BRAE", "BRAG", "BRAN", "BRAY", "BRED", "BREW", "BRIG", "BRIM", "BROW", "BUCK", "BUDD", "BUFF", "BULB", "BULK", "BULL", "BUNK", "BUNT", "BUOY", "BURG", "BURL", "BURN", "BURR", "BURT", "BURY", "BUSH", "BUSS", "BUST", "BUSY", "BYTE", "CADY", "CAFE", "CAGE", "CAIN", "CAKE", "CALF", "CALL", "CALM", "CAME", "CANE", "CANT", "CARD", "CARE", "CARL", "CARR", "CART", "CASE", "CASH", "CASK", "CAST", "CAVE", "CEIL", "CELL", "CENT", "CERN", "CHAD", "CHAR", "CHAT", "CHAW", "CHEF", "CHEN", "CHEW", "CHIC", "CHIN", "CHOU", "CHOW", "CHUB", "CHUG", "CHUM", "CITE", "CITY", "CLAD", "CLAM", "CLAN", "CLAW", "CLAY", "CLOD", "CLOG", "CLOT", "CLUB", "CLUE", "COAL", "COAT", "COCA", "COCK", "COCO", "CODA", "CODE", "CODY", "COED", "COIL", "COIN", "COKE", "COLA", "COLD", "COLT", "COMA", "COMB", "COME", "COOK", "COOL", "COON", "COOT", "CORD", "CORE", "CORK", "CORN", "COST", "COVE", "COWL", "CRAB", "CRAG", "CRAM", "CRAY", "CREW", "CRIB", "CROW", "CRUD", "CUBA", "CUBE", "CUFF", "CULL", "CULT", "CUNY", "CURB", "CURD", "CURE", "CURL", "CURT", "CUTS", "DADE", "DALE", "DAME", "DANA", "DANE", "DANG", "DANK", "DARE", "DARK", "DARN", "DART", "DASH", "DATA", "DATE", "DAVE", "DAVY", "DAWN", "DAYS", "DEAD", "DEAF", "DEAL", "DEAN", "DEAR", "DEBT", "DECK", "DEED", "DEEM", "DEER", "DEFT", "DEFY", "DELL", "DENT", "DENY", "DESK", "DIAL", "DICE", "DIED", "DIET", "DIME", "DINE", "DING", "DINT", "DIRE", "DIRT", "DISC", "DISH", "DISK", "DIVE", "DOCK", "DOES", "DOLE", "DOLL", "DOLT", "DOME", "DONE", "DOOM", "DOOR", "DORA", "DOSE", "DOTE", "DOUG", "DOUR", "DOVE", "DOWN", "DRAB", "DRAG", "DRAM", "DRAW", "DREW", "DRUB", "DRUG", "DRUM", "DUAL", "DUCK", "DUCT", "DUEL", "DUET", "DUKE", "DULL", "DUMB", "DUNE", "DUNK", "DUSK", "DUST", "DUTY", "EACH", "EARL", "EARN", "EASE", "EAST", "EASY", "EBEN", "ECHO", "EDDY", "EDEN", "EDGE", "EDGY", "EDIT", "EDNA", "EGAN", "ELAN", "ELBA", "ELLA", "ELSE", "EMIL", "EMIT", "EMMA", "ENDS", "ERIC", "EROS", "EVEN", "EVER", "EVIL", "EYED", "FACE", "FACT", "FADE", "FAIL", "FAIN", "FAIR", "FAKE", "FALL", "FAME", "FANG", "FARM", "FAST", "FATE", "FAWN", "FEAR", "FEAT", "FEED", "FEEL", "FEET", "FELL", "FELT", "FEND", "FERN", "FEST", "FEUD", "FIEF", "FIGS", "FILE", "FILL", "FILM", "FIND", "FINE", "FINK", "FIRE", "FIRM", "FISH", "FISK", "FIST", "FITS", "FIVE", "FLAG", "FLAK", "FLAM", "FLAT", "FLAW", "FLEA", "FLED", "FLEW", "FLIT", "FLOC", "FLOG", "FLOW", "FLUB", "FLUE", "FOAL", "FOAM", "FOGY", "FOIL", "FOLD", "FOLK", "FOND", "FONT", "FOOD", "FOOL", "FOOT", "FORD", "FORE", "FORK", "FORM", "FORT", "FOSS", "FOUL", "FOUR", "FOWL", "FRAU", "FRAY", "FRED", "FREE", "FRET", "FREY", "FROG", "FROM", "FUEL", "FULL", "FUME", "FUND", "FUNK", "FURY", "FUSE", "FUSS", "GAFF", "GAGE", "GAIL", "GAIN", "GAIT", "GALA", "GALE", "GALL", "GALT", "GAME", "GANG", "GARB", "GARY", "GASH", "GATE", "GAUL", "GAUR", "GAVE", "GAWK", "GEAR", "GELD", "GENE", "GENT", "GERM", "GETS", "GIBE", "GIFT", "GILD", "GILL", "GILT", "GINA", "GIRD", "GIRL", "GIST", "GIVE", "GLAD", "GLEE", "GLEN", "GLIB", "GLOB", "GLOM", "GLOW", "GLUE", "GLUM", "GLUT", "GOAD", "GOAL", "GOAT", "GOER", "GOES", "GOLD", "GOLF", "GONE", "GONG", "GOOD", "GOOF", "GORE", "GORY", "GOSH", "GOUT", "GOWN", "GRAB", "GRAD", "GRAY", "GREG", "GREW", "GREY", "GRID", "GRIM", "GRIN", "GRIT", "GROW", "GRUB", "GULF", "GULL", "GUNK", "GURU", "GUSH", "GUST", "GWEN", "GWYN", "HAAG", "HAAS", "HACK", "HAIL", "HAIR", "HALE", "HALF", "HALL", "HALO", "HALT", "HAND", "HANG", "HANK", "HANS", "HARD", "HARK", "HARM", "HART", "HASH", "HAST", "HATE", "HATH", "HAUL", "HAVE", "HAWK", "HAYS", "HEAD", "HEAL", "HEAR", "HEAT", "HEBE", "HECK", "HEED", "HEEL", "HEFT", "HELD", "HELL", "HELM", "HERB", "HERD", "HERE", "HERO", "HERS", "HESS", "HEWN", "HICK", "HIDE", "HIGH", "HIKE", "HILL", "HILT", "HIND", "HINT", "HIRE", "HISS", "HIVE", "HOBO", "HOCK", "HOFF", "HOLD", "HOLE", "HOLM", "HOLT", "HOME", "HONE", "HONK", "HOOD", "HOOF", "HOOK", "HOOT", "HORN", "HOSE", "HOST", "HOUR", "HOVE", "HOWE", "HOWL", "HOYT", "HUCK", "HUED", "HUFF", "HUGE", "HUGH", "HUGO", "HULK", "HULL", "HUNK", "HUNT", "HURD", "HURL", "HURT", "HUSH", "HYDE", "HYMN", "IBIS", "ICON", "IDEA", "IDLE", "IFFY", "INCA", "INCH", "INTO", "IONS", "IOTA", "IOWA", "IRIS", "IRMA", "IRON", "ISLE", "ITCH", "ITEM", "IVAN", "JACK", "JADE", "JAIL", "JAKE", "JANE", "JAVA", "JEAN", "JEFF", "JERK", "JESS", "JEST", "JIBE", "JILL", "JILT", "JIVE", "JOAN", "JOBS", "JOCK", "JOEL", "JOEY", "JOHN", "JOIN", "JOKE", "JOLT", "JOVE", "JUDD", "JUDE", "JUDO", "JUDY", "JUJU", "JUKE", "JULY", "JUNE", "JUNK", "JUNO", "JURY", "JUST", "JUTE", "KAHN", "KALE", "KANE", "KANT", "KARL", "KATE", "KEEL", "KEEN", "KENO", "KENT", "KERN", "KERR", "KEYS", "KICK", "KILL", "KIND", "KING", "KIRK", "KISS", "KITE", "KLAN", "KNEE", "KNEW", "KNIT", "KNOB", "KNOT", "KNOW", "KOCH", "KONG", "KUDO", "KURD", "KURT", "KYLE", "LACE", "LACK", "LACY", "LADY", "LAID", "LAIN", "LAIR", "LAKE", "LAMB", "LAME", "LAND", "LANE", "LANG", "LARD", "LARK", "LASS", "LAST", "LATE", "LAUD", "LAVA", "LAWN", "LAWS", "LAYS", "LEAD", "LEAF", "LEAK", "LEAN", "LEAR", "LEEK", "LEER", "LEFT", "LEND", "LENS", "LENT", "LEON", "LESK", "LESS", "LEST", "LETS", "LIAR", "LICE", "LICK", "LIED", "LIEN", "LIES", "LIEU", "LIFE", "LIFT", "LIKE", "LILA", "LILT", "LILY", "LIMA", "LIMB", "LIME", "LIND", "LINE", "LINK", "LINT", "LION", "LISA", "LIST", "LIVE", "LOAD", "LOAF", "LOAM", "LOAN", "LOCK", "LOFT", "LOGE", "LOIS", "LOLA", "LONE", "LONG", "LOOK", "LOON", "LOOT", "LORD", "LORE", "LOSE", "LOSS", "LOST", "LOUD", "LOVE", "LOWE", "LUCK", "LUCY", "LUGE", "LUKE", "LULU", "LUND", "LUNG", "LURA", "LURE", "LURK", "LUSH", "LUST", "LYLE", "LYNN", "LYON", "LYRA", "MACE", "MADE", "MAGI", "MAID", "MAIL", "MAIN", "MAKE", "MALE", "MALI", "MALL", "MALT", "MANA", "MANN", "MANY", "MARC", "MARE", "MARK", "MARS", "MART", "MARY", "MASH", "MASK", "MASS", "MAST", "MATE", "MATH", "MAUL", "MAYO", "MEAD", "MEAL", "MEAN", "MEAT", "MEEK", "MEET", "MELD", "MELT", "MEMO", "MEND", "MENU", "MERT", "MESH", "MESS", "MICE", "MIKE", "MILD", "MILE", "MILK", "MILL", "MILT", "MIMI", "MIND", "MINE", "MINI", "MINK", "MINT", "MIRE", "MISS", "MIST", "MITE", "MITT", "MOAN", "MOAT", "MOCK", "MODE", "MOLD", "MOLE", "MOLL", "MOLT", "MONA", "MONK", "MONT", "MOOD", "MOON", "MOOR", "MOOT", "MORE", "MORN", "MORT", "MOSS", "MOST", "MOTH", "MOVE", "MUCH", "MUCK", "MUDD", "MUFF", "MULE", "MULL", "MURK", "MUSH", "MUST", "MUTE", "MUTT", "MYRA", "MYTH", "NAGY", "NAIL", "NAIR", "NAME", "NARY", "NASH", "NAVE", "NAVY", "NEAL", "NEAR", "NEAT", "NECK", "NEED", "NEIL", "NELL", "NEON", "NERO", "NESS", "NEST", "NEWS", "NEWT", "NIBS", "NICE", "NICK", "NILE", "NINA", "NINE", "NOAH", "NODE", "NOEL", "NOLL", "NONE", "NOOK", "NOON", "NORM", "NOSE", "NOTE", "NOUN", "NOVA", "NUDE", "NULL", "NUMB", "OATH", "OBEY", "OBOE", "ODIN", "OHIO", "OILY", "OINT", "OKAY", "OLAF", "OLDY", "OLGA", "OLIN", "OMAN", "OMEN", "OMIT", "ONCE", "ONES", "ONLY", "ONTO", "ONUS", "ORAL", "ORGY", "OSLO", "OTIS", "OTTO", "OUCH", "OUST", "OUTS", "OVAL", "OVEN", "OVER", "OWLY", "OWNS", "QUAD", "QUIT", "QUOD", "RACE", "RACK", "RACY", "RAFT", "RAGE", "RAID", "RAIL", "RAIN", "RAKE", "RANK", "RANT", "RARE", "RASH", "RATE", "RAVE", "RAYS", "READ", "REAL", "REAM", "REAR", "RECK", "REED", "REEF", "REEK", "REEL", "REID", "REIN", "RENA", "REND", "RENT", "REST", "RICE", "RICH", "RICK", "RIDE", "RIFT", "RILL", "RIME", "RING", "RINK", "RISE", "RISK", "RITE", "ROAD", "ROAM", "ROAR", "ROBE", "ROCK", "RODE", "ROIL", "ROLL", "ROME", "ROOD", "ROOF", "ROOK", "ROOM", "ROOT", "ROSA", "ROSE", "ROSS", "ROSY", "ROTH", "ROUT", "ROVE", "ROWE", "ROWS", "RUBE", "RUBY", "RUDE", "RUDY", "RUIN", "RULE", "RUNG", "RUNS", "RUNT", "RUSE", "RUSH", "RUSK", "RUSS", "RUST", "RUTH", "SACK", "SAFE", "SAGE", "SAID", "SAIL", "SALE", "SALK", "SALT", "SAME", "SAND", "SANE", "SANG", "SANK", "SARA", "SAUL", "SAVE", "SAYS", "SCAN", "SCAR", "SCAT", "SCOT", "SEAL", "SEAM", "SEAR", "SEAT", "SEED", "SEEK", "SEEM", "SEEN", "SEES", "SELF", "SELL", "SEND", "SENT", "SETS", "SEWN", "SHAG", "SHAM", "SHAW", "SHAY", "SHED", "SHIM", "SHIN", "SHOD", "SHOE", "SHOT", "SHOW", "SHUN", "SHUT", "SICK", "SIDE", "SIFT", "SIGH", "SIGN", "SILK", "SILL", "SILO", "SILT", "SINE", "SING", "SINK", "SIRE", "SITE", "SITS", "SITU", "SKAT", "SKEW", "SKID", "SKIM", "SKIN", "SKIT", "SLAB", "SLAM", "SLAT", "SLAY", "SLED", "SLEW", "SLID", "SLIM", "SLIT", "SLOB", "SLOG", "SLOT", "SLOW", "SLUG", "SLUM", "SLUR", "SMOG", "SMUG", "SNAG", "SNOB", "SNOW", "SNUB", "SNUG", "SOAK", "SOAR", "SOCK", "SODA", "SOFA", "SOFT", "SOIL", "SOLD", "SOME", "SONG", "SOON", "SOOT", "SORE", "SORT", "SOUL", "SOUR", "SOWN", "STAB", "STAG", "STAN", "STAR", "STAY", "STEM", "STEW", "STIR", "STOW", "STUB", "STUN", "SUCH", "SUDS", "SUIT", "SULK", "SUMS", "SUNG", "SUNK", "SURE", "SURF", "SWAB", "SWAG", "SWAM", "SWAN", "SWAT", "SWAY", "SWIM", "SWUM", "TACK", "TACT", "TAIL", "TAKE", "TALE", "TALK", "TALL", "TANK", "TASK", "TATE", "TAUT", "TEAL", "TEAM", "TEAR", "TECH", "TEEM", "TEEN", "TEET", "TELL", "TEND", "TENT", "TERM", "TERN", "TESS", "TEST", "THAN", "THAT", "THEE", "THEM", "THEN", "THEY", "THIN", "THIS", "THUD", "THUG", "TICK", "TIDE", "TIDY", "TIED", "TIER", "TILE", "TILL", "TILT", "TIME", "TINA", "TINE", "TINT", "TINY", "TIRE", "TOAD", "TOGO", "TOIL", "TOLD", "TOLL", "TONE", "TONG", "TONY", "TOOK", "TOOL", "TOOT", "TORE", "TORN", "TOTE", "TOUR", "TOUT", "TOWN", "TRAG", "TRAM", "TRAY", "TREE", "TREK", "TRIG", "TRIM", "TRIO", "TROD", "TROT", "TROY", "TRUE", "TUBA", "TUBE", "TUCK", "TUFT", "TUNA", "TUNE", "TUNG", "TURF", "TURN", "TUSK", "TWIG", "TWIN", "TWIT", "ULAN", "UNIT", "URGE", "USED", "USER", "USES", "UTAH", "VAIL", "VAIN", "VALE", "VARY", "VASE", "VAST", "VEAL", "VEDA", "VEIL", "VEIN", "VEND", "VENT", "VERB", "VERY", "VETO", "VICE", "VIEW", "VINE", "VISE", "VOID", "VOLT", "VOTE", "WACK", "WADE", "WAGE", "WAIL", "WAIT", "WAKE", "WALE", "WALK", "WALL", "WALT", "WAND", "WANE", "WANG", "WANT", "WARD", "WARM", "WARN", "WART", "WASH", "WAST", "WATS", "WATT", "WAVE", "WAVY", "WAYS", "WEAK", "WEAL", "WEAN", "WEAR", "WEED", "WEEK", "WEIR", "WELD", "WELL", "WELT", "WENT", "WERE", "WERT", "WEST", "WHAM", "WHAT", "WHEE", "WHEN", "WHET", "WHOA", "WHOM", "WICK", "WIFE", "WILD", "WILL", "WIND", "WINE", "WING", "WINK", "WINO", "WIRE", "WISE", "WISH", "WITH", "WOLF", "WONT", "WOOD", "WOOL", "WORD", "WORE", "WORK", "WORM", "WORN", "WOVE", "WRIT", "WYNN", "YALE", "YANG", "YANK", "YARD", "YARN", "YAWL", "YAWN", "YEAH", "YEAR", "YELL", "YOGA", "YOKE" }; #endif /* _OTP_H_ */ cyrus-sasl-2.1.25/plugins/gs2_init.c0000666000076400007640000000131411632367343014215 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( gs2 ) SASL_SERVER_PLUG_INIT( gs2 ) cyrus-sasl-2.1.25/plugins/ldapdb_init.c0000666000076400007640000000123311632367343014750 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_AUXPROP_PLUG_INIT( ldapdb ) SASL_CANONUSER_PLUG_INIT( ldapdb ) cyrus-sasl-2.1.25/plugins/sql_init.c0000666000076400007640000000116511632367343014325 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_AUXPROP_PLUG_INIT( sql ) cyrus-sasl-2.1.25/plugins/NTMakefile0000757000076400007640000002640211632366571014245 00000000000000!INCLUDE ..\win32\common.mak SCRAM=1 !IF "$(NTLM)" == "1" PLUGINS_EXT=saslNTLM.dll !ELSE PLUGINS_EXT= !ENDIF !IF "$(GSSAPI)" == "CyberSafe" PLUGINS_EXT=$(PLUGINS_EXT) saslGSSAPI.dll !ENDIF !IF "$(SRP)" == "1" PLUGINS_EXT=$(PLUGINS_EXT) saslSRP.dll !IF "$(DO_SRP_SETPASS)" == "1" SRP_FLAGS=/DDO_SRP_SETPASS=1 !ENDIF !ENDIF !IF "$(OTP)" == "1" PLUGINS_EXT=$(PLUGINS_EXT) saslOTP.dll !ENDIF !IF "$(LDAP)" == "1" PLUGINS_EXT=$(PLUGINS_EXT) saslLDAPDB.dll # NB: linking to libsasl itself!!! LDAP_FLAGS = /I $(LDAP_INCLUDE) LDAP_LIBS = $(LDAP_LIB_BASE)\olber32.lib $(LDAP_LIB_BASE)\oldap32.lib ..\lib\libsasl.lib !ENDIF !IF "$(SQL)" == "SQLITE" PLUGINS_EXT=$(PLUGINS_EXT) saslSQLITE.dll SQL_FLAGS= $(SQLITE_INCLUDES) /DHAVE_SQLITE=1 SQLITE_LIBS = /libpath:$(SQLITE_LIBPATH) libsqlite.lib !ENDIF !IF "$(SQL)" == "SQLITE3" PLUGINS_EXT=$(PLUGINS_EXT) saslSQLITE.dll SQL_FLAGS= $(SQLITE_INCLUDES3) /DHAVE_SQLITE3=1 SQLITE_LIBS = /libpath:$(SQLITE_LIBPATH3) libsqlite3.lib !ENDIF PLUGINS=saslANONYMOUS.dll \ saslPLAIN.dll \ saslCRAMMD5.dll \ saslDIGESTMD5.dll \ saslLOGIN.dll \ saslSCRAM.dll \ $(PLUGINS_EXT) \ saslSASLDB.dll generated_rc=saslANONYMOUS.rc saslPLAIN.rc saslCRAMMD5.rc saslDIGESTMD5.rc saslLOGIN.rc saslNTLM.rc saslSCRAM.rc saslGSSAPI.rc saslSRP.rc saslOTP.rc saslSASLDB.rc saslSQLITE.rc saslLDAPDB.rc # WS2tcpip.h included in Visual Studio 7 provides getaddrinfo, ... # emulation on Windows, so there is no need to build getaddrinfo.c !IF "$(VCVER)" == "6" compat_sources = getaddrinfo.c getnameinfo.c compat_objs = getaddrinfo.obj getnameinfo.obj !ENDIF common_sources = plugin_common.c plugin_common.h common_objs = plugin_common.obj $(compat_objs) saslANONYMOUS_sources = anonymous.c anonymous_init.c $(common_sources) saslANONYMOUS_objs = anonymous.obj anonymous_init.obj $(common_objs) saslANONYMOUS_out = saslANONYMOUS.dll saslANONYMOUS.exp saslANONYMOUS.lib saslPLAIN_sources = plain.c plain_init.c $(common_sources) saslPLAIN_objs = plain.obj plain_init.obj $(common_objs) saslPLAIN_out = saslPLAIN.dll saslPLAIN.exp saslPLAIN.lib saslCRAMMD5_sources = cram.c crammd5_init.c $(common_sources) saslCRAMMD5_objs = cram.obj crammd5_init.obj $(common_objs) saslCRAMMD5_out = saslCRAMMD5.dll saslCRAMMD5.exp saslCRAMMD5.lib saslDIGESTMD5_sources = digestmd5.c digestmd5_init.c $(common_sources) saslDIGESTMD5_objs = digestmd5.obj digestmd5_init.obj $(common_objs) saslDIGESTMD5_out = saslDIGESTMD5.dll saslDIGESTMD5.exp saslDIGESTMD5.lib saslLOGIN_sources = login.c login_init.c $(common_sources) saslLOGIN_objs = login.obj login_init.obj $(common_objs) saslLOGIN_out = saslLOGIN.dll saslLOGIN.exp saslLOGIN.lib saslSCRAM_sources = scram.c scram_init.c $(common_sources) saslSCRAM_objs = scram.obj scram_init.obj $(common_objs) saslSCRAM_out = saslSCRAM.dll saslSCRAM.exp saslSCRAM.lib saslNTLM_sources = ntlm.c ntlm_init.c $(common_sources) saslNTLM_objs = ntlm.obj ntlm_init.obj $(common_objs) saslNTLM_out = saslNTLM.dll saslNTLM.exp saslNTLM.lib saslGSSAPI_sources = gssapi.c gssapiv2_init.c $(common_sources) saslGSSAPI_objs = gssapi.obj gssapiv2_init.obj $(common_objs) saslGSSAPI_out = saslGSSAPI.dll saslGSSAPI.exp saslGSSAPI.lib saslSRP_sources = srp.c srp_init.c $(common_sources) saslSRP_objs = srp.obj srp_init.obj $(common_objs) saslSRP_out = saslSRP.dll saslSRP.exp saslSRP.lib saslOTP_sources = otp.c otp_init.c $(common_sources) saslOTP_objs = otp.obj otp_init.obj $(common_objs) saslOTP_out = saslOTP.dll saslOTP.exp saslOTP.lib saslSQL_sources = sql.c sql_init.c $(common_sources) saslSQL_objs = sql.obj sql_init.obj $(common_objs) # saslSQL_out is an agregation of all generated files for all SQL plugins saslSQL_out = saslSQLITE.dll saslSQLITE.exp saslSQLITE.lib saslLDAPDB_sources = ldapdb.c $(common_sources) saslLDAPDB_objs = ldapdb.obj $(common_objs) saslLDAPDB_out = saslLDAPDB.dll saslLDAPDB.exp saslLDAPDB.lib !IF "$(NTLM)" == "1" || "$(SRP)" == "1" || "$(OTP)" == "1" || "$(SCRAM)" == "1" OPENSSL_FLAGS= /I $(OPENSSL_INCLUDE) !ELSE OPENSSL_FLAGS= !ENDIF !IF "$(GSSAPI)" == "CyberSafe" GSS_FLAGS= /I $(GSSAPI_INCLUDE) /D "HAVE_GSS_C_NT_HOSTBASED_SERVICE" /D "HAVE_GSS_C_NT_USER_NAME" GSS_LIBS=/libpath:$(GSSAPI_LIBPATH) gssapi32.lib !ELSE GSS_FLAGS= GSS_LIBS= !ENDIF CRAM_FLAGS=/DOBSOLETE_CRAM_ATTR=1 DIGEST_FLAGS=/D "WITH_RC4" # Auxprop Plugin libsasldb_sources = allockey.c db_berkeley.c libsasldb_objs = allockey.obj db_berkeley.obj saslSASLDB_sources = sasldb.c sasldb_init.c $(libsasldb_sources) $(common_sources) saslSASLDB_objs = sasldb.obj sasldb_init.obj $(libsasldb_objs) $(common_objs) saslSASLDB_out = saslSASLDB.dll saslSASLDB.exp saslSASLDB.lib all_objs = $(saslANONYMOUS_objs) $(saslPLAIN_objs) $(saslCRAMMD5_objs) $(saslDIGESTMD5_objs) $(saslLOGIN_objs) $(saslSCRAM_objs) $(saslNTLM_objs) $(saslGSSAPI_objs) $(saslSRP_objs) $(saslOTP_objs) $(saslSASLDB_objs) $(saslSQL_objs) $(saslLDAPDB_objs) all_out = $(saslANONYMOUS_out) $(saslPLAIN_out) $(saslCRAMMD5_out) $(saslDIGESTMD5_out) $(saslLOGIN_out) $(saslSCRAM_out) $(saslNTLM_out) $(saslGSSAPI_out) $(saslSRP_out) $(saslOTP_out) $(saslSASLDB_out) $(saslSQL_out) $(saslLDAPDB_out) # LIBSASL_EXPORTS is required to export additional DB routines from sasldb DB_FLAGS = /I $(DB_INCLUDE) /I "..\sasldb" /D "LIBSASL_EXPORTS" /D "KEEP_DB_OPEN" !IF $(TARGET_WIN_SYSTEM) >= 51 EXTRA_FLAGS = /D TARGET_WIN_SYSTEM=$(TARGET_WIN_SYSTEM) $(EXTRA_FLAGS) !ENDIF EXTRA_FLAGS=$(EXTRA_FLAGS) $(DB_FLAGS) $(OPENSSL_FLAGS) $(GSS_FLAGS) $(SRP_FLAGS) $(SQL_FLAGS) $(DIGEST_FLAGS) $(CRAM_FLAGS) $(LDAP_FLAGS) CPPFLAGS = /I "..\win32\include" /I "." /I "..\include" $(EXTRA_FLAGS) /D "WIN32" /D "_WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" DB_LIBS=/libpath:$(DB_LIBPATH) $(DB_LIB) OPENSSL_LIBS=/libpath:$(OPENSSL_LIBPATH) libeay32.lib ssleay32.lib # Where to install files from this directory libdir = $(prefix)\lib bindir = $(prefix)\bin\sasl2 all : all-recursive # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # # In order to force xcopy not to confirm if the second parameter is file or directory, # the first parameter has to contain a wildcard character. For example, we use libsasl.l*, # instead of libsasl.lib. Ugly, but works! # # Note, that we will copy all dlls here, not just $(PLUGINS). This is a bug, but it allows # us to copy GSSAPI plugin, which might not be in $(PLUGINS). # install: $(PLUGINS) @xcopy *.dll $(bindir) /I /F /Y all-recursive : $(PLUGINS) getaddrinfo.c: ..\lib\getaddrinfo.c copy ..\lib\getaddrinfo.c . getnameinfo.c: ..\lib\getnameinfo.c copy ..\lib\getnameinfo.c . allockey.c: ..\sasldb\allockey.c copy ..\sasldb\allockey.c . db_berkeley.c: ..\sasldb\db_berkeley.c copy ..\sasldb\db_berkeley.c . #Add /pdb: option? saslANONYMOUS.dll: $(saslANONYMOUS_objs) saslANONYMOUS.res $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslANONYMOUS.dll" /implib:"saslANONYMOUS.lib" $(saslANONYMOUS_objs) saslANONYMOUS.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslPLAIN.dll: $(saslPLAIN_objs) saslPLAIN.res $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslPLAIN.dll" /implib:"saslPLAIN.lib" $(saslPLAIN_objs) saslPLAIN.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslCRAMMD5.dll: $(saslCRAMMD5_objs) saslCRAMMD5.res $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslCRAMMD5.dll" /implib:"saslCRAMMD5.lib" $(saslCRAMMD5_objs) saslCRAMMD5.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslDIGESTMD5.dll: $(saslDIGESTMD5_objs) saslDIGESTMD5.res $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslDIGESTMD5.dll" /implib:"saslDIGESTMD5.lib" $(saslDIGESTMD5_objs) saslDIGESTMD5.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslLOGIN.dll: $(saslLOGIN_objs) saslLOGIN.res $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"saslLOGIN.dll" /implib:"saslLOGIN.lib" $(saslLOGIN_objs) saslLOGIN.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslSCRAM.dll: $(saslSCRAM_objs) saslSCRAM.res $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslSCRAM.dll" /implib:"saslSCRAM.lib" $(saslSCRAM_objs) saslSCRAM.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslNTLM.dll: $(saslNTLM_objs) saslNTLM.res $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslNTLM.dll" /implib:"saslNTLM.lib" $(saslNTLM_objs) saslNTLM.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslGSSAPI.dll: $(saslGSSAPI_objs) saslGSSAPI.res $(LINK32DLL) @<< $(GSS_LIBS) $(LINK32DLL_FLAGS) /out:"saslGSSAPI.dll" /implib:"saslGSSAPI.lib" $(saslGSSAPI_objs) saslGSSAPI.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslSRP.dll: $(saslSRP_objs) saslSRP.res $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslSRP.dll" /implib:"saslSRP.lib" $(saslSRP_objs) saslSRP.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslOTP.dll: $(saslOTP_objs) saslOTP.res $(LINK32DLL) @<< $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslOTP.dll" /implib:"saslOTP.lib" $(saslOTP_objs) saslOTP.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslSASLDB.dll: $(saslSASLDB_objs) saslSASLDB.res $(LINK32DLL) @<< $(DB_LIBS) $(LINK32DLL_FLAGS) /out:"saslSASLDB.dll" /implib:"saslSASLDB.lib" $(saslSASLDB_objs) saslSASLDB.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslSQLITE.dll: $(saslSQL_objs) saslSQLITE.res $(LINK32DLL) @<< $(SQLITE_LIBS) $(LINK32DLL_FLAGS) /out:"saslSQLITE.dll" /implib:"saslSQLITE.lib" $(saslSQL_objs) saslSQLITE.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 saslLDAPDB.dll: $(saslLDAPDB_objs) saslLDAPDB.res $(LINK32DLL) @<< $(LDAP_LIBS) $(OPENSSL_LIBS) $(LINK32DLL_FLAGS) /out:"saslLDAPDB.dll" /implib:"saslLDAPDB.lib" $(saslLDAPDB_objs) saslLDAPDB.res << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 CLEAN : -@erase $(all_objs) -@erase "*.idb" -@erase "*.pdb" -@erase "*.manifest" -@erase getaddrinfo.c -@erase allockey.c -@erase db_berkeley.c -@erase getnameinfo.c -@erase $(generated_rc) -@erase "*.res" -@erase $(all_out) .c.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cpp.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cxx.obj:: $(CPP) @<< $(CPP_PROJ) $< << .rc.res: rc $< $(generated_rc): copy < * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * . */ #include #include #include #include "sasl.h" #include "saslutil.h" #include "saslplug.h" #include "plugin_common.h" #include static char ldapdb[] = "ldapdb"; typedef struct ldapctx { int inited; /* Have we already read the config? */ const char *uri; /* URI of LDAP server */ struct berval id; /* SASL authcid to bind as */ struct berval pw; /* password for bind */ struct berval mech; /* SASL mech */ int use_tls; /* Issue StartTLS request? */ struct berval canon; /* Use attr in user entry for canonical name */ } ldapctx; static ldapctx ldapdb_ctx; static int ldapdb_interact(LDAP *ld, unsigned flags __attribute__((unused)), void *def, void *inter) { sasl_interact_t *in = inter; ldapctx *ctx = def; struct berval p; for (;in->id != SASL_CB_LIST_END;in++) { p.bv_val = NULL; switch(in->id) { case SASL_CB_GETREALM: ldap_get_option(ld, LDAP_OPT_X_SASL_REALM, &p.bv_val); if (p.bv_val) p.bv_len = strlen(p.bv_val); break; case SASL_CB_AUTHNAME: p = ctx->id; break; case SASL_CB_PASS: p = ctx->pw; break; } if (p.bv_val) { in->result = p.bv_val; in->len = p.bv_len; } } return LDAP_SUCCESS; } typedef struct connparm { LDAP *ld; LDAPControl c; LDAPControl *ctrl[2]; struct berval *dn; } connparm; static int ldapdb_connect(ldapctx *ctx, sasl_server_params_t *sparams, const char *user, unsigned ulen, connparm *cp) { int i; char *authzid; if((i=ldap_initialize(&cp->ld, ctx->uri))) { return i; } authzid = sparams->utils->malloc(ulen + sizeof("u:")); if (!authzid) { return LDAP_NO_MEMORY; } strcpy(authzid, "u:"); strcpy(authzid+2, user); cp->c.ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ; cp->c.ldctl_value.bv_val = authzid; cp->c.ldctl_value.bv_len = ulen + 2; cp->c.ldctl_iscritical = 1; i = LDAP_VERSION3; ldap_set_option(cp->ld, LDAP_OPT_PROTOCOL_VERSION, &i); /* If TLS is set and it fails, continue or bail out as requested */ if (ctx->use_tls && (i=ldap_start_tls_s(cp->ld, NULL, NULL)) != LDAP_SUCCESS && ctx->use_tls > 1) { sparams->utils->free(authzid); return i; } i = ldap_sasl_interactive_bind_s(cp->ld, NULL, ctx->mech.bv_val, NULL, NULL, LDAP_SASL_QUIET, ldapdb_interact, ctx); if (i != LDAP_SUCCESS) { sparams->utils->free(authzid); return i; } cp->ctrl[0] = &cp->c; cp->ctrl[1] = NULL; i = ldap_whoami_s(cp->ld, &cp->dn, cp->ctrl, NULL); if (i == LDAP_SUCCESS && cp->dn) { if (!cp->dn->bv_val || strncmp(cp->dn->bv_val, "dn:", 3)) { ber_bvfree(cp->dn); cp->dn = NULL; i = LDAP_INVALID_SYNTAX; } else { cp->c.ldctl_value = *(cp->dn); } } sparams->utils->free(authzid); return i; } static int ldapdb_auxprop_lookup(void *glob_context, sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen) { ldapctx *ctx = glob_context; connparm cp; int ret, i, n, *aindx; int result; int j; const struct propval *pr; struct berval **bvals; LDAPMessage *msg, *res; char **attrs = NULL; if(!ctx || !sparams || !user) return SASL_BADPARAM; pr = sparams->utils->prop_get(sparams->propctx); if (!pr) return SASL_FAIL; /* count how many attrs to fetch */ for(i = 0, n = 0; pr[i].name; i++) { if(pr[i].name[0] == '*' && (flags & SASL_AUXPROP_AUTHZID)) continue; if(pr[i].values && !(flags & SASL_AUXPROP_OVERRIDE)) continue; n++; } /* nothing to do, bail out */ if (!n) return SASL_OK; /* alloc an array of attr names for search, and index to the props */ attrs = sparams->utils->malloc((n+1)*sizeof(char *)*2); if (!attrs) { result = SASL_NOMEM; goto done; } aindx = (int *)(attrs + n + 1); /* copy attr list */ for (i=0, n=0; pr[i].name; i++) { if(pr[i].name[0] == '*' && (flags & SASL_AUXPROP_AUTHZID)) continue; if(pr[i].values && !(flags & SASL_AUXPROP_OVERRIDE)) continue; attrs[n] = (char *)pr[i].name; if (pr[i].name[0] == '*') attrs[n]++; aindx[n] = i; n++; } attrs[n] = NULL; if ((ret = ldapdb_connect(ctx, sparams, user, ulen, &cp)) != LDAP_SUCCESS) { goto process_ldap_error; } ret = ldap_search_ext_s(cp.ld, cp.dn->bv_val+3, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0, cp.ctrl, NULL, NULL, 1, &res); ber_bvfree(cp.dn); if (ret != LDAP_SUCCESS) { goto process_ldap_error; } /* Assume no user by default */ ret = LDAP_NO_SUCH_OBJECT; for (msg = ldap_first_message(cp.ld, res); msg; msg = ldap_next_message(cp.ld, msg)) { if (ldap_msgtype(msg) != LDAP_RES_SEARCH_ENTRY) continue; /* Presence of a search result response indicates that the user exists */ ret = LDAP_SUCCESS; for (i = 0; i < n; i++) { bvals = ldap_get_values_len(cp.ld, msg, attrs[i]); if (!bvals) continue; if (pr[aindx[i]].values) { sparams->utils->prop_erase(sparams->propctx, pr[aindx[i]].name); } for ( j = 0; bvals[j] != NULL; j++ ) { sparams->utils->prop_set(sparams->propctx, pr[aindx[i]].name, bvals[j]->bv_val, bvals[j]->bv_len); } ber_bvecfree(bvals); } } ldap_msgfree(res); process_ldap_error: switch (ret) { case LDAP_SUCCESS: result = SASL_OK; break; case LDAP_NO_SUCH_OBJECT: result = SASL_NOUSER; break; case LDAP_NO_MEMORY: result = SASL_NOMEM; break; case LDAP_SERVER_DOWN: case LDAP_BUSY: case LDAP_UNAVAILABLE: case LDAP_CONNECT_ERROR: result = SASL_UNAVAIL; break; #if defined(LDAP_PROXY_AUTHZ_FAILURE) case LDAP_PROXY_AUTHZ_FAILURE: #endif case LDAP_INAPPROPRIATE_AUTH: case LDAP_INVALID_CREDENTIALS: case LDAP_INSUFFICIENT_ACCESS: result = SASL_BADAUTH; break; default: result = SASL_FAIL; break; } done: if(attrs) sparams->utils->free(attrs); if(cp.ld) ldap_unbind_ext(cp.ld, NULL, NULL); return result; } static int ldapdb_auxprop_store(void *glob_context, sasl_server_params_t *sparams, struct propctx *prctx, const char *user, unsigned ulen) { ldapctx *ctx = glob_context; connparm cp; const struct propval *pr; int i, n; LDAPMod **mods; /* just checking if we are enabled */ if (!prctx) return SASL_OK; if (!sparams || !user) return SASL_BADPARAM; pr = sparams->utils->prop_get(prctx); if (!pr) return SASL_BADPARAM; for (n=0; pr[n].name; n++); if (!n) return SASL_BADPARAM; mods = sparams->utils->malloc((n+1) * sizeof(LDAPMod*) + n * sizeof(LDAPMod)); if (!mods) return SASL_NOMEM; if((i=ldapdb_connect(ctx, sparams, user, ulen, &cp)) == 0) { for (i=0; imod_op = LDAP_MOD_REPLACE; mods[i]->mod_type = (char *)pr[i].name; mods[i]->mod_values = (char **)pr[i].values; } mods[i] = NULL; i = ldap_modify_ext_s(cp.ld, cp.dn->bv_val+3, mods, cp.ctrl, NULL); ber_bvfree(cp.dn); } sparams->utils->free(mods); if (i) { sparams->utils->seterror(sparams->utils->conn, 0, ldap_err2string(i)); if (i == LDAP_NO_MEMORY) i = SASL_NOMEM; else i = SASL_FAIL; } if(cp.ld) ldap_unbind_ext(cp.ld, NULL, NULL); return i; } static int ldapdb_canon_server(void *glob_context, sasl_server_params_t *sparams, const char *user, unsigned ulen, unsigned flags, char *out, unsigned out_max, unsigned *out_ulen) { ldapctx *ctx = glob_context; connparm cp; struct berval **bvals; LDAPMessage *msg, *res; char *rdn, *attrs[2]; unsigned len; int ret; if(!ctx || !sparams || !user) return SASL_BADPARAM; /* If no canon attribute was configured, we can't do anything */ if(!ctx->canon.bv_val) return SASL_BADPARAM; /* Trim whitespace */ while(isspace(*(unsigned char *)user)) { user++; ulen--; } while(isspace((unsigned char)user[ulen-1])) { ulen--; } if (!ulen) { sparams->utils->seterror(sparams->utils->conn, 0, "All-whitespace username."); return SASL_FAIL; } ret = ldapdb_connect(ctx, sparams, user, ulen, &cp); if ( ret ) goto done; /* See if the RDN uses the canon attr. If so, just use the RDN * value, we don't need to do a search. */ rdn = cp.dn->bv_val+3; if (!strncasecmp(ctx->canon.bv_val, rdn, ctx->canon.bv_len) && rdn[ctx->canon.bv_len] == '=') { char *comma; rdn += ctx->canon.bv_len + 1; comma = strchr(rdn, ','); if ( comma ) len = comma - rdn; else len = cp.dn->bv_len - (rdn - cp.dn->bv_val); if ( len > out_max ) len = out_max; memcpy(out, rdn, len); out[len] = '\0'; *out_ulen = len; ret = SASL_OK; ber_bvfree(cp.dn); goto done; } /* Have to read the user's entry */ attrs[0] = ctx->canon.bv_val; attrs[1] = NULL; ret = ldap_search_ext_s(cp.ld, cp.dn->bv_val+3, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, 0, cp.ctrl, NULL, NULL, 1, &res); ber_bvfree(cp.dn); if (ret != LDAP_SUCCESS) goto done; for(msg=ldap_first_message(cp.ld, res); msg; msg=ldap_next_message(cp.ld, msg)) { if (ldap_msgtype(msg) != LDAP_RES_SEARCH_ENTRY) continue; bvals = ldap_get_values_len(cp.ld, msg, attrs[0]); if (!bvals) continue; len = bvals[0]->bv_len; if ( len > out_max ) len = out_max; memcpy(out, bvals[0]->bv_val, len); *out_ulen = len; ber_bvecfree(bvals); } ldap_msgfree(res); done: if(cp.ld) ldap_unbind_ext(cp.ld, NULL, NULL); if (ret) { sparams->utils->seterror(sparams->utils->conn, 0, ldap_err2string(ret)); if (ret == LDAP_NO_MEMORY) ret = SASL_NOMEM; else ret = SASL_FAIL; } return ret; } static int ldapdb_canon_client(void *glob_context, sasl_client_params_t *cparams, const char *user, unsigned ulen, unsigned flags, char *out, unsigned out_max, unsigned *out_ulen) { if(!cparams || !user) return SASL_BADPARAM; /* Trim whitespace */ while(isspace(*(unsigned char *)user)) { user++; ulen--; } while(isspace((unsigned char)user[ulen-1])) { ulen--; } if (!ulen) { cparams->utils->seterror(cparams->utils->conn, 0, "All-whitespace username."); return SASL_FAIL; } if (ulen > out_max) return SASL_BUFOVER; memcpy(out, user, ulen); out[ulen] = '\0'; *out_ulen = ulen; return SASL_OK; } static int ldapdb_config(const sasl_utils_t *utils) { ldapctx *p = &ldapdb_ctx; const char *s; unsigned len; if(p->inited) return SASL_OK; utils->getopt(utils->getopt_context, ldapdb, "ldapdb_uri", &p->uri, NULL); if(!p->uri) return SASL_BADPARAM; utils->getopt(utils->getopt_context, ldapdb, "ldapdb_id", (const char **)&p->id.bv_val, &len); p->id.bv_len = len; utils->getopt(utils->getopt_context, ldapdb, "ldapdb_pw", (const char **)&p->pw.bv_val, &len); p->pw.bv_len = len; utils->getopt(utils->getopt_context, ldapdb, "ldapdb_mech", (const char **)&p->mech.bv_val, &len); p->mech.bv_len = len; utils->getopt(utils->getopt_context, ldapdb, "ldapdb_starttls", &s, NULL); if (s) { if (!strcasecmp(s, "demand")) p->use_tls = 2; else if (!strcasecmp(s, "try")) p->use_tls = 1; } utils->getopt(utils->getopt_context, ldapdb, "ldapdb_rc", &s, &len); if (s) { char *str = utils->malloc(sizeof("LDAPRC=")+len); if (!str) return SASL_NOMEM; strcpy( str, "LDAPRC=" ); strcpy( str + sizeof("LDAPRC=")-1, s ); if (putenv(str)) { utils->free(str); return SASL_NOMEM; } } utils->getopt(utils->getopt_context, ldapdb, "ldapdb_canon_attr", (const char **)&p->canon.bv_val, &len); p->canon.bv_len = len; p->inited = 1; return SASL_OK; } static sasl_auxprop_plug_t ldapdb_auxprop_plugin = { 0, /* Features */ 0, /* spare */ &ldapdb_ctx, /* glob_context */ NULL, /* auxprop_free */ ldapdb_auxprop_lookup, /* auxprop_lookup */ ldapdb, /* name */ ldapdb_auxprop_store /* auxprop store */ }; int ldapdb_auxprop_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_auxprop_plug_t **plug, const char *plugname __attribute__((unused))) { int rc; if(!out_version || !plug) return SASL_BADPARAM; if(max_version < SASL_AUXPROP_PLUG_VERSION) return SASL_BADVERS; rc = ldapdb_config(utils); *out_version = SASL_AUXPROP_PLUG_VERSION; *plug = &ldapdb_auxprop_plugin; return rc; } static sasl_canonuser_plug_t ldapdb_canonuser_plugin = { 0, /* features */ 0, /* spare */ &ldapdb_ctx, /* glob_context */ ldapdb, /* name */ NULL, /* canon_user_free */ ldapdb_canon_server, /* canon_user_server */ ldapdb_canon_client, /* canon_user_client */ NULL, NULL, NULL }; int ldapdb_canonuser_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_canonuser_plug_t **plug, const char *plugname __attribute__((unused))) { int rc; if(!out_version || !plug) return SASL_BADPARAM; if(max_version < SASL_CANONUSER_PLUG_VERSION) return SASL_BADVERS; rc = ldapdb_config(utils); *out_version = SASL_CANONUSER_PLUG_VERSION; *plug = &ldapdb_canonuser_plugin; return rc; } cyrus-sasl-2.1.25/plugins/otp_init.c0000666000076400007640000000131411632367343014324 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( otp ) SASL_SERVER_PLUG_INIT( otp ) cyrus-sasl-2.1.25/plugins/crammd5_init.c0000666000076400007640000000133011632367343015050 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( crammd5 ) SASL_SERVER_PLUG_INIT( crammd5 ) cyrus-sasl-2.1.25/plugins/gs2_token.c0000646000076400007640000002336211630151332014362 00000000000000/* * Copyright (c) 2011, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of PADL Software nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "gs2_token.h" /* * $Id: gs2_token.c,v 1.2 2011/05/23 14:45:40 mel Exp $ */ #ifndef HAVE_GSS_ENCAPSULATE_TOKEN /* XXXX this code currently makes the assumption that a mech oid will never be longer than 127 bytes. This assumption is not inherent in the interfaces, so the code can be fixed if the OSI namespace balloons unexpectedly. */ /* * Each token looks like this: * 0x60 tag for APPLICATION 0, SEQUENCE * (constructed, definite-length) * possible multiple bytes, need to parse/generate * 0x06 tag for OBJECT IDENTIFIER * compile-time constant string (assume 1 byte) * compile-time constant string * the ANY containing the application token * bytes 0,1 are the token type * bytes 2,n are the token data * * Note that the token type field is a feature of RFC 1964 mechanisms and * is not used by other GSSAPI mechanisms. As such, a token type of -1 * is interpreted to mean that no token type should be expected or * generated. * * For the purposes of this abstraction, the token "header" consists of * the sequence tag and length octets, the mech OID DER encoding, and the * first two inner bytes, which indicate the token type. The token * "body" consists of everything else. */ static size_t der_length_size(size_t length) { if (length < (1<<7)) return 1; else if (length < (1<<8)) return 2; #if INT_MAX == 0x7fff else return 3; #else else if (length < (1<<16)) return 3; else if (length < (1<<24)) return 4; else return 5; #endif } static void der_write_length(unsigned char **buf, size_t length) { if (length < (1<<7)) { *(*buf)++ = (unsigned char)length; } else { *(*buf)++ = (unsigned char)(der_length_size(length)+127); #if INT_MAX > 0x7fff if (length >= (1<<24)) *(*buf)++ = (unsigned char)(length>>24); if (length >= (1<<16)) *(*buf)++ = (unsigned char)((length>>16)&0xff); #endif if (length >= (1<<8)) *(*buf)++ = (unsigned char)((length>>8)&0xff); *(*buf)++ = (unsigned char)(length&0xff); } } /* returns the length of a token, given the mech oid and the body size */ static size_t token_size(const gss_OID_desc *mech, size_t body_size) { /* set body_size to sequence contents size */ body_size += 2 + (size_t) mech->length; /* NEED overflow check */ return 1 + der_length_size(body_size) + body_size; } /* fills in a buffer with the token header. The buffer is assumed to be the right size. buf is advanced past the token header */ static void make_token_header( const gss_OID_desc *mech, size_t body_size, unsigned char **buf) { *(*buf)++ = 0x60; der_write_length(buf, 2 + mech->length + body_size); *(*buf)++ = 0x06; *(*buf)++ = (unsigned char)mech->length; memcpy(*buf, mech->elements, mech->length); *buf += mech->length; } OM_uint32 gs2_encapsulate_token(const gss_buffer_t input_token, const gss_OID token_oid, gss_buffer_t output_token) { size_t tokenSize; unsigned char *buf; if (input_token == GSS_C_NO_BUFFER || token_oid == GSS_C_NO_OID) return GSS_S_CALL_INACCESSIBLE_READ; if (output_token == GSS_C_NO_BUFFER) return GSS_S_CALL_INACCESSIBLE_WRITE; tokenSize = token_size(token_oid, input_token->length); output_token->value = malloc(tokenSize); if (output_token->value == NULL) return GSS_S_FAILURE; buf = output_token->value; make_token_header(token_oid, input_token->length, &buf); memcpy(buf, input_token->value, input_token->length); output_token->length = tokenSize; return GSS_S_COMPLETE; } #endif #ifndef HAVE_GSS_DECAPSULATE_TOKEN /* returns decoded length, or < 0 on failure. Advances buf and decrements bufsize */ static int der_read_length(unsigned char **buf, ssize_t *bufsize) { unsigned char sf; int ret; if (*bufsize < 1) return -1; sf = *(*buf)++; (*bufsize)--; if (sf & 0x80) { if ((sf &= 0x7f) > ((*bufsize)-1)) return -1; if (sf > sizeof(int)) return -1; ret = 0; for (; sf; sf--) { ret = (ret<<8) + (*(*buf)++); (*bufsize)--; } } else { ret = sf; } return ret; } /* * Given a buffer containing a token, reads and verifies the token, * leaving buf advanced past the token header, and setting body_size * to the number of remaining bytes. Returns 0 on success, * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the * mechanism in the token does not match the mech argument. buf and * *body_size are left unmodified on error. */ static OM_uint32 verify_token_header(OM_uint32 *minor, const gss_OID mech, size_t *body_size, unsigned char **buf_in, size_t toksize_in) { unsigned char *buf = *buf_in; ssize_t seqsize; gss_OID_desc toid; ssize_t toksize = (ssize_t)toksize_in; *minor = 0; if ((toksize -= 1) < 0) return GSS_S_DEFECTIVE_TOKEN; if (*buf++ != 0x60) return GSS_S_DEFECTIVE_TOKEN; seqsize = der_read_length(&buf, &toksize); if (seqsize < 0) return GSS_S_DEFECTIVE_TOKEN; if (seqsize != toksize) return GSS_S_DEFECTIVE_TOKEN; if ((toksize -= 1) < 0) return GSS_S_DEFECTIVE_TOKEN; if (*buf++ != 0x06) return GSS_S_DEFECTIVE_TOKEN; if ((toksize -= 1) < 0) return GSS_S_DEFECTIVE_TOKEN; toid.length = *buf++; if ((toksize -= toid.length) < 0) return GSS_S_DEFECTIVE_TOKEN; toid.elements = buf; buf += toid.length; if (!gss_oid_equal(&toid, mech)) return GSS_S_DEFECTIVE_TOKEN; *buf_in = buf; *body_size = toksize; return GSS_S_COMPLETE; } OM_uint32 gs2_decapsulate_token(const gss_buffer_t input_token, const gss_OID token_oid, gss_buffer_t output_token) { OM_uint32 major, minor; size_t body_size = 0; unsigned char *buf_in; if (input_token == GSS_C_NO_BUFFER || token_oid == GSS_C_NO_OID) return GSS_S_CALL_INACCESSIBLE_READ; if (output_token == GSS_C_NO_BUFFER) return GSS_S_CALL_INACCESSIBLE_WRITE; buf_in = input_token->value; major = verify_token_header(&minor, token_oid, &body_size, &buf_in, input_token->length); if (minor != 0) return GSS_S_DEFECTIVE_TOKEN; output_token->value = malloc(body_size); if (output_token->value == NULL) return GSS_S_FAILURE; memcpy(output_token->value, buf_in, body_size); output_token->length = body_size; return GSS_S_COMPLETE; } #endif #ifndef HAVE_GSS_OID_EQUAL int gs2_oid_equal(const gss_OID o1, const gss_OID o2) { return o1->length == o2->length && (memcmp(o1->elements, o2->elements, o1->length) == 0); } #endif cyrus-sasl-2.1.25/plugins/digestmd5_init.c0000666000076400007640000000133611632367343015413 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( digestmd5 ) SASL_SERVER_PLUG_INIT( digestmd5 ) cyrus-sasl-2.1.25/plugins/otp.c0000646000076400007640000013767111630151332013302 00000000000000/* OTP SASL plugin * Ken Murchison * $Id: otp.c,v 1.43 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 1998-2009 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include /* XXX hack for OpenBSD/OpenSSL cruftiness */ #include #define MD5_H /* suppress internal MD5 */ #include #include "plugin_common.h" #ifdef macintosh #include #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: otp.c,v 1.43 2011/09/01 14:12:18 mel Exp $"; #define OTP_SEQUENCE_MAX 9999 #define OTP_SEQUENCE_DEFAULT 499 #define OTP_SEQUENCE_REINIT 490 #define OTP_SEED_MIN 1 #define OTP_SEED_MAX 16 #define OTP_HASH_SIZE 8 /* 64 bits */ #define OTP_CHALLENGE_MAX 100 #define OTP_RESPONSE_MAX 100 #define OTP_HEX_TYPE "hex:" #define OTP_WORD_TYPE "word:" #define OTP_INIT_HEX_TYPE "init-hex:" #define OTP_INIT_WORD_TYPE "init-word:" typedef struct algorithm_option_s { const char *name; /* name used in challenge/response */ int swab; /* number of bytes to swab (0, 1, 2, 4, 8) */ const char *evp_name; /* name used for lookup in EVP table */ } algorithm_option_t; static algorithm_option_t algorithm_options[] = { {"md4", 0, "md4"}, {"md5", 0, "md5"}, {"sha1", 4, "sha1"}, {NULL, 0, NULL} }; /* Convert the binary data into ASCII hex */ void bin2hex(unsigned char *bin, int binlen, char *hex) { int i; unsigned char c; for (i = 0; i < binlen; i++) { c = (bin[i] >> 4) & 0xf; hex[i*2] = (c > 9) ? ('a' + c - 10) : ('0' + c); c = bin[i] & 0xf; hex[i*2+1] = (c > 9) ? ('a' + c - 10) : ('0' + c); } hex[i*2] = '\0'; } /* * Hash the data using the given algorithm and fold it into 64 bits, * swabbing bytes if necessary. */ static void otp_hash(const EVP_MD *md, char *in, size_t inlen, unsigned char *out, int swab) { EVP_MD_CTX mdctx; char hash[EVP_MAX_MD_SIZE]; unsigned int i; int j; unsigned hashlen; EVP_DigestInit(&mdctx, md); EVP_DigestUpdate(&mdctx, in, inlen); EVP_DigestFinal(&mdctx, hash, &hashlen); /* Fold the result into 64 bits */ for (i = OTP_HASH_SIZE; i < hashlen; i++) { hash[i % OTP_HASH_SIZE] ^= hash[i]; } /* Swab bytes */ if (swab) { for (i = 0; i < OTP_HASH_SIZE;) { for (j = swab-1; j > -swab; i++, j-=2) out[i] = hash[i+j]; } } else memcpy(out, hash, OTP_HASH_SIZE); } static int generate_otp(const sasl_utils_t *utils, algorithm_option_t *alg, unsigned seq, char *seed, char *secret, char *otp) { const EVP_MD *md; char *key; if (!(md = EVP_get_digestbyname(alg->evp_name))) { utils->seterror(utils->conn, 0, "OTP algorithm %s is not available", alg->evp_name); return SASL_FAIL; } if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { SETERROR(utils, "cannot allocate OTP key"); return SASL_NOMEM; } /* initial step */ strcpy(key, seed); strcat(key, secret); otp_hash(md, key, strlen(key), otp, alg->swab); /* computation step */ while (seq-- > 0) otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); utils->free(key); return SASL_OK; } static int parse_challenge(const sasl_utils_t *utils, char *chal, algorithm_option_t **alg, unsigned *seq, char *seed, int is_init) { char *c; algorithm_option_t *opt; int n; c = chal; /* eat leading whitespace */ while (*c && isspace((int) *c)) c++; if (!is_init) { /* check the prefix */ if (!*c || strncmp(c, "otp-", 4)) { SETERROR(utils, "not an OTP challenge"); return SASL_BADPROT; } /* skip the prefix */ c += 4; } /* find the algorithm */ opt = algorithm_options; while (opt->name) { if (!strncmp(c, opt->name, strlen(opt->name))) { break; } opt++; } /* didn't find the algorithm in our list */ if (!opt->name) { utils->seterror(utils->conn, 0, "OTP algorithm '%s' not supported", c); return SASL_BADPROT; } /* skip algorithm name */ c += strlen(opt->name); *alg = opt; /* eat whitespace */ if (!isspace((int) *c)) { SETERROR(utils, "no whitespace between OTP algorithm and sequence"); return SASL_BADPROT; } while (*c && isspace((int) *c)) c++; /* grab the sequence */ if ((*seq = strtoul(c, &c, 10)) > OTP_SEQUENCE_MAX) { utils->seterror(utils->conn, 0, "sequence > %u", OTP_SEQUENCE_MAX); return SASL_BADPROT; } /* eat whitespace */ if (!isspace((int) *c)) { SETERROR(utils, "no whitespace between OTP sequence and seed"); return SASL_BADPROT; } while (*c && isspace((int) *c)) c++; /* grab the seed, converting to lowercase as we go */ n = 0; while (*c && isalnum((int) *c) && (n < OTP_SEED_MAX)) seed[n++] = tolower((int) *c++); if (n > OTP_SEED_MAX) { utils->seterror(utils->conn, 0, "OTP seed length > %u", OTP_SEED_MAX); return SASL_BADPROT; } else if (n < OTP_SEED_MIN) { utils->seterror(utils->conn, 0, "OTP seed length < %u", OTP_SEED_MIN); return SASL_BADPROT; } seed[n] = '\0'; if (!is_init) { /* eat whitespace */ if (!isspace((int) *c)) { SETERROR(utils, "no whitespace between OTP seed and extensions"); return SASL_BADPROT; } while (*c && isspace((int) *c)) c++; /* make sure this is an extended challenge */ if (strncmp(c, "ext", 3) || (*(c+=3) && !(isspace((int) *c) || (*c == ',') || (*c == '\r') || (*c == '\n')))) { SETERROR(utils, "not an OTP extended challenge"); return SASL_BADPROT; } } return SASL_OK; } static void otp_common_mech_free(void *global_context __attribute__((unused)), const sasl_utils_t *utils __attribute__((unused))) { EVP_cleanup(); } /***************************** Server Section *****************************/ #ifdef HAVE_OPIE #include #endif typedef struct server_context { int state; char *authid; int locked; /* is the user's secret locked? */ algorithm_option_t *alg; #ifdef HAVE_OPIE struct opie opie; #else char *realm; unsigned seq; char seed[OTP_SEED_MAX+1]; unsigned char otp[OTP_HASH_SIZE]; time_t timestamp; /* time we locked the secret */ #endif /* HAVE_OPIE */ char *out_buf; unsigned out_buf_len; } server_context_t; static int otp_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { server_context_t *text; /* holds state are in */ text = sparams->utils->malloc(sizeof(server_context_t)); if (text == NULL) { MEMERROR(sparams->utils); return SASL_NOMEM; } memset(text, 0, sizeof(server_context_t)); text->state = 1; *conn_context = text; return SASL_OK; } #ifdef HAVE_OPIE #ifndef OPIE_KEYFILE #define OPIE_KEYFILE "/etc/opiekeys" #endif static int opie_server_mech_step(void *conn_context, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { server_context_t *text = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } switch (text->state) { case 1: { const char *authzid; const char *authid; size_t authid_len; unsigned lup = 0; int result; /* should have received authzid NUL authid */ /* get authzid */ authzid = clientin; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; if (lup >= clientinlen) { SETERROR(params->utils, "Can only find OTP authzid (no authid)"); return SASL_BADPROT; } /* get authid */ ++lup; authid = clientin + lup; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; authid_len = clientin + lup - authid; if (lup != clientinlen) { SETERROR(params->utils, "Got more data than we were expecting in the OTP plugin\n"); return SASL_BADPROT; } text->authid = params->utils->malloc(authid_len + 1); if (text->authid == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } /* we can't assume that authen is null-terminated */ strncpy(text->authid, authid, authid_len); text->authid[authid_len] = '\0'; result = params->canon_user(params->utils->conn, text->authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) return result; result = params->canon_user(params->utils->conn, strlen(authzid) ? authzid : text->authid, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), OTP_CHALLENGE_MAX+1); if (result != SASL_OK) return result; /* create challenge - return sasl_continue on success */ result = opiechallenge(&text->opie, text->authid, text->out_buf); switch (result) { case 0: text->locked = 1; *serverout = text->out_buf; *serveroutlen = strlen(text->out_buf); text->state = 2; return SASL_CONTINUE; case 1: SETERROR(params->utils, "opiechallenge: user not found or locked"); return SASL_NOUSER; default: SETERROR(params->utils, "opiechallenge: system error (file, memory, I/O)"); return SASL_FAIL; } } case 2: { char response[OPIE_RESPONSE_MAX+1]; int result; /* should have received extended response, but we'll take anything that we can verify */ if (clientinlen > OPIE_RESPONSE_MAX) { SETERROR(params->utils, "response too long"); return SASL_BADPROT; } /* we can't assume that the response is null-terminated */ strncpy(response, clientin, clientinlen); response[clientinlen] = '\0'; /* verify response */ result = opieverify(&text->opie, response); text->locked = 0; switch (result) { case 0: /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; case 1: SETERROR(params->utils, "opieverify: invalid/incorrect response"); return SASL_BADAUTH; default: SETERROR(params->utils, "opieverify: system error (file, memory, I/O)"); return SASL_FAIL; } } default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid OTP server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void opie_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *text = (server_context_t *) conn_context; if (!text) return; /* if we created a challenge, but bailed before the verification of the response, do a verify here to release the lock on the user key */ if (text->locked) opieverify(&text->opie, ""); if (text->authid) _plug_free_string(utils, &(text->authid)); if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static int opie_mech_avail(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, void **conn_context __attribute__((unused))) { const char *fname; unsigned int len; sparams->utils->getopt(sparams->utils->getopt_context, "OTP", "opiekeys", &fname, &len); if (!fname) fname = OPIE_KEYFILE; if (access(fname, R_OK|W_OK) != 0) { sparams->utils->log(NULL, SASL_LOG_ERR, "OTP unavailable because " "can't read/write key database %s: %m", fname, errno); return SASL_NOMECH; } return SASL_OK; } static sasl_server_plug_t otp_server_plugins[] = { { "OTP", 0, SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_FORWARD_SECRECY, SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_DONTUSE_USERPASSWD | SASL_FEAT_ALLOWS_PROXY, NULL, &otp_server_mech_new, &opie_server_mech_step, &opie_server_mech_dispose, &otp_common_mech_free, NULL, NULL, NULL, &opie_mech_avail, NULL } }; #else /* HAVE_OPIE */ #include "otp.h" #define OTP_MDA_DEFAULT "md5" #define OTP_LOCK_TIMEOUT 5 * 60 /* 5 minutes */ /* Convert the ASCII hex into binary data */ int hex2bin(char *hex, unsigned char *bin, int binlen) { int i; char *c; unsigned char msn, lsn; memset(bin, 0, binlen); for (c = hex, i = 0; i < binlen; c++) { /* whitespace */ if (isspace((int) *c)) continue; /* end of string, or non-hex char */ if (!*c || !*(c+1) || !isxdigit((int) *c)) break; msn = (*c > '9') ? tolower((int) *c) - 'a' + 10 : *c - '0'; c++; lsn = (*c > '9') ? tolower((int) *c) - 'a' + 10 : *c - '0'; bin[i++] = (unsigned char) (msn << 4) | lsn; } return (i < binlen) ? SASL_BADAUTH : SASL_OK; } static int make_secret(const sasl_utils_t *utils, const char *alg, unsigned seq, char *seed, char *otp, time_t timeout, sasl_secret_t **secret) { size_t sec_len; unsigned char *data; char buf[2*OTP_HASH_SIZE+1]; /* * secret is stored as: * * \t \t \t \t \0 * * is used as a "lock" when an auth is in progress * we just set it to zero here (no lock) */ sec_len = strlen(alg)+1+4+1+strlen(seed)+1+2*OTP_HASH_SIZE+1+20+1; *secret = utils->malloc(sizeof(sasl_secret_t)+sec_len); if (!*secret) { return SASL_NOMEM; } (*secret)->len = (unsigned) sec_len; data = (*secret)->data; bin2hex(otp, OTP_HASH_SIZE, buf); buf[2*OTP_HASH_SIZE] = '\0'; sprintf(data, "%s\t%04d\t%s\t%s\t%020ld", alg, seq, seed, buf, timeout); return SASL_OK; } static int parse_secret(const sasl_utils_t *utils, char *secret, size_t seclen, char *alg, unsigned *seq, char *seed, unsigned char *otp, time_t *timeout) { if (strlen(secret) < seclen) { unsigned char *c; /* * old-style (binary) secret is stored as: * * \0 \0 \0 * */ if (seclen < (3+1+1+1+OTP_SEED_MIN+1+OTP_HASH_SIZE+sizeof(time_t))) { SETERROR(utils, "OTP secret too short"); return SASL_FAIL; } c = secret; strcpy(alg, (char*) c); c += strlen(alg)+1; *seq = strtoul(c, NULL, 10); c += 5; strcpy(seed, (char*) c); c += strlen(seed)+1; memcpy(otp, c, OTP_HASH_SIZE); c += OTP_HASH_SIZE; memcpy(timeout, c, sizeof(time_t)); return SASL_OK; } else { char buf[2*OTP_HASH_SIZE+1]; /* * new-style (ASCII) secret is stored as: * * \t \t \t \t \0 * */ if (seclen < (3+1+1+1+OTP_SEED_MIN+1+2*OTP_HASH_SIZE+1+20)) { SETERROR(utils, "OTP secret too short"); return SASL_FAIL; } sscanf(secret, "%s\t%04d\t%s\t%s\t%020ld", alg, seq, seed, buf, timeout); hex2bin(buf, otp, OTP_HASH_SIZE); return SASL_OK; } } /* Compare two string pointers */ static int strptrcasecmp(const void *arg1, const void *arg2) { return (strcasecmp(*((char**) arg1), *((char**) arg2))); } /* Convert the 6 words into binary data */ static int word2bin(const sasl_utils_t *utils, char *words, unsigned char *bin, const EVP_MD *md) { int i, j; char *c, *word, buf[OTP_RESPONSE_MAX+1]; void *base; int nmemb; unsigned long x = 0; unsigned char bits[OTP_HASH_SIZE+1]; /* 1 for checksum */ unsigned char chksum; int bit, fbyte, lbyte; const char **str_ptr; int alt_dict = 0; /* this is a destructive operation, so make a work copy */ strcpy(buf, words); memset(bits, 0, 9); for (c = buf, bit = 0, i = 0; i < 6; i++, c++, bit+=11) { while (*c && isspace((int) *c)) c++; word = c; while (*c && isalpha((int) *c)) c++; if (!*c && i < 5) break; *c = '\0'; if (strlen(word) < 1 || strlen(word) > 4) { utils->log(NULL, SASL_LOG_DEBUG, "incorrect word length '%s'", word); return SASL_BADAUTH; } /* standard dictionary */ if (!alt_dict) { if (strlen(word) < 4) { base = otp_std_dict; nmemb = OTP_4LETTER_OFFSET; } else { base = otp_std_dict + OTP_4LETTER_OFFSET; nmemb = OTP_STD_DICT_SIZE - OTP_4LETTER_OFFSET; } str_ptr = (const char**) bsearch((void*) &word, base, nmemb, sizeof(const char*), strptrcasecmp); if (str_ptr) { x = (unsigned long) (str_ptr - otp_std_dict); } else if (i == 0) { /* couldn't find first word, try alternate dictionary */ alt_dict = 1; } else { utils->log(NULL, SASL_LOG_DEBUG, "word '%s' not found in dictionary", word); return SASL_BADAUTH; } } /* alternate dictionary */ if (alt_dict) { EVP_MD_CTX mdctx; char hash[EVP_MAX_MD_SIZE]; int hashlen; EVP_DigestInit(&mdctx, md); EVP_DigestUpdate(&mdctx, word, strlen(word)); EVP_DigestFinal(&mdctx, hash, &hashlen); /* use lowest 11 bits */ x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; } /* left align 11 bits on byte boundary */ x <<= (8 - ((bit+11) % 8)); /* first output byte containing some of our 11 bits */ fbyte = bit / 8; /* last output byte containing some of our 11 bits */ lbyte = (bit+11) / 8; /* populate the output bytes with the 11 bits */ for (j = lbyte; j >= fbyte; j--, x >>= 8) bits[j] |= (unsigned char) (x & 0xff); } if (i < 6) { utils->log(NULL, SASL_LOG_DEBUG, "not enough words (%d)", i); return SASL_BADAUTH; } /* see if the 2-bit checksum is correct */ for (chksum = 0, i = 0; i < 8; i++) { for (j = 0; j < 4; j++) { chksum += ((bits[i] >> (2 * j)) & 0x3); } } chksum <<= 6; if (chksum != bits[8]) { utils->log(NULL, SASL_LOG_DEBUG, "incorrect parity"); return SASL_BADAUTH; } memcpy(bin, bits, OTP_HASH_SIZE); return SASL_OK; } static int verify_response(server_context_t *text, const sasl_utils_t *utils, char *response) { const EVP_MD *md; char *c; int do_init = 0; unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; int r; /* find the MDA */ if (!(md = EVP_get_digestbyname(text->alg->evp_name))) { utils->seterror(utils->conn, 0, "OTP algorithm %s is not available", text->alg->evp_name); return SASL_FAIL; } /* eat leading whitespace */ c = response; while (isspace((int) *c)) c++; if (strchr(c, ':')) { if (!strncasecmp(c, OTP_HEX_TYPE, strlen(OTP_HEX_TYPE))) { r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); } else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); } else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { do_init = 1; r = hex2bin(c+strlen(OTP_INIT_HEX_TYPE), cur_otp, OTP_HASH_SIZE); } else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, strlen(OTP_INIT_WORD_TYPE))) { do_init = 1; r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); } else { SETERROR(utils, "unknown OTP extended response type"); r = SASL_BADAUTH; } } else { /* standard response, try word first, and then hex */ r = word2bin(utils, c, cur_otp, md); if (r != SASL_OK) r = hex2bin(c, cur_otp, OTP_HASH_SIZE); } if (r == SASL_OK) { /* do one more hash (previous otp) and compare to stored otp */ otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { /* update the secret with this seq/otp */ memcpy(text->otp, cur_otp, OTP_HASH_SIZE); text->seq--; r = SASL_OK; } else r = SASL_BADAUTH; } /* if this is an init- attempt, let's check it out */ if (r == SASL_OK && do_init) { char *new_chal = NULL, *new_resp = NULL; algorithm_option_t *alg; unsigned seq; char seed[OTP_SEED_MAX+1]; unsigned char new_otp[OTP_HASH_SIZE]; /* find the challenge and response fields */ new_chal = strchr(c+strlen(OTP_INIT_WORD_TYPE), ':'); if (new_chal) { *new_chal++ = '\0'; new_resp = strchr(new_chal, ':'); if (new_resp) *new_resp++ = '\0'; } if (!(new_chal && new_resp)) return SASL_BADAUTH; if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) != SASL_OK) { return r; } if (seq < 1 || !strcasecmp(seed, text->seed)) return SASL_BADAUTH; /* find the MDA */ if (!(md = EVP_get_digestbyname(alg->evp_name))) { utils->seterror(utils->conn, 0, "OTP algorithm %s is not available", alg->evp_name); return SASL_BADAUTH; } if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { r = hex2bin(new_resp, new_otp, OTP_HASH_SIZE); } else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, strlen(OTP_INIT_WORD_TYPE))) { r = word2bin(utils, new_resp, new_otp, md); } if (r == SASL_OK) { /* setup for new secret */ text->alg = alg; text->seq = seq; strcpy(text->seed, seed); memcpy(text->otp, new_otp, OTP_HASH_SIZE); } } return r; } static int otp_server_mech_step1(server_context_t *text, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { const char *authzid; const char *authidp; size_t authid_len; unsigned lup = 0; int result, n; const char *lookup_request[] = { "*cmusaslsecretOTP", NULL }; const char *store_request[] = { "cmusaslsecretOTP", NULL }; struct propval auxprop_values[2]; char mda[10]; time_t timeout; sasl_secret_t *sec = NULL; struct propctx *propctx = NULL; /* should have received authzid NUL authid */ /* get authzid */ authzid = clientin; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; if (lup >= clientinlen) { SETERROR(params->utils, "Can only find OTP authzid (no authid)"); return SASL_BADPROT; } /* get authid */ ++lup; authidp = clientin + lup; while ((lup < clientinlen) && (clientin[lup] != 0)) ++lup; authid_len = clientin + lup - authidp; if (lup != clientinlen) { SETERROR(params->utils, "Got more data than we were expecting in the OTP plugin\n"); return SASL_BADPROT; } text->authid = params->utils->malloc(authid_len + 1); if (text->authid == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } /* we can't assume that authid is null-terminated */ strncpy(text->authid, authidp, authid_len); text->authid[authid_len] = '\0'; n = 0; do { /* Get user secret */ result = params->utils->prop_request(params->propctx, lookup_request); if (result != SASL_OK) return result; /* this will trigger the getting of the aux properties. Must use the fully qualified authid here */ result = params->canon_user(params->utils->conn, text->authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) return result; result = params->canon_user(params->utils->conn, strlen(authzid) ? authzid : text->authid, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; result = params->utils->prop_getnames(params->propctx, lookup_request, auxprop_values); if (result < 0 || (!auxprop_values[0].name || !auxprop_values[0].values)) { /* We didn't find this username */ SETERROR(params->utils, "no OTP secret in database"); result = params->transition ? SASL_TRANS : SASL_NOUSER; return (result); } if (auxprop_values[0].name && auxprop_values[0].values) { result = parse_secret(params->utils, (char*) auxprop_values[0].values[0], auxprop_values[0].valsize, mda, &text->seq, text->seed, text->otp, &timeout); if (result != SASL_OK) return result; } else { SETERROR(params->utils, "don't have an OTP secret"); return SASL_FAIL; } text->timestamp = time(0); } /* * check lock timeout * * we try 10 times in 1 second intervals in order to give the other * auth attempt time to finish */ while ((text->timestamp < timeout) && (n++ < 10) && !sleep(1)); if (text->timestamp < timeout) { SETERROR(params->utils, "simultaneous OTP authentications not permitted"); return SASL_TRYAGAIN; } /* check sequence number */ if (text->seq <= 1) { SETERROR(params->utils, "OTP has expired (sequence <= 1)"); return SASL_EXPIRED; } /* find algorithm */ text->alg = algorithm_options; while (text->alg->name) { if (!strcasecmp(text->alg->name, mda)) break; text->alg++; } if (!text->alg->name) { params->utils->seterror(params->utils->conn, 0, "unknown OTP algorithm '%s'", mda); return SASL_FAIL; } /* remake the secret with a timeout */ result = make_secret(params->utils, text->alg->name, text->seq, text->seed, text->otp, text->timestamp + OTP_LOCK_TIMEOUT, &sec); if (result != SASL_OK) { SETERROR(params->utils, "error making OTP secret"); return result; } /* do the store */ propctx = params->utils->prop_new(0); if (!propctx) result = SASL_FAIL; if (result == SASL_OK) result = params->utils->prop_request(propctx, store_request); if (result == SASL_OK) result = params->utils->prop_set(propctx, "cmusaslsecretOTP", sec->data, sec->len); if (result == SASL_OK) result = params->utils->auxprop_store(params->utils->conn, propctx, text->authid); if (propctx) params->utils->prop_dispose(&propctx); if (sec) params->utils->free(sec); if (result != SASL_OK) { SETERROR(params->utils, "Error putting OTP secret"); return result; } text->locked = 1; result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), OTP_CHALLENGE_MAX+1); if (result != SASL_OK) return result; /* create challenge */ sprintf(text->out_buf, "otp-%s %u %s ext", text->alg->name, text->seq-1, text->seed); *serverout = text->out_buf; *serveroutlen = (unsigned) strlen(text->out_buf); text->state = 2; return SASL_CONTINUE; } static int otp_server_mech_step2(server_context_t *text, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout __attribute__((unused)), unsigned *serveroutlen __attribute__((unused)), sasl_out_params_t *oparams) { char response[OTP_RESPONSE_MAX+1]; int result; sasl_secret_t *sec = NULL; struct propctx *propctx = NULL; const char *store_request[] = { "cmusaslsecretOTP", NULL }; if (clientinlen > OTP_RESPONSE_MAX) { SETERROR(params->utils, "OTP response too long"); return SASL_BADPROT; } /* we can't assume that the response is null-terminated */ strncpy(response, clientin, clientinlen); response[clientinlen] = '\0'; /* check timeout */ if (time(0) > text->timestamp + OTP_LOCK_TIMEOUT) { SETERROR(params->utils, "OTP: server timed out"); return SASL_UNAVAIL; } /* verify response */ result = verify_response(text, params->utils, response); if (result != SASL_OK) return result; /* make the new secret */ result = make_secret(params->utils, text->alg->name, text->seq, text->seed, text->otp, 0, &sec); if (result != SASL_OK) { SETERROR(params->utils, "error making OTP secret"); } /* do the store */ propctx = params->utils->prop_new(0); if (!propctx) result = SASL_FAIL; if (result == SASL_OK) result = params->utils->prop_request(propctx, store_request); if (result == SASL_OK) result = params->utils->prop_set(propctx, "cmusaslsecretOTP", sec->data, sec->len); if (result == SASL_OK) result = params->utils->auxprop_store(params->utils->conn, propctx, text->authid); if (propctx) params->utils->prop_dispose(&propctx); if (result) { SETERROR(params->utils, "Error putting OTP secret"); } text->locked = 0; if (sec) _plug_free_secret(params->utils, &sec); /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return result; } static int otp_server_mech_step(void *conn_context, sasl_server_params_t *params, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { server_context_t *text = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; switch (text->state) { case 1: return otp_server_mech_step1(text, params, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: return otp_server_mech_step2(text, params, clientin, clientinlen, serverout, serveroutlen, oparams); default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid OTP server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void otp_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *text = (server_context_t *) conn_context; sasl_secret_t *sec; struct propctx *propctx = NULL; const char *store_request[] = { "cmusaslsecretOTP", NULL }; int r; if (!text) return; /* if we created a challenge, but bailed before the verification of the response, release the lock on the user key */ if (text->locked && (time(0) < text->timestamp + OTP_LOCK_TIMEOUT)) { r = make_secret(utils, text->alg->name, text->seq, text->seed, text->otp, 0, &sec); if (r != SASL_OK) { SETERROR(utils, "error making OTP secret"); if (sec) utils->free(sec); sec = NULL; } /* do the store */ propctx = utils->prop_new(0); if (!propctx) r = SASL_FAIL; if (!r) r = utils->prop_request(propctx, store_request); if (!r) r = utils->prop_set(propctx, "cmusaslsecretOTP", (sec ? sec->data : NULL), (sec ? sec->len : 0)); if (!r) r = utils->auxprop_store(utils->conn, propctx, text->authid); if (propctx) utils->prop_dispose(&propctx); if (r) { SETERROR(utils, "Error putting OTP secret"); } if (sec) _plug_free_secret(utils, &sec); } if (text->authid) _plug_free_string(utils, &(text->authid)); if (text->realm) _plug_free_string(utils, &(text->realm)); if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static int otp_setpass(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *userstr, const char *pass, unsigned passlen __attribute__((unused)), const char *oldpass __attribute__((unused)), unsigned oldpasslen __attribute__((unused)), unsigned flags) { int r; char *user = NULL; char *user_only = NULL; char *realm = NULL; sasl_secret_t *sec; struct propctx *propctx = NULL; const char *store_request[] = { "cmusaslsecretOTP", NULL }; /* Do we have a backend that can store properties? */ if (!sparams->utils->auxprop_store || sparams->utils->auxprop_store(NULL, NULL, NULL) != SASL_OK) { SETERROR(sparams->utils, "OTP: auxprop backend can't store properties"); return SASL_NOMECH; } r = _plug_parseuser(sparams->utils, &user_only, &realm, sparams->user_realm, sparams->serverFQDN, userstr); if (r) { SETERROR(sparams->utils, "OTP: Error parsing user"); return r; } r = _plug_make_fulluser(sparams->utils, &user, user_only, realm); if (r) { goto cleanup; } if ((flags & SASL_SET_DISABLE) || pass == NULL) { sec = NULL; } else { algorithm_option_t *algs; const char *mda; unsigned int len; unsigned short randnum; char seed[OTP_SEED_MAX+1]; char otp[OTP_HASH_SIZE]; sparams->utils->getopt(sparams->utils->getopt_context, "OTP", "otp_mda", &mda, &len); if (!mda) mda = OTP_MDA_DEFAULT; algs = algorithm_options; while (algs->name) { if (!strcasecmp(algs->name, mda) || !strcasecmp(algs->evp_name, mda)) break; algs++; } if (!algs->name) { sparams->utils->seterror(sparams->utils->conn, 0, "unknown OTP algorithm '%s'", mda); r = SASL_FAIL; goto cleanup; } sparams->utils->rand(sparams->utils->rpool, (char*) &randnum, sizeof(randnum)); sprintf(seed, "%.2s%04u", sparams->serverFQDN, (randnum % 9999) + 1); r = generate_otp(sparams->utils, algs, OTP_SEQUENCE_DEFAULT, seed, (char*) pass, otp); if (r != SASL_OK) { /* generate_otp() takes care of error message */ goto cleanup; } r = make_secret(sparams->utils, algs->name, OTP_SEQUENCE_DEFAULT, seed, otp, 0, &sec); if (r != SASL_OK) { SETERROR(sparams->utils, "error making OTP secret"); goto cleanup; } } /* do the store */ propctx = sparams->utils->prop_new(0); if (!propctx) r = SASL_FAIL; if (!r) r = sparams->utils->prop_request(propctx, store_request); if (!r) r = sparams->utils->prop_set(propctx, "cmusaslsecretOTP", (sec ? sec->data : NULL), (sec ? sec->len : 0)); if (!r) r = sparams->utils->auxprop_store(sparams->utils->conn, propctx, user); if (propctx) sparams->utils->prop_dispose(&propctx); if (r) { SETERROR(sparams->utils, "Error putting OTP secret"); goto cleanup; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "Setpass for OTP successful\n"); cleanup: if (user) _plug_free_string(sparams->utils, &user); if (user_only) _plug_free_string(sparams->utils, &user_only); if (realm) _plug_free_string(sparams->utils, &realm); if (sec) _plug_free_secret(sparams->utils, &sec); return r; } static int otp_mech_avail(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, void **conn_context __attribute__((unused))) { /* Do we have a backend that can store properties? */ if (!sparams->utils->auxprop_store || sparams->utils->auxprop_store(NULL, NULL, NULL) != SASL_OK) { sparams->utils->log(NULL, SASL_LOG_DEBUG, "OTP: auxprop backend can't store properties"); return SASL_NOMECH; } return SASL_OK; } static sasl_server_plug_t otp_server_plugins[] = { { "OTP", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_FORWARD_SECRECY, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &otp_server_mech_new, /* mech_new */ &otp_server_mech_step, /* mech_step */ &otp_server_mech_dispose, /* mech_dispose */ &otp_common_mech_free, /* mech_free */ &otp_setpass, /* setpass */ NULL, /* user_query */ NULL, /* idle */ &otp_mech_avail, /* mech avail */ NULL /* spare */ } }; #endif /* HAVE_OPIE */ int otp_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR(utils, "OTP version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = otp_server_plugins; *plugcount = 1; /* Add all digests */ OpenSSL_add_all_digests(); return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { int state; sasl_secret_t *password; unsigned int free_password; /* set if we need to free password */ const char *otpassword; char *out_buf; unsigned out_buf_len; char challenge[OTP_CHALLENGE_MAX+1]; } client_context_t; static int otp_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR( params->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); text->state = 1; *conn_context = text; return SASL_OK; } static int otp_client_mech_step1(client_context_t *text, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { const char *user = NULL, *authid = NULL; int user_result = SASL_OK; int auth_result = SASL_OK; int pass_result = SASL_OK; sasl_chalprompt_t *echo_cb; void *echo_context; int result; /* check if sec layer strong enough */ if (params->props.min_ssf > params->external_ssf) { SETERROR( params->utils, "SSF requested of OTP plugin"); return SASL_TOOWEAK; } /* try to get the authid */ if (oparams->authid == NULL) { auth_result = _plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the userid */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) return user_result; } /* try to get the secret pass-phrase if we don't have a chalprompt */ if ((params->utils->getcallback(params->utils->conn, SASL_CB_ECHOPROMPT, (sasl_callback_ft *)&echo_cb, &echo_context) == SASL_FAIL) && (text->password == NULL)) { pass_result = _plug_get_password(params->utils, &text->password, &text->free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) return pass_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((user_result == SASL_INTERACT) || (auth_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your secret pass-phrase" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } if (!user || !*user) { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, user, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); } if (result != SASL_OK) return result; /* send authorized id NUL authentication id */ *clientoutlen = oparams->ulen + 1 + oparams->alen; /* remember the extra NUL on the end for stupid clients */ result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), *clientoutlen + 1); if (result != SASL_OK) return result; memset(text->out_buf, 0, *clientoutlen + 1); memcpy(text->out_buf, oparams->user, oparams->ulen); memcpy(text->out_buf+oparams->ulen+1, oparams->authid, oparams->alen); *clientout = text->out_buf; text->state = 2; return SASL_CONTINUE; } static int otp_client_mech_step2(client_context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { int echo_result = SASL_OK; int result; if (serverinlen > OTP_CHALLENGE_MAX) { SETERROR(params->utils, "OTP challenge too long"); return SASL_BADPROT; } /* we can't assume that challenge is null-terminated */ strncpy(text->challenge, serverin, serverinlen); text->challenge[serverinlen] = '\0'; /* try to get the one-time password if we don't have the secret */ if ((text->password == NULL) && (text->otpassword == NULL)) { echo_result = _plug_challenge_prompt(params->utils, SASL_CB_ECHOPROMPT, text->challenge, "Please enter your one-time password", &text->otpassword, prompt_need); if ((echo_result != SASL_OK) && (echo_result != SASL_INTERACT)) return echo_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (echo_result == SASL_INTERACT) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, NULL, NULL, NULL, NULL, NULL, NULL, text->challenge, "Please enter your one-time password", NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } /* the application provided us with a one-time password so use it */ if (text->otpassword) { *clientout = text->otpassword; *clientoutlen = (unsigned) strlen(text->otpassword); } /* generate our own response using the user's secret pass-phrase */ else { algorithm_option_t *alg; unsigned seq; char seed[OTP_SEED_MAX+1]; char otp[OTP_HASH_SIZE]; int init_done = 0; /* parse challenge */ result = parse_challenge(params->utils, text->challenge, &alg, &seq, seed, 0); if (result != SASL_OK) return result; if (!text->password) { PARAMERROR(params->utils); return SASL_BADPARAM; } if (seq < 1) { SETERROR(params->utils, "OTP has expired (sequence < 1)"); return SASL_EXPIRED; } /* generate otp */ result = generate_otp(params->utils, alg, seq, seed, text->password->data, otp); if (result != SASL_OK) return result; result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), OTP_RESPONSE_MAX+1); if (result != SASL_OK) return result; if (seq < OTP_SEQUENCE_REINIT) { unsigned short randnum; char new_seed[OTP_SEED_MAX+1]; char new_otp[OTP_HASH_SIZE]; /* try to reinitialize */ /* make sure we have a different seed */ do { params->utils->rand(params->utils->rpool, (char*) &randnum, sizeof(randnum)); sprintf(new_seed, "%.2s%04u", params->serverFQDN, (randnum % 9999) + 1); } while (!strcasecmp(seed, new_seed)); result = generate_otp(params->utils, alg, OTP_SEQUENCE_DEFAULT, new_seed, text->password->data, new_otp); if (result == SASL_OK) { /* create an init-hex response */ strcpy(text->out_buf, OTP_INIT_HEX_TYPE); bin2hex(otp, OTP_HASH_SIZE, text->out_buf+strlen(text->out_buf)); sprintf(text->out_buf+strlen(text->out_buf), ":%s %u %s:", alg->name, OTP_SEQUENCE_DEFAULT, new_seed); bin2hex(new_otp, OTP_HASH_SIZE, text->out_buf+strlen(text->out_buf)); init_done = 1; } else { /* just do a regular response */ } } if (!init_done) { /* created hex response */ strcpy(text->out_buf, OTP_HEX_TYPE); bin2hex(otp, OTP_HASH_SIZE, text->out_buf+strlen(text->out_buf)); } *clientout = text->out_buf; *clientoutlen = (unsigned) strlen(text->out_buf); } /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } static int otp_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *) conn_context; *clientout = NULL; *clientoutlen = 0; switch (text->state) { case 1: return otp_client_mech_step1(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); case 2: return otp_client_mech_step2(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); default: params->utils->log(NULL, SASL_LOG_ERR, "Invalid OTP client step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static void otp_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; if (text->free_password) _plug_free_secret(utils, &(text->password)); if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static sasl_client_plug_t otp_client_plugins[] = { { "OTP", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_FORWARD_SECRECY, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &otp_client_mech_new, /* mech_new */ &otp_client_mech_step, /* mech_step */ &otp_client_mech_dispose, /* mech_dispose */ &otp_common_mech_free, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int otp_client_plug_init(sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR(utils, "OTP version mismatch"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = otp_client_plugins; *plugcount = 1; /* Add all digests */ OpenSSL_add_all_digests(); return SASL_OK; } cyrus-sasl-2.1.25/plugins/Makefile.am0000646000076400007640000001375311631155042014365 00000000000000# Makefile.am for the SASL plugins # Rob Siemborski # Rob Earhart # $Id: Makefile.am,v 1.86 2011/09/05 14:18:10 murch Exp $ # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ # Library version info - here at the top, for sanity # CURRENT:REVISION:AGE plugin_version = 2:25:0 INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ EXTRA_DIST = makeinit.sh NTMakefile noinst_SCRIPTS = makeinit.sh LIB_MYSQL = @LIB_MYSQL@ plugindir = @plugindir@ common_sources = plugin_common.c plugin_common.h sasldir = $(prefix)/lib/sasl2 sasl_LTLIBRARIES = @SASL_MECHS@ EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \ libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \ libscram.la libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la libplain_la_SOURCES = plain.c plain_init.c $(common_sources) libplain_la_DEPENDENCIES = $(COMPAT_OBJS) libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources) libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS) libanonymous_la_LIBADD = $(COMPAT_OBJS) libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources) libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS) libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS) libgs2_la_SOURCES = gs2.c gs2_init.c gs2_token.c gs2_token.h $(common_sources) libgs2_la_DEPENDENCIES = $(COMPAT_OBJS) libgs2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources) libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS) libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources) libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS) libcrammd5_la_LIBADD = $(COMPAT_OBJS) libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources) libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS) libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS) libscram_la_SOURCES = scram.c scram_init.c $(common_sources) libscram_la_DEPENDENCIES = $(COMPAT_OBJS) libscram_la_LIBADD = $(SCRAM_LIBS) $(COMPAT_OBJS) liblogin_la_SOURCES = login.c login_init.c $(common_sources) liblogin_la_DEPENDENCIES = $(COMPAT_OBJS) liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) libotp_la_DEPENDENCIES = $(COMPAT_OBJS) libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) # Auxprop Plugins libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS) libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS) libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources) libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) libldapdb_la_LIBADD = $(LIB_LDAP) $(COMPAT_OBJS) libsql_la_SOURCES = sql.c sql_init.c $(common_sources) libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) $(LIB_SQLITE3) \ $(AM_LDFLAGS) libsql_la_DEPENDENCIES = $(COMPAT_OBJS) libsql_la_LIBADD = $(COMPAT_OBJS) # Instructions for making the _init files init_src=anonymous_init.c crammd5_init.c digestmd5_init.c scram_init.c gs2_init.c gssapiv2_init.c \ kerberos4_init.c login_init.c plain_init.c srp_init.c otp_init.c ntlm_init.c \ passdss_init.c sasldb_init.c sql_init.c ldapdb_init.c CLEANFILES=$(init_src) ${init_src}: $(srcdir)/makeinit.sh $(SHELL) $(srcdir)/makeinit.sh # Compatibility function build rules (they build in lib/) $(COMPAT_OBJS): rm -f $(COMPAT_OBJS) cd ../lib; $(MAKE) $(COMPAT_OBJS) for file in $(COMPAT_OBJS); do ln -s ../lib/$$file .; done cyrus-sasl-2.1.25/plugins/scram.c0000646000076400007640000021522111631713504013577 00000000000000/* SCRAM-SHA-1 SASL plugin * Alexey Melnikov * $Id: scram.c,v 1.26 2011/09/07 16:09:40 murch Exp $ */ /* * Copyright (c) 2009-2010 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #include #include #include /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: scram.c,v 1.26 2011/09/07 16:09:40 murch Exp $"; #define NONCE_SIZE (32) /* arbitrary */ #define SALT_SIZE (16) /* arbitrary */ /* TODO: make this a configurable option? */ #define DEFAULT_ITERATION_COUNTER 4096 #define MIN_ITERATION_COUNTER 4096 #define MAX_ITERATION_COUNTER 0x10000 /* maximum length of the iteration_counter (as a string). Assume it is 32bits */ #define ITERATION_COUNTER_BUF_LEN 20 #define SCRAM_HASH_SIZE 20 #define BASE64_LEN(size) (((size) / 3 * 4) + (((size) % 3) ? 4 : 0)) #define MAX_CLIENTIN_LEN 2048 #define MAX_SERVERIN_LEN 2048 #define STRINGIZE(x) #x #define MAX_CLIENTIN_LEN_STR STRINGIZE((MAX_CLIENTIN_LEN)) #define MAX_SERVERIN_LEN_STR STRINGIZE((MAX_SERVERIN_LEN)) #define CLIENT_KEY_CONSTANT "Client Key" #define SERVER_KEY_CONSTANT "Server Key" #define CLIENT_KEY_CONSTANT_LEN sizeof(CLIENT_KEY_CONSTANT)-1 #define SERVER_KEY_CONSTANT_LEN sizeof(SERVER_KEY_CONSTANT)-1 #define SCRAM_CB_FLAG_MASK 0x0F #define SCRAM_CB_FLAG_N 0x00 #define SCRAM_CB_FLAG_P 0x01 #define SCRAM_CB_FLAG_Y 0x02 #ifdef SCRAM_DEBUG #define PRINT_HASH(func,hash) print_hash(func,hash) #else #define PRINT_HASH(func,hash) #endif /* NB: A temporary mapping for "internal errors". It would be better to add a new SASL error code for that */ #define SASL_SCRAM_INTERNAL SASL_NOMEM #define SCRAM_SASL_MECH "SCRAM-SHA-1" #define SCRAM_SASL_MECH_LEN 11 /* Holds the core salt to avoid regenerating salt each auth. */ static unsigned char g_salt_key[SALT_SIZE]; /* Convert saslname = 1*(value-safe-char / "=2C" / "=3D") in place. Returns SASL_FAIL if the encoding is invalid, otherwise SASL_OK */ static int decode_saslname (char *buf) { char * inp; char * outp; inp = outp = buf; while (*inp) { if (*inp == '=') { inp++; if (*inp == '\0') { return SASL_FAIL; } if (inp[0] == '2' && inp[1] == 'C') { *outp = ','; inp += 2; } else if (inp[0] == '3' && inp[1] == 'D') { *outp = '='; inp += 2; } else { return SASL_FAIL; } } else { *outp = *inp; inp++; } outp++; } return SASL_OK; } /* Convert a username to saslname = 1*(value-safe-char / "=2C" / "=3D") and return an allocated copy. "freeme" contains pointer to the allocated output, or NULL, if encoded_saslname just points to saslname. Returns SASL_NOMEM if can't allocate memory for the output, otherwise SASL_OK */ static int encode_saslname (const char *saslname, const char **encoded_saslname, char **freeme) { const char * inp; char * outp; int special_chars = 0; /* Found out if anything needs encoding */ for (inp = saslname; *inp; inp++) { if (*inp == ',' || *inp == '=') { special_chars++; } } if (special_chars == 0) { *encoded_saslname = saslname; *freeme = NULL; return SASL_OK; } outp = malloc(strlen(saslname) + special_chars * 2 + 1); *encoded_saslname = outp; *freeme = outp; if (outp == NULL) { return SASL_NOMEM; } for (inp = saslname; *inp; inp++) { switch (*inp) { case ',': *outp++ = '='; *outp++ = '2'; *outp++ = 'C'; break; case '=': *outp++ = '='; *outp++ = '3'; *outp++ = 'D'; break; default: *outp++ = *inp; } } *outp = '\0'; return SASL_OK; } static char * create_nonce(const sasl_utils_t * utils, char *buffer, size_t buflen) /* Including the terminating NUL */ { char *intbuf; unsigned int estimated; if ((buflen - 1) % 4 != 0) { /* NB: the algorithm below doesn't work for such length. It needs to be adjusted to allocate + 4 bytes, encode the last 4 bytes to a separate buffer and then copy the necessary number of bytes to the end of the output */ return NULL; } estimated = (unsigned int)((buflen - 1) / 4 * 3); intbuf = (char *) utils->malloc(estimated + 1); if (intbuf == NULL) { return NULL; } utils->rand(utils->rpool, intbuf, estimated); /* base 64 encode it so it has valid chars */ if (utils->encode64(intbuf, estimated, buffer, (unsigned int)buflen, NULL) != SASL_OK) { utils->free(intbuf); return NULL; } utils->free(intbuf); buffer[buflen-1] = '\0'; return buffer; } /* Useful for debugging interop issues */ static void print_hash (const char * func, const char * hash) { int i; printf (" HASH in %s:", func); for (i = 0; i < SCRAM_HASH_SIZE; i++) { printf (" %.2X", (unsigned char)hash[i]); } printf ("\n"); } /* The result variable need to point to a buffer big enough for the [SHA-1] hash */ static void Hi (const sasl_utils_t * utils, const char * str, size_t str_len, const char * salt, size_t salt_len, unsigned int iteration_count, char * result) { char * initial_key = NULL; unsigned int i; int k; char * temp_result; unsigned int hash_len = 0; initial_key = utils->malloc(salt_len + 4); memcpy (initial_key, salt, salt_len); initial_key[salt_len] = 0; initial_key[salt_len+1] = 0; initial_key[salt_len+2] = 0; initial_key[salt_len+3] = 1; temp_result = utils->malloc(SCRAM_HASH_SIZE); /* U1 := HMAC(str, salt || INT(1)) */ if (HMAC(EVP_sha1(), (const unsigned char *) str, (int)str_len, initial_key, (int)salt_len + 4, (unsigned char *)result, &hash_len) == NULL) { } memcpy(temp_result, result, SCRAM_HASH_SIZE); PRINT_HASH ("first HMAC in Hi()", temp_result); /* On each loop iteration j "temp_result" contains Uj, while "result" contains "U1 XOR ... XOR Uj" */ for (i = 2; i <= iteration_count; i++) { if (HMAC(EVP_sha1(), (const unsigned char *) str, (int)str_len, temp_result, SCRAM_HASH_SIZE, (unsigned char *)temp_result, &hash_len) == NULL) { } PRINT_HASH ("Hi() HMAC inside loop", temp_result); for (k = 0; k < SCRAM_HASH_SIZE; k++) { result[k] ^= temp_result[k]; } PRINT_HASH ("Hi() - accumulated result inside loop", result); } utils->free(initial_key); utils->free(temp_result); } /** * User salt is Hi(username,salt_key); * This is fixed per reboot, to allow caching of SCRAM * SaltedPassword. */ static unsigned char * scram_server_user_salt(const sasl_utils_t * utils, const char * username, size_t * p_salt_len) { char * result = utils->malloc(SCRAM_HASH_SIZE); Hi(utils, username, strlen(username), g_salt_key, SALT_SIZE, 20 /* iterations */, result); *p_salt_len = SCRAM_HASH_SIZE; return result; } static int GenerateScramSecrets (const sasl_utils_t * utils, const char * password, size_t password_len, char * salt, size_t salt_len, unsigned int iteration_count, char * StoredKey, char * ServerKey, char ** error_text) { char SaltedPassword[SCRAM_HASH_SIZE]; char ClientKey[SCRAM_HASH_SIZE]; sasl_secret_t *sec = NULL; unsigned int hash_len = 0; int result; *error_text = NULL; if (password_len == 0) { *error_text = "empty secret"; result = SASL_FAIL; goto cleanup; } sec = utils->malloc(sizeof(sasl_secret_t) + password_len); if (sec == NULL) { result = SASL_NOMEM; goto cleanup; } sec->len = (unsigned) password_len; strncpy((char *)sec->data, password, password_len + 1); /* SaltedPassword := Hi(password, salt) */ Hi (utils, sec->data, sec->len, salt, salt_len, iteration_count, SaltedPassword); /* ClientKey := HMAC(SaltedPassword, "Client Key") */ if (HMAC(EVP_sha1(), (const unsigned char *) SaltedPassword, SCRAM_HASH_SIZE, CLIENT_KEY_CONSTANT, CLIENT_KEY_CONSTANT_LEN, (unsigned char *)ClientKey, &hash_len) == NULL) { *error_text = "HMAC-SHA1 call failed"; result = SASL_SCRAM_INTERNAL; goto cleanup; } /* StoredKey := H(ClientKey) */ if (SHA1(ClientKey, SCRAM_HASH_SIZE, StoredKey) == NULL) { *error_text = "SHA1 call failed"; result = SASL_SCRAM_INTERNAL; goto cleanup; } /* ServerKey := HMAC(SaltedPassword, "Server Key") */ if (HMAC(EVP_sha1(), (const unsigned char *) SaltedPassword, SCRAM_HASH_SIZE, SERVER_KEY_CONSTANT, SERVER_KEY_CONSTANT_LEN, (unsigned char *)ServerKey, &hash_len) == NULL) { *error_text = "HMAC-SHA1 call failed"; result = SASL_SCRAM_INTERNAL; goto cleanup; } result = SASL_OK; cleanup: if (sec) { _plug_free_secret(utils, &sec); } return result; } /***************************** Server Section *****************************/ typedef struct server_context { int state; char * authentication_id; char * authorization_id; char * out_buf; unsigned out_buf_len; char * auth_message; size_t auth_message_len; char * nonce; /* in binary form */ char * salt; size_t salt_len; unsigned int iteration_count; char StoredKey[SCRAM_HASH_SIZE + 1]; char ServerKey[SCRAM_HASH_SIZE + 1]; int cb_flags; char *cbindingname; char *gs2_header; size_t gs2_header_length; } server_context_t; static int scram_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { server_context_t *text; /* holds state are in */ text = sparams->utils->malloc(sizeof(server_context_t)); if (text == NULL) { MEMERROR( sparams->utils ); return SASL_NOMEM; } memset(text, 0, sizeof(server_context_t)); /* text->state = 0; */ *conn_context = text; return SASL_OK; } static int scram_server_mech_step1(server_context_t *text, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams __attribute__((unused))) { char * authentication_id; char * p; char * nonce; size_t client_nonce_len; char * base64_salt = NULL; size_t base64len; size_t estimated_challenge_len; size_t pure_scram_length; char * inbuf = NULL; const char *password_request[] = { SASL_AUX_PASSWORD, "*authPassword", NULL }; int canon_flags; struct propval auxprop_values[3]; unsigned int hash_len = 0; int result; if (clientinlen == 0) { SETERROR(sparams->utils, SCRAM_SASL_MECH " input expected"); return SASL_BADPROT; } /* Expecting: 'gs2-cbind-flag "," [ authzid ] "," [reserved-mext ","] username "," nonce ["," extensions]' */ if (clientinlen < 10) { SETERROR(sparams->utils, "Invalid " SCRAM_SASL_MECH " input"); return SASL_BADPROT; } inbuf = sparams->utils->malloc (clientinlen + 1); if (inbuf == NULL) { MEMERROR( sparams->utils ); return SASL_NOMEM; } memcpy(inbuf, clientin, clientinlen); inbuf[clientinlen] = 0; if (strlen(inbuf) != clientinlen) { SETERROR(sparams->utils, "NULs found in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } p = inbuf; /* gs2-cbind-flag = "p=" cb-name / "n" / "y" ;; "n" -> client doesn't support channel binding ;; "y" -> client does support channel binding ;; but thinks the server does not. ;; "p" -> client requires channel binding. ;; The selected channel binding follows "p=". */ switch (p[0]) { case 'p': if (p[1] != '=') { SETERROR(sparams->utils, "The initial 'p' needs to be followed by '=' in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } p++; text->cbindingname = p + 1; p = strchr (p, ','); if (p == NULL) { text->cbindingname = NULL; SETERROR(sparams->utils, "Channel binding name must be terminated by a comma in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } *p = '\0'; _plug_strdup(sparams->utils, text->cbindingname, &text->cbindingname, NULL); *p = ','; text->cb_flags = SCRAM_CB_FLAG_P; break; case 'n': text->cb_flags = SCRAM_CB_FLAG_N; /* We always have at least 10 bytes, so this is safe */ p++; break; case 'y': text->cb_flags = SCRAM_CB_FLAG_Y; /* We always have at least 10 bytes, so this is safe */ p++; break; default: SETERROR(sparams->utils, "The initial " SCRAM_SASL_MECH " client response needs to start with 'y', 'n' or 'p'"); result = SASL_BADPROT; goto cleanup; } if (p[0] != ',') { SETERROR(sparams->utils, "',' expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } p++; if (p[0] == 'a' && p[1] == '=') { text->authorization_id = p + 2; p = strchr (text->authorization_id, ','); if (p == NULL) { text->authorization_id = NULL; SETERROR(sparams->utils, "At least nonce is expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } /* End of the GS2 header */ p[0] = '\0'; /* The GS2 header length DOES include the terminating comma */ text->gs2_header_length = p - inbuf + 1; p++; /* Make a read-write copy we can modify */ _plug_strdup(sparams->utils, text->authorization_id, &text->authorization_id, NULL); if (decode_saslname(text->authorization_id) != SASL_OK) { SETERROR(sparams->utils, "Invalid authorization identity encoding in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } } else if (p[0] != ',') { SETERROR(sparams->utils, "',' expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } else { /* End of the GS2 header */ p[0] = '\0'; /* The GS2 header length DOES include the terminating comma */ text->gs2_header_length = p - inbuf + 1; p++; } text->gs2_header = sparams->utils->malloc (text->gs2_header_length + 1); if (text->gs2_header == NULL) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } memcpy(text->gs2_header, inbuf, text->gs2_header_length - 1); /* Remember the comma */ text->gs2_header[text->gs2_header_length - 1] = ','; text->gs2_header[text->gs2_header_length] = 0; if (p[1] != '=') { SETERROR(sparams->utils, "Invalid " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } if (p[0] == 'm') { SETERROR(sparams->utils, "Unsupported mandatory extension to " SCRAM_SASL_MECH); result = SASL_BADPROT; goto cleanup; } if (p[0] != 'n') { SETERROR(sparams->utils, "Username (n=) expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } authentication_id = p + 2; p = strchr (authentication_id, ','); /* MUST be followed by a nonce */ if (p == NULL) { SETERROR(sparams->utils, "Nonce expected after the username in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } *p = '\0'; p++; if (decode_saslname(authentication_id) != SASL_OK) { SETERROR(sparams->utils, "Invalid username encoding in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } _plug_strdup(sparams->utils, authentication_id, &text->authentication_id, NULL); if (strncmp(p, "r=", 2) != 0) { SETERROR(sparams->utils, "Nonce expected after the username in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } p += 2; nonce = p; p = strchr (nonce, ','); if (p == NULL) { p = nonce + strlen(nonce); } else { *p = '\0'; } /* Generate server nonce, by appending some random stuff to the client nonce */ client_nonce_len = strlen(nonce); text->nonce = sparams->utils->malloc (client_nonce_len + NONCE_SIZE + 1); if (text->nonce == NULL) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } strcpy (text->nonce, nonce); if (create_nonce(sparams->utils, text->nonce + client_nonce_len, NONCE_SIZE + 1) == NULL) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } /* Now we fetch user's password and calculate our secret */ result = sparams->utils->prop_request(sparams->propctx, password_request); if (result != SASL_OK) { goto cleanup; } /* this will trigger the getting of the aux properties */ canon_flags = SASL_CU_AUTHID; if (text->authorization_id == NULL || *text->authorization_id == '\0') { canon_flags |= SASL_CU_AUTHZID; } result = sparams->canon_user(sparams->utils->conn, text->authentication_id, 0, canon_flags, oparams); if (result != SASL_OK) { SETERROR(sparams->utils, "unable to canonify user and get auxprops"); goto cleanup; } if (text->authorization_id != NULL && *text->authorization_id != '\0') { result = sparams->canon_user(sparams->utils->conn, text->authorization_id, 0, SASL_CU_AUTHZID, oparams); } if (result != SASL_OK) { SETERROR(sparams->utils, "unable to canonify authorization ID"); goto cleanup; } result = sparams->utils->prop_getnames(sparams->propctx, password_request, auxprop_values); if (result < 0 || ((!auxprop_values[0].name || !auxprop_values[0].values) && (!auxprop_values[1].name || !auxprop_values[1].values))) { /* We didn't find this username */ sparams->utils->seterror(sparams->utils->conn,0, "no secret in database"); result = sparams->transition ? SASL_TRANS : SASL_NOUSER; goto cleanup; } if (auxprop_values[0].name && auxprop_values[0].values) { char * error_text = NULL; char * s_iteration_count; char * end; text->salt = scram_server_user_salt(sparams->utils, text->authentication_id, &text->salt_len); sparams->utils->getopt(sparams->utils->getopt_context, /* Different SCRAM hashes can have different strengh */ SCRAM_SASL_MECH, "scram_iteration_counter", &s_iteration_count, NULL); if (s_iteration_count != NULL) { errno = 0; text->iteration_count = strtoul(s_iteration_count, &end, 10); if (s_iteration_count == end || *end != '\0' || errno != 0) { sparams->utils->log(NULL, SASL_LOG_DEBUG, "Invalid iteration-count in scram_iteration_count SASL option: not a number. Using the default instead."); s_iteration_count = NULL; } } if (s_iteration_count == NULL) { text->iteration_count = DEFAULT_ITERATION_COUNTER; } result = GenerateScramSecrets (sparams->utils, auxprop_values[0].values[0], strlen(auxprop_values[0].values[0]), text->salt, text->salt_len, text->iteration_count, text->StoredKey, text->ServerKey, &error_text); if (result != SASL_OK) { if (error_text != NULL) { sparams->utils->seterror(sparams->utils->conn, 0, error_text); } goto cleanup; } } else if (auxprop_values[1].name && auxprop_values[1].values) { char s_iteration_count[ITERATION_COUNTER_BUF_LEN+1]; size_t base64_salt_len; unsigned int exact_key_len; const char * scram_hash; const char * p_field; char * end; int i; result = SASL_SCRAM_INTERNAL; for (i = 0; auxprop_values[1].values[i] != NULL; i++) { scram_hash = auxprop_values[1].values[i]; /* Skip the leading spaces */ while (*scram_hash == ' ') { scram_hash++; } if (strncmp(scram_hash, SCRAM_SASL_MECH, SCRAM_SASL_MECH_LEN) != 0) { continue; } scram_hash += SCRAM_SASL_MECH_LEN; /* Skip spaces */ while (*scram_hash == ' ') { scram_hash++; } if (*scram_hash != '$') { /* syntax error, ignore the value */ continue; } scram_hash++; /* Skip spaces */ while (*scram_hash == ' ') { scram_hash++; } p_field = strchr(scram_hash, ':'); if (p_field == NULL || p_field == scram_hash) { /* syntax error, ignore the value */ continue; } if ((p_field - scram_hash) > ITERATION_COUNTER_BUF_LEN) { /* The iteration counter is too big for us */ SETERROR(sparams->utils, "Invalid iteration-count in " SCRAM_SASL_MECH " input: the value is too big"); continue; } memcpy(s_iteration_count, scram_hash, p_field - scram_hash); s_iteration_count[p_field - scram_hash] = '\0'; errno = 0; text->iteration_count = strtoul(s_iteration_count, &end, 10); if (s_iteration_count == end || *end != '\0' || errno != 0) { SETERROR(sparams->utils, "Invalid iteration-count in " SCRAM_SASL_MECH " input: not a number"); continue; } scram_hash = p_field + 1; p_field = scram_hash + strcspn(scram_hash, "$ "); if (p_field == scram_hash || *p_field == '\0') { /* syntax error, ignore the value */ continue; } base64_salt_len = p_field - scram_hash; text->salt = (char *) sparams->utils->malloc(base64_salt_len); if (sparams->utils->decode64(scram_hash, (unsigned int)base64_salt_len, text->salt, (unsigned int)base64_salt_len, &text->salt_len) != SASL_OK) { SETERROR(sparams->utils, "Invalid base64 encoding of the salt in " SCRAM_SASL_MECH " stored value"); continue; } scram_hash = p_field; /* Skip spaces */ while (*scram_hash == ' ') { scram_hash++; } if (*scram_hash != '$') { /* syntax error, ignore the value */ sparams->utils->free(text->salt); text->salt = NULL; continue; } scram_hash++; /* Skip spaces */ while (*scram_hash == ' ') { scram_hash++; } p_field = strchr(scram_hash, ':'); if (p_field == NULL || p_field == scram_hash) { /* syntax error, ignore the value */ sparams->utils->free(text->salt); text->salt = NULL; continue; } if (sparams->utils->decode64(scram_hash, (unsigned int)(p_field - scram_hash), text->StoredKey, SCRAM_HASH_SIZE + 1, &exact_key_len) != SASL_OK) { SETERROR(sparams->utils, "Invalid base64 encoding of StoredKey in " SCRAM_SASL_MECH " per-user storage"); sparams->utils->free(text->salt); text->salt = NULL; continue; } if (exact_key_len != SCRAM_HASH_SIZE) { SETERROR(sparams->utils, "Invalid StoredKey in " SCRAM_SASL_MECH " per-user storage"); sparams->utils->free(text->salt); text->salt = NULL; continue; } scram_hash = p_field + 1; p_field = strchr(scram_hash, ' '); if (p_field == NULL) { p_field = scram_hash + strlen(scram_hash); } if (sparams->utils->decode64(scram_hash, (unsigned int)(p_field - scram_hash), text->ServerKey, SCRAM_HASH_SIZE + 1, &exact_key_len) != SASL_OK) { SETERROR(sparams->utils, "Invalid base64 encoding of ServerKey in " SCRAM_SASL_MECH " per-user storage"); sparams->utils->free(text->salt); text->salt = NULL; continue; } if (exact_key_len != SCRAM_HASH_SIZE) { SETERROR(sparams->utils, "Invalid ServerKey in " SCRAM_SASL_MECH " per-user storage"); sparams->utils->free(text->salt); text->salt = NULL; continue; } result = SASL_OK; break; } if (result != SASL_OK) { sparams->utils->seterror(sparams->utils->conn, 0, "No valid " SCRAM_SASL_MECH " secret found"); goto cleanup; } } else { sparams->utils->seterror(sparams->utils->conn, 0, "Have neither type of secret"); return SASL_FAIL; } /* erase the plaintext password */ sparams->utils->prop_erase(sparams->propctx, password_request[0]); /* base 64 encode it so it has valid chars */ base64len = (text->salt_len / 3 * 4) + ((text->salt_len % 3) ? 4 : 0); base64_salt = (char *) sparams->utils->malloc(base64len + 1); if (base64_salt == NULL) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } /* * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ if (sparams->utils->encode64(text->salt, (unsigned int)text->salt_len, base64_salt, (unsigned int)base64len + 1, NULL) != SASL_OK) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } base64_salt[base64len] = '\0'; /* Now we generate server challenge */ estimated_challenge_len = client_nonce_len + NONCE_SIZE + base64len + ITERATION_COUNTER_BUF_LEN + strlen("r=,s=,i="); result = _plug_buf_alloc(sparams->utils, &(text->out_buf), &(text->out_buf_len), (unsigned) estimated_challenge_len + 1); if (result != SASL_OK) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } sprintf(text->out_buf, "r=%s,s=%s,i=%u", text->nonce, base64_salt, text->iteration_count); /* Save the (client response, ",", server challenge, ","). Note, we skip the GS2 prefix here */ pure_scram_length = clientinlen - text->gs2_header_length; text->auth_message_len = pure_scram_length + 1 + estimated_challenge_len + 1; text->auth_message = sparams->utils->malloc (text->auth_message_len + 1); if (text->auth_message == NULL) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } memcpy(text->auth_message, clientin + text->gs2_header_length, pure_scram_length); text->auth_message[pure_scram_length] = ','; strcpy (text->auth_message + pure_scram_length + 1, text->out_buf); strcat (text->auth_message + pure_scram_length + 1, ","); /* Now remember the exact length, not the estimated one */ text->auth_message_len = strlen(text->auth_message); *serverout = text->out_buf; *serveroutlen = (unsigned) strlen(text->out_buf); result = SASL_CONTINUE; text->state = 2; cleanup: if (inbuf != NULL) { sparams->utils->free(inbuf); } if (base64_salt != NULL) { sparams->utils->free(base64_salt); } return result; } static int scram_server_mech_step2(server_context_t *text, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { char *channel_binding = NULL; size_t channel_binding_len = 0; char *binary_channel_binding = NULL; unsigned binary_channel_binding_len = 0; char *client_proof = NULL; char *inbuf = NULL; char *p; int result = SASL_FAIL; size_t proof_offset; char * full_auth_message; char ReceivedClientKey[SCRAM_HASH_SIZE]; char DecodedClientProof[SCRAM_HASH_SIZE + 1]; char CalculatedStoredKey[SCRAM_HASH_SIZE]; char ClientSignature[SCRAM_HASH_SIZE]; char ServerSignature[SCRAM_HASH_SIZE]; char * nonce; size_t client_proof_len; size_t server_proof_len; unsigned exact_client_proof_len; unsigned int hash_len = 0; int k; if (clientinlen == 0) { SETERROR(sparams->utils, SCRAM_SASL_MECH " input expected"); return SASL_BADPROT; } if (clientinlen < 3 || clientin[1] != '=') { SETERROR(sparams->utils, "Invalid " SCRAM_SASL_MECH " input"); return SASL_BADPROT; } inbuf = sparams->utils->malloc (clientinlen + 1); if (inbuf == NULL) { MEMERROR( sparams->utils ); return SASL_NOMEM; } memcpy(inbuf, clientin, clientinlen); inbuf[clientinlen] = 0; if (strlen(inbuf) != clientinlen) { SETERROR(sparams->utils, "NULs found in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } /* Expecting: channel-binding "," nonce ["," extensions] "," proof */ p = inbuf; if (strncmp(p, "c=", 2) != 0) { SETERROR(sparams->utils, "Channel binding expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } channel_binding = p + 2; p = strchr (channel_binding, ','); if (p == NULL) { SETERROR(sparams->utils, "At least nonce is expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } *p = '\0'; p++; channel_binding_len = strlen(channel_binding); /* We can calculate the exact length, but the decoded (binary) data is always shorter than its base64 version. */ binary_channel_binding = (char *) sparams->utils->malloc(channel_binding_len + 1); if (sparams->utils->decode64(channel_binding, (unsigned int)channel_binding_len, binary_channel_binding, (unsigned int)channel_binding_len, &binary_channel_binding_len) != SASL_OK) { SETERROR(sparams->utils, "Invalid base64 encoding of the channel bindings in " SCRAM_SASL_MECH); result = SASL_BADPROT; goto cleanup; } if (binary_channel_binding_len < text->gs2_header_length || strncmp(binary_channel_binding, text->gs2_header, text->gs2_header_length) != 0) { sparams->utils->seterror (sparams->utils->conn, 0, "Channel bindings prefix doesn't match the one received in the GS2 header of " SCRAM_SASL_MECH ". Expected \"%s\"", text->gs2_header); result = SASL_BADPROT; goto cleanup; } switch (text->cb_flags & SCRAM_CB_FLAG_MASK) { case SCRAM_CB_FLAG_P: binary_channel_binding_len -= (unsigned)text->gs2_header_length; if (binary_channel_binding_len == 0) { SETERROR(sparams->utils, "Channel bindings data expected in " SCRAM_SASL_MECH); result = SASL_BADPROT; goto cleanup; } if (strcmp(sparams->cbinding->name, text->cbindingname) != 0) { sparams->utils->seterror (sparams->utils->conn, 0, "Unsupported channel bindings type received in " SCRAM_SASL_MECH ". Expected: %s, received: %s", sparams->cbinding->name, text->cbindingname); result = SASL_BADPROT; goto cleanup; } if (binary_channel_binding_len != sparams->cbinding->len) { sparams->utils->seterror (sparams->utils->conn, 0, "Unsupported channel bindings length received in " SCRAM_SASL_MECH ". Expected lenght: %d, received: %d", sparams->cbinding->len, binary_channel_binding_len); result = SASL_BADPROT; goto cleanup; } if (memcmp(binary_channel_binding + text->gs2_header_length, sparams->cbinding->data, binary_channel_binding_len) != 0) { SETERROR(sparams->utils, "Channel bindings mismatch in " SCRAM_SASL_MECH); result = SASL_BADPROT; goto cleanup; } break; } if (strncmp(p, "r=", 2) != 0) { SETERROR(sparams->utils, "Nonce expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } nonce = p + 2; p = strchr (nonce, ','); if (p == NULL) { SETERROR(sparams->utils, "At least proof is expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } *p = '\0'; p++; if (strcmp(nonce, text->nonce) != 0) { SETERROR(sparams->utils, "Nonce mismatch " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } while (p[0] != '\0') { if (strncmp(p, "p=", 2) == 0) { client_proof = p + 2; proof_offset = p - inbuf - 1; break; } p = strchr (p, ','); if (p == NULL) { break; } p++; } if (client_proof == NULL) { SETERROR(sparams->utils, "Client proof is expected in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } /* Check that no extension data exists after the proof */ p = strchr (client_proof, ','); if (p != NULL) { SETERROR(sparams->utils, "No extension data is allowed after the client proof in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } if (strlen(client_proof) != (SCRAM_HASH_SIZE / 3 * 4 + (SCRAM_HASH_SIZE % 3 ? 4 : 0))) { SETERROR(sparams->utils, "Invalid client proof length in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } /* Construct the full AuthMessage */ full_auth_message = sparams->utils->realloc(text->auth_message, text->auth_message_len + proof_offset + 1); if (full_auth_message == NULL) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } text->auth_message = full_auth_message; memcpy(text->auth_message + text->auth_message_len, clientin, proof_offset); text->auth_message_len += proof_offset; text->auth_message[text->auth_message_len] = '\0'; /* ClientSignature := HMAC(StoredKey, AuthMessage) */ if (HMAC(EVP_sha1(), (const unsigned char *) text->StoredKey, SCRAM_HASH_SIZE, text->auth_message, (int)text->auth_message_len, (unsigned char *)ClientSignature, &hash_len) == NULL) { sparams->utils->seterror(sparams->utils->conn,0, "HMAC-SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } client_proof_len = strlen(client_proof); if (sparams->utils->decode64(client_proof, (unsigned int)client_proof_len, DecodedClientProof, SCRAM_HASH_SIZE + 1, &exact_client_proof_len) != SASL_OK) { SETERROR(sparams->utils, "Invalid base64 encoding of the client proof in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } if (exact_client_proof_len != SCRAM_HASH_SIZE) { SETERROR(sparams->utils, "Invalid client proof (truncated) in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } for (k = 0; k < SCRAM_HASH_SIZE; k++) { ReceivedClientKey[k] = DecodedClientProof[k] ^ ClientSignature[k]; } /* StoredKey := H(ClientKey) */ if (SHA1(ReceivedClientKey, SCRAM_HASH_SIZE, CalculatedStoredKey) == NULL) { sparams->utils->seterror(sparams->utils->conn,0, "SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } for (k = 0; k < SCRAM_HASH_SIZE; k++) { if (CalculatedStoredKey[k] != text->StoredKey[k]) { SETERROR(sparams->utils, "StoredKey mismatch"); result = SASL_BADPROT; goto cleanup; } } /* ServerSignature := HMAC(ServerKey, AuthMessage) */ if (HMAC(EVP_sha1(), (const unsigned char *) text->ServerKey, SCRAM_HASH_SIZE, text->auth_message, (int)text->auth_message_len, (unsigned char *)ServerSignature, &hash_len) == NULL) { sparams->utils->seterror(sparams->utils->conn,0, "HMAC-SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } server_proof_len = (SCRAM_HASH_SIZE / 3 * 4 + (SCRAM_HASH_SIZE % 3 ? 4 : 0)); result = _plug_buf_alloc(sparams->utils, &(text->out_buf), &(text->out_buf_len), (unsigned) server_proof_len + strlen("v=") + 1); if (result != SASL_OK) { MEMERROR( sparams->utils ); result = SASL_NOMEM; goto cleanup; } text->out_buf[0] = 'v'; text->out_buf[1] = '='; if (sparams->utils->encode64(ServerSignature, SCRAM_HASH_SIZE, text->out_buf+2, (unsigned int)server_proof_len + 1, NULL) != SASL_OK) { SETERROR(sparams->utils, "Internal error"); /* This is not quite right, but better than alternatives */ result = SASL_NOMEM; goto cleanup; } text->out_buf[server_proof_len + 2] = '\0'; *serverout = text->out_buf; *serveroutlen = (unsigned) strlen(text->out_buf); /* set oparams */ switch (text->cb_flags & SCRAM_CB_FLAG_MASK) { case SCRAM_CB_FLAG_N: oparams->cbindingdisp = SASL_CB_DISP_NONE; break; case SCRAM_CB_FLAG_P: oparams->cbindingdisp = SASL_CB_DISP_USED; oparams->cbindingname = text->cbindingname; break; case SCRAM_CB_FLAG_Y: oparams->cbindingdisp = SASL_CB_DISP_WANT; break; } oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; cleanup: if (inbuf != NULL) { sparams->utils->free(inbuf); } if (binary_channel_binding != NULL) { sparams->utils->free(binary_channel_binding); } return result; } static int scram_server_mech_step(void *conn_context, sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { server_context_t *text = (server_context_t *) conn_context; *serverout = NULL; *serveroutlen = 0; if (text == NULL) { return SASL_BADPROT; } /* this should be well more than is ever needed */ if (clientinlen > MAX_CLIENTIN_LEN) { SETERROR(sparams->utils, SCRAM_SASL_MECH " input longer than " STRINGIZE((MAX_CLIENTIN_LEN)) " bytes"); return SASL_BADPROT; } switch (text->state) { case 0: text->state++; /* Assume the protocol doesn't support initial client response */ if (clientinlen == 0) { return SASL_CONTINUE; } /* fall through */ case 1: return scram_server_mech_step1(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); case 2: text->state++; return scram_server_mech_step2(text, sparams, clientin, clientinlen, serverout, serveroutlen, oparams); default: /* should never get here */ sparams->utils->log(NULL, SASL_LOG_ERR, "Invalid " SCRAM_SASL_MECH " server step %d\n", text->state); return SASL_FAIL; } return SASL_FAIL; /* should never get here */ } static int scram_setpass(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *userstr, const char *pass, unsigned passlen, const char *oldpass __attribute__((unused)), unsigned oldpasslen __attribute__((unused)), unsigned flags) { int r; char *user = NULL; char *user_only = NULL; char *realm = NULL; sasl_secret_t *sec = NULL; struct propctx *propctx = NULL; const char *store_request[] = { "authPassword", NULL }; const char *generate_scram_secret; /* Do we have a backend that can store properties? */ if (!sparams->utils->auxprop_store || sparams->utils->auxprop_store(NULL, NULL, NULL) != SASL_OK) { SETERROR(sparams->utils, SCRAM_SASL_MECH ": auxprop backend can't store properties"); return SASL_NOMECH; } sparams->utils->getopt(sparams->utils->getopt_context, /* This affects all SCRAM plugins, not just SCRAM-SHA-1 */ "SCRAM", "scram_secret_generate", &generate_scram_secret, NULL); /* NOTE: The default (when this option is not set) is NOT to generate authPassword secret */ if (!(generate_scram_secret && (generate_scram_secret[0] == '1' || generate_scram_secret[0] == 'y' || (generate_scram_secret[0] == 'o' && generate_scram_secret[1] == 'n') || generate_scram_secret[0] == 't'))) { /* Pretend that everything is Ok, no need to generate noise in the logs */ return SASL_OK; } r = _plug_parseuser(sparams->utils, &user_only, &realm, sparams->user_realm, sparams->serverFQDN, userstr); if (r) { SETERROR(sparams->utils, SCRAM_SASL_MECH ": Error parsing user"); return r; } r = _plug_make_fulluser(sparams->utils, &user, user_only, realm); if (r) { goto cleanup; } if ((flags & SASL_SET_DISABLE) || pass == NULL) { sec = NULL; } else { char * error_text = NULL; char salt[SALT_SIZE + 1]; char base64_salt[BASE64_LEN(SALT_SIZE) + 1]; /* size_t salt_len = SALT_SIZE; */ char StoredKey[SCRAM_HASH_SIZE + 1]; char ServerKey[SCRAM_HASH_SIZE + 1]; char base64_StoredKey[BASE64_LEN(SCRAM_HASH_SIZE) + 1]; char base64_ServerKey[BASE64_LEN(SCRAM_HASH_SIZE) + 1]; size_t secret_len; unsigned int iteration_count = DEFAULT_ITERATION_COUNTER; char * s_iteration_count; char * end; sparams->utils->getopt(sparams->utils->getopt_context, /* Different SCRAM hashes can have different strengh */ SCRAM_SASL_MECH, "scram_iteration_counter", &s_iteration_count, NULL); if (s_iteration_count != NULL) { errno = 0; iteration_count = strtoul(s_iteration_count, &end, 10); if (s_iteration_count == end || *end != '\0' || errno != 0) { sparams->utils->log(NULL, SASL_LOG_DEBUG, "Invalid iteration-count in scram_iteration_count SASL option: not a number. Using the default instead."); s_iteration_count = NULL; } } if (s_iteration_count == NULL) { iteration_count = DEFAULT_ITERATION_COUNTER; } sparams->utils->rand(sparams->utils->rpool, salt, SALT_SIZE); r = GenerateScramSecrets (sparams->utils, pass, passlen, salt, SALT_SIZE, iteration_count, StoredKey, ServerKey, &error_text); if (r != SASL_OK) { if (error_text != NULL) { SETERROR(sparams->utils, error_text); } goto cleanup; } /* Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ if (sparams->utils->encode64(salt, SALT_SIZE, base64_salt, BASE64_LEN(SALT_SIZE) + 1, NULL) != SASL_OK) { MEMERROR( sparams->utils ); r = SASL_NOMEM; goto cleanup; } base64_salt[BASE64_LEN(SALT_SIZE)] = '\0'; /* Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ if (sparams->utils->encode64(StoredKey, SCRAM_HASH_SIZE, base64_StoredKey, BASE64_LEN(SCRAM_HASH_SIZE) + 1, NULL) != SASL_OK) { MEMERROR( sparams->utils ); r = SASL_NOMEM; goto cleanup; } base64_StoredKey[BASE64_LEN(SCRAM_HASH_SIZE)] = '\0'; /* Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ if (sparams->utils->encode64(ServerKey, SCRAM_HASH_SIZE, base64_ServerKey, BASE64_LEN(SCRAM_HASH_SIZE) + 1, NULL) != SASL_OK) { MEMERROR( sparams->utils ); r = SASL_NOMEM; goto cleanup; } base64_ServerKey[BASE64_LEN(SCRAM_HASH_SIZE)] = '\0'; secret_len = strlen(SCRAM_SASL_MECH ":$:") + ITERATION_COUNTER_BUF_LEN + sizeof(base64_salt) + sizeof(base64_StoredKey) + sizeof(base64_ServerKey); sec = sparams->utils->malloc(sizeof(sasl_secret_t) + secret_len); if (sec == NULL) { MEMERROR( sparams->utils ); r = SASL_NOMEM; goto cleanup; } sprintf(sec->data, "%s$%u:%s$%s:%s", SCRAM_SASL_MECH, iteration_count, base64_salt, base64_StoredKey, base64_ServerKey); sec->len = (unsigned int) strlen(sec->data); } /* do the store */ propctx = sparams->utils->prop_new(0); if (!propctx) { r = SASL_FAIL; } if (!r) { r = sparams->utils->prop_request(propctx, store_request); } if (!r) { r = sparams->utils->prop_set(propctx, "authPassword", (sec ? sec->data : NULL), (sec ? sec->len : 0)); } if (!r) { r = sparams->utils->auxprop_store(sparams->utils->conn, propctx, user); } if (propctx) { sparams->utils->prop_dispose(&propctx); } if (r) { SETERROR(sparams->utils, "Error putting " SCRAM_SASL_MECH " secret"); goto cleanup; } sparams->utils->log(NULL, SASL_LOG_DEBUG, "Setpass for " SCRAM_SASL_MECH " successful\n"); cleanup: if (user) _plug_free_string(sparams->utils, &user); if (user_only) _plug_free_string(sparams->utils, &user_only); if (realm) _plug_free_string(sparams->utils, &realm); if (sec) _plug_free_secret(sparams->utils, &sec); return r; } static void scram_server_mech_dispose(void *conn_context, const sasl_utils_t *utils) { server_context_t *text = (server_context_t *) conn_context; if (!text) return; if (text->authentication_id) _plug_free_string(utils,&(text->authentication_id)); if (text->authorization_id) _plug_free_string(utils,&(text->authorization_id)); if (text->out_buf) _plug_free_string(utils,&(text->out_buf)); if (text->auth_message) _plug_free_string(utils,&(text->auth_message)); if (text->nonce) _plug_free_string(utils,&(text->nonce)); if (text->salt) utils->free(text->salt); if (text->cbindingname != NULL) { utils->free(text->cbindingname); text->cbindingname = NULL; } if (text->gs2_header != NULL) { utils->free(text->gs2_header); text->gs2_header = NULL; } utils->free(text); } static sasl_server_plug_t scram_server_plugins[] = { { SCRAM_SASL_MECH, /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOACTIVE | SASL_SEC_NOANONYMOUS | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_ALLOWS_PROXY | SASL_FEAT_CHANNEL_BINDING, /* features */ NULL, /* glob_context */ &scram_server_mech_new, /* mech_new */ &scram_server_mech_step, /* mech_step */ &scram_server_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ &scram_setpass, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech avail */ NULL /* spare */ } }; int scram_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR( utils, SCRAM_SASL_MECH " version mismatch"); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = scram_server_plugins; *plugcount = 1; utils->rand(utils->rpool, (char *)g_salt_key, SALT_SIZE); return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { int state; sasl_secret_t *password; /* user password */ unsigned int free_password; /* set if we need to free the password */ char * gs2_header; size_t gs2_header_length; char * out_buf; unsigned out_buf_len; char * auth_message; size_t auth_message_len; char * nonce; /* in binary form */ char * salt; size_t salt_len; unsigned int iteration_count; char SaltedPassword[SCRAM_HASH_SIZE]; int cb_flags; } client_context_t; static int scram_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; /* holds state are in */ text = params->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR(params->utils); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); *conn_context = text; return SASL_OK; } static int scram_client_mech_step1(client_context_t *text, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen __attribute__((unused)), sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { const char *authid = NULL; const char *userid = NULL; int user_result = SASL_OK; int auth_result = SASL_OK; int pass_result = SASL_OK; int result; size_t maxsize; char * encoded_authcid; char * freeme = NULL; char * freeme2 = NULL; char channel_binding_state = 'n'; const char * channel_binding_name = NULL; char * encoded_authorization_id = NULL; /* check if sec layer strong enough */ if (params->props.min_ssf > params->external_ssf) { SETERROR( params->utils, "SSF requested of " SCRAM_SASL_MECH " plugin"); return SASL_TOOWEAK; } /* try to get the userid */ if (oparams->authid == NULL) { auth_result=_plug_get_authid(params->utils, &authid, prompt_need); if ((auth_result != SASL_OK) && (auth_result != SASL_INTERACT)) return auth_result; } /* try to get the userid */ if (oparams->user == NULL) { user_result = _plug_get_userid(params->utils, &userid, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) { return user_result; } } /* try to get the password */ if (text->password == NULL) { pass_result = _plug_get_password(params->utils, &text->password, &text->free_password, prompt_need); if ((pass_result != SASL_OK) && (pass_result != SASL_INTERACT)) { return pass_result; } } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if ((auth_result == SASL_INTERACT) || (user_result == SASL_INTERACT) || (pass_result == SASL_INTERACT)) { /* make the prompt list */ result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, NULL, auth_result == SASL_INTERACT ? "Please enter your authentication name" : NULL, NULL, pass_result == SASL_INTERACT ? "Please enter your password" : NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) { goto cleanup; } return SASL_INTERACT; } if (!text->password) { PARAMERROR(params->utils); return SASL_BADPARAM; } if (oparams->authid == NULL) { if (!userid || !*userid) { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); } else { result = params->canon_user(params->utils->conn, authid, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) { goto cleanup; } result = params->canon_user(params->utils->conn, userid, 0, SASL_CU_AUTHZID, oparams); } if (result != SASL_OK) { goto cleanup; } } switch (params->cbindingdisp) { case SASL_CB_DISP_NONE: text->cb_flags = SCRAM_CB_FLAG_N; channel_binding_state = 'n'; break; case SASL_CB_DISP_USED: if (!SASL_CB_PRESENT(params)) { result = SASL_BADPARAM; goto cleanup; } channel_binding_name = params->cbinding->name; text->cb_flags = SCRAM_CB_FLAG_P; channel_binding_state = 'p'; break; case SASL_CB_DISP_WANT: text->cb_flags = SCRAM_CB_FLAG_Y; channel_binding_state = 'y'; break; } text->nonce = params->utils->malloc (NONCE_SIZE + 1); if (text->nonce == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } if (create_nonce(params->utils, text->nonce, NONCE_SIZE + 1) == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } if (userid != NULL && *userid != '\0') { result = encode_saslname (oparams->user, &encoded_authorization_id, &freeme2); if (result != SASL_OK) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } } result = encode_saslname (oparams->authid, &encoded_authcid, &freeme); if (result != SASL_OK) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } maxsize = strlen("p=,a=,n=,r=") + ((channel_binding_name != NULL) ? strlen(channel_binding_name) : 0) + ((encoded_authorization_id != NULL) ? strlen(encoded_authorization_id) : 0) + strlen(encoded_authcid) + strlen(text->nonce); result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), (unsigned) maxsize + 1); if (result != SASL_OK) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } snprintf(text->out_buf, maxsize + 1, "%c%s%s,%s%s,", channel_binding_state, (channel_binding_name != NULL) ? "=" : "", (channel_binding_name != NULL) ? channel_binding_name : "", (encoded_authorization_id != NULL) ? "a=" : "", (encoded_authorization_id != NULL) ? encoded_authorization_id : ""); text->gs2_header_length = strlen(text->out_buf); _plug_strdup(params->utils, text->out_buf, &text->gs2_header, NULL); sprintf(text->out_buf + text->gs2_header_length, "n=%s,r=%s", encoded_authcid, text->nonce); /* Save the copy of the client-first-message */ /* Need to skip the GS2 prefix here */ _plug_strdup(params->utils, text->out_buf + text->gs2_header_length, &text->auth_message, NULL); if (text->auth_message == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } text->auth_message_len = strlen(text->auth_message); *clientout = text->out_buf; *clientoutlen = (unsigned) strlen(*clientout); result = SASL_CONTINUE; cleanup: if (freeme != NULL) _plug_free_string(params->utils, &freeme); if (freeme2 != NULL) _plug_free_string(params->utils, &freeme2); return result; } static int scram_client_mech_step2(client_context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams __attribute__((unused))) { char * p; char * nonce; size_t server_nonce_len; char * base64_salt = NULL; size_t base64_salt_len; unsigned exact_salt_len; char * counter; char * end; char * inbuf = NULL; size_t estimated_response_len; size_t length_no_proof; char * full_auth_message; size_t cb_bin_length; size_t channel_binding_data_len = 0; size_t cb_encoded_length; const char * channel_binding_data = NULL; char * cb_encoded = NULL; char * cb_bin = NULL; int result; char ClientKey[SCRAM_HASH_SIZE]; char StoredKey[SCRAM_HASH_SIZE]; char ClientSignature[SCRAM_HASH_SIZE]; char ClientProof[SCRAM_HASH_SIZE]; char * client_proof = NULL; size_t client_proof_len; int k; unsigned int hash_len = 0; if (serverinlen == 0) { SETERROR(params->utils, SCRAM_SASL_MECH " input expected"); return SASL_BADPROT; } /* [reserved-mext ","] nonce "," salt "," iteration-count ["," extensions] */ if (serverinlen < 3 || serverin[1] != '=') { SETERROR(params->utils, "Invalid " SCRAM_SASL_MECH " input"); return SASL_BADPROT; } if (serverin[0] == 'm') { SETERROR(params->utils, "Unsupported mandatory extension to " SCRAM_SASL_MECH); return SASL_BADPROT; } if (serverin[0] != 'r') { SETERROR(params->utils, "Nonce (r=) expected in " SCRAM_SASL_MECH " input"); return SASL_BADPROT; } inbuf = params->utils->malloc (serverinlen + 1); if (inbuf == NULL) { MEMERROR( params->utils ); return SASL_NOMEM; } memcpy(inbuf, serverin, serverinlen); inbuf[serverinlen] = 0; if (strlen(inbuf) != serverinlen) { SETERROR(params->utils, "NULs found in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } nonce = inbuf + 2; p = strchr (nonce, ','); /* MUST be followed by a salt */ if (p == NULL) { SETERROR(params->utils, "Salt expected after the nonce in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } *p = '\0'; p++; if (strncmp(p, "s=", 2) != 0) { SETERROR(params->utils, "Salt expected after the nonce in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } p += 2; base64_salt = p; p = strchr (base64_salt, ','); /* MUST be followed by an iteration-count */ if (p == NULL) { SETERROR(params->utils, "iteration-count expected after the salt in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } *p = '\0'; p++; if (strncmp(p, "i=", 2) != 0) { SETERROR(params->utils, "iteration-count expected after the salt in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } p += 2; counter = p; p = strchr (counter, ','); if (p == NULL) { p = counter + strlen(counter); } else { *p = '\0'; } errno = 0; text->iteration_count = strtoul(counter, &end, 10); if (counter == end || *end != '\0' || errno != 0) { SETERROR(params->utils, "Invalid iteration-count in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } if (text->iteration_count < MIN_ITERATION_COUNTER) { } if (text->iteration_count > MAX_ITERATION_COUNTER) { SETERROR(params->utils, "iteration-count is too big, refusing to compute"); result = SASL_BADPROT; goto cleanup; } /* The client MUST verify that the initial part of the nonce used in subsequent messages is the same as the nonce it initially specified. */ server_nonce_len = strlen(nonce); if (server_nonce_len <= NONCE_SIZE || strncmp(nonce, text->nonce, NONCE_SIZE) != 0) { SETERROR(params->utils, "The nonce received from the server doesn't start from the nonce sent by the client"); result = SASL_BADPROT; goto cleanup; } /* Now we can forget about our nonce */ params->utils->free(text->nonce); _plug_strdup(params->utils, nonce, &text->nonce, NULL); if (text->nonce == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } /* base64 decode salt */ base64_salt_len = strlen(base64_salt); if (base64_salt_len == 0) { SETERROR(params->utils, "The salt can't be empty"); result = SASL_BADPROT; goto cleanup; } if (base64_salt_len % 4 != 0) { SETERROR(params->utils, "Invalid base64 encoding of the salt"); result = SASL_BADPROT; goto cleanup; } text->salt_len = base64_salt_len / 4 * 3; text->salt = (char *) params->utils->malloc(text->salt_len + 1); if (text->salt == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } if (params->utils->decode64(base64_salt, (unsigned int)base64_salt_len, text->salt, (unsigned int)text->salt_len + 1, &exact_salt_len) != SASL_OK) { SETERROR(params->utils, "Invalid base64 encoding of the salt in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } text->salt_len = exact_salt_len; /* Now we generate client response */ if (text->gs2_header[0] == 'p') { if (params->cbinding == NULL) { result = SASL_FAIL; goto cleanup; } channel_binding_data = params->cbinding->data; channel_binding_data_len = params->cbinding->len; } cb_bin_length = text->gs2_header_length + ((channel_binding_data != NULL) ? channel_binding_data_len : 0); cb_encoded_length = (cb_bin_length / 3 * 4) + ((cb_bin_length % 3) ? 4 : 0); if (channel_binding_data != NULL) { cb_bin = (char *) params->utils->malloc(cb_bin_length + 1); if (cb_bin == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } memcpy(cb_bin, text->gs2_header, text->gs2_header_length); memcpy(cb_bin + text->gs2_header_length, channel_binding_data, channel_binding_data_len); } cb_encoded = (char *) params->utils->malloc(cb_encoded_length + 1); if (cb_encoded == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } /* * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ if (params->utils->encode64((cb_bin != NULL) ? cb_bin : text->gs2_header, (unsigned int)cb_bin_length, cb_encoded, (unsigned int)cb_encoded_length + 1, NULL) != SASL_OK) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } cb_encoded[cb_encoded_length] = '\0'; client_proof_len = SCRAM_HASH_SIZE / 3 * 4 + ((SCRAM_HASH_SIZE % 3) ? 4 : 0); estimated_response_len = strlen(cb_encoded)+ strlen(text->nonce)+ client_proof_len + strlen("c=,r=,p="); result = _plug_buf_alloc(params->utils, &(text->out_buf), &(text->out_buf_len), (unsigned) estimated_response_len + 1); if (result != SASL_OK) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } /* channel-binding "," nonce ["," extensions] */ sprintf(text->out_buf, "c=%s,r=%s", cb_encoded, text->nonce); length_no_proof = strlen(text->out_buf); /* Build AuthMessage */ full_auth_message = params->utils->realloc(text->auth_message, text->auth_message_len + 1 + serverinlen + 1 + length_no_proof + 1); if (full_auth_message == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } text->auth_message = full_auth_message; text->auth_message[text->auth_message_len] = ','; memcpy(text->auth_message + text->auth_message_len + 1, serverin, serverinlen); text->auth_message[text->auth_message_len + 1 + serverinlen] = ','; memcpy(text->auth_message + text->auth_message_len + 1 + serverinlen + 1, text->out_buf, length_no_proof); text->auth_message_len += serverinlen + 2 + length_no_proof; text->auth_message[text->auth_message_len] = '\0'; /* Calculate ClientProof */ /* SaltedPassword := Hi(password, salt) */ Hi (params->utils, text->password->data, text->password->len, text->salt, text->salt_len, text->iteration_count, text->SaltedPassword); PRINT_HASH ("SaltedPassword", text->SaltedPassword); /* ClientKey := HMAC(SaltedPassword, "Client Key") */ if (HMAC(EVP_sha1(), (const unsigned char *) text->SaltedPassword, SCRAM_HASH_SIZE, CLIENT_KEY_CONSTANT, CLIENT_KEY_CONSTANT_LEN, (unsigned char *)ClientKey, &hash_len) == NULL) { params->utils->seterror(params->utils->conn,0, "HMAC-SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } PRINT_HASH ("ClientKey", ClientKey); /* StoredKey := H(ClientKey) */ if (SHA1(ClientKey, SCRAM_HASH_SIZE, StoredKey) == NULL) { params->utils->seterror(params->utils->conn,0, "SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } PRINT_HASH ("StoredKey", StoredKey); /* ClientSignature := HMAC(StoredKey, AuthMessage) */ if (HMAC(EVP_sha1(), (const unsigned char *)StoredKey, SCRAM_HASH_SIZE, text->auth_message, (int)text->auth_message_len, (unsigned char *)ClientSignature, &hash_len) == NULL) { params->utils->seterror(params->utils->conn,0, "HMAC-SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } PRINT_HASH ("ClientSignature", ClientSignature); /* ClientProof := ClientKey XOR ClientSignature */ for (k = 0; k < SCRAM_HASH_SIZE; k++) { ClientProof[k] = ClientKey[k] ^ ClientSignature[k]; } PRINT_HASH ("ClientProof", ClientProof); /* base64-encode ClientProof */ client_proof = (char *) params->utils->malloc(client_proof_len + 1); if (client_proof == NULL) { MEMERROR( params->utils ); result = SASL_NOMEM; goto cleanup; } result = params->utils->encode64(ClientProof, SCRAM_HASH_SIZE, client_proof, (unsigned int)client_proof_len + 1, NULL); if (result != SASL_OK) { goto cleanup; } client_proof[client_proof_len] = '\0'; sprintf(text->out_buf + length_no_proof, ",p=%s", client_proof); *clientout = text->out_buf; *clientoutlen = (unsigned) strlen(text->out_buf); result = SASL_CONTINUE; cleanup: if (inbuf != NULL) { params->utils->free(inbuf); } if (client_proof != NULL) { params->utils->free(client_proof); } if (cb_encoded != NULL) { params->utils->free(cb_encoded); } if (cb_bin != NULL) { params->utils->free(cb_bin); } return result; } static int scram_client_mech_step3(client_context_t *text, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need __attribute__((unused)), const char **clientout __attribute__((unused)), unsigned *clientoutlen __attribute__((unused)), sasl_out_params_t *oparams) { char * p; int result; size_t server_proof_len; unsigned exact_server_proof_len; char DecodedServerProof[SCRAM_HASH_SIZE + 1]; char ServerKey[SCRAM_HASH_SIZE]; char ServerSignature[SCRAM_HASH_SIZE]; int k; unsigned int hash_len = 0; if (serverinlen < 3) { SETERROR(params->utils, "Invalid " SCRAM_SASL_MECH " input expected"); return SASL_BADPROT; } /* Expecting: 'verifier ["," extensions]' */ if (strncmp(serverin, "v=", 2) != 0) { SETERROR(params->utils, "ServerSignature expected in " SCRAM_SASL_MECH " input"); return SASL_BADPROT; } p = strchr (serverin + 2, ','); if (p != NULL) { server_proof_len = p - (serverin + 2) - 1; } else { server_proof_len = serverinlen - 2; } if (params->utils->decode64(serverin + 2, /* ServerProof */ (unsigned int)server_proof_len, DecodedServerProof, SCRAM_HASH_SIZE + 1, &exact_server_proof_len) != SASL_OK) { SETERROR(params->utils, "Invalid base64 encoding of the server proof in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } if (exact_server_proof_len != SCRAM_HASH_SIZE) { SETERROR(params->utils, "Invalid server proof (truncated) in " SCRAM_SASL_MECH " input"); result = SASL_BADPROT; goto cleanup; } /* ServerKey := HMAC(SaltedPassword, "Server Key") */ if (HMAC(EVP_sha1(), (const unsigned char *)text->SaltedPassword, SCRAM_HASH_SIZE, SERVER_KEY_CONSTANT, SERVER_KEY_CONSTANT_LEN, (unsigned char *)ServerKey, &hash_len) == NULL) { params->utils->seterror(params->utils->conn,0, "HMAC-SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } /* ServerSignature := HMAC(ServerKey, AuthMessage) */ if (HMAC(EVP_sha1(), (const unsigned char *)ServerKey, SCRAM_HASH_SIZE, text->auth_message, (int)text->auth_message_len, (unsigned char *)ServerSignature, &hash_len) == NULL) { params->utils->seterror(params->utils->conn,0, "HMAC-SHA1 call failed"); result = SASL_SCRAM_INTERNAL; goto cleanup; } for (k = 0; k < SCRAM_HASH_SIZE; k++) { if (DecodedServerProof[k] != ServerSignature[k]) { SETERROR(params->utils, "ServerSignature mismatch"); result = SASL_BADAUTH; goto cleanup; } } /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; result = SASL_OK; cleanup: return result; } static int scram_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { int result = SASL_FAIL; client_context_t *text = (client_context_t *) conn_context; *clientout = NULL; *clientoutlen = 0; /* this should be well more than is ever needed */ if (serverinlen > MAX_SERVERIN_LEN) { SETERROR(params->utils, SCRAM_SASL_MECH " input longer than " STRINGIZE((MAX_SERVERIN_LEN)) " bytes"); return SASL_BADPROT; } switch (text->state) { case 0: result = scram_client_mech_step1(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); break; case 1: result = scram_client_mech_step2(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); break; case 2: result = scram_client_mech_step3(text, params, serverin, serverinlen, prompt_need, clientout, clientoutlen, oparams); break; default: /* should never get here */ params->utils->log(NULL, SASL_LOG_ERR, "Invalid " SCRAM_SASL_MECH " client step %d\n", text->state); return SASL_FAIL; } if (result != SASL_INTERACT) { text->state++; } return result; } static void scram_client_mech_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; /* get rid of all sensitive info */ if (text->free_password) { _plug_free_secret(utils, &text->password); text->free_password = 0; } if (text->gs2_header) { utils->free(text->gs2_header); text->gs2_header = NULL; } if (text->out_buf) { utils->free(text->out_buf); text->out_buf = NULL; } if (text->auth_message) _plug_free_string(utils,&(text->auth_message)); if (text->nonce) _plug_free_string(utils,&(text->nonce)); if (text->salt) utils->free(text->salt); utils->free(text); } static sasl_client_plug_t scram_client_plugins[] = { { SCRAM_SASL_MECH, /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NOACTIVE | SASL_SEC_MUTUAL_AUTH, /* security_flags */ SASL_FEAT_ALLOWS_PROXY | SASL_FEAT_CHANNEL_BINDING, /* features */ NULL, /* required_prompts */ NULL, /* glob_context */ &scram_client_mech_new, /* mech_new */ &scram_client_mech_step, /* mech_step */ &scram_client_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int scram_client_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR( utils, SCRAM_SASL_MECH " version mismatch"); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = scram_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/plain_init.c0000666000076400007640000000132211632367343014624 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( plain ) SASL_SERVER_PLUG_INIT( plain ) cyrus-sasl-2.1.25/plugins/anonymous.c0000646000076400007640000002452611306006126014522 00000000000000/* Anonymous SASL plugin * Rob Siemborski * Tim Martin * $Id: anonymous.c,v 1.53 2009/02/13 14:46:47 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include "plugin_common.h" #ifdef macintosh #include #endif /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: anonymous.c,v 1.53 2009/02/13 14:46:47 mel Exp $"; static const char anonymous_id[] = "anonymous"; /***************************** Server Section *****************************/ static int anonymous_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { /* holds state are in */ if (!conn_context) { PARAMERROR( sparams->utils ); return SASL_BADPARAM; } *conn_context = NULL; return SASL_OK; } static int anonymous_server_mech_step(void *conn_context __attribute__((unused)), sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { char *clientdata; int result; if (!sparams || !serverout || !serveroutlen || !oparams) { PARAMERROR( sparams->utils ); return SASL_BADPARAM; } *serverout = NULL; *serveroutlen = 0; if (!clientin) { return SASL_CONTINUE; } /* We force a truncation 255 characters (specified by RFC 2245) */ if (clientinlen > 255) clientinlen = 255; /* NULL-terminate the clientin... */ clientdata = sparams->utils->malloc(clientinlen + 1); if (!clientdata) { MEMERROR(sparams->utils); return SASL_NOMEM; } strncpy(clientdata, clientin, clientinlen); clientdata[clientinlen] = '\0'; sparams->utils->log(sparams->utils->conn, SASL_LOG_NOTE, "ANONYMOUS login: \"%s\"", clientdata); if (clientdata != clientin) sparams->utils->free(clientdata); result = sparams->canon_user(sparams->utils->conn, anonymous_id, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } static sasl_server_plug_t anonymous_server_plugins[] = { { "ANONYMOUS", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_DONTUSE_USERPASSWD, /* features */ NULL, /* glob_context */ &anonymous_server_mech_new, /* mech_new */ &anonymous_server_mech_step, /* mech_step */ NULL, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ NULL, /* mech_avail */ NULL /* spare */ } }; int anonymous_server_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_SERVER_PLUG_VERSION) { SETERROR( utils, "ANONYMOUS version mismatch" ); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = anonymous_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { char *out_buf; unsigned out_buf_len; } client_context_t; static int anonymous_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *cparams, void **conn_context) { client_context_t *text; if (!conn_context) { PARAMERROR(cparams->utils); return SASL_BADPARAM; } /* holds state are in */ text = cparams->utils->malloc(sizeof(client_context_t)); if (text == NULL) { MEMERROR(cparams->utils); return SASL_NOMEM; } memset(text, 0, sizeof(client_context_t)); *conn_context = text; return SASL_OK; } static int anonymous_client_mech_step(void *conn_context, sasl_client_params_t *cparams, const char *serverin __attribute__((unused)), unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *) conn_context; size_t userlen; char hostname[256]; const char *user = NULL; int user_result = SASL_OK; int result; if (!cparams || !clientout || !clientoutlen || !oparams) { PARAMERROR( cparams->utils ); return SASL_BADPARAM; } *clientout = NULL; *clientoutlen = 0; if (serverinlen != 0) { SETERROR( cparams->utils, "Nonzero serverinlen in ANONYMOUS continue_step" ); return SASL_BADPROT; } /* check if sec layer strong enough */ if (cparams->props.min_ssf > cparams->external_ssf) { SETERROR( cparams->utils, "SSF requested of ANONYMOUS plugin"); return SASL_TOOWEAK; } /* try to get the trace info */ if (user == NULL) { user_result = _plug_get_userid(cparams->utils, &user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) { return user_result; } } /* free prompts we got */ if (prompt_need && *prompt_need) { cparams->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (user_result == SASL_INTERACT) { /* make the prompt list */ result = _plug_make_prompts(cparams->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter anonymous identification" : NULL, "", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } if (!user || !*user) { user = anonymous_id; } userlen = strlen(user); result = cparams->canon_user(cparams->utils->conn, anonymous_id, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; memset(hostname, 0, sizeof(hostname)); gethostname(hostname, sizeof(hostname)); hostname[sizeof(hostname)-1] = '\0'; *clientoutlen = (unsigned) (userlen + strlen(hostname) + 1); result = _plug_buf_alloc(cparams->utils, &text->out_buf, &text->out_buf_len, *clientoutlen); if (result != SASL_OK) return result; strcpy(text->out_buf, user); text->out_buf[userlen] = '@'; /* use memcpy() instead of strcpy() so we don't add the NUL */ memcpy(text->out_buf + userlen + 1, hostname, strlen(hostname)); *clientout = text->out_buf; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } static void anonymous_client_dispose(void *conn_context, const sasl_utils_t *utils) { client_context_t *text = (client_context_t *) conn_context; if(!text) return; if (text->out_buf) utils->free(text->out_buf); utils->free(text); } static const unsigned long anonymous_required_prompts[] = { SASL_CB_LIST_END }; static sasl_client_plug_t anonymous_client_plugins[] = { { "ANONYMOUS", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST, /* features */ anonymous_required_prompts, /* required_prompts */ NULL, /* glob_context */ &anonymous_client_mech_new, /* mech_new */ &anonymous_client_mech_step, /* mech_step */ &anonymous_client_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int anonymous_client_plug_init(const sasl_utils_t *utils, int maxversion, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (maxversion < SASL_CLIENT_PLUG_VERSION) { SETERROR( utils, "ANONYMOUS version mismatch" ); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = anonymous_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/plugins/ntlm_init.c0000666000076400007640000000131711632367343014477 00000000000000 #include #include #include #include #ifndef macintosh #include #endif #include #include #include #include #include #include "plugin_common.h" #ifdef macintosh #include #endif #ifdef WIN32 BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #endif SASL_CLIENT_PLUG_INIT( ntlm ) SASL_SERVER_PLUG_INIT( ntlm ) cyrus-sasl-2.1.25/plugins/Makefile.in0000666000076400007640000007501311631670663014410 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the SASL plugins # Rob Siemborski # Rob Earhart # $Id: Makefile.am,v 1.86 2011/09/05 14:18:10 murch Exp $ # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = plugins DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(sasldir)" LTLIBRARIES = $(sasl_LTLIBRARIES) am__DEPENDENCIES_1 = am__objects_1 = plugin_common.lo am_libanonymous_la_OBJECTS = anonymous.lo anonymous_init.lo \ $(am__objects_1) libanonymous_la_OBJECTS = $(am_libanonymous_la_OBJECTS) am_libcrammd5_la_OBJECTS = cram.lo crammd5_init.lo $(am__objects_1) libcrammd5_la_OBJECTS = $(am_libcrammd5_la_OBJECTS) am_libdigestmd5_la_OBJECTS = digestmd5.lo digestmd5_init.lo \ $(am__objects_1) libdigestmd5_la_OBJECTS = $(am_libdigestmd5_la_OBJECTS) am_libgs2_la_OBJECTS = gs2.lo gs2_init.lo gs2_token.lo \ $(am__objects_1) libgs2_la_OBJECTS = $(am_libgs2_la_OBJECTS) am_libgssapiv2_la_OBJECTS = gssapi.lo gssapiv2_init.lo \ $(am__objects_1) libgssapiv2_la_OBJECTS = $(am_libgssapiv2_la_OBJECTS) am_libkerberos4_la_OBJECTS = kerberos4.lo kerberos4_init.lo \ $(am__objects_1) libkerberos4_la_OBJECTS = $(am_libkerberos4_la_OBJECTS) am_libldapdb_la_OBJECTS = ldapdb.lo ldapdb_init.lo $(am__objects_1) libldapdb_la_OBJECTS = $(am_libldapdb_la_OBJECTS) am_liblogin_la_OBJECTS = login.lo login_init.lo $(am__objects_1) liblogin_la_OBJECTS = $(am_liblogin_la_OBJECTS) am_libntlm_la_OBJECTS = ntlm.lo ntlm_init.lo $(am__objects_1) libntlm_la_OBJECTS = $(am_libntlm_la_OBJECTS) am_libotp_la_OBJECTS = otp.lo otp_init.lo $(am__objects_1) libotp_la_OBJECTS = $(am_libotp_la_OBJECTS) am_libpassdss_la_OBJECTS = passdss.lo passdss_init.lo $(am__objects_1) libpassdss_la_OBJECTS = $(am_libpassdss_la_OBJECTS) am_libplain_la_OBJECTS = plain.lo plain_init.lo $(am__objects_1) libplain_la_OBJECTS = $(am_libplain_la_OBJECTS) am_libsasldb_la_OBJECTS = sasldb.lo sasldb_init.lo $(am__objects_1) libsasldb_la_OBJECTS = $(am_libsasldb_la_OBJECTS) am_libscram_la_OBJECTS = scram.lo scram_init.lo $(am__objects_1) libscram_la_OBJECTS = $(am_libscram_la_OBJECTS) am_libsql_la_OBJECTS = sql.lo sql_init.lo $(am__objects_1) libsql_la_OBJECTS = $(am_libsql_la_OBJECTS) libsql_la_LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsql_la_LDFLAGS) $(LDFLAGS) -o $@ am_libsrp_la_OBJECTS = srp.lo srp_init.lo $(am__objects_1) libsrp_la_OBJECTS = $(am_libsrp_la_OBJECTS) SCRIPTS = $(noinst_SCRIPTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libanonymous_la_SOURCES) $(libcrammd5_la_SOURCES) \ $(libdigestmd5_la_SOURCES) $(libgs2_la_SOURCES) \ $(libgssapiv2_la_SOURCES) $(libkerberos4_la_SOURCES) \ $(libldapdb_la_SOURCES) $(liblogin_la_SOURCES) \ $(libntlm_la_SOURCES) $(libotp_la_SOURCES) \ $(libpassdss_la_SOURCES) $(libplain_la_SOURCES) \ $(libsasldb_la_SOURCES) $(libscram_la_SOURCES) \ $(libsql_la_SOURCES) $(libsrp_la_SOURCES) DIST_SOURCES = $(libanonymous_la_SOURCES) $(libcrammd5_la_SOURCES) \ $(libdigestmd5_la_SOURCES) $(libgs2_la_SOURCES) \ $(libgssapiv2_la_SOURCES) $(libkerberos4_la_SOURCES) \ $(libldapdb_la_SOURCES) $(liblogin_la_SOURCES) \ $(libntlm_la_SOURCES) $(libotp_la_SOURCES) \ $(libpassdss_la_SOURCES) $(libplain_la_SOURCES) \ $(libsasldb_la_SOURCES) $(libscram_la_SOURCES) \ $(libsql_la_SOURCES) $(libsrp_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ # Library version info - here at the top, for sanity # CURRENT:REVISION:AGE plugin_version = 2:25:0 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ EXTRA_DIST = makeinit.sh NTMakefile noinst_SCRIPTS = makeinit.sh common_sources = plugin_common.c plugin_common.h sasldir = $(prefix)/lib/sasl2 sasl_LTLIBRARIES = @SASL_MECHS@ EXTRA_LTLIBRARIES = libplain.la libanonymous.la libkerberos4.la libcrammd5.la \ libgs2.la libgssapiv2.la libdigestmd5.la liblogin.la libsrp.la libotp.la \ libscram.la libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la libplain_la_SOURCES = plain.c plain_init.c $(common_sources) libplain_la_DEPENDENCIES = $(COMPAT_OBJS) libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources) libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS) libanonymous_la_LIBADD = $(COMPAT_OBJS) libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources) libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS) libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS) libgs2_la_SOURCES = gs2.c gs2_init.c gs2_token.c gs2_token.h $(common_sources) libgs2_la_DEPENDENCIES = $(COMPAT_OBJS) libgs2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources) libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS) libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources) libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS) libcrammd5_la_LIBADD = $(COMPAT_OBJS) libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources) libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS) libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS) libscram_la_SOURCES = scram.c scram_init.c $(common_sources) libscram_la_DEPENDENCIES = $(COMPAT_OBJS) libscram_la_LIBADD = $(SCRAM_LIBS) $(COMPAT_OBJS) liblogin_la_SOURCES = login.c login_init.c $(common_sources) liblogin_la_DEPENDENCIES = $(COMPAT_OBJS) liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) libotp_la_DEPENDENCIES = $(COMPAT_OBJS) libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) # Auxprop Plugins libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS) libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS) libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources) libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) libldapdb_la_LIBADD = $(LIB_LDAP) $(COMPAT_OBJS) libsql_la_SOURCES = sql.c sql_init.c $(common_sources) libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) $(LIB_SQLITE3) \ $(AM_LDFLAGS) libsql_la_DEPENDENCIES = $(COMPAT_OBJS) libsql_la_LIBADD = $(COMPAT_OBJS) # Instructions for making the _init files init_src = anonymous_init.c crammd5_init.c digestmd5_init.c scram_init.c gs2_init.c gssapiv2_init.c \ kerberos4_init.c login_init.c plain_init.c srp_init.c otp_init.c ntlm_init.c \ passdss_init.c sasldb_init.c sql_init.c ldapdb_init.c CLEANFILES = $(init_src) all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu plugins/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu plugins/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-saslLTLIBRARIES: $(sasl_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(sasldir)" || $(MKDIR_P) "$(DESTDIR)$(sasldir)" @list='$(sasl_LTLIBRARIES)'; test -n "$(sasldir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(sasldir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(sasldir)"; \ } uninstall-saslLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(sasl_LTLIBRARIES)'; test -n "$(sasldir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(sasldir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(sasldir)/$$f"; \ done clean-saslLTLIBRARIES: -test -z "$(sasl_LTLIBRARIES)" || rm -f $(sasl_LTLIBRARIES) @list='$(sasl_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libanonymous.la: $(libanonymous_la_OBJECTS) $(libanonymous_la_DEPENDENCIES) $(LINK) $(libanonymous_la_OBJECTS) $(libanonymous_la_LIBADD) $(LIBS) libcrammd5.la: $(libcrammd5_la_OBJECTS) $(libcrammd5_la_DEPENDENCIES) $(LINK) $(libcrammd5_la_OBJECTS) $(libcrammd5_la_LIBADD) $(LIBS) libdigestmd5.la: $(libdigestmd5_la_OBJECTS) $(libdigestmd5_la_DEPENDENCIES) $(LINK) $(libdigestmd5_la_OBJECTS) $(libdigestmd5_la_LIBADD) $(LIBS) libgs2.la: $(libgs2_la_OBJECTS) $(libgs2_la_DEPENDENCIES) $(LINK) $(libgs2_la_OBJECTS) $(libgs2_la_LIBADD) $(LIBS) libgssapiv2.la: $(libgssapiv2_la_OBJECTS) $(libgssapiv2_la_DEPENDENCIES) $(LINK) $(libgssapiv2_la_OBJECTS) $(libgssapiv2_la_LIBADD) $(LIBS) libkerberos4.la: $(libkerberos4_la_OBJECTS) $(libkerberos4_la_DEPENDENCIES) $(LINK) $(libkerberos4_la_OBJECTS) $(libkerberos4_la_LIBADD) $(LIBS) libldapdb.la: $(libldapdb_la_OBJECTS) $(libldapdb_la_DEPENDENCIES) $(LINK) $(libldapdb_la_OBJECTS) $(libldapdb_la_LIBADD) $(LIBS) liblogin.la: $(liblogin_la_OBJECTS) $(liblogin_la_DEPENDENCIES) $(LINK) $(liblogin_la_OBJECTS) $(liblogin_la_LIBADD) $(LIBS) libntlm.la: $(libntlm_la_OBJECTS) $(libntlm_la_DEPENDENCIES) $(LINK) $(libntlm_la_OBJECTS) $(libntlm_la_LIBADD) $(LIBS) libotp.la: $(libotp_la_OBJECTS) $(libotp_la_DEPENDENCIES) $(LINK) $(libotp_la_OBJECTS) $(libotp_la_LIBADD) $(LIBS) libpassdss.la: $(libpassdss_la_OBJECTS) $(libpassdss_la_DEPENDENCIES) $(LINK) $(libpassdss_la_OBJECTS) $(libpassdss_la_LIBADD) $(LIBS) libplain.la: $(libplain_la_OBJECTS) $(libplain_la_DEPENDENCIES) $(LINK) $(libplain_la_OBJECTS) $(libplain_la_LIBADD) $(LIBS) libsasldb.la: $(libsasldb_la_OBJECTS) $(libsasldb_la_DEPENDENCIES) $(LINK) $(libsasldb_la_OBJECTS) $(libsasldb_la_LIBADD) $(LIBS) libscram.la: $(libscram_la_OBJECTS) $(libscram_la_DEPENDENCIES) $(LINK) $(libscram_la_OBJECTS) $(libscram_la_LIBADD) $(LIBS) libsql.la: $(libsql_la_OBJECTS) $(libsql_la_DEPENDENCIES) $(libsql_la_LINK) $(libsql_la_OBJECTS) $(libsql_la_LIBADD) $(LIBS) libsrp.la: $(libsrp_la_OBJECTS) $(libsrp_la_DEPENDENCIES) $(LINK) $(libsrp_la_OBJECTS) $(libsrp_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/anonymous.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/anonymous_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cram.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crammd5_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digestmd5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/digestmd5_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gs2.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gs2_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gs2_token.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapi.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gssapiv2_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kerberos4.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kerberos4_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldapdb.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ldapdb_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/login_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntlm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntlm_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/otp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/otp_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passdss.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passdss_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plain.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plain_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sasldb.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sasldb_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scram.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scram_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srp_init.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) installdirs: for dir in "$(DESTDIR)$(sasldir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-saslLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-saslLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-saslLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-saslLTLIBRARIES ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-saslLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-saslLTLIBRARIES ${init_src}: $(srcdir)/makeinit.sh $(SHELL) $(srcdir)/makeinit.sh # Compatibility function build rules (they build in lib/) $(COMPAT_OBJS): rm -f $(COMPAT_OBJS) cd ../lib; $(MAKE) $(COMPAT_OBJS) for file in $(COMPAT_OBJS); do ln -s ../lib/$$file .; done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/utils/0000777000076400007640000000000011632367341012071 500000000000000cyrus-sasl-2.1.25/utils/smtptest.c0000646000076400007640000003166711306006127014041 00000000000000/* smtpauth.c -- authenticate to SMTP server, then give normal protocol * * uses sfio * */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_SYS_SELECT_H #include #endif #include #include #include "sfsasl.h" /* from OS: */ extern char *getpass(); extern struct hostent *gethostbyname(); static char *authname = NULL; static char *username = NULL; static char *realm = NULL; extern char *optarg; extern int optind; int verbose = 0; int emacs = 0; int iptostring(const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned outlen) { char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; int niflags; if(!addr || !out) return SASL_BADPARAM; niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (addr->sa_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif if (getnameinfo(addr, addrlen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags) != 0) return SASL_BADPARAM; if(outlen < strlen(hbuf) + strlen(pbuf) + 2) return SASL_BUFOVER; snprintf(out, outlen, "%s;%s", hbuf, pbuf); return SASL_OK; } void usage(char *p) { fprintf(stderr, "%s [-v] [-l] [-u username] [-a authname] [-s ssf] [-m mech] host[:port]\n", p); fprintf(stderr, " -v\tVerbose Output\n"); fprintf(stderr, " -l\tLMTP semantics\n"); exit(EX_USAGE); } #define ISGOOD(r) (((r) / 100) == 2) #define TEMPFAIL(r) (((r) / 100) == 4) #define PERMFAIL(r) (((r) / 100) == 5) #define ISCONT(s) (s && (s[3] == '-')) static int ask_code(const char *s) { int ret = 0; if (s==NULL) return -1; if (strlen(s) < 3) return -1; /* check to make sure 0-2 are digits */ if ((isdigit((int) s[0])==0) || (isdigit((int) s[1])==0) || (isdigit((int) s[2])==0)) { return -1; } ret = ((s[0]-'0')*100)+((s[1]-'0')*10)+(s[2]-'0'); return ret; } static void chop(char *s) { char *p; assert(s); p = s + strlen(s) - 1; if (p[0] == '\n') { *p-- = '\0'; } if (p >= s && p[0] == '\r') { *p-- = '\0'; } } void interaction (int id, const char *prompt, char **tresult, unsigned int *tlen) { char result[1024]; if (id==SASL_CB_PASS) { fprintf(stderr, "%s: ", prompt); *tresult = strdup(getpass("")); /* leaks! */ *tlen= strlen(*tresult); return; } else if (id==SASL_CB_USER) { if (username != NULL) { strcpy(result, username); } else { strcpy(result, getpwuid(getuid())->pw_name); } } else if (id==SASL_CB_AUTHNAME) { if (authname != NULL) { strcpy(result, authname); } else { strcpy(result, getpwuid(getuid())->pw_name); } } else if ((id==SASL_CB_GETREALM) && (realm != NULL)) { strcpy(result, realm); } else { int c; fprintf(stderr, "%s: ",prompt); fgets(result, sizeof(result) - 1, stdin); c = strlen(result); result[c - 1] = '\0'; } *tlen = strlen(result); *tresult = (char *) malloc(*tlen+1); /* leaks! */ memset(*tresult, 0, *tlen+1); memcpy((char *) *tresult, result, *tlen); } void fillin_interactions(sasl_interact_t *tlist) { while (tlist->id != SASL_CB_LIST_END) { interaction(tlist->id, tlist->prompt, (void *) &(tlist->result), &(tlist->len)); tlist++; } } static sasl_callback_t callbacks[] = { { SASL_CB_GETREALM, NULL, NULL }, { SASL_CB_USER, NULL, NULL }, { SASL_CB_AUTHNAME, NULL, NULL }, { SASL_CB_PASS, NULL, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; static sasl_security_properties_t *make_secprops(int min,int max) { sasl_security_properties_t *ret=(sasl_security_properties_t *) malloc(sizeof(sasl_security_properties_t)); ret->maxbufsize = 8192; ret->min_ssf = min; ret->max_ssf = max; ret->security_flags = 0; ret->property_names = NULL; ret->property_values = NULL; return ret; } Sfio_t *debug; int main(int argc, char **argv) { char *mechlist = NULL; const char *mechusing = NULL; int minssf = 0, maxssf = 128; char *p; Sfio_t *server_in, *server_out; sasl_conn_t *conn = NULL; sasl_interact_t *client_interact = NULL; char in[4096]; const char *out; unsigned int inlen, outlen; unsigned len; char out64[4096]; int c; char *host; struct servent *service; int port; struct hostent *hp; struct sockaddr_in addr; char remote_ip[64], local_ip[64]; int sock; char buf[1024]; int sz; char greeting[1024]; int code; int do_lmtp=0; int r = 0; debug = stderr; while ((c = getopt(argc, argv, "vElm:s:u:a:d:")) != EOF) { switch (c) { case 'm': mechlist = optarg; break; case 'l': do_lmtp = 1; break; case 's': maxssf = atoi(optarg); break; case 'u': username = optarg; break; case 'a': authname = optarg; break; case 'v': verbose++; break; case 'E': emacs++; break; case 'd': sprintf(buf, "%s-%d", optarg, getpid()); debug = sfopen(NULL, buf, "w"); sfsetbuf(debug, NULL, 0); break; case '?': default: usage(argv[0]); break; } } if (optind != argc - 1) { usage(argv[0]); } host = argv[optind]; p = strchr(host, ':'); if (p) { *p++ = '\0'; } else { if(do_lmtp) { p = "lmtp"; } else { p = "smtp"; } } service = getservbyname(p, "tcp"); if (service) { port = service->s_port; } else { port = atoi(p); if (!port) usage(argv[0]); port = htons(port); } if ((hp = gethostbyname(host)) == NULL) { perror("gethostbyname"); exit(EX_NOHOST); } if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("socket"); exit(EX_OSERR); } addr.sin_family = AF_INET; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = port; if (connect(sock, (struct sockaddr *) &addr, sizeof (addr)) < 0) { perror("connect"); exit(EX_NOHOST); } server_in = sfnew(NULL, NULL, SF_UNBOUND, sock, SF_READ); server_out = sfnew(NULL, NULL, SF_UNBOUND, sock, SF_WRITE); /* read greeting */ greeting[0] = '\0'; for (;;) { sfsync(server_out); if (fgets(buf, sizeof(buf)-1, server_in)) { if (greeting[0] == '\0') { strncpy(greeting, buf, sizeof(greeting) - 1); } if (verbose) fprintf(debug, "%s", buf); code = ask_code(buf); if (ISCONT(buf) && ISGOOD(code)) continue; } else { code = 400; } break; } if (!ISGOOD(code)) goto done; /* EHLO */ gethostname(buf, sizeof(buf)-1); if(do_lmtp) { if(verbose) fprintf(debug, "LHLO %s\r\n", buf); fprintf(server_out, "LHLO %s\r\n", buf); } else { if (verbose) fprintf(debug, "EHLO %s\r\n", buf); fprintf(server_out, "EHLO %s\r\n", buf); } /* read responses */ for (;;) { sfsync(server_out); if (!fgets(buf, sizeof(buf)-1, server_in)) { code = 400; goto done; } if (verbose) fprintf(debug, "%s", buf); code = ask_code(buf); if (code == 250) { /* we're only looking for AUTH */ if (!strncasecmp(buf + 4, "AUTH ", 5)) { chop(buf); if (!mechlist) mechlist = strdup(buf + 9); } } if (ISCONT(buf) && ISGOOD(code)) { continue; } else { break; } } if (!ISGOOD(code)) goto done; /* attempt authentication */ if (!mechlist) { if (verbose > 2) fprintf(debug, "no authentication\n"); goto doneauth; } if (!r) r = sasl_client_init(callbacks); if (!r) { struct sockaddr_in saddr_r; int addrsize = sizeof(struct sockaddr_in); if (getpeername(sock, (struct sockaddr *) &saddr_r, &addrsize) < 0) { perror("getpeername"); exit(EX_NOHOST); } r = iptostring((struct sockaddr *)&saddr_r, sizeof(struct sockaddr_in), remote_ip, 64); } if (!r) { struct sockaddr_in saddr_l; int addrsize = sizeof(struct sockaddr_in); if (getsockname(sock, (struct sockaddr *) &saddr_l, &addrsize) < 0) { perror("getsockname"); exit(EX_OSERR); } r = iptostring((struct sockaddr *)&saddr_l, sizeof(struct sockaddr_in), local_ip, 64); } if (!r) { if(do_lmtp) { r = sasl_client_new("lmtp", host, local_ip, remote_ip, NULL, 0, &conn); } else { r = sasl_client_new("smtp", host, local_ip, remote_ip, NULL, 0, &conn); } } if (!r) { sasl_security_properties_t *secprops = make_secprops(minssf, maxssf); r = sasl_setprop(conn, SASL_SEC_PROPS, secprops); free(secprops); } if (!r) { do { r = sasl_client_start(conn, mechlist, &client_interact, &out, &outlen, &mechusing); if (r == SASL_INTERACT) { fillin_interactions(client_interact); } } while (r == SASL_INTERACT); if (r == SASL_OK || r == SASL_CONTINUE) { if (outlen > 0) { r = sasl_encode64(out, outlen, out64, sizeof out64, NULL); if (!r) { if (verbose) fprintf(debug, "AUTH %s %s\r\n", mechusing, out64); fprintf(server_out, "AUTH %s %s\r\n", mechusing, out64); } } else { if (verbose) fprintf(debug, "AUTH %s\r\n", mechusing); fprintf(server_out, "AUTH %s\r\n", mechusing); } } else { fprintf(debug, "\nclient start failed: %s\n", sasl_errdetail(conn)); } } /* jump to doneauth if we succeed */ while (r == SASL_OK || r == SASL_CONTINUE) { sfsync(server_out); if (!fgets(buf, sizeof(buf)-1, server_in)) { code = 400; goto done; } if (verbose) fprintf(debug, "%s", buf); code = ask_code(buf); if (ISCONT(buf)) continue; if (ISGOOD(code)) { if (code != 235) { /* weird! */ } /* yay, we won! */ sfdcsasl(server_in, conn); sfdcsasl(server_out, conn); goto doneauth; } else if (code != 334) { /* unexpected response */ break; } len = strlen(buf); if (len > 0 && buf[len-1] == '\n') { buf[len-1] = '\0'; } r = sasl_decode64(buf + 4, strlen(buf) - 6, in, 4096, &inlen); if (r != SASL_OK) break; do { r = sasl_client_step(conn, in, inlen, &client_interact, &out, &outlen); if (r == SASL_INTERACT) { fillin_interactions(client_interact); } } while (r == SASL_INTERACT); if (r == SASL_OK || r == SASL_CONTINUE) { r = sasl_encode64(out, outlen, out64, sizeof out64, NULL); } if (r == SASL_OK) { if (verbose) fprintf(debug, "%s\r\n", out64); fprintf(server_out, "%s\r\n", out64); } } /* auth failed! */ if (!r) { fprintf(debug, "%d authentication failed\n", code); } else { fprintf(debug, "400 authentication failed: %s\n", sasl_errstring(r, NULL, NULL)); } exit(EX_SOFTWARE); doneauth: /* ready for application */ greeting[3] = '-'; printf("%s", greeting); printf("220 %s %s\r\n", host, conn ? "authenticated" : "no auth"); fcntl(0, F_SETFL, O_NONBLOCK); fcntl(sock, F_SETFL, O_NONBLOCK); sfset(stdin, SF_SHARE, 0); /* feed data back 'n forth */ for (;;) { Sfio_t *flist[3]; top: flist[0] = stdin; flist[1] = server_in; /* sfpoll */ if (verbose > 5) fprintf(debug, "poll\n"); r = sfpoll(flist, 2, -1); if (verbose > 5) fprintf(debug, "poll 2\n"); while (r--) { if (flist[r] == server_in) { do { if (verbose > 5) fprintf(debug, "server!\n"); errno = 0; sz = sfread(server_in, buf, sizeof(buf)-1); if (sz == 0 && (errno == EAGAIN)) goto top; if (sz <= 0) goto out; buf[sz] = '\0'; if (verbose > 5) fprintf(debug, "server 2 '%s'!\n", buf); sfwrite(stdout, buf, sz); } while (sfpoll(&server_in, 1, 0)); sfsync(stdout); } else if (flist[r] == stdin) { Sfio_t *p[1]; p[0] = stdin; do { if (verbose > 5) fprintf(debug, "stdin!\n"); errno = 0; sz = sfread(stdin, buf, sizeof(buf)-1); if (sz == 0 && (errno == EAGAIN)) goto top; if (sz <= 0) goto out; buf[sz] = '\0'; if (verbose > 5) fprintf(debug, "stdin 2 '%s'!\n", buf); if (emacs) { int i; /* fix emacs stupidness */ for (i = 0; i < sz - 1; i++) { if (buf[i] == '\n' && buf[i+1] == '\n') buf[i++] = '\r'; } if (buf[sz-2] != '\r' && buf[sz-1] == '\n') { sfungetc(stdin, buf[sz--]); buf[sz] = '\0'; } if (verbose > 5) fprintf(debug, "emacs '%s'!\n", buf); } sfwrite(server_out, buf, sz); if (verbose > 7) fprintf(debug, "stdin 3!\n"); } while (sfpoll(p, 1, 0)); sfsync(server_out); } else { abort(); } } } out: if (verbose > 3) fprintf(debug, "exiting! %d %s\n", sz, strerror(errno)); exit(EX_OK); done: if (ISGOOD(code)) { if (verbose > 1) fprintf(debug, "ok\n"); exit(EX_OK); } if (TEMPFAIL(code)) { if (verbose > 1) fprintf(debug, "tempfail\n"); exit(EX_TEMPFAIL); } if (PERMFAIL(code)) { if (verbose > 1) fprintf(debug, "permfail\n"); exit(EX_UNAVAILABLE); } if (verbose > 1) fprintf(debug, "unknown failure\n"); exit(EX_TEMPFAIL); } cyrus-sasl-2.1.25/utils/sfsasl.h0000666000076400007640000000355707622774141013473 00000000000000#ifndef SFSASL_H #define SFSASL_H /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include int sfdcsasl(Sfio_t *f, sasl_conn_t *conn); #endif cyrus-sasl-2.1.25/utils/sasldblistusers.c0000646000076400007640000001315311630151332015371 00000000000000/* sasldblistusers.c -- list users in sasldb * $Id: sasldblistusers.c,v 1.24 2011/09/01 14:12:18 mel Exp $ * Rob Siemborski * Tim Martin */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include "../sasldb/sasldb.h" #ifdef WIN32 #include __declspec(dllimport) char *optarg; __declspec(dllimport) int optind; #endif /* Cheating to make the utils work out right */ LIBSASL_VAR const sasl_utils_t *sasl_global_utils; char *sasldb_path = SASL_DB_PATH; const char *progname = NULL; int good_getopt(void *context __attribute__((unused)), const char *plugin_name __attribute__((unused)), const char *option, const char **result, unsigned *len) { if (sasldb_path && !strcmp(option, "sasldb_path")) { *result = sasldb_path; if (len) *len = (unsigned) strlen(sasldb_path); return SASL_OK; } return SASL_FAIL; } static struct sasl_callback goodsasl_cb[] = { { SASL_CB_GETOPT, (sasl_callback_ft)&good_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int main(int argc, char **argv) { int c; int result; sasl_conn_t *conn; int bad_option = 0; int display_usage = 0; const char *sasl_implementation; int libsasl_version; int libsasl_major; int libsasl_minor; int libsasl_step; if (! argv[0]) progname = "sasldblistusers2"; else { progname = strrchr(argv[0], HIER_DELIMITER); if (progname) progname++; else progname = argv[0]; } /* A single parameter not starting with "-" denotes sasldb to use */ if ((argc == 2) && argv[1][0] != '-') { sasldb_path = argv[1]; goto START_WORK; } while ((c = getopt(argc, argv, "vf:h?")) != EOF) { switch (c) { case 'f': sasldb_path = optarg; break; case 'h': bad_option = 0; display_usage = 1; break; case 'v': sasl_version (&sasl_implementation, &libsasl_version); libsasl_major = libsasl_version >> 24; libsasl_minor = (libsasl_version >> 16) & 0xFF; libsasl_step = libsasl_version & 0xFFFF; (void)fprintf(stderr, "\nThis product includes software developed by Computing Services\n" "at Carnegie Mellon University (http://www.cmu.edu/computing/).\n\n" "Built against SASL API version %u.%u.%u\n" "LibSasl version %u.%u.%u by \"%s\"\n", SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP, libsasl_major, libsasl_minor, libsasl_step, sasl_implementation); exit(0); break; default: bad_option = 1; display_usage = 1; break; } } if (optind != argc) display_usage = 1; if (display_usage) { fprintf(stderr, "\nThis product includes software developed by Computing Services\n" "at Carnegie Mellon University (http://www.cmu.edu/computing/).\n\n"); fprintf(stderr, "%s: usage: %s [-v] [[-f] sasldb]\n", progname, progname); fprintf(stderr, "\t-f sasldb\tuse given file as sasldb\n" "\t-v\tprint version numbers and exit\n"); if (bad_option) { fprintf(stderr, "Unrecognized command line option\n"); } return 1; } START_WORK: result = sasl_server_init(goodsasl_cb, "sasldblistusers"); if(result != SASL_OK) { fprintf(stderr, "Couldn't initialize server API\n"); return 1; } result = sasl_server_new("sasldb", "localhost", NULL, NULL, NULL, NULL, 0, &conn); if(_sasl_check_db(sasl_global_utils, conn) != SASL_OK) { fprintf(stderr, "check_db unsuccessful\n"); return 1; } if(_sasldb_listusers (sasl_global_utils, conn, NULL, NULL) != SASL_OK) { fprintf(stderr, "listusers failed\n"); } sasl_dispose(&conn); sasl_done(); return 0; } cyrus-sasl-2.1.25/utils/sfsasl.c0000666000076400007640000000643007622774141013457 00000000000000#include #include #include #include /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* sf discipline to add sasl */ typedef struct _sasldisc { Sfdisc_t disc; sasl_conn_t *conn; } Sasldisc_t; ssize_t sasl_read(Sfio_t *f, Void_t *buf, size_t size, Sfdisc_t *disc) { int len, result; const char *outbuf; int outlen; Sasldisc_t *sd = (Sasldisc_t *) disc; len = sfrd(f, buf, size, disc); if (len <= 0) return len; result = sasl_decode(sd->conn, buf, len, &outbuf, &outlen); if (result != SASL_OK) { /* eventually, we'll want an exception here */ return -1; } if (outbuf != NULL) { memcpy(buf, outbuf, outlen); } return outlen; } ssize_t sasl_write(Sfio_t *f, const Void_t *buf, size_t size, Sfdisc_t *disc) { int result; const char *outbuf; int outlen; Sasldisc_t *sd = (Sasldisc_t *) disc; result = sasl_encode(sd->conn, buf, size, &outbuf, &outlen); if (result != SASL_OK) { return -1; } if (outbuf != NULL) { sfwr(f, outbuf, outlen, disc); } return size; } int sfdcsasl(Sfio_t *f, sasl_conn_t *conn) { Sasldisc_t *sasl; if (conn == NULL) { /* no need to do anything */ return 0; } if(!(sasl = (Sasldisc_t*)malloc(sizeof(Sasldisc_t))) ) return -1; sasl->disc.readf = sasl_read; sasl->disc.writef = sasl_write; sasl->disc.seekf = NULL; sasl->disc.exceptf = NULL; sasl->conn = conn; if (sfdisc(f, (Sfdisc_t *) sasl) != (Sfdisc_t *) sasl) { free(sasl); return -1; } return 0; } cyrus-sasl-2.1.25/utils/dbconverter-2.c0000666000076400007640000002427207622774141014644 00000000000000/* dbconverter-2.c -- convert libsasl v1 sasldb's to SASLv2 format * $Id: dbconverter-2.c,v 1.8 2003/02/13 19:56:17 rjs3 Exp $ * Rob Siemborski * based on SASLv1 sasldblistusers */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include "../sasldb/sasldb.h" /* Cheating to make the utils work out right */ extern const sasl_utils_t *sasl_global_utils; sasl_conn_t *globalconn; typedef void *listcb_t(const char *, const char *, const char *, const char *, unsigned); void listusers_cb(const char *authid, const char *realm, const char *mechanism, const char *secret, unsigned seclen) { char newPropBuffer[8192]; if (!authid || !mechanism || !realm) { fprintf(stderr,"userlist callback has bad param"); return; } /* the entries that just say the mechanism exists */ if (strlen(authid)==0) return; printf("Converting: %s@%s (%s)...",authid,realm,mechanism); /* Maybe we have a plaintext password? */ if(!strcmp(mechanism,"PLAIN-APOP")) { sprintf(newPropBuffer, "userPassword"); /* Skip salt + NULL */ secret = secret + 17; seclen -= 17; } else { sprintf(newPropBuffer, "cmusaslsecret%s", mechanism); } _sasldb_putdata(sasl_global_utils, globalconn, authid, realm, newPropBuffer, secret, seclen); printf("ok\n"); } /* * List all users in database */ #if defined(SASL_GDBM) #include #include #include int listusers(const char *path, listcb_t *cb) { GDBM_FILE indb; datum dkey, nextkey, dvalue; indb = gdbm_open((char *)path, 0, GDBM_READER, S_IRUSR | S_IWUSR, NULL); if (!indb) { fprintf(stderr, "can't open %s\n", path); return 1; } memset(&dkey, 0, sizeof(datum)); dkey = gdbm_firstkey(indb); while (dkey.dptr != NULL) { char *authid = dkey.dptr; char *realm = dkey.dptr+strlen(authid)+1; char *tmp = realm + strlen(realm)+1; char mech[1024]; int len = dkey.dsize - (tmp - ((char *)dkey.dptr)); if (len >= (int) sizeof mech) { fprintf(stderr, "malformed database entry\n"); break; } memcpy(mech, tmp, len); mech[dkey.dsize - (tmp - dkey.dptr)] = '\0'; dvalue = gdbm_fetch(indb, dkey); if (*authid && dvalue.dptr) { /* don't check return values */ cb(authid,realm,mech,dvalue.dptr,dvalue.dsize); } nextkey=gdbm_nextkey(indb, dkey); dkey=nextkey; } gdbm_close(indb); return 0; } #elif defined(SASL_NDBM) #include #include #include int listusers(const char *path, listcb_t *cb) { DBM *indb; datum dkey, nextkey, dvalue; indb = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR); if (!indb) { fprintf(stderr, "can't open %s\n", path); return 1; } dkey = dbm_firstkey(indb); while (dkey.dptr != NULL) { char *authid = dkey.dptr; char *realm = dkey.dptr+strlen(authid)+1; char *tmp = realm + strlen(realm)+1; char mech[1024]; int len = dkey.dsize - (tmp - ((char *)dkey.dptr)); if (len >= (int) sizeof mech) { fprintf(stderr, "malformed database entry\n"); break; } memcpy(mech, tmp, len); mech[dkey.dsize - (tmp - ((char *)dkey.dptr))] = '\0'; dvalue = dbm_fetch(indb, dkey); if (*authid && dvalue.dptr) { /* don't check return values */ cb(authid,realm,mech,dvalue.dptr,dvalue.dsize); } nextkey=dbm_nextkey(indb); dkey=nextkey; } dbm_close(indb); return 0; } #elif defined(SASL_BERKELEYDB) #include /* * Open the database * */ static int berkeleydb_open(const char *path,DB **mbdb) { int ret; #if DB_VERSION_MAJOR < 3 ret = db_open(path, DB_HASH, DB_CREATE, 0664, NULL, NULL, mbdb); #else /* DB_VERSION_MAJOR < 3 */ ret = db_create(mbdb, NULL, 0); if (ret == 0 && *mbdb != NULL) { #if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); #else ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664); #endif if (ret != 0) { (void) (*mbdb)->close(*mbdb, 0); *mbdb = NULL; } } #endif /* DB_VERSION_MAJOR < 3 */ if (ret != 0) { fprintf(stderr,"Error opening password file %s\n", path); return SASL_FAIL; } return SASL_OK; } /* * Close the database * */ static void berkeleydb_close(DB *mbdb) { int ret; ret = mbdb->close(mbdb, 0); if (ret!=0) { fprintf(stderr,"error closing sasldb: %s", db_strerror(ret)); } } int listusers(const char *path, listcb_t *cb) { int result; DB *mbdb = NULL; DBC *cursor; DBT key, data; /* open the db */ result=berkeleydb_open(path, &mbdb); if (result!=SASL_OK) goto cleanup; /* make cursor */ #if DB_VERSION_MAJOR < 3 #if DB_VERSION_MINOR < 6 result = mbdb->cursor(mbdb, NULL,&cursor); #else result = mbdb->cursor(mbdb, NULL,&cursor, 0); #endif /* DB_VERSION_MINOR < 7 */ #else /* DB_VERSION_MAJOR < 3 */ result = mbdb->cursor(mbdb, NULL,&cursor, 0); #endif /* DB_VERSION_MAJOR < 3 */ if (result!=0) { fprintf(stderr,"Making cursor failure: %s\n",db_strerror(result)); result = SASL_FAIL; goto cleanup; } memset(&key,0, sizeof(key)); memset(&data,0,sizeof(data)); /* loop thru */ result = cursor->c_get(cursor, &key, &data, DB_FIRST); while (result != DB_NOTFOUND) { char *authid; char *realm; char *tmp; unsigned int len; char mech[1024]; int numnulls = 0; unsigned int lup; /* make sure there are exactly 2 null's */ for (lup=0;lupc_get(cursor, &key, &data, DB_NEXT); continue; } authid = key.data; realm = authid + strlen(authid)+1; tmp = realm + strlen(realm)+1; len = key.size - (tmp - authid); /* make sure we have enough space of mech */ if (len >=sizeof(mech)) { fprintf(stderr,"warning: absurdly long mech name\n"); result = cursor->c_get(cursor, &key, &data, DB_NEXT); continue; } memcpy(mech, tmp, key.size - (tmp - ((char *)key.data))); mech[key.size - (tmp - ((char *)key.data))] = '\0'; if (*authid) { /* don't check return values */ cb(authid,realm,mech,data.data,data.size); } result = cursor->c_get(cursor, &key, &data, DB_NEXT); } if (result != DB_NOTFOUND) { fprintf(stderr,"failure: %s\n",db_strerror(result)); result = SASL_FAIL; goto cleanup; } result = cursor->c_close(cursor); if (result!=0) result = SASL_FAIL; result = SASL_OK; cleanup: if (mbdb != NULL) berkeleydb_close(mbdb); return result; } #else /* ARGSUSED */ int listusers(const char *path __attribute__((unused)), listcb_t *cb __attribute__((unused))) { fprintf(stderr,"Unsupported DB format"); exit(1); } #endif char *db_new=SASL_DB_PATH; int good_getopt(void *context __attribute__((unused)), const char *plugin_name __attribute__((unused)), const char *option, const char **result, unsigned *len) { if (db_new && !strcmp(option, "sasldb_path")) { *result = db_new; if (len) *len = strlen(db_new); return SASL_OK; } return SASL_FAIL; } static struct sasl_callback goodsasl_cb[] = { { SASL_CB_GETOPT, &good_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int main(int argc, char **argv) { const char *db="/etc/sasldb"; int result; if (argc > 1) { db = argv[1]; if(argc > 2) { db_new = argv[2]; } } result = sasl_server_init(goodsasl_cb, "dbconverter"); if (result != SASL_OK) { printf("couldn't init saslv2\n"); return 1; } result = sasl_server_new("sasldb", "localhost", NULL, NULL, NULL, NULL, 0, &globalconn); if (result != SASL_OK) { printf("couldn't create globalconn\n"); return 1; } if(_sasl_check_db(sasl_global_utils,globalconn) != SASL_OK) { printf("target DB %s is not OK\n", db_new); return 1; } printf("\nThis program will take the sasldb file specified on the\n" "command line and convert it to a new sasldb file in the default\n" "location (usually /etc/sasldb). It is STRONGLY RECOMMENDED that you\n" "backup sasldb before allowing this program to run\n\n" "We are going to convert %s and our output will be in %s\n\n" "Press return to continue\n", db, db_new); getchar(); listusers(db, (listcb_t *) &listusers_cb); sasl_dispose(&globalconn); sasl_done(); exit(0); } cyrus-sasl-2.1.25/utils/NTMakefile0000646000076400007640000000525011306006127013701 00000000000000!INCLUDE ..\win32\common.mak sasl_apps=saslpasswd2.exe sasldblistusers2.exe testsuite.exe pluginviewer.exe sasl_out=saslpasswd2.pdb sasldblistusers2.pdb testsuite.pdb pluginviewer.pdb saslpwd_objs = saslpasswd.obj sasldblistusers_objs = sasldblistusers.obj testsuite_objs = testsuite.obj pluginviewer_objs = pluginviewer.obj all_objs = $(saslpwd_objs) $(sasldblistusers_objs) $(testsuite_objs) $(pluginviewer_objs) all_out = $(sasl_apps) $(sasl_out) DB_FLAGS = /I $(DB_INCLUDE) /I "..\sasldb" CPPFLAGS = /I "..\win32\include" /I "." /I "..\include" $(DB_FLAGS) /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" CPPFLAGS = $(CPPFLAGS) /DNEED_GETOPT DB_LIBS=/libpath:$(DB_LIBPATH) $(DB_LIB) SASL_LIB=/libpath:"..\lib" libsasl.lib SASL_DB_LIB=/libpath:"..\plugins" saslSASLDB.lib # EXTRA_LIBS is automatically included into LINK32EXE_FLAGS/LINK32DLL_FLAGS EXTRA_LIBS=$(SASL_LIB) # Where to install files from this directory bindir = $(prefix)\bin all : all-recursive # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # # In order to force xcopy not to confirm if the second parameter is file or directory, # the first parameter has to contain a wildcard character. For example, we use libsasl.l*, # instead of libsasl.lib. Ugly, but works! # # Note, that we will copy all executabless here, not just $(sasl_apps). This is a bug, but it allows # us to copy optionally built executables, which might not be in $(sasl_apps). The latter is a feature. # install: $(sasl_apps) @xcopy *.exe $(bindir) /I /F /Y all-recursive : $(sasl_apps) saslpasswd2.exe: $(saslpwd_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"saslpasswd2.pdb" /out:"saslpasswd2.exe" $(saslpwd_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 sasldblistusers2.exe: $(sasldblistusers_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) $(SASL_DB_LIB) /pdb:"sasldblistusers2.pdb" /out:"sasldblistusers2.exe" $(sasldblistusers_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 testsuite.exe: $(testsuite_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"testsuite.pdb" /out:"testsuite.exe" $(testsuite_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 pluginviewer.exe: $(pluginviewer_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"pluginviewer.pdb" /out:"pluginviewer.exe" $(pluginviewer_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 CLEAN : -@erase $(all_objs) -@erase "*.idb" -@erase "*.pch" -@erase "*.pdb" -@erase "*.manifest" -@erase $(all_out) .c.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cpp.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cxx.obj:: $(CPP) @<< $(CPP_PROJ) $< << cyrus-sasl-2.1.25/utils/pluginviewer.80000646000076400007640000000752711306006127014621 00000000000000.\" pluginviewer.8 -- pluginviewer man page .\" Alexey Melnikov .\" .\" Copyright (c) 2006 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name ""Carnegie Mellon University"" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" ""This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."" .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH PLUGINVIEWER 8 "Apr 10, 2006" "CMU SASL" .SH NAME pluginviewer \- list loadable SASL plugins and their properties .SH SYNOPSIS .B pluginviewer .RB [ -a ] .RB [ -s ] .RB [ -c ] .RB [ -b\ min=N,max=N ] .RB [ -e\ ssf=N,id=ID ] .RB [ -m\ MECHS ] .RB [ -x\ AUXPROP_MECH ] .RB [ -f\ FLAGS ] .RB [ -p\ PATH ] .SH DESCRIPTION .I pluginviewer can be used by a server administrator to troubleshoot SASL installations. The utility can list loadable (properly configured) client and server side plugins, as well as auxprop plugins. . .SH OPTIONS .TP .B -a List auxprop plugins. .TP .B -s List server authentication (SASL) plugins. .TP .B -c List client authentication (SASL) plugins. .TP .B -b min=N1,max=N2 List client authentication (SASL) plugins. Strength of the SASL security layer in bits. min=N1 specifies the minumum strength to use (1 => integrity protection). max=N2 specifies the maximum strength to use. Only SASL mechanisms which support security layer with strength M such that N1 <= M <= N2 will be shown. .TP .B -e ssf=N,id=ID Assume that an external security layer (e.g. TLS) with N-bit strength is installed. The ID is the authentication identity used by the external security layer. .TP .B -m MECHS Limit listed SASL plugins to the ones included in the MECHS (space separated) list. .TP .B -x AUXPROP_MECHS Limit listed auxprop plugins to the one listed in the AUXPROP_MECHS (space separated) list. .TP .B -f FLAGS Set security flags. FLAGS is a comma separated list of one or more of the following security flags: noplain (SASL mechanism doesn\'t send password in the clear during authentication), noactive (require protection from active attacks), nodict (require mechanisms which are secure against passive dictionary attacks), forwardsec (require forward secrecy), passcred (require mechanisms that can delegate client credentials), maximum (require all security flags). .TP .B -p PATH Specifies a colon-separated search path for plugins. .SH SEE ALSO .TP rfc4422 \- Simple Authentication and Security Layer (SASL) cyrus-sasl-2.1.25/utils/sasldblistusers2.80000646000076400007640000000467211306006127015407 00000000000000.\" sasldblistusers - List users in sasldb file .\" Tim Martin 3/8/00 .\" .\" Copyright (c) 2000 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name ""Carnegie Mellon University"" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" ""This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."" .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH SASLDBLISTUSERS2 8 "March 7, 2005" "CMU SASL" .SH NAME sasldblistusers2 \- list users in sasldb .SH SYNOPSIS .B sasldblistusers2 .RB [ -f\ file ] .RB [ -v ] .SH DESCRIPTION .I sasldblistusers2 is used to list the users in the SASL password database (usually /etc/sasldb2). This will NOT list all the users in /etc/passwd, shadow, PAM, etc. only those created by SASL (via \fIsaslpasswd2\fR). .SH OPTIONS .TP .B -f file use .B file for sasldb .TP .B -v Print libsasl2 version number and exit. .SH SEE ALSO saslpasswd2(8) .TP rfc4422 \- Simple Authentication and Security Layer (SASL) cyrus-sasl-2.1.25/utils/testsuite.c0000646000076400007640000023244611630151332014204 00000000000000/* testsuite.c -- Stress the library a little * Rob Siemborski * Tim Martin * $Id: testsuite.c,v 1.48 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * To create a krb5 srvtab file given a krb4 srvtab * * ~/> ktutil * ktutil: rst /etc/srvtab * ktutil: wkt /etc/krb5.keytab * ktutil: q */ /* * TODO [FIXME]: * put in alloc() routines that fail occasionally. */ #include #include #include #include #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #ifndef WIN32 #include #include #include #include #include #endif #ifdef WIN32 __declspec(dllimport) char *optarg; __declspec(dllimport) int optind; __declspec(dllimport) int getsubopt(char **optionp, char * const *tokens, char **valuep); #endif char myhostname[1024+1]; #define MAX_STEPS 7 /* maximum steps any mechanism takes */ #define CLIENT_TO_SERVER "Hello. Here is some stuff" #define REALLY_LONG_LENGTH 32000 #define REALLY_LONG_BACKOFF 2000 const char *username = "murch"; const char *nonexistant_username = "ABCDEFGHIJ"; const char *authname = "murch"; const char *proxyasname = "murchproxy"; const char *password = "1234"; sasl_secret_t * g_secret = NULL; const char *cu_plugin = "INTERNAL"; char other_result[1024]; int proxyflag = 0; static const char *gssapi_service = "host"; /* our types of failures */ typedef enum { NOTHING = 0, ONEBYTE_RANDOM, /* replace one byte with something random */ ONEBYTE_NULL, /* replace one byte with a null */ ONEBYTE_QUOTES, /* replace one byte with a double quote (try to fuck with digest-md5) */ ONLY_ONE_BYTE, /* send only one byte */ ADDSOME, /* add some random bytes onto the end */ SHORTEN, /* shorten the string some */ REASONABLE_RANDOM, /* send same size but random */ REALLYBIG, /* send something absurdly large all random */ NEGATIVE_LENGTH, /* send negative length */ CORRUPT_SIZE /* keep this one last */ } corrupt_type_t; const char *corrupt_types[] = { "NOTHING", "ONEBYTE_RANDOM", "ONEBYTE_NULL", "ONEBYTE_QUOTES", "ONLY_ONE_BYTE", "ADDSOME", "SHORTEN", "REASONABLE_RANDOM", "REALLYBIG", "NEGATIVE_LENGTH", "CORRUPT_SIZE" }; void fatal(char *str) { printf("Failed with: %s\n",str); exit(3); } /* interactions we support */ static sasl_callback_t client_interactions[] = { { SASL_CB_GETREALM, NULL, NULL }, { SASL_CB_USER, NULL, NULL }, { SASL_CB_AUTHNAME, NULL, NULL }, { SASL_CB_PASS, NULL, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int test_getrealm(void *context __attribute__((unused)), int id, const char **availrealms __attribute__((unused)), const char **result) { if(id != SASL_CB_GETREALM) fatal("test_getrealm not looking for realm"); if(!result) return SASL_BADPARAM; *result = myhostname; return SASL_OK; } int test_getsecret(sasl_conn_t *conn __attribute__((unused)), void *context __attribute__((unused)), int id, sasl_secret_t **psecret) { if(id != SASL_CB_PASS) fatal("test_getsecret not looking for pass"); if(!psecret) return SASL_BADPARAM; *psecret = g_secret; return SASL_OK; } int test_getsimple(void *context __attribute__((unused)), int id, const char **result, unsigned *len) { if(!result) return SASL_BADPARAM; if (id==SASL_CB_USER && proxyflag == 0) { *result=(char *) username; } else if (id==SASL_CB_USER && proxyflag == 1) { *result=(char *) proxyasname; } else if (id==SASL_CB_AUTHNAME) { *result=(char *) authname; } else { printf("I want %d\n", id); fatal("unknown callback in test_getsimple"); } if (len) *len = (unsigned) strlen(*result); return SASL_OK; } /* callbacks we support */ static sasl_callback_t client_callbacks[] = { { SASL_CB_GETREALM, (sasl_callback_ft)test_getrealm, NULL }, { SASL_CB_USER, (sasl_callback_ft)test_getsimple, NULL }, { SASL_CB_AUTHNAME, (sasl_callback_ft)test_getsimple, NULL }, { SASL_CB_PASS, (sasl_callback_ft)test_getsecret, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; typedef void *foreach_t(char *mech, void *rock); typedef struct tosend_s { corrupt_type_t type; /* type of corruption to make */ int step; /* step it should send bogus data on */ sasl_callback_t *client_callbacks; /* which client callbacks to use */ } tosend_t; typedef struct mem_info { void *addr; size_t size; struct mem_info *next; } mem_info_t; int DETAILED_MEMORY_DEBUGGING = 0; mem_info_t *head = NULL; #ifndef WITH_DMALLOC void *test_malloc(size_t size) { void *out; mem_info_t *new_data; out = malloc(size); if(DETAILED_MEMORY_DEBUGGING) fprintf(stderr, " %p = malloc(%u)\n", out, (unsigned) size); if(out) { new_data = malloc(sizeof(mem_info_t)); if(!new_data) return out; new_data->addr = out; new_data->size = size; new_data->next = head; head = new_data; } return out; } void *test_realloc(void *ptr, size_t size) { void *out; mem_info_t **prev, *cur; out = realloc(ptr, size); if(DETAILED_MEMORY_DEBUGGING) fprintf(stderr, " %p = realloc(%p,%d)\n", out, ptr, size); prev = &head; cur = head; while(cur) { if(cur->addr == ptr) { cur->addr = out; cur->size = size; return out; } prev = &cur->next; cur = cur->next; } if(DETAILED_MEMORY_DEBUGGING && cur == NULL) { fprintf(stderr, " MEM WARNING: reallocing something we never allocated!\n"); cur = malloc(sizeof(mem_info_t)); if(!cur) return out; cur->addr = out; cur->size = size; cur->next = head; head = cur; } return out; } void *test_calloc(size_t nmemb, size_t size) { void *out; mem_info_t *new_data; out = calloc(nmemb, size); if(DETAILED_MEMORY_DEBUGGING) fprintf(stderr, " %p = calloc(%d, %d)\n", out, nmemb, size); if(out) { new_data = malloc(sizeof(mem_info_t)); if(!new_data) return out; new_data->addr = out; new_data->size = size; new_data->next = head; head = new_data; } return out; } void test_free(void *ptr) { mem_info_t **prev, *cur; if(DETAILED_MEMORY_DEBUGGING) fprintf(stderr, " free(%p)\n", ptr); prev = &head; cur = head; while(cur) { if(cur->addr == ptr) { *prev = cur->next; free(cur); break; } prev = &cur->next; cur = cur->next; } if(DETAILED_MEMORY_DEBUGGING && cur == NULL) { fprintf(stderr, " MEM WARNING: Freeing something we never allocated!\n"); } free(ptr); } #endif /* WITH_DMALLOC */ int mem_stat() { #ifndef WITH_DMALLOC mem_info_t *cur; size_t n; unsigned char *data; if(!head) { fprintf(stderr, " All memory accounted for!\n"); return SASL_OK; } fprintf(stderr, " Currently Still Allocated:\n"); for(cur = head; cur; cur = cur->next) { fprintf(stderr, " %p (%5d)\t", cur->addr, cur->size); for(data = (unsigned char *) cur->addr, n = 0; n < (cur->size > 12 ? 12 : cur->size); n++) { if (isprint((int) data[n])) fprintf(stderr, "'%c' ", (char) data[n]); else fprintf(stderr, "%02X ", data[n] & 0xff); } if (n < cur->size) fprintf(stderr, "..."); fprintf(stderr, "\n"); } return SASL_FAIL; #else return SASL_OK; #endif /* WITH_DMALLOC */ } /************* End Memory Allocation functions ******/ /* my mutex functions */ int g_mutex_cnt = 0; typedef struct my_mutex_s { int num; int val; } my_mutex_t; void *my_mutex_new(void) { my_mutex_t *ret = (my_mutex_t *)malloc(sizeof(my_mutex_t)); ret->num = g_mutex_cnt; g_mutex_cnt++; ret->val = 0; return ret; } int my_mutex_lock(my_mutex_t *m) { if (m->val != 0) { fatal("Trying to lock a mutex already locked [single-threaded app]"); } m->val = 1; return SASL_OK; } int my_mutex_unlock(my_mutex_t *m) { if (m->val != 1) { fatal("Unlocking mutex that isn't locked"); } m->val = 0; return SASL_OK; } void my_mutex_dispose(my_mutex_t *m) { if (m==NULL) return; free(m); return; } int good_getopt(void *context __attribute__((unused)), const char *plugin_name __attribute__((unused)), const char *option, const char **result, unsigned *len) { if (strcmp(option,"pwcheck_method")==0) { *result = "auxprop"; if (len) *len = (unsigned) strlen("auxprop"); return SASL_OK; } else if (!strcmp(option, "auxprop_plugin")) { *result = "sasldb"; if (len) *len = (unsigned) strlen("sasldb"); return SASL_OK; } else if (!strcmp(option, "sasldb_path")) { *result = "./sasldb"; if (len) *len = (unsigned) strlen("./sasldb"); return SASL_OK; } else if (!strcmp(option, "canon_user_plugin")) { *result = cu_plugin; if (len) *len = (unsigned) strlen(*result); return SASL_OK; } return SASL_FAIL; } static struct sasl_callback goodsasl_cb[] = { { SASL_CB_GETOPT, (sasl_callback_ft)&good_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int givebadpath(void * context __attribute__((unused)), char ** path) { int lup; *path = malloc(10000); strcpy(*path,"/tmp/is/not/valid/path/"); for (lup = 0;lup<1000;lup++) strcat(*path,"a/"); return SASL_OK; } static struct sasl_callback withbadpathsasl_cb[] = { { SASL_CB_GETPATH, (sasl_callback_ft)&givebadpath, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int giveokpath(void * context __attribute__((unused)), const char ** path) { *path = "/tmp/"; return SASL_OK; } static struct sasl_callback withokpathsasl_cb[] = { { SASL_CB_GETPATH, (sasl_callback_ft)&giveokpath, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; static struct sasl_callback emptysasl_cb[] = { { SASL_CB_LIST_END, NULL, NULL } }; static int proxy_authproc(sasl_conn_t *conn, void *context __attribute__((unused)), const char *requested_user, unsigned rlen __attribute__((unused)), const char *auth_identity, unsigned alen __attribute__((unused)), const char *def_realm __attribute__((unused)), unsigned urlen __attribute__((unused)), struct propctx *propctx __attribute__((unused))) { if(!strcmp(auth_identity, authname) && !strcmp(requested_user, proxyasname)) return SASL_OK; if(!strcmp(auth_identity, requested_user)) { printf("Warning: Authenticated name but DID NOT proxy (%s/%s)\n", requested_user, auth_identity); return SASL_OK; } sasl_seterror(conn, SASL_NOLOG, "authorization failed: %s by %s", requested_user, auth_identity); return SASL_BADAUTH; } static struct sasl_callback goodsaslproxy_cb[] = { { SASL_CB_PROXY_POLICY, (sasl_callback_ft)&proxy_authproc, NULL }, { SASL_CB_GETOPT, (sasl_callback_ft)&good_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; char really_long_string[REALLY_LONG_LENGTH]; /* * Setup some things for test */ void init(unsigned int seed) { int lup; int result; srand(seed); for (lup=0;lupdec produces same as original */ for (lup=0;lup<(int) sizeof(orig);lup++) orig[lup] = (char) (rand() % 256); if (sasl_encode64(orig, sizeof(orig), enc, sizeof(enc), &encsize)!=SASL_OK) fatal("encode64 failed when we didn't expect it to"); if (sasl_decode64(enc, encsize, enc, 8192, &encsize)!=SASL_OK) fatal("decode64 failed when we didn't expect it to"); if (encsize != sizeof(orig)) fatal("Now has different size"); for (lup=0;lup<(int) sizeof(orig);lup++) if (enc[lup] != orig[lup]) fatal("enc64->dec64 doesn't match"); /* try to get a SASL_BUFOVER */ if (sasl_encode64(orig, sizeof(orig)-1, enc, 10, &encsize)!=SASL_BUFOVER) fatal("Expected SASL_BUFOVER"); /* pass some bad params */ if (sasl_encode64(NULL, 10, enc, sizeof(enc), &encsize)==SASL_OK) fatal("Said ok to null data"); if (sasl_encode64(orig, sizeof(orig), enc, sizeof(enc), NULL)!=SASL_OK) fatal("Didn't allow null return size"); /* New tests in 2.1.22 */ for (lup=0;lup<(int) sizeof(orig);lup++) { enc[lup] = 'A'; } if (sasl_decode64(enc, 3, orig, 8192, &encsize) != SASL_CONTINUE) fatal("decode64 succeded on a 3 byte buffer when it shouldn't have"); enc[3] = '\r'; enc[4] = '\n'; if (sasl_decode64(enc, 4, orig, 8192, &encsize) == SASL_OK) fatal("decode64 succeded on a 4 byte buffer with a bare CR"); if (sasl_decode64(enc, 5, orig, 8192, &encsize) == SASL_OK) fatal("decode64 succeded on a 5 byte buffer with CRLF"); enc[2] = '='; enc[3] = '='; enc[4] = '='; if (sasl_decode64(enc, 4, orig, 8192, &encsize) != SASL_OK) fatal("decode64 failed on a 4 byte buffer with a terminating ="); if (sasl_decode64(enc, 5, orig, 8192, &encsize) != SASL_BADPROT) fatal("decode64 did not return SASL_CONTINUE on a 5 byte buffer with a terminating ="); /* Test for invalid character after the terminating '=' */ enc[3] = '*'; if (sasl_decode64(enc, 4, orig, 8192, &encsize) == SASL_OK) fatal("decode64 failed on a 4 byte buffer with invalid character a terminating ="); /* Test for '=' in the middle of an encoded string */ enc[3] = 'B'; if (sasl_decode64(enc, 4, orig, 8192, &encsize) == SASL_OK) fatal("decode64 succeed on a 4 byte buffer with a data after a terminating ="); if (sasl_decode64(enc, 0, orig, 8192, &encsize) != SASL_OK) fatal("decode64 should have succeeded on an empty buffer"); } /* This isn't complete, but then, what in the testsuite is? */ void test_props(void) { int result; struct propval foobar[3]; struct propctx *ctx, *dupctx; const char *requests[] = { "userPassword", "userName", "homeDirectory", "uidNumber", "gidNumber", NULL }; const char *more_requests[] = { "a", "b", "c", "defghijklmnop", NULL }; const char *short_requests[] = { "userPassword", "userName", "BAD", NULL }; ctx = prop_new(2); if(!ctx) { fatal("no new prop context"); } if(prop_request(NULL, requests) == SASL_OK) fatal("prop_request w/NULL context succeeded"); if(prop_request(ctx, NULL) == SASL_OK) fatal("prop_request w/NULL request list succeeded"); result = prop_request(ctx, requests); if(result != SASL_OK) fatal("prop request failed"); /* set some values */ prop_set(ctx, "uidNumber", really_long_string, 0); prop_set(ctx, "userPassword", "pw1", 0); prop_set(ctx, "userPassword", "pw2", 0); prop_set(ctx, "userName", "rjs3", 0); prop_set(ctx, NULL, "tmartin", 0); /* and request some more (this resets values) */ prop_request(ctx, more_requests); /* and set some more... */ prop_set(ctx, "c", really_long_string, 0); prop_set(ctx, "b", really_long_string, 0); prop_set(ctx, "userPassword", "pw1b", 0); prop_set(ctx, "userPassword", "pw2b", 0); prop_set(ctx, "userName", "rjs3b", 0); prop_set(ctx, NULL, "tmartinagain", 0); if(prop_set(ctx, "gah", "ack", 0) == SASL_OK) { printf("setting bad property name succeeded\n"); exit(1); } result = prop_getnames(ctx, short_requests, foobar); if(result < 0) fatal("prop_getnames failed"); if(strcmp(foobar[0].name, short_requests[0])) fatal("prop_getnames item 0 wrong name"); if(strcmp(foobar[1].name, short_requests[1])) fatal("prop_getnames item 1 wrong name"); if(foobar[2].name) fatal("prop_getnames returned an item 2"); if(strcmp(foobar[0].values[0], "pw1b")) fatal("prop_getnames item 1a wrong value"); if(strcmp(foobar[0].values[1], "pw2b")) fatal("prop_getnames item 1b wrong value"); if(strcmp(foobar[1].values[0], "rjs3b")) fatal("prop_getnames item 2a wrong value"); if(strcmp(foobar[1].values[1], "tmartinagain")) fatal("prop_getnames item 2b wrong value"); result = prop_dup(ctx, &dupctx); if(result != SASL_OK) fatal("could not duplicate"); prop_clear(ctx, 1); result = prop_getnames(ctx, short_requests, foobar); if(result < 0) fatal("prop_getnames failed second time"); if(foobar[0].name) fatal("it appears that prop_clear failed"); result = prop_getnames(dupctx, short_requests, foobar); if(result < 0) fatal("prop_getnames failed second time"); if(!foobar[0].name) fatal("prop_clear appears to have affected dup'd context"); prop_clear(dupctx, 0); result = prop_getnames(dupctx, short_requests, foobar); if(result < 0) fatal("prop_getnames failed second time"); if(!foobar[0].name || strcmp(foobar[0].name, short_requests[0])) fatal("prop_clear appears to have cleared too much"); prop_dispose(&ctx); prop_dispose(&dupctx); if(ctx != NULL) fatal("ctx not null after prop_dispose"); } void interaction (int id, const char *prompt, const char **tresult, unsigned int *tlen) { if (id==SASL_CB_PASS) { *tresult=(char *) password; } else if (id==SASL_CB_USER && proxyflag == 0) { *tresult=(char *) username; } else if (id==SASL_CB_USER && proxyflag == 1) { *tresult=(char *) proxyasname; } else if (id==SASL_CB_AUTHNAME) { *tresult=(char *) authname; } else if ((id==SASL_CB_GETREALM)) { *tresult=(char *) myhostname; } else { size_t c; printf("%s: ",prompt); fgets(other_result, sizeof(other_result) - 1, stdin); c = strlen(other_result); other_result[c - 1] = '\0'; *tresult=other_result; } *tlen = (unsigned int) strlen(*tresult); } void fillin_correctly(sasl_interact_t *tlist) { while (tlist->id!=SASL_CB_LIST_END) { interaction(tlist->id, tlist->prompt, (void *) &(tlist->result), &(tlist->len)); tlist++; } } const sasl_security_properties_t security_props = { 0, 256, 8192, 0, NULL, NULL }; void set_properties(sasl_conn_t *conn, const sasl_security_properties_t *props) { if(!props) { if (sasl_setprop(conn, SASL_SEC_PROPS, &security_props) != SASL_OK) fatal("sasl_setprop() failed - default properties"); } else { if (sasl_setprop(conn, SASL_SEC_PROPS, props) != SASL_OK) fatal("sasl_setprop() failed"); } if (sasl_setprop(conn, SASL_AUTH_EXTERNAL, authname)!=SASL_OK) fatal("sasl_setprop(SASL_AUTH_EXTERNAL) failed"); } /* * This corrupts the string for us */ void corrupt(corrupt_type_t type, char *in, int inlen, char **out, unsigned *outlen) { unsigned lup; switch (type) { case NOTHING: *out = in; *outlen = inlen; break; case ONEBYTE_RANDOM: /* corrupt one byte */ if (inlen>0) in[ (rand() % inlen) ] = (char) (rand() % 256); *out = in; *outlen = inlen; break; case ONEBYTE_NULL: if (inlen>0) in[ (rand() % inlen) ] = '\0'; *out = in; *outlen = inlen; break; case ONEBYTE_QUOTES: if (inlen>0) in[ (rand() % inlen) ] = '"'; *out = in; *outlen = inlen; break; case ONLY_ONE_BYTE: *out = (char *) malloc(1); (*out)[0] = (char) (rand() % 256); *outlen = 1; break; case ADDSOME: *outlen = inlen+ (rand() % 100); *out = (char *) malloc(*outlen); memcpy( *out, in, inlen); for (lup=inlen;lup<*outlen;lup++) (*out)[lup] = (char) (rand() %256); break; case SHORTEN: if (inlen > 0) { *outlen = 0; while(*outlen == 0) *outlen = (rand() % inlen); *out = (char *) malloc(*outlen); memcpy(*out, in, *outlen); } else { *outlen = inlen; *out = in; } break; case REASONABLE_RANDOM: *outlen = inlen; if(*outlen != 0) *out = (char *) malloc(*outlen); else *out = malloc(1); for (lup=0;lup<*outlen;lup++) (*out)[lup] = (char) (rand() % 256); break; case REALLYBIG: *outlen = rand() % 50000; *out = (char *) malloc( *outlen); for (lup=0;lup<*outlen;lup++) (*out)[lup] = (char) (rand() % 256); break; case NEGATIVE_LENGTH: *out = in; if (inlen == 0) inlen = 10; *outlen = -1 * (rand() % inlen); break; default: fatal("Invalid corruption type"); break; } } void sendbadsecond(char *mech, void *rock) { int result, need_another_client = 0; sasl_conn_t *saslconn; sasl_conn_t *clientconn; const char *out, *dec, *out2; char *tmp; unsigned outlen, declen, outlen2; sasl_interact_t *client_interact=NULL; const char *mechusing; const char *service = "rcmd"; int mystep = 0; /* what step in the authentication are we on */ int mayfail = 0; /* we did some corruption earlier so it's likely to fail now */ tosend_t *send = (tosend_t *)rock; struct sockaddr_in addr; struct hostent *hp; char buf[8192]; int reauth = 1; printf("%s --> start\n",mech); if (strcmp(mech,"GSSAPI")==0) service = gssapi_service; if (sasl_client_init(client_interactions)!=SASL_OK) fatal("Unable to init client"); if (sasl_server_init(goodsasl_cb,"TestSuite")!=SASL_OK) fatal("unable to init server"); if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); fatal("can't gethostbyname"); } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); reauth: /* loop back for reauth testing */ sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 23); /* client new connection */ if (sasl_client_new(service, myhostname, buf, buf, NULL, 0, &clientconn)!= SASL_OK) fatal("sasl_client_new() failure"); set_properties(clientconn, NULL); if (sasl_server_new(service, myhostname, NULL, buf, buf, NULL, 0, &saslconn) != SASL_OK) { fatal("can't sasl_server_new"); } set_properties(saslconn, NULL); do { result = sasl_client_start(clientconn, mech, &client_interact, &out, &outlen, &mechusing); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if(result == SASL_CONTINUE) need_another_client = 1; else if(result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { printf("%s - \n",sasl_errdetail(clientconn)); fatal("sasl_client_start() error"); } if (mystep == send->step && outlen) { memcpy(buf, out, outlen); corrupt(send->type, buf, outlen, &tmp, &outlen); out = tmp; mayfail = 1; } result = sasl_server_start(saslconn, mech, out, outlen, &out, &outlen); if (mayfail) { if (result >= SASL_OK) printf("WARNING: We did a corruption but it still worked\n"); else { goto done; } } else { if (result < 0) { printf("%s\n",sasl_errstring(result,NULL,NULL)); fatal("sasl_server_start() error"); } } mystep++; while (result == SASL_CONTINUE) { if (mystep == send->step) { memcpy(buf,out,outlen); corrupt(send->type, buf, outlen, &tmp, &outlen); out = tmp; mayfail = 1; } do { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if (result == SASL_CONTINUE) need_another_client = 1; else if (result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (mayfail == 1) { if (result >= 0) printf("WARNING: We did a corruption but it still worked\n"); else { goto done; } } else { if (result < 0) { printf("%s\n",sasl_errstring(result,NULL,NULL)); fatal("sasl_client_step() error"); } } out=out2; outlen=outlen2; mystep++; if (mystep == send->step) { memcpy(buf, out, outlen); corrupt(send->type, buf, outlen, &tmp, &outlen); out = tmp; mayfail = 1; } result = sasl_server_step(saslconn, out, outlen, &out, &outlen); if (mayfail == 1) { if (result >= 0) printf("WARNING: We did a corruption but it still worked\n"); else { goto done; } } else { if (result < 0) { printf("%s\n",sasl_errstring(result,NULL,NULL)); fatal("sasl_server_step() error"); } } mystep++; } if(need_another_client) { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if(result != SASL_OK) fatal("client was not ok on last server step"); } if (reauth) { sasl_dispose(&clientconn); sasl_dispose(&saslconn); reauth = 0; goto reauth; } /* client to server */ result = sasl_encode(clientconn, CLIENT_TO_SERVER, (unsigned) strlen(CLIENT_TO_SERVER), &out, &outlen); if (result != SASL_OK) fatal("Error encoding"); if (mystep == send->step) { memcpy(buf, out, outlen); corrupt(send->type, buf, outlen, &tmp, &outlen); out = tmp; mayfail = 1; } result = sasl_decode(saslconn, out, outlen, &dec, &declen); if (mayfail == 1) { if (result >= 0) printf("WARNING: We did a corruption but it still worked\n"); else { goto done; } } else { if (result < 0) { printf("%s\n",sasl_errstring(result,NULL,NULL)); fatal("sasl_decode() failure"); } } mystep++; /* no need to do other direction since symetric */ /* Just verify oparams */ if(sasl_getprop(saslconn, SASL_USERNAME, (const void **)&out) != SASL_OK) { fatal("couldn't get server username"); goto done; } if(sasl_getprop(clientconn, SASL_USERNAME, (const void **)&out2) != SASL_OK) { fatal("couldn't get client username"); goto done; } if(strcmp(out,out2)) { fatal("client username does not match server username"); goto done; } printf("%s --> %s (as %s)\n",mech,sasl_errstring(result,NULL,NULL),out); done: sasl_dispose(&clientconn); sasl_dispose(&saslconn); sasl_done(); } /* Authenticate two sasl_conn_t's to eachother, validly. * used to test the security layer */ int doauth(char *mech, sasl_conn_t **server_conn, sasl_conn_t **client_conn, const sasl_security_properties_t *props, sasl_callback_t *c_calls, int fail_ok) { int result, need_another_client = 0; sasl_conn_t *saslconn; sasl_conn_t *clientconn; const char *out, *out2; unsigned outlen, outlen2; sasl_interact_t *client_interact=NULL; const char *mechusing; const char *service = "rcmd"; struct sockaddr_in addr; struct hostent *hp; char buf[8192]; if(!server_conn || !client_conn) return SASL_BADPARAM; if (strcmp(mech,"GSSAPI")==0) service = gssapi_service; result = sasl_client_init((c_calls ? c_calls : client_interactions)); if (result!=SASL_OK) { if(!fail_ok) fatal("Unable to init client"); else return result; } if(proxyflag == 0) { result = sasl_server_init(goodsasl_cb,"TestSuite"); } else { result = sasl_server_init(goodsaslproxy_cb,"TestSuite"); } if(result != SASL_OK) { if(!fail_ok) fatal("unable to init server"); else return result; } if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); if(!fail_ok) fatal("can't gethostbyname"); else return SASL_FAIL; } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); /* client new connection */ result = sasl_client_new(service, myhostname, buf, buf, NULL, 0, &clientconn); if(result != SASL_OK) { if(!fail_ok) fatal("sasl_client_new() failure"); else return result; } /* Set the security properties */ set_properties(clientconn, props); result = sasl_server_new(service, myhostname, NULL, buf, buf, NULL, 0, &saslconn); if(result != SASL_OK) { if(!fail_ok) fatal("can't sasl_server_new"); else return result; } set_properties(saslconn, props); do { result = sasl_client_start(clientconn, mech, &client_interact, &out, &outlen, &mechusing); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if(result == SASL_CONTINUE) need_another_client = 1; else if(result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { if(!fail_ok) fatal("sasl_client_start() error"); else return result; } result = sasl_server_start(saslconn, mech, out, outlen, &out, &outlen); if (result < 0) { if(!fail_ok) fatal("sasl_server_start() error"); else return result; } while (result == SASL_CONTINUE) { do { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if (result == SASL_CONTINUE) need_another_client = 1; else if (result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { if(!fail_ok) fatal("sasl_client_step() error"); else return result; } out=out2; outlen=outlen2; result = sasl_server_step(saslconn, out, outlen, &out, &outlen); if (result < 0) { if(!fail_ok) fatal("sasl_server_step() error"); else return result; } } if(need_another_client) { if(!fail_ok) fatal("server-last not allowed, but need another client call"); else return SASL_BADPROT; } *server_conn = saslconn; *client_conn = clientconn; return SASL_OK; } /* Authenticate two sasl_conn_t's to eachother, validly. * without allowing client-send-first */ int doauth_noclientfirst(char *mech, sasl_conn_t **server_conn, sasl_conn_t **client_conn, const sasl_security_properties_t *props, sasl_callback_t *c_calls) { int result, need_another_client = 0; sasl_conn_t *saslconn; sasl_conn_t *clientconn; const char *out, *out2; unsigned outlen, outlen2; sasl_interact_t *client_interact=NULL; const char *mechusing; const char *service = "rcmd"; struct sockaddr_in addr; struct hostent *hp; char buf[8192]; if(!server_conn || !client_conn) return SASL_BADPARAM; if (strcmp(mech,"GSSAPI")==0) service = gssapi_service; if (sasl_client_init((c_calls ? c_calls : client_interactions))!=SASL_OK) fatal("Unable to init client"); if (sasl_server_init(goodsasl_cb,"TestSuite")!=SASL_OK) fatal("unable to init server"); if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); fatal("can't gethostbyname"); } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); /* client new connection */ if (sasl_client_new(service, myhostname, buf, buf, NULL, 0, &clientconn)!= SASL_OK) fatal("sasl_client_new() failure"); /* Set the security properties */ set_properties(clientconn, props); if (sasl_server_new(service, myhostname, NULL, buf, buf, NULL, 0, &saslconn) != SASL_OK) { fatal("can't sasl_server_new"); } set_properties(saslconn, props); do { result = sasl_client_start(clientconn, mech, &client_interact, NULL, NULL, &mechusing); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if(result == SASL_CONTINUE) need_another_client = 1; else if(result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { fatal("sasl_client_start() error"); } result = sasl_server_start(saslconn, mech, NULL, 0, &out, &outlen); if (result < 0) { fatal("sasl_server_start() error"); } while (result == SASL_CONTINUE) { do { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if (result == SASL_CONTINUE) need_another_client = 1; else if (result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { fatal("sasl_client_step() error"); } out=out2; outlen=outlen2; result = sasl_server_step(saslconn, out, outlen, &out, &outlen); if (result < 0) { fatal("sasl_server_step() error"); } } if(need_another_client) { fatal("server-last not allowed, but need another client call"); } *server_conn = saslconn; *client_conn = clientconn; return SASL_OK; } /* Authenticate two sasl_conn_t's to eachother, validly. * used to test the security layer */ int doauth_serverlast(char *mech, sasl_conn_t **server_conn, sasl_conn_t **client_conn, const sasl_security_properties_t *props, sasl_callback_t *c_calls) { int result, need_another_client = 0; sasl_conn_t *saslconn; sasl_conn_t *clientconn; const char *out, *out2; unsigned outlen, outlen2; sasl_interact_t *client_interact=NULL; const char *mechusing; const char *service = "rcmd"; struct sockaddr_in addr; struct hostent *hp; char buf[8192]; if(!server_conn || !client_conn) return SASL_BADPARAM; if (strcmp(mech,"GSSAPI")==0) service = gssapi_service; if (sasl_client_init((c_calls ? c_calls : client_interactions))!=SASL_OK) fatal("unable to init client"); if (sasl_server_init(goodsasl_cb,"TestSuite")!=SASL_OK) fatal("unable to init server"); if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); fatal("can't gethostbyname"); } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); /* client new connection */ if (sasl_client_new(service, myhostname, buf, buf, NULL, SASL_SUCCESS_DATA, &clientconn)!= SASL_OK) fatal("sasl_client_new() failure"); /* Set the security properties */ set_properties(clientconn, props); if (sasl_server_new(service, myhostname, NULL, buf, buf, NULL, SASL_SUCCESS_DATA, &saslconn) != SASL_OK) { fatal("can't sasl_server_new"); } set_properties(saslconn, props); do { result = sasl_client_start(clientconn, mech, &client_interact, &out, &outlen, &mechusing); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if(result == SASL_CONTINUE) need_another_client = 1; else if(result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { fatal("sasl_client_start() error"); } result = sasl_server_start(saslconn, mech, out, outlen, &out, &outlen); if (result < 0) { fatal("sasl_server_start() error"); } while (result == SASL_CONTINUE) { do { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if (result == SASL_CONTINUE) need_another_client = 1; else if (result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { fatal("sasl_client_step() error"); } out=out2; outlen=outlen2; result = sasl_server_step(saslconn, out, outlen, &out, &outlen); if (result < 0) { fatal("sasl_server_step() error"); } } if(need_another_client) { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if(result != SASL_OK) fatal("client was not ok on last server step"); } *server_conn = saslconn; *client_conn = clientconn; return SASL_OK; } /* Authenticate two sasl_conn_t's to eachother, validly. * without allowing client-send-first */ int doauth_noclientfirst_andserverlast(char *mech, sasl_conn_t **server_conn, sasl_conn_t **client_conn, const sasl_security_properties_t *props, sasl_callback_t *c_calls) { int result, need_another_client = 0; sasl_conn_t *saslconn; sasl_conn_t *clientconn; const char *out, *out2; unsigned outlen, outlen2; sasl_interact_t *client_interact=NULL; const char *mechusing; const char *service = "rcmd"; struct sockaddr_in addr; struct hostent *hp; char buf[8192]; if(!server_conn || !client_conn) return SASL_BADPARAM; if (strcmp(mech,"GSSAPI")==0) service = gssapi_service; if (sasl_client_init((c_calls ? c_calls : client_interactions))!=SASL_OK) fatal("unable to init client"); if (sasl_server_init(goodsasl_cb,"TestSuite")!=SASL_OK) fatal("unable to init server"); if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); fatal("can't gethostbyname"); } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); /* client new connection */ if (sasl_client_new(service, myhostname, buf, buf, NULL, SASL_SUCCESS_DATA, &clientconn)!= SASL_OK) fatal("sasl_client_new() failure"); /* Set the security properties */ set_properties(clientconn, props); if (sasl_server_new(service, myhostname, NULL, buf, buf, NULL, SASL_SUCCESS_DATA, &saslconn) != SASL_OK) { fatal("can't sasl_server_new"); } set_properties(saslconn, props); do { result = sasl_client_start(clientconn, mech, &client_interact, NULL, NULL, &mechusing); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if(result == SASL_CONTINUE) need_another_client = 1; else if(result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { fatal("sasl_client_start() error"); } result = sasl_server_start(saslconn, mech, NULL, 0, &out, &outlen); if (result < 0) { fatal("sasl_server_start() error"); } while (result == SASL_CONTINUE) { do { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if (result == SASL_INTERACT) fillin_correctly(client_interact); else if (result == SASL_CONTINUE) need_another_client = 1; else if (result == SASL_OK) need_another_client = 0; } while (result == SASL_INTERACT); if (result < 0) { fatal("sasl_client_step() error"); } out=out2; outlen=outlen2; result = sasl_server_step(saslconn, out, outlen, &out, &outlen); if (result < 0) { fatal("sasl_server_step() error"); } } if(need_another_client) { result = sasl_client_step(clientconn, out, outlen, &client_interact, &out2, &outlen2); if(result != SASL_OK) fatal("client was not ok on last server step"); } *server_conn = saslconn; *client_conn = clientconn; return SASL_OK; } void cleanup_auth(sasl_conn_t **client, sasl_conn_t **server) { sasl_dispose(client); sasl_dispose(server); sasl_done(); } const sasl_security_properties_t int_only = { 0, 1, 8192, 0, NULL, NULL }; const sasl_security_properties_t force_des = { 0, 55, 8192, 0, NULL, NULL }; const sasl_security_properties_t force_rc4_56 = { 0, 56, 8192, 0, NULL, NULL }; const sasl_security_properties_t force_3des = { 0, 112, 8192, 0, NULL, NULL }; const sasl_security_properties_t no_int = { 2, 256, 8192, 0, NULL, NULL }; const sasl_security_properties_t disable_seclayer = { 0, 256, 0, 0, NULL, NULL }; void do_proxypolicy_test(char *mech, void *rock __attribute__((unused))) { sasl_conn_t *sconn, *cconn; const char *username; printf("%s --> start\n", mech); proxyflag = 1; if(doauth(mech, &sconn, &cconn, &security_props, NULL, 0) != SASL_OK) { fatal("doauth failed in do_proxypolicy_test"); } if(sasl_getprop(sconn, SASL_USERNAME, (const void **)&username) != SASL_OK) { fatal("getprop failed in do_proxypolicy_test"); } if(strcmp(username, proxyasname)) { printf("Warning: Server Authorization Name != proxyasuser\n"); } cleanup_auth(&cconn, &sconn); proxyflag = 0; printf("%s --> successful result\n",mech); } void test_clientfirst(char *mech, void *rock) { sasl_conn_t *sconn, *cconn; tosend_t *tosend = (tosend_t *)rock; printf("%s --> start\n", mech); /* Basic crash-tests (none should cause a crash): */ if(doauth(mech, &sconn, &cconn, &security_props, tosend->client_callbacks, 0) != SASL_OK) { fatal("doauth failed in test_clientfirst"); } cleanup_auth(&cconn, &sconn); printf("%s --> successful result\n", mech); } void test_noclientfirst(char *mech, void *rock) { sasl_conn_t *sconn, *cconn; tosend_t *tosend = (tosend_t *)rock; printf("%s --> start\n", mech); /* Basic crash-tests (none should cause a crash): */ if(doauth_noclientfirst(mech, &sconn, &cconn, &security_props, tosend->client_callbacks) != SASL_OK) { fatal("doauth failed in test_noclientfirst"); } cleanup_auth(&cconn, &sconn); printf("%s --> successful result\n", mech); } void test_serverlast(char *mech, void *rock) { sasl_conn_t *sconn, *cconn; tosend_t *tosend = (tosend_t *)rock; printf("%s --> start\n", mech); /* Basic crash-tests (none should cause a crash): */ if(doauth_serverlast(mech, &sconn, &cconn, &security_props, tosend->client_callbacks) != SASL_OK) { fatal("doauth failed in test_serverlast"); } cleanup_auth(&cconn, &sconn); printf("%s --> successful result\n", mech); } void test_noclientfirst_andserverlast(char *mech, void *rock) { sasl_conn_t *sconn, *cconn; tosend_t *tosend = (tosend_t *)rock; printf("%s --> start\n", mech); /* Basic crash-tests (none should cause a crash): */ if(doauth_noclientfirst_andserverlast(mech, &sconn, &cconn, &security_props, tosend->client_callbacks) != SASL_OK) { fatal("doauth failed in test_noclientfirst_andserverlast"); } cleanup_auth(&cconn, &sconn); printf("%s --> successful result\n", mech); } void testseclayer(char *mech, void *rock __attribute__((unused))) { sasl_conn_t *sconn, *cconn; int result; char buf[8192], buf2[8192]; const char *txstring = "THIS IS A TEST"; const char *out, *out2; char *tmp; const sasl_security_properties_t *test_props[7] = { &security_props, &force_3des, &force_rc4_56, &force_des, &int_only, &no_int, &disable_seclayer }; const unsigned num_properties = 7; unsigned i; const sasl_ssf_t *this_ssf; unsigned outlen = 0, outlen2 = 0, totlen = 0; printf("%s --> security layer start\n", mech); for(i=0; imin_ssf > 0) { printf(" Testing SSF: SKIPPED (requested minimum > 0: %d)\n", test_props[i]->min_ssf); cleanup_auth(&sconn, &cconn); continue; } else if(result != SASL_OK) { fatal("doauth failed in testseclayer"); } if(sasl_getprop(cconn, SASL_SSF, (const void **)&this_ssf) != SASL_OK) { fatal("sasl_getprop in testseclayer"); } if(*this_ssf != 0 && !test_props[i]->maxbufsize) { fatal("got nonzero SSF with zero maxbufsize"); } printf(" SUCCESS Testing SSF: %d (requested %d/%d with maxbufsize: %d)\n", (unsigned)(*this_ssf), test_props[i]->min_ssf, test_props[i]->max_ssf, test_props[i]->maxbufsize); if(!test_props[i]->maxbufsize) { result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, &outlen); if(result == SASL_OK) { fatal("got OK when encoding with zero maxbufsize"); } result = sasl_decode(sconn, "foo", 3, &out, &outlen); if(result == SASL_OK) { fatal("got OK when decoding with zero maxbufsize"); } cleanup_auth(&sconn, &cconn); continue; } sasl_encode(NULL, txstring, (unsigned) strlen(txstring), &out, &outlen); sasl_encode(cconn, NULL, (unsigned) strlen(txstring), &out, &outlen); sasl_encode(cconn, txstring, 0, &out, &outlen); sasl_encode(cconn, txstring, (unsigned) strlen(txstring), NULL, &outlen); sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, NULL); sasl_decode(NULL, txstring, (unsigned) strlen(txstring), &out, &outlen); sasl_decode(cconn, NULL, (unsigned) strlen(txstring), &out, &outlen); sasl_decode(cconn, txstring, 0, &out, &outlen); sasl_decode(cconn, txstring, (unsigned)-1, &out, &outlen); sasl_decode(cconn, txstring, (unsigned) strlen(txstring), NULL, &outlen); sasl_decode(cconn, txstring, (unsigned) strlen(txstring), &out, NULL); cleanup_auth(&sconn, &cconn); /* Basic I/O Test */ if(doauth(mech, &sconn, &cconn, test_props[i], NULL, 0) != SASL_OK) { fatal("doauth failed in testseclayer"); } result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, &outlen); if(result != SASL_OK) { fatal("basic sasl_encode failure"); } result = sasl_decode(sconn, out, outlen, &out, &outlen); if(result != SASL_OK) { fatal("basic sasl_decode failure"); } cleanup_auth(&sconn, &cconn); /* Split one block and reassemble */ if(doauth(mech, &sconn, &cconn, test_props[i], NULL, 0) != SASL_OK) { fatal("doauth failed in testseclayer"); } result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, &outlen); if(result != SASL_OK) { fatal("basic sasl_encode failure (2)"); } memcpy(buf, out, 5); buf[5] = '\0'; out += 5; result = sasl_decode(sconn, buf, 5, &out2, &outlen2); if(result != SASL_OK) { printf("Failed with: %s\n", sasl_errstring(result, NULL, NULL)); fatal("sasl_decode failure part 1/2"); } memset(buf2, 0, 8192); if(outlen2) memcpy(buf2, out2, outlen2); result = sasl_decode(sconn, out, outlen - 5, &out, &outlen); if(result != SASL_OK) { fatal("sasl_decode failure part 2/2"); } strcat(buf2, out); if(strcmp(buf2, txstring)) { printf("Exptected '%s' but got '%s'\n", txstring, buf2); fatal("did not get correct string back after 2 sasl_decodes"); } cleanup_auth(&sconn, &cconn); /* Combine 2 blocks */ if(doauth(mech, &sconn, &cconn, test_props[i], NULL, 0) != SASL_OK) { fatal("doauth failed in testseclayer"); } result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, &outlen); if(result != SASL_OK) { fatal("basic sasl_encode failure (3)"); } memcpy(buf, out, outlen); tmp = buf + outlen; totlen = outlen; result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, &outlen); if(result != SASL_OK) { fatal("basic sasl_encode failure (4)"); } memcpy(tmp, out, outlen); totlen += outlen; result = sasl_decode(sconn, buf, totlen, &out, &outlen); if(result != SASL_OK) { printf("Failed with: %s\n", sasl_errstring(result, NULL, NULL)); fatal("sasl_decode failure (2 blocks)"); } sprintf(buf2, "%s%s", txstring, txstring); if(strcmp(out, buf2)) { fatal("did not get correct string back (2 blocks)"); } cleanup_auth(&sconn, &cconn); /* Combine 2 blocks with 1 split */ if(doauth(mech, &sconn, &cconn, test_props[i], NULL, 0) != SASL_OK) { fatal("doauth failed in testseclayer"); } result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out, &outlen); if(result != SASL_OK) { fatal("basic sasl_encode failure (3)"); } memcpy(buf, out, outlen); tmp = buf + outlen; result = sasl_encode(cconn, txstring, (unsigned) strlen(txstring), &out2, &outlen2); if(result != SASL_OK) { fatal("basic sasl_encode failure (4)"); } memcpy(tmp, out2, 5); tmp[5] = '\0'; outlen += 5; outlen2 -= 5; out2 += 5; result = sasl_decode(sconn, buf, outlen, &out, &outlen); if(result != SASL_OK) { printf("Failed with: %s\n", sasl_errstring(result, NULL, NULL)); fatal("sasl_decode failure 1/2 (2 blocks, 1 split)"); } memset(buf2, 0, 8192); memcpy(buf2, out, outlen); tmp = buf2 + outlen; result = sasl_decode(sconn, out2, outlen2, &out, &outlen); if(result != SASL_OK) { printf("Failed with: %s\n", sasl_errstring(result, NULL, NULL)); fatal("sasl_decode failure 2/2 (2 blocks, 1 split)"); } memcpy(tmp, out, outlen); sprintf(buf, "%s%s", txstring, txstring); if(strcmp(buf, buf2)) { fatal("did not get correct string back (2 blocks, 1 split)"); } cleanup_auth(&sconn, &cconn); } /* for each properties type we want to test */ printf("%s --> security layer OK\n", mech); } /* * Apply the given function to each machanism */ void foreach_mechanism(foreach_t *func, void *rock) { const char *out; char *str, *start; sasl_conn_t *saslconn; int result; struct sockaddr_in addr; struct hostent *hp; unsigned len; char buf[8192]; /* Get the list of mechanisms */ sasl_done(); if (sasl_server_init(emptysasl_cb,"TestSuite")!=SASL_OK) fatal("sasl_server_init failed in foreach_mechanism"); if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); fatal("can't gethostbyname"); } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); if (sasl_server_new("rcmd", myhostname, NULL, buf, buf, NULL, 0, &saslconn) != SASL_OK) { fatal("sasl_server_new in foreach_mechanism"); } if (sasl_setprop(saslconn, SASL_AUTH_EXTERNAL, authname)!=SASL_OK) fatal("sasl_setprop(SASL_AUTH_EXTERNAL) failed"); result = sasl_listmech(saslconn, NULL, "", "\n", "", &out, &len, NULL); if(result != SASL_OK) { fatal("sasl_listmech in foreach_mechanism"); } memcpy(buf, out, len + 1); sasl_dispose(&saslconn); sasl_done(); /* call the function for each mechanism */ start = str = buf; while (*start != '\0') { while ((*str != '\n') && (*str != '\0')) str++; if (*str == '\n') { *str = '\0'; str++; } func(start, rock); start = str; } } void test_serverstart() { int result; sasl_conn_t *saslconn; const char *out; unsigned outlen; struct sockaddr_in addr; struct hostent *hp; char buf[8192]; if (sasl_server_init(emptysasl_cb,"TestSuite")!=SASL_OK) fatal("can't sasl_server_init in test_serverstart"); if ((hp = gethostbyname(myhostname)) == NULL) { perror("gethostbyname"); fatal("can't gethostbyname in test_serverstart"); } addr.sin_family = 0; memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); if (sasl_server_new("rcmd", myhostname, NULL, buf, buf, NULL, 0, &saslconn) != SASL_OK) { fatal("can't sasl_server_new in test_serverstart"); } /* Test null connection */ result = sasl_server_start(NULL, "foobar", NULL, 0, NULL, NULL); if (result == SASL_OK) fatal("Said ok to null sasl_conn_t in sasl_server_start()"); /* send plausible but invalid mechanism */ result = sasl_server_start(saslconn, "foobar", NULL, 0, &out, &outlen); if (result == SASL_OK) fatal("Said ok to invalid mechanism"); /* send really long and invalid mechanism */ result = sasl_server_start(saslconn, really_long_string, NULL, 0, &out, &outlen); if (result == SASL_OK) fatal("Said ok to invalid mechanism"); sasl_dispose(&saslconn); sasl_done(); } void test_rand_corrupt(unsigned steps) { unsigned lup; tosend_t tosend; for (lup=0;luph_addr, hp->h_length); addr.sin_port = htons(0); sprintf(buf,"%s;%d", inet_ntoa(addr.sin_addr), 0); if (sasl_server_new("rcmd", myhostname, NULL, buf, buf, NULL, 0, &saslconn) != SASL_OK) fatal("can't sasl_server_new in create_ids"); /* Try to set password then check it */ result = sasl_setpass(saslconn, username, password, (unsigned) strlen(password), NULL, 0, SASL_SET_CREATE); if (result != SASL_OK) { printf("error was %s (%d)\n",sasl_errstring(result,NULL,NULL),result); fatal("Error setting password. Do we have write access to sasldb?"); } result = sasl_checkpass(saslconn, username, (unsigned) strlen(username), password, (unsigned) strlen(password)); if (result != SASL_OK) { fprintf(stderr, "%s\n", sasl_errdetail(saslconn)); fatal("Unable to verify password we just set"); } result = sasl_user_exists(saslconn, "imap", NULL, username); if(result != SASL_OK) fatal("sasl_user_exists did not find user"); result = sasl_user_exists(saslconn, "imap", NULL, nonexistant_username); if(result == SASL_OK) fatal("sasl_user_exists found nonexistant username"); /* Test sasl_checkapop */ #ifdef DO_SASL_CHECKAPOP _sasl_MD5Init(&ctx); _sasl_MD5Update(&ctx,challenge,strlen(challenge)); _sasl_MD5Update(&ctx,password,strlen(password)); _sasl_MD5Final(digest, &ctx); /* convert digest from binary to ASCII hex */ for (i = 0; i < 16; i++) sprintf(digeststr + (i*2), "%02x", digest[i]); sprintf(buf, "%s %s", username, digeststr); result = sasl_checkapop(saslconn, challenge, strlen(challenge), buf, strlen(buf)); if(result != SASL_OK) fatal("Unable to checkapop password we just set"); /* End checkapop test */ #else /* Just check that checkapop is really turned off */ if(sasl_checkapop(saslconn, NULL, 0, NULL, 0) == SASL_OK) fatal("sasl_checkapop seems to work but was disabled at compile time"); #endif /* now delete user and make sure can't find him anymore */ result = sasl_setpass(saslconn, username, password, (unsigned) strlen(password), NULL, 0, SASL_SET_DISABLE); if (result != SASL_OK) fatal("Error disabling password. Do we have write access to sasldb?"); result = sasl_checkpass(saslconn, username, (unsigned) strlen(username), password, (unsigned) strlen(password)); if (result == SASL_OK) { printf("\n WARNING: sasl_checkpass got SASL_OK after disableing\n"); printf(" This is generally ok, just an artifact of sasldb\n"); printf(" being an external verifier\n"); } #ifdef DO_SASL_CHECKAPOP /* And checkapop... */ result = sasl_checkapop(saslconn, challenge, strlen(challenge), buf, strlen(buf)); if (result == SASL_OK) { printf("\n WARNING: sasl_checkapop got SASL_OK after disableing\n"); printf(" This is generally ok, just an artifact of sasldb\n"); printf(" being an external verifier\n"); } #endif /* try bad params */ if (sasl_setpass(NULL,username, password, (unsigned) strlen(password), NULL, 0, SASL_SET_CREATE)==SASL_OK) fatal("Didn't specify saslconn"); if (sasl_setpass(saslconn,username, password, 0, NULL, 0, SASL_SET_CREATE)==SASL_OK) fatal("Allowed password of zero length"); if (sasl_setpass(saslconn,username, password, (unsigned) strlen(password), NULL, 0, 43)==SASL_OK) fatal("Gave weird code"); #ifndef SASL_NDBM if (sasl_setpass(saslconn,really_long_string, password, (unsigned)strlen(password), NULL, 0, SASL_SET_CREATE)!=SASL_OK) fatal("Didn't allow really long username"); #else printf("WARNING: skipping sasl_setpass() on really_long_string with NDBM\n"); #endif if (sasl_setpass(saslconn,"bob",really_long_string, (unsigned) strlen(really_long_string),NULL, 0, SASL_SET_CREATE)!=SASL_OK) fatal("Didn't allow really long password"); result = sasl_setpass(saslconn,"frank", password, (unsigned) strlen(password), NULL, 0, SASL_SET_DISABLE); if ((result!=SASL_NOUSER) && (result!=SASL_OK)) { printf("error = %d\n",result); fatal("Disabling non-existant didn't return SASL_NOUSER"); } /* Now set the user again (we use for rest of program) */ result = sasl_setpass(saslconn, username, password, (unsigned) strlen(password), NULL, 0, SASL_SET_CREATE); if (result != SASL_OK) fatal("Error setting password. Do we have write access to sasldb?"); /* cleanup */ sasl_dispose(&saslconn); sasl_done(); } /* * Test the checkpass routine */ void test_checkpass(void) { sasl_conn_t *saslconn; /* try without initializing anything */ if(sasl_checkpass(NULL, username, (unsigned) strlen(username), password, (unsigned) strlen(password)) != SASL_NOTINIT) { fatal("sasl_checkpass() when library not initialized"); } if (sasl_server_init(goodsasl_cb,"TestSuite")!=SASL_OK) fatal("can't sasl_server_init in test_checkpass"); if (sasl_server_new("rcmd", myhostname, NULL, NULL, NULL, NULL, 0, &saslconn) != SASL_OK) fatal("can't sasl_server_new in test_checkpass"); /* make sure works for general case */ if (sasl_checkpass(saslconn, username, (unsigned) strlen(username), password, (unsigned) strlen(password))!=SASL_OK) fatal("sasl_checkpass() failed on simple case"); /* NULL saslconn */ if (sasl_checkpass(NULL, username, (unsigned) strlen(username), password, (unsigned) strlen(password)) == SASL_OK) fatal("Suceeded with NULL saslconn"); /* NULL username -- should be OK if sasl_checkpass enabled */ if (sasl_checkpass(saslconn, NULL, (unsigned) strlen(username), password, (unsigned) strlen(password)) != SASL_OK) fatal("failed check if sasl_checkpass is enabled"); /* NULL password */ if (sasl_checkpass(saslconn, username, (unsigned) strlen(username), NULL, (unsigned) strlen(password)) == SASL_OK) fatal("Suceeded with NULL password"); sasl_dispose(&saslconn); sasl_done(); } void notes(void) { printf("NOTE:\n"); printf("-For KERBEROS_V4 must be able to read srvtab file (usually /etc/srvtab)\n"); printf("-For GSSAPI must be able to read srvtab (/etc/krb5.keytab)\n"); printf("-For both KERBEROS_V4 and GSSAPI you must have non-expired tickets\n"); printf("-For OTP (w/OPIE) must be able to read/write opiekeys (/etc/opiekeys)\n"); printf("-For OTP you must have a non-expired secret\n"); printf("-Must be able to read sasldb, which needs to be setup with a\n"); printf(" username and a password (see top of testsuite.c)\n"); printf("\n\n"); } void usage(void) { printf("Usage:\n" \ " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \ " g -- gssapi service name to use (default: host)\n" \ " r -- # of random tests to do (default: 25)\n" \ " a -- do all corruption tests (and ignores random ones unless -r specified)\n" \ " n -- skip the initial \"do correctly\" tests\n" " h -- show this screen\n" \ " s -- random seed to use\n" \ " M -- detailed memory debugging ON\n" \ ); } int main(int argc, char **argv) { char c; int random_tests = -1; int do_all = 0; int skip_do_correct = 0; unsigned int seed = (unsigned int) time(NULL); #ifdef WIN32 /* initialize winsock */ int result; WSADATA wsaData; result = WSAStartup( MAKEWORD(2, 0), &wsaData ); if ( result != 0) { fatal("Windows sockets initialization failure"); } #endif while ((c = getopt(argc, argv, "Ms:g:r:han")) != EOF) switch (c) { case 'M': DETAILED_MEMORY_DEBUGGING = 1; break; case 's': seed = atoi(optarg); break; case 'g': gssapi_service = optarg; break; case 'r': random_tests = atoi(optarg); break; case 'a': random_tests = 0; do_all = 1; break; case 'n': skip_do_correct = 1; break; case 'h': usage(); exit(0); break; default: usage(); fatal("Invalid parameter\n"); break; } g_secret = malloc(sizeof(sasl_secret_t) + strlen(password)); g_secret->len = (unsigned) strlen(password); strcpy(g_secret->data, password); if(random_tests < 0) random_tests = 25; notes(); init(seed); #if 0 /* Disabled because it is borked */ printf("Creating id's in mechanisms (not in sasldb)...\n"); create_ids(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Creating id's in mechanisms (not in sasldb)... ok\n"); #endif printf("Checking plaintext passwords... "); test_checkpass(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("ok\n"); printf("Random number functions... "); test_random(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("ok\n"); printf("Testing base64 functions... "); test_64(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("ok\n"); printf("Testing auxprop functions... "); test_props(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("ok\n"); printf("Tests of sasl_{server|client}_init()... "); test_init(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("ok\n"); printf("Testing sasl_listmech()... \n"); test_listmech(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Testing sasl_listmech()... ok\n"); printf("Testing serverstart..."); test_serverstart(); if(mem_stat() != SASL_OK) fatal("memory error"); printf("ok\n"); if(!skip_do_correct) { tosend_t tosend; tosend.type = NOTHING; tosend.step = 500; tosend.client_callbacks = client_interactions; printf("Testing client-first/no-server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_clientfirst,&tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of client-first/no-server-last...ok\n"); printf("Testing no-client-first/no-server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_noclientfirst, &tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of no-client-first/no-server-last...ok\n"); printf("Testing no-client-first/server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_noclientfirst_andserverlast, &tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of no-client-first/server-last...ok\n"); printf("Testing client-first/server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_serverlast, &tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of client-first/server-last...ok\n"); tosend.client_callbacks = client_callbacks; printf("-=-=-=-=- And now using the callbacks interface -=-=-=-=-\n"); printf("Testing client-first/no-server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_clientfirst,&tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of client-first/no-server-last...ok\n"); printf("Testing no-client-first/no-server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_noclientfirst, &tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of no-client-first/no-server-last...ok\n"); printf("Testing no-client-first/server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_noclientfirst_andserverlast, &tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of no-client-first/server-last...ok\n"); printf("Testing client-first/server-last correctly...\n"); foreach_mechanism((foreach_t *) &test_serverlast, &tosend); if(mem_stat() != SASL_OK) fatal("memory error"); printf("Test of client-first/server-last...ok\n"); } else { printf("Testing client-first/no-server-last correctly...skipped\n"); printf("Testing no-client-first/no-server-last correctly...skipped\n"); printf("Testing no-client-first/server-last correctly...skipped\n"); printf("Testing client-first/server-last correctly...skipped\n"); printf("Above tests with callbacks interface...skipped\n"); } /* FIXME: do memory tests below here on the things * that are MEANT to fail sometime. */ if(do_all) { printf("All corruption tests...\n"); test_all_corrupt(); printf("All corruption tests... ok\n"); } if(random_tests) { printf("Random corruption tests...\n"); test_rand_corrupt(random_tests); printf("Random tests... ok\n"); } else { printf("Random tests... skipped\n"); } printf("Testing Proxy Policy...\n"); test_proxypolicy(); printf("Tests of Proxy Policy...ok\n"); printf("Testing security layer...\n"); test_seclayer(); printf("Tests of security layer... ok\n"); printf("All tests seemed to go ok (i.e. we didn't crash)\n"); free(g_secret); exit(0); } cyrus-sasl-2.1.25/utils/saslpasswd2.80000646000076400007640000000616011306006127014337 00000000000000.\" saslpasswd.8 -- saslpasswd man page .\" Rob Earhart .\" .\" Copyright (c) 2000 Carnegie Mellon University. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in .\" the documentation and/or other materials provided with the .\" distribution. .\" .\" 3. The name ""Carnegie Mellon University"" must not be used to .\" endorse or promote products derived from this software without .\" prior written permission. For permission or any other legal .\" details, please contact .\" Office of Technology Transfer .\" Carnegie Mellon University .\" 5000 Forbes Avenue .\" Pittsburgh, PA 15213-3890 .\" (412) 268-4387, fax: (412) 268-7395 .\" tech-transfer@andrew.cmu.edu .\" .\" 4. Redistributions of any form whatsoever must retain the following .\" acknowledgment: .\" ""This product includes software developed by Computing Services .\" at Carnegie Mellon University (http://www.cmu.edu/computing/)."" .\" .\" CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO .\" THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY .\" AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE .\" FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .TH SASLPASSWD2 8 "Mar 7, 2005" "CMU SASL" .SH NAME saslpasswd2 \- set a user's sasl password .SH SYNOPSIS .B saslpasswd2 .RB [ -p ] .RB [ -d ] .RB [ -c ] .RB [ -n ] .RB [ -f\ file ] .RB [ -u\ domain ] .RB [ -a\ appname ] .RB [ -v ] .B userid .SH DESCRIPTION .I saslpasswd2 is used by a server administrator to set a user's sasl password for server programs and SASL mechanisms which use the standard libsasl database of user secrets. .SH OPTIONS .TP .B -p Pipe mode \- saslpasswd2 will neither prompt for the password nor verify that it was entered correctly. This is the default when standard input is not a terminal. .TP .B -c Creates an entry for the user if the user doesn't already exist. This is mutually exclusive with the .B -d (delete user) flag. .TP .B -d Deletes the entry for the user. This is mutually exclusive with the .B -c (create user) flag. .TP .B -n Don't set the plaintext \fIuserPassword\fR property for the user. Only mechanism-specific secrets will be set (e.g. OTP, SRP) .TP .B -u domain use .B domain for user domain (realm). .TP .B -f file use .B file for sasldb .TP .B -a appname use .B appname as application name. .TP .B -v Print libsasl2 version number and exit. .SH SEE ALSO sasldblistusers2(8) .TP rfc4422 \- Simple Authentication and Security Layer (SASL) cyrus-sasl-2.1.25/utils/pluginviewer.c0000646000076400007640000005342611630151332014672 00000000000000/* pluginviewer.c -- Plugin Viewer for CMU SASL * Alexey Melnikov, Isode Ltd. * * $Id: pluginviewer.c,v 1.11 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 2004 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef WIN32 # include __declspec(dllimport) char *optarg; __declspec(dllimport) int optind; __declspec(dllimport) int getsubopt(char **optionp, const char * const *tokens, char **valuep); #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #include #ifdef macintosh #include #include #define MAX_ARGC (100) int xxx_main(int argc, char *argv[]); int main(void) { char *argv[MAX_ARGC]; int argc; char line[400]; SIOUXSettings.asktosaveonclose = 0; SIOUXSettings.showstatusline = 1; argc=parse_cmd_line(MAX_ARGC,argv,sizeof(line),line); return xxx_main(argc,argv); } #define main xxx_main #endif #ifdef HAVE_GETOPT_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifndef HAVE_GETSUBOPT int getsubopt(char **optionp, const char * const *tokens, char **valuep); #endif static const char build_ident[] = "$Build: pluginviewer " PACKAGE "-" VERSION " $"; static const char *progname = NULL; /* SASL authentication methods (client or server side). NULL means all. */ static char *sasl_mech = NULL; /* auxprop methods. NULL means all. */ static char *auxprop_mech = NULL; #define N_CALLBACKS (16) #define NOT_NULL (void *) -1 #define SAMPLE_SEC_BUF_SIZE (2048) static const char *bit_subopts[] = { #define OPT_MIN (0) "min", #define OPT_MAX (1) "max", NULL }; static const char *ext_subopts[] = { #define OPT_EXT_SSF (0) "ssf", #define OPT_EXT_ID (1) "id", NULL }; static const char *flag_subopts[] = { #define OPT_NOPLAIN (0) "noplain", #define OPT_NOACTIVE (1) "noactive", #define OPT_NODICT (2) "nodict", #define OPT_FORWARDSEC (3) "forwardsec", #define OPT_NOANONYMOUS (4) "noanonymous", #define OPT_PASSCRED (5) "passcred", NULL }; /* Whitespace separated list of mechanisms to allow (e.g. 'plain otp'). Used to restrict the mechanisms to a subset of the installed plugins. Default: NULL (i.e. all available) */ #define SASL_OPT_MECH_LIST "mech_list" /* Name of canon_user plugin to use, default is "INTERNAL" */ #define SASL_OPT_CANON_USER_PLUGIN "canon_user_plugin" /* Name of auxiliary plugin to use, you may specify a space-separated list of plugin names, and the plugins will be queried in order. Default is NULL (i.e. query all) */ #define SASL_OPT_AUXPROP_PLUGIN "auxprop_plugin" static sasl_conn_t *server_conn = NULL; static sasl_conn_t *client_conn = NULL; static void free_conn(void) { if (server_conn) { sasl_dispose(&server_conn); } if (client_conn) { sasl_dispose(&client_conn); } } static int sasl_my_log(void *context __attribute__((unused)), int priority, const char *message) { const char *label; if (! message) { return SASL_BADPARAM; } switch (priority) { case SASL_LOG_ERR: label = "Error"; break; case SASL_LOG_NOTE: label = "Info"; break; default: label = "Other"; break; } fprintf(stderr, "%s: SASL %s: %s\n", progname, label, message); return SASL_OK; } static int getpath(void *context, const char ** path) { const char *searchpath = (const char *) context; if (! path) { return SASL_BADPARAM; } if (searchpath) { *path = searchpath; } else { *path = PLUGINDIR; } return SASL_OK; } static int plugview_sasl_getopt ( void *context, const char *plugin_name, const char *option, const char **result, unsigned *len ) { if (strcasecmp (option, SASL_OPT_MECH_LIST) == 0) { /* Whitespace separated list of mechanisms to allow (e.g. 'plain otp'). Used to restrict the mechanisms to a subset of the installed plugins. Default: NULL (i.e. all available) */ if (result != NULL) { *result = sasl_mech; } if (len != NULL) { /* This might be NULL, which means "all mechanisms" */ *len = sasl_mech ? strlen(sasl_mech) : 0; } return (SASL_OK); } else { /* Unrecognized */ return (SASL_FAIL); } } static void sasldebug(int why, const char *what, const char *errstr) { fprintf(stderr, "%s: %s: %s", progname, what, sasl_errstring(why, NULL, NULL)); if (errstr) { fprintf(stderr, " (%s)\n", errstr); } else { putc('\n', stderr); } } static void saslfail(int why, const char *what, const char *errstr) { sasldebug(why, what, errstr); free_conn(); /* Call sasl_done twice - one for the client side SASL and one for the server side. */ sasl_done(); sasl_done(); exit(EXIT_FAILURE); } static void fail(const char *what) { fprintf(stderr, "%s: %s\n", progname, what); exit(EXIT_FAILURE); } /* Produce a space separated list of installed mechanisms */ static void list_installed_server_mechanisms ( server_sasl_mechanism_t *m, sasl_info_callback_stage_t stage, void *rock ) { char ** list_of_mechs = (char **) rock; char * new_list; if (stage == SASL_INFO_LIST_START || stage == SASL_INFO_LIST_END) { return; } if (m->plug != NULL) { if (*list_of_mechs == NULL) { *list_of_mechs = strdup(m->plug->mech_name); } else { /* This is suboptimal, but works */ new_list = malloc (strlen(*list_of_mechs) + strlen(m->plug->mech_name) + 2); sprintf (new_list, "%s %s", *list_of_mechs, m->plug->mech_name); free (*list_of_mechs); *list_of_mechs = new_list; } } } /* Produce a space separated list of installed mechanisms */ static void list_installed_client_mechanisms ( client_sasl_mechanism_t *m, sasl_info_callback_stage_t stage, void *rock ) { char ** list_of_mechs = (char **) rock; char * new_list; if (stage == SASL_INFO_LIST_START || stage == SASL_INFO_LIST_END) { return; } if (m->plug != NULL) { if (*list_of_mechs == NULL) { *list_of_mechs = strdup(m->plug->mech_name); } else { /* This is suboptimal, but works */ new_list = malloc (strlen(*list_of_mechs) + strlen(m->plug->mech_name) + 2); sprintf (new_list, "%s %s", *list_of_mechs, m->plug->mech_name); free (*list_of_mechs); *list_of_mechs = new_list; } } } /* Produce a space separated list of installed mechanisms */ static void list_installed_auxprop_mechanisms ( sasl_auxprop_plug_t *m, sasl_info_callback_stage_t stage, void *rock ) { char ** list_of_mechs = (char **) rock; char * new_list; if (stage == SASL_INFO_LIST_START || stage == SASL_INFO_LIST_END) { return; } if (*list_of_mechs == NULL) { *list_of_mechs = strdup(m->name); } else { /* This is suboptimal, but works */ new_list = malloc (strlen(*list_of_mechs) + strlen(m->name) + 2); sprintf (new_list, "%s %s", *list_of_mechs, m->name); free (*list_of_mechs); *list_of_mechs = new_list; } } int main(int argc, char *argv[]) { int c = 0; int errflag = 0; int result; sasl_security_properties_t secprops; sasl_ssf_t extssf = 0; const char *ext_authid = NULL; char *options, *value; const char *available_mechs = NULL; unsigned len; int count; sasl_callback_t callbacks[N_CALLBACKS], *callback; char *searchpath = NULL; char *service = "test"; char * list_of_server_mechs = NULL; char * list_of_client_mechs = NULL; char * list_of_auxprop_mechs = NULL; int list_all_plugins = 1; /* By default we list all plugins */ int list_client_auth_plugins = 0; int list_server_auth_plugins = 0; int list_auxprop_plugins = 0; #ifdef WIN32 /* initialize winsock */ WSADATA wsaData; result = WSAStartup( MAKEWORD(2, 0), &wsaData ); if ( result != 0) { saslfail(SASL_FAIL, "Initializing WinSockets", NULL); } #endif progname = strrchr(argv[0], HIER_DELIMITER); if (progname) { progname++; } else { progname = argv[0]; } /* Init defaults... */ memset(&secprops, 0L, sizeof(secprops)); secprops.maxbufsize = SAMPLE_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; while ((c = getopt(argc, argv, "acshb:e:m:f:p:x:?")) != EOF) switch (c) { case 'a': list_auxprop_plugins = 1; list_all_plugins = 0; break; case 'x': auxprop_mech = optarg; break; case 'c': list_client_auth_plugins = 1; list_all_plugins = 0; break; case 's': list_server_auth_plugins = 1; list_all_plugins = 0; break; case 'b': options = optarg; while (*options != '\0') { switch(getsubopt(&options, (const char * const *)bit_subopts, &value)) { case OPT_MIN: if (! value) { errflag = 1; } else { secprops.min_ssf = atoi(value); } break; case OPT_MAX: if (! value) { errflag = 1; } else { secprops.max_ssf = atoi(value); } break; default: errflag = 1; break; } } break; case 'e': options = optarg; while (*options != '\0') { switch(getsubopt(&options, (const char * const *)ext_subopts, &value)) { case OPT_EXT_SSF: if (! value) { errflag = 1; } else { extssf = atoi(value); } break; case OPT_MAX: if (! value) { errflag = 1; } else { ext_authid = value; } break; default: errflag = 1; break; } } break; case 'm': sasl_mech = optarg; break; case 'f': options = optarg; while (*options != '\0') { switch(getsubopt(&options, (const char * const *)flag_subopts, &value)) { case OPT_NOPLAIN: secprops.security_flags |= SASL_SEC_NOPLAINTEXT; break; case OPT_NOACTIVE: secprops.security_flags |= SASL_SEC_NOACTIVE; break; case OPT_NODICT: secprops.security_flags |= SASL_SEC_NODICTIONARY; break; case OPT_FORWARDSEC: secprops.security_flags |= SASL_SEC_FORWARD_SECRECY; break; case OPT_NOANONYMOUS: secprops.security_flags |= SASL_SEC_NOANONYMOUS; break; case OPT_PASSCRED: secprops.security_flags |= SASL_SEC_PASS_CREDENTIALS; break; default: errflag = 1; break; } if (value) errflag = 1; } break; case 'p': searchpath = optarg; break; default: /* unknown flag */ errflag = 1; break; } if (optind != argc) { /* We don't *have* extra arguments */ errflag = 1; } if (errflag) { fprintf(stderr, "%s: Usage: %s [-a] [-s] [-c] [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECHS] [-x AUXPROP_MECH] [-f FLAGS] [-i local=IP,remote=IP] [-p PATH]\n" "\t-a\tlist auxprop plugins\n" "\t-s\tlist server authentication (SASL) plugins\n" "\t-c\tlist client authentication (SASL) plugins\n" "\t-b ...\t#bits to use for encryption\n" "\t\tmin=N\tminumum #bits to use (1 => integrity)\n" "\t\tmax=N\tmaximum #bits to use\n" "\t-e ...\tassume external encryption\n" "\t\tssf=N\texternal mech provides N bits of encryption\n" "\t\tid=ID\texternal mech provides authentication id ID\n" "\t-m MECHS\tforce to use one of MECHS SASL mechanism\n" "\t-x AUXPROP_MECHS\tforce to use one of AUXPROP_MECHS auxprop plugins\n" "\t-f ...\tset security flags\n" "\t\tnoplain\t\tno plaintext password send during authentication\n" "\t\tnoactive\trequire security vs. active attacks\n" "\t\tnodict\t\trequire security vs. passive dictionary attacks\n" "\t\tforwardsec\trequire forward secrecy\n" "\t\tmaximum\t\trequire all security flags\n" "\t\tpasscred\tattempt to pass client credentials\n" #ifdef WIN32 "\t-p PATH\tsemicolon-separated search path for mechanisms\n", #else "\t-p PATH\tcolon-separated search path for mechanisms\n", #endif progname, progname); exit(EXIT_FAILURE); } /* Fill in the callbacks that we're providing... */ callback = callbacks; /* log */ callback->id = SASL_CB_LOG; callback->proc = (sasl_callback_ft)&sasl_my_log; callback->context = NULL; ++callback; /* getpath */ if (searchpath) { callback->id = SASL_CB_GETPATH; callback->proc = (sasl_callback_ft)&getpath; callback->context = searchpath; ++callback; } /* getopt */ /* NOTE: this will return "sasl_mech" option, however this HAS NO EFFECT on client side SASL plugins, which just never query this option */ callback->id = SASL_CB_GETOPT; callback->proc = (sasl_callback_ft)&plugview_sasl_getopt; callback->context = NULL; ++callback; /* The following callbacks are for a client connection only. We reuse the same callbacks variable and the server side doesn't like proc == NULL. So we just put something there, != NULL! */ callback->id = SASL_CB_AUTHNAME; callback->proc = NOT_NULL; callback->context = NULL; ++callback; callback->id = SASL_CB_PASS; callback->proc = NOT_NULL; callback->context = NULL; ++callback; /* termination */ callback->id = SASL_CB_LIST_END; callback->proc = NULL; callback->context = NULL; ++callback; /* FIXME: In general case this is not going to work of course, as some plugins will need more callbacks then others. */ if (N_CALLBACKS < callback - callbacks) { fail("Out of callback space; recompile with larger N_CALLBACKS"); } result = sasl_client_init(callbacks); if (result != SASL_OK) { saslfail(result, "Initializing client side of libsasl", NULL); } result = sasl_server_init(callbacks, "pluginviewer"); if (result != SASL_OK) { saslfail(result, "Initializing server side of libsasl", NULL); } if (list_all_plugins || list_auxprop_plugins) { list_of_auxprop_mechs = NULL; auxprop_plugin_info (NULL, /* list all auxprop mechanisms */ &list_installed_auxprop_mechanisms, (void *) &list_of_auxprop_mechs); printf ("Installed and properly configured auxprop mechanisms are:\n%s\n", (list_of_auxprop_mechs == NULL) ? "" : list_of_auxprop_mechs); free (list_of_auxprop_mechs); auxprop_plugin_info (auxprop_mech, NULL, NULL); } /* TODO: add listing of canonicalization plugins, if needed. */ if (list_all_plugins || list_server_auth_plugins) { /* SASL server plugins */ /* List all loaded plugins first */ list_of_server_mechs = NULL; sasl_server_plugin_info (NULL, /* list all SASL mechanisms */ &list_installed_server_mechanisms, (void *) &list_of_server_mechs); printf ("Installed and properly configured SASL (server side) mechanisms are:\n %s\n", list_of_server_mechs); free (list_of_server_mechs); /* Now list plugins matching the criteria */ result = sasl_server_new(service, /* Has to be any non NULL value */ "test.example.com", /* localdomain */ NULL, /* userdomain */ NULL, /* iplocal */ NULL, /* ipremote */ NULL, 0, &server_conn); if (result != SASL_OK) { saslfail(result, "Allocating sasl connection state (server side)", NULL); } /* The following two options are required for SASL EXTERNAL */ if (extssf) { result = sasl_setprop(server_conn, SASL_SSF_EXTERNAL, &extssf); if (result != SASL_OK) { saslfail(result, "Setting external SSF", NULL); } } if (ext_authid) { result = sasl_setprop(server_conn, SASL_AUTH_EXTERNAL, &ext_authid); if (result != SASL_OK) { saslfail(result, "Setting external authid", NULL); } } result = sasl_setprop(server_conn, SASL_SEC_PROPS, &secprops); if (result != SASL_OK) { saslfail(result, "Setting security properties", NULL); } /* NOTE - available_mechs must not be freed */ result = sasl_listmech(server_conn, ext_authid, NULL, " ", NULL, &available_mechs, &len, &count); if (result != SASL_OK) { saslfail(result, "Listing SASL mechanisms", NULL); } /* NOTE: available_mechs contains subset of sasl_mech */ if (count > 0) { printf ("Available SASL (server side) mechanisms matching your criteria are:\n %s\n", available_mechs); /* Dump information about the requested SASL mechanism */ sasl_server_plugin_info (available_mechs, NULL, NULL); } else { printf ("No server side SASL mechanisms matching your criteria found\n"); } } if (list_all_plugins || list_client_auth_plugins) { /* SASL client plugins */ /* List all loaded plugins first */ list_of_client_mechs = NULL; sasl_client_plugin_info (NULL, /* list all SASL mechanisms */ &list_installed_client_mechanisms, (void *) &list_of_client_mechs); printf ("Installed and properly configured SASL (client side) mechanisms are:\n %s\n", (list_of_client_mechs != NULL) ? list_of_client_mechs : ""); free (list_of_client_mechs); /* Now list plugins matching the criteria */ result = sasl_client_new(service, /* Has to be any non NULL value */ "test.example.com", /* fqdn */ NULL, /* iplocal */ NULL, /* ipremote */ NULL, 0, &client_conn); if (result != SASL_OK) { saslfail(result, "Allocating sasl connection state (client side)", NULL); } /* The following two options are required for SSF */ if (extssf) { result = sasl_setprop(client_conn, SASL_SSF_EXTERNAL, &extssf); if (result != SASL_OK) { saslfail(result, "Setting external SSF", NULL); } } if (ext_authid) { result = sasl_setprop(client_conn, SASL_AUTH_EXTERNAL, &ext_authid); if (result != SASL_OK) { saslfail(result, "Setting external authid", NULL); } } result = sasl_setprop(client_conn, SASL_SEC_PROPS, &secprops); if (result != SASL_OK) { saslfail(result, "Setting security properties", NULL); } /* NOTE - available_mechs must not be freed */ result = sasl_listmech(client_conn, ext_authid, NULL, " ", NULL, &available_mechs, &len, &count); if (result != SASL_OK) { saslfail(result, "Listing SASL mechanisms", NULL); } if (count > 0) { printf ("Available SASL (client side) mechanisms matching your criteria are:\n %s\n", available_mechs); /* Dump information about the requested SASL mechanism */ sasl_client_plugin_info (sasl_mech, NULL, NULL); } else { printf ("No client side SASL mechanisms matching your criteria found\n"); } } free_conn(); /* Call sasl_done twice - one for the client side SASL and one for the server side. */ sasl_done(); sasl_done(); #ifdef WIN32 WSACleanup(); #endif return (EXIT_SUCCESS); } cyrus-sasl-2.1.25/utils/Makefile.am0000646000076400007640000001001010433135440014022 00000000000000# Makefile.am for the SASL utilities # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer EXTRA_PROGRAMS = saslpasswd2 sasldblistusers2 testsuite testsuitestatic smtptest pluginviewer noinst_PROGRAMS = dbconverter-2 if NO_SASL_DB_MANS man_MANS = else man_MANS = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 endif saslpasswd2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) saslpasswd2_SOURCES = saslpasswd.c sasldblistusers2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) sasldblistusers2_SOURCES = sasldblistusers.c dbconverter_2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) pluginviewer_LDADD = $(all_sasl_libs) pluginviewer_SOURCES = pluginviewer.c testsuite_LDADD = $(all_sasl_libs) @DMALLOC_LIBS@ CLEANFILES=$(EXTRA_PROGRAMS) testsuitestatic_SOURCES = testsuite.c testsuitestatic_LDADD = $(all_sasl_static_libs) @DMALLOC_LIBS@ @SASL_DL_LIB@ testsuitestatic_DEPENDENCIES = ../lib/.libs/libsasl2.a smtptest_SOURCES = smtptest_DEPENDENCIES = ./smtptest.lo ./libsfsasl2.la smtptest_LDADD = ./smtptest.lo ./libsfsasl2.la @SFIO_LIB_FLAGS@ @DMALLOC_LIBS@ $(all_sasl_libs) saslincludedir = $(includedir)/sasl saslinclude_HEADERS = @SASL_UTIL_HEADERS_EXTRA@ EXTRA_HEADERS = sfsasl.h # Note: we explicitly do *not* link to libsfio, as people will need to # link to that anyway if they want to use this. lib_LTLIBRARIES = @SASL_UTIL_LIBS_EXTRA@ EXTRA_LTLIBRARIES = libsfsasl2.la libsfsasl2_la_SOURCES = libsfsasl2_la_LIBADD = sfsasl.lo libsfsasl2_la_LDFLAGS = -version-info 1:0:0 -export-dynamic -rpath $(libdir) INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ EXTRA_DIST = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 sfsasl.h sfsasl.c smtptest.c testsuite.c pluginviewer.c NTMakefile sfsasl.lo: sfsasl.c $(LIBTOOL) --mode=compile $(COMPILE) @SFIO_INC_FLAGS@ -c $(srcdir)/sfsasl.c smtptest.lo: smtptest.c $(LIBTOOL) --mode=compile $(COMPILE) @SFIO_INC_FLAGS@ -c $(srcdir)/smtptest.c cyrus-sasl-2.1.25/utils/saslpasswd.c0000646000076400007640000002765611630151332014344 00000000000000/* saslpasswd.c -- SASL password setting program * Rob Earhart */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifndef WIN32 #include #include /* perror can't be used on Windows system calls, so we define a new macro to underline this */ #define p_oserror(str) perror(str) #else /* WIN32 */ #include #include #include __declspec(dllimport) char *optarg; __declspec(dllimport) int optind; /* perror can't be used on Windows system calls, so we define a new macro to underline this */ void p_oserror (const char *string); #endif /*WIN32*/ #include #include char myhostname[1025]; #define PW_BUF_SIZE 2048 static const char build_ident[] = "$Build: saslpasswd " PACKAGE "-" VERSION " $"; const char *progname = NULL; char *sasldb_path = NULL; #ifdef WIN32 /* This is almost like _plug_get_error_message(), but uses malloc */ char * _get_error_message ( DWORD error ) { char * return_value; LPVOID lpMsgBuf; FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ (LPTSTR) &lpMsgBuf, 0, NULL ); return_value = strdup (lpMsgBuf); LocalFree( lpMsgBuf ); return (return_value); } /* perror() like function that works on OS error codes returned by GetLastError() */ void p_oserror ( const char *message ) { /* Try to match perror() behaviour: string is printed first, followed by a colon, then by the system error message for the last library call that produced the error, and finally by a newline character. If string is a null pointer or a pointer to a null string, perror prints only the system error message. */ if (message && *message) { fprintf (stderr, "%s: %s\n", message, _get_error_message(GetLastError())); } else { fprintf (stderr, "%s\n", _get_error_message(GetLastError())); } } #endif /* WIN32 */ void read_password(const char *prompt, int flag_pipe, char ** password, unsigned *passlen) { char buf[PW_BUF_SIZE]; #ifndef WIN32 struct termios ts, nts; ssize_t n_read; #else HANDLE hStdin; DWORD n_read, fdwMode, fdwOldMode; hStdin = GetStdHandle(STD_INPUT_HANDLE); if (hStdin == INVALID_HANDLE_VALUE) { p_oserror(progname); exit(-(SASL_FAIL)); } #endif /*WIN32*/ if (! flag_pipe) { fputs(prompt, stdout); fflush(stdout); #ifndef WIN32 tcgetattr(STDIN_FILENO, &ts); nts = ts; nts.c_lflag &= ~(ECHO | ECHOE | ECHOK #ifdef ECHOCTL | ECHOCTL #endif #ifdef ECHOPRT | ECHOPRT #endif #ifdef ECHOKE | ECHOKE #endif ); nts.c_lflag |= ICANON | ECHONL; tcsetattr(STDIN_FILENO, TCSAFLUSH, &nts); #else if (! GetConsoleMode(hStdin, &fdwOldMode)) { p_oserror(progname); exit(-(SASL_FAIL)); } fdwMode = fdwOldMode & ~ENABLE_ECHO_INPUT; if (! SetConsoleMode(hStdin, fdwMode)) { p_oserror(progname); exit(-(SASL_FAIL)); } #endif /*WIN32*/ } #ifndef WIN32 n_read = read(STDIN_FILENO, buf, PW_BUF_SIZE); if (n_read < 0) { #else if (! ReadFile(hStdin, buf, PW_BUF_SIZE, &n_read, NULL)) { #endif /*WIN32*/ p_oserror(progname); exit(-(SASL_FAIL)); } if (! flag_pipe) { #ifndef WIN32 tcsetattr(STDIN_FILENO, TCSANOW, &ts); if (0 < n_read && buf[n_read - 1] != '\n') { /* if we didn't end with a \n, echo one */ putchar('\n'); fflush(stdout); } #else SetConsoleMode(hStdin, fdwOldMode); putchar('\n'); fflush(stdout); #endif /*WIN32*/ } if (0 < n_read && buf[n_read - 1] == '\n') /* if we ended with a \n */ n_read--; /* remove it */ #ifdef WIN32 /*WIN32 will have a CR in the buffer also*/ if (0 < n_read && buf[n_read - 1] == '\r') /* if we ended with a \r */ n_read--; /* remove it */ #endif /*WIN32*/ *password = malloc(n_read + 1); if (! *password) { /* Can use perror() here even on Windows, as malloc is in std C library */ perror(progname); exit(-(SASL_FAIL)); } memcpy(*password, buf, n_read); (*password)[n_read] = '\0'; /* be nice... */ *passlen = n_read; } void exit_sasl(int result, const char *errstr) __attribute__((noreturn)); void exit_sasl(int result, const char *errstr) { (void)fprintf(stderr, errstr ? "%s: %s: %s\n" : "%s: %s\n", progname, sasl_errstring(result, NULL, NULL), errstr); exit(result < 0 ? -result : result); } int good_getopt(void *context __attribute__((unused)), const char *plugin_name __attribute__((unused)), const char *option, const char **result, unsigned *len) { if (sasldb_path && !strcmp(option, "sasldb_path")) { *result = sasldb_path; if (len) *len = (unsigned) strlen(sasldb_path); return SASL_OK; } return SASL_FAIL; } static struct sasl_callback goodsasl_cb[] = { { SASL_CB_GETOPT, (sasl_callback_ft)&good_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int main(int argc, char *argv[]) { int flag_pipe = 0, flag_create = 0, flag_disable = 0, flag_error = 0; int flag_nouserpass = 0; int c; char *userid; char *password = NULL; char *verify; unsigned passlen = 0; unsigned verifylen; const char *errstr = NULL; int result; sasl_conn_t *conn; char *user_domain = NULL; char *appname = "saslpasswd"; const char *sasl_implementation; int libsasl_version; int libsasl_major; int libsasl_minor; int libsasl_step; #ifdef WIN32 /* initialize winsock */ WSADATA wsaData; result = WSAStartup( MAKEWORD(2, 0), &wsaData ); if ( result != 0) { exit_sasl(SASL_FAIL, "WSAStartup"); } #endif memset(myhostname, 0, sizeof(myhostname)); result = gethostname(myhostname, sizeof(myhostname)-1); if (result == -1) exit_sasl(SASL_FAIL, "gethostname"); if (! argv[0]) progname = "saslpasswd"; else { progname = strrchr(argv[0], HIER_DELIMITER); if (progname) progname++; else progname = argv[0]; } while ((c = getopt(argc, argv, "vpcdnf:u:a:h?")) != EOF) switch (c) { case 'p': flag_pipe = 1; break; case 'c': if (flag_disable) flag_error = 1; else flag_create = 1; break; case 'd': if (flag_create) flag_error = 1; else flag_disable = 1; break; case 'n': flag_nouserpass = 1; break; case 'u': user_domain = optarg; break; case 'f': sasldb_path = optarg; break; case 'a': appname = optarg; if (strchr(optarg, '/') != NULL) { (void)fprintf(stderr, "appname must not contain /\n"); exit(-(SASL_FAIL)); } break; case 'v': sasl_version (&sasl_implementation, &libsasl_version); libsasl_major = libsasl_version >> 24; libsasl_minor = (libsasl_version >> 16) & 0xFF; libsasl_step = libsasl_version & 0xFFFF; (void)fprintf(stderr, "\nThis product includes software developed by Computing Services\n" "at Carnegie Mellon University (http://www.cmu.edu/computing/).\n\n" "Built against SASL API version %u.%u.%u\n" "LibSasl version %u.%u.%u by \"%s\"\n", SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP, libsasl_major, libsasl_minor, libsasl_step, sasl_implementation); exit(0); break; default: flag_error = 1; break; } if (optind != argc - 1) flag_error = 1; if (flag_error) { (void)fprintf(stderr, "\nThis product includes software developed by Computing Services\n" "at Carnegie Mellon University (http://www.cmu.edu/computing/).\n\n" "%s: usage: %s [-v] [-c [-p] [-n]] [-d] [-a appname] [-f sasldb] [-u DOM] userid\n" "\t-p\tpipe mode -- no prompt, password read on stdin\n" "\t-c\tcreate -- ask mechs to create the account\n" "\t-d\tdisable -- ask mechs to disable/delete the account\n" "\t-n\tno userPassword -- don't set plaintext userPassword property\n" "\t \t (only set mechanism-specific secrets)\n" "\t-f sasldb\tuse given file as sasldb\n" "\t-a appname\tuse appname as application name\n" "\t-u DOM\tuse DOM for user domain\n" "\t-v\tprint version numbers and exit\n", progname, progname); exit(-(SASL_FAIL)); } userid = argv[optind]; result = sasl_server_init(goodsasl_cb, appname); if (result != SASL_OK) exit_sasl(result, NULL); result = sasl_server_new("sasldb", myhostname, user_domain, NULL, NULL, NULL, 0, &conn); if (result != SASL_OK) exit_sasl(result, NULL); #ifndef WIN32 if (! flag_pipe && ! isatty(STDIN_FILENO)) flag_pipe = 1; #endif /*WIN32*/ if (!flag_disable) { read_password("Password: ", flag_pipe, &password, &passlen); if (! flag_pipe) { read_password("Again (for verification): ", flag_pipe, &verify, &verifylen); if (passlen != verifylen || memcmp(password, verify, verifylen)) { fprintf(stderr, "%s: passwords don't match; aborting\n", progname); exit(-(SASL_BADPARAM)); } } } result = sasl_setpass(conn, userid, password, passlen, NULL, 0, (flag_create ? SASL_SET_CREATE : 0) | (flag_disable ? SASL_SET_DISABLE : 0) | (flag_nouserpass ? SASL_SET_NOPLAIN : 0)); if (result != SASL_OK && !flag_disable) exit_sasl(result, NULL); else { struct propctx *propctx = NULL; const char *delete_request[] = { "cmusaslsecretCRAM-MD5", "cmusaslsecretDIGEST-MD5", "cmusaslsecretPLAIN", NULL }; int ret = SASL_OK; /* Either we were setting and succeeded or we were disabling and failed. In either case, we want to wipe old entries */ /* Delete the possibly old entries */ /* We don't care if these fail */ propctx = prop_new(0); if (!propctx) ret = SASL_FAIL; if (!ret) ret = prop_request(propctx, delete_request); if (!ret) { ret = prop_set(propctx, "cmusaslsecretCRAM-MD5", NULL, 0); ret = prop_set(propctx, "cmusaslsecretDIGEST-MD5", NULL, 0); ret = prop_set(propctx, "cmusaslsecretPLAIN", NULL, 0); ret = sasl_auxprop_store(conn, propctx, userid); } if (propctx) prop_dispose(&propctx); } if (result != SASL_OK) /* errstr is currently always NULL */ exit_sasl(result, errstr); sasl_dispose(&conn); sasl_done(); return 0; } cyrus-sasl-2.1.25/utils/Makefile.in0000666000076400007640000007554311631670664014100 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the SASL utilities # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ \ pluginviewer$(EXEEXT) EXTRA_PROGRAMS = saslpasswd2$(EXEEXT) sasldblistusers2$(EXEEXT) \ testsuite$(EXEEXT) testsuitestatic$(EXEEXT) smtptest$(EXEEXT) \ pluginviewer$(EXEEXT) noinst_PROGRAMS = dbconverter-2$(EXEEXT) subdir = utils DIST_COMMON = $(saslinclude_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(saslincludedir)" LTLIBRARIES = $(lib_LTLIBRARIES) libsfsasl2_la_DEPENDENCIES = sfsasl.lo am_libsfsasl2_la_OBJECTS = libsfsasl2_la_OBJECTS = $(am_libsfsasl2_la_OBJECTS) libsfsasl2_la_LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsfsasl2_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) dbconverter_2_SOURCES = dbconverter-2.c dbconverter_2_OBJECTS = dbconverter-2.$(OBJEXT) am__DEPENDENCIES_1 = am__DEPENDENCIES_2 = ../lib/libsasl2.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) dbconverter_2_DEPENDENCIES = ../sasldb/libsasldb.la \ $(am__DEPENDENCIES_2) am_pluginviewer_OBJECTS = pluginviewer.$(OBJEXT) pluginviewer_OBJECTS = $(am_pluginviewer_OBJECTS) pluginviewer_DEPENDENCIES = $(am__DEPENDENCIES_2) am_sasldblistusers2_OBJECTS = sasldblistusers.$(OBJEXT) sasldblistusers2_OBJECTS = $(am_sasldblistusers2_OBJECTS) sasldblistusers2_DEPENDENCIES = ../sasldb/libsasldb.la \ $(am__DEPENDENCIES_2) am_saslpasswd2_OBJECTS = saslpasswd.$(OBJEXT) saslpasswd2_OBJECTS = $(am_saslpasswd2_OBJECTS) saslpasswd2_DEPENDENCIES = ../sasldb/libsasldb.la \ $(am__DEPENDENCIES_2) am_smtptest_OBJECTS = smtptest_OBJECTS = $(am_smtptest_OBJECTS) testsuite_SOURCES = testsuite.c testsuite_OBJECTS = testsuite.$(OBJEXT) testsuite_DEPENDENCIES = $(am__DEPENDENCIES_2) am_testsuitestatic_OBJECTS = testsuite.$(OBJEXT) testsuitestatic_OBJECTS = $(am_testsuitestatic_OBJECTS) am__DEPENDENCIES_3 = ../lib/.libs/libsasl2.a $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libsfsasl2_la_SOURCES) dbconverter-2.c \ $(pluginviewer_SOURCES) $(sasldblistusers2_SOURCES) \ $(saslpasswd2_SOURCES) $(smtptest_SOURCES) testsuite.c \ $(testsuitestatic_SOURCES) DIST_SOURCES = $(libsfsasl2_la_SOURCES) dbconverter-2.c \ $(pluginviewer_SOURCES) $(sasldblistusers2_SOURCES) \ $(saslpasswd2_SOURCES) $(smtptest_SOURCES) testsuite.c \ $(testsuitestatic_SOURCES) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) HEADERS = $(saslinclude_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) @NO_SASL_DB_MANS_FALSE@man_MANS = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 @NO_SASL_DB_MANS_TRUE@man_MANS = saslpasswd2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) saslpasswd2_SOURCES = saslpasswd.c sasldblistusers2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) sasldblistusers2_SOURCES = sasldblistusers.c dbconverter_2_LDADD = ../sasldb/libsasldb.la $(all_sasl_libs) pluginviewer_LDADD = $(all_sasl_libs) pluginviewer_SOURCES = pluginviewer.c testsuite_LDADD = $(all_sasl_libs) @DMALLOC_LIBS@ CLEANFILES = $(EXTRA_PROGRAMS) testsuitestatic_SOURCES = testsuite.c testsuitestatic_LDADD = $(all_sasl_static_libs) @DMALLOC_LIBS@ @SASL_DL_LIB@ testsuitestatic_DEPENDENCIES = ../lib/.libs/libsasl2.a smtptest_SOURCES = smtptest_DEPENDENCIES = ./smtptest.lo ./libsfsasl2.la smtptest_LDADD = ./smtptest.lo ./libsfsasl2.la @SFIO_LIB_FLAGS@ @DMALLOC_LIBS@ $(all_sasl_libs) saslincludedir = $(includedir)/sasl saslinclude_HEADERS = @SASL_UTIL_HEADERS_EXTRA@ EXTRA_HEADERS = sfsasl.h # Note: we explicitly do *not* link to libsfio, as people will need to # link to that anyway if they want to use this. lib_LTLIBRARIES = @SASL_UTIL_LIBS_EXTRA@ EXTRA_LTLIBRARIES = libsfsasl2.la libsfsasl2_la_SOURCES = libsfsasl2_la_LIBADD = sfsasl.lo libsfsasl2_la_LDFLAGS = -version-info 1:0:0 -export-dynamic -rpath $(libdir) INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ EXTRA_DIST = saslpasswd2.8 sasldblistusers2.8 pluginviewer.8 sfsasl.h sfsasl.c smtptest.c testsuite.c pluginviewer.c NTMakefile all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu utils/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu utils/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libsfsasl2.la: $(libsfsasl2_la_OBJECTS) $(libsfsasl2_la_DEPENDENCIES) $(libsfsasl2_la_LINK) $(libsfsasl2_la_OBJECTS) $(libsfsasl2_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list dbconverter-2$(EXEEXT): $(dbconverter_2_OBJECTS) $(dbconverter_2_DEPENDENCIES) @rm -f dbconverter-2$(EXEEXT) $(LINK) $(dbconverter_2_OBJECTS) $(dbconverter_2_LDADD) $(LIBS) pluginviewer$(EXEEXT): $(pluginviewer_OBJECTS) $(pluginviewer_DEPENDENCIES) @rm -f pluginviewer$(EXEEXT) $(LINK) $(pluginviewer_OBJECTS) $(pluginviewer_LDADD) $(LIBS) sasldblistusers2$(EXEEXT): $(sasldblistusers2_OBJECTS) $(sasldblistusers2_DEPENDENCIES) @rm -f sasldblistusers2$(EXEEXT) $(LINK) $(sasldblistusers2_OBJECTS) $(sasldblistusers2_LDADD) $(LIBS) saslpasswd2$(EXEEXT): $(saslpasswd2_OBJECTS) $(saslpasswd2_DEPENDENCIES) @rm -f saslpasswd2$(EXEEXT) $(LINK) $(saslpasswd2_OBJECTS) $(saslpasswd2_LDADD) $(LIBS) smtptest$(EXEEXT): $(smtptest_OBJECTS) $(smtptest_DEPENDENCIES) @rm -f smtptest$(EXEEXT) $(LINK) $(smtptest_OBJECTS) $(smtptest_LDADD) $(LIBS) testsuite$(EXEEXT): $(testsuite_OBJECTS) $(testsuite_DEPENDENCIES) @rm -f testsuite$(EXEEXT) $(LINK) $(testsuite_OBJECTS) $(testsuite_LDADD) $(LIBS) testsuitestatic$(EXEEXT): $(testsuitestatic_OBJECTS) $(testsuitestatic_DEPENDENCIES) @rm -f testsuitestatic$(EXEEXT) $(LINK) $(testsuitestatic_OBJECTS) $(testsuitestatic_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dbconverter-2.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pluginviewer.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sasldblistusers.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/saslpasswd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testsuite.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-saslincludeHEADERS: $(saslinclude_HEADERS) @$(NORMAL_INSTALL) test -z "$(saslincludedir)" || $(MKDIR_P) "$(DESTDIR)$(saslincludedir)" @list='$(saslinclude_HEADERS)'; test -n "$(saslincludedir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(saslincludedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(saslincludedir)" || exit $$?; \ done uninstall-saslincludeHEADERS: @$(NORMAL_UNINSTALL) @list='$(saslinclude_HEADERS)'; test -n "$(saslincludedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(saslincludedir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(saslincludedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(saslincludedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ clean-noinstPROGRAMS clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-saslincludeHEADERS install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES install-sbinPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-libLTLIBRARIES uninstall-man \ uninstall-saslincludeHEADERS uninstall-sbinPROGRAMS uninstall-man: uninstall-man8 .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ clean-sbinPROGRAMS ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-libLTLIBRARIES \ install-man install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-saslincludeHEADERS install-sbinPROGRAMS \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am \ uninstall-libLTLIBRARIES uninstall-man uninstall-man8 \ uninstall-saslincludeHEADERS uninstall-sbinPROGRAMS sfsasl.lo: sfsasl.c $(LIBTOOL) --mode=compile $(COMPILE) @SFIO_INC_FLAGS@ -c $(srcdir)/sfsasl.c smtptest.lo: smtptest.c $(LIBTOOL) --mode=compile $(COMPILE) @SFIO_INC_FLAGS@ -c $(srcdir)/smtptest.c # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/win32/0000777000076400007640000000000011632367343011675 500000000000000cyrus-sasl-2.1.25/win32/.#common.mak.1.210000646000076400007640000001252311631154731014273 00000000000000#Can this be autogenerated? #Keep in sync with include/sasl.h and win32/include/config.h SASL_VERSION_MAJOR=2 SASL_VERSION_MINOR=1 SASL_VERSION_STEP=25 !IF "$(STATIC)" == "" STATIC=yes !ENDIF # Uncomment the following line, if you want to use Visual Studio 6 #VCVER=6 # Use in Visual Studio 6 & 7: #EXCEPTHANDLING=/GX # Use in Visual Studio 8: EXCEPTHANDLING=/EHsc # Define compiler/linker/etc. CPP=cl.exe /nologo LINK32=link.exe /nologo LINK32DLL=$(LINK32) /dll LINK32EXE=$(LINK32) # It seems that -lib must be the first parameter LINK32LIB=link.exe /lib /nologo SYS_LIBS=ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib !IF "$(BITS)" == "64" SYS_LIBS=$(SYS_LIBS) bufferoverflowU.lib !ENDIF # Define the minimal Windows OS you want to run on:40 (NT), 50 (W2K), 51 (XP) # Default is no restrictions. Currently we only check for 51 or later. #TARGET_WIN_SYSTEM=51 !IF "$(TARGET_WIN_SYSTEM)" == "" !IF "$(VERBOSE)" != "0" !MESSAGE Applications and libraries should run on any Win32 system. !ENDIF TARGET_WIN_SYSTEM=0 !ENDIF # prefix variable is currently only being used by install target !IF "$(prefix)" == "" prefix=C:\CMU !IF "$(VERBOSE)" != "0" !MESSAGE Default installation directory is $(prefix). !ENDIF !ENDIF !IF "$(CFG)" == "" CFG=Release !IF "$(VERBOSE)" != "0" !MESSAGE No configuration specified. Defaulting to $(CFG). !ENDIF !ENDIF !IF "$(DB_LIB)" == "" DB_LIB=libdb41s.lib !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat library name to $(DB_LIB). !ENDIF !ENDIF !IF "$(DB_INCLUDE)" == "" DB_INCLUDE=c:\work\isode\db\build_win32 !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat include path to $(DB_INCLUDE). !ENDIF !ENDIF !IF "$(DB_LIBPATH)" == "" DB_LIBPATH=c:\work\isode\db\build_win32\Release_static !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat library path to $(DB_LIBPATH). !ENDIF !ENDIF !IF "$(OPENSSL_INCLUDE)" == "" OPENSSL_INCLUDE="D:\openssl\engine-0.9.6g-md3\include" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting OpenSSL Include path to $(OPENSSL_INCLUDE). !ENDIF !ENDIF !IF "$(OPENSSL_LIBPATH)" == "" OPENSSL_LIBPATH="D:\openssl\engine-0.9.6g-md3\lib" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting OpenSSL library path to $(OPENSSL_LIBPATH). !ENDIF !ENDIF !IF "$(GSSAPI_INCLUDE)" == "" GSSAPI_INCLUDE="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\include" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting GSSAPI Include path to $(GSSAPI_INCLUDE). !ENDIF !ENDIF !IF "$(GSSAPI_LIBPATH)" == "" GSSAPI_LIBPATH="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\lib" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting GSSAPI library path to $(GSSAPI_LIBPATH). !ENDIF !ENDIF !IF "$(SQLITE_INCLUDE)" == "" SQLITE_INCLUDES=/I"C:\work\open_source\sqllite\sqlite\src" /I"C:\work\open_source\sqllite\sqlite\win32" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE_INCLUDES includes to $(SQLITE_INCLUDES). !ENDIF !ENDIF !IF "$(SQLITE_LIBPATH)" == "" SQLITE_LIBPATH="C:\work\open_source\sqllite\sqlite\objs" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH). !ENDIF !ENDIF !IF "$(SQLITE_INCLUDE3)" == "" SQLITE_INCLUDES3=/I"c:\work\sqlite\generated" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE_INCLUDES3 includes to $(SQLITE_INCLUDES3). !ENDIF !ENDIF !IF "$(SQLITE_LIBPATH3)" == "" SQLITE_LIBPATH3="c:\work\sqlite\objs.NT" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH3). !ENDIF !ENDIF !IF "$(LDAP_LIB_BASE)" == "" LDAP_LIB_BASE = c:\work\open_source\openldap\openldap-head\ldap\Debug !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting LDAP library path to $(LDAP_LIB_BASE). !ENDIF !ENDIF !IF "$(LDAP_INCLUDE)" == "" LDAP_INCLUDE = c:\work\open_source\openldap\openldap-head\ldap\include !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting LDAP include path to $(LDAP_INCLUDE). !ENDIF !ENDIF !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF !IF "$(CFG)" == "Release" !IF "$(CODEGEN)" == "" !IF "$(STATIC)" == "yes" CODEGEN=/MT !ELSE CODEGEN=/MD !ENDIF !IF "$(VERBOSE)" != "0" !MESSAGE Codegeneration defaulting to $(CODEGEN). !ENDIF !ENDIF !IF "$(VCVER)" != "6" ENABLE_WIN64_WARNINGS=/Wp64 !ENDIF CPP_PROJ= $(CODEGEN) /W3 $(EXCEPTHANDLING) /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c incremental=no # This use to contain /machine:I386. This breaks cross compiling to Windows 64. # It doesn't seem that the /machine option is needed anyway. LINK32_FLAGS=/debug !ELSEIF "$(CFG)" == "Debug" !IF "$(CODEGEN)" == "" !IF "$(STATIC)" == "yes" CODEGEN=/MTd !ELSE CODEGEN=/MDd !ENDIF !IF "$(VERBOSE)" != "0" !MESSAGE Codegeneration defaulting to $(CODEGEN). !ENDIF !ENDIF CPP_PROJ=$(CODEGEN) /W3 /Gm $(EXCEPTHANDLING) /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c incremental=yes # This use to contain /machine:I386. This breaks cross compiling to Windows 64. # It doesn't seem that the /machine option is needed anyway. LINK32_FLAGS=/debug /pdbtype:sept !ENDIF LINK32DLL_FLAGS=/incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) # Assume we are only building console applications LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) # Assume we are only building console applications LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) LINK32LIB_FLAGS=$(LINK32_FLAGS) cyrus-sasl-2.1.25/win32/include/0000777000076400007640000000000011632367343013320 500000000000000cyrus-sasl-2.1.25/win32/include/md5global.h0000666000076400007640000000202507567240106015255 00000000000000/* GLOBAL.H - RSAREF types and constants */ #ifndef MD5GLOBAL_H #define MD5GLOBAL_H /* PROTOTYPES should be set to one if and only if the compiler supports function argument prototyping. The following makes PROTOTYPES default to 0 if it has not already been defined with C compiler flags. */ #ifndef PROTOTYPES #define PROTOTYPES 0 #endif /* POINTER defines a generic pointer type */ typedef unsigned char *POINTER; typedef signed char INT1; /* 8 bits */ typedef short INT2; /* 16 bits */ typedef int INT4; /* 32 bits */ /* There is no 64 bit type */ typedef unsigned char UINT1; /* 8 bits */ typedef unsigned short UINT2; /* 16 bits */ typedef unsigned int UINT4; /* 32 bits */ /* There is no 64 bit type */ /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it returns an empty list. */ #if PROTOTYPES #define PROTO_LIST(list) list #else #define PROTO_LIST(list) () #endif #endif /* MD5GLOBAL_H */ cyrus-sasl-2.1.25/win32/include/.cvsignore0000666000076400007640000000005107276043736015242 00000000000000Makefile.in Makefile .deps .libs *.l[ao] cyrus-sasl-2.1.25/win32/include/NTMakefile0000666000076400007640000000474607752546256015167 00000000000000# NTMakefile for SASL, win32\include directory # Alexey Melnikov # ################################################################ # Copyright (c) 2003 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ #Suppress verbose output from defaulting values VERBOSE=0 !INCLUDE ..\common.mak includedir = $(prefix)\include saslincludedir = $(includedir)\sasl\ saslinclude_HEADERS = md5global.h # The first target get executed by default. We don't want this to be "install" all: @echo Nothing to be done for $@ # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # install: $(saslinclude_HEADERS) !xcopy md5global*.h $(saslincludedir) /I /F /Y !xcopy $? $(saslincludedir) /I /F /Y cyrus-sasl-2.1.25/win32/include/config.h0000646000076400007640000001347411630174034014654 00000000000000/* config.h--SASL configuration for win32 * Ryan Troll */ /* * Copyright (c) 1998-2004 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef CONFIG_H #define CONFIG_H #include /* winsock2 includes windows.h. Note that we can't include both winsock.h and winsock2.h as they conflict */ #include /* Our package */ #define PACKAGE "cyrus-sasl" /* Our version */ #define VERSION "2.1.25" /* Visual Studio supports prototypes */ #define PROTOTYPES 1 #ifndef HAVE_CADDR_T #ifndef caddr_t typedef unsigned char *caddr_t; #define HAVE_CADDR_T 1 #endif #endif #ifndef _INTPTR_T_DEFINED #ifdef _WIN64 typedef __int64 intptr_t; #else typedef int intptr_t; #endif #endif /* Registry key that contains the locations of the plugins */ #define SASL_ROOT_KEY "SOFTWARE\\Carnegie Mellon\\Project Cyrus\\SASL Library" #define SASL_PLUGIN_PATH_ATTR "SearchPath" #define SASL_CONF_PATH_ATTR "ConfFile" /* : This should probably be replaced with a call to a function : that gets the proper value from Registry */ #define SASL_DB_PATH "c:\\CMU\\sasldb2" /* what db package are we using? */ /* #undef SASL_GDBM */ /* #undef SASL_NDBM */ #define SASL_BERKELEYDB 1 /* which mechs can we link staticly? */ #define STATIC_ANONYMOUS 1 #define STATIC_CRAMMD5 1 #define STATIC_DIGESTMD5 1 #define STATIC_SCRAM 1 #define STATIC_GSSAPIV2 1 /* #undef STATIC_KERBEROS4 */ #define STATIC_LOGIN 1 /* #undef STATIC_MYSQL */ #define STATIC_OTP 1 #define STATIC_PLAIN 1 #define STATIC_SASLDB 1 #define STATIC_SRP 1 /* ------------------------------------------------------------ */ /* Things that are fetched via autoconf under Unix */ #define HAVE_MEMCPY 1 #define PLUGINDIR "C:\\CMU\\bin\\sasl2" #define CONFIGDIR "C:\\CMU\\bin\\sasl2" /* Windows calls these functions something else */ #define strcasecmp stricmp #define snprintf _snprintf #define strncasecmp strnicmp #define MAXHOSTNAMELEN 1024 /* ------------------------------------------------------------ */ #define WITHOUT_NANA #define L_DEFAULT_GUARD (0) #define I_DEFAULT_GUARD (0) #define I(foo) #define VL(foo) printf foo; #define VLP(foo,bar) /* we're not gcc */ #define __attribute__(foo) /* : Same as in tpipv6.h */ #ifndef HAVE_SOCKLEN_T typedef int socklen_t; #endif /* HAVE_SOCKLEN_T */ /* If we expect to run on XP and later, we have IPv6 support natively */ #if TARGET_WIN_SYSTEM >= 51 #if !defined(_WIN32_WINNT) /* This forces the inclusion of OS supported functions, with no fallback */ #define _WIN32_WINNT 0x0510 #endif #endif #if defined(_MSC_VER) && (_MSC_VER >= 1300) /* The following two defines will prevent our own definitions below */ #define HAVE_GETADDRINFO #define HAVE_GETNAMEINFO #define HAVE_STRUCT_SOCKADDR_STORAGE /* Unless _WIN32_WINNT > 0x0500, Ws2tcpip.h will try to find OS provided getaddrinfo at runtime. It will fallback to Microsoft emulation, if not found */ #include #endif #if !defined(HAVE_STRUCT_SOCKADDR_STORAGE) && !defined(_SS_MAXSIZE) #define _SS_MAXSIZE 128 /* Implementation specific max size */ #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { struct sockaddr ss_sa; char __ss_pad2[_SS_PADSIZE]; }; # define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #ifndef AF_INET6 /* Define it to something that should never appear */ #define AF_INET6 AF_MAX #endif #ifndef HAVE_GETADDRINFO #define getaddrinfo sasl_getaddrinfo #define freeaddrinfo sasl_freeaddrinfo #define gai_strerror sasl_gai_strerror #endif #ifndef HAVE_GETNAMEINFO #define getnameinfo sasl_getnameinfo #endif #if !defined(HAVE_GETNAMEINFO) || !defined(HAVE_GETADDRINFO) #include "gai.h" #endif #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ #define AI_NUMERICHOST 4 #define NI_NUMERICHOST 2 #define NI_NAMEREQD 4 #define NI_NUMERICSERV 8 #endif #include /* Keep in sync with SleepyCat definitions */ typedef int int32_t; typedef __int64 int64_t; #ifdef _WIN64 typedef int64_t ssize_t; #else typedef int32_t ssize_t; #endif #define HIER_DELIMITER '\\' #ifndef sleep #define sleep(seconds) plug_sleep(seconds) unsigned int plug_sleep(unsigned int seconds); #endif #endif /* CONFIG_H */ cyrus-sasl-2.1.25/win32/common.mak0000666000076400007640000001252311631664417013603 00000000000000#Can this be autogenerated? #Keep in sync with include/sasl.h and win32/include/config.h SASL_VERSION_MAJOR=2 SASL_VERSION_MINOR=1 SASL_VERSION_STEP=25 !IF "$(STATIC)" == "" STATIC=yes !ENDIF # Uncomment the following line, if you want to use Visual Studio 6 #VCVER=6 # Use in Visual Studio 6 & 7: #EXCEPTHANDLING=/GX # Use in Visual Studio 8: EXCEPTHANDLING=/EHsc # Define compiler/linker/etc. CPP=cl.exe /nologo LINK32=link.exe /nologo LINK32DLL=$(LINK32) /dll LINK32EXE=$(LINK32) # It seems that -lib must be the first parameter LINK32LIB=link.exe /lib /nologo SYS_LIBS=ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib !IF "$(BITS)" == "64" SYS_LIBS=$(SYS_LIBS) bufferoverflowU.lib !ENDIF # Define the minimal Windows OS you want to run on:40 (NT), 50 (W2K), 51 (XP) # Default is no restrictions. Currently we only check for 51 or later. #TARGET_WIN_SYSTEM=51 !IF "$(TARGET_WIN_SYSTEM)" == "" !IF "$(VERBOSE)" != "0" !MESSAGE Applications and libraries should run on any Win32 system. !ENDIF TARGET_WIN_SYSTEM=0 !ENDIF # prefix variable is currently only being used by install target !IF "$(prefix)" == "" prefix=C:\CMU !IF "$(VERBOSE)" != "0" !MESSAGE Default installation directory is $(prefix). !ENDIF !ENDIF !IF "$(CFG)" == "" CFG=Release !IF "$(VERBOSE)" != "0" !MESSAGE No configuration specified. Defaulting to $(CFG). !ENDIF !ENDIF !IF "$(DB_LIB)" == "" DB_LIB=libdb41s.lib !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat library name to $(DB_LIB). !ENDIF !ENDIF !IF "$(DB_INCLUDE)" == "" DB_INCLUDE=c:\work\isode\db\build_win32 !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat include path to $(DB_INCLUDE). !ENDIF !ENDIF !IF "$(DB_LIBPATH)" == "" DB_LIBPATH=c:\work\isode\db\build_win32\Release_static !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat library path to $(DB_LIBPATH). !ENDIF !ENDIF !IF "$(OPENSSL_INCLUDE)" == "" OPENSSL_INCLUDE="D:\openssl\engine-0.9.6g-md3\include" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting OpenSSL Include path to $(OPENSSL_INCLUDE). !ENDIF !ENDIF !IF "$(OPENSSL_LIBPATH)" == "" OPENSSL_LIBPATH="D:\openssl\engine-0.9.6g-md3\lib" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting OpenSSL library path to $(OPENSSL_LIBPATH). !ENDIF !ENDIF !IF "$(GSSAPI_INCLUDE)" == "" GSSAPI_INCLUDE="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\include" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting GSSAPI Include path to $(GSSAPI_INCLUDE). !ENDIF !ENDIF !IF "$(GSSAPI_LIBPATH)" == "" GSSAPI_LIBPATH="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\lib" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting GSSAPI library path to $(GSSAPI_LIBPATH). !ENDIF !ENDIF !IF "$(SQLITE_INCLUDE)" == "" SQLITE_INCLUDES=/I"C:\work\open_source\sqllite\sqlite\src" /I"C:\work\open_source\sqllite\sqlite\win32" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE_INCLUDES includes to $(SQLITE_INCLUDES). !ENDIF !ENDIF !IF "$(SQLITE_LIBPATH)" == "" SQLITE_LIBPATH="C:\work\open_source\sqllite\sqlite\objs" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH). !ENDIF !ENDIF !IF "$(SQLITE_INCLUDE3)" == "" SQLITE_INCLUDES3=/I"c:\work\sqlite\generated" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE_INCLUDES3 includes to $(SQLITE_INCLUDES3). !ENDIF !ENDIF !IF "$(SQLITE_LIBPATH3)" == "" SQLITE_LIBPATH3="c:\work\sqlite\objs.NT" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH3). !ENDIF !ENDIF !IF "$(LDAP_LIB_BASE)" == "" LDAP_LIB_BASE = c:\work\open_source\openldap\openldap-head\ldap\Debug !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting LDAP library path to $(LDAP_LIB_BASE). !ENDIF !ENDIF !IF "$(LDAP_INCLUDE)" == "" LDAP_INCLUDE = c:\work\open_source\openldap\openldap-head\ldap\include !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting LDAP include path to $(LDAP_INCLUDE). !ENDIF !ENDIF !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF !IF "$(CFG)" == "Release" !IF "$(CODEGEN)" == "" !IF "$(STATIC)" == "yes" CODEGEN=/MT !ELSE CODEGEN=/MD !ENDIF !IF "$(VERBOSE)" != "0" !MESSAGE Codegeneration defaulting to $(CODEGEN). !ENDIF !ENDIF !IF "$(VCVER)" != "6" ENABLE_WIN64_WARNINGS=/Wp64 !ENDIF CPP_PROJ= $(CODEGEN) /W3 $(EXCEPTHANDLING) /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c incremental=no # This use to contain /machine:I386. This breaks cross compiling to Windows 64. # It doesn't seem that the /machine option is needed anyway. LINK32_FLAGS=/debug !ELSEIF "$(CFG)" == "Debug" !IF "$(CODEGEN)" == "" !IF "$(STATIC)" == "yes" CODEGEN=/MTd !ELSE CODEGEN=/MDd !ENDIF !IF "$(VERBOSE)" != "0" !MESSAGE Codegeneration defaulting to $(CODEGEN). !ENDIF !ENDIF CPP_PROJ=$(CODEGEN) /W3 /Gm $(EXCEPTHANDLING) /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c incremental=yes # This use to contain /machine:I386. This breaks cross compiling to Windows 64. # It doesn't seem that the /machine option is needed anyway. LINK32_FLAGS=/debug /pdbtype:sept !ENDIF LINK32DLL_FLAGS=/incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) # Assume we are only building console applications LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) # Assume we are only building console applications LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) LINK32LIB_FLAGS=$(LINK32_FLAGS) cyrus-sasl-2.1.25/win32/.cvsignore0000666000076400007640000000005107276043735013616 00000000000000Makefile.in Makefile .deps .libs *.l[ao] cyrus-sasl-2.1.25/win32/.cvswrappers0000666000076400007640000000010006626305234014162 00000000000000# VC++ Files are BINARY *.dsp -k 'b' *.dsw -k 'b' *.reg -k 'b' cyrus-sasl-2.1.25/win32/.#common.mak.1.200000646000076400007640000001252311630174017014270 00000000000000#Can this be autogenerated? #Keep in sync with include/sasl.h and win32/include/config.h SASL_VERSION_MAJOR=2 SASL_VERSION_MINOR=1 SASL_VERSION_STEP=25 !IF "$(STATIC)" == "" STATIC=yes !ENDIF # Uncomment the following line, if you want to use Visual Studio 6 #VCVER=6 # Use in Visual Studio 6 & 7: #EXCEPTHANDLING=/GX # Use in Visual Studio 8: EXCEPTHANDLING=/EHsc # Define compiler/linker/etc. CPP=cl.exe /nologo LINK32=link.exe /nologo LINK32DLL=$(LINK32) /dll LINK32EXE=$(LINK32) # It seems that -lib must be the first parameter LINK32LIB=link.exe /lib /nologo SYS_LIBS=ws2_32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib !IF "$(BITS)" == "64" SYS_LIBS=$(SYS_LIBS) bufferoverflowU.lib !ENDIF # Define the minimal Windows OS you want to run on:40 (NT), 50 (W2K), 51 (XP) # Default is no restrictions. Currently we only check for 51 or later. #TARGET_WIN_SYSTEM=51 !IF "$(TARGET_WIN_SYSTEM)" == "" !IF "$(VERBOSE)" != "0" !MESSAGE Applications and libraries should run on any Win32 system. !ENDIF TARGET_WIN_SYSTEM=0 !ENDIF # prefix variable is currently only being used by install target !IF "$(prefix)" == "" prefix=C:\CMU !IF "$(VERBOSE)" != "0" !MESSAGE Default installation directory is $(prefix). !ENDIF !ENDIF !IF "$(CFG)" == "" CFG=Release !IF "$(VERBOSE)" != "0" !MESSAGE No configuration specified. Defaulting to $(CFG). !ENDIF !ENDIF !IF "$(DB_LIB)" == "" DB_LIB=libdb41s.lib !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat library name to $(DB_LIB). !ENDIF !ENDIF !IF "$(DB_INCLUDE)" == "" DB_INCLUDE=c:\work\isode\db\build_win32 !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat include path to $(DB_INCLUDE). !ENDIF !ENDIF !IF "$(DB_LIBPATH)" == "" DB_LIBPATH=c:\work\isode\db\build_win32\Release_static !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SleepyCat library path to $(DB_LIBPATH). !ENDIF !ENDIF !IF "$(OPENSSL_INCLUDE)" == "" OPENSSL_INCLUDE="D:\openssl\engine-0.9.6g-md3\include" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting OpenSSL Include path to $(OPENSSL_INCLUDE). !ENDIF !ENDIF !IF "$(OPENSSL_LIBPATH)" == "" OPENSSL_LIBPATH="D:\openssl\engine-0.9.6g-md3\lib" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting OpenSSL library path to $(OPENSSL_LIBPATH). !ENDIF !ENDIF !IF "$(GSSAPI_INCLUDE)" == "" GSSAPI_INCLUDE="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\include" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting GSSAPI Include path to $(GSSAPI_INCLUDE). !ENDIF !ENDIF !IF "$(GSSAPI_LIBPATH)" == "" GSSAPI_LIBPATH="C:\Program Files\CyberSafe\Developer Pack\ApplicationSecuritySDK\lib" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting GSSAPI library path to $(GSSAPI_LIBPATH). !ENDIF !ENDIF !IF "$(SQLITE_INCLUDE)" == "" SQLITE_INCLUDES=/I"C:\work\open_source\sqllite\sqlite\src" /I"C:\work\open_source\sqllite\sqlite\win32" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE_INCLUDES includes to $(SQLITE_INCLUDES). !ENDIF !ENDIF !IF "$(SQLITE_LIBPATH)" == "" SQLITE_LIBPATH="C:\work\open_source\sqllite\sqlite\objs" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH). !ENDIF !ENDIF !IF "$(SQLITE_INCLUDE3)" == "" SQLITE_INCLUDES3=/I"c:\work\sqlite\generated" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE_INCLUDES3 includes to $(SQLITE_INCLUDES3). !ENDIF !ENDIF !IF "$(SQLITE_LIBPATH3)" == "" SQLITE_LIBPATH3="c:\work\sqlite\objs.NT" !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting SQLITE library path to $(SQLITE_LIBPATH3). !ENDIF !ENDIF !IF "$(LDAP_LIB_BASE)" == "" LDAP_LIB_BASE = c:\work\open_source\openldap\openldap-head\ldap\Debug !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting LDAP library path to $(LDAP_LIB_BASE). !ENDIF !ENDIF !IF "$(LDAP_INCLUDE)" == "" LDAP_INCLUDE = c:\work\open_source\openldap\openldap-head\ldap\include !IF "$(VERBOSE)" != "0" !MESSAGE Defaulting LDAP include path to $(LDAP_INCLUDE). !ENDIF !ENDIF !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF !IF "$(CFG)" == "Release" !IF "$(CODEGEN)" == "" !IF "$(STATIC)" == "yes" CODEGEN=/MT !ELSE CODEGEN=/MD !ENDIF !IF "$(VERBOSE)" != "0" !MESSAGE Codegeneration defaulting to $(CODEGEN). !ENDIF !ENDIF !IF "$(VCVER)" != "6" ENABLE_WIN64_WARNINGS=/Wp64 !ENDIF CPP_PROJ= $(CODEGEN) /W3 $(EXCEPTHANDLING) /O2 $(ENABLE_WIN64_WARNINGS) /Zi /D "NDEBUG" $(CPPFLAGS) /FD /c incremental=no # This use to contain /machine:I386. This breaks cross compiling to Windows 64. # It doesn't seem that the /machine option is needed anyway. LINK32_FLAGS=/debug !ELSEIF "$(CFG)" == "Debug" !IF "$(CODEGEN)" == "" !IF "$(STATIC)" == "yes" CODEGEN=/MTd !ELSE CODEGEN=/MDd !ENDIF !IF "$(VERBOSE)" != "0" !MESSAGE Codegeneration defaulting to $(CODEGEN). !ENDIF !ENDIF CPP_PROJ=$(CODEGEN) /W3 /Gm $(EXCEPTHANDLING) /ZI /Od /D "_DEBUG" $(CPPFLAGS) /FD /GZ /c incremental=yes # This use to contain /machine:I386. This breaks cross compiling to Windows 64. # It doesn't seem that the /machine option is needed anyway. LINK32_FLAGS=/debug /pdbtype:sept !ENDIF LINK32DLL_FLAGS=/incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) # Assume we are only building console applications LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) # Assume we are only building console applications LINK32EXE_FLAGS=/subsystem:console /incremental:$(incremental) $(LINK32_FLAGS) $(SYS_LIBS) $(EXTRA_LIBS) LINK32LIB_FLAGS=$(LINK32_FLAGS) cyrus-sasl-2.1.25/config/0000777000076400007640000000000011632367343012200 500000000000000cyrus-sasl-2.1.25/config/ltconfig0000757000076400007640000030245011630151330013636 00000000000000#! /bin/sh # ltconfig - Create a system-specific libtool. # Copyright (C) 1996-1999 Free Software Foundation, Inc. # Originally by Gordon Matzigkeit , 1996 # # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # A lot of this script is taken from autoconf-2.10. # Check that we are running under the correct shell. SHELL=${CONFIG_SHELL-/bin/sh} echo=echo if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then # Yippee, $echo works! : else # Restart under the correct shell. exec "$SHELL" "$0" --no-reexec ${1+"$@"} fi if test "X$1" = X--fallback-echo; then # used as fallback echo shift cat </dev/null`} case X$UNAME in *-DOS) PATH_SEPARATOR=';' ;; *) PATH_SEPARATOR=':' ;; esac fi # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi if test "X${echo_test_string+set}" != Xset; then # find a string as large as possible, as long as the shell can cope with it for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... if (echo_test_string="`eval $cmd`") 2>/dev/null && echo_test_string="`eval $cmd`" && (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null; then break fi done fi if test "X`($echo '\t') 2>/dev/null`" != 'X\t' || test "X`($echo "$echo_test_string") 2>/dev/null`" != X"$echo_test_string"; then # The Solaris, AIX, and Digital Unix default echo programs unquote # backslashes. This makes it impossible to quote backslashes using # echo "$something" | sed 's/\\/\\\\/g' # # So, first we look for a working echo in the user's PATH. IFS="${IFS= }"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" for dir in $PATH /usr/ucb; do if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && test "X`($dir/echo "$echo_test_string") 2>/dev/null`" = X"$echo_test_string"; then echo="$dir/echo" break fi done IFS="$save_ifs" if test "X$echo" = Xecho; then # We didn't find a better echo, so look for alternatives. if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && test "X`(print -r "$echo_test_string") 2>/dev/null`" = X"$echo_test_string"; then # This shell has a builtin print -r that does the trick. echo='print -r' elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && test "X$CONFIG_SHELL" != X/bin/ksh; then # If we have ksh, try running ltconfig again with it. ORIGINAL_CONFIG_SHELL="${CONFIG_SHELL-/bin/sh}" export ORIGINAL_CONFIG_SHELL CONFIG_SHELL=/bin/ksh export CONFIG_SHELL exec "$CONFIG_SHELL" "$0" --no-reexec ${1+"$@"} else # Try using printf. echo='printf "%s\n"' if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && test "X`($echo "$echo_test_string") 2>/dev/null`" = X"$echo_test_string"; then # Cool, printf works : elif test "X`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null`" = 'X\t' && test "X`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null`" = X"$echo_test_string"; then CONFIG_SHELL="$ORIGINAL_CONFIG_SHELL" export CONFIG_SHELL SHELL="$CONFIG_SHELL" export SHELL echo="$CONFIG_SHELL $0 --fallback-echo" elif test "X`("$CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null`" = 'X\t' && test "X`("$CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null`" = X"$echo_test_string"; then echo="$CONFIG_SHELL $0 --fallback-echo" else # maybe with a smaller string... prev=: for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null; then break fi prev="$cmd" done if test "$prev" != 'sed 50q "$0"'; then echo_test_string=`eval $prev` export echo_test_string exec "${ORIGINAL_CONFIG_SHELL}" "$0" ${1+"$@"} else # Oops. We lost completely, so just stick with echo. echo=echo fi fi fi fi fi # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed='sed -e s/^X//' sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # The name of this program. progname=`$echo "X$0" | $Xsed -e 's%^.*/%%'` # Constants: PROGRAM=ltconfig PACKAGE=libtool VERSION=1.3.5 TIMESTAMP=" (1.385.2.206 2000/05/27 11:12:27)" ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' rm="rm -f" help="Try \`$progname --help' for more information." # Global variables: default_ofile=libtool can_build_shared=yes enable_shared=yes # All known linkers require a `.a' archive for static linking (except M$VC, # which needs '.lib'). enable_static=yes enable_fast_install=yes enable_dlopen=unknown enable_win32_dll=no ltmain= silent= srcdir= ac_config_guess= ac_config_sub= host= nonopt= ofile="$default_ofile" verify_host=yes with_gcc=no with_gnu_ld=no need_locks=yes ac_ext=c objext=o libext=a exeext= cache_file= old_AR="$AR" old_CC="$CC" old_CFLAGS="$CFLAGS" old_CPPFLAGS="$CPPFLAGS" old_LDFLAGS="$LDFLAGS" old_LD="$LD" old_LN_S="$LN_S" old_LIBS="$LIBS" old_NM="$NM" old_RANLIB="$RANLIB" old_DLLTOOL="$DLLTOOL" old_OBJDUMP="$OBJDUMP" old_AS="$AS" # Parse the command line options. args= prev= for option do case "$option" in -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac # If the previous option needs an argument, assign it. if test -n "$prev"; then eval "$prev=\$option" prev= continue fi case "$option" in --help) cat <&2 echo "$help" 1>&2 exit 1 ;; *) if test -z "$ltmain"; then ltmain="$option" elif test -z "$host"; then # This generates an unnecessary warning for sparc-sun-solaris4.1.3_U1 # if test -n "`echo $option| sed 's/[-a-z0-9.]//g'`"; then # echo "$progname: warning \`$option' is not a valid host type" 1>&2 # fi host="$option" else echo "$progname: too many arguments" 1>&2 echo "$help" 1>&2 exit 1 fi ;; esac done if test -z "$ltmain"; then echo "$progname: you must specify a LTMAIN file" 1>&2 echo "$help" 1>&2 exit 1 fi if test ! -f "$ltmain"; then echo "$progname: \`$ltmain' does not exist" 1>&2 echo "$help" 1>&2 exit 1 fi # Quote any args containing shell metacharacters. ltconfig_args= for arg do case "$arg" in *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) ltconfig_args="$ltconfig_args '$arg'" ;; *) ltconfig_args="$ltconfig_args $arg" ;; esac done # A relevant subset of AC_INIT. # File descriptor usage: # 0 standard input # 1 file creation # 2 errors and warnings # 3 some systems may open it to /dev/tty # 4 used on the Kubota Titan # 5 compiler messages saved in config.log # 6 checking for... messages and results if test "$silent" = yes; then exec 6>/dev/null else exec 6>&1 fi exec 5>>./config.log # NLS nuisances. # Only set LANG and LC_ALL to C if already set. # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). if test "X${LC_ALL+set}" = Xset; then LC_ALL=C; export LC_ALL; fi if test "X${LANG+set}" = Xset; then LANG=C; export LANG; fi if test -n "$cache_file" && test -r "$cache_file"; then echo "loading cache $cache_file within ltconfig" . $cache_file fi if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then ac_n= ac_c=' ' ac_t=' ' else ac_n=-n ac_c= ac_t= fi else ac_n= ac_c='\c' ac_t= fi if test -z "$srcdir"; then # Assume the source directory is the same one as the path to LTMAIN. srcdir=`$echo "X$ltmain" | $Xsed -e 's%/[^/]*$%%'` test "$srcdir" = "$ltmain" && srcdir=. fi trap "$rm conftest*; exit 1" 1 2 15 if test "$verify_host" = yes; then # Check for config.guess and config.sub. ac_aux_dir= for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do if test -f $ac_dir/config.guess; then ac_aux_dir=$ac_dir break fi done if test -z "$ac_aux_dir"; then echo "$progname: cannot find config.guess in $srcdir $srcdir/.. $srcdir/../.." 1>&2 echo "$help" 1>&2 exit 1 fi ac_config_guess=$ac_aux_dir/config.guess ac_config_sub=$ac_aux_dir/config.sub # Make sure we can run config.sub. if $SHELL $ac_config_sub sun4 >/dev/null 2>&1; then : else echo "$progname: cannot run $ac_config_sub" 1>&2 echo "$help" 1>&2 exit 1 fi echo $ac_n "checking host system type""... $ac_c" 1>&6 host_alias=$host case "$host_alias" in "") if host_alias=`$SHELL $ac_config_guess`; then : else echo "$progname: cannot guess host type; you must specify one" 1>&2 echo "$help" 1>&2 exit 1 fi ;; esac host=`$SHELL $ac_config_sub $host_alias` echo "$ac_t$host" 1>&6 # Make sure the host verified. test -z "$host" && exit 1 elif test -z "$host"; then echo "$progname: you must specify a host type if you use \`--no-verify'" 1>&2 echo "$help" 1>&2 exit 1 else host_alias=$host fi # Transform linux* to *-*-linux-gnu*, to support old configure scripts. case "$host_os" in linux-gnu*) ;; linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'` esac host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` case "$host_os" in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Determine commands to create old-style static archives. old_archive_cmds='$AR cru $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= # Set a sane default for `AR'. test -z "$AR" && AR=ar # Set a sane default for `OBJDUMP'. test -z "$OBJDUMP" && OBJDUMP=objdump # If RANLIB is not set, then run the test. if test "${RANLIB+set}" != "set"; then result=no echo $ac_n "checking for ranlib... $ac_c" 1>&6 IFS="${IFS= }"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" for dir in $PATH; do test -z "$dir" && dir=. if test -f $dir/ranlib || test -f $dir/ranlib$ac_exeext; then RANLIB="ranlib" result="ranlib" break fi done IFS="$save_ifs" echo "$ac_t$result" 1>&6 fi if test -n "$RANLIB"; then old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds" fi # Set sane defaults for `DLLTOOL', `OBJDUMP', and `AS', used on cygwin. test -z "$DLLTOOL" && DLLTOOL=dlltool test -z "$OBJDUMP" && OBJDUMP=objdump test -z "$AS" && AS=as # Check to see if we are using GCC. if test "$with_gcc" != yes || test -z "$CC"; then # If CC is not set, then try to find GCC or a usable CC. if test -z "$CC"; then echo $ac_n "checking for gcc... $ac_c" 1>&6 IFS="${IFS= }"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" for dir in $PATH; do test -z "$dir" && dir=. if test -f $dir/gcc || test -f $dir/gcc$ac_exeext; then CC="gcc" break fi done IFS="$save_ifs" if test -n "$CC"; then echo "$ac_t$CC" 1>&6 else echo "$ac_t"no 1>&6 fi fi # Not "gcc", so try "cc", rejecting "/usr/ucb/cc". if test -z "$CC"; then echo $ac_n "checking for cc... $ac_c" 1>&6 IFS="${IFS= }"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" cc_rejected=no for dir in $PATH; do test -z "$dir" && dir=. if test -f $dir/cc || test -f $dir/cc$ac_exeext; then if test "$dir/cc" = "/usr/ucb/cc"; then cc_rejected=yes continue fi CC="cc" break fi done IFS="$save_ifs" if test $cc_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $CC shift if test $# -gt 0; then # We chose a different compiler from the bogus one. # However, it has the same name, so the bogon will be chosen # first if we set CC to just the name; use the full file name. shift set dummy "$dir/cc" "$@" shift CC="$@" fi fi if test -n "$CC"; then echo "$ac_t$CC" 1>&6 else echo "$ac_t"no 1>&6 fi if test -z "$CC"; then echo "$progname: error: no acceptable cc found in \$PATH" 1>&2 exit 1 fi fi # Now see if the compiler is really GCC. with_gcc=no echo $ac_n "checking whether we are using GNU C... $ac_c" 1>&6 echo "$progname:581: checking whether we are using GNU C" >&5 $rm conftest.c cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then with_gcc=yes fi $rm conftest.c echo "$ac_t$with_gcc" 1>&6 fi # Allow CC to be a program name with arguments. set dummy $CC compiler="$2" echo $ac_n "checking for object suffix... $ac_c" 1>&6 $rm conftest* echo 'int i = 1;' > conftest.c echo "$progname:603: checking for object suffix" >& 5 if { (eval echo $progname:604: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; }; then # Append any warnings to the config.log. cat conftest.err 1>&5 for ac_file in conftest.*; do case $ac_file in *.c) ;; *) objext=`echo $ac_file | sed -e s/conftest.//` ;; esac done else cat conftest.err 1>&5 echo "$progname: failed program was:" >&5 cat conftest.c >&5 fi $rm conftest* echo "$ac_t$objext" 1>&6 echo $ac_n "checking for executable suffix... $ac_c" 1>&6 if eval "test \"`echo '$''{'ac_cv_exeext'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_exeext="no" $rm conftest* echo 'main () { return 0; }' > conftest.c echo "$progname:629: checking for executable suffix" >& 5 if { (eval echo $progname:630: \"$ac_link\") 1>&5; (eval $ac_link) 2>conftest.err; }; then # Append any warnings to the config.log. cat conftest.err 1>&5 for ac_file in conftest.*; do case $ac_file in *.c | *.err | *.$objext ) ;; *) ac_cv_exeext=.`echo $ac_file | sed -e s/conftest.//` ;; esac done else cat conftest.err 1>&5 echo "$progname: failed program was:" >&5 cat conftest.c >&5 fi $rm conftest* fi if test "X$ac_cv_exeext" = Xno; then exeext="" else exeext="$ac_cv_exeext" fi echo "$ac_t$ac_cv_exeext" 1>&6 echo $ac_n "checking for $compiler option to produce PIC... $ac_c" 1>&6 pic_flag= special_shlib_compile_flags= wl= link_static_flag= no_builtin_flag= if test "$with_gcc" = yes; then wl='-Wl,' link_static_flag='-static' case "$host_os" in beos* | irix5* | irix6* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; aix*) # Below there is a dirty hack to force normal static linking with -ldl # The problem is because libdl dynamically linked with both libc and # libC (AIX C++ library), which obviously doesn't included in libraries # list by gcc. This cause undefined symbols with -static flags. # This hack allows C programs to be linked with "-static -ldl", but # we not sure about C++ programs. link_static_flag="$link_static_flag ${wl}-lC" ;; cygwin* | mingw* | os2*) # We can build DLLs from non-PIC. ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files pic_flag='-fno-common' ;; amigaos*) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. pic_flag='-m68020 -resident32 -malways-restore-a4' ;; sysv4*MP*) if test -d /usr/nec; then pic_flag=-Kconform_pic fi ;; *) pic_flag='-fPIC' ;; esac else # PORTME Check for PIC flags for the system compiler. case "$host_os" in aix3* | aix4*) # All AIX code is PIC. link_static_flag='-bnso -bI:/lib/syscalls.exp' ;; hpux9* | hpux10* | hpux11*) # Is there a better link_static_flag that works with the bundled CC? wl='-Wl,' link_static_flag="${wl}-a ${wl}archive" pic_flag='+Z' ;; irix5* | irix6*) wl='-Wl,' link_static_flag='-non_shared' # PIC (with -KPIC) is the default. ;; cygwin* | mingw* | os2*) # We can build DLLs from non-PIC. ;; osf3* | osf4* | osf5*) # All OSF/1 code is PIC. wl='-Wl,' link_static_flag='-non_shared' ;; sco3.2v5*) pic_flag='-Kpic' link_static_flag='-dn' special_shlib_compile_flags='-belf' ;; solaris*) pic_flag='-KPIC' link_static_flag='-Bstatic' wl='-Wl,' ;; sunos4*) pic_flag='-PIC' link_static_flag='-Bstatic' wl='-Qoption ld ' ;; sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) pic_flag='-KPIC' link_static_flag='-Bstatic' wl='-Wl,' ;; uts4*) pic_flag='-pic' link_static_flag='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then pic_flag='-Kconform_pic' link_static_flag='-Bstatic' fi ;; *) can_build_shared=no ;; esac fi if test -n "$pic_flag"; then echo "$ac_t$pic_flag" 1>&6 # Check to make sure the pic_flag actually works. echo $ac_n "checking if $compiler PIC flag $pic_flag works... $ac_c" 1>&6 $rm conftest* echo "int some_variable = 0;" > conftest.c save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $pic_flag -DPIC" echo "$progname:781: checking if $compiler PIC flag $pic_flag works" >&5 if { (eval echo $progname:782: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then # Append any warnings to the config.log. cat conftest.err 1>&5 case "$host_os" in hpux9* | hpux10* | hpux11*) # On HP-UX, both CC and GCC only warn that PIC is supported... then they # create non-PIC objects. So, if there were any warnings, we assume that # PIC is not supported. if test -s conftest.err; then echo "$ac_t"no 1>&6 can_build_shared=no pic_flag= else echo "$ac_t"yes 1>&6 pic_flag=" $pic_flag" fi ;; *) echo "$ac_t"yes 1>&6 pic_flag=" $pic_flag" ;; esac else # Append any errors to the config.log. cat conftest.err 1>&5 can_build_shared=no pic_flag= echo "$ac_t"no 1>&6 fi CFLAGS="$save_CFLAGS" $rm conftest* else echo "$ac_t"none 1>&6 fi # Check to see if options -o and -c are simultaneously supported by compiler echo $ac_n "checking if $compiler supports -c -o file.o... $ac_c" 1>&6 $rm -r conftest 2>/dev/null mkdir conftest cd conftest $rm conftest* echo "int some_variable = 0;" > conftest.c mkdir out # According to Tom Tromey, Ian Lance Taylor reported there are C compilers # that will create temporary files in the current directory regardless of # the output directory. Thus, making CWD read-only will cause this test # to fail, enabling locking or at least warning the user not to do parallel # builds. chmod -w . save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -o out/conftest2.o" echo "$progname:834: checking if $compiler supports -c -o file.o" >&5 if { (eval echo $progname:835: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.o; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings if test -s out/conftest.err; then echo "$ac_t"no 1>&6 compiler_c_o=no else echo "$ac_t"yes 1>&6 compiler_c_o=yes fi else # Append any errors to the config.log. cat out/conftest.err 1>&5 compiler_c_o=no echo "$ac_t"no 1>&6 fi CFLAGS="$save_CFLAGS" chmod u+w . $rm conftest* out/* rmdir out cd .. rmdir conftest $rm -r conftest 2>/dev/null if test x"$compiler_c_o" = x"yes"; then # Check to see if we can write to a .lo echo $ac_n "checking if $compiler supports -c -o file.lo... $ac_c" 1>&6 $rm conftest* echo "int some_variable = 0;" > conftest.c save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -c -o conftest.lo" echo "$progname:867: checking if $compiler supports -c -o file.lo" >&5 if { (eval echo $progname:868: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.lo; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then echo "$ac_t"no 1>&6 compiler_o_lo=no else echo "$ac_t"yes 1>&6 compiler_o_lo=yes fi else # Append any errors to the config.log. cat conftest.err 1>&5 compiler_o_lo=no echo "$ac_t"no 1>&6 fi CFLAGS="$save_CFLAGS" $rm conftest* else compiler_o_lo=no fi # Check to see if we can do hard links to lock some files if needed hard_links="nottested" if test "$compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user echo $ac_n "checking if we can lock with hard links... $ac_c" 1>&6 hard_links=yes $rm conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no echo "$ac_t$hard_links" 1>&6 $rm conftest* if test "$hard_links" = no; then echo "*** WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2 need_locks=warn fi else need_locks=no fi if test "$with_gcc" = yes; then # Check to see if options -fno-rtti -fno-exceptions are supported by compiler echo $ac_n "checking if $compiler supports -fno-rtti -fno-exceptions ... $ac_c" 1>&6 $rm conftest* echo "int some_variable = 0;" > conftest.c save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.c" echo "$progname:919: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 if { (eval echo $progname:920: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.o; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then echo "$ac_t"no 1>&6 compiler_rtti_exceptions=no else echo "$ac_t"yes 1>&6 compiler_rtti_exceptions=yes fi else # Append any errors to the config.log. cat conftest.err 1>&5 compiler_rtti_exceptions=no echo "$ac_t"no 1>&6 fi CFLAGS="$save_CFLAGS" $rm conftest* if test "$compiler_rtti_exceptions" = "yes"; then no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions' else no_builtin_flag=' -fno-builtin' fi fi # Check for any special shared library compilation flags. if test -n "$special_shlib_compile_flags"; then echo "$progname: warning: \`$CC' requires \`$special_shlib_compile_flags' to build shared libraries" 1>&2 if echo "$old_CC $old_CFLAGS " | egrep -e "[ ]$special_shlib_compile_flags[ ]" >/dev/null; then : else echo "$progname: add \`$special_shlib_compile_flags' to the CC or CFLAGS env variable and reconfigure" 1>&2 can_build_shared=no fi fi echo $ac_n "checking if $compiler static flag $link_static_flag works... $ac_c" 1>&6 $rm conftest* echo 'main(){return(0);}' > conftest.c save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $link_static_flag" echo "$progname:963: checking if $compiler static flag $link_static_flag works" >&5 if { (eval echo $progname:964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then echo "$ac_t$link_static_flag" 1>&6 else echo "$ac_t"none 1>&6 link_static_flag= fi LDFLAGS="$save_LDFLAGS" $rm conftest* if test -z "$LN_S"; then # Check to see if we can use ln -s, or we need hard links. echo $ac_n "checking whether ln -s works... $ac_c" 1>&6 $rm conftest.dat if ln -s X conftest.dat 2>/dev/null; then $rm conftest.dat LN_S="ln -s" else LN_S=ln fi if test "$LN_S" = "ln -s"; then echo "$ac_t"yes 1>&6 else echo "$ac_t"no 1>&6 fi fi # Make sure LD is an absolute path. if test -z "$LD"; then ac_prog=ld if test "$with_gcc" = yes; then # Check if gcc -print-prog-name=ld gives a path. echo $ac_n "checking for ld used by GCC... $ac_c" 1>&6 echo "$progname:996: checking for ld used by GCC" >&5 ac_prog=`($CC -print-prog-name=ld) 2>&5` case "$ac_prog" in # Accept absolute paths. [\\/]* | [A-Za-z]:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we are not using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then echo $ac_n "checking for GNU ld... $ac_c" 1>&6 echo "$progname:1020: checking for GNU ld" >&5 else echo $ac_n "checking for non-GNU ld""... $ac_c" 1>&6 echo "$progname:1023: checking for non-GNU ld" >&5 fi if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. if "$LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then test "$with_gnu_ld" != no && break else test "$with_gnu_ld" != yes && break fi fi done IFS="$ac_save_ifs" fi if test -n "$LD"; then echo "$ac_t$LD" 1>&6 else echo "$ac_t"no 1>&6 fi if test -z "$LD"; then echo "$progname: error: no acceptable ld found in \$PATH" 1>&2 exit 1 fi fi # Check to see if it really is or is not GNU ld. echo $ac_n "checking if the linker ($LD) is GNU ld... $ac_c" 1>&6 # I'd rather use --version here, but apparently some GNU ld's only accept -v. if $LD -v 2>&1 &5; then with_gnu_ld=yes else with_gnu_ld=no fi echo "$ac_t$with_gnu_ld" 1>&6 # See if the linker supports building shared libraries. echo $ac_n "checking whether the linker ($LD) supports shared libraries... $ac_c" 1>&6 allow_undefined_flag= no_undefined_flag= need_lib_prefix=unknown need_version=unknown # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments archive_cmds= archive_expsym_cmds= old_archive_from_new_cmds= export_dynamic_flag_spec= whole_archive_flag_spec= thread_safe_flag_spec= hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_direct=no hardcode_minus_L=no hardcode_shlibpath_var=unsupported runpath_var= always_export_symbols=no export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols' # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an egrep regular expression of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms="_GLOBAL_OFFSET_TABLE_" # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. case "$host_os" in cygwin* | mingw*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$with_gcc" != yes; then with_gnu_ld=no fi ;; esac ld_shlibs=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # See if GNU ld supports shared libraries. case "$host_os" in aix3* | aix4*) # On AIX, the GNU linker is very broken ld_shlibs=no cat <&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. EOF ;; amigaos*) archive_cmds='$rm $objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $objdir/a2ixlibrary.data~$AR cru $lib $libobjs~$RANLIB $lib~(cd $objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we can use # them. ld_shlibs=no ;; beos*) if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $linkopts ${wl}-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw*) # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' allow_undefined_flag=unsupported always_export_symbols=yes # Extract the symbol export list from an `--export-all' def file, # then regenerate the def file from the symbol export list, so that # the compiled dll only exports the symbol export list. # Be careful not to strip the DATA tag left by newer dlltools. export_symbols_cmds='test -f $objdir/$soname-ltdll.c || sed -e "/^# \/\* ltdll\.c starts here \*\//,/^# \/\* ltdll.c ends here \*\// { s/^# //; p; }" -e d < $0 > $objdir/$soname-ltdll.c~ test -f $objdir/$soname-ltdll.$objext || (cd $objdir && $CC -c $soname-ltdll.c)~ $DLLTOOL --export-all --exclude-symbols DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12 --output-def $objdir/$soname-def $objdir/$soname-ltdll.$objext $libobjs $convenience~ sed -e "1,/EXPORTS/d" -e "s/ @ [0-9]*//" -e "s/ *;.*$//" < $objdir/$soname-def > $export_symbols' # If DATA tags from a recent dlltool are present, honour them! archive_expsym_cmds='echo EXPORTS > $objdir/$soname-def~ _lt_hint=1; cat $export_symbols | while read symbol; do set dummy \$symbol; case \$# in 2) echo " \$2 @ \$_lt_hint ; " >> $objdir/$soname-def;; *) echo " \$2 @ \$_lt_hint \$3 ; " >> $objdir/$soname-def;; esac; _lt_hint=`expr 1 + \$_lt_hint`; done~ test -f $objdir/$soname-ltdll.c || sed -e "/^# \/\* ltdll\.c starts here \*\//,/^# \/\* ltdll.c ends here \*\// { s/^# //; p; }" -e d < $0 > $objdir/$soname-ltdll.c~ test -f $objdir/$soname-ltdll.$objext || (cd $objdir && $CC -c $soname-ltdll.c)~ $CC -Wl,--base-file,$objdir/$soname-base -Wl,--dll -nostartfiles -Wl,-e,__cygwin_dll_entry@12 -o $lib $objdir/$soname-ltdll.$objext $libobjs $deplibs $linkopts~ $DLLTOOL --as=$AS --dllname $soname --exclude-symbols DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12 --def $objdir/$soname-def --base-file $objdir/$soname-base --output-exp $objdir/$soname-exp~ $CC -Wl,--base-file,$objdir/$soname-base $objdir/$soname-exp -Wl,--dll -nostartfiles -Wl,-e,__cygwin_dll_entry@12 -o $lib $objdir/$soname-ltdll.$objext $libobjs $deplibs $linkopts~ $DLLTOOL --as=$AS --dllname $soname --exclude-symbols DllMain@12,_cygwin_dll_entry@12,_cygwin_noncygwin_dll_entry@12 --def $objdir/$soname-def --base-file $objdir/$soname-base --output-exp $objdir/$soname-exp~ $CC $objdir/$soname-exp -Wl,--dll -nostartfiles -Wl,-e,__cygwin_dll_entry@12 -o $lib $objdir/$soname-ltdll.$objext $libobjs $deplibs $linkopts' old_archive_from_new_cmds='$DLLTOOL --as=$AS --dllname $soname --def $objdir/$soname-def --output-lib $objdir/$libname.a' ;; netbsd*) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else archive_cmds='$LD -Bshareable $libobjs $deplibs $linkopts -o $lib' # can we support soname and/or expsyms with a.out? -oliva fi ;; solaris* | sysv5*) if $LD -v 2>&1 | egrep 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. EOF elif $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linkopts' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = yes; then runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' case $host_os in cygwin* | mingw*) # dlltool doesn't understand --whole-archive et. al. whole_archive_flag_spec= ;; *) # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | egrep 'no-whole-archive' > /dev/null; then whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec= fi ;; esac fi else # PORTME fill in a description of your system's linker (not GNU ld) case "$host_os" in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $objdir/$soname $libobjs $deplibs $linkopts -bE:$export_symbols -T512 -H512 -bM:SRE~$AR cru $lib $objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$with_gcc" = yes && test -z "$link_static_flag"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix4*) hardcode_libdir_flag_spec='${wl}-b ${wl}nolibpath ${wl}-b ${wl}libpath:$libdir:/usr/lib:/lib' hardcode_libdir_separator=':' if test "$with_gcc" = yes; then collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 hardcode_direct=yes else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi shared_flag='-shared' else shared_flag='${wl}-bM:SRE' hardcode_direct=yes fi allow_undefined_flag=' ${wl}-berok' archive_cmds="\$CC $shared_flag"' -o $objdir/$soname $libobjs $deplibs $linkopts ${wl}-bexpall ${wl}-bnoentry${allow_undefined_flag}' archive_expsym_cmds="\$CC $shared_flag"' -o $objdir/$soname $libobjs $deplibs $linkopts ${wl}-bE:$export_symbols ${wl}-bnoentry${allow_undefined_flag}' case "$host_os" in aix4.[01]|aix4.[01].*) # According to Greg Wooledge, -bexpall is only supported from AIX 4.2 on always_export_symbols=yes ;; esac ;; amigaos*) archive_cmds='$rm $objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $objdir/a2ixlibrary.data~$AR cru $lib $libobjs~$RANLIB $lib~(cd $objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # see comment about different semantics on the GNU ld section ld_shlibs=no ;; cygwin* | mingw*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $linkopts `echo "$deplibs" | sed -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_from_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib /OUT:$oldlib$oldobjs' fix_srcfile_path='`cygpath -w $srcfile`' ;; freebsd1*) ld_shlibs=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linkopts /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linkopts' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd*) archive_cmds='$CC -shared -o $lib $libobjs $deplibs $linkopts' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; darwin[15]* | rhapsody*) allow_undefined_flag='-undefined error' archive_cmds='$CC $(test x$module = xyes && echo -bundle || echo -dynamiclib) $allow_undefined_flag -o $lib $libobjs $deplibs $linkopts -install_name $rpath/$soname $(test -n "$verstring" -a x$verstring != x0.0 && echo $verstring)' # We need to add '_' to the symbols in $export_symbols first #archive_expsym_cmds="$archive_cmds"' && strip -s $export_symbols $lib' hardcode_direct=yes hardcode_shlibpath_var=no whole_archive_flag_spec='-all_load $convenience' ;; # Mac OS X v10.2 uses bash for /bin/sh instead of zsh, and the quoting syntax is incompatible darwin*) allow_undefined_flag='-undefined error' archive_cmds='$CC $(test x$module = xyes && echo -bundle || echo -dynamiclib) $allow_undefined_flag -o $lib $libobjs $deplibs $linkopts $(test x$module != xyes && echo -install_name $rpath/$soname $tmp_verstring)' # We need to add '_' to the symbols in $export_symbols first #archive_expsym_cmds="$archive_cmds"' && strip -s $export_symbols $lib' hardcode_direct=yes hardcode_shlibpath_var=no whole_archive_flag_spec='-all_load $convenience' ;; hpux9* | hpux10* | hpux11*) case "$host_os" in hpux9*) archive_cmds='$rm $objdir/$soname~$LD -b +b $install_libdir -o $objdir/$soname $libobjs $deplibs $linkopts~test $objdir/$soname = $lib || mv $objdir/$soname $lib' ;; *) archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linkopts' ;; esac hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_minus_L=yes # Not in the search PATH, but as the default # location of the library. export_dynamic_flag_spec='${wl}-E' ;; irix5* | irix6*) if test "$with_gcc" = yes; then archive_cmds='$CC -shared $libobjs $deplibs $linkopts ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${objdir}/so_locations -o $lib' else archive_cmds='$LD -shared $libobjs $deplibs $linkopts -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${objdir}/so_locations -o $lib' fi hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; netbsd*) if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linkopts' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linkopts' # ELF fi hardcode_libdir_flag_spec='${wl}-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; openbsd*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linkopts' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $objdir/$libname.def~$echo DATA >> $objdir/$libname.def~$echo " SINGLE NONSHARED" >> $objdir/$libname.def~$echo EXPORTS >> $objdir/$libname.def~emxexp $libobjs >> $objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $linkopts $objdir/$libname.def' old_archive_from_new_cmds='emximp -o $objdir/$libname.a $objdir/$libname.def' ;; osf3*) if test "$with_gcc" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $linkopts ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linkopts -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${objdir}/so_locations -o $lib' fi hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # As osf3* with the addition of the -msym flag if test "$with_gcc" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $linkopts ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linkopts -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${objdir}/so_locations -o $lib' fi hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; sco3.2v5*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ;; solaris*) no_undefined_flag=' -z text' # $CC -shared without GNU ld will not create a library from C++ # object files and a static libstdc++, better avoid it by now archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linkopts' archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linkopts~$rm $lib.exp' hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case "$host_os" in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # Supported since Solaris 2.6 (maybe 2.5.1?) whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linkopts' hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $linkopts' else archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' fi runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv5*) no_undefined_flag=' -z text' # $CC -shared without GNU ld will not create a library from C++ # object files and a static libstdc++, better avoid it by now archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linkopts' archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linkopts~$rm $lib.exp' hardcode_libdir_flag_spec= hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4.2uw2*) archive_cmds='$LD -G -o $lib $libobjs $deplibs $linkopts' hardcode_direct=yes hardcode_minus_L=no hardcode_shlibpath_var=no hardcode_runpath_var=yes runpath_var=LD_RUN_PATH ;; unixware7*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linkopts' runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac fi echo "$ac_t$ld_shlibs" 1>&6 test "$ld_shlibs" = no && can_build_shared=no if test -z "$NM"; then echo $ac_n "checking for BSD-compatible nm... $ac_c" 1>&6 case "$NM" in [\\/]* | [A-Za-z]:[\\/]*) ;; # Let the user override the test with a path. *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" for ac_dir in $PATH /usr/ucb /usr/ccs/bin /bin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then NM="$ac_dir/nm -B" break elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then NM="$ac_dir/nm -p" break else NM=${NM="$ac_dir/nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags fi fi done IFS="$ac_save_ifs" test -z "$NM" && NM=nm ;; esac echo "$ac_t$NM" 1>&6 fi # Check for command to grab the raw symbol name followed by C symbol from nm. echo $ac_n "checking command to parse $NM output... $ac_c" 1>&6 # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Transform the above into a raw symbol and a C symbol. symxfrm='\1 \2\3 \3' # Transform an extracted symbol line into a proper C declaration global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'" # Define system-specific variables. case "$host_os" in aix*) symcode='[BCDT]' ;; cygwin* | mingw*) symcode='[ABCDGISTW]' ;; hpux*) # Its linker distinguishes data from code symbols global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^. .* \(.*\)$/extern char \1;/p'" ;; irix*) symcode='[BCDEGRST]' ;; solaris*) symcode='[BDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # If we're using GNU nm, then use its standard symbol codes. if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then symcode='[ABCDGISTW]' fi # Try without a prefix undercore, then with it. for ac_symprfx in "" "_"; do # Write the raw and C identifiers. global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode\)[ ][ ]*\($ac_symprfx\)$sympat$/$symxfrm/p'" # Check to see that the pipe works correctly. pipe_works=no $rm conftest* cat > conftest.c <&5 if { (eval echo $progname:1663: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; } && test -s conftest.$objext; then # Now try to grab the symbols. nlist=conftest.nm if { echo "$progname:1666: eval \"$NM conftest.$objext | $global_symbol_pipe > $nlist\"" >&5; eval "$NM conftest.$objext | $global_symbol_pipe > $nlist 2>&5"; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if egrep ' nm_test_var$' "$nlist" >/dev/null; then if egrep ' nm_test_func$' "$nlist" >/dev/null; then cat < conftest.c #ifdef __cplusplus extern "C" { #endif EOF # Now generate the symbol file. eval "$global_symbol_to_cdecl"' < "$nlist" >> conftest.c' cat <> conftest.c #if defined (__STDC__) && __STDC__ # define lt_ptr_t void * #else # define lt_ptr_t char * # define const #endif /* The mapping between symbol names and symbols. */ const struct { const char *name; lt_ptr_t address; } lt_preloaded_symbols[] = { EOF sed 's/^. \(.*\) \(.*\)$/ {"\2", (lt_ptr_t) \&\2},/' < "$nlist" >> conftest.c cat <<\EOF >> conftest.c {0, (lt_ptr_t) 0} }; #ifdef __cplusplus } #endif EOF # Now try linking the two files. mv conftest.$objext conftstm.$objext save_LIBS="$LIBS" save_CFLAGS="$CFLAGS" LIBS="conftstm.$objext" CFLAGS="$CFLAGS$no_builtin_flag" if { (eval echo $progname:1718: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then pipe_works=yes else echo "$progname: failed program was:" >&5 cat conftest.c >&5 fi LIBS="$save_LIBS" else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.c >&5 fi $rm conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else global_symbol_pipe= fi done if test "$pipe_works" = yes; then echo "${ac_t}ok" 1>&6 else echo "${ac_t}failed" 1>&6 fi if test -z "$global_symbol_pipe"; then global_symbol_to_cdecl= fi # Check hardcoding attributes. echo $ac_n "checking how to hardcode library paths into programs... $ac_c" 1>&6 hardcode_action= if test -n "$hardcode_libdir_flag_spec" || \ test -n "$runpath_var"; then # We can hardcode non-existant directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$hardcode_shlibpath_var" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi echo "$ac_t$hardcode_action" 1>&6 reload_flag= reload_cmds='$LD$reload_flag -o $output$reload_objs' echo $ac_n "checking for $LD option to reload object files... $ac_c" 1>&6 # PORTME Some linkers may need a different reload flag. reload_flag='-r' echo "$ac_t$reload_flag" 1>&6 test -n "$reload_flag" && reload_flag=" $reload_flag" # PORTME Fill in your ld.so characteristics library_names_spec= libname_spec='lib$name' soname_spec= postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" file_magic_cmd= file_magic_test_file= deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # `unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [regex]' -- check by looking for files in library path # which responds to the $file_magic_cmd with a given egrep regex. # If you have `file' or equivalent on your system and you're not sure # whether `pass_all' will *always* work, you probably want this one. echo $ac_n "checking dynamic linker characteristics... $ac_c" 1>&6 case "$host_os" in aix3*) version_type=linux library_names_spec='${libname}${release}.so$versuffix $libname.a' shlibpath_var=LIBPATH # AIX has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}.so$major' ;; aix4*) version_type=linux # AIX has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. # We preserve .a as extension for shared libraries though AIX4.2 # and later linker supports .so library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.a' shlibpath_var=LIBPATH deplibs_check_method=pass_all ;; amigaos*) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done' ;; beos*) library_names_spec='${libname}.so' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH deplibs_check_method=pass_all lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; bsdi4*) version_type=linux need_version=no library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' soname_spec='${libname}${release}.so$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' file_magic_cmd=/usr/bin/file file_magic_test_file=/shlib/libc.so sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" export_dynamic_flag_spec=-rdynamic # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw*) version_type=windows need_version=no need_lib_prefix=no if test "$with_gcc" = yes; then library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.a' else library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib' fi dynamic_linker='Win32 ld.exe' deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' file_magic_cmd='${OBJDUMP} -f' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; freebsd1*) dynamic_linker=no ;; freebsd*) objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` version_type=freebsd-$objformat case "$version_type" in freebsd-elf*) deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB shared object' file_magic_cmd=/usr/bin/file file_magic_test_file=`echo /usr/lib/libc.so*` library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so' need_version=no need_lib_prefix=no ;; freebsd-*) deplibs_check_method=unknown library_names_spec='${libname}${release}.so$versuffix $libname.so$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case "$host_os" in freebsd2* | freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes ;; *) # from 3.2 on shlibpath_overrides_runpath=no ;; esac ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no deplibs_check_method='file_magic Mach-O (64-bit )?dynamically linked shared library' file_magic_cmd='/usr/bin/file -L' case "$host_os" in rhapsody* | darwin1.[012]) file_magic_test_file='/System/Library/Frameworks/System.framework/System' ;; *) # Darwin 1.3 on file_magic_test_file='/usr/lib/libSystem.dylib' ;; esac library_names_spec='${libname}${release}${versuffix}.$(test x$module = xyes && echo so || echo dylib) ${libname}${release}${major}.$(test x$module = xyes && echo so || echo dylib) ${libname}.$(test x$module = xyes && echo so || echo dylib)' soname_spec='${libname}${release}${major}.$(test x$module = xyes && echo so || echo dylib)' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so' soname_spec='${libname}${release}.so$major' shlibpath_var=LD_LIBRARY_PATH ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. dynamic_linker="$host_os dld.sl" version_type=sunos need_lib_prefix=no need_version=no shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl' soname_spec='${libname}${release}.sl$major' # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' case "$host_os" in hpux10.20*) # TODO: Does this work for hpux-11 too? deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library' file_magic_cmd=/usr/bin/file file_magic_test_file=/usr/lib/libc.sl ;; esac ;; irix5* | irix6*) version_type=irix need_lib_prefix=no need_version=no soname_spec='${libname}${release}.so.$major' library_names_spec='${libname}${release}.so.$versuffix ${libname}${release}.so.$major ${libname}${release}.so $libname.so' case "$host_os" in irix5*) libsuff= shlibsuff= # this will be overridden with pass_all, but let us keep it just in case deplibs_check_method="file_magic ELF 32-bit MSB dynamic lib MIPS - version 1" ;; *) case "$LD" in # libtool.m4 will add one of these switches to LD *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" file_magic_cmd=/usr/bin/file file_magic_test_file=`echo /lib${libsuff}/libc.so*` deplibs_check_method='pass_all' ;; # No shared lib support for Linux oldld, aout, or coff. linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*) dynamic_linker=no ;; # This must be Linux ELF. linux-gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' soname_spec='${libname}${release}.so$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no deplibs_check_method=pass_all if test -f /lib/ld.so.1; then dynamic_linker='GNU ld.so' else # Only the GNU ld.so supports shared libraries on MkLinux. case "$host_cpu" in powerpc*) dynamic_linker=no ;; *) dynamic_linker='Linux ld.so' ;; esac fi ;; netbsd*) version_type=sunos if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so' soname_spec='${libname}${release}.so$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH ;; openbsd*) version_type=sunos if test "$with_gnu_ld" = yes; then need_lib_prefix=no need_version=no fi library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH ;; os2*) libname_spec='$name' need_lib_prefix=no library_names_spec='$libname.dll $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_version=no soname_spec='${libname}${release}.so' library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so' shlibpath_var=LD_LIBRARY_PATH # this will be overridden with pass_all, but let us keep it just in case deplibs_check_method='file_magic COFF format alpha shared library' file_magic_cmd=/usr/bin/file file_magic_test_file=/shlib/libc.so deplibs_check_method='pass_all' sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; sco3.2v5*) version_type=osf soname_spec='${libname}${release}.so$major' library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' shlibpath_var=LD_LIBRARY_PATH ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' soname_spec='${libname}${release}.so$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' deplibs_check_method="file_magic ELF [0-9][0-9]-bit [LM]SB dynamic lib" file_magic_cmd=/usr/bin/file file_magic_test_file=/lib/libc.so ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) version_type=linux library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' soname_spec='${libname}${release}.so$major' shlibpath_var=LD_LIBRARY_PATH case "$host_vendor" in sequent) file_magic_cmd='/bin/file' deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; ncr) deplibs_check_method='pass_all' ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' file_magic_cmd=/usr/bin/file file_magic_test_file=`echo /usr/lib/libc.so*` ;; esac ;; uts4*) version_type=linux library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' soname_spec='${libname}${release}.so$major' shlibpath_var=LD_LIBRARY_PATH ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' soname_spec='${libname}${release}.so$major' shlibpath_var=LD_LIBRARY_PATH ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so' soname_spec='$libname.so.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; *) dynamic_linker=no ;; esac echo "$ac_t$dynamic_linker" 1>&6 test "$dynamic_linker" = no && can_build_shared=no # Report the final consequences. echo "checking if libtool supports shared libraries... $can_build_shared" 1>&6 # Only try to build win32 dlls if AC_LIBTOOL_WIN32_DLL was used in # configure.in, otherwise build static only libraries. case "$host_os" in cygwin* | mingw* | os2*) if test x$can_build_shared = xyes; then test x$enable_win32_dll = xno && can_build_shared=no echo "checking if package supports dlls... $can_build_shared" 1>&6 fi ;; esac if test -n "$file_magic_test_file" && test -n "$file_magic_cmd"; then case "$deplibs_check_method" in "file_magic "*) file_magic_regex="`expr \"$deplibs_check_method\" : \"file_magic \(.*\)\"`" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | egrep "$file_magic_regex" > /dev/null; then : else cat <&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org EOF fi ;; esac fi echo $ac_n "checking whether to build shared libraries... $ac_c" 1>&6 test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case "$host_os" in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix4*) test "$enable_shared" = yes && enable_static=no ;; esac echo "$ac_t$enable_shared" 1>&6 # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes # Propagate what we've learned... ac_cv_can_build_shared="$can_build_shared" echo "checking whether to build static libraries... $enable_static" 1>&6 if test "$hardcode_action" = relink; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi echo $ac_n "checking for objdir... $ac_c" 1>&6 rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. objdir=_libs fi rmdir .libs 2>/dev/null echo "$ac_t$objdir" 1>&6 if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else if eval "test \"`echo '$''{'lt_cv_dlopen'+set}'`\" != set"; then lt_cv_dlopen=no lt_cv_dlopen_libs= echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 echo "$progname:2270: checking for dlopen in -ldl" >&5 ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else echo "$ac_t""no" 1>&6 echo $ac_n "checking for dlopen""... $ac_c" 1>&6 echo "$progname:2310: checking for dlopen" >&5 if eval "test \"`echo '$''{'ac_cv_func_dlopen'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_dlopen) || defined (__stub___dlopen) choke me #else dlopen(); #endif ; return 0; } EOF if { (eval echo $progname:2340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_dlopen=yes" else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_dlopen=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'dlopen`\" = yes"; then echo "$ac_t""yes" 1>&6 lt_cv_dlopen="dlopen" else echo "$ac_t""no" 1>&6 echo $ac_n "checking for dld_link in -ldld""... $ac_c" 1>&6 echo "$progname:2357: checking for dld_link in -ldld" >&5 ac_lib_var=`echo dld'_'dld_link | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldld $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" else echo "$ac_t""no" 1>&6 echo $ac_n "checking for shl_load""... $ac_c" 1>&6 echo "$progname:2397: checking for shl_load" >&5 if eval "test \"`echo '$''{'ac_cv_func_shl_load'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_shl_load) || defined (__stub___shl_load) choke me #else shl_load(); #endif ; return 0; } EOF if { (eval echo $progname:2427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_shl_load=yes" else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_shl_load=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'shl_load`\" = yes"; then echo "$ac_t""yes" 1>&6 lt_cv_dlopen="shl_load" else echo "$ac_t""no" 1>&6 echo $ac_n "checking for shl_load in -ldld""... $ac_c" 1>&6 echo "$progname:2445: checking for shl_load in -ldld" >&5 ac_lib_var=`echo dld'_'shl_load | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-ldld $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else echo "$ac_t""no" 1>&6 fi fi fi fi fi fi if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes fi case "$lt_cv_dlopen" in dlopen) for ac_hdr in dlfcn.h; do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 echo "$progname:2510: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int fnord = 0; EOF ac_try="$ac_compile >/dev/null 2>conftest.out" { (eval echo $progname:2520: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 else echo "$ac_t""no" 1>&6 fi done if test "x$ac_cv_header_dlfcn_h" = xyes; then CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" fi eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" LIBS="$lt_cv_dlopen_libs $LIBS" echo $ac_n "checking whether a program can dlopen itself""... $ac_c" 1>&6 echo "$progname:2548: checking whether a program can dlopen itself" >&5 if test "${lt_cv_dlopen_self+set}" = set; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then lt_cv_dlopen_self=cross else cat > conftest.c < #endif #include #ifdef RTLD_GLOBAL # define LTDL_GLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LTDL_GLOBAL DL_GLOBAL # else # define LTDL_GLOBAL 0 # endif #endif /* We may have to define LTDL_LAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LTDL_LAZY_OR_NOW # ifdef RTLD_LAZY # define LTDL_LAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LTDL_LAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LTDL_LAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LTDL_LAZY_OR_NOW DL_NOW # else # define LTDL_LAZY_OR_NOW 0 # endif # endif # endif # endif #endif fnord() { int i=42;} main() { void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW); if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord"); if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); } EOF if { (eval echo $progname:2602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then lt_cv_dlopen_self=yes else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* lt_cv_dlopen_self=no fi rm -fr conftest* fi fi echo "$ac_t""$lt_cv_dlopen_self" 1>&6 if test "$lt_cv_dlopen_self" = yes; then LDFLAGS="$LDFLAGS $link_static_flag" echo $ac_n "checking whether a statically linked program can dlopen itself""... $ac_c" 1>&6 echo "$progname:2621: checking whether a statically linked program can dlopen itself" >&5 if test "${lt_cv_dlopen_self_static+set}" = set; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then lt_cv_dlopen_self_static=cross else cat > conftest.c < #endif #include #ifdef RTLD_GLOBAL # define LTDL_GLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LTDL_GLOBAL DL_GLOBAL # else # define LTDL_GLOBAL 0 # endif #endif /* We may have to define LTDL_LAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LTDL_LAZY_OR_NOW # ifdef RTLD_LAZY # define LTDL_LAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LTDL_LAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LTDL_LAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LTDL_LAZY_OR_NOW DL_NOW # else # define LTDL_LAZY_OR_NOW 0 # endif # endif # endif # endif #endif fnord() { int i=42;} main() { void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW); if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord"); if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); } EOF if { (eval echo $progname:2675: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then lt_cv_dlopen_self_static=yes else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* lt_cv_dlopen_self_static=no fi rm -fr conftest* fi fi echo "$ac_t""$lt_cv_dlopen_self_static" 1>&6 fi ;; esac case "$lt_cv_dlopen_self" in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case "$lt_cv_dlopen_self_static" in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi # Copy echo and quote the copy, instead of the original, because it is # used later. ltecho="$echo" if test "X$ltecho" = "X$CONFIG_SHELL $0 --fallback-echo"; then ltecho="$CONFIG_SHELL \$0 --fallback-echo" fi LTSHELL="$SHELL" LTCONFIG_VERSION="$VERSION" # Only quote variables if we're using ltmain.sh. case "$ltmain" in *.sh) # Now quote all the things that may contain metacharacters. for var in ltecho old_CC old_CFLAGS old_CPPFLAGS \ old_LD old_LDFLAGS old_LIBS \ old_NM old_RANLIB old_LN_S old_DLLTOOL old_OBJDUMP old_AS \ AR CC LD LN_S NM LTSHELL LTCONFIG_VERSION \ reload_flag reload_cmds wl \ pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \ thread_safe_flag_spec whole_archive_flag_spec libname_spec \ library_names_spec soname_spec \ RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \ old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds postuninstall_cmds \ file_magic_cmd export_symbols_cmds deplibs_check_method allow_undefined_flag no_undefined_flag \ finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \ hardcode_libdir_flag_spec hardcode_libdir_separator \ sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ compiler_c_o compiler_o_lo need_locks exclude_expsyms include_expsyms; do case "$var" in reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \ old_postinstall_cmds | old_postuninstall_cmds | \ export_symbols_cmds | archive_cmds | archive_expsym_cmds | \ postinstall_cmds | postuninstall_cmds | \ finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) # Double-quote double-evaled strings. eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ;; *) eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ;; esac done case "$ltecho" in *'\$0 --fallback-echo"') ltecho=`$echo "X$ltecho" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` ;; esac trap "$rm \"$ofile\"; exit 1" 1 2 15 echo "creating $ofile" $rm "$ofile" cat < "$ofile" #! $SHELL # `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) # NOTE: Changes made to this file will be lost: look at ltconfig or ltmain.sh. # # Copyright (C) 1996-1999 Free Software Foundation, Inc. # Originally by Gordon Matzigkeit , 1996 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="sed -e s/^X//" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi ### BEGIN LIBTOOL CONFIG EOF cfgfile="$ofile" ;; *) # Double-quote the variables that need it (for aesthetics). for var in old_CC old_CFLAGS old_CPPFLAGS \ old_LD old_LDFLAGS old_LIBS \ old_NM old_RANLIB old_LN_S old_DLLTOOL old_OBJDUMP old_AS; do eval "$var=\\\"\$var\\\"" done # Just create a config file. cfgfile="$ofile.cfg" trap "$rm \"$cfgfile\"; exit 1" 1 2 15 echo "creating $cfgfile" $rm "$cfgfile" cat < "$cfgfile" # `$echo "$cfgfile" | sed 's%^.*/%%'` - Libtool configuration file. # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) EOF ;; esac cat <> "$cfgfile" # Libtool was configured as follows, on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # # CC=$old_CC CFLAGS=$old_CFLAGS CPPFLAGS=$old_CPPFLAGS \\ # LD=$old_LD LDFLAGS=$old_LDFLAGS LIBS=$old_LIBS \\ # NM=$old_NM RANLIB=$old_RANLIB LN_S=$old_LN_S \\ # DLLTOOL=$old_DLLTOOL OBJDUMP=$old_OBJDUMP AS=$old_AS \\ # $0$ltconfig_args # # Compiler and other test output produced by $progname, useful for # debugging $progname, is in ./config.log if it exists. # The version of $progname that generated this script. LTCONFIG_VERSION=$LTCONFIG_VERSION # Shell to use when invoking shell scripts. SHELL=$LTSHELL # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host # An echo program that does not interpret backslashes. echo=$ltecho # The archiver. AR=$AR # The default C compiler. CC=$CC # The linker used to build libraries. LD=$LD # Whether we need hard or soft links. LN_S=$LN_S # A BSD-compatible nm program. NM=$NM # Used on cygwin: DLL creation program. DLLTOOL="$DLLTOOL" # Used on cygwin: object dumper. OBJDUMP="$OBJDUMP" # Used on cygwin: assembler. AS="$AS" # The name of the directory that contains temporary libtool files. objdir=$objdir # How to create reloadable object files. reload_flag=$reload_flag reload_cmds=$reload_cmds # How to pass a linker flag through the compiler. wl=$wl # Object file suffix (normally "o"). objext="$objext" # Old archive suffix (normally "a"). libext="$libext" # Executable file suffix (normally ""). exeext="$exeext" # Additional compiler flags for building library objects. pic_flag=$pic_flag # Does compiler simultaneously support -c and -o options? compiler_c_o=$compiler_c_o # Can we write directly to a .lo ? compiler_o_lo=$compiler_o_lo # Must we lock files when doing compilation ? need_locks=$need_locks # Do we need the lib prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Whether dlopen is supported. dlopen=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Compiler flag to prevent dynamic linking. link_static_flag=$link_static_flag # Compiler flag to turn off builtin functions. no_builtin_flag=$no_builtin_flag # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$whole_archive_flag_spec # Compiler flag to generate thread-safe objects. thread_safe_flag_spec=$thread_safe_flag_spec # Library versioning type. version_type=$version_type # Format of library name prefix. libname_spec=$libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME. library_names_spec=$library_names_spec # The coded name of the library, if different from the real name. soname_spec=$soname_spec # Commands used to build and install an old-style archive. RANLIB=$RANLIB old_archive_cmds=$old_archive_cmds old_postinstall_cmds=$old_postinstall_cmds old_postuninstall_cmds=$old_postuninstall_cmds # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$old_archive_from_new_cmds # Commands used to build and install a shared archive. archive_cmds=$archive_cmds archive_expsym_cmds=$archive_expsym_cmds postinstall_cmds=$postinstall_cmds postuninstall_cmds=$postuninstall_cmds # Method to check whether dependent libraries are shared objects. deplibs_check_method=$deplibs_check_method # Command to use when deplibs_check_method == file_magic. file_magic_cmd=$file_magic_cmd # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$allow_undefined_flag # Flag that forces no undefined symbols. no_undefined_flag=$no_undefined_flag # Commands used to finish a libtool library installation in a directory. finish_cmds=$finish_cmds # Same as above, but a single script fragment to be evaled but not shown. finish_eval=$finish_eval # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$global_symbol_pipe # Transform the output of nm in a proper C declaration global_symbol_to_cdecl=$global_symbol_to_cdecl # This is the shared library runtime path variable. runpath_var=$runpath_var # This is the shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec=$hardcode_libdir_flag_spec # Whether we need a single -rpath flag with a separated argument. hardcode_libdir_separator=$hardcode_libdir_separator # Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the # resulting binary. hardcode_direct=$hardcode_direct # Set to yes if using the -LDIR flag during linking hardcodes DIR into the # resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into # the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Compile-time system search path for libraries sys_lib_search_path_spec=$sys_lib_search_path_spec # Run-time system search path for libraries sys_lib_dlsearch_path_spec=$sys_lib_dlsearch_path_spec # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path="$fix_srcfile_path" # Set to yes if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$export_symbols_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$exclude_expsyms # Symbols that must always be exported. include_expsyms=$include_expsyms EOF case "$ltmain" in *.sh) echo '### END LIBTOOL CONFIG' >> "$ofile" echo >> "$ofile" case "$host_os" in aix3*) cat <<\EOF >> "$ofile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi EOF ;; esac # Append the ltmain.sh script. sed '$q' "$ltmain" >> "$ofile" || (rm -f "$ofile"; exit 1) # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? chmod +x "$ofile" ;; *) # Compile the libtool program. echo "FIXME: would compile $ltmain" ;; esac test -n "$cache_file" || exit 0 # AC_CACHE_SAVE trap '' 1 2 15 cat > confcache <<\EOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs. It is not useful on other systems. # If it contains results you don't want to keep, you may remove or edit it. # # By default, configure uses ./config.cache as the cache file, # creating it if it does not exist already. You can give configure # the --cache-file=FILE option to use a different cache file; that is # what configure does when it calls configure scripts in # subdirectories, so they share the cache. # Giving --cache-file=/dev/null disables caching, for debugging configure. # config.status only pays attention to the cache file if you give it the # --recheck option to rerun configure. # EOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | case `(ac_space=' '; set | grep ac_space) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote substitution # turns \\\\ into \\, and sed turns \\ into \). sed -n \ -e "s/'/'\\\\''/g" \ -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" ;; *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' ;; esac >> confcache if cmp -s $cache_file confcache; then : else if test -w $cache_file; then echo "updating cache $cache_file" cat confcache > $cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache exit 0 # Local Variables: # mode:shell-script # sh-indentation:2 # End: cyrus-sasl-2.1.25/config/Info.plist0000666000076400007640000000151507403027525014066 00000000000000 CFBundleDevelopmentRegion English CFBundleExecutable SASL2 CFBundleGetInfoString Cyrus SASL v2 Library CFBundleIdentifier edu.cmu.andrew.SASL2framework CFBundleInfoDictionaryVersion 1.1.0 CFBundleName SASL v2 Framework CFBundlePackageType FMWK CFBundleShortVersionString 1.1.0 CFBundleSignature ???? CFBundleVersion 9 cyrus-sasl-2.1.25/config/.#plain.m4.1.80000666000076400007640000000143611204772407014113 00000000000000dnl Check for PLAIN (and therefore crypt) AC_DEFUN([SASL_PLAIN_CHK],[ AC_REQUIRE([SASL2_CRYPT_CHK]) dnl PLAIN AC_ARG_ENABLE(plain, [ --enable-plain enable PLAIN authentication [yes] ], plain=$enableval, plain=yes) PLAIN_LIBS="" if test "$plain" != no; then dnl In order to compile plain, we need crypt. if test "$cmu_have_crypt" = yes; then PLAIN_LIBS=$LIB_CRYPT fi fi AC_SUBST(PLAIN_LIBS) AC_MSG_CHECKING(PLAIN) if test "$plain" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libplain.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" AC_DEFINE(STATIC_PLAIN,[],[Link PLAIN Staticly]) fi else AC_MSG_RESULT(disabled) fi ]) cyrus-sasl-2.1.25/config/.#kerberos_v4.m4.1.180000666000076400007640000001154711204772407015322 00000000000000dnl checking for kerberos 4 libraries (and DES) AC_DEFUN([SASL_DES_CHK], [ AC_ARG_WITH(des, [ --with-des=DIR with DES (look in DIR) [yes] ], with_des=$withval, with_des=yes) LIB_DES="" if test "$with_des" != no; then if test -d $with_des; then CPPFLAGS="$CPPFLAGS -I${with_des}/include" LDFLAGS="$LDFLAGS -L${with_des}/lib" fi if test "$with_openssl" != no; then dnl check for openssl installing -lcrypto, then make vanilla check AC_CHECK_LIB(crypto, des_cbc_encrypt, [ AC_CHECK_HEADER(openssl/des.h, [AC_DEFINE(WITH_SSL_DES,[],[Use OpenSSL DES Implementation]) LIB_DES="-lcrypto"; with_des=yes], with_des=no)], with_des=no, $LIB_RSAREF) dnl same test again, different symbol name if test "$with_des" = no; then AC_CHECK_LIB(crypto, DES_cbc_encrypt, [ AC_CHECK_HEADER(openssl/des.h, [AC_DEFINE(WITH_SSL_DES,[],[Use OpenSSL DES Implementation]) LIB_DES="-lcrypto"; with_des=yes], with_des=no)], with_des=no, $LIB_RSAREF) fi fi if test "$with_des" = no; then AC_CHECK_LIB(des, des_cbc_encrypt, [LIB_DES="-ldes"; with_des=yes], with_des=no) fi if test "$with_des" = no; then AC_CHECK_LIB(des425, des_cbc_encrypt, [LIB_DES="-ldes425"; with_des=yes], with_des=no) fi if test "$with_des" = no; then AC_CHECK_LIB(des524, des_cbc_encrypt, [LIB_DES="-ldes524"; with_des=yes], with_des=no) fi if test "$with_des" = no; then dnl if openssl is around, we might be able to use that for des dnl if openssl has been compiled with the rsaref2 libraries, dnl we need to include the rsaref libraries in the crypto check LIB_RSAREF="" AC_CHECK_LIB(rsaref, RSAPublicEncrypt, LIB_RSAREF="-lRSAglue -lrsaref"; cmu_have_rsaref=yes, cmu_have_rsaref=no) AC_CHECK_LIB(crypto, des_cbc_encrypt, [ AC_CHECK_HEADER(openssl/des.h, [AC_DEFINE(WITH_SSL_DES,[],[Use OpenSSL DES Implementation]) LIB_DES="-lcrypto"; with_des=yes], with_des=no)], with_des=no, $LIB_RSAREF) fi fi if test "$with_des" != no; then AC_DEFINE(WITH_DES,[],[Use DES]) fi AC_SUBST(LIB_DES) ]) AC_DEFUN([SASL_KERBEROS_V4_CHK], [ AC_REQUIRE([SASL_DES_CHK]) AC_ARG_ENABLE(krb4, [ --enable-krb4 enable KERBEROS_V4 authentication [[no]] ], krb4=$enableval, krb4=no) if test "$krb4" != no; then dnl In order to compile kerberos4, we need libkrb and libdes. dnl (We've already gotten libdes from SASL_DES_CHK) dnl we might need -lresolv for kerberos AC_CHECK_LIB(resolv,res_search) dnl if we were ambitious, we would look more aggressively for the dnl krb4 install if test -d ${krb4}; then AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ for krbhloc in include/kerberosIV include/kerberos include do if test -f ${krb4}/${krbhloc}/krb.h ; then cyrus_krbinclude=${krb4}/${krbhloc} break fi done ]) if test -n "${cyrus_krbinclude}"; then CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" fi LDFLAGS="$LDFLAGS -L$krb4/lib" fi if test "$with_des" != no; then AC_CHECK_HEADER(krb.h, [ AC_CHECK_LIB(com_err, com_err, [ AC_CHECK_LIB(krb, krb_mk_priv, [COM_ERR="-lcom_err"; SASL_KRB_LIB="-lkrb"; krb4lib="yes"], krb4lib=no, $LIB_DES -lcom_err)], [ AC_CHECK_LIB(krb, krb_mk_priv, [COM_ERR=""; SASL_KRB_LIB="-lkrb"; krb4lib="yes"], krb4lib=no, $LIB_DES)])], krb4="no") if test "$krb4" != "no" -a "$krb4lib" = "no"; then AC_CHECK_LIB(krb4, krb_mk_priv, [COM_ERR=""; SASL_KRB_LIB="-lkrb4"; krb4=yes], krb4=no, $LIB_DES) fi if test "$krb4" = no; then AC_WARN(No Kerberos V4 found) fi else AC_WARN(No DES library found for Kerberos V4 support) krb4=no fi fi if test "$krb4" != no; then cmu_save_LIBS="$LIBS" LIBS="$LIBS $SASL_KRB_LIB" AC_CHECK_FUNCS(krb_get_err_text) LIBS="$cmu_save_LIBS" fi AC_MSG_CHECKING(KERBEROS_V4) if test "$krb4" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libkerberos4.la" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" AC_DEFINE(STATIC_KERBEROS4,[],[User KERBEROS_V4 Staticly]) AC_DEFINE(HAVE_KRB,[],[Do we have Kerberos 4 Support?]) SASL_KRB_LIB="$SASL_KRB_LIB $LIB_DES $COM_ERR" else AC_MSG_RESULT(disabled) fi AC_SUBST(SASL_KRB_LIB) ]) cyrus-sasl-2.1.25/config/kerberos_v4.m40000646000076400007640000001154711306006125014577 00000000000000dnl checking for kerberos 4 libraries (and DES) AC_DEFUN([SASL_DES_CHK], [ AC_ARG_WITH(des, [ --with-des=DIR with DES (look in DIR) [yes] ], with_des=$withval, with_des=yes) LIB_DES="" if test "$with_des" != no; then if test -d $with_des; then CPPFLAGS="$CPPFLAGS -I${with_des}/include" LDFLAGS="$LDFLAGS -L${with_des}/lib" fi if test "$with_openssl" != no; then dnl check for openssl installing -lcrypto, then make vanilla check AC_CHECK_LIB(crypto, des_cbc_encrypt, [ AC_CHECK_HEADER(openssl/des.h, [AC_DEFINE(WITH_SSL_DES,[],[Use OpenSSL DES Implementation]) LIB_DES="-lcrypto"; with_des=yes], with_des=no)], with_des=no, $LIB_RSAREF) dnl same test again, different symbol name if test "$with_des" = no; then AC_CHECK_LIB(crypto, DES_cbc_encrypt, [ AC_CHECK_HEADER(openssl/des.h, [AC_DEFINE(WITH_SSL_DES,[],[Use OpenSSL DES Implementation]) LIB_DES="-lcrypto"; with_des=yes], with_des=no)], with_des=no, $LIB_RSAREF) fi fi if test "$with_des" = no; then AC_CHECK_LIB(des, des_cbc_encrypt, [LIB_DES="-ldes"; with_des=yes], with_des=no) fi if test "$with_des" = no; then AC_CHECK_LIB(des425, des_cbc_encrypt, [LIB_DES="-ldes425"; with_des=yes], with_des=no) fi if test "$with_des" = no; then AC_CHECK_LIB(des524, des_cbc_encrypt, [LIB_DES="-ldes524"; with_des=yes], with_des=no) fi if test "$with_des" = no; then dnl if openssl is around, we might be able to use that for des dnl if openssl has been compiled with the rsaref2 libraries, dnl we need to include the rsaref libraries in the crypto check LIB_RSAREF="" AC_CHECK_LIB(rsaref, RSAPublicEncrypt, LIB_RSAREF="-lRSAglue -lrsaref"; cmu_have_rsaref=yes, cmu_have_rsaref=no) AC_CHECK_LIB(crypto, des_cbc_encrypt, [ AC_CHECK_HEADER(openssl/des.h, [AC_DEFINE(WITH_SSL_DES,[],[Use OpenSSL DES Implementation]) LIB_DES="-lcrypto"; with_des=yes], with_des=no)], with_des=no, $LIB_RSAREF) fi fi if test "$with_des" != no; then AC_DEFINE(WITH_DES,[],[Use DES]) fi AC_SUBST(LIB_DES) ]) AC_DEFUN([SASL_KERBEROS_V4_CHK], [ AC_REQUIRE([SASL_DES_CHK]) AC_ARG_ENABLE(krb4, [ --enable-krb4 enable KERBEROS_V4 authentication [[no]] ], krb4=$enableval, krb4=no) if test "$krb4" != no; then dnl In order to compile kerberos4, we need libkrb and libdes. dnl (We've already gotten libdes from SASL_DES_CHK) dnl we might need -lresolv for kerberos AC_CHECK_LIB(resolv,res_search) dnl if we were ambitious, we would look more aggressively for the dnl krb4 install if test -d ${krb4}; then AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [ for krbhloc in include/kerberosIV include/kerberos include do if test -f ${krb4}/${krbhloc}/krb.h ; then cyrus_krbinclude=${krb4}/${krbhloc} break fi done ]) if test -n "${cyrus_krbinclude}"; then CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" fi LDFLAGS="$LDFLAGS -L$krb4/lib" fi if test "$with_des" != no; then AC_CHECK_HEADER(krb.h, [ AC_CHECK_LIB(com_err, com_err, [ AC_CHECK_LIB(krb, krb_mk_priv, [COM_ERR="-lcom_err"; SASL_KRB_LIB="-lkrb"; krb4lib="yes"], krb4lib=no, $LIB_DES -lcom_err)], [ AC_CHECK_LIB(krb, krb_mk_priv, [COM_ERR=""; SASL_KRB_LIB="-lkrb"; krb4lib="yes"], krb4lib=no, $LIB_DES)])], krb4="no") if test "$krb4" != "no" -a "$krb4lib" = "no"; then AC_CHECK_LIB(krb4, krb_mk_priv, [COM_ERR=""; SASL_KRB_LIB="-lkrb4"; krb4=yes], krb4=no, $LIB_DES) fi if test "$krb4" = no; then AC_WARN(No Kerberos V4 found) fi else AC_WARN(No DES library found for Kerberos V4 support) krb4=no fi fi if test "$krb4" != no; then cmu_save_LIBS="$LIBS" LIBS="$LIBS $SASL_KRB_LIB" AC_CHECK_FUNCS(krb_get_err_text) LIBS="$cmu_save_LIBS" fi AC_MSG_CHECKING(KERBEROS_V4) if test "$krb4" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libkerberos4.la" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" AC_DEFINE(STATIC_KERBEROS4,[],[User KERBEROS_V4 Staticly]) AC_DEFINE(HAVE_KRB,[],[Do we have Kerberos 4 Support?]) SASL_KRB_LIB="$SASL_KRB_LIB $LIB_DES $COM_ERR" else AC_MSG_RESULT(disabled) fi AC_SUBST(SASL_KRB_LIB) ]) cyrus-sasl-2.1.25/config/depcomp0000777000076400007640000002753307741071146013506 00000000000000#! /bin/sh # depcomp - compile a program generating dependencies as side-effects # Copyright 1999, 2000 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # `libtool' can also be set to `yes' or `no'. if test -z "$depfile"; then base=`echo "$object" | sed -e 's,^.*/,,' -e 's,\.\([^.]*\)$,.P\1,'` dir=`echo "$object" | sed 's,/.*$,/,'` if test "$dir" = "$object"; then dir= fi # FIXME: should be _deps on DOS. depfile="$dir.deps/$base" fi tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the `deleted header file' problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. tr ' ' ' ' < "$tmpdepfile" | ## Some versions of gcc put a space before the `:'. On the theory ## that the space means something, we add a space to the output as ## well. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like `#:fec' to the end of the # dependency line. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr ' ' ' ' >> $depfile echo >> $depfile # The second pass generates a dummy entry for each header file. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> $depfile else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. This file always lives in the current directory. # Also, the AIX compiler puts `$object:' at the start of each line; # $object doesn't have directory information. stripped=`echo "$object" | sed -e 's,^.*/,,' -e 's/\(.*\)\..*$/\1/'` tmpdepfile="$stripped.u" outname="$stripped.o" if test "$libtool" = yes; then "$@" -Wc,-M else "$@" -M fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi if test -f "$tmpdepfile"; then # Each line is of the form `foo.o: dependent.h'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in `foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1="$dir.libs/$base.lo.d" tmpdepfile2="$dir.libs/$base.d" "$@" -Wc,-MD else tmpdepfile1="$dir$base.o.d" tmpdepfile2="$dir$base.d" "$@" -MD fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi if test -f "$tmpdepfile1"; then tmpdepfile="$tmpdepfile1" else tmpdepfile="$tmpdepfile2" fi if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" # That's a space and a tab in the []. sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the proprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # Remove `-o $object'. We will use -o /dev/null later, # however we can't do the remplacement now because # `-o $object' might simply not be used IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M "$@" -o /dev/null $dashmflag | sed 's:^[^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" tr ' ' ' ' < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # X makedepend shift cleared=no for arg in "$@"; do case $cleared in no) set ""; shift cleared=yes ;; esac case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; -*) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix="`echo $object | sed 's/^.*\././'`" touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" sed '1,2d' "$tmpdepfile" | tr ' ' ' ' | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the proprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test $1 != '--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E | sed -n '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the proprocessed file to stdout, regardless of -o, # because we must use -o when running libtool. "$@" || exit $? IFS=" " for arg do case "$arg" in "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" echo " " >> "$depfile" . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 cyrus-sasl-2.1.25/config/plain.m40000646000076400007640000000143611306006125013451 00000000000000dnl Check for PLAIN (and therefore crypt) AC_DEFUN([SASL_PLAIN_CHK],[ AC_REQUIRE([SASL2_CRYPT_CHK]) dnl PLAIN AC_ARG_ENABLE(plain, [ --enable-plain enable PLAIN authentication [yes] ], plain=$enableval, plain=yes) PLAIN_LIBS="" if test "$plain" != no; then dnl In order to compile plain, we need crypt. if test "$cmu_have_crypt" = yes; then PLAIN_LIBS=$LIB_CRYPT fi fi AC_SUBST(PLAIN_LIBS) AC_MSG_CHECKING(PLAIN) if test "$plain" != no; then AC_MSG_RESULT(enabled) SASL_MECHS="$SASL_MECHS libplain.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" AC_DEFINE(STATIC_PLAIN,[],[Link PLAIN Staticly]) fi else AC_MSG_RESULT(disabled) fi ]) cyrus-sasl-2.1.25/config/.cvsignore0000666000076400007640000000005107276043731014115 00000000000000Makefile.in Makefile .deps .libs *.l[ao] cyrus-sasl-2.1.25/config/config.guess0000757000076400007640000012665511630151330014436 00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011 Free Software Foundation, Inc. timestamp='2011-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner. Please send patches (context # diff format) to and include a ChangeLog # entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-gnu else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-gnueabi else echo ${UNAME_MACHINE}-unknown-linux-gnueabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in i386) eval $set_cc_for_build if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then UNAME_PROCESSOR="x86_64" fi fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: cyrus-sasl-2.1.25/config/missing0000777000076400007640000002403607741071146013523 00000000000000#! /bin/sh # Common stub for a few missing GNU programs while installing. # Copyright (C) 1996, 1997, 1999, 2000, 2002 Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA # 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi run=: # In the cases where this matters, `missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac else configure_ac=configure.in fi case "$1" in --run) # Try to run requested program, and just exit if it succeeds. run= shift "$@" && exit 0 ;; esac # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. case "$1" in -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit --run try to run the given command, and emulate it if it fails Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c help2man touch the output file lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch]" ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing 0.4 - GNU automake" ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; aclocal*) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" touch_files= for f in $files; do case "$f" in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; esac done touch $touch_files ;; automake*) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | while read f; do touch "$f"; done ;; autom4te) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is needed, and you do not seem to have it handy on your system. You might have modified some files without having the proper tools for further handling them. You can get \`$1Help2man' as part of \`Autoconf' from any GNU archive site." file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo "#! /bin/sh" echo "# Created by GNU Automake missing as a replacement of" echo "# $ $@" echo "exit 0" chmod +x $file exit 1 fi ;; bison|yacc) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" y.tab.h fi ;; esac fi if [ ! -f y.tab.h ]; then echo >y.tab.h fi if [ ! -f y.tab.c ]; then echo 'main() { return 0; }' >y.tab.c fi ;; lex|flex) echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if [ $# -ne 1 ]; then eval LASTARG="\${$#}" case "$LASTARG" in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if [ -f "$SRCFILE" ]; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if [ ! -f lex.yy.c ]; then echo 'main() { return 0; }' >lex.yy.c fi ;; help2man) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a dependency of a manual page. You may need the \`Help2man' package in order for those modifications to take effect. You can get \`Help2man' from any GNU archive site." file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` if test -z "$file"; then file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` fi if [ -f "$file" ]; then touch $file else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" exit 1 fi ;; makeinfo) if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then # We have makeinfo, but it failed. exit 1 fi echo 1>&2 "\ WARNING: \`$1' is missing on your system. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` if test -z "$file"; then file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` fi touch $file ;; tar) shift if test -n "$run"; then echo 1>&2 "ERROR: \`tar' requires --run" exit 1 fi # We have already tried tar in the generic part. # Look for gnutar/gtar before invocation to avoid ugly error # messages. if (gnutar --version > /dev/null 2>&1); then gnutar "$@" && exit 0 fi if (gtar --version > /dev/null 2>&1); then gtar "$@" && exit 0 fi firstarg="$1" if shift; then case "$firstarg" in *o*) firstarg=`echo "$firstarg" | sed s/o//` tar "$firstarg" "$@" && exit 0 ;; esac case "$firstarg" in *h*) firstarg=`echo "$firstarg" | sed s/h//` tar "$firstarg" "$@" && exit 0 ;; esac fi echo 1>&2 "\ WARNING: I can't seem to be able to run \`tar' with the given arguments. You may want to install GNU tar or Free paxutils, or check the command line arguments." exit 1 ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and you do not seem to have it handy on your system. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequirements for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 cyrus-sasl-2.1.25/config/sasl.spec0000666000076400007640000000661507403027525013742 00000000000000Summary: SASL API implementation Name: sasl Version: 2.0.1 Release: 1 Copyright: CMU Group: Libraries Source: ftp.andrew.cmu.edu:/pub/cyrus-mail/cyrus-sasl-2.0.1-ALPHA.tar.gz Packager: Rob Earhart Requires: gdbm %description This is an implemention of the SASL API, useful for adding authentication, authorization, and security to network protocols. The SASL protocol itself is documented in rfc2222; the API standard is a work in progress. %package devel %summary: SASL development headers and examples %description devel This includes the header files and documentation needed to develop applications which use SASL. %package plug-anonymous %summary: SASL ANONYMOUS mechanism plugin %description plug-anonymous This plugin implements the SASL ANONYMOUS mechanism, used for anonymous authentication. %package plug-crammd5 %summary: SASL CRAM-MD5 mechanism plugin %description plug-crammd5 This plugin implements the SASL CRAM-MD5 mechanism. CRAM-MD5 is the mandatory-to-implement authentication mechanism for a number of protocols; it uses MD5 with a challenge/response system to authenticate the user. %package plug-digestmd5 %summary: SASL DIGEST-MD5 mechanism plugin %description plug-digestmd5 This plugin implements the latest draft of the SASL DIGEST-MD5 mechanism. Although not yet finalized, this is likely to become the new mandatory-to-implement authentication system in all new protocols. It's based on the digest md5 authentication system designed for HTTP. %package plug-kerberos4 %summary: SASL KERBEROS_V4 mechanism plugin %description plug-kerberos4 This plugin implements the SASL KERBEROS_V4 mechanism, allowing authentication via kerberos version four. %package plug-plain %summary: SASL PLAIN mechanism plugin %description plug-plain This plugin implements the SASL PLAIN mechanism. Although insecure, PLAIN is useful for transitioning to new security mechanisms, as this is the only mechanism which gives the server a copy of the user's password. %package plug-scrammd5 %summary: SASL SCRAM-MD5 mechanism plugin %description plug-scrammd5 This plugin implements the SASL SCRAM-MD5 mechanism. Although deprecated (this will be replaced by DIGEST-MD5 at some point), it may be useful for the time being. %prep %setup %build ./configure --prefix=/usr --disable-java make %install make install %post if test $RPM_INSTALL_PREFIX/lib/sasl != /usr/lib/sasl; then ln -s $RPM_INSTALL_PREFIX/lib/sasl /usr/lib/sasl fi %postun if test -L /usr/lib/sasl; then rm /usr/lib/sasl fi %files %doc README COPYING ChangeLog NEWS AUTHORS /usr/lib/libsasl.so.5.0.0 /usr/sbin/saslpasswd /usr/man/man8/saslpasswd.8 %files devel %doc doc/rfc2222.txt sample/sample-client.c sample/sample-server.c testing.txt /usr/lib/libsasl.la /usr/include/sasl.h /usr/include/saslplug.h /usr/include/saslutil.h /usr/include/md5global.h /usr/include/md5.h /usr/include/hmac-md5.h %files plug-anonymous %doc doc/draft-newman-sasl-anon-00.txt /usr/lib/sasl/libanonymous.so.1.0.2 /usr/lib/sasl/libanonymous.so %files plug-crammd5 %doc doc/rfc1321.txt doc/rfc2095.txt doc/rfc2104.txt /usr/lib/sasl/libcrammd5.so.1.0.1 /usr/lib/sasl/libcrammd5.so %files plug-digestmd5 %doc doc/draft-leach-digest-sasl-01.txt /usr/lib/sasl/libdigestmd5.so.0.0.1 /usr/lib/sasl/libdigestmd5.so %files plug-kerberos4 /usr/lib/sasl/libkerberos4.so.1.0.2 /usr/lib/sasl/libkerberos4.so %files plug-plain /usr/lib/sasl/libplain.so.1.0.1 /usr/lib/sasl/libplain.so cyrus-sasl-2.1.25/config/install-sh0000777000076400007640000001425307741071146014130 00000000000000#!/bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd=$cpprog shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd=$stripprog shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "$0: no input file specified" >&2 exit 1 else : fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d "$dst" ]; then instcmd=: chmodcmd="" else instcmd=$mkdirprog fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f "$src" ] || [ -d "$src" ] then : else echo "$0: $src does not exist" >&2 exit 1 fi if [ x"$dst" = x ] then echo "$0: no destination specified" >&2 exit 1 else : fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d "$dst" ] then dst=$dst/`basename "$src"` else : fi fi ## this sed command emulates the dirname command dstdir=`echo "$dst" | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-$defaultIFS}" oIFS=$IFS # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'` IFS=$oIFS pathcomp='' while [ $# -ne 0 ] ; do pathcomp=$pathcomp$1 shift if [ ! -d "$pathcomp" ] ; then $mkdirprog "$pathcomp" else : fi pathcomp=$pathcomp/ done fi if [ x"$dir_arg" != x ] then $doit $instcmd "$dst" && if [ x"$chowncmd" != x ]; then $doit $chowncmd "$dst"; else : ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd "$dst"; else : ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd "$dst"; else : ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd "$dst"; else : ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename "$dst"` else dstfile=`basename "$dst" $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename "$dst"` else : fi # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/#inst.$$# rmtmp=$dstdir/#rm.$$# # Trap to clean up temp files at exit. trap 'status=$?; rm -f "$dsttmp" "$rmtmp" && exit $status' 0 trap '(exit $?); exit' 1 2 13 15 # Move or copy the file name to the temp name $doit $instcmd "$src" "$dsttmp" && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd "$dsttmp"; else :;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd "$dsttmp"; else :;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd "$dsttmp"; else :;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd "$dsttmp"; else :;fi && # Now remove or move aside any old file at destination location. We try this # two ways since rm can't unlink itself on some systems and the destination # file might be busy for other reasons. In this case, the final cleanup # might fail but the new file should still install successfully. { if [ -f "$dstdir/$dstfile" ] then $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null || { echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2 (exit 1); exit } else : fi } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dstdir/$dstfile" fi && # The final little trick to "correctly" pass the exit status to the exit trap. { (exit 0); exit } cyrus-sasl-2.1.25/config/.#sasldb.m4.1.250000666000076400007640000001072711204772407014342 00000000000000dnl Functions to check what database to use for libsasldb dnl Berkeley DB specific checks first.. dnl Figure out what database type we're using AC_DEFUN([SASL_DB_CHECK], [ cmu_save_LIBS="$LIBS" AC_ARG_WITH(dblib, [ --with-dblib=DBLIB set the DB library to use [berkeley] ], dblib=$withval, dblib=auto_detect) CYRUS_BERKELEY_DB_OPTS() SASL_DB_LIB="" case "$dblib" in dnl this is unbelievably painful due to confusion over what db-3 should be dnl named. arg. berkeley) CYRUS_BERKELEY_DB_CHK() CPPFLAGS="${CPPFLAGS} ${BDB_INCADD}" SASL_DB_INC=$BDB_INCADD SASL_DB_LIB="${BDB_LIBADD}" ;; gdbm) AC_ARG_WITH(gdbm,[ --with-gdbm=PATH use gdbm from PATH], with_gdbm="${withval}") case "$with_gdbm" in ""|yes) AC_CHECK_HEADER(gdbm.h, [ AC_CHECK_LIB(gdbm, gdbm_open, SASL_DB_LIB="-lgdbm", dblib="no")], dblib="no") ;; *) if test -d $with_gdbm; then CPPFLAGS="${CPPFLAGS} -I${with_gdbm}/include" LDFLAGS="${LDFLAGS} -L${with_gdbm}/lib" SASL_DB_LIB="-lgdbm" else with_gdbm="no" fi esac ;; ndbm) dnl We want to attempt to use -lndbm if we can, just in case dnl there's some version of it installed and overriding libc AC_CHECK_HEADER(ndbm.h, [ AC_CHECK_LIB(ndbm, dbm_open, SASL_DB_LIB="-lndbm", [ AC_CHECK_FUNC(dbm_open,,dblib="no")])], dblib="no") ;; auto_detect) dnl How about berkeley db? CYRUS_BERKELEY_DB_CHK() if test "$dblib" = no; then dnl How about ndbm? AC_CHECK_HEADER(ndbm.h, [ AC_CHECK_LIB(ndbm, dbm_open, dblib="ndbm"; SASL_DB_LIB="-lndbm", dblib="weird")], dblib="no") if test "$dblib" = "weird"; then dnl Is ndbm in the standard library? AC_CHECK_FUNC(dbm_open, dblib="ndbm", dblib="no") fi if test "$dblib" = no; then dnl Can we use gdbm? AC_CHECK_HEADER(gdbm.h, [ AC_CHECK_LIB(gdbm, gdbm_open, dblib="gdbm"; SASL_DB_LIB="-lgdbm", dblib="no")], dblib="no") fi else dnl we took Berkeley CPPFLAGS="${CPPFLAGS} ${BDB_INCADD}" SASL_DB_INC=$BDB_INCADD SASL_DB_LIB="${BDB_LIBADD}" fi ;; none) ;; no) ;; *) AC_MSG_WARN([Bad DB library implementation specified;]) AC_ERROR([Use either \"berkeley\", \"gdbm\", \"ndbm\" or \"none\"]) dblib=no ;; esac LIBS="$cmu_save_LIBS" AC_MSG_CHECKING(DB library to use) AC_MSG_RESULT($dblib) SASL_DB_BACKEND="db_${dblib}.lo" SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" SASL_DB_UTILS="saslpasswd2 sasldblistusers2" SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" case "$dblib" in gdbm) SASL_MECHS="$SASL_MECHS libsasldb.la" AC_DEFINE(SASL_GDBM,[],[Use GDBM for SASLdb]) ;; ndbm) SASL_MECHS="$SASL_MECHS libsasldb.la" AC_DEFINE(SASL_NDBM,[],[Use NDBM for SASLdb]) ;; berkeley) SASL_MECHS="$SASL_MECHS libsasldb.la" AC_DEFINE(SASL_BERKELEYDB,[],[Use BerkeleyDB for SASLdb]) ;; *) AC_MSG_WARN([Disabling SASL authentication database support]) dnl note that we do not add libsasldb.la to SASL_MECHS, since it dnl will just fail to load anyway. SASL_DB_BACKEND="db_none.lo" SASL_DB_BACKEND_STATIC="db_none.o" SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" SASL_DB_UTILS="" SASL_DB_MANS="" SASL_DB_LIB="" ;; esac if test "$enable_static" = yes; then if test "$dblib" != "none"; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" AC_DEFINE(STATIC_SASLDB,[],[Link SASLdb Staticly]) else SASL_STATIC_OBJS="$SASL_STATIC_OBJS $SASL_DB_BACKEND_STATIC" SASL_STATIC_SRCS="$SASL_STATIC_SRCS $SASL_DB_BACKEND_STATIC_SRCS" fi fi AC_SUBST(SASL_DB_UTILS) AC_SUBST(SASL_DB_MANS) AC_SUBST(SASL_DB_BACKEND) AC_SUBST(SASL_DB_BACKEND_STATIC) AC_SUBST(SASL_DB_INC) AC_SUBST(SASL_DB_LIB) ]) dnl Figure out what database path we're using AC_DEFUN([SASL_DB_PATH_CHECK], [ AC_ARG_WITH(dbpath, [ --with-dbpath=PATH set the DB path to use [/etc/sasldb2] ], dbpath=$withval, dbpath=/etc/sasldb2) AC_MSG_CHECKING(DB path to use) AC_MSG_RESULT($dbpath) AC_DEFINE_UNQUOTED(SASL_DB_PATH, "$dbpath", [Path to default SASLdb database])]) cyrus-sasl-2.1.25/config/libtool.m40000666000076400007640000003501710242726002014017 00000000000000## libtool.m4 - Configure libtool for the target system. -*-Shell-script-*- ## Copyright (C) 1996-1999 Free Software Foundation, Inc. ## Originally by Gordon Matzigkeit , 1996 ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ## ## As a special exception to the GNU General Public License, if you ## distribute this file as part of a program that contains a ## configuration script generated by Autoconf, you may include it under ## the same distribution terms that you use for the rest of that program. # serial 40 AC_PROG_LIBTOOL AC_DEFUN([AC_PROG_LIBTOOL], [AC_REQUIRE([AC_LIBTOOL_SETUP])dnl # Save cache, so that ltconfig can load it AC_CACHE_SAVE # Actually configure libtool. ac_aux_dir is where install-sh is found. CC="$CC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" \ LD="$LD" LDFLAGS="$LDFLAGS" LIBS="$LIBS" \ LN_S="$LN_S" NM="$NM" RANLIB="$RANLIB" \ DLLTOOL="$DLLTOOL" AS="$AS" OBJDUMP="$OBJDUMP" \ ${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \ $libtool_flags --no-verify $ac_aux_dir/ltmain.sh $lt_target \ || AC_MSG_ERROR([libtool configure failed]) # Reload cache, that may have been modified by ltconfig AC_CACHE_LOAD # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ac_aux_dir/ltconfig $ac_aux_dir/ltmain.sh" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl # Redirect the config.log output again, so that the ltconfig log is not # clobbered by the next message. exec 5>>./config.log ]) AC_DEFUN([AC_LIBTOOL_SETUP], [AC_PREREQ(2.13)dnl AC_REQUIRE([AC_ENABLE_SHARED])dnl AC_REQUIRE([AC_ENABLE_STATIC])dnl AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([AC_PROG_RANLIB])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_PROG_LD])dnl AC_REQUIRE([AC_PROG_NM])dnl AC_REQUIRE([AC_PROG_LN_S])dnl dnl case "$target" in NONE) lt_target="$host" ;; *) lt_target="$target" ;; esac # Check for any special flags to pass to ltconfig. libtool_flags="--cache-file=$cache_file" test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared" test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static" test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install" test "$ac_cv_prog_gcc" = yes && libtool_flags="$libtool_flags --with-gcc" test "$ac_cv_prog_gnu_ld" = yes && libtool_flags="$libtool_flags --with-gnu-ld" ifdef([AC_PROVIDE_AC_LIBTOOL_DLOPEN], [libtool_flags="$libtool_flags --enable-dlopen"]) ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL], [libtool_flags="$libtool_flags --enable-win32-dll"]) AC_ARG_ENABLE(libtool-lock, [ --disable-libtool-lock avoid locking (might break parallel builds)]) test "x$enable_libtool_lock" = xno && libtool_flags="$libtool_flags --disable-lock" test x"$silent" = xyes && libtool_flags="$libtool_flags --silent" # Some flags need to be propagated to the compiler or linker for good # libtool support. case "$lt_target" in *-*-irix6*) # Find out which ABI we are using. echo '[#]line __oline__ "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case "`/usr/bin/file conftest.o`" in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])]) if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL], [*-*-cygwin* | *-*-mingw*) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; ]) esac ]) # AC_LIBTOOL_DLOPEN - enable checks for dlopen support AC_DEFUN([AC_LIBTOOL_DLOPEN], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])]) # AC_LIBTOOL_WIN32_DLL - declare package support for building win32 dll's AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_BEFORE([$0], [AC_LIBTOOL_SETUP])]) # AC_ENABLE_SHARED - implement the --enable-shared flag # Usage: AC_ENABLE_SHARED[(DEFAULT)] # Where DEFAULT is either `yes' or `no'. If omitted, it defaults to # `yes'. AC_DEFUN([AC_ENABLE_SHARED], [dnl define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl AC_ARG_ENABLE(shared, changequote(<<, >>)dnl << --enable-shared[=PKGS] build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT], changequote([, ])dnl [p=${PACKAGE-default} case "$enableval" in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," for pkg in $enableval; do if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$ac_save_ifs" ;; esac], enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl ]) # AC_DISABLE_SHARED - set the default shared flag to --disable-shared AC_DEFUN([AC_DISABLE_SHARED], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_ENABLE_SHARED(no)]) # AC_ENABLE_STATIC - implement the --enable-static flag # Usage: AC_ENABLE_STATIC[(DEFAULT)] # Where DEFAULT is either `yes' or `no'. If omitted, it defaults to # `yes'. AC_DEFUN([AC_ENABLE_STATIC], [dnl define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl AC_ARG_ENABLE(static, changequote(<<, >>)dnl << --enable-static[=PKGS] build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT], changequote([, ])dnl [p=${PACKAGE-default} case "$enableval" in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," for pkg in $enableval; do if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$ac_save_ifs" ;; esac], enable_static=AC_ENABLE_STATIC_DEFAULT)dnl ]) # AC_DISABLE_STATIC - set the default static flag to --disable-static AC_DEFUN([AC_DISABLE_STATIC], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_ENABLE_STATIC(no)]) # AC_ENABLE_FAST_INSTALL - implement the --enable-fast-install flag # Usage: AC_ENABLE_FAST_INSTALL[(DEFAULT)] # Where DEFAULT is either `yes' or `no'. If omitted, it defaults to # `yes'. AC_DEFUN([AC_ENABLE_FAST_INSTALL], [dnl define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl AC_ARG_ENABLE(fast-install, changequote(<<, >>)dnl << --enable-fast-install[=PKGS] optimize for fast installation [default=>>AC_ENABLE_FAST_INSTALL_DEFAULT], changequote([, ])dnl [p=${PACKAGE-default} case "$enableval" in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," for pkg in $enableval; do if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$ac_save_ifs" ;; esac], enable_fast_install=AC_ENABLE_FAST_INSTALL_DEFAULT)dnl ]) # AC_ENABLE_FAST_INSTALL - set the default to --disable-fast-install AC_DEFUN([AC_DISABLE_FAST_INSTALL], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_ENABLE_FAST_INSTALL(no)]) # AC_PROG_LD - find the path to the GNU or non-GNU linker AC_DEFUN([AC_PROG_LD], [AC_ARG_WITH(gnu-ld, [ --with-gnu-ld assume the C compiler uses GNU ld [default=no]], test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no) AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl ac_prog=ld if test "$ac_cv_prog_gcc" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by GCC]) ac_prog=`($CC -print-prog-name=ld) 2>&5` case "$ac_prog" in # Accept absolute paths. changequote(,)dnl [\\/]* | [A-Za-z]:[\\/]*) re_direlt='/[^/][^/]*/\.\./' changequote([,])dnl # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(ac_cv_path_LD, [if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then ac_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. if "$ac_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then test "$with_gnu_ld" != no && break else test "$with_gnu_ld" != yes && break fi fi done IFS="$ac_save_ifs" else ac_cv_path_LD="$LD" # Let the user override the test with a path. fi]) LD="$ac_cv_path_LD" if test -n "$LD"; then AC_MSG_RESULT($LD) else AC_MSG_RESULT(no) fi test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) AC_PROG_LD_GNU ]) AC_DEFUN([AC_PROG_LD_GNU], [AC_CACHE_CHECK([if the linker ($LD) is GNU ld], ac_cv_prog_gnu_ld, [# I'd rather use --version here, but apparently some GNU ld's only accept -v. if $LD -v 2>&1 &5; then ac_cv_prog_gnu_ld=yes else ac_cv_prog_gnu_ld=no fi]) ]) # AC_PROG_NM - find the path to a BSD-compatible name lister AC_DEFUN([AC_PROG_NM], [AC_MSG_CHECKING([for BSD-compatible nm]) AC_CACHE_VAL(ac_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. ac_cv_path_NM="$NM" else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then ac_cv_path_NM="$ac_dir/nm -B" break elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then ac_cv_path_NM="$ac_dir/nm -p" break else ac_cv_path_NM=${ac_cv_path_NM="$ac_dir/nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags fi fi done IFS="$ac_save_ifs" test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm fi]) NM="$ac_cv_path_NM" AC_MSG_RESULT([$NM]) ]) # AC_CHECK_LIBM - check for math library AC_DEFUN([AC_CHECK_LIBM], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case "$lt_target" in *-*-beos* | *-*-cygwin*) # These system don't have libm ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") AC_CHECK_LIB(m, main, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, main, LIBM="-lm") ;; esac ]) # AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for # the libltdl convenience library, adds --enable-ltdl-convenience to # the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor # is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed # to be `${top_builddir}/libltdl'. Make sure you start DIR with # '${top_builddir}/' (note the single quotes!) if your package is not # flat, and, if you're not using automake, define top_builddir as # appropriate in the Makefiles. AC_DEFUN([AC_LIBLTDL_CONVENIENCE], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl case "$enable_ltdl_convenience" in no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;; "") enable_ltdl_convenience=yes ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;; esac LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl']) ]) # AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for # the libltdl installable library, and adds --enable-ltdl-install to # the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor # is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed # to be `${top_builddir}/libltdl'. Make sure you start DIR with # '${top_builddir}/' (note the single quotes!) if your package is not # flat, and, if you're not using automake, define top_builddir as # appropriate in the Makefiles. # In the future, this macro may have to be called after AC_PROG_LIBTOOL. AC_DEFUN([AC_LIBLTDL_INSTALLABLE], [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl AC_CHECK_LIB(ltdl, main, [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no], [if test x"$enable_ltdl_install" = xno; then AC_MSG_WARN([libltdl not installed, but installation disabled]) else enable_ltdl_install=yes fi ]) if test x"$enable_ltdl_install" = x"yes"; then ac_configure_args="$ac_configure_args --enable-ltdl-install" LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl']) else ac_configure_args="$ac_configure_args --enable-ltdl-install=no" LIBLTDL="-lltdl" INCLTDL= fi ]) dnl old names AC_DEFUN([AM_PROG_LIBTOOL], [indir([AC_PROG_LIBTOOL])])dnl AC_DEFUN([AM_ENABLE_SHARED], [indir([AC_ENABLE_SHARED], $@)])dnl AC_DEFUN([AM_ENABLE_STATIC], [indir([AC_ENABLE_STATIC], $@)])dnl AC_DEFUN([AM_DISABLE_SHARED], [indir([AC_DISABLE_SHARED], $@)])dnl AC_DEFUN([AM_DISABLE_STATIC], [indir([AC_DISABLE_STATIC], $@)])dnl AC_DEFUN([AM_PROG_LD], [indir([AC_PROG_LD])])dnl AC_DEFUN([AM_PROG_NM], [indir([AC_PROG_NM])])dnl dnl This is just to silence aclocal about the macro not being used ifelse([AC_DISABLE_FAST_INSTALL])dnl cyrus-sasl-2.1.25/config/sasldb.m40000646000076400007640000001072711306006125013621 00000000000000dnl Functions to check what database to use for libsasldb dnl Berkeley DB specific checks first.. dnl Figure out what database type we're using AC_DEFUN([SASL_DB_CHECK], [ cmu_save_LIBS="$LIBS" AC_ARG_WITH(dblib, [ --with-dblib=DBLIB set the DB library to use [berkeley] ], dblib=$withval, dblib=auto_detect) CYRUS_BERKELEY_DB_OPTS() SASL_DB_LIB="" case "$dblib" in dnl this is unbelievably painful due to confusion over what db-3 should be dnl named. arg. berkeley) CYRUS_BERKELEY_DB_CHK() CPPFLAGS="${CPPFLAGS} ${BDB_INCADD}" SASL_DB_INC=$BDB_INCADD SASL_DB_LIB="${BDB_LIBADD}" ;; gdbm) AC_ARG_WITH(gdbm,[ --with-gdbm=PATH use gdbm from PATH], with_gdbm="${withval}") case "$with_gdbm" in ""|yes) AC_CHECK_HEADER(gdbm.h, [ AC_CHECK_LIB(gdbm, gdbm_open, SASL_DB_LIB="-lgdbm", dblib="no")], dblib="no") ;; *) if test -d $with_gdbm; then CPPFLAGS="${CPPFLAGS} -I${with_gdbm}/include" LDFLAGS="${LDFLAGS} -L${with_gdbm}/lib" SASL_DB_LIB="-lgdbm" else with_gdbm="no" fi esac ;; ndbm) dnl We want to attempt to use -lndbm if we can, just in case dnl there's some version of it installed and overriding libc AC_CHECK_HEADER(ndbm.h, [ AC_CHECK_LIB(ndbm, dbm_open, SASL_DB_LIB="-lndbm", [ AC_CHECK_FUNC(dbm_open,,dblib="no")])], dblib="no") ;; auto_detect) dnl How about berkeley db? CYRUS_BERKELEY_DB_CHK() if test "$dblib" = no; then dnl How about ndbm? AC_CHECK_HEADER(ndbm.h, [ AC_CHECK_LIB(ndbm, dbm_open, dblib="ndbm"; SASL_DB_LIB="-lndbm", dblib="weird")], dblib="no") if test "$dblib" = "weird"; then dnl Is ndbm in the standard library? AC_CHECK_FUNC(dbm_open, dblib="ndbm", dblib="no") fi if test "$dblib" = no; then dnl Can we use gdbm? AC_CHECK_HEADER(gdbm.h, [ AC_CHECK_LIB(gdbm, gdbm_open, dblib="gdbm"; SASL_DB_LIB="-lgdbm", dblib="no")], dblib="no") fi else dnl we took Berkeley CPPFLAGS="${CPPFLAGS} ${BDB_INCADD}" SASL_DB_INC=$BDB_INCADD SASL_DB_LIB="${BDB_LIBADD}" fi ;; none) ;; no) ;; *) AC_MSG_WARN([Bad DB library implementation specified;]) AC_ERROR([Use either \"berkeley\", \"gdbm\", \"ndbm\" or \"none\"]) dblib=no ;; esac LIBS="$cmu_save_LIBS" AC_MSG_CHECKING(DB library to use) AC_MSG_RESULT($dblib) SASL_DB_BACKEND="db_${dblib}.lo" SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" SASL_DB_UTILS="saslpasswd2 sasldblistusers2" SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" case "$dblib" in gdbm) SASL_MECHS="$SASL_MECHS libsasldb.la" AC_DEFINE(SASL_GDBM,[],[Use GDBM for SASLdb]) ;; ndbm) SASL_MECHS="$SASL_MECHS libsasldb.la" AC_DEFINE(SASL_NDBM,[],[Use NDBM for SASLdb]) ;; berkeley) SASL_MECHS="$SASL_MECHS libsasldb.la" AC_DEFINE(SASL_BERKELEYDB,[],[Use BerkeleyDB for SASLdb]) ;; *) AC_MSG_WARN([Disabling SASL authentication database support]) dnl note that we do not add libsasldb.la to SASL_MECHS, since it dnl will just fail to load anyway. SASL_DB_BACKEND="db_none.lo" SASL_DB_BACKEND_STATIC="db_none.o" SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" SASL_DB_UTILS="" SASL_DB_MANS="" SASL_DB_LIB="" ;; esac if test "$enable_static" = yes; then if test "$dblib" != "none"; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" AC_DEFINE(STATIC_SASLDB,[],[Link SASLdb Staticly]) else SASL_STATIC_OBJS="$SASL_STATIC_OBJS $SASL_DB_BACKEND_STATIC" SASL_STATIC_SRCS="$SASL_STATIC_SRCS $SASL_DB_BACKEND_STATIC_SRCS" fi fi AC_SUBST(SASL_DB_UTILS) AC_SUBST(SASL_DB_MANS) AC_SUBST(SASL_DB_BACKEND) AC_SUBST(SASL_DB_BACKEND_STATIC) AC_SUBST(SASL_DB_INC) AC_SUBST(SASL_DB_LIB) ]) dnl Figure out what database path we're using AC_DEFUN([SASL_DB_PATH_CHECK], [ AC_ARG_WITH(dbpath, [ --with-dbpath=PATH set the DB path to use [/etc/sasldb2] ], dbpath=$withval, dbpath=/etc/sasldb2) AC_MSG_CHECKING(DB path to use) AC_MSG_RESULT($dbpath) AC_DEFINE_UNQUOTED(SASL_DB_PATH, "$dbpath", [Path to default SASLdb database])]) cyrus-sasl-2.1.25/config/config.sub0000757000076400007640000010500011630151330014056 00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011 Free Software Foundation, Inc. timestamp='2011-08-23' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Please send patches to . Submit a context # diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | open8 \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; c54x) basic_machine=tic54x-unknown ;; c55x) basic_machine=tic55x-unknown ;; c6x) basic_machine=tic6x-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; strongarm | thumb | xscale) basic_machine=arm-unknown ;; xscaleeb) basic_machine=armeb-unknown ;; xscaleel) basic_machine=armel-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c54x-*) basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c55x-*) basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c6x-*) basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze) basic_machine=microblaze-xilinx ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; mvs) basic_machine=i370-ibm os=-mvs ;; nacl) basic_machine=le32-unknown os=-nacl ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; neo-tandem) basic_machine=neo-tandem ;; nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; strongarm-* | thumb-*) basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tile*) basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -nacl*) ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; tic54x-*) os=-coff ;; tic55x-*) os=-coff ;; tic6x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: cyrus-sasl-2.1.25/config/mkinstalldirs0000777000076400007640000000370407741071147014732 00000000000000#! /bin/sh # mkinstalldirs --- make directory hierarchy # Author: Noah Friedman # Created: 1993-05-16 # Public domain errstatus=0 dirmode="" usage="\ Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..." # process command line arguments while test $# -gt 0 ; do case $1 in -h | --help | --h*) # -h for help echo "$usage" 1>&2 exit 0 ;; -m) # -m PERM arg shift test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } dirmode=$1 shift ;; --) # stop option processing shift break ;; -*) # unknown option echo "$usage" 1>&2 exit 1 ;; *) # first non-opt arg break ;; esac done for file do if test -d "$file"; then shift else break fi done case $# in 0) exit 0 ;; esac case $dirmode in '') if mkdir -p -- . 2>/dev/null; then echo "mkdir -p -- $*" exec mkdir -p -- "$@" fi ;; *) if mkdir -m "$dirmode" -p -- . 2>/dev/null; then echo "mkdir -m $dirmode -p -- $*" exec mkdir -m "$dirmode" -p -- "$@" fi ;; esac for file do set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` shift pathcomp= for d do pathcomp="$pathcomp$d" case $pathcomp in -*) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then echo "mkdir $pathcomp" mkdir "$pathcomp" || lasterr=$? if test ! -d "$pathcomp"; then errstatus=$lasterr else if test ! -z "$dirmode"; then echo "chmod $dirmode $pathcomp" lasterr="" chmod "$dirmode" "$pathcomp" || lasterr=$? if test ! -z "$lasterr"; then errstatus=$lasterr fi fi fi fi pathcomp="$pathcomp/" done done exit $errstatus # Local Variables: # mode: shell-script # sh-indentation: 2 # End: # mkinstalldirs ends here cyrus-sasl-2.1.25/config/ltmain.sh0000666000076400007640000033224707700557034013752 00000000000000# ltmain.sh - Provide generalized library-building support services. # NOTE: Changing this file will not affect anything until you rerun ltconfig. # # Copyright (C) 1996-1999 Free Software Foundation, Inc. # Originally by Gordon Matzigkeit , 1996 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Check that we have a working $echo. if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then # Yippee, $echo works! : else # Restart under the correct shell, and then maybe $echo will work. exec $SHELL "$0" --no-reexec ${1+"$@"} fi if test "X$1" = X--fallback-echo; then # used as fallback echo shift cat <&2 echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 exit 1 fi if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then echo "$modename: not configured to build any kind of library" 1>&2 echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 exit 1 fi # Global variables. mode=$default_mode nonopt= prev= prevopt= run= show="$echo" show_help= execute_dlfiles= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" # Parse our command line options once, thoroughly. while test $# -gt 0 do arg="$1" shift case "$arg" in -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; *) optarg= ;; esac # If the previous option needs an argument, assign it. if test -n "$prev"; then case "$prev" in execute_dlfiles) eval "$prev=\"\$$prev \$arg\"" ;; *) eval "$prev=\$arg" ;; esac prev= prevopt= continue fi # Have we seen a non-optional argument yet? case "$arg" in --help) show_help=yes ;; --version) echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP" exit 0 ;; --config) sed -e '1,/^### BEGIN LIBTOOL CONFIG/d' -e '/^### END LIBTOOL CONFIG/,$d' $0 exit 0 ;; --debug) echo "$progname: enabling shell trace mode" set -x ;; --dry-run | -n) run=: ;; --features) echo "host: $host" if test "$build_libtool_libs" = yes; then echo "enable shared libraries" else echo "disable shared libraries" fi if test "$build_old_libs" = yes; then echo "enable static libraries" else echo "disable static libraries" fi exit 0 ;; --finish) mode="finish" ;; --mode) prevopt="--mode" prev=mode ;; --mode=*) mode="$optarg" ;; --quiet | --silent) show=: ;; -dlopen) prevopt="-dlopen" prev=execute_dlfiles ;; -*) $echo "$modename: unrecognized option \`$arg'" 1>&2 $echo "$help" 1>&2 exit 1 ;; *) nonopt="$arg" break ;; esac done if test -n "$prevopt"; then $echo "$modename: option \`$prevopt' requires an argument" 1>&2 $echo "$help" 1>&2 exit 1 fi if test -z "$show_help"; then # Infer the operation mode. if test -z "$mode"; then case "$nonopt" in *cc | *++ | gcc* | *-gcc*) mode=link for arg do case "$arg" in -c) mode=compile break ;; esac done ;; *db | *dbx | *strace | *truss) mode=execute ;; *install*|cp|mv) mode=install ;; *rm) mode=uninstall ;; *) # If we have no mode, but dlfiles were specified, then do execute mode. test -n "$execute_dlfiles" && mode=execute # Just use the default operation mode. if test -z "$mode"; then if test -n "$nonopt"; then $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 else $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 fi fi ;; esac fi # Only execute mode is allowed to have -dlopen flags. if test -n "$execute_dlfiles" && test "$mode" != execute; then $echo "$modename: unrecognized option \`-dlopen'" 1>&2 $echo "$help" 1>&2 exit 1 fi # Change the help message to a mode-specific one. generic_help="$help" help="Try \`$modename --help --mode=$mode' for more information." # These modes are in order of execution frequency so that they run quickly. case "$mode" in # libtool compile mode compile) modename="$modename: compile" # Get the compilation command and the source file. base_compile= lastarg= srcfile="$nonopt" suppress_output= user_target=no for arg do # Accept any command-line options. case "$arg" in -o) if test "$user_target" != "no"; then $echo "$modename: you cannot specify \`-o' more than once" 1>&2 exit 1 fi user_target=next ;; -static) build_old_libs=yes continue ;; esac case "$user_target" in next) # The next one is the -o target name user_target=yes continue ;; yes) # We got the output file user_target=set libobj="$arg" continue ;; esac # Accept the current argument as the source file. lastarg="$srcfile" srcfile="$arg" # Aesthetically quote the previous argument. # Backslashify any backslashes, double quotes, and dollar signs. # These are the only characters that are still specially # interpreted inside of double-quoted scrings. lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"` # Double-quote args containing other shell metacharacters. # Many Bourne shells cannot handle close brackets correctly in scan # sets, so we specify it separately. case "$lastarg" in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*) lastarg="\"$lastarg\"" ;; esac # Add the previous argument to base_compile. if test -z "$base_compile"; then base_compile="$lastarg" else base_compile="$base_compile $lastarg" fi done case "$user_target" in set) ;; no) # Get the name of the library object. libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'` ;; *) $echo "$modename: you must specify a target with \`-o'" 1>&2 exit 1 ;; esac # Recognize several different file suffixes. # If the user specifies -o file.o, it is replaced with file.lo xform='[cCFSfmso]' case "$libobj" in *.ada) xform=ada ;; *.adb) xform=adb ;; *.ads) xform=ads ;; *.asm) xform=asm ;; *.c++) xform=c++ ;; *.cc) xform=cc ;; *.cpp) xform=cpp ;; *.cxx) xform=cxx ;; *.f90) xform=f90 ;; *.for) xform=for ;; esac libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` case "$libobj" in *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;; *) $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2 exit 1 ;; esac if test -z "$base_compile"; then $echo "$modename: you must specify a compilation command" 1>&2 $echo "$help" 1>&2 exit 1 fi # Delete any leftover library objects. if test "$build_old_libs" = yes; then removelist="$obj $libobj" else removelist="$libobj" fi $run $rm $removelist trap "$run $rm $removelist; exit 1" 1 2 15 # Calculate the filename of the output object if compiler does # not support -o with -c if test "$compiler_c_o" = no; then output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\..*$%%'`.${objext} lockfile="$output_obj.lock" removelist="$removelist $output_obj $lockfile" trap "$run $rm $removelist; exit 1" 1 2 15 else need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test "$need_locks" = yes; then until ln "$0" "$lockfile" 2>/dev/null; do $show "Waiting for $lockfile to be removed" sleep 2 done elif test "$need_locks" = warn; then if test -f "$lockfile"; then echo "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $run $rm $removelist exit 1 fi echo $srcfile > "$lockfile" fi if test -n "$fix_srcfile_path"; then eval srcfile=\"$fix_srcfile_path\" fi # Only build a PIC object if we are building libtool libraries. if test "$build_libtool_libs" = yes; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile # All platforms use -DPIC, to notify preprocessed assembler code. command="$base_compile $srcfile $pic_flag -DPIC" if test "$build_old_libs" = yes; then lo_libobj="$libobj" dir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'` if test "X$dir" = "X$libobj"; then dir="$objdir" else dir="$dir/$objdir" fi libobj="$dir/"`$echo "X$libobj" | $Xsed -e 's%^.*/%%'` if test -d "$dir"; then $show "$rm $libobj" $run $rm $libobj else $show "$mkdir $dir" $run $mkdir $dir status=$? if test $status -ne 0 && test ! -d $dir; then exit $status fi fi fi if test "$compiler_o_lo" = yes; then output_obj="$libobj" command="$command -o $output_obj" elif test "$compiler_c_o" = yes; then output_obj="$obj" command="$command -o $output_obj" fi $run $rm "$output_obj" $show "$command" if $run eval "$command"; then : else test -n "$output_obj" && $run $rm $removelist exit 1 fi if test "$need_locks" = warn && test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then echo "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $run $rm $removelist exit 1 fi # Just move the object if needed, then go on to compile the next one if test x"$output_obj" != x"$libobj"; then $show "$mv $output_obj $libobj" if $run $mv $output_obj $libobj; then : else error=$? $run $rm $removelist exit $error fi fi # If we have no pic_flag, then copy the object into place and finish. if test -z "$pic_flag" && test "$build_old_libs" = yes; then # Rename the .lo from within objdir to obj if test -f $obj; then $show $rm $obj $run $rm $obj fi $show "$mv $libobj $obj" if $run $mv $libobj $obj; then : else error=$? $run $rm $removelist exit $error fi xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$obj"; then xdir="." else xdir="$xdir" fi baseobj=`$echo "X$obj" | $Xsed -e "s%.*/%%"` libobj=`$echo "X$baseobj" | $Xsed -e "$o2lo"` # Now arrange that obj and lo_libobj become the same file $show "(cd $xdir && $LN_S $baseobj $libobj)" if $run eval '(cd $xdir && $LN_S $baseobj $libobj)'; then exit 0 else error=$? $run $rm $removelist exit $error fi fi # Allow error messages only from the first compilation. suppress_output=' >/dev/null 2>&1' fi # Only build a position-dependent object if we build old libraries. if test "$build_old_libs" = yes; then command="$base_compile $srcfile" if test "$compiler_c_o" = yes; then command="$command -o $obj" output_obj="$obj" fi # Suppress compiler output if we already did a PIC compilation. command="$command$suppress_output" $run $rm "$output_obj" $show "$command" if $run eval "$command"; then : else $run $rm $removelist exit 1 fi if test "$need_locks" = warn && test x"`cat $lockfile 2>/dev/null`" != x"$srcfile"; then echo "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $run $rm $removelist exit 1 fi # Just move the object if needed if test x"$output_obj" != x"$obj"; then $show "$mv $output_obj $obj" if $run $mv $output_obj $obj; then : else error=$? $run $rm $removelist exit $error fi fi # Create an invalid libtool object if no PIC, so that we do not # accidentally link it into a program. if test "$build_libtool_libs" != yes; then $show "echo timestamp > $libobj" $run eval "echo timestamp > \$libobj" || exit $? else # Move the .lo from within objdir $show "$mv $libobj $lo_libobj" if $run $mv $libobj $lo_libobj; then : else error=$? $run $rm $removelist exit $error fi fi fi # Unlock the critical section if it was locked if test "$need_locks" != no; then $rm "$lockfile" fi exit 0 ;; # libtool link mode link) modename="$modename: link" case "$host" in *-*-cygwin* | *-*-mingw* | *-*-os2*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # which system we are compiling for in order to pass an extra # flag for every libtool invokation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying # to make a dll which has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. allow_undefined=yes # This is a source program that is used to create dlls on Windows # Don't remove nor modify the starting and closing comments # /* ltdll.c starts here */ # #define WIN32_LEAN_AND_MEAN # #include # #undef WIN32_LEAN_AND_MEAN # #include # # #ifndef __CYGWIN__ # # ifdef __CYGWIN32__ # # define __CYGWIN__ __CYGWIN32__ # # endif # #endif # # #ifdef __cplusplus # extern "C" { # #endif # BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved); # #ifdef __cplusplus # } # #endif # # #ifdef __CYGWIN__ # #include # DECLARE_CYGWIN_DLL( DllMain ); # #endif # HINSTANCE __hDllInstance_base; # # BOOL APIENTRY # DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) # { # __hDllInstance_base = hInst; # return TRUE; # } # /* ltdll.c ends here */ # This is a source program that is used to create import libraries # on Windows for dlls which lack them. Don't remove nor modify the # starting and closing comments # /* impgen.c starts here */ # /* Copyright (C) 1999 Free Software Foundation, Inc. # # This file is part of GNU libtool. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # */ # # #include /* for printf() */ # #include /* for open(), lseek(), read() */ # #include /* for O_RDONLY, O_BINARY */ # #include /* for strdup() */ # # static unsigned int # pe_get16 (fd, offset) # int fd; # int offset; # { # unsigned char b[2]; # lseek (fd, offset, SEEK_SET); # read (fd, b, 2); # return b[0] + (b[1]<<8); # } # # static unsigned int # pe_get32 (fd, offset) # int fd; # int offset; # { # unsigned char b[4]; # lseek (fd, offset, SEEK_SET); # read (fd, b, 4); # return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24); # } # # static unsigned int # pe_as32 (ptr) # void *ptr; # { # unsigned char *b = ptr; # return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24); # } # # int # main (argc, argv) # int argc; # char *argv[]; # { # int dll; # unsigned long pe_header_offset, opthdr_ofs, num_entries, i; # unsigned long export_rva, export_size, nsections, secptr, expptr; # unsigned long name_rvas, nexp; # unsigned char *expdata, *erva; # char *filename, *dll_name; # # filename = argv[1]; # # dll = open(filename, O_RDONLY|O_BINARY); # if (!dll) # return 1; # # dll_name = filename; # # for (i=0; filename[i]; i++) # if (filename[i] == '/' || filename[i] == '\\' || filename[i] == ':') # dll_name = filename + i +1; # # pe_header_offset = pe_get32 (dll, 0x3c); # opthdr_ofs = pe_header_offset + 4 + 20; # num_entries = pe_get32 (dll, opthdr_ofs + 92); # # if (num_entries < 1) /* no exports */ # return 1; # # export_rva = pe_get32 (dll, opthdr_ofs + 96); # export_size = pe_get32 (dll, opthdr_ofs + 100); # nsections = pe_get16 (dll, pe_header_offset + 4 +2); # secptr = (pe_header_offset + 4 + 20 + # pe_get16 (dll, pe_header_offset + 4 + 16)); # # expptr = 0; # for (i = 0; i < nsections; i++) # { # char sname[8]; # unsigned long secptr1 = secptr + 40 * i; # unsigned long vaddr = pe_get32 (dll, secptr1 + 12); # unsigned long vsize = pe_get32 (dll, secptr1 + 16); # unsigned long fptr = pe_get32 (dll, secptr1 + 20); # lseek(dll, secptr1, SEEK_SET); # read(dll, sname, 8); # if (vaddr <= export_rva && vaddr+vsize > export_rva) # { # expptr = fptr + (export_rva - vaddr); # if (export_rva + export_size > vaddr + vsize) # export_size = vsize - (export_rva - vaddr); # break; # } # } # # expdata = (unsigned char*)malloc(export_size); # lseek (dll, expptr, SEEK_SET); # read (dll, expdata, export_size); # erva = expdata - export_rva; # # nexp = pe_as32 (expdata+24); # name_rvas = pe_as32 (expdata+32); # # printf ("EXPORTS\n"); # for (i = 0; i&2 fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi else if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi fi build_libtool_libs=no build_old_libs=yes prefer_static_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test $# -gt 0; do arg="$1" shift # If the previous option needs an argument, assign it. if test -n "$prev"; then case "$prev" in output) compile_command="$compile_command @OUTPUT@" finalize_command="$finalize_command @OUTPUT@" ;; esac case "$prev" in dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. compile_command="$compile_command @SYMFILE@" finalize_command="$finalize_command @SYMFILE@" preload=yes fi case "$arg" in *.la | *.lo) ;; # We handle these cases below. force) if test "$dlself" = no; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test "$prev" = dlprefiles; then dlself=yes elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test "$prev" = dlfiles; then dlfiles="$dlfiles $arg" else dlprefiles="$dlprefiles $arg" fi prev= ;; esac ;; expsyms) export_symbols="$arg" if test ! -f "$arg"; then $echo "$modename: symbol file \`$arg' does not exist" exit 1 fi prev= continue ;; expsyms_regex) export_symbols_regex="$arg" prev= continue ;; release) release="-$arg" prev= continue ;; rpath | xrpath) # We need an absolute path. case "$arg" in [\\/]* | [A-Za-z]:[\\/]*) ;; *) $echo "$modename: only absolute run-paths are allowed" 1>&2 exit 1 ;; esac if test "$prev" = rpath; then case "$rpath " in *" $arg "*) ;; *) rpath="$rpath $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) xrpath="$xrpath $arg" ;; esac fi prev= continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi prevarg="$arg" case "$arg" in -all-static) if test -n "$link_static_flag"; then compile_command="$compile_command $link_static_flag" finalize_command="$finalize_command $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2 continue ;; -avoid-version) avoid_version=yes continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then $echo "$modename: not more than one -exported-symbols argument allowed" exit 1 fi if test "X$arg" = "X-export-symbols"; then prev=expsyms else prev=expsyms_regex fi continue ;; -L*) dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` # We need an absolute path. case "$dir" in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2 $echo "$modename: passing it literally to the linker, although it might fail" 1>&2 absdir="$dir" fi dir="$absdir" ;; esac case " $deplibs " in *" $arg "*) ;; *) deplibs="$deplibs $arg";; esac case " $lib_search_path " in *" $dir "*) ;; *) lib_search_path="$lib_search_path $dir";; esac case "$host" in *-*-cygwin* | *-*-mingw* | *-*-os2*) dllsearchdir=`cd "$dir" && pwd || echo "$dir"` case ":$dllsearchpath:" in ::) dllsearchpath="$dllsearchdir";; *":$dllsearchdir:"*) ;; *) dllsearchpath="$dllsearchpath:$dllsearchdir";; esac ;; esac ;; -l*) if test "$arg" = "-lc"; then case "$host" in *-*-cygwin* | *-*-mingw* | *-*-os2* | *-*-beos*) # These systems don't actually have c library (as such) continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework deplibs="$deplibs -framework System" continue ;; esac elif test "$arg" = "-lm"; then case "$host" in *-*-cygwin* | *-*-beos*) # These systems don't actually have math library (as such) continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody math library is in the System framework deplibs="$deplibs -framework System" continue ;; esac fi deplibs="$deplibs $arg" ;; -module) module=yes continue ;; -no-undefined) allow_undefined=no continue ;; -o) prev=output ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) dir=`$echo "X$arg" | $Xsed -e 's/^-R//'` # We need an absolute path. case "$dir" in [\\/]* | [A-Za-z]:[\\/]*) ;; *) $echo "$modename: only absolute run-paths are allowed" 1>&2 exit 1 ;; esac case "$xrpath " in *" $dir "*) ;; *) xrpath="$xrpath $dir" ;; esac continue ;; -static) # If we have no pic_flag, then this is the same as -all-static. if test -z "$pic_flag" && test -n "$link_static_flag"; then compile_command="$compile_command $link_static_flag" finalize_command="$finalize_command $link_static_flag" fi continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; # Some other compiler flag. -* | +*) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case "$arg" in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*) arg="\"$arg\"" ;; esac ;; *.o | *.obj | *.a | *.lib) # A standard object. objs="$objs $arg" ;; *.lo) # A library object. if test "$prev" = dlfiles; then dlfiles="$dlfiles $arg" if test "$build_libtool_libs" = yes && test "$dlopen" = yes; then prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi if test "$prev" = dlprefiles; then # Preload the old-style object. dlprefiles="$dlprefiles "`$echo "X$arg" | $Xsed -e "$lo2o"` prev= fi libobjs="$libobjs $arg" ;; *.la) # A libtool-controlled library. dlname= libdir= library_names= old_library= # Check to see that this really is a libtool archive. if (sed -e '2q' $arg | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : else $echo "$modename: \`$arg' is not a valid libtool archive" 1>&2 exit 1 fi # If the library was installed with an old release of libtool, # it will not redefine variable installed. installed=yes # Read the .la file # If there is no directory component, then add one. case "$arg" in */* | *\\*) . $arg ;; *) . ./$arg ;; esac # Get the name of the library we link against. linklib= for l in $old_library $library_names; do linklib="$l" done if test -z "$linklib"; then $echo "$modename: cannot find name of link library for \`$arg'" 1>&2 exit 1 fi # Find the relevant object directory and library name. name=`$echo "X$arg" | $Xsed -e 's%^.*/%%' -e 's/\.la$//' -e 's/^lib//'` if test "X$installed" = Xyes; then dir="$libdir" else dir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` if test "X$dir" = "X$arg"; then dir="$objdir" else dir="$dir/$objdir" fi fi if test -n "$dependency_libs"; then # Extract -R and -L from dependency_libs temp_deplibs= for deplib in $dependency_libs; do case "$deplib" in -R*) temp_xrpath=`$echo "X$deplib" | $Xsed -e 's/^-R//'` case " $rpath $xrpath " in *" $temp_xrpath "*) ;; *) xrpath="$xrpath $temp_xrpath";; esac;; -L*) case "$compile_command $temp_deplibs " in *" $deplib "*) ;; *) temp_deplibs="$temp_deplibs $deplib";; esac temp_dir=`$echo "X$deplib" | $Xsed -e 's/^-L//'` case " $lib_search_path " in *" $temp_dir "*) ;; *) lib_search_path="$lib_search_path $temp_dir";; esac ;; *) temp_deplibs="$temp_deplibs $deplib";; esac done dependency_libs="$temp_deplibs" fi if test -z "$libdir"; then # It is a libtool convenience library, so add in its objects. convenience="$convenience $dir/$old_library" old_convenience="$old_convenience $dir/$old_library" deplibs="$deplibs$dependency_libs" compile_command="$compile_command $dir/$old_library$dependency_libs" finalize_command="$finalize_command $dir/$old_library$dependency_libs" continue fi # This library was specified with -dlopen. if test "$prev" = dlfiles; then dlfiles="$dlfiles $arg" if test -z "$dlname" || test "$dlopen" != yes || test "$build_libtool_libs" = no; then # If there is no dlname, no dlopen support or we're linking statically, # we need to preload. prev=dlprefiles else # We should not create a dependency on this library, but we # may need any libraries it requires. compile_command="$compile_command$dependency_libs" finalize_command="$finalize_command$dependency_libs" prev= continue fi fi # The library was specified with -dlpreopen. if test "$prev" = dlprefiles; then # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then dlprefiles="$dlprefiles $dir/$old_library" else dlprefiles="$dlprefiles $dir/$linklib" fi prev= fi if test -n "$library_names" && { test "$prefer_static_libs" = no || test -z "$old_library"; }; then link_against_libtool_libs="$link_against_libtool_libs $arg" if test -n "$shlibpath_var"; then # Make sure the rpath contains only unique directories. case "$temp_rpath " in *" $dir "*) ;; *) temp_rpath="$temp_rpath $dir" ;; esac fi # We need an absolute path. case "$dir" in [\\/] | [A-Za-z]:[\\/]*) absdir="$dir" ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2 $echo "$modename: passing it literally to the linker, although it might fail" 1>&2 absdir="$dir" fi ;; esac # This is the magic to use -rpath. # Skip directories that are in the system default run-time # search path, unless they have been requested with -R. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) compile_rpath="$compile_rpath $absdir" esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" esac ;; esac lib_linked=yes case "$hardcode_action" in immediate | unsupported) if test "$hardcode_direct" = no; then compile_command="$compile_command $dir/$linklib" deplibs="$deplibs $dir/$linklib" case "$host" in *-*-cygwin* | *-*-mingw* | *-*-os2*) dllsearchdir=`cd "$dir" && pwd || echo "$dir"` if test -n "$dllsearchpath"; then dllsearchpath="$dllsearchpath:$dllsearchdir" else dllsearchpath="$dllsearchdir" fi ;; esac elif test "$hardcode_minus_L" = no; then case "$host" in *-*-sunos*) compile_shlibpath="$compile_shlibpath$dir:" ;; esac case "$compile_command " in *" -L$dir "*) ;; *) compile_command="$compile_command -L$dir";; esac compile_command="$compile_command -l$name" deplibs="$deplibs -L$dir -l$name" elif test "$hardcode_shlibpath_var" = no; then case ":$compile_shlibpath:" in *":$dir:"*) ;; *) compile_shlibpath="$compile_shlibpath$dir:";; esac compile_command="$compile_command -l$name" deplibs="$deplibs -l$name" else lib_linked=no fi ;; relink) if test "$hardcode_direct" = yes; then compile_command="$compile_command $absdir/$linklib" deplibs="$deplibs $absdir/$linklib" elif test "$hardcode_minus_L" = yes; then case "$compile_command " in *" -L$absdir "*) ;; *) compile_command="$compile_command -L$absdir";; esac compile_command="$compile_command -l$name" deplibs="$deplibs -L$absdir -l$name" elif test "$hardcode_shlibpath_var" = yes; then case ":$compile_shlibpath:" in *":$absdir:"*) ;; *) compile_shlibpath="$compile_shlibpath$absdir:";; esac compile_command="$compile_command -l$name" deplibs="$deplibs -l$name" else lib_linked=no fi ;; *) lib_linked=no ;; esac if test "$lib_linked" != yes; then $echo "$modename: configuration error: unsupported hardcode properties" exit 1 fi # Finalize command for both is simple: just hardcode it. if test "$hardcode_direct" = yes; then finalize_command="$finalize_command $libdir/$linklib" elif test "$hardcode_minus_L" = yes; then case "$finalize_command " in *" -L$libdir "*) ;; *) finalize_command="$finalize_command -L$libdir";; esac finalize_command="$finalize_command -l$name" elif test "$hardcode_shlibpath_var" = yes; then case ":$finalize_shlibpath:" in *":$libdir:"*) ;; *) finalize_shlibpath="$finalize_shlibpath$libdir:";; esac finalize_command="$finalize_command -l$name" else # We cannot seem to hardcode it, guess we'll fake it. case "$finalize_command " in *" -L$dir "*) ;; *) finalize_command="$finalize_command -L$libdir";; esac finalize_command="$finalize_command -l$name" fi else # Transform directly to old archives if we don't build new libraries. if test -n "$pic_flag" && test -z "$old_library"; then $echo "$modename: cannot find static library for \`$arg'" 1>&2 exit 1 fi # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test "$hardcode_direct" != unsupported; then test -n "$old_library" && linklib="$old_library" compile_command="$compile_command $dir/$linklib" finalize_command="$finalize_command $dir/$linklib" else case "$compile_command " in *" -L$dir "*) ;; *) compile_command="$compile_command -L$dir";; esac compile_command="$compile_command -l$name" case "$finalize_command " in *" -L$dir "*) ;; *) finalize_command="$finalize_command -L$dir";; esac finalize_command="$finalize_command -l$name" fi fi # Add in any libraries that this one depends upon. compile_command="$compile_command$dependency_libs" finalize_command="$finalize_command$dependency_libs" continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case "$arg" in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*) arg="\"$arg\"" ;; esac ;; esac # Now actually substitute the argument into the commands. if test -n "$arg"; then compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" fi done if test -n "$prev"; then $echo "$modename: the \`$prevarg' option requires an argument" 1>&2 $echo "$help" 1>&2 exit 1 fi if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" compile_command="$compile_command $arg" finalize_command="$finalize_command $arg" fi oldlibs= # calculate the name of the file, without its directory outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'` libobjs_save="$libobjs" case "$output" in "") $echo "$modename: you must specify an output file" 1>&2 $echo "$help" 1>&2 exit 1 ;; *.a | *.lib) if test -n "$link_against_libtool_libs"; then $echo "$modename: error: cannot link libtool libraries into archives" 1>&2 exit 1 fi if test -n "$deplibs"; then $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2 fi if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2 fi if test -n "$rpath"; then $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2 fi if test -n "$xrpath"; then $echo "$modename: warning: \`-R' is ignored for archives" 1>&2 fi if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info' is ignored for archives" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for archives" 1>&2 fi if test -n "$export_symbols" || test -n "$export_symbols_regex"; then $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2 fi # Now set the variables for building old libraries. build_libtool_libs=no oldlibs="$output" ;; *.la) # Make sure we only generate libraries of the form `libNAME.la'. case "$outputname" in lib*) name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` eval libname=\"$libname_spec\" ;; *) if test "$module" = no; then $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2 $echo "$help" 1>&2 exit 1 fi if test "$need_lib_prefix" != no; then # Add the "lib" prefix for modules if required name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` eval libname=\"$libname_spec\" else libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` fi ;; esac output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'` if test "X$output_objdir" = "X$output"; then output_objdir="$objdir" else output_objdir="$output_objdir/$objdir" fi if test -n "$objs"; then $echo "$modename: cannot build libtool library \`$output' from non-libtool objects:$objs" 2>&1 exit 1 fi # How the heck are we supposed to write a wrapper for a shared library? if test -n "$link_against_libtool_libs"; then $echo "$modename: error: cannot link shared libraries into libtool libraries" 1>&2 exit 1 fi if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then $echo "$modename: warning: \`-dlopen' is ignored for libtool libraries" 1>&2 fi set dummy $rpath if test $# -gt 2; then $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2 fi install_libdir="$2" oldlibs= if test -z "$rpath"; then if test "$build_libtool_libs" = yes; then # Building a libtool convenience library. libext=al oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi dependency_libs="$deplibs" if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info' is ignored for convenience libraries" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2 fi else # Parse the version information argument. IFS="${IFS= }"; save_ifs="$IFS"; IFS=':' set dummy $vinfo 0 0 0 IFS="$save_ifs" if test -n "$8"; then $echo "$modename: too many parameters to \`-version-info'" 1>&2 $echo "$help" 1>&2 exit 1 fi current="$2" revision="$3" age="$4" # Check that each of the things are valid numbers. case "$current" in 0 | [1-9] | [1-9][0-9]*) ;; *) $echo "$modename: CURRENT \`$current' is not a nonnegative integer" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit 1 ;; esac case "$revision" in 0 | [1-9] | [1-9][0-9]*) ;; *) $echo "$modename: REVISION \`$revision' is not a nonnegative integer" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit 1 ;; esac case "$age" in 0 | [1-9] | [1-9][0-9]*) ;; *) $echo "$modename: AGE \`$age' is not a nonnegative integer" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit 1 ;; esac if test $age -gt $current; then $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2 $echo "$modename: \`$vinfo' is not valid version information" 1>&2 exit 1 fi # Calculate the version variables. major= versuffix= verstring= case "$version_type" in none) ;; irix) major=`expr $current - $age + 1` versuffix="$major.$revision" verstring="sgi$major.$revision" # Add in all the interfaces that we are compatible with. loop=$revision while test $loop != 0; do iface=`expr $revision - $loop` loop=`expr $loop - 1` verstring="sgi$major.$iface:$verstring" done ;; linux) major=.`expr $current - $age` versuffix="$major.$age.$revision" ;; osf) major=`expr $current - $age` versuffix=".$current.$age.$revision" verstring="$current.$age.$revision" # Add in all the interfaces that we are compatible with. loop=$age while test $loop != 0; do iface=`expr $current - $loop` loop=`expr $loop - 1` verstring="$verstring:${iface}.0" done # Make executables depend on our current version. verstring="$verstring:${current}.0" ;; sunos) major=".$current" versuffix=".$current.$revision" ;; freebsd-aout) major=".$current" versuffix=".$current.$revision"; ;; freebsd-elf) major=".$current" versuffix=".$current"; ;; windows) # Like Linux, but with '-' rather than '.', since we only # want one extension on Windows 95. major=`expr $current - $age` versuffix="-$major-$age-$revision" ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header major=.`expr $current - $age` versuffix="$major.$age.$revision" # Darwin ld doesn't like 0 for these options... minor_current=`expr $current + 1` verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; *) $echo "$modename: unknown library version type \`$version_type'" 1>&2 echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 exit 1 ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= verstring="0.0" if test "$need_version" = no; then versuffix= else versuffix=".0.0" fi fi # Remove version info from name if versioning should be avoided if test "$avoid_version" = yes && test "$need_version" = no; then major= versuffix= verstring="" fi # Check to see if the archive will have undefined symbols. if test "$allow_undefined" = yes; then if test "$allow_undefined_flag" = unsupported; then $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2 build_libtool_libs=no build_old_libs=yes fi else # Don't allow undefined symbols. allow_undefined_flag="$no_undefined_flag" fi dependency_libs="$deplibs" case "$host" in *-*-cygwin* | *-*-mingw* | *-*-os2* | *-*-beos*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework deplibs="$deplibs -framework System" ;; *) # Add libc to deplibs on all other systems. deplibs="$deplibs -lc" ;; esac fi # Create the output directory, or remove our outputs if we need to. if test -d $output_objdir; then $show "${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.*" $run ${rm}r $output_objdir/$outputname $output_objdir/$libname.* $output_objdir/${libname}${release}.* else $show "$mkdir $output_objdir" $run $mkdir $output_objdir status=$? if test $status -ne 0 && test ! -d $output_objdir; then exit $status fi fi # Now set the variables for building old libraries. if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then oldlibs="$oldlibs $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` fi if test "$build_libtool_libs" = yes; then # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release="" versuffix="" major="" newdeplibs= droppeddeps=no case "$deplibs_check_method" in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behaviour. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $rm conftest.c cat > conftest.c </dev/null` for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null \ | grep " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib="$potent_lib" while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | sed 's/.* -> //'` case "$potliblink" in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \ | sed 10q \ | egrep "$file_magic_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" break 2 fi done done if test -n "$a_deplib" ; then droppeddeps=yes echo echo "*** Warning: This library needs some functionality provided by $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." fi else # Add a -L argument. newdeplibs="$newdeplibs $a_deplib" fi done # Gone through all deplibs. ;; none | unknown | *) newdeplibs="" if $echo "X $deplibs" | $Xsed -e 's/ -lc$//' \ -e 's/ -[LR][^ ]*//g' -e 's/[ ]//g' | grep . >/dev/null; then echo if test "X$deplibs_check_method" = "Xnone"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." fi echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes fi ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save if test "$droppeddeps" = yes; then if test "$module" = yes; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" echo "*** dependencies of module $libname. Therefore, libtool will create" echo "*** a static module, that should work as long as the dlopening" echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using \`nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else echo "*** The inter-library dependencies that have been dropped here will be" echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." fi fi # Done checking deplibs! deplibs=$newdeplibs fi # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then # Get the real and link names of the library. eval library_names=\"$library_names_spec\" set dummy $library_names realname="$2" shift; shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname="$realname" fi lib="$output_objdir/$realname" for link do linknames="$linknames $link" done # Ensure that we have .o objects for linkers which dislike .lo # (e.g. aix) in case we are running --disable-static for obj in $libobjs; do xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$obj"; then xdir="." else xdir="$xdir" fi baseobj=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"` if test ! -f $xdir/$oldobj; then $show "(cd $xdir && ${LN_S} $baseobj $oldobj)" $run eval '(cd $xdir && ${LN_S} $baseobj $oldobj)' || exit $? fi done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` # Prepare the list of exported symbols if test -z "$export_symbols"; then if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then $show "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $run $rm $export_symbols eval cmds=\"$export_symbols_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" if test -n "$export_symbols_regex"; then $show "egrep -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\"" $run eval 'egrep -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' $show "$mv \"${export_symbols}T\" \"$export_symbols\"" $run eval '$mv "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"' fi if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" else gentop="$output_objdir/${outputname}x" $show "${rm}r $gentop" $run ${rm}r "$gentop" $show "mkdir $gentop" $run mkdir "$gentop" status=$? if test $status -ne 0 && test ! -d "$gentop"; then exit $status fi generated="$generated $gentop" for xlib in $convenience; do # Extract the objects. case "$xlib" in [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;; *) xabs=`pwd`"/$xlib" ;; esac xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'` xdir="$gentop/$xlib" $show "${rm}r $xdir" $run ${rm}r "$xdir" $show "mkdir $xdir" $run mkdir "$xdir" status=$? if test $status -ne 0 && test ! -d "$xdir"; then exit $status fi $show "(cd $xdir && $AR x $xabs)" $run eval "(cd \$xdir && $AR x \$xabs)" || exit $? libobjs="$libobjs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP` done fi fi if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" linkopts="$linkopts $flag" fi # Do each of the archive commands. if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval cmds=\"$archive_expsym_cmds\" else if test "x$verstring" = "x0.0"; then tmp_verstring= else tmp_verstring="$verstring" fi eval cmds=\"$archive_cmds\" fi IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)" $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $? fi done # If -module or -export-dynamic was specified, set the dlname. if test "$module" = yes || test "$export_dynamic" = yes; then # On all known operating systems, these are identical. dlname="$soname" fi fi ;; *.lo | *.o | *.obj) if test -n "$link_against_libtool_libs"; then $echo "$modename: error: cannot link libtool libraries into objects" 1>&2 exit 1 fi if test -n "$deplibs"; then $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2 fi if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2 fi if test -n "$rpath"; then $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2 fi if test -n "$xrpath"; then $echo "$modename: warning: \`-R' is ignored for objects" 1>&2 fi if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for objects" 1>&2 fi case "$output" in *.lo) if test -n "$objs"; then $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2 exit 1 fi libobj="$output" obj=`$echo "X$output" | $Xsed -e "$lo2o"` ;; *) libobj= obj="$output" ;; esac # Delete the old objects. $run $rm $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of # -Wl from whole_archive_flag_spec wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\" else gentop="$output_objdir/${obj}x" $show "${rm}r $gentop" $run ${rm}r "$gentop" $show "mkdir $gentop" $run mkdir "$gentop" status=$? if test $status -ne 0 && test ! -d "$gentop"; then exit $status fi generated="$generated $gentop" for xlib in $convenience; do # Extract the objects. case "$xlib" in [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;; *) xabs=`pwd`"/$xlib" ;; esac xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'` xdir="$gentop/$xlib" $show "${rm}r $xdir" $run ${rm}r "$xdir" $show "mkdir $xdir" $run mkdir "$xdir" status=$? if test $status -ne 0 && test ! -d "$xdir"; then exit $status fi $show "(cd $xdir && $AR x $xabs)" $run eval "(cd \$xdir && $AR x \$xabs)" || exit $? reload_conv_objs="$reload_objs "`find $xdir -name \*.o -print -o -name \*.lo -print | $NL2SP` done fi fi # Create the old-style object. reload_objs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" output="$obj" eval cmds=\"$reload_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then $show "${rm}r $gentop" $run ${rm}r $gentop fi exit 0 fi if test "$build_libtool_libs" != yes; then if test -n "$gentop"; then $show "${rm}r $gentop" $run ${rm}r $gentop fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. $show "echo timestamp > $libobj" $run eval "echo timestamp > $libobj" || exit $? exit 0 fi if test -n "$pic_flag"; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output="$libobj" eval cmds=\"$reload_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" else # Just create a symlink. $show $rm $libobj $run $rm $libobj xdir=`$echo "X$libobj" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$libobj"; then xdir="." else xdir="$xdir" fi baseobj=`$echo "X$libobj" | $Xsed -e 's%^.*/%%'` oldobj=`$echo "X$baseobj" | $Xsed -e "$lo2o"` $show "(cd $xdir && $LN_S $oldobj $baseobj)" $run eval '(cd $xdir && $LN_S $oldobj $baseobj)' || exit $? fi if test -n "$gentop"; then $show "${rm}r $gentop" $run ${rm}r $gentop fi exit 0 ;; # Anything else should be a program. *) if test -n "$vinfo"; then $echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2 fi if test -n "$release"; then $echo "$modename: warning: \`-release' is ignored for programs" 1>&2 fi if test "$preload" = yes; then if test "$dlopen" = unknown && test "$dlopen_self" = unknown && test "$dlopen_self_static" = unknown; then $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support." fi fi if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$compile_rpath " in *" $libdir "*) ;; *) compile_rpath="$compile_rpath $libdir" ;; esac case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case "$hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator" in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" rpath="$rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) perm_rpath="$perm_rpath $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath="$rpath" rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case "$hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator" in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" rpath="$rpath $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath="$rpath" output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'` if test "X$output_objdir" = "X$output"; then output_objdir="$objdir" else output_objdir="$output_objdir/$objdir" fi # Create the binary in the object directory, then wrap it. if test ! -d $output_objdir; then $show "$mkdir $output_objdir" $run $mkdir $output_objdir status=$? if test $status -ne 0 && test ! -d $output_objdir; then exit $status fi fi if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` fi dlsyms= if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then if test -n "$NM" && test -n "$global_symbol_pipe"; then dlsyms="${outputname}S.c" else $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2 fi fi if test -n "$dlsyms"; then case "$dlsyms" in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist="$output_objdir/${outputname}.nm" $show "$rm $nlist ${nlist}S ${nlist}T" $run $rm "$nlist" "${nlist}S" "${nlist}T" # Parse the name list into a source file. $show "creating $output_objdir/$dlsyms" test -z "$run" && $echo > "$output_objdir/$dlsyms" "\ /* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */ /* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */ #ifdef __cplusplus extern \"C\" { #endif /* Prevent the only kind of declaration conflicts we can make. */ #define lt_preloaded_symbols some_other_symbol /* External symbol declarations for the compiler. */\ " if test "$dlself" = yes; then $show "generating symbol list for \`$output'" test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$echo "X$objs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` for arg in $progfiles; do $show "extracting global C symbols from \`$arg'" $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $run eval 'egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' $run eval '$mv "$nlist"T "$nlist"' fi if test -n "$export_symbols_regex"; then $run eval 'egrep -e "$export_symbols_regex" "$nlist" > "$nlist"T' $run eval '$mv "$nlist"T "$nlist"' fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols="$output_objdir/$output.exp" $run $rm $export_symbols $run eval "sed -n -e '/^: @PROGRAM@$/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' else $run eval "sed -e 's/\([][.*^$]\)/\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$output.exp"' $run eval 'grep -f "$output_objdir/$output.exp" < "$nlist" > "$nlist"T' $run eval 'mv "$nlist"T "$nlist"' fi fi for arg in $dlprefiles; do $show "extracting global C symbols from \`$arg'" name=`echo "$arg" | sed -e 's%^.*/%%'` $run eval 'echo ": $name " >> "$nlist"' $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" done if test -z "$run"; then # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then egrep -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $mv "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if grep -v "^: " < "$nlist" | sort +2 | uniq > "$nlist"S; then : else grep -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"' else echo '/* NONE */' >> "$output_objdir/$dlsyms" fi $echo >> "$output_objdir/$dlsyms" "\ #undef lt_preloaded_symbols #if defined (__STDC__) && __STDC__ # define lt_ptr_t void * #else # define lt_ptr_t char * # define const #endif /* The mapping between symbol names and symbols. */ const struct { const char *name; lt_ptr_t address; } lt_preloaded_symbols[] = {\ " sed -n -e 's/^: \([^ ]*\) $/ {\"\1\", (lt_ptr_t) 0},/p' \ -e 's/^. \([^ ]*\) \([^ ]*\)$/ {"\2", (lt_ptr_t) \&\2},/p' \ < "$nlist" >> "$output_objdir/$dlsyms" $echo >> "$output_objdir/$dlsyms" "\ {0, (lt_ptr_t) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " fi pic_flag_for_symtable= case "$host" in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) case "$compile_command " in *" -static "*) ;; *) pic_flag_for_symtable=" $pic_flag -DPIC -DFREEBSD_WORKAROUND";; esac;; *-*-hpux*) case "$compile_command " in *" -static "*) ;; *) pic_flag_for_symtable=" $pic_flag -DPIC";; esac esac # Now compile the dynamic symbol file. $show "(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")" $run eval '(cd $output_objdir && $CC -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $? # Clean up the generated files. $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T" $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T" # Transform the symbol file into the correct name. compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` ;; *) $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2 exit 1 ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` fi if test -z "$link_against_libtool_libs" || test "$build_libtool_libs" != yes; then # Replace the output file specification. compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. $show "$link_command" $run eval "$link_command" status=$? # Delete the generated files. if test -n "$dlsyms"; then $show "$rm $output_objdir/${outputname}S.${objext}" $run $rm "$output_objdir/${outputname}S.${objext}" fi exit $status fi if test -n "$shlibpath_var"; then # We should set the shlibpath_var rpath= for dir in $temp_rpath; do case "$dir" in [\\/]* | [A-Za-z]:[\\/]*) # Absolute path. rpath="$rpath$dir:" ;; *) # Relative path: add a thisdir entry. rpath="$rpath\$thisdir/$dir:" ;; esac done temp_rpath="$rpath" fi if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do rpath="$rpath$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do rpath="$rpath$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test "$hardcode_action" = relink; then # Fast installation is not supported link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2 $echo "$modename: \`$output' will be relinked during installation" 1>&2 else if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= fi else link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" fi fi # Replace the output file specification. link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname $show "$link_command" $run eval "$link_command" || exit $? # Now create the wrapper script. $show "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` fi # Quote $echo for shipping. if test "X$echo" = "X$SHELL $0 --fallback-echo"; then case "$0" in [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $0 --fallback-echo";; *) qecho="$SHELL `pwd`/$0 --fallback-echo";; esac qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"` else qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"` fi # Only actually do things if our run command is non-null. if test -z "$run"; then # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) output=`echo $output|sed 's,.exe$,,'` ;; esac $rm $output trap "$rm $output; exit 1" 1 2 15 $echo > $output "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed='sed -e 1s/^X//' sed_quote_subst='$sed_quote_subst' # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. if test \"\${CDPATH+set}\" = set; then CDPATH=:; export CDPATH; fi relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variable: link_against_libtool_libs='$link_against_libtool_libs' else # When we are sourced in execute mode, \$file and \$echo are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then echo=\"$qecho\" file=\"\$0\" # Make sure echo works. if test \"X\$1\" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then # Yippee, \$echo works! : else # Restart under the correct shell, and then maybe \$echo will work. exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} fi fi\ " $echo >> $output "\ # Find the directory that this script lives in. thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | sed -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\/]* | [A-Za-z]:[\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | sed -n 's/.*-> //p'\` done # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test "$fast_install" = yes; then echo >> $output "\ program=lt-'$outputname' progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || \\ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | sed 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $mkdir \"\$progdir\" else $rm \"\$progdir/\$file\" fi" echo >> $output "\ # relink executable if necessary if test -n \"\$relink_command\"; then if (cd \"\$thisdir\" && eval \$relink_command); then : else $rm \"\$progdir/\$file\" exit 1 fi fi $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $rm \"\$progdir/\$program\"; $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; } $rm \"\$progdir/\$file\" fi" else echo >> $output "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi echo >> $output "\ if test -f \"\$progdir/\$program\"; then" # Export our shlibpath_var if we have one. if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $echo >> $output "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` export $shlibpath_var " fi # fixup the dll searchpath if we need to. if test -n "$dllsearchpath"; then $echo >> $output "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi $echo >> $output "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. " case $host in # win32 systems need to use the prog path for dll # lookup to work *-*-cygwin*) $echo >> $output "\ exec \$progdir/\$program \${1+\"\$@\"} " ;; # Backslashes separate directories on plain windows *-*-mingw | *-*-os2*) $echo >> $output "\ exec \$progdir\\\\\$program \${1+\"\$@\"} " ;; *) $echo >> $output "\ # Export the path to the program. PATH=\"\$progdir:\$PATH\" export PATH exec \$program \${1+\"\$@\"} " ;; esac $echo >> $output "\ \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\" exit 1 fi else # The program doesn't exist. \$echo \"\$0: error: \$progdir/\$program does not exist\" 1>&2 \$echo \"This script is just a wrapper for \$program.\" 1>&2 echo \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " chmod +x $output fi exit 0 ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do if test "$build_libtool_libs" = convenience; then oldobjs="$libobjs_save" addlibs="$convenience" build_libtool_libs=no else if test "$build_libtool_libs" = module; then oldobjs="$libobjs_save" build_libtool_libs=no else oldobjs="$objs "`$echo "X$libobjs_save" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP` fi addlibs="$old_convenience" fi if test -n "$addlibs"; then gentop="$output_objdir/${outputname}x" $show "${rm}r $gentop" $run ${rm}r "$gentop" $show "mkdir $gentop" $run mkdir "$gentop" status=$? if test $status -ne 0 && test ! -d "$gentop"; then exit $status fi generated="$generated $gentop" # Add in members from convenience archives. for xlib in $addlibs; do # Extract the objects. case "$xlib" in [\\/]* | [A-Za-z]:[\\/]*) xabs="$xlib" ;; *) xabs=`pwd`"/$xlib" ;; esac xlib=`$echo "X$xlib" | $Xsed -e 's%^.*/%%'` xdir="$gentop/$xlib" $show "${rm}r $xdir" $run ${rm}r "$xdir" $show "mkdir $xdir" $run mkdir "$xdir" status=$? if test $status -ne 0 && test ! -d "$xdir"; then exit $status fi $show "(cd $xdir && $AR x $xabs)" $run eval "(cd \$xdir && $AR x \$xabs)" || exit $? oldobjs="$oldobjs "`find $xdir -name \*.${objext} -print -o -name \*.lo -print | $NL2SP` done fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then eval cmds=\"$old_archive_from_new_cmds\" else # Ensure that we have .o objects in place in case we decided # not to build a shared library, and have fallen back to building # static libs even though --disable-static was passed! for oldobj in $oldobjs; do if test ! -f $oldobj; then xdir=`$echo "X$oldobj" | $Xsed -e 's%/[^/]*$%%'` if test "X$xdir" = "X$oldobj"; then xdir="." else xdir="$xdir" fi baseobj=`$echo "X$oldobj" | $Xsed -e 's%^.*/%%'` obj=`$echo "X$baseobj" | $Xsed -e "$o2lo"` $show "(cd $xdir && ${LN_S} $obj $baseobj)" $run eval '(cd $xdir && ${LN_S} $obj $baseobj)' || exit $? fi done eval cmds=\"$old_archive_cmds\" fi IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" done if test -n "$generated"; then $show "${rm}r$generated" $run ${rm}r$generated fi # Now create the libtool archive. case "$output" in *.la) old_library= test "$build_old_libs" = yes && old_library="$libname.$libext" $show "creating $output" if test -n "$xrpath"; then temp_xrpath= for libdir in $xrpath; do temp_xrpath="$temp_xrpath -R$libdir" done dependency_libs="$temp_xrpath $dependency_libs" fi # Only create the output if not a dry run. if test -z "$run"; then for installed in no yes; do if test "$installed" = yes; then if test -z "$install_libdir"; then break fi output="$output_objdir/$outputname"i fi $rm $output $echo > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$dlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Directory that this library needs to be installed in: libdir='$install_libdir'\ " done fi # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)" $run eval "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)" || exit $? ;; esac exit 0 ;; # libtool install mode install) modename="$modename: install" # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh; then # Aesthetically quote it. arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"` case "$arg" in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*) arg="\"$arg\"" ;; esac install_prog="$arg " arg="$1" shift else install_prog= arg="$nonopt" fi # The real first argument should be the name of the installation program. # Aesthetically quote it. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case "$arg" in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*) arg="\"$arg\"" ;; esac install_prog="$install_prog$arg" # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=no stripme= for arg do if test -n "$dest"; then files="$files $dest" dest="$arg" continue fi case "$arg" in -d) isdir=yes ;; -f) prev="-f" ;; -g) prev="-g" ;; -m) prev="-m" ;; -o) prev="-o" ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then prev= else dest="$arg" continue fi ;; esac # Aesthetically quote the argument. arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` case "$arg" in *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*) arg="\"$arg\"" ;; esac install_prog="$install_prog $arg" done if test -z "$install_prog"; then $echo "$modename: you must specify an install program" 1>&2 $echo "$help" 1>&2 exit 1 fi if test -n "$prev"; then $echo "$modename: the \`$prev' option requires an argument" 1>&2 $echo "$help" 1>&2 exit 1 fi if test -z "$files"; then if test -z "$dest"; then $echo "$modename: no file or destination specified" 1>&2 else $echo "$modename: you must specify a destination" 1>&2 fi $echo "$help" 1>&2 exit 1 fi # Strip any trailing slash from the destination. dest=`$echo "X$dest" | $Xsed -e 's%/$%%'` # Check to see that the destination is a directory. test -d "$dest" && isdir=yes if test "$isdir" = yes; then destdir="$dest" destname= else destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'` test "X$destdir" = "X$dest" && destdir=. destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'` # Not a directory, so check to see that there is only one file specified. set dummy $files if test $# -gt 2; then $echo "$modename: \`$dest' is not a directory" 1>&2 $echo "$help" 1>&2 exit 1 fi fi case "$destdir" in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case "$file" in *.lo) ;; *) $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2 $echo "$help" 1>&2 exit 1 ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case "$file" in *.a | *.lib) # Do the static libraries later. staticlibs="$staticlibs $file" ;; *.la) # Check to see that this really is a libtool archive. if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : else $echo "$modename: \`$file' is not a valid libtool archive" 1>&2 $echo "$help" 1>&2 exit 1 fi library_names= old_library= # If there is no directory component, then add one. case "$file" in */* | *\\*) . $file ;; *) . ./$file ;; esac # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) current_libdirs="$current_libdirs $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) future_libdirs="$future_libdirs $libdir" ;; esac fi dir="`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/" test "X$dir" = "X$file/" && dir= dir="$dir$objdir" # See the names of the shared library. set dummy $library_names if test -n "$2"; then realname="$2" shift shift # Install the shared library and build the symlinks. $show "$install_prog $dir/$realname $destdir/$realname" $run eval "$install_prog $dir/$realname $destdir/$realname" || exit $? if test $# -gt 0; then # Delete the old symlinks, and create new ones. for linkname do if test "$linkname" != "$realname"; then $show "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)" $run eval "(cd $destdir && $rm $linkname && $LN_S $realname $linkname)" fi done fi # Do each command in the postinstall commands. lib="$destdir/$realname" eval cmds=\"$postinstall_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" fi # Install the pseudo-library for information purposes. name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` instname="$dir/$name"i $show "$install_prog $instname $destdir/$name" $run eval "$install_prog $instname $destdir/$name" || exit $? # Maybe install the static library, too. test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` destfile="$destdir/$destfile" fi # Deduce the name of the destination old-style object file. case "$destfile" in *.lo) staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"` ;; *.o | *.obj) staticdest="$destfile" destfile= ;; *) $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2 $echo "$help" 1>&2 exit 1 ;; esac # Install the libtool object if requested. if test -n "$destfile"; then $show "$install_prog $file $destfile" $run eval "$install_prog $file $destfile" || exit $? fi # Install the old object if enabled. if test "$build_old_libs" = yes; then # Deduce the name of the old-style object file. staticobj=`$echo "X$file" | $Xsed -e "$lo2o"` $show "$install_prog $staticobj $staticdest" $run eval "$install_prog \$staticobj \$staticdest" || exit $? fi exit 0 ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` destfile="$destdir/$destfile" fi # Do a test to see if this is really a libtool program. if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then link_against_libtool_libs= relink_command= # If there is no directory component, then add one. case "$file" in */* | *\\*) . $file ;; *) . ./$file ;; esac # Check the variables that should have been set. if test -z "$link_against_libtool_libs"; then $echo "$modename: invalid libtool wrapper script \`$file'" 1>&2 exit 1 fi finalize=yes for lib in $link_against_libtool_libs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then # If there is no directory component, then add one. case "$lib" in */* | *\\*) . $lib ;; *) . ./$lib ;; esac fi libfile="$libdir/`$echo "X$lib" | $Xsed -e 's%^.*/%%g'`" if test -n "$libdir" && test ! -f "$libfile"; then $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2 finalize=no fi done outputname= if test "$fast_install" = no && test -n "$relink_command"; then if test "$finalize" = yes && test -z "$run"; then tmpdir="/tmp" test -n "$TMPDIR" && tmpdir="$TMPDIR" tmpdir="$tmpdir/libtool-$$" if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then : else $echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2 continue fi outputname="$tmpdir/$file" # Replace the output file specification. relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` $show "$relink_command" if $run eval "$relink_command"; then : else $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 ${rm}r "$tmpdir" continue fi file="$outputname" else $echo "$modename: warning: cannot relink \`$file'" 1>&2 fi else # Install the binary that we compiled earlier. file=`$echo "X$file" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` fi fi $show "$install_prog$stripme $file $destfile" $run eval "$install_prog\$stripme \$file \$destfile" || exit $? test -n "$outputname" && ${rm}r "$tmpdir" ;; esac done for file in $staticlibs; do name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` # Set up the ranlib parameters. oldlib="$destdir/$name" $show "$install_prog $file $oldlib" $run eval "$install_prog \$file \$oldlib" || exit $? # Do each command in the postinstall commands. eval cmds=\"$old_postinstall_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || exit $? done IFS="$save_ifs" done if test -n "$future_libdirs"; then $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2 fi if test -n "$current_libdirs"; then # Maybe just do a dry run. test -n "$run" && current_libdirs=" -n$current_libdirs" exec $SHELL $0 --finish$current_libdirs exit 1 fi exit 0 ;; # libtool finish mode finish) modename="$modename: finish" libdirs="$nonopt" admincmds= if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for dir do libdirs="$libdirs $dir" done for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. eval cmds=\"$finish_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" || admincmds="$admincmds $cmd" done IFS="$save_ifs" fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $run eval "$cmds" || admincmds="$admincmds $cmds" fi done fi # Exit here if they wanted silent mode. test "$show" = : && exit 0 echo "----------------------------------------------------------------------" echo "Libraries have been installed in:" for libdir in $libdirs; do echo " $libdir" done echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" echo "specify the full pathname of the library, or use \`-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then echo " - add LIBDIR to the \`$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then echo " - add LIBDIR to the \`$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" echo " - use the \`$flag' linker flag" fi if test -n "$admincmds"; then echo " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" fi echo echo "See any operating system documentation about shared libraries for" echo "more information, such as the ld(1) and ld.so(8) manual pages." echo "----------------------------------------------------------------------" exit 0 ;; # libtool execute mode execute) modename="$modename: execute" # The first argument is the command name. cmd="$nonopt" if test -z "$cmd"; then $echo "$modename: you must specify a COMMAND" 1>&2 $echo "$help" exit 1 fi # Handle -dlopen flags immediately. for file in $execute_dlfiles; do if test ! -f "$file"; then $echo "$modename: \`$file' is not a file" 1>&2 $echo "$help" 1>&2 exit 1 fi dir= case "$file" in *.la) # Check to see that this really is a libtool archive. if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : else $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 $echo "$help" 1>&2 exit 1 fi # Read the libtool library. dlname= library_names= # If there is no directory component, then add one. case "$file" in */* | *\\*) . $file ;; *) . ./$file ;; esac # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'" continue fi dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` test "X$dir" = "X$file" && dir=. if test -f "$dir/$objdir/$dlname"; then dir="$dir/$objdir" else $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2 exit 1 fi ;; *.lo) # Just add the directory containing the .lo file. dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` test "X$dir" = "X$file" && dir=. ;; *) $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2 continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir="$absdir" # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic="$magic" # Check if any of the arguments is a wrapper script. args= for file do case "$file" in -*) ;; *) # Do a test to see if this is really a libtool program. if (sed -e '4q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then # If there is no directory component, then add one. case "$file" in */* | *\\*) . $file ;; *) . ./$file ;; esac # Transform arg to wrapped name. file="$progdir/$program" fi ;; esac # Quote arguments (to preserve shell metacharacters). file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"` args="$args \"$file\"" done if test -z "$run"; then if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved enviroment variables if test "${save_LC_ALL+set}" = set; then LC_ALL="$save_LC_ALL"; export LC_ALL fi if test "${save_LANG+set}" = set; then LANG="$save_LANG"; export LANG fi # Now actually exec the command. eval "exec \$cmd$args" $echo "$modename: cannot exec \$cmd$args" exit 1 else # Display what would be done. if test -n "$shlibpath_var"; then eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\"" $echo "export $shlibpath_var" fi $echo "$cmd$args" exit 0 fi ;; # libtool uninstall mode uninstall) modename="$modename: uninstall" rm="$nonopt" files= for arg do case "$arg" in -*) rm="$rm $arg" ;; *) files="$files $arg" ;; esac done if test -z "$rm"; then $echo "$modename: you must specify an RM program" 1>&2 $echo "$help" 1>&2 exit 1 fi for file in $files; do dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` test "X$dir" = "X$file" && dir=. name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` rmfiles="$file" case "$name" in *.la) # Possibly a libtool archive, so verify it. if (sed -e '2q' $file | egrep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then . $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do rmfiles="$rmfiles $dir/$n" done test -n "$old_library" && rmfiles="$rmfiles $dir/$old_library" $show "$rm $rmfiles" $run $rm $rmfiles if test -n "$library_names"; then # Do each command in the postuninstall commands. eval cmds=\"$postuninstall_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" done IFS="$save_ifs" fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. eval cmds=\"$old_postuninstall_cmds\" IFS="${IFS= }"; save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" $show "$cmd" $run eval "$cmd" done IFS="$save_ifs" fi # FIXME: should reinstall the best remaining shared library. fi ;; *.lo) if test "$build_old_libs" = yes; then oldobj=`$echo "X$name" | $Xsed -e "$lo2o"` rmfiles="$rmfiles $dir/$oldobj" fi $show "$rm $rmfiles" $run $rm $rmfiles ;; *) $show "$rm $rmfiles" $run $rm $rmfiles ;; esac done exit 0 ;; "") $echo "$modename: you must specify a MODE" 1>&2 $echo "$generic_help" 1>&2 exit 1 ;; esac $echo "$modename: invalid operation mode \`$mode'" 1>&2 $echo "$generic_help" 1>&2 exit 1 fi # test -z "$show_help" # We need to display help for each of the modes. case "$mode" in "") $echo \ "Usage: $modename [OPTION]... [MODE-ARG]... Provide generalized library-building support services. --config show all configuration variables --debug enable verbose shell tracing -n, --dry-run display commands without modifying any files --features display basic configuration information and exit --finish same as \`--mode=finish' --help display this help message and exit --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS] --quiet same as \`--silent' --silent don't print informational messages --version print version information MODE must be one of the following: compile compile a source file into a libtool object execute automatically set library path, then run a program finish complete the installation of libtool libraries install install libraries or executables link create a library or an executable uninstall remove libraries from an installed directory MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for a more detailed description of MODE." exit 0 ;; compile) $echo \ "Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -static always build a \`.o' file suitable for static linking COMPILE-COMMAND is a command to be used in creating a \`standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix \`.c' with the library object suffix, \`.lo'." ;; execute) $echo \ "Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to \`-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $echo \ "Usage: $modename [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the \`--dry-run' option if you just want to see what would be executed." ;; install) $echo \ "Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the \`install' or \`cp' program. The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $echo \ "Usage: $modename [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -static do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] All other options (arguments beginning with \`-') are ignored. Every other argument is treated as a filename. Files ending in \`.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in \`.la', then a libtool library is created, only library objects (\`.lo' files) may be specified, and \`-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created using \`ar' and \`ranlib', or on Windows using \`lib'. If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $echo \ "Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) $echo "$modename: invalid operation mode \`$mode'" 1>&2 $echo "$help" 1>&2 exit 1 ;; esac echo $echo "Try \`$modename --help' for more information about other modes." exit 0 # Local Variables: # mode:shell-script # sh-indentation:2 # End: cyrus-sasl-2.1.25/sample/0000777000076400007640000000000011632367341012212 500000000000000cyrus-sasl-2.1.25/sample/client.c0000646000076400007640000002520311475460507013557 00000000000000/* $Id: client.c,v 1.8 2010/12/01 14:51:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #include "common.h" /* remove \r\n at end of the line */ static void chop(char *s) { char *p; assert(s); p = s + strlen(s) - 1; if (p[0] == '\n') { *p-- = '\0'; } if (p >= s && p[0] == '\r') { *p-- = '\0'; } } static int getrealm(void *context __attribute__((unused)), int id, const char **availrealms, const char **result) { static char buf[1024]; /* paranoia check */ if (id != SASL_CB_GETREALM) return SASL_BADPARAM; if (!result) return SASL_BADPARAM; printf("please choose a realm (available:"); while (*availrealms) { printf(" %s", *availrealms); availrealms++; } printf("): "); fgets(buf, sizeof buf, stdin); chop(buf); *result = buf; return SASL_OK; } static int simple(void *context __attribute__((unused)), int id, const char **result, unsigned *len) { static char bufU[1024]; static char bufA[1024]; char *b; /* paranoia check */ if (! result) return SASL_BADPARAM; switch (id) { case SASL_CB_USER: printf("please enter an authorization id: "); b = bufU; break; case SASL_CB_AUTHNAME: printf("please enter an authentication id: "); b = bufA; break; default: return SASL_BADPARAM; } fgets(b, 1024, stdin); chop(b); *result = b; if (len) *len = strlen(b); return SASL_OK; } #ifndef HAVE_GETPASSPHRASE static char * getpassphrase(const char *prompt) { return getpass(prompt); } #endif /* ! HAVE_GETPASSPHRASE */ static int getsecret(sasl_conn_t *conn, void *context __attribute__((unused)), int id, sasl_secret_t **psecret) { char *password; size_t len; static sasl_secret_t *x; /* paranoia check */ if (! conn || ! psecret || id != SASL_CB_PASS) return SASL_BADPARAM; password = getpassphrase("Password: "); if (! password) return SASL_FAIL; len = strlen(password); x = (sasl_secret_t *) realloc(x, sizeof(sasl_secret_t) + len); if (!x) { memset(password, 0, len); return SASL_NOMEM; } x->len = len; strcpy(x->data, password); memset(password, 0, len); *psecret = x; return SASL_OK; } /* callbacks we support */ static sasl_callback_t callbacks[] = { { SASL_CB_GETREALM, &getrealm, NULL }, { SASL_CB_USER, &simple, NULL }, { SASL_CB_AUTHNAME, &simple, NULL }, { SASL_CB_PASS, &getsecret, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; int getconn(const char *host, const char *port) { struct addrinfo hints, *ai, *r; int err, sock = -1; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if ((err = getaddrinfo(host, port, &hints, &ai)) != 0) { fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(err)); exit(EX_UNAVAILABLE); } for (r = ai; r; r = r->ai_next) { sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if (sock < 0) continue; if (connect(sock, r->ai_addr, r->ai_addrlen) >= 0) break; close(sock); sock = -1; } freeaddrinfo(ai); if (sock < 0) { perror("connect"); exit(EX_UNAVAILABLE); } return sock; } char *mech; int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) { char buf[8192]; const char *data; const char *chosenmech; int len; int r, c; /* get the capability list */ dprintf(0, "receiving capability list... "); len = recv_string(in, buf, sizeof buf); dprintf(0, "%s\n", buf); if (mech) { /* make sure that 'mech' appears in 'buf' */ if (!strstr(buf, mech)) { printf("server doesn't offer mandatory mech '%s'\n", mech); return -1; } } else { mech = buf; } r = sasl_client_start(conn, mech, NULL, &data, &len, &chosenmech); if (r != SASL_OK && r != SASL_CONTINUE) { saslerr(r, "starting SASL negotiation"); printf("\n%s\n", sasl_errdetail(conn)); return -1; } dprintf(1, "using mechanism %s\n", chosenmech); /* we send up to 3 strings; the mechanism chosen, the presence of initial response, and optionally the initial response */ send_string(out, chosenmech, strlen(chosenmech)); if(data) { send_string(out, "Y", 1); send_string(out, data, len); } else { send_string(out, "N", 1); } for (;;) { dprintf(2, "waiting for server reply...\n"); c = fgetc(in); switch (c) { case 'O': goto done_ok; case 'N': goto done_no; case 'C': /* continue authentication */ break; default: printf("bad protocol from server (%c %x)\n", c, c); return -1; } len = recv_string(in, buf, sizeof buf); r = sasl_client_step(conn, buf, len, NULL, &data, &len); if (r != SASL_OK && r != SASL_CONTINUE) { saslerr(r, "performing SASL negotiation"); printf("\n%s\n", sasl_errdetail(conn)); return -1; } if (data) { dprintf(2, "sending response length %d...\n", len); send_string(out, data, len); } else { dprintf(2, "sending null response...\n"); send_string(out, "", 0); } } done_ok: printf("successful authentication\n"); return 0; done_no: printf("authentication failed\n"); return -1; } void usage(void) { fprintf(stderr, "usage: client [-c|-C] [-p port] [-s service] [-m mech] host\n"); exit(EX_USAGE); } int main(int argc, char *argv[]) { int c; char *host = "localhost"; char *port = "12345"; char localaddr[NI_MAXHOST + NI_MAXSERV], remoteaddr[NI_MAXHOST + NI_MAXSERV]; char *service = "rcmd"; char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; int r; sasl_conn_t *conn; FILE *in, *out; int fd; int salen; int niflags, error; struct sockaddr_storage local_ip, remote_ip; int cb_flag = 0; sasl_channel_binding_t cb; while ((c = getopt(argc, argv, "Ccp:s:m:")) != EOF) { switch(c) { case 'C': cb_flag = 2; /* channel bindings are critical */ break; case 'c': cb_flag = 1; /* channel bindings are optional */ break; case 'p': port = optarg; break; case 's': service = optarg; break; case 'm': mech = optarg; break; default: usage(); break; } } if (optind > argc - 1) { usage(); } if (optind == argc - 1) { host = argv[optind]; } /* initialize the sasl library */ r = sasl_client_init(callbacks); if (r != SASL_OK) saslfail(r, "initializing libsasl"); /* connect to remote server */ fd = getconn(host, port); /* set ip addresses */ salen = sizeof(local_ip); if (getsockname(fd, (struct sockaddr *)&local_ip, &salen) < 0) { perror("getsockname"); } niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (((struct sockaddr *)&local_ip)->sa_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif error = getnameinfo((struct sockaddr *)&local_ip, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags); if (error != 0) { fprintf(stderr, "getnameinfo: %s\n", gai_strerror(error)); strcpy(hbuf, "unknown"); strcpy(pbuf, "unknown"); } snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf); salen = sizeof(remote_ip); if (getpeername(fd, (struct sockaddr *)&remote_ip, &salen) < 0) { perror("getpeername"); } niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (((struct sockaddr *)&remote_ip)->sa_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif error = getnameinfo((struct sockaddr *)&remote_ip, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags); if (error != 0) { fprintf(stderr, "getnameinfo: %s\n", gai_strerror(error)); strcpy(hbuf, "unknown"); strcpy(pbuf, "unknown"); } snprintf(remoteaddr, sizeof(remoteaddr), "%s;%s", hbuf, pbuf); /* client new connection */ r = sasl_client_new(service, host, localaddr, remoteaddr, NULL, 0, &conn); if (r != SASL_OK) saslfail(r, "allocating connection state"); if (cb_flag) { cb.name = "sasl-sample"; cb.critical = cb_flag > 1; cb.data = "this is a test of channel binding"; cb.len = strlen(cb.data); sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb); } /* set external properties here sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops); */ /* set required security properties here sasl_setprop(conn, SASL_SEC_PROPS, &secprops); */ in = fdopen(fd, "r"); out = fdopen(fd, "w"); r = mysasl_negotiate(in, out, conn); if (r == SASL_OK) { /* send/receive data */ } printf("closing connection\n"); fclose(in); fclose(out); close(fd); sasl_dispose(&conn); sasl_done(); return r; } cyrus-sasl-2.1.25/sample/common.h0000666000076400007640000000413107622774126013601 00000000000000/* $Id: common.h,v 1.3 2003/02/13 19:56:06 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ extern int send_string(FILE *f, const char *s, int l); extern int recv_string(FILE *f, char *buf, int buflen); extern int debuglevel; extern int dprintf(int lvl, const char *fmt, ...); extern void saslerr(int why, const char *what); extern void saslfail(int why, const char *what); cyrus-sasl-2.1.25/sample/sample-client.c0000646000076400007640000004611111630151332015021 00000000000000/* sample-client.c -- sample SASL client * Rob Earhart * $Id: sample-client.c,v 1.33 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef WIN32 # include __declspec(dllimport) char *optarg; __declspec(dllimport) int optind; __declspec(dllimport) int getsubopt(char **optionp, const char * const *tokens, char **valuep); #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #include #ifdef macintosh #include #include #define MAX_ARGC (100) int xxx_main(int argc, char *argv[]); int main(void) { char *argv[MAX_ARGC]; int argc; char line[400]; SIOUXSettings.asktosaveonclose = 0; SIOUXSettings.showstatusline = 1; argc=parse_cmd_line(MAX_ARGC,argv,sizeof(line),line); return xxx_main(argc,argv); } #define main xxx_main #endif #ifdef HAVE_GETOPT_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifndef HAVE_GETSUBOPT int getsubopt(char **optionp, const char * const *tokens, char **valuep); #endif static const char build_ident[] = "$Build: sample-client " PACKAGE "-" VERSION " $"; static const char *progname = NULL; static int verbose; #define SAMPLE_SEC_BUF_SIZE (2048) #define N_CALLBACKS (16) static const char message[] = "Come here Watson, I want you."; char buf[SAMPLE_SEC_BUF_SIZE]; static const char *bit_subopts[] = { #define OPT_MIN (0) "min", #define OPT_MAX (1) "max", NULL }; static const char *ext_subopts[] = { #define OPT_EXT_SSF (0) "ssf", #define OPT_EXT_ID (1) "id", NULL }; static const char *flag_subopts[] = { #define OPT_NOPLAIN (0) "noplain", #define OPT_NOACTIVE (1) "noactive", #define OPT_NODICT (2) "nodict", #define OPT_FORWARDSEC (3) "forwardsec", #define OPT_NOANONYMOUS (4) "noanonymous", #define OPT_PASSCRED (5) "passcred", NULL }; static const char *ip_subopts[] = { #define OPT_IP_LOCAL (0) "local", #define OPT_IP_REMOTE (1) "remote", NULL }; static sasl_conn_t *conn = NULL; static void free_conn(void) { if (conn) sasl_dispose(&conn); } static int sasl_my_log(void *context __attribute__((unused)), int priority, const char *message) { const char *label; if (! message) return SASL_BADPARAM; switch (priority) { case SASL_LOG_ERR: label = "Error"; break; case SASL_LOG_NOTE: label = "Info"; break; default: label = "Other"; break; } fprintf(stderr, "%s: SASL %s: %s\n", progname, label, message); return SASL_OK; } static int getrealm(void *context, int id, const char **availrealms __attribute__((unused)), const char **result) { if (id!=SASL_CB_GETREALM) return SASL_FAIL; *result=(char *) context; return SASL_OK; } static int getpath(void *context, const char ** path) { const char *searchpath = (const char *) context; if (! path) return SASL_BADPARAM; if (searchpath) { *path = searchpath; } else { *path = PLUGINDIR; } return SASL_OK; } static int simple(void *context, int id, const char **result, unsigned *len) { const char *value = (const char *)context; if (! result) return SASL_BADPARAM; switch (id) { case SASL_CB_USER: *result = value; if (len) *len = value ? (unsigned) strlen(value) : 0; break; case SASL_CB_AUTHNAME: *result = value; if (len) *len = value ? (unsigned) strlen(value) : 0; break; case SASL_CB_LANGUAGE: *result = NULL; if (len) *len = 0; break; default: return SASL_BADPARAM; } printf("returning OK: %s\n", *result); return SASL_OK; } #ifndef HAVE_GETPASSPHRASE static char * getpassphrase(const char *prompt) { return getpass(prompt); } #endif /* ! HAVE_GETPASSPHRASE */ static int getsecret(sasl_conn_t *conn, void *context __attribute__((unused)), int id, sasl_secret_t **psecret) { char *password; unsigned len; if (! conn || ! psecret || id != SASL_CB_PASS) return SASL_BADPARAM; password = getpassphrase("Password: "); if (! password) return SASL_FAIL; len = (unsigned) strlen(password); *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len); if (! *psecret) { memset(password, 0, len); return SASL_NOMEM; } (*psecret)->len = len; strcpy((char *)(*psecret)->data, password); memset(password, 0, len); return SASL_OK; } static int prompt(void *context __attribute__((unused)), int id, const char *challenge, const char *prompt, const char *defresult, const char **result, unsigned *len) { if ((id != SASL_CB_ECHOPROMPT && id != SASL_CB_NOECHOPROMPT) || !prompt || !result || !len) return SASL_BADPARAM; if (! defresult) defresult = ""; fputs(prompt, stdout); if (challenge) printf(" [challenge: %s]", challenge); printf(" [%s]: ", defresult); fflush(stdout); if (id == SASL_CB_ECHOPROMPT) { char *original = getpassphrase(""); if (! original) return SASL_FAIL; if (*original) *result = strdup(original); else *result = strdup(defresult); memset(original, 0L, strlen(original)); } else { char buf[1024]; fgets(buf, 1024, stdin); if (buf[0]) { *result = strdup(buf); } else { *result = strdup(defresult); } memset(buf, 0L, sizeof(buf)); } if (! *result) return SASL_NOMEM; *len = (unsigned) strlen(*result); return SASL_OK; } static void sasldebug(int why, const char *what, const char *errstr) { fprintf(stderr, "%s: %s: %s", progname, what, sasl_errstring(why, NULL, NULL)); if (errstr) fprintf(stderr, " (%s)\n", errstr); else putc('\n', stderr); } static void saslfail(int why, const char *what, const char *errstr) { sasldebug(why, what, errstr); free_conn(); sasl_done(); exit(EXIT_FAILURE); } static void fail(const char *what) { fprintf(stderr, "%s: %s\n", progname, what); exit(EXIT_FAILURE); } static void osfail() { perror(progname); exit(EXIT_FAILURE); } static void samp_send(const char *buffer, unsigned length) { char *buf; unsigned len, alloclen; int result; alloclen = ((length / 3) + 1) * 4 + 1; buf = malloc(alloclen); if (! buf) osfail(); result = sasl_encode64(buffer, length, buf, alloclen, &len); if (result != SASL_OK) saslfail(result, "Encoding data in base64", NULL); printf("C: %s\n", buf); free(buf); } static unsigned samp_recv() { unsigned len; int result; if (! fgets(buf, SAMPLE_SEC_BUF_SIZE, stdin)) { fail("Unable to parse input"); } if (strncmp(buf, "S: ", 3) != 0) { fail("Line must start with 'S: '"); } len = strlen(buf); if (len > 0 && buf[len-1] == '\n') { buf[len-1] = '\0'; } result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3), buf, SAMPLE_SEC_BUF_SIZE, &len); if (result != SASL_OK) saslfail(result, "Decoding data from base64", NULL); buf[len] = '\0'; printf("recieved %d byte message\n",len); if (verbose) { printf("got '%s'\n", buf); } return len; } int main(int argc, char *argv[]) { int c = 0; int errflag = 0; int result; sasl_security_properties_t secprops; sasl_ssf_t extssf = 0; const char *ext_authid = NULL; char *options, *value; const char *data; const char *chosenmech; int serverlast = 0; unsigned len; int clientfirst = 1; sasl_callback_t callbacks[N_CALLBACKS], *callback; char *realm = NULL; char *mech = NULL, *iplocal = NULL, *ipremote = NULL, *searchpath = NULL, *service = "rcmd", *fqdn = "", *userid = NULL, *authid = NULL; sasl_ssf_t *ssf; #ifdef WIN32 /* initialize winsock */ WSADATA wsaData; result = WSAStartup( MAKEWORD(2, 0), &wsaData ); if ( result != 0) { saslfail(SASL_FAIL, "Initializing WinSockets", NULL); } #endif progname = strrchr(argv[0], HIER_DELIMITER); if (progname) progname++; else progname = argv[0]; /* Init defaults... */ memset(&secprops, 0L, sizeof(secprops)); secprops.maxbufsize = SAMPLE_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; verbose = 0; while ((c = getopt(argc, argv, "vhldb:e:m:f:i:p:r:s:n:u:a:?")) != EOF) switch (c) { case 'v': verbose = 1; break; case 'b': options = optarg; while (*options != '\0') switch(getsubopt(&options, (const char * const *)bit_subopts, &value)) { case OPT_MIN: if (! value) errflag = 1; else secprops.min_ssf = atoi(value); break; case OPT_MAX: if (! value) errflag = 1; else secprops.max_ssf = atoi(value); break; default: errflag = 1; break; } break; case 'l': serverlast = SASL_SUCCESS_DATA; break; case 'd': clientfirst = 0; break; case 'e': options = optarg; while (*options != '\0') switch(getsubopt(&options, (const char * const *)ext_subopts, &value)) { case OPT_EXT_SSF: if (! value) errflag = 1; else extssf = atoi(value); break; case OPT_MAX: if (! value) errflag = 1; else ext_authid = value; break; default: errflag = 1; break; } break; case 'm': mech = optarg; break; case 'f': options = optarg; while (*options != '\0') { switch(getsubopt(&options, (const char * const *)flag_subopts, &value)) { case OPT_NOPLAIN: secprops.security_flags |= SASL_SEC_NOPLAINTEXT; break; case OPT_NOACTIVE: secprops.security_flags |= SASL_SEC_NOACTIVE; break; case OPT_NODICT: secprops.security_flags |= SASL_SEC_NODICTIONARY; break; case OPT_FORWARDSEC: secprops.security_flags |= SASL_SEC_FORWARD_SECRECY; break; case OPT_NOANONYMOUS: secprops.security_flags |= SASL_SEC_NOANONYMOUS; break; case OPT_PASSCRED: secprops.security_flags |= SASL_SEC_PASS_CREDENTIALS; break; default: errflag = 1; break; } if (value) errflag = 1; } break; case 'i': options = optarg; while (*options != '\0') switch(getsubopt(&options, (const char * const *)ip_subopts, &value)) { case OPT_IP_LOCAL: if (! value) errflag = 1; else iplocal = value; break; case OPT_IP_REMOTE: if (! value) errflag = 1; else ipremote = value; break; default: errflag = 1; break; } break; case 'p': searchpath = optarg; break; case 'r': realm = optarg; break; case 's': service=malloc(1000); strcpy(service,optarg); /* service = optarg;*/ printf("service=%s\n",service); break; case 'n': fqdn = optarg; break; case 'u': userid = optarg; break; case 'a': authid = optarg; break; default: /* unknown flag */ errflag = 1; break; } if (optind != argc) { /* We don't *have* extra arguments */ errflag = 1; } if (errflag) { fprintf(stderr, "%s: Usage: %s [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECH] [-f FLAGS] [-i local=IP,remote=IP] [-p PATH] [-s NAME] [-n FQDN] [-u ID] [-a ID]\n" "\t-b ...\t#bits to use for encryption\n" "\t\tmin=N\tminumum #bits to use (1 => integrity)\n" "\t\tmax=N\tmaximum #bits to use\n" "\t-e ...\tassume external encryption\n" "\t\tssf=N\texternal mech provides N bits of encryption\n" "\t\tid=ID\texternal mech provides authentication id ID\n" "\t-m MECH\tforce use of MECH for security\n" "\t-f ...\tset security flags\n" "\t\tnoplain\t\trequire security vs. passive attacks\n" "\t\tnoactive\trequire security vs. active attacks\n" "\t\tnodict\t\trequire security vs. passive dictionary attacks\n" "\t\tforwardsec\trequire forward secrecy\n" "\t\tmaximum\t\trequire all security flags\n" "\t\tpasscred\tattempt to pass client credentials\n" "\t-i ...\tset IP addresses (required by some mechs)\n" "\t\tlocal=IP;PORT\tset local address to IP, port PORT\n" "\t\tremote=IP;PORT\tset remote address to IP, port PORT\n" "\t-p PATH\tcolon-seperated search path for mechanisms\n" "\t-r REALM\trealm to use" "\t-s NAME\tservice name pass to mechanisms\n" "\t-n FQDN\tserver fully-qualified domain name\n" "\t-u ID\tuser (authorization) id to request\n" "\t-a ID\tid to authenticate as\n" "\t-d\tDisable client-send-first\n" "\t-l\tEnable server-send-last\n", progname, progname); exit(EXIT_FAILURE); } /* Fill in the callbacks that we're providing... */ callback = callbacks; /* log */ callback->id = SASL_CB_LOG; callback->proc = (sasl_callback_ft)&sasl_my_log; callback->context = NULL; ++callback; /* getpath */ if (searchpath) { callback->id = SASL_CB_GETPATH; callback->proc = (sasl_callback_ft)&getpath; callback->context = searchpath; ++callback; } /* user */ if (userid) { callback->id = SASL_CB_USER; callback->proc = (sasl_callback_ft)&simple; callback->context = userid; ++callback; } /* authname */ if (authid) { callback->id = SASL_CB_AUTHNAME; callback->proc = (sasl_callback_ft)&simple; callback->context = authid; ++callback; } if (realm!=NULL) { callback->id = SASL_CB_GETREALM; callback->proc = (sasl_callback_ft)&getrealm; callback->context = realm; callback++; } /* password */ callback->id = SASL_CB_PASS; callback->proc = (sasl_callback_ft)&getsecret; callback->context = NULL; ++callback; /* echoprompt */ callback->id = SASL_CB_ECHOPROMPT; callback->proc = (sasl_callback_ft)&prompt; callback->context = NULL; ++callback; /* noechoprompt */ callback->id = SASL_CB_NOECHOPROMPT; callback->proc = (sasl_callback_ft)&prompt; callback->context = NULL; ++callback; /* termination */ callback->id = SASL_CB_LIST_END; callback->proc = NULL; callback->context = NULL; ++callback; if (N_CALLBACKS < callback - callbacks) fail("Out of callback space; recompile with larger N_CALLBACKS"); result = sasl_client_init(callbacks); if (result != SASL_OK) saslfail(result, "Initializing libsasl", NULL); result = sasl_client_new(service, fqdn, iplocal,ipremote, NULL,serverlast, &conn); if (result != SASL_OK) saslfail(result, "Allocating sasl connection state", NULL); if(extssf) { result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extssf); if (result != SASL_OK) saslfail(result, "Setting external SSF", NULL); } if(ext_authid) { result = sasl_setprop(conn, SASL_AUTH_EXTERNAL, &ext_authid); if (result != SASL_OK) saslfail(result, "Setting external authid", NULL); } result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); if (result != SASL_OK) saslfail(result, "Setting security properties", NULL); puts("Waiting for mechanism list from server..."); len = samp_recv(); if (mech) { printf("Forcing use of mechanism %s\n", mech); strncpy(buf, mech, SAMPLE_SEC_BUF_SIZE); buf[SAMPLE_SEC_BUF_SIZE - 1] = '\0'; } printf("Choosing best mechanism from: %s\n", buf); if(clientfirst) { result = sasl_client_start(conn, buf, NULL, &data, &len, &chosenmech); } else { data = ""; len = 0; result = sasl_client_start(conn, buf, NULL, NULL, 0, &chosenmech); } if (result != SASL_OK && result != SASL_CONTINUE) { printf("error was %s\n", sasl_errdetail(conn)); saslfail(result, "Starting SASL negotiation", NULL); } printf("Using mechanism %s\n", chosenmech); strcpy(buf, chosenmech); if (data) { if (SAMPLE_SEC_BUF_SIZE - strlen(buf) - 1 < len) fail("Not enough buffer space"); puts("Preparing initial."); memcpy(buf + strlen(buf) + 1, data, len); len += (unsigned) strlen(buf) + 1; data = NULL; } else { len = (unsigned) strlen(buf); } puts("Sending initial response..."); samp_send(buf, len); while (result == SASL_CONTINUE) { puts("Waiting for server reply..."); len = samp_recv(); result = sasl_client_step(conn, buf, len, NULL, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) saslfail(result, "Performing SASL negotiation", NULL); if (data && len) { puts("Sending response..."); samp_send(data, len); } else if (result != SASL_OK || !serverlast) { samp_send("",0); } } puts("Negotiation complete"); result = sasl_getprop(conn, SASL_USERNAME, (const void **)&data); if (result != SASL_OK) sasldebug(result, "username", NULL); else printf("Username: %s\n", data); #define CLIENT_MSG1 "client message 1" #define SERVER_MSG1 "srv message 1" result = sasl_getprop(conn, SASL_SSF, (const void **)&ssf); if (result != SASL_OK) sasldebug(result, "ssf", NULL); else printf("SSF: %d\n", *ssf); printf("Waiting for encoded message...\n"); len=samp_recv(); { unsigned int recv_len; const char *recv_data; result=sasl_decode(conn,buf,len,&recv_data,&recv_len); if (result != SASL_OK) saslfail(result, "sasl_decode", NULL); printf("recieved decoded message '%s'\n",recv_data); if(strcmp(recv_data,SERVER_MSG1)!=0) saslfail(1,"recive decoded server message",NULL); } result=sasl_encode(conn,CLIENT_MSG1,sizeof(CLIENT_MSG1), &data,&len); if (result != SASL_OK) saslfail(result, "sasl_encode", NULL); printf("sending encrypted message '%s'\n",CLIENT_MSG1); samp_send(data,len); free_conn(); sasl_done(); #ifdef WIN32 WSACleanup(); #endif return (EXIT_SUCCESS); } cyrus-sasl-2.1.25/sample/http_digest_client.c0000666000076400007640000001544311563276524016166 00000000000000/* * Cheesy HTTP 1.1 client used for testing HTTP Digest (RFC 2617) * variant of DIGEST-MD5 plugin * * XXX This client REQUIRES a persistent connection and * WILL NOT accept a body in any HTTP response */ #include #include #include #include #include #include #include #include #include #include #include #define SUCCESS 0 #define ERROR 1 #define BUFFER_SIZE 8192 #define DIGEST_AUTH_HEADER "\r\nWWW-Authenticate: Digest " #define DIGEST_OK_HEADER "\r\nAuthentication-Info: " void interact(sasl_interact_t *ilist) { while (ilist->id != SASL_CB_LIST_END) { switch (ilist->id) { case SASL_CB_AUTHNAME: /* auth as current uid */ ilist->result = strdup(getpwuid(getuid())->pw_name); break; case SASL_CB_PASS: /* prompt for password */ printf("%s: ", ilist->prompt); ilist->result = strdup(getpass("")); break; } ilist->len = strlen(ilist->result); ilist++; } } int main(int argc __attribute__((unused)), char *argv[]) { const char *hostname = "localhost"; int port = 80; int sd, rc, status; struct sockaddr_in localAddr, servAddr; struct hostent *h; const char *sasl_impl, *sasl_ver; sasl_conn_t *saslconn; sasl_interact_t *interactions = NULL; sasl_security_properties_t secprops = { 0, /* min SSF ("auth") */ 1, /* max SSF ("auth-int") */ 0, /* don't need maxbuf */ 0, /* security flags */ NULL, NULL }; sasl_http_request_t httpreq = { "HEAD", /* Method */ "/", /* URI */ (u_char *) "", /* Empty body */ 0, /* Zero-length body */ 0 }; /* Persistent cxn */ sasl_callback_t callbacks[] = { { SASL_CB_AUTHNAME, NULL, NULL }, { SASL_CB_PASS, NULL, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; const char *response = NULL; unsigned int resplen = 0; char buffer[BUFFER_SIZE+1], *request, *challenge, *p; int i, code; printf("\n-- Hostname = %s , Port = %d , URI = %s\n", hostname, port, httpreq.uri); h = gethostbyname(hostname); if(h == NULL) { printf("unknown host: %s \n ", hostname); exit(ERROR); } servAddr.sin_family = h->h_addrtype; memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0], h->h_length); servAddr.sin_port = htons(port); /* create socket */ printf("-- Create socket... "); sd = socket(AF_INET, SOCK_STREAM, 0); if (sd < 0) { perror("cannot open socket "); exit(ERROR); } /* bind port number */ printf("Bind port number... "); localAddr.sin_family = AF_INET; localAddr.sin_addr.s_addr = htonl(INADDR_ANY); localAddr.sin_port = htons(0); rc = bind(sd, (struct sockaddr *) &localAddr, sizeof(localAddr)); if (rc < 0) { printf("%s: cannot bind port TCP %u\n",argv[0],port); perror("error "); exit(ERROR); } /* connect to server */ printf("Connect to server...\n"); rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr)); if (rc < 0) { perror("cannot connect "); exit(ERROR); } /* get SASL version info */ sasl_version_info(&sasl_impl, &sasl_ver, NULL, NULL, NULL, NULL); /* initialize client-side of SASL */ status = sasl_client_init(callbacks); /* request the URI twice, so we test both initial auth and reauth */ for (i = 0; i < 2; i++) { /* initialize a client exchange * * SASL_NEED_HTTP: forces HTTP Digest mode (REQUIRED) * SASL_SUCCESS_DATA: HTTP supports success data in * Authentication-Info header (REQUIRED) */ status = sasl_client_new("http", hostname, NULL, NULL, NULL, SASL_NEED_HTTP | SASL_SUCCESS_DATA, &saslconn); if (status != SASL_OK) { perror("sasl_client_new() failed "); exit(ERROR); } /* Set security peoperties as specified above */ sasl_setprop(saslconn, SASL_SEC_PROPS, &secprops); /* Set HTTP request as specified above (REQUIRED) */ sasl_setprop(saslconn, SASL_HTTP_REQUEST, &httpreq); do { /* start the Digest exchange */ status = sasl_client_start(saslconn, "DIGEST-MD5", &interactions, &response, &resplen, NULL); if (status == SASL_INTERACT) interact(interactions); } while (status == SASL_INTERACT); if ((status != SASL_OK) && (status != SASL_CONTINUE)) { perror("sasl_client_start() failed "); exit(ERROR); } do { /* send request (with Auth data if we have it ) */ request = buffer; request += sprintf(request, "%s %s HTTP/1.1\r\n", httpreq.method, httpreq.uri); request += sprintf(request, "Host: %s\r\n", hostname); request += sprintf(request, "User-Agent: HTTP Digest Test Client" " (%s/%s)\r\n", sasl_impl, sasl_ver); request += sprintf(request, "Connection: keep-alive\r\n"); request += sprintf(request, "Keep-Alive: 300\r\n"); if (response) { request += sprintf(request, "Authorization: Digest %s\r\n", response); } request += sprintf(request, "\r\n"); request = buffer; printf("\n-- Send HTTP request:\n\n%s", request); rc = write(sd, request, strlen(request)); if (rc < 0) { perror("cannot send data "); close(sd); exit(ERROR); } /* display response */ printf("-- Received response:\n\tfrom server: http://%s%s, IP = %s,\n\n", hostname, httpreq.uri, inet_ntoa(servAddr.sin_addr)); rc = read(sd, buffer, BUFFER_SIZE); if (rc <= 0) { perror("cannot read data "); close(sd); exit(ERROR); } buffer[rc] = '\0'; printf("%s", buffer); /* get response code */ sscanf(buffer, "HTTP/1.1 %d ", &code); if (code == 401) { /* find Digest challenge */ challenge = strstr(buffer, DIGEST_AUTH_HEADER); if (!challenge) break; challenge += strlen(DIGEST_AUTH_HEADER); p = strchr(challenge, '\r'); *p = '\0'; do { /* do the next step in the exchange */ status = sasl_client_step(saslconn, challenge, strlen(challenge), &interactions, &response, &resplen); if (status == SASL_INTERACT) interact(interactions); } while (status == SASL_INTERACT); if ((status != SASL_OK) && (status != SASL_CONTINUE)) { perror("sasl_client_step failed "); exit(ERROR); } } } while (code == 401); if ((code == 200) && (status == SASL_CONTINUE)) { /* find Digest response */ challenge = strstr(buffer, DIGEST_OK_HEADER); if (challenge) { challenge += strlen(DIGEST_OK_HEADER); p = strchr(challenge, '\r'); *p = '\0'; /* do the final step in the exchange (server auth) */ status = sasl_client_step(saslconn, challenge, strlen(challenge), &interactions, &response, &resplen); } } sasl_dispose(&saslconn); } sasl_client_done(); close(sd); return SUCCESS; } cyrus-sasl-2.1.25/sample/server.c0000646000076400007640000004054411475460507013614 00000000000000/* $Id: server.c,v 1.10 2010/12/01 14:51:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Copyright 2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * */ #include #include #include #include #include #include #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE #include #include #endif #include "common.h" #if !defined(IPV6_BINDV6ONLY) && defined(IN6P_IPV6_V6ONLY) #define IPV6_BINDV6ONLY IN6P_BINDV6ONLY #endif #if !defined(IPV6_V6ONLY) && defined(IPV6_BINDV6ONLY) #define IPV6_V6ONLY IPV6_BINDV6ONLY #endif #ifndef IPV6_BINDV6ONLY #undef IPV6_V6ONLY #endif #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE static OM_uint32 enumerateAttributes(OM_uint32 *minor, gss_name_t name, int noisy); #endif /* create a socket listening on port 'port' */ /* if af is PF_UNSPEC more than one socket may be returned */ /* the returned list is dynamically allocated, so caller needs to free it */ int *listensock(const char *port, const int af) { struct addrinfo hints, *ai, *r; int err, maxs, *sock, *socks; const int on = 1; memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; hints.ai_family = af; hints.ai_socktype = SOCK_STREAM; err = getaddrinfo(NULL, port, &hints, &ai); if (err) { fprintf(stderr, "%s\n", gai_strerror(err)); exit(EX_USAGE); } /* Count max number of sockets we may open */ for (maxs = 0, r = ai; r; r = r->ai_next, maxs++) ; socks = malloc((maxs + 1) * sizeof(int)); if (!socks) { fprintf(stderr, "couldn't allocate memory for sockets\n"); freeaddrinfo(ai); exit(EX_OSERR); } socks[0] = 0; /* num of sockets counter at start of array */ sock = socks + 1; for (r = ai; r; r = r->ai_next) { fprintf(stderr, "trying %d, %d, %d\n",r->ai_family, r->ai_socktype, r->ai_protocol); *sock = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if (*sock < 0) { perror("socket"); continue; } if (setsockopt(*sock, SOL_SOCKET, SO_REUSEADDR, (void *) &on, sizeof(on)) < 0) { perror("setsockopt(SO_REUSEADDR)"); close(*sock); continue; } #if defined(IPV6_V6ONLY) && !(defined(__FreeBSD__) && __FreeBSD__ < 3) if (r->ai_family == AF_INET6) { if (setsockopt(*sock, IPPROTO_IPV6, IPV6_BINDV6ONLY, (void *) &on, sizeof(on)) < 0) { perror("setsockopt (IPV6_BINDV6ONLY)"); close(*sock); continue; } } #endif if (bind(*sock, r->ai_addr, r->ai_addrlen) < 0) { perror("bind"); close(*sock); continue; } if (listen(*sock, 5) < 0) { perror("listen"); close(*sock); continue; } socks[0]++; sock++; } freeaddrinfo(ai); if (socks[0] == 0) { fprintf(stderr, "Couldn't bind to any socket\n"); free(socks); exit(EX_OSERR); } return socks; } void usage(void) { fprintf(stderr, "usage: server [-C|-c] [-h hostname] [-p port] [-s service] [-m mech]\n"); exit(EX_USAGE); } /* globals because i'm lazy */ char *mech; /* do the sasl negotiation; return -1 if it fails */ int mysasl_negotiate(FILE *in, FILE *out, sasl_conn_t *conn) { char buf[8192]; char chosenmech[128]; const char *data; int len; int r = SASL_FAIL; const char *userid; #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE gss_name_t peer = GSS_C_NO_NAME; #endif /* generate the capability list */ if (mech) { dprintf(2, "forcing use of mechanism %s\n", mech); data = strdup(mech); len = strlen(data); } else { int count; dprintf(1, "generating client mechanism list... "); r = sasl_listmech(conn, NULL, NULL, " ", NULL, &data, &len, &count); if (r != SASL_OK) saslfail(r, "generating mechanism list"); dprintf(1, "%d mechanisms\n", count); } /* send capability list to client */ send_string(out, data, len); dprintf(1, "waiting for client mechanism...\n"); len = recv_string(in, chosenmech, sizeof chosenmech); if (len <= 0) { printf("client didn't choose mechanism\n"); fputc('N', out); /* send NO to client */ fflush(out); return -1; } if (mech && strcasecmp(mech, chosenmech)) { printf("client didn't choose mandatory mechanism\n"); fputc('N', out); /* send NO to client */ fflush(out); return -1; } len = recv_string(in, buf, sizeof(buf)); if(len != 1) { saslerr(r, "didn't receive first-send parameter correctly"); fputc('N', out); fflush(out); return -1; } if(buf[0] == 'Y') { /* receive initial response (if any) */ len = recv_string(in, buf, sizeof(buf)); /* start libsasl negotiation */ r = sasl_server_start(conn, chosenmech, buf, len, &data, &len); } else { r = sasl_server_start(conn, chosenmech, NULL, 0, &data, &len); } if (r != SASL_OK && r != SASL_CONTINUE) { saslerr(r, "starting SASL negotiation"); fputc('N', out); /* send NO to client */ fflush(out); return -1; } while (r == SASL_CONTINUE) { if (data) { dprintf(2, "sending response length %d...\n", len); fputc('C', out); /* send CONTINUE to client */ send_string(out, data, len); } else { dprintf(2, "sending null response...\n"); fputc('C', out); /* send CONTINUE to client */ send_string(out, "", 0); } dprintf(1, "waiting for client reply...\n"); len = recv_string(in, buf, sizeof buf); if (len < 0) { printf("client disconnected\n"); return -1; } r = sasl_server_step(conn, buf, len, &data, &len); if (r != SASL_OK && r != SASL_CONTINUE) { saslerr(r, "performing SASL negotiation"); fputc('N', out); /* send NO to client */ fflush(out); return -1; } } if (r != SASL_OK) { saslerr(r, "incorrect authentication"); fputc('N', out); /* send NO to client */ fflush(out); return -1; } fputc('O', out); /* send OK to client */ fflush(out); dprintf(1, "negotiation complete\n"); r = sasl_getprop(conn, SASL_USERNAME, (const void **) &userid); printf("successful authentication '%s'\n", userid); #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE r = sasl_getprop(conn, SASL_GSS_PEER_NAME, (const void **) &peer); if (peer != GSS_C_NO_NAME) { OM_uint32 minor; enumerateAttributes(&minor, peer, 1); } #endif return 0; } int main(int argc, char *argv[]) { int c; char *port = "12345"; char *service = "rcmd"; char *hostname = NULL; int *l, maxfd=0; int r, i; sasl_conn_t *conn; int cb_flag = 0; while ((c = getopt(argc, argv, "Cch:p:s:m:")) != EOF) { switch(c) { case 'C': cb_flag = 2; /* channel bindings are critical */ break; case 'c': cb_flag = 1; /* channel bindings are present */ break; case 'h': hostname = optarg; break; case 'p': port = optarg; break; case 's': service = optarg; break; case 'm': mech = optarg; break; default: usage(); break; } } /* initialize the sasl library */ r = sasl_server_init(NULL, "sample"); if (r != SASL_OK) saslfail(r, "initializing libsasl"); /* get a listening socket */ if ((l = listensock(port, PF_UNSPEC)) == NULL) { saslfail(SASL_FAIL, "allocating listensock"); } for (i = 1; i <= l[0]; i++) { if (l[i] > maxfd) maxfd = l[i]; } for (;;) { char localaddr[NI_MAXHOST | NI_MAXSERV], remoteaddr[NI_MAXHOST | NI_MAXSERV]; char myhostname[1024+1]; char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; struct sockaddr_storage local_ip, remote_ip; int niflags, error; int salen; int nfds, fd = -1; FILE *in, *out; fd_set readfds; sasl_channel_binding_t cb; FD_ZERO(&readfds); for (i = 1; i <= l[0]; i++) FD_SET(l[i], &readfds); nfds = select(maxfd + 1, &readfds, 0, 0, 0); if (nfds <= 0) { if (nfds < 0 && errno != EINTR) perror("select"); continue; } for (i = 1; i <= l[0]; i++) if (FD_ISSET(l[i], &readfds)) { fd = accept(l[i], NULL, NULL); break; } if (fd < 0) { if (errno != EINTR) perror("accept"); continue; } printf("accepted new connection\n"); /* set ip addresses */ salen = sizeof(local_ip); if (getsockname(fd, (struct sockaddr *)&local_ip, &salen) < 0) { perror("getsockname"); } niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (((struct sockaddr *)&local_ip)->sa_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif error = getnameinfo((struct sockaddr *)&local_ip, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags); if (error != 0) { fprintf(stderr, "getnameinfo: %s\n", gai_strerror(error)); strcpy(hbuf, "unknown"); strcpy(pbuf, "unknown"); } snprintf(localaddr, sizeof(localaddr), "%s;%s", hbuf, pbuf); salen = sizeof(remote_ip); if (getpeername(fd, (struct sockaddr *)&remote_ip, &salen) < 0) { perror("getpeername"); } niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (((struct sockaddr *)&remote_ip)->sa_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif error = getnameinfo((struct sockaddr *)&remote_ip, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags); if (error != 0) { fprintf(stderr, "getnameinfo: %s\n", gai_strerror(error)); strcpy(hbuf, "unknown"); strcpy(pbuf, "unknown"); } snprintf(remoteaddr, sizeof(remoteaddr), "%s;%s", hbuf, pbuf); if (hostname == NULL) { r = gethostname(myhostname, sizeof(myhostname)-1); if(r == -1) saslfail(r, "getting hostname"); hostname = myhostname; } r = sasl_server_new(service, hostname, NULL, localaddr, remoteaddr, NULL, 0, &conn); if (r != SASL_OK) saslfail(r, "allocating connection state"); cb.name = "sasl-sample"; cb.critical = cb_flag > 1; cb.data = "this is a test of channel binding"; cb.len = strlen(cb.data); if (cb_flag) { sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb); } /* set external properties here sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops); */ /* set required security properties here sasl_setprop(conn, SASL_SEC_PROPS, &secprops); */ in = fdopen(fd, "r"); out = fdopen(fd, "w"); r = mysasl_negotiate(in, out, conn); if (r == SASL_OK) { /* send/receive data */ } printf("closing connection\n"); fclose(in); fclose(out); close(fd); sasl_dispose(&conn); } sasl_done(); } #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE static void displayStatus_1(m, code, type) char *m; OM_uint32 code; int type; { OM_uint32 maj_stat, min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; msg_ctx = 0; while (1) { maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NULL_OID, &msg_ctx, &msg); fprintf(stderr, "%s: %s\n", m, (char *)msg.value); (void) gss_release_buffer(&min_stat, &msg); if (!msg_ctx) break; } } static void displayStatus(msg, maj_stat, min_stat) char *msg; OM_uint32 maj_stat; OM_uint32 min_stat; { displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE); displayStatus_1(msg, min_stat, GSS_C_MECH_CODE); } static void dumpAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attribute, int noisy) { OM_uint32 major, tmp; gss_buffer_desc value; gss_buffer_desc display_value; int authenticated = 0; int complete = 0; int more = -1; unsigned int i; while (more != 0) { value.value = NULL; display_value.value = NULL; major = gss_get_name_attribute(minor, name, attribute, &authenticated, &complete, &value, &display_value, &more); if (GSS_ERROR(major)) { displayStatus("gss_get_name_attribute", major, *minor); break; } printf("Attribute %.*s %s %s\n\n%.*s\n", (int)attribute->length, (char *)attribute->value, authenticated ? "Authenticated" : "", complete ? "Complete" : "", (int)display_value.length, (char *)display_value.value); if (noisy) { for (i = 0; i < value.length; i++) { if ((i % 32) == 0) printf("\n"); printf("%02x", ((char *)value.value)[i] & 0xFF); } printf("\n\n"); } gss_release_buffer(&tmp, &value); gss_release_buffer(&tmp, &display_value); } } static OM_uint32 enumerateAttributes(OM_uint32 *minor, gss_name_t name, int noisy) { OM_uint32 major, tmp; int name_is_MN; gss_OID mech = GSS_C_NO_OID; gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET; unsigned int i; major = gss_inquire_name(minor, name, &name_is_MN, &mech, &attrs); if (GSS_ERROR(major)) { displayStatus("gss_inquire_name", major, *minor); return major; } if (attrs != GSS_C_NO_BUFFER_SET) { for (i = 0; i < attrs->count; i++) dumpAttribute(minor, name, &attrs->elements[i], noisy); } gss_release_oid(&tmp, &mech); gss_release_buffer_set(&tmp, &attrs); return major; } #endif cyrus-sasl-2.1.25/sample/sample-server.c0000646000076400007640000003475311630151332015062 00000000000000/* sample-server.c -- sample SASL server * Rob Earhart * $Id: sample-server.c,v 1.34 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #ifdef HAVE_GETOPT_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef WIN32 # include __declspec(dllimport) char *optarg; __declspec(dllimport) int optind; __declspec(dllimport) int getsubopt(char **optionp, const char * const *tokens, char **valuep); #define HAVE_GETSUBOPT #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #include #ifndef HAVE_GETSUBOPT int getsubopt(char **optionp, const char * const *tokens, char **valuep); #endif static const char build_ident[] = "$Build: sample-server " PACKAGE "-" VERSION " $"; static const char *progname = NULL; static int verbose; /* Note: if this is changed, change it in samp_read(), too. */ #define SAMPLE_SEC_BUF_SIZE (2048) static const char message[] = "Come here Watson, I want you."; char buf[SAMPLE_SEC_BUF_SIZE]; static const char *bit_subopts[] = { #define OPT_MIN (0) "min", #define OPT_MAX (1) "max", NULL }; static const char *ext_subopts[] = { #define OPT_EXT_SSF (0) "ssf", #define OPT_EXT_ID (1) "id", NULL }; static const char *flag_subopts[] = { #define OPT_NOPLAIN (0) "noplain", #define OPT_NOACTIVE (1) "noactive", #define OPT_NODICT (2) "nodict", #define OPT_FORWARDSEC (3) "forwardsec", #define OPT_NOANONYMOUS (4) "noanonymous", #define OPT_PASSCRED (5) "passcred", NULL }; static const char *ip_subopts[] = { #define OPT_IP_LOCAL (0) "local", #define OPT_IP_REMOTE (1) "remote", NULL }; char *mech = NULL, *iplocal = NULL, *ipremote = NULL, *searchpath = NULL, *service = "rcmd", *localdomain = NULL, *userdomain = NULL; sasl_conn_t *conn = NULL; static void free_conn(void) { if (conn) sasl_dispose(&conn); } static int sasl_my_log(void *context __attribute__((unused)), int priority, const char *message) { const char *label; if (! message) return SASL_BADPARAM; switch (priority) { case SASL_LOG_ERR: label = "Error"; break; case SASL_LOG_NOTE: label = "Info"; break; default: label = "Other"; break; } fprintf(stderr, "%s: SASL %s: %s\n", progname, label, message); return SASL_OK; } static int getpath(void *context __attribute__((unused)), char ** path) { if (! path) return SASL_BADPARAM; if (searchpath) { *path = searchpath; } else { *path = PLUGINDIR; } return SASL_OK; } static sasl_callback_t callbacks[] = { { SASL_CB_LOG, (sasl_callback_ft)&sasl_my_log, NULL }, { SASL_CB_GETPATH, (sasl_callback_ft)&getpath, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; static void sasldebug(int why, const char *what, const char *errstr) { fprintf(stderr, "%s: %s: %s", progname, what, sasl_errstring(why, NULL, NULL)); if (errstr) fprintf(stderr, " (%s)\n", errstr); else putc('\n', stderr); } static void saslfail(int why, const char *what, const char *errstr) { sasldebug(why, what, errstr); exit(EXIT_FAILURE); } static void fail(const char *what) { fprintf(stderr, "%s: %s\n", progname, what); exit(EXIT_FAILURE); } static void osfail() { perror(progname); exit(EXIT_FAILURE); } static void samp_send(const char *buffer, unsigned length) { char *buf; unsigned len, alloclen; int result; alloclen = ((length / 3) + 1) * 4 + 1; buf = malloc(alloclen); if (! buf) osfail(); result = sasl_encode64(buffer, length, buf, alloclen, &len); if (result != SASL_OK) saslfail(result, "Encoding data in base64", NULL); printf("S: %s\n", buf); free(buf); } static unsigned samp_recv() { unsigned len; int result; if (! fgets(buf, SAMPLE_SEC_BUF_SIZE, stdin)) { fail("Unable to parse input"); } if (strncmp(buf, "C: ", 3) != 0) { fail("Line must start with 'C: '"); } len = strlen(buf); if (len > 0 && buf[len-1] == '\n') { buf[len-1] = '\0'; } result = sasl_decode64(buf + 3, (unsigned) strlen(buf + 3), buf, SAMPLE_SEC_BUF_SIZE, &len); if (result != SASL_OK) saslfail(result, "Decoding data from base64", NULL); buf[len] = '\0'; printf("got '%s'\n", buf); return len; } int main(int argc, char *argv[]) { int c = 0; int errflag = 0; int result; sasl_security_properties_t secprops; sasl_ssf_t extssf = 0; const char *ext_authid = NULL; char *options, *value; unsigned len, count; const char *data; int serverlast = 0; sasl_ssf_t *ssf; #ifdef WIN32 /* initialize winsock */ WSADATA wsaData; result = WSAStartup( MAKEWORD(2, 0), &wsaData ); if ( result != 0) { saslfail(SASL_FAIL, "Initializing WinSockets", NULL); } #endif progname = strrchr(argv[0], HIER_DELIMITER); if (progname) progname++; else progname = argv[0]; /* Init defaults... */ memset(&secprops, 0L, sizeof(secprops)); secprops.maxbufsize = SAMPLE_SEC_BUF_SIZE; secprops.max_ssf = UINT_MAX; verbose = 0; while ((c = getopt(argc, argv, "vlhb:e:m:f:i:p:s:d:u:?")) != EOF) switch (c) { case 'v': verbose = 1; break; case 'b': options = optarg; while (*options != '\0') switch(getsubopt(&options, (const char * const *)bit_subopts, &value)) { case OPT_MIN: if (! value) errflag = 1; else secprops.min_ssf = atoi(value); break; case OPT_MAX: if (! value) errflag = 1; else secprops.max_ssf = atoi(value); break; default: errflag = 1; break; } break; case 'e': options = optarg; while (*options != '\0') switch(getsubopt(&options, (const char * const *)ext_subopts, &value)) { case OPT_EXT_SSF: if (! value) errflag = 1; else extssf = atoi(value); break; case OPT_MAX: if (! value) errflag = 1; else ext_authid = value; break; default: errflag = 1; break; } break; case 'm': mech = optarg; break; case 'f': options = optarg; while (*options != '\0') { switch(getsubopt(&options, (const char * const *)flag_subopts, &value)) { case OPT_NOPLAIN: secprops.security_flags |= SASL_SEC_NOPLAINTEXT; break; case OPT_NOACTIVE: secprops.security_flags |= SASL_SEC_NOACTIVE; break; case OPT_NODICT: secprops.security_flags |= SASL_SEC_NODICTIONARY; break; case OPT_FORWARDSEC: secprops.security_flags |= SASL_SEC_FORWARD_SECRECY; break; case OPT_NOANONYMOUS: secprops.security_flags |= SASL_SEC_NOANONYMOUS; break; case OPT_PASSCRED: secprops.security_flags |= SASL_SEC_PASS_CREDENTIALS; break; default: errflag = 1; break; } if (value) errflag = 1; } break; case 'l': serverlast = SASL_SUCCESS_DATA; break; case 'i': options = optarg; while (*options != '\0') switch(getsubopt(&options, (const char * const *)ip_subopts, &value)) { case OPT_IP_LOCAL: if (! value) errflag = 1; else iplocal = value; break; case OPT_IP_REMOTE: if (! value) errflag = 1; else ipremote = value; break; default: errflag = 1; break; } break; case 'p': searchpath = optarg; break; case 's': service = optarg; break; case 'd': localdomain = optarg; break; case 'u': userdomain = optarg; break; default: errflag = 1; break; } if (optind != argc) { errflag = 1; } if (errflag) { fprintf(stderr, "%s: Usage: %s [-b min=N,max=N] [-e ssf=N,id=ID] [-m MECH] [-f FLAGS] [-i local=IP,remote=IP] [-p PATH] [-d DOM] [-u DOM] [-s NAME]\n" "\t-b ...\t#bits to use for encryption\n" "\t\tmin=N\tminumum #bits to use (1 => integrity)\n" "\t\tmax=N\tmaximum #bits to use\n" "\t-e ...\tassume external encryption\n" "\t\tssf=N\texternal mech provides N bits of encryption\n" "\t\tid=ID\texternal mech provides authentication id ID\n" "\t-m MECH\tforce use of MECH for security\n" "\t-f ...\tset security flags\n" "\t\tnoplain\t\trequire security vs. passive attacks\n" "\t\tnoactive\trequire security vs. active attacks\n" "\t\tnodict\t\trequire security vs. passive dictionary attacks\n" "\t\tforwardsec\trequire forward secrecy\n" "\t\tmaximum\t\trequire all security flags\n" "\t\tpasscred\tattempt to receive client credentials\n" "\t-i ...\tset IP addresses (required by some mechs)\n" "\t\tlocal=IP;PORT\tset local address to IP, port PORT\n" "\t\tremote=IP;PORT\tset remote address to IP, port PORT\n" "\t-p PATH\tcolon-seperated search path for mechanisms\n" "\t-s NAME\tservice name to pass to mechanisms\n" "\t-d DOM\tlocal server domain\n" "\t-u DOM\tuser domain\n" "\t-l\tenable server-send-last\n", progname, progname); exit(EXIT_FAILURE); } result = sasl_server_init(callbacks, "sample"); if (result != SASL_OK) saslfail(result, "Initializing libsasl", NULL); atexit(&sasl_done); result = sasl_server_new(service, localdomain, userdomain, iplocal, ipremote, NULL, serverlast, &conn); if (result != SASL_OK) saslfail(result, "Allocating sasl connection state", NULL); atexit(&free_conn); if(extssf) { result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extssf); if (result != SASL_OK) saslfail(result, "Setting external SSF", NULL); } if(ext_authid) { result = sasl_setprop(conn, SASL_AUTH_EXTERNAL, &ext_authid); if (result != SASL_OK) saslfail(result, "Setting external authid", NULL); } result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); if (result != SASL_OK) saslfail(result, "Setting security properties", NULL); if (mech) { printf("Forcing use of mechanism %s\n", mech); data = strdup(mech); if (! data) osfail(); len = (unsigned) strlen(data); count = 1; } else { puts("Generating client mechanism list..."); result = sasl_listmech(conn, ext_authid, NULL, " ", NULL, &data, &len, &count); if (result != SASL_OK) saslfail(result, "Generating client mechanism list", NULL); } printf("Sending list of %d mechanism(s)\n", count); samp_send(data, len); if(mech) { free((void *)data); } puts("Waiting for client mechanism..."); len = samp_recv(); if (mech && strcasecmp(mech, buf)) fail("Client chose something other than the mandatory mechanism"); if (strlen(buf) < len) { /* Hmm, there's an initial response here */ data = buf + strlen(buf) + 1; len = len - (unsigned) strlen(buf) - 1; } else { data = NULL; len = 0; } result = sasl_server_start(conn, buf, data, len, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) saslfail(result, "Starting SASL negotiation", sasl_errstring(result,NULL,NULL)); while (result == SASL_CONTINUE) { if (data) { puts("Sending response..."); samp_send(data, len); } else fail("No data to send--something's wrong"); puts("Waiting for client reply..."); len = samp_recv(); data = NULL; result = sasl_server_step(conn, buf, len, &data, &len); if (result != SASL_OK && result != SASL_CONTINUE) saslfail(result, "Performing SASL negotiation", sasl_errstring(result,NULL,NULL)); } puts("Negotiation complete"); if(serverlast&&data) { printf("might need additional send:\n"); samp_send(data,len); } result = sasl_getprop(conn, SASL_USERNAME, (const void **)&data); if (result != SASL_OK) sasldebug(result, "username", NULL); else printf("Username: %s\n", data ? data : "(NULL)"); result = sasl_getprop(conn, SASL_DEFUSERREALM, (const void **)&data); if (result != SASL_OK) sasldebug(result, "realm", NULL); else printf("Realm: %s\n", data ? data : "(NULL)"); result = sasl_getprop(conn, SASL_SSF, (const void **)&ssf); if (result != SASL_OK) sasldebug(result, "ssf", NULL); else printf("SSF: %d\n", *ssf); #define CLIENT_MSG1 "client message 1" #define SERVER_MSG1 "srv message 1" result=sasl_encode(conn,SERVER_MSG1,sizeof(SERVER_MSG1), &data,&len); if (result != SASL_OK) saslfail(result, "sasl_encode", NULL); printf("sending encrypted message '%s'\n",SERVER_MSG1); samp_send(data,len); printf("Waiting for encrypted message...\n"); len=samp_recv(); { unsigned int recv_len; const char *recv_data; result=sasl_decode(conn,buf,len,&recv_data,&recv_len); if (result != SASL_OK) saslfail(result, "sasl_encode", NULL); printf("recieved decoded message '%s'\n",recv_data); if(strcmp(recv_data,CLIENT_MSG1)!=0) saslfail(1,"recive decoded server message",NULL); } #ifdef WIN32 WSACleanup(); #endif return (EXIT_SUCCESS); } cyrus-sasl-2.1.25/sample/NTMakefile0000646000076400007640000000627111306006127014026 00000000000000!INCLUDE ..\win32\common.mak ### Also:- client.exe server.exe sample_apps=sample-client.exe sample-server.exe sample_out=sample-client.pdb sample-server.pdb client.pdb server.pdb server_SOURCES = server.c common.c common.h client_SOURCES = client.c common.c common.h compat_sources = getaddrinfo.c getnameinfo.c sample_client_SOURCES = sample-client.c sample_server_SOURCES = sample-server.c common_objs = common.obj server_objs = server.obj client_objs = client.obj compat_objs = getaddrinfo.obj getnameinfo.obj sample_client_objs = sample-client.obj sample_server_objs = sample-server.obj !IF $(TARGET_WIN_SYSTEM) < 51 common_objs = $(common_objs) $(compat_objs) !ENDIF all_objs = $(common_objs) $(server_objs) $(client_objs) $(sample_client_objs) $(sample_server_objs) all_out = $(sample_apps) $(sample_out) DB_FLAGS = /I $(DB_INCLUDE) CPPFLAGS = /I "..\win32\include" /I "." /I "..\include" $(DB_FLAGS) /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" CPPFLAGS = $(CPPFLAGS) /DNEED_GETOPT !IF $(TARGET_WIN_SYSTEM) >= 51 CPPFLAGS = /D TARGET_WIN_SYSTEM=$(TARGET_WIN_SYSTEM) $(CPPFLAGS) !ENDIF SASL_LIB=/libpath:"..\lib" libsasl.lib # EXTRA_LIBS is automatically included into LINK32EXE_FLAGS/LINK32DLL_FLAGS EXTRA_LIBS=$(SASL_LIB) # Where to install files from this directory bindir = $(prefix)\bin all : all-recursive # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # # In order to force xcopy not to confirm if the second parameter is file or directory, # the first parameter has to contain a wildcard character. For example, we use libsasl.l*, # instead of libsasl.lib. Ugly, but works! # # Note, that we will copy all executabless here, not just $(sample_apps). This is a bug, but it allows # us to copy optionally built executables, which might not be in $(sample_apps). The latter is a feature. # install: $(sample_apps) @xcopy *.exe $(bindir) /I /F /Y all-recursive : $(sample_apps) server.exe: $(server_objs) $(common_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"server.pdb" /out:"server.exe" $(server_objs) $(common_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 client.exe: $(client_objs) $(common_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"client.pdb" /out:"client.exe" $(client_objs) $(common_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 sample-server.exe: $(sample_server_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"sample-server.pdb" /out:"sample-server.exe" $(sample_server_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 sample-client.exe: $(sample_client_objs) $(LINK32EXE) @<< $(LINK32EXE_FLAGS) /pdb:"sample-client.pdb" /out:"sample-client.exe" $(sample_client_objs) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 getaddrinfo.c: ..\lib\getaddrinfo.c copy ..\lib\getaddrinfo.c . getnameinfo.c: ..\lib\getnameinfo.c copy ..\lib\getnameinfo.c . CLEAN : -@erase $(all_objs) -@erase "*.idb" -@erase "*.pch" -@erase "*.pdb" -@erase "*.manifest" -@erase $(all_out) -@erase getaddrinfo.c .c.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cpp.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cxx.obj:: $(CPP) @<< $(CPP_PROJ) $< << cyrus-sasl-2.1.25/sample/Makefile.am0000646000076400007640000000514511475460507014174 00000000000000# Makefile.am -- automake input for sample SASL programs # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ INCLUDES=-I$(top_srcdir)/include noinst_PROGRAMS = client server EXTRA_PROGRAMS = sample-client sample-server CLEANFILES=sample-client sample-server ./.libs/*sample-client ./.libs/*sample-server sample_client_SOURCES = sample-client.c sample_server_SOURCES = sample-server.c server_SOURCES = server.c common.c common.h client_SOURCES = client.c common.c common.h server_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) client_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) sample_client_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) sample_server_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) cyrus-sasl-2.1.25/sample/common.c0000666000076400007640000000725307622774126013604 00000000000000/* $Id: common.c,v 1.4 2003/02/13 19:56:06 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include /* send/recv library for IMAP4 style literals. really not important; just one way of doing length coded strings */ int send_string(FILE *f, const char *s, int l) { int al; al = fprintf(f, "{%d}\r\n", l); fwrite(s, 1, l, f); fflush(f); printf("send: {%d}\n", l); while (l--) { if (isprint((unsigned char) *s)) { printf("%c", *s); } else { printf("[%X]", (unsigned char) *s); } s++; } printf("\n"); return al; } int recv_string(FILE *f, char *buf, int buflen) { int c; int len, l; char *s; c = fgetc(f); if (c != '{') return -1; /* read length */ len = 0; c = fgetc(f); while (isdigit(c)) { len = len * 10 + (c - '0'); c = fgetc(f); } if (c != '}') return -1; c = fgetc(f); if (c != '\r') return -1; c = fgetc(f); if (c != '\n') return -1; /* read string */ if (buflen <= len) { fread(buf, buflen - 1, 1, f); buf[buflen - 1] = '\0'; /* discard oversized string */ len -= buflen - 1; while (len--) (void)fgetc(f); len = buflen - 1; } else { fread(buf, len, 1, f); buf[len] = '\0'; } l = len; s = buf; printf("recv: {%d}\n", len); while (l--) { if (isprint((unsigned char) *s)) { printf("%c", *s); } else { printf("[%X]", (unsigned char) *s); } s++; } printf("\n"); return len; } int debuglevel = 0; int dprintf(int lvl, const char *fmt, ...) { va_list ap; int ret = 0; if (debuglevel >= lvl) { va_start(ap, fmt); ret = vfprintf(stdout, fmt, ap); va_end(ap); } return ret; } void saslerr(int why, const char *what) { fprintf(stderr, "%s: %s", what, sasl_errstring(why, NULL, NULL)); } void saslfail(int why, const char *what) { saslerr(why, what); exit(EX_TEMPFAIL); } cyrus-sasl-2.1.25/sample/Makefile.in0000666000076400007640000004736511632366475014225 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am -- automake input for sample SASL programs # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ noinst_PROGRAMS = client$(EXEEXT) server$(EXEEXT) EXTRA_PROGRAMS = sample-client$(EXEEXT) sample-server$(EXEEXT) subdir = sample DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in $(srcdir)/NTMakefile ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_client_OBJECTS = client.$(OBJEXT) common.$(OBJEXT) client_OBJECTS = $(am_client_OBJECTS) am__DEPENDENCIES_1 = client_DEPENDENCIES = ../lib/libsasl2.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_sample_client_OBJECTS = sample-client.$(OBJEXT) sample_client_OBJECTS = $(am_sample_client_OBJECTS) sample_client_DEPENDENCIES = ../lib/libsasl2.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_sample_server_OBJECTS = sample-server.$(OBJEXT) sample_server_OBJECTS = $(am_sample_server_OBJECTS) sample_server_DEPENDENCIES = ../lib/libsasl2.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_server_OBJECTS = server.$(OBJEXT) common.$(OBJEXT) server_OBJECTS = $(am_server_OBJECTS) server_DEPENDENCIES = ../lib/libsasl2.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(client_SOURCES) $(sample_client_SOURCES) \ $(sample_server_SOURCES) $(server_SOURCES) DIST_SOURCES = $(client_SOURCES) $(sample_client_SOURCES) \ $(sample_server_SOURCES) $(server_SOURCES) $(srcdir)/http_digest_client.c ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ INCLUDES = -I$(top_srcdir)/include CLEANFILES = sample-client sample-server ./.libs/*sample-client ./.libs/*sample-server sample_client_SOURCES = sample-client.c sample_server_SOURCES = sample-server.c server_SOURCES = server.c common.c common.h client_SOURCES = client.c common.c common.h server_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) client_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) sample_client_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) sample_server_LDADD = ../lib/libsasl2.la $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu sample/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu sample/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list client$(EXEEXT): $(client_OBJECTS) $(client_DEPENDENCIES) @rm -f client$(EXEEXT) $(LINK) $(client_OBJECTS) $(client_LDADD) $(LIBS) sample-client$(EXEEXT): $(sample_client_OBJECTS) $(sample_client_DEPENDENCIES) @rm -f sample-client$(EXEEXT) $(LINK) $(sample_client_OBJECTS) $(sample_client_LDADD) $(LIBS) sample-server$(EXEEXT): $(sample_server_OBJECTS) $(sample_server_DEPENDENCIES) @rm -f sample-server$(EXEEXT) $(LINK) $(sample_server_OBJECTS) $(sample_server_LDADD) $(LIBS) server$(EXEEXT): $(server_OBJECTS) $(server_DEPENDENCIES) @rm -f server$(EXEEXT) $(LINK) $(server_OBJECTS) $(server_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sample-client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sample-server.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/mac/0000777000076400007640000000000011632367343011473 500000000000000cyrus-sasl-2.1.25/mac/libsasl/0000777000076400007640000000000011632367343013124 500000000000000cyrus-sasl-2.1.25/mac/libsasl/libsasl0000777000076400007640000011776207403027652014436 00000000000000cool(˜úš"Ð>CodeWarrior Projectlibsasl:Source Treeslibsasl:Custom Keywordslibsasl:Access Pathslibsasl:Target Settingslibsasl:File Mappingslibsasl:Build Extraslibsasl:Debugger Runtimelibsasl:Debugger Targetlibsasl:68K CodeGenlibsasl:68K Disassemblerlibsasl:68K Global Optimizerlibsasl:68K Linkerlibsasl:68K Projectlibsasl:C/C++ Compilerlibsasl:C/C++ Warningslibsasl:CFM68Klibsasl:MacOS Merge Panellibsasl:PPC CodeGenlibsasl:PPC Disassemblerlibsasl:PPC Global Optimizerlibsasl:PPC Linkerlibsasl:PPC PEFlibsasl:PPC Projectlibsasl:PPCAsm Panellibsasl:Rez Compilerlibsasl:WinRC Compilerlibsasl:x86 CodeGenlibsasl:x86 Exceptions Panellibsasl:x86 Global Optimizerlibsasl:x86 Linkerlibsasl:x86 ProjectProject File Listlibsasl:Remote Debuglibsasl:Auto-targetlibsasl:FTP Panellibsasl:Java Command Linelibsasl:Java Languagelibsasl:Java MRJAppBuilderlibsasl:Java Outputlibsasl:Java Projectlibsasl:JavaDoc Projectlibsasl:Output Flagslibsasl:Packager Panellibsasl:x86 Disassembler-BZp…ž¶ Ê ã   '>Ud~’«ÈÛëÿ)@TqŽ¡µ Ç!Ü"ð#$%2&M'a(v)Ž*£+º, ! "#$%&'()* +libsaslFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68KLib Import PPCMW C/C++ PPCPPCAsmXCOFF Import PPCPEF Import PPCMacOS PPC LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger TargetC/C++ CompilerC/C++ WarningsPPC CodeGenPPC DisassemblerPPC Global OptimizerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez Compiler:libsasl.shlbmac_testing_notes.ckcglue_des.ckcglue_krb.cKClient.cmac_krb_lib1.ckerberos4.canonymous.cplain.cdigestmd5.ccram.cscram.cgetopt.cxxx_client_mac_lib.clibdes.shlbclient.cxxx_mac_lib.cgetsubopt.csaslutil.ccommon.cmd5.cconfig.cMSL C.PPC.LibMSL SIOUX.PPC.LibMSL RuntimePPC.LibInterfaceLibMathLibmac_monolithic_dlopen.cmac_dyn_dlopen.cOutput FlagsPackager Panelgetnameinfo.cgetaddrinfo.cexternal.ccanonusr.c:libsasl2.shlbseterror.c,;HUY h w „ ‹ œ«¼ÉÙæö"2AP\m‚•¡ ®!»"É#Ý$ê%÷&'()(*0+<,C-K.T/i0u1~2Œ3˜4£5¬6²7»8É9Û:î;û<=>,?9@HAVBdCoDzE‰F!D(C046+*BA@-2:#$%' /=&<";5798 >? )  3,E .1ÿÿÿÿ   @::include:ÿÿÿÿ::libdes:public:ÿÿÿÿ::readme:ÿÿÿÿ:::include:ÿÿÿÿ:::lib:ÿÿÿÿ::mac_lib:ÿÿÿÿ :::plugins:ÿÿÿÿ :ÿÿÿÿ:ÿÿÿÿ@ MacOS PPC Linkerlibsasl:m#@m,Pmàmain a.out????APPL€XÀ????€ libsasl_prefix.pch__start Merge Out????APPLDLGXckidProjWSPC__initialize_start__terminate libsasl2.shlb????shlb????P'CODE' 'DATA' 'PICT'|u#012456789:;<>BCD FDDD>>>=< JavaClasses.jarZIP MWZP F`”F˜°¶Ðÿÿ NONAME.EXE@   ?@ !ROOTFILEFILEGRUP Mac LibrariesFILEFILEFILEGRUPANSI LibrariesFILEFILEGRUPSASL-lib FILEFILEFILEFILEFILEFILEFILEFILEFILEFILEFILE E`‰E,@Ó,   ?@ !NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW JavaE·¬.ôÿÿûä  ·¬:ÿÿÇéteu=Ð"Ütemainu=Э À"Üu=ÐMRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/àuz°Ð"Ü,@ˆutàA‚8`T`?A‚W€?@‚ W`?A‚“¿P8¿P€¨8€HI|~x€¨€c(A‚ƒ¤ëxŒ,H³%€A€¨ÄóxHIW€?A‚€¨ÄóxHÕW`?A‚Tƒ¨€{(A‚DƒŒ H²Ý€AT`?????APPLuuP"Ü,‡A‚4W`?uy`(A‚~óx–8€ŒH®Á€A8`ÿÿH@;V Vs>; ; Hô€zè.€˜(A‚ØA‚ €wH¬¡€A,@‚ ƒ˜HÌ€˜;à;ß(:€A‚D8aXH«€A€X8:€€ÿø,@ˆ,$@‚8`T`?A‚;ÀWÀ?A‚(A‚;à~€u‚8aX8€ÿÿHªE€AWà?A‚,€˜ 8u8·8ÀKÿþm,A€€€H;½;9€|A€ÿW`?A‚$(A‚~óx–8€ŒH­€Aƒãx€¨8! ºaÿÌ|¦N€ “áÿü|¦;à“Áÿø“¡ÿô;¤“ÿð||x”!ÿ°€c(A‚ˆƒ€œŒ0H­!€A,@€ 8`Hh€|€œƒŒ(H¬ù€A|~x“Á88|88¡8HÝ|`x€||xƒÄóxŒ,H¬Á€A(A‚ €ãûx€X8!Pƒáÿü|¦ƒÁÿøƒ¡ÿôƒÿðN€ “áÿü|¦“Áÿø|~x”!ÿ°€ƒ($AÔ8ÿÿ<;à€~(A‚ƒŒHH¬A€A|x(A‚ŒãûxŸ8€Œ¤H¬€AT`?A‚€8b(ŽT<|c®H ã¾Ÿ<€Ty8„SzŒ¨8Á<8àH«Ù€A|dyA‚8a8H(Ù8a88€ÿÿH(Õ€a<,ÿÿA‚HL€8b(DT<|c®H8(dA€,€~(A‚ƒŒ0H«u€AH8`ÿÿH8`ÿÿ€X8!Pƒáÿü|¦ƒÁÿøN€ ¿aÿì|¦;Â(D|{x;„; ”!ÿ H;ã8{Kÿþ•( A`8‚)XW€:|„.|‰¦N€ , 8Å8€@¨|A|¤+xT€?@‚¨|A‚8ÀTÀ?@‚¨H|A‚8 |½+xHðcÛxH T`>|4TÙ~|xHÔ8€|`"8|c Tþ ”W½þH¸Wà?8 A‚h¨8À8æ|8…A‚¨|@‚8€T€?@‚¨|A‚8àTà?@‚¨|A‚8ÀTÀ?A‚8 |½+xH@cÛxHÅ|}xH0,8A‚ ,@‚8|xH |4TÙ~€h8!`£ëx»aÿì|¦N€ “áÿü|¦|x”!ÿÀH™T`?@‚ãûxH©T`?A‚ 8`H<€Ÿ(d@€ 8`H(€(A‚ƒŒÓmtplCÓ€mtps ( mtslÅmtpiDHmtloHprefOiPpref¢/ÕèprefÈ´'½pref½&IÐpref1Çjpref&v-Ñpref8U2á pref–qpref¸å … prefË)  pref0Œ ›prefZ¾ 6pref…þ 7>pref‰©prefó+7EÚpref£ 9bprefÍÎ9pref´Ý· pref7^9• pref>Á9¡Êprefþg:kprefHÉ;ƒ¨pref¿<+.prefˆ·e"prefJ >‡pref‘Y>›prefxI>µ prefDJE9’prefi(EËjprefØúFó motiD×(mstièdÒmtglèfî,mpsièH6(mstiE1mallF5¤maplFüPLst! ipref¡Â!Ápref‡2"l ŽprefÝ#q®pref¡$v¶prefw %wÆÜprefä“&D]2pref[K'‡¢€prefq("pref˜ô)“6Øpref«˜*”prefQ¬+>Ápref³q,cyrus-sasl-2.1.25/mac/libsasl/libsasl_prefix.h0000777000076400007640000000024507403027652016224 00000000000000/* * compile the plugins into the library for nice debugging */ #define NO_SASL_MONOLITHIC /* * compiler doesnt allow an empty file */ typedef int xxx_sc_foo; cyrus-sasl-2.1.25/mac/libsasl/libsasl_prefix_carbon.h0000777000076400007640000000030607403027652017546 00000000000000/* * compile the plugins into the library for nice debugging */ #define NO_SASL_MONOLITHIC /* * compiler doesnt allow an empty file */ typedef int xxx_sc_foo; #define TARGET_API_MAC_CARBON 1 cyrus-sasl-2.1.25/mac/libsasl/libsasl.exp0000777000076400007640000000164307403027652015217 00000000000000#xxx_sasl_gethostname xxx_sasl_strdup #sasl_free_secret #sasl_client_auth sasl_client_step sasl_client_start sasl_client_new sasl_client_init sasl_churn sasl_rand sasl_randseed sasl_randfree sasl_randcreate sasl_utf8verify sasl_mkchal sasl_decode64 sasl_encode64 sasl_idle sasl_errstring #sasl_usererr sasl_errdetail sasl_setprop sasl_getprop sasl_dispose sasl_done sasl_set_alloc sasl_decode sasl_encode sasl_set_mutex #sasl_config_getswitch #sasl_config_getint #sasl_config_getstring #sasl_config_init #_sasl_allocation_utils #_sasl_mutex_utils #_sasl_server_putsecret_hook #_sasl_server_getsecret_hook #_sasl_server_idle_hook #_sasl_client_idle_hook #_sasl_server_cleanup_hook #_sasl_client_cleanup_hook #_sasl_find_verifyfile_callback #_sasl_find_getpath_callback #_sasl_free_utils #_sasl_alloc_utils #_sasl_log #_sasl_getcallback #_sasl_conn_dispose #_sasl_conn_init #_sasl_strdup #_sasl_done_with_plugin #_sasl_get_mech_list cyrus-sasl-2.1.25/mac/libsasl/libsasl.Carbon.exp0000777000076400007640000000171707403027652016424 00000000000000#xxx_sasl_gethostname #xxx_sasl_strdup #sasl_free_secret #sasl_client_auth sasl_client_step sasl_client_start sasl_client_new sasl_client_init sasl_churn sasl_rand sasl_randseed sasl_randfree sasl_randcreate sasl_utf8verify sasl_mkchal sasl_decode64 sasl_encode64 sasl_idle sasl_errstring #sasl_usererr sasl_errdetail sasl_setprop sasl_getprop sasl_dispose sasl_done sasl_set_alloc sasl_decode sasl_encode sasl_set_mutex #sasl_config_getswitch #sasl_config_getint #sasl_config_getstring #sasl_config_init #_sasl_allocation_utils #_sasl_mutex_utils #_sasl_server_putsecret_hook #_sasl_server_getsecret_hook #_sasl_server_idle_hook #_sasl_client_idle_hook #_sasl_server_cleanup_hook #_sasl_client_cleanup_hook #_sasl_find_verifyfile_callback #_sasl_find_getpath_callback #_sasl_free_utils #_sasl_alloc_utils #_sasl_log #_sasl_getcallback #_sasl_conn_dispose #_sasl_conn_init #_sasl_strdup #_sasl_done_with_plugin #_sasl_get_mech_list sasl_encodev sasl_erasebuffer sasl_seterrorcyrus-sasl-2.1.25/mac/libsasl/libsasl.Carbon0000777000076400007640000012033007403027652015622 00000000000000cool(™°šØ@CodeWarrior Projectlibsasl:Source Treeslibsasl:Custom Keywordslibsasl:Access Pathslibsasl:Target Settingslibsasl:File Mappingslibsasl:Build Extraslibsasl:Debugger Runtimelibsasl:Debugger Targetlibsasl:68K CodeGenlibsasl:68K Disassemblerlibsasl:68K Global Optimizerlibsasl:68K Linkerlibsasl:68K Projectlibsasl:C/C++ Compilerlibsasl:C/C++ Warningslibsasl:CFM68Klibsasl:MacOS Merge Panellibsasl:PPC CodeGenlibsasl:PPC Disassemblerlibsasl:PPC Global Optimizerlibsasl:PPC Linkerlibsasl:PPC PEFlibsasl:PPC Projectlibsasl:PPCAsm Panellibsasl:Rez Compilerlibsasl:WinRC Compilerlibsasl:x86 CodeGenlibsasl:x86 Exceptions Panellibsasl:x86 Global Optimizerlibsasl:x86 Linkerlibsasl:x86 ProjectProject File Listlibsasl:Remote Debuglibsasl:Auto-targetlibsasl:FTP Panellibsasl:Java Command Linelibsasl:Java Languagelibsasl:Java MRJAppBuilderlibsasl:Java Outputlibsasl:Java Projectlibsasl:JavaDoc Projectlibsasl:Output Flagslibsasl:Packager Panellibsasl:x86 Disassembler-BZp…ž¶ Ê ã   '>Ud~’«ÈÛëÿ)@TqŽ¡µ Ç!Ü"ð#$%2&M'a(v)Ž*£+º, ! "#$%&'()* +libsaslFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68KLib Import PPCMW C/C++ PPCPPCAsmXCOFF Import PPCPEF Import PPCMacOS PPC LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger TargetC/C++ CompilerC/C++ WarningsPPC CodeGenPPC DisassemblerPPC Global OptimizerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez Compiler:libsasl.shlbmac_testing_notes.ckcglue_des.ckcglue_krb.cKClient.cmac_krb_lib1.ckerberos4.canonymous.cplain.cdigestmd5.ccram.cscram.cgetopt.cxxx_client_mac_lib.clibdes.shlbclient.cxxx_mac_lib.cgetsubopt.csaslutil.ccommon.cmd5.cconfig.cMSL C.PPC.LibMSL SIOUX.PPC.LibMSL RuntimePPC.LibInterfaceLibMathLibmac_monolithic_dlopen.cmac_dyn_dlopen.cOutput FlagsPackager PanelKerberosLib.9CarbonLibKerberosLib.CBMSL C.Carbon.LibMSL SIOUX.Carbon.Lib:CMU Carbon SASLgetaddrinfo.cexternal.ccanonusr.cseterror.c:Carbon SASL:Carbon SASL v2JKE!(HA046+*GF-2:#$%'@B /=&<";5C79D8 >? )  3,I .1   )!#$%&'()ÿÿÿÿ libsasl_prefix_carbon.pch,;HUY h w „ ‹ œ«¼ÉÙæö"2AP\m‚•¡ ®!»"É#Ý$ê%÷&'()(*0+<,C-K.T/i0u1~2Œ3˜4£5¬6²7»8É9Û:î;û<=>,?9@HAVB`CoD€E•F¦G´H¿IÊJÕKâL#124567:>!B#D$E%G&H'I(J)C(J(J(J>>>>=< @::include:ÿÿÿÿ ::libdes:public:ÿÿÿÿ:::include:ÿÿÿÿ :::lib:ÿÿÿÿ ::mac_lib:ÿÿÿÿ::readme:ÿÿÿÿ:ÿÿÿÿKerberos for Macintosh 3.5:Mac OS 9 SDK 3.5:Kerberos:Binaries:ÿÿÿÿ@:ÿÿÿÿ@ MacOS PPC Linkerlibsasl: uð  ` main a.out????APPL€XÀ????€__start Merge Out????APPLDLGXckidProjWSPC__initialize_start__terminatelibsasl2.shlb;CarbonCarbon SASL v2L Carbon SAS????shlb???? NONAME.EXE@JavaClasses.jarZIP MWZP|uROOTFILEGRUP Mac LibrariesFILE!FILEFILE)GRUPANSI LibrariesFILE#FILE$GRUPSASL-lib FILEFILEFILEFILEFILEFILEFILEFILE%FILE&FILE'FILE(HÀ\‡°L`òL|uE'FILE(àuz°Ð"Ü,@ˆutàA‚8`T`?A‚W€?@‚ W`?A‚“¿P8¿P€¨8€HI|~x€¨€c(A‚ƒ¤ëxŒ,H³%€A€¨ÄóxHIW€?A‚€¨ÄóxHÕW`?A‚Tƒ¨€{(A‚DƒŒ H²Ý€AT`?F`¦F<8€ H48¤8€,@Ó,NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW JavaP'CODE' 'DATA' 'PICT'L·¬5a ä  ·¬9÷.ƒteu=Ð"Ütemainu=Э À"Üu=ÐFILEFILEFILE%FILE&FILE'FILE(JavaClasses.jarZIP MWZP   ?@ !MRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/????APPLuuP"Ü,‡A‚4W`?uy`(A‚~óx–8€ŒH®Á€A8`ÿÿH@;V Vs>; ; Hô€zè.€˜(A‚ØA‚ €wH¬¡€A,@‚ ƒ˜HÌ€˜;à;ß(:€A‚D8aXH«€A€X8:€€ÿø,@ˆ,$@‚8`T`?A‚;ÀWÀ?A‚(A‚;à~€u‚8aX8€ÿÿHªE€AWà?A‚,€˜ 8u8·8ÀKÿþm,A€€€H;½;9€|A€ÿW`?A‚$(A‚~óx–8€ŒH­€Aƒãx€¨8! ºaÿÌ|¦N€ “áÿü|¦;à“Áÿø“¡ÿô;¤“ÿð||x”!ÿ°€c(A‚ˆƒ€œŒ0H­!€A,@€ 8`Hh€|€œƒŒ(H¬ù€A|~x“Á88|88¡8HÝ|`x€||xƒÄóxŒ,H¬Á€A(A‚ €ãûx€X8!Pƒáÿü|¦ƒÁÿøƒ¡ÿôƒÿðN€ “áÿü|¦“Áÿø|~x”!ÿ°€ƒ($AÔ8ÿÿ<;à€~(A‚ƒŒHH¬A€A|x(A‚ŒãûxŸ8€Œ¤H¬€AT`?A‚€8b(ŽT<|c®H ã¾Ÿ<€Ty8„SzŒ¨8Á<8àH«Ù€A|dyA‚8a8H(Ù8a88€ÿÿH(Õ€a<,ÿÿA‚HL€8b(DT<|c®H8(dA€,€~(A‚ƒŒ0H«u€AH8`ÿÿH8`ÿÿ€X8!Pƒáÿü|¦ƒÁÿøN€ ¿aÿì|¦;Â(D|{x;„; ”!ÿ H;ã8{Kÿþ•( A`8‚)XW€:|„.|‰¦N€ , 8Å8€@¨|A|¤+xT€?@‚¨|A‚8ÀTÀ?@‚¨H|A‚8 |½+xHðcÛxH T`>|4TÙ~|xHÔ8€|`"8|c Tþ ”W½þH¸Wà?8 A‚h¨8À8æ|8…A‚¨|@‚8€T€?@‚¨|A‚8àTà?@‚¨|A‚8ÀTÀ?A‚8 |½+xH@cÛxHÅ|}xH0,8A‚ ,@‚8|xH |4TÙ~€h8!`£ëx»aÿì|¦N€ “áÿü|¦|x”!ÿÀH™T`?@‚ãûxH©T`?A‚ 8`H<€Ÿ(d@€ 8`H(€(A‚ƒŒpref‰<ÿprefó+= Úpref£ >çbprefÍÎ?Ipref´Ý4 pref7^?] pref>Á?iÊprefþg@3prefHÉAK¨pref¿Aó.prefˆ·d. prefäsB!"prefJ BCpref‘YBWprefxIBq prefDJB}’prefi(CjprefØúFó motiDð(mstièf:mtglèhV,mpsièH6(mstiE1malln¤maplCêPLst! j‚pref¡Â!Cypref‡2"n¾ŽprefÝ#tLpref¡$E9prefw %yTÜprefä“&C}2pref[K'‰0€prefq(‘°pref˜ô)FüØpref«˜*”ÄprefQ¬+C¯pref³q,@Key#„CäKey#…cyrus-sasl-2.1.25/mac/include/0000777000076400007640000000000011632367343013116 500000000000000cyrus-sasl-2.1.25/mac/include/sasl_crammd5_plugin_decl.h0000777000076400007640000000025607403027612020125 00000000000000#ifdef SASL_MONOLITHIC #define sasl_server_plug_init cram_sasl_server_plug_init #define sasl_client_plug_init cram_sasl_client_plug_init #endif #include cyrus-sasl-2.1.25/mac/include/sasl_digestmd5_plugin_decl.h0000777000076400007640000000025407403027612020460 00000000000000#ifdef SASL_MONOLITHIC #define sasl_server_plug_init md5_sasl_server_plug_init #define sasl_client_plug_init md5_sasl_client_plug_init #endif #include cyrus-sasl-2.1.25/mac/include/md5global.h0000777000076400007640000000202007403027612015043 00000000000000/* GLOBAL.H - RSAREF types and constants */ #ifndef MD5GLOBAL_H #define MD5GLOBAL_H /* PROTOTYPES should be set to one if and only if the compiler supports function argument prototyping. The following makes PROTOTYPES default to 0 if it has not already been defined with C compiler flags. */ #ifndef PROTOTYPES #define PROTOTYPES 0 #endif /* POINTER defines a generic pointer type */ typedef unsigned char *POINTER; typedef signed char INT1; /* 8 bits */ typedef short INT2; /* 16 bits */ typedef int INT4; /* 32 bits */ /* There is no 64 bit type */ typedef unsigned char UINT1; /* 8 bits */ typedef unsigned short UINT2; /* 16 bits */ typedef unsigned int UINT4; /* 32 bits */ /* There is no 64 bit type */ /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it returns an empty list. */ #if PROTOTYPES #define PROTO_LIST(list) list #else #define PROTO_LIST(list) () #endif #endif /* MD5GLOBAL_H */ cyrus-sasl-2.1.25/mac/include/netinet/0000777000076400007640000000000011632367343014564 500000000000000cyrus-sasl-2.1.25/mac/include/netinet/in.h0000777000076400007640000000104307403027614015257 00000000000000#ifndef _SASL_NETINET_IN_H #define _SASL_NETINET_IN_H struct hostent { char *h_name; /* official name of host */ char **h_aliases; /* alias list */ int h_addrtype; /* host address type */ int h_length; /* length of address */ char **h_addr_list; /* list of addresses from name server */ #define h_addr h_addr_list[0] /* address, for backward compatiblity */ }; struct hostent *gethostbyname(const char *hnam); #define IPPROTO_UDP 17 #define IPPROTO_TCP 6 #endif cyrus-sasl-2.1.25/mac/include/sasl_plain_plugin_decl.h0000777000076400007640000000026007403027613017674 00000000000000#ifdef SASL_MONOLITHIC #define sasl_server_plug_init plain_sasl_server_plug_init #define sasl_client_plug_init plain_sasl_client_plug_init #endif #include cyrus-sasl-2.1.25/mac/include/sasl_plugin_decl.h0000777000076400007640000000144107403027613016513 00000000000000/* * i guess the unix computer isnt picky about undeclared functions * should build with gcc with warn all */ #if defined(macintosh) && (!defined(SASL_MONOLITHIC)) #pragma export on #define SASL_TURN_OFF_PLUGIN_EXPORT #endif sasl_server_plug_init_t sasl_server_plug_init; sasl_client_plug_init_t sasl_client_plug_init; #ifdef SASL_TURN_OFF_PLUGIN_EXPORT #pragma export reset #undef SASL_TURN_OFF_PLUGIN_EXPORT #endif #ifdef rubbish int sasl_server_plug_init(sasl_utils_t *utils __attribute__((unused)), int maxversion, int *out_version, const sasl_server_plug_t **pluglist, int *plugcount); int sasl_client_plug_init(sasl_utils_t *utils __attribute__((unused)), int maxversion, int *out_version, const sasl_client_plug_t **pluglist, int *plugcount); #endifcyrus-sasl-2.1.25/mac/include/extra_krb.h0000777000076400007640000000126407403027612015167 00000000000000/* * declarations missing from unix krb.h */ int xxx_krb_mk_priv(void *inp, void *outp, unsigned inplen, des_key_schedule init_keysched, des_cblock *session, struct sockaddr_in *iplocal, struct sockaddr_in *ipremote); int xxx_krb_rd_priv(char *buf, int inplen, des_key_schedule init_keysched, des_cblock *session, struct sockaddr_in *iplocal, struct sockaddr_in *ipremote, MSG_DAT *data); #ifdef RUBBISH #include #define des_key_sched kcglue_des_key_sched #define des_ecb_encrypt kcglue_des_ecb_encrypt #define des_pcbc_encrypt kcglue_des_pcbc_encrypt #ifndef DES_ENCRYPT #define DES_ENCRYPT 0 #endif #ifndef DES_DECRYPT #define DES_DECRYPT 1 #endif #endifcyrus-sasl-2.1.25/mac/include/sasl_anonymous_plugin_decl.h0000777000076400007640000000027007403027612020621 00000000000000#ifdef SASL_MONOLITHIC #define sasl_server_plug_init anonymous_sasl_server_plug_init #define sasl_client_plug_init anonymous_sasl_client_plug_init #endif #include cyrus-sasl-2.1.25/mac/include/sasl_kerberos4_plugin_decl.h0000777000076400007640000000027007403027612020471 00000000000000#ifdef SASL_MONOLITHIC #define sasl_server_plug_init kerberos4_sasl_server_plug_init #define sasl_client_plug_init kerberos4_sasl_client_plug_init #endif #include cyrus-sasl-2.1.25/mac/include/parse_cmd_line.h0000777000076400007640000000021307403027612016143 00000000000000/* * mac doesnt have a command line to read * prompt for one */ int parse_cmd_line(int max_argc,char **argv,int line_size,char *line); cyrus-sasl-2.1.25/mac/include/config.h0000777000076400007640000002034210023122767014450 00000000000000/* $Id: config.h,v 1.4 2004/03/08 16:57:27 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef CONFIG_H #define CONFIG_H //#ifdef XSUS //#include //#endif #include /* * funky names for functions so we dont conflict with possible * real ones in applications we load into */ #define htons #define htonl #define ntohl #define ntohs #define strdup xxx_sasl_strdup #define strcasecmp xxx_sasl_strcasecmp #define gethostname xxx_sasl_gethostname #define inet_aton xxx_sasl_inetaton /* Our package */ #define PACKAGE "cyrus-sasl" /* Our version */ #define VERSION "2.0.4" /* We only want minimal server functionality. Cripple the server functionality when necessary to get * things to compile. * * Currently only cripples PLAIN. */ #define SASL_MINIMAL_SERVER 1 /* DB Type */ #undef SASL_DB_TYPE int strcasecmp(const char *s1,const char *s2); int strncasecmp(const char *s1,const char *s2,int len); int strcpy_truncate(char *dest,char *src,int len); #define gethostname xxx_sasl_gethostname int gethostname(char *dest,int destlen); #define SASL_PATH_ENV_VAR "foo" #define PLUGINDIR "make_me_a_function_to_get_that_info" typedef unsigned char u_char; typedef unsigned long u_long; char *strdup(const char *str); struct sockaddr_in { u_char sin_len; u_char sin_family; unsigned short sin_port; union { unsigned long s_addr; } sin_addr; char sin_zero[8]; }; struct in_addr { unsigned long s_addr; }; #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif /* HAVE_SOCKLEN_T */ #include "gai.h" #ifndef NULL #define NULL (0L) #endif #ifdef RUBBISH int snprintf (char *str,size_t count,const char *fmt,...); int snprintf (char *str,int count,const char *fmt,...); #endif extern char *optarg; extern int optind; extern int getopt( int nargc, char * const *nargv, const char *ostr); extern int getsubopt(char **optionp, const char * const *tokens, char **valuep); extern char* getpass(const char *prompt); /* ------------------------------------------------------------ */ /* Things that are fetched via autoconf under Unix */ #define HAVE_MEMCPY 1 #define MAXHOSTNAMELEN 1024 /* ------------------------------------------------------------ */ #define WITHOUT_NANA #define L_DEFAULT_GUARD (0) #define I_DEFAULT_GUARD (0) #define I(foo) #ifdef RUBBISH //#define VL(foo) #endif #include #define XXVL(foo) printf foo; #define VL(foo) #define VLP(foo,bar) #define __attribute__(foo) #include #define getservbyname(X,Y) NULL struct servent { int s_port; }; struct sockaddr { u_char sa_len; /* total length */ u_char sa_family; /* address family */ char sa_data[14]; /* address value */ }; #define SOCK_MAXADDRLEN 255 /* longest possible addresses */ #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif /* HAVE_SOCKLEN_T */ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE #define _SS_MAXSIZE 128 /* Implementation specific max size */ #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { struct sockaddr ss_sa; char __ss_pad2[_SS_PADSIZE]; }; #define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #define get_krb_err_txt(X) (krb_err_txt[(X)]) /* * Address families. */ #define AF_UNSPEC 0 /* unspecified */ #define AF_UNIX 1 /* local to host (pipes, portals) */ #define AF_INET 2 /* internetwork: UDP, TCP, etc. */ #define AF_IMPLINK 3 /* arpanet imp addresses */ #define AF_PUP 4 /* pup protocols: e.g. BSP */ #define AF_CHAOS 5 /* mit CHAOS protocols */ #define AF_NS 6 /* XEROX NS protocols */ #define AF_NBS 7 /* nbs protocols */ #define AF_ECMA 8 /* european computer manufacturers */ #define AF_DATAKIT 9 /* datakit protocols */ #define AF_CCITT 10 /* CCITT protocols, X.25 etc */ #define AF_SNA 11 /* IBM SNA */ #define AF_DECnet 12 /* DECnet */ #define AF_DLI 13 /* Direct data link interface */ #define AF_LAT 14 /* LAT */ #define AF_HYLINK 15 /* NSC Hyperchannel */ #define AF_APPLETALK 16 /* Apple Talk */ #define AF_NIT 17 /* Network Interface Tap */ #define AF_802 18 /* IEEE 802.2, also ISO 8802 */ #define AF_OSI 19 /* umbrella for all families used */ #define AF_X25 20 /* CCITT X.25 in particular */ #define AF_OSINET 21 /* AFI = 47, IDI = 4 */ #define AF_GOSIP 22 /* U.S. Government OSI */ #define AF_IPX 23 /* Novell Internet Protocol */ #define AF_ROUTE 24 /* Internal Routing Protocol */ #define AF_LINK 25 /* Link-layer interface */ #define AF_INET6 26 /* Internet Protocol, Version 6 */ #define AF_KEY 27 /* Security Association DB socket */ #define AF_MAX 27 /* * Protocol families, same as address families for now. */ #define PF_UNSPEC AF_UNSPEC #define PF_UNIX AF_UNIX #define PF_INET AF_INET #define PF_IMPLINK AF_IMPLINK #define PF_PUP AF_PUP #define PF_CHAOS AF_CHAOS #define PF_NS AF_NS #define PF_NBS AF_NBS #define PF_ECMA AF_ECMA #define PF_DATAKIT AF_DATAKIT #define PF_CCITT AF_CCITT #define PF_SNA AF_SNA #define PF_DECnet AF_DECnet #define PF_DLI AF_DLI #define PF_LAT AF_LAT #define PF_HYLINK AF_HYLINK #define PF_APPLETALK AF_APPLETALK #define PF_NIT AF_NIT #define PF_802 AF_802 #define PF_OSI AF_OSI #define PF_X25 AF_X25 #define PF_OSINET AF_OSINET #define PF_GOSIP AF_GOSIP #define PF_IPX AF_IPX #define PF_ROUTE AF_ROUTE #define PF_LINK AF_LINK #define PF_INET6 AF_INET6 #define PF_KEY AF_KEY #define PF_MAX AF_MAX #define SOCK_STREAM 1 #define SOCK_DGRAM 2 struct iovec { char *iov_base; long iov_len; }; #ifndef HAVE_GETADDRINFO #define getaddrinfo sasl_getaddrinfo #define freeaddrinfo sasl_freeaddrinfo #define getnameinfo sasl_getnameinfo #define gai_strerror sasl_gai_strerror #include "gai.h" #endif #endif /* CONFIG_H */ cyrus-sasl-2.1.25/mac/include/sasl_mac_krb_locl.h0000777000076400007640000000167207403027612016642 00000000000000/* * mac replacement for mit krb_locl.h */ #define RCSID(xxx) static char *xxrcs=xxx #define xxu_int32_t unsigned long #define xxint32_t long #define xxint16_t short #include #include #include struct timeval { time_t tv_sec; long tv_usec; }; #define gettimeofday yyy_gettimeofday int gettimeofday(struct timeval *tp, void *); #define swab yyy_swab void swab(char *a, char *b,int len); /* * printf a warning */ void krb_warning(const char *fmt,...); #define inet_ntoa yyy_inet_netoa char *inet_ntoa(unsigned long); void encrypt_ktext(KTEXT cip,des_cblock *key,int encrypt); #define DES_QUAD_GUESS 0 #define DES_QUAD_NEW 1 #define DES_QUAD_OLD 2 #define DES_QUAD_DEFAULT DES_QUAD_GUESS void fixup_quad_cksum(void *start, size_t len, des_cblock *key, void *new_checksum, void *old_checksum, int little); #define abs yyy_abs int abs(int x); #ifdef RUBBISH #include #endif #include cyrus-sasl-2.1.25/mac/kerberos_includes/0000777000076400007640000000000011632367343015175 500000000000000cyrus-sasl-2.1.25/mac/kerberos_includes/mit-sipb-copyright.h0000777000076400007640000000171507403027615021023 00000000000000/* * Copyright 1987 by the Student Information Processing Board * of the Massachusetts Institute of Technology * * Permission to use, copy, modify, and distribute this software * and its documentation for any purpose and without fee is * hereby granted, provided that the above copyright notice * appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be * used in advertising or publicity pertaining to distribution * of the software without specific, written prior permission. * M.I.T. and the M.I.T. S.I.P.B. make no representations about * the suitability of this software for any purpose. It is * provided "as is" without express or implied warranty. * */ #ifndef _KERBEROS_MIT_COPYRIGHT_H #define _KERBEROS_MIT_COPYRIGHT_H #pragma ident "@(#)mit-sipb-copyright.h 1.5 93/02/04 SMI" #endif /* _KERBEROS_MIT_COPYRIGHT_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/krb_conf.h0000777000076400007640000000234307403027615017052 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/krb_conf.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/krb_conf.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * This file contains configuration information for the Kerberos library * which is machine specific; currently, this file contains * configuration information for the vax, the "ibm032" (RT), and the * "PC8086" (IBM PC). * * Note: cross-compiled targets must appear BEFORE their corresponding * cross-compiler host. Otherwise, both will be defined when running * the native compiler on the programs that construct cross-compiled * sources. */ #ifndef _KERBEROS_KRB_CONF_H #define _KERBEROS_KRB_CONF_H #pragma ident "@(#)krb_conf.h 1.3 92/07/14 SMI" #include #ifdef __cplusplus extern "C" { #endif /* Byte ordering */ extern int krbONE; #define HOST_BYTE_ORDER (* (char *) &krbONE) #define MSB_FIRST 0 /* 68000, IBM RT/PC */ #define LSB_FIRST 1 /* Vax, PC8086 */ #ifdef __cplusplus } #endif #endif /* _KERBEROS_KRB_CONF_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/conf-svsparc.h0000777000076400007640000000066707403027615017702 00000000000000/* * Copyright (c) 1991, by Sun Microsystems, Inc. */ #ifndef _KERBEROS_CONF_SVSPARC_H #define _KERBEROS_CONF_SVSPARC_H #pragma ident "@(#)conf-svsparc.h 1.5 92/07/14 SMI" #ifdef __cplusplus extern "C" { #endif /* * Machine-type definitions: SPARC with SYSV Unix, e.g. SUN-4 */ #define BITS32 #define BIG #define MSBFIRST /* #define BSDUNIX */ #define MUSTALIGN #ifdef __cplusplus } #endif #endif /* _KERBEROS_CONF_SVSPARC_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/krb-protos.h0000777000076400007640000003447107403027615017400 00000000000000/* * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: krb-protos.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ */ #ifndef __krb_protos_h__ #define __krb_protos_h__ #if defined (__STDC__) || defined (_MSC_VER) #include #ifndef __P #define __P(x) x #endif #else #ifndef __P #define __P(x) () #endif #endif #ifdef __STDC__ struct in_addr; struct sockaddr_in; struct timeval; #endif #ifndef KRB_LIB_FUNCTION #if defined(__BORLANDC__) #define KRB_LIB_FUNCTION /* not-ready-definition-yet */ #elif defined(_MSC_VER) #define KRB_LIB_FUNCTION /* not-ready-definition-yet2 */ #else #define KRB_LIB_FUNCTION #endif #endif void KRB_LIB_FUNCTION afs_string_to_key __P(( const char *str, const char *cell, des_cblock *key)); int KRB_LIB_FUNCTION create_ciph __P(( KTEXT c, unsigned char *session, char *service, char *instance, char *realm, u_int32_t life, int kvno, KTEXT tkt, u_int32_t kdc_time, des_cblock *key)); int KRB_LIB_FUNCTION cr_err_reply __P(( KTEXT pkt, char *pname, char *pinst, char *prealm, u_int32_t time_ws, u_int32_t e, char *e_string)); int KRB_LIB_FUNCTION decomp_ticket __P(( KTEXT tkt, unsigned char *flags, char *pname, char *pinstance, char *prealm, u_int32_t *paddress, unsigned char *session, int *life, u_int32_t *time_sec, char *sname, char *sinstance, des_cblock *key, des_key_schedule schedule)); int KRB_LIB_FUNCTION dest_tkt __P((void)); int KRB_LIB_FUNCTION get_ad_tkt __P(( char *service, char *sinstance, char *realm, int lifetime)); int KRB_LIB_FUNCTION getst __P(( int fd, char *s, int n)); int KRB_LIB_FUNCTION in_tkt __P(( char *pname, char *pinst)); int KRB_LIB_FUNCTION k_get_all_addrs __P((struct in_addr **l)); int KRB_LIB_FUNCTION k_gethostname __P(( char *name, int namelen)); int KRB_LIB_FUNCTION k_getportbyname __P(( const char *service, const char *proto, int default_port)); int KRB_LIB_FUNCTION k_getsockinst __P(( int fd, char *inst, size_t inst_size)); int KRB_LIB_FUNCTION k_isinst __P((char *s)); int KRB_LIB_FUNCTION k_isname __P((char *s)); int KRB_LIB_FUNCTION k_isrealm __P((char *s)); struct tm * KRB_LIB_FUNCTION k_localtime __P((u_int32_t *tp)); int KRB_LIB_FUNCTION kname_parse __P(( char *np, char *ip, char *rp, char *fullname)); int KRB_LIB_FUNCTION krb_atime_to_life __P((char *atime)); int KRB_LIB_FUNCTION krb_check_auth __P(( KTEXT packet, u_int32_t checksum, MSG_DAT *msg_data, des_cblock *session, struct des_ks_struct *schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr)); int KRB_LIB_FUNCTION krb_check_tm __P((struct tm tm)); KTEXT KRB_LIB_FUNCTION krb_create_death_packet __P((char *a_name)); int KRB_LIB_FUNCTION krb_create_ticket __P(( KTEXT tkt, unsigned char flags, char *pname, char *pinstance, char *prealm, int32_t paddress, void *session, int16_t life, int32_t time_sec, char *sname, char *sinstance, des_cblock *key)); int KRB_LIB_FUNCTION krb_decode_as_rep __P(( const char *user, char *instance, /* INOUT parameter */ const char *realm, const char *service, const char *sinstance, key_proc_t key_proc, decrypt_proc_t decrypt_proc, const void *arg, KTEXT as_rep, CREDENTIALS *cred)); int KRB_LIB_FUNCTION krb_disable_debug __P((void)); int KRB_LIB_FUNCTION krb_enable_debug __P((void)); int KRB_LIB_FUNCTION krb_equiv __P(( u_int32_t a, u_int32_t b)); int KRB_LIB_FUNCTION krb_get_address __P(( void *from, u_int32_t *to)); int KRB_LIB_FUNCTION krb_get_admhst __P(( char *host, char *realm, int nth)); int KRB_LIB_FUNCTION krb_get_config_bool __P((const char *variable)); const char * KRB_LIB_FUNCTION krb_get_config_string __P((const char *variable)); int KRB_LIB_FUNCTION krb_get_cred __P(( char *service, char *instance, char *realm, CREDENTIALS *c)); int KRB_LIB_FUNCTION krb_get_default_principal __P(( char *name, char *instance, char *realm)); char * KRB_LIB_FUNCTION krb_get_default_realm __P((void)); const char * KRB_LIB_FUNCTION krb_get_default_tkt_root __P((void)); const char * KRB_LIB_FUNCTION krb_get_default_keyfile __P((void)); const char * KRB_LIB_FUNCTION krb_get_err_text __P((int code)); struct krb_host* KRB_LIB_FUNCTION krb_get_host __P(( int nth, const char *realm, int admin)); int KRB_LIB_FUNCTION krb_get_in_tkt __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)); int KRB_LIB_FUNCTION krb_get_int __P(( void *f, u_int32_t *to, int size, int lsb)); int KRB_LIB_FUNCTION krb_get_kdc_time_diff __P((void)); int KRB_LIB_FUNCTION krb_get_krbconf __P(( int num, char *buf, size_t len)); int KRB_LIB_FUNCTION krb_get_krbextra __P(( int num, char *buf, size_t len)); int KRB_LIB_FUNCTION krb_get_krbhst __P(( char *host, char *realm, int nth)); int KRB_LIB_FUNCTION krb_get_krbrealms __P(( int num, char *buf, size_t len)); int KRB_LIB_FUNCTION krb_get_lrealm __P(( char *r, int n)); int KRB_LIB_FUNCTION krb_get_nir __P(( void *from, char *name, char *instance, char *realm)); char * KRB_LIB_FUNCTION krb_get_phost __P((const char *alias)); int KRB_LIB_FUNCTION krb_get_pw_in_tkt __P(( const char *user, const char *instance, const char *realm, const char *service, const char *sinstance, int life, const char *password)); int KRB_LIB_FUNCTION krb_get_pw_in_tkt2 __P(( const char *user, const char *instance, const char *realm, const char *service, const char *sinstance, int life, const char *password, des_cblock *key)); int KRB_LIB_FUNCTION krb_get_string __P(( void *from, char *to, size_t to_size)); int KRB_LIB_FUNCTION krb_get_svc_in_tkt __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *srvtab)); int KRB_LIB_FUNCTION krb_get_tf_fullname __P(( char *ticket_file, char *name, char *instance, char *realm)); int KRB_LIB_FUNCTION krb_get_tf_realm __P(( char *ticket_file, char *realm)); void KRB_LIB_FUNCTION krb_kdctimeofday __P((struct timeval *tv)); int KRB_LIB_FUNCTION krb_kntoln __P(( AUTH_DAT *ad, char *lname)); int KRB_LIB_FUNCTION krb_kuserok __P(( char *name, char *instance, char *realm, char *luser)); char * KRB_LIB_FUNCTION krb_life_to_atime __P((int life)); u_int32_t KRB_LIB_FUNCTION krb_life_to_time __P(( u_int32_t start, int life_)); int KRB_LIB_FUNCTION krb_lsb_antinet_ulong_cmp __P(( u_int32_t x, u_int32_t y)); int KRB_LIB_FUNCTION krb_lsb_antinet_ushort_cmp __P(( u_int16_t x, u_int16_t y)); int KRB_LIB_FUNCTION krb_mk_as_req __P(( const char *user, const char *instance, const char *realm, const char *service, const char *sinstance, int life, KTEXT cip)); int KRB_LIB_FUNCTION krb_mk_auth __P(( int32_t options, KTEXT ticket, char *service, char *instance, char *realm, u_int32_t checksum, char *version, KTEXT buf)); int32_t KRB_LIB_FUNCTION krb_mk_err __P(( u_char *p, int32_t e, char *e_string)); int32_t KRB_LIB_FUNCTION krb_mk_priv __P(( void *in, void *out, u_int32_t length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver)); int KRB_LIB_FUNCTION krb_mk_req __P(( KTEXT authent, char *service, char *instance, char *realm, int32_t checksum)); int32_t KRB_LIB_FUNCTION krb_mk_safe __P(( void *in, void *out, u_int32_t length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver)); int KRB_LIB_FUNCTION krb_net_read __P(( int fd, void *v, size_t len)); int KRB_LIB_FUNCTION krb_net_write __P(( int fd, const void *v, size_t len)); int KRB_LIB_FUNCTION krb_parse_name __P(( const char *fullname, krb_principal *principal)); int KRB_LIB_FUNCTION krb_put_address __P(( u_int32_t addr, void *to, size_t rem)); int KRB_LIB_FUNCTION krb_put_int __P(( u_int32_t from, void *to, size_t rem, int size)); int KRB_LIB_FUNCTION krb_put_nir __P(( const char *name, const char *instance, const char *realm, void *to, size_t rem)); int KRB_LIB_FUNCTION krb_put_string __P(( const char *from, void *to, size_t rem)); int KRB_LIB_FUNCTION krb_rd_err __P(( u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data)); int32_t KRB_LIB_FUNCTION krb_rd_priv __P(( void *in, u_int32_t in_length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data)); int KRB_LIB_FUNCTION krb_rd_req __P(( KTEXT authent, char *service, char *instance, int32_t from_addr, AUTH_DAT *ad, char *fn)); int32_t KRB_LIB_FUNCTION krb_rd_safe __P(( void *in, u_int32_t in_length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data)); int KRB_LIB_FUNCTION krb_realm_parse __P(( char *realm, int length)); char * KRB_LIB_FUNCTION krb_realmofhost __P((const char *host)); int KRB_LIB_FUNCTION krb_recvauth __P(( int32_t options, int fd, KTEXT ticket, char *service, char *instance, struct sockaddr_in *faddr, struct sockaddr_in *laddr, AUTH_DAT *kdata, char *filename, struct des_ks_struct *schedule, char *version)); int KRB_LIB_FUNCTION krb_sendauth __P(( int32_t options, int fd, KTEXT ticket, char *service, char *instance, char *realm, u_int32_t checksum, MSG_DAT *msg_data, CREDENTIALS *cred, struct des_ks_struct *schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr, char *version)); void KRB_LIB_FUNCTION krb_set_kdc_time_diff __P((int diff)); int KRB_LIB_FUNCTION krb_set_key __P(( void *key, int cvt)); int KRB_LIB_FUNCTION krb_set_lifetime __P((int newval)); void KRB_LIB_FUNCTION krb_set_tkt_string __P((const char *val)); const char * KRB_LIB_FUNCTION krb_stime __P((time_t *t)); int KRB_LIB_FUNCTION krb_time_to_life __P(( u_int32_t start, u_int32_t end)); char * KRB_LIB_FUNCTION krb_unparse_name __P((krb_principal *pr)); char * KRB_LIB_FUNCTION krb_unparse_name_long __P(( char *name, char *instance, char *realm)); char * KRB_LIB_FUNCTION krb_unparse_name_long_r __P(( char *name, char *instance, char *realm, char *fullname)); char * KRB_LIB_FUNCTION krb_unparse_name_r __P(( krb_principal *pr, char *fullname)); int KRB_LIB_FUNCTION krb_use_admin_server __P((int flag)); int KRB_LIB_FUNCTION krb_verify_user __P(( char *name, char *instance, char *realm, char *password, int secure, char *linstance)); int KRB_LIB_FUNCTION krb_verify_user_srvtab __P(( char *name, char *instance, char *realm, char *password, int secure, char *linstance, char *srvtab)); int KRB_LIB_FUNCTION kuserok __P(( AUTH_DAT *auth, char *luser)); u_int32_t KRB_LIB_FUNCTION lsb_time __P(( time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)); const char * KRB_LIB_FUNCTION month_sname __P((int n)); int KRB_LIB_FUNCTION passwd_to_5key __P(( const char *user, const char *instance, const char *realm, const void *passwd, des_cblock *key)); int KRB_LIB_FUNCTION passwd_to_afskey __P(( const char *user, const char *instance, const char *realm, const void *passwd, des_cblock *key)); int KRB_LIB_FUNCTION passwd_to_key __P(( const char *user, const char *instance, const char *realm, const void *passwd, des_cblock *key)); int KRB_LIB_FUNCTION read_service_key __P(( const char *service, char *instance, const char *realm, int kvno, const char *file, void *key)); int KRB_LIB_FUNCTION save_credentials __P(( char *service, char *instance, char *realm, unsigned char *session, int lifetime, int kvno, KTEXT ticket, int32_t issue_date)); int KRB_LIB_FUNCTION send_to_kdc __P(( KTEXT pkt, KTEXT rpkt, const char *realm)); int KRB_LIB_FUNCTION srvtab_to_key __P(( const char *user, char *instance, /* INOUT parameter */ const char *realm, const void *srvtab, des_cblock *key)); void KRB_LIB_FUNCTION tf_close __P((void)); int KRB_LIB_FUNCTION tf_create __P((char *tf_name)); int KRB_LIB_FUNCTION tf_get_cred __P((CREDENTIALS *c)); int KRB_LIB_FUNCTION tf_get_cred_addr __P((char *realm, size_t realm_sz, struct in_addr *addr)); int KRB_LIB_FUNCTION tf_get_pinst __P((char *inst)); int KRB_LIB_FUNCTION tf_get_pname __P((char *p)); int KRB_LIB_FUNCTION tf_init __P(( char *tf_name, int rw)); int KRB_LIB_FUNCTION tf_put_pinst __P((const char *inst)); int KRB_LIB_FUNCTION tf_put_pname __P((const char *p)); int KRB_LIB_FUNCTION tf_save_cred __P(( char *service, char *instance, char *realm, unsigned char *session, int lifetime, int kvno, KTEXT ticket, u_int32_t issue_date)); int KRB_LIB_FUNCTION tf_setup __P(( CREDENTIALS *cred, const char *pname, const char *pinst)); int KRB_LIB_FUNCTION tf_get_addr __P(( const char *realm, struct in_addr *addr)); int KRB_LIB_FUNCTION tf_store_addr __P((const char *realm, struct in_addr *addr)); char * KRB_LIB_FUNCTION tkt_string __P((void)); int KRB_LIB_FUNCTION krb_add_our_ip_for_realm __P((const char *user, const char *instance, const char *realm, const char *password)); #endif /* __krb_protos_h__ */ cyrus-sasl-2.1.25/mac/kerberos_includes/old_krb.h0000777000076400007640000003506707403027616016715 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/old_krb.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/old_krb.h,v 1.2 2001/12/04 02:06:06 rjs3 Exp $ * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Include file for the Kerberos library. */ #ifndef _KERBEROS_KRB_H #define _KERBEROS_KRB_H /* #pragma ident "@(#)krb.h 1.12 97/04/14 SMI" */ #include #include #ifdef __cplusplus extern "C" { #endif /* Text describing error codes */ #define KRB_ERRORS_TABLE_SIZE 256 #define MAX_KRB_ERRORS (KRB_ERRORS_TABLE_SIZE-1) extern char *krb_err_txt[KRB_ERRORS_TABLE_SIZE]; /* These are not defined for at least SunOS 3.3 and Ultrix 2.2 */ #if defined(ULTRIX022) || (defined(SunOS) && SunOS < 40) #define FD_ZERO(p) ((p)->fds_bits[0] = 0) #define FD_SET(n, p) ((p)->fds_bits[0] |= (1 << (n))) #define FD_ISSET(n, p) ((p)->fds_bits[0] & (1 << (n))) #endif /* ULTRIX022 || SunOS */ /* General definitions */ #define KSUCCESS 0 #define KFAILURE 255 #ifdef NO_UIDGID_T typedef unsigned short uid_t; typedef unsigned short gid_t; #endif /* NO_UIDGID_T */ /* * Kerberos specific definitions * * KRBLOG is the log file for the kerberos master server. KRB_CONF is * the configuration file where different host machines running master * and slave servers can be found. KRB_MASTER is the name of the * machine with the master database. The admin_server runs on this * machine, and all changes to the db (as opposed to read-only * requests, which can go to slaves) must go to it. KRB_HOST is the * default machine when looking for a kerberos slave server. Other * possibilities are in the KRB_CONF file. KRB_REALM is the name of * the realm. */ #ifdef notdef this is server - only, does not belong here; #define KRBLOG "/kerberos/kerberos.log" are these used anyplace '?'; #define VX_KRB_HSTFILE "/etc/krbhst" #define PC_KRB_HSTFILE "\\kerberos\\krbhst" #endif #define KRB_CONF "/etc/krb.conf" #define KRB_RLM_TRANS "/etc/krb.realms" #define KRB_MASTER "kerberos" #define KRB_HOST KRB_MASTER /* #define KRB_REALM "ATHENA.MIT.EDU" */ #define KRB_REALM krb_get_default_realm() char *krb_get_default_realm(); #ifdef NIS /* defines for use with NIS service */ #define KRB_CONF_MAP "krb.conf" /* conf NIS map name */ #define KRB_REALM_DEFKEY "DEFAULT_REALM" /* key for default realm */ #endif /* NIS */ /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* include space for '.' and '@' */ #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) #define KKEY_SZ 100 #define VERSION_SZ 1 #define MSG_TYPE_SZ 1 #define DATE_SZ 26 /* RTI date output */ #define MAX_HSTNM 100 #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ #define DEFAULT_TKT_LIFE 96 /* default lifetime for krb_mk_req */ /* & co., 8 hrs */ #endif /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { int length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ unsigned long mbz; /* zero to catch runaway */ /* strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; /* Definitions for send_to_kdc */ #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ #define CLIENT_KRB_RETRY 5 /* retry this many times */ #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ /* Definitions for ticket file utilities */ #define R_TKT_FIL 0 #define W_TKT_FIL 1 /* Definitions for cl_get_tgt */ #ifdef PC #define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" #else #define CL_GTGT_INIT_FILE "/etc/k_in_tkts" #endif /* PC */ /* Parameters for rd_ap_req */ /* Maximum alloable clock skew in seconds */ #define CLOCK_SKEW 5*60 /* Filename for readservkey */ #define KEYFILE "/etc/srvtab" /* Structure definition for rd_ap_req */ struct auth_dat { unsigned char k_flags; /* Flags from ticket */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* His Instance */ char prealm[REALM_SZ]; /* His Realm */ unsigned long checksum; /* Data checksum (opt) */ C_Block session; /* Session Key */ int life; /* Life of ticket */ unsigned long time_sec; /* Time ticket issued */ unsigned long address; /* Address in ticket */ KTEXT_ST reply; /* Auth reply (opt) */ }; typedef struct auth_dat AUTH_DAT; /* Structure definition for credentials returned by get_cred */ struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ C_Block session; /* Session key */ int lifetime; /* Lifetime */ int kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ long issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ unsigned long app_length; /* length of appl data */ unsigned long hash; /* hash to lookup replay */ int swap; /* swap bytes? */ long time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; /* Location of ticket file for save_cred and get_cred */ #ifdef PC #define TKT_FILE "\\kerberos\\ticket.ses" #else #define TKT_FILE tkt_string() #define TKT_ROOT "/tmp/tkt" #endif /* PC */ /* Error codes returned from the KDC */ #define KDC_OK 0 /* Request OK */ #define KDC_NAME_EXP 1 /* Principal expired */ #define KDC_SERVICE_EXP 2 /* Service expired */ #define KDC_AUTH_EXP 3 /* Auth expired */ #define KDC_PKT_VER 4 /* Protocol version unknown */ #define KDC_P_MKEY_VER 5 /* Wrong master key version */ #define KDC_S_MKEY_VER 6 /* Wrong master key version */ #define KDC_BYTE_ORDER 7 /* Byte order unknown */ #define KDC_PR_UNKNOWN 8 /* Principal unknown */ #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ #define KDC_NULL_KEY 10 /* Principal has null key */ #define KDC_GEN_ERR 20 /* Generic error from KDC */ /* Values returned by get_credentials */ #define GC_OK 0 /* Retrieve OK */ #define RET_OK 0 /* Retrieve OK */ #define GC_TKFIL 21 /* Can't read ticket file */ #define RET_TKFIL 21 /* Can't read ticket file */ #define GC_NOTKT 22 /* Can't find ticket or TGT */ #define RET_NOTKT 22 /* Can't find ticket or TGT */ /* Values returned by mk_ap_req */ #define MK_AP_OK 0 /* Success */ #define MK_AP_TGTEXP 26 /* TGT Expired */ /* Values returned by rd_ap_req */ #define RD_AP_OK 0 /* Request authentic */ #define RD_AP_UNDEC 31 /* Can't decode authenticator */ #define RD_AP_EXP 32 /* Ticket expired */ #define RD_AP_NYV 33 /* Ticket not yet valid */ #define RD_AP_REPEAT 34 /* Repeated request */ #define RD_AP_NOT_US 35 /* The ticket isn't for us */ #define RD_AP_INCON 36 /* Request is inconsistent */ #define RD_AP_TIME 37 /* delta_t too big */ #define RD_AP_BADD 38 /* Incorrect net address */ #define RD_AP_VERSION 39 /* protocol version mismatch */ #define RD_AP_MSG_TYPE 40 /* invalid msg type */ #define RD_AP_MODIFIED 41 /* message stream modified */ #define RD_AP_ORDER 42 /* message out of order */ #define RD_AP_UNAUTHOR 43 /* unauthorized request */ /* Values returned by get_pw_tkt */ #define GT_PW_OK 0 /* Got password changing tkt */ #define GT_PW_NULL 51 /* Current PW is null */ #define GT_PW_BADPW 52 /* Incorrect current password */ #define GT_PW_PROT 53 /* Protocol Error */ #define GT_PW_KDCERR 54 /* Error returned by KDC */ #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ /* Values returned by send_to_kdc */ #define SKDC_OK 0 /* Response received */ #define SKDC_RETRY 56 /* Retry count exceeded */ #define SKDC_CANT 57 /* Can't send request */ /* * Values returned by get_intkt * (can also return SKDC_* and KDC errors) */ #define INTK_OK 0 /* Ticket obtained */ #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ #define INTK_BADPW 62 /* Incorrect password */ #define INTK_PROT 63 /* Protocol Error */ #define INTK_ERR 70 /* Other error */ /* Values returned by get_adtkt */ #define AD_OK 0 /* Ticket Obtained */ #define AD_NOTGT 71 /* Don't have tgt */ /* Error codes returned by ticket file utilities */ #define NO_TKT_FIL 76 /* No ticket file found */ #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ #define TKT_FIL_FMT 79 /* Bad ticket file format */ #define TKT_FIL_INI 80 /* tf_init not called first */ /* Error code returned by kparse_name */ #define KNAME_FMT 81 /* Bad Kerberos name format */ /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ /* * macros for byte swapping; also scratch space * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 * u_long 0-->3, 1-->2, 2-->1, 3-->0 * u_short 0-->1, 1-->0 */ #define swap_u_16(x) {\ unsigned long _krb_swap_tmp[4]; \ swab(((char *)x) +0, ((char *)_krb_swap_tmp) +14, 2); \ swab(((char *)x) +2, ((char *)_krb_swap_tmp) +12, 2); \ swab(((char *)x) +4, ((char *)_krb_swap_tmp) +10, 2); \ swab(((char *)x) +6, ((char *)_krb_swap_tmp) +8, 2); \ swab(((char *)x) +8, ((char *)_krb_swap_tmp) +6, 2); \ swab(((char *)x) +10, ((char *)_krb_swap_tmp) +4, 2); \ swab(((char *)x) +12, ((char *)_krb_swap_tmp) +2, 2); \ swab(((char *)x) +14, ((char *)_krb_swap_tmp) +0, 2); \ memcpy((char *)x, (char *)_krb_swap_tmp, 16); \ } #define swap_u_12(x) {\ unsigned long _krb_swap_tmp[4]; \ swab(((char *)x) +0, ((char *)_krb_swap_tmp) +10, 2); \ swab(((char *)x) +2, ((char *)_krb_swap_tmp) +8, 2); \ swab(((char *)x) +4, ((char *)_krb_swap_tmp) +6, 2); \ swab(((char *)x) +6, ((char *)_krb_swap_tmp) +4, 2); \ swab(((char *)x) +8, ((char *)_krb_swap_tmp) +2, 2); \ swab(((char *)x) +10, ((char *)_krb_swap_tmp) +0, 2); \ memcpy((char *)x, (char *)_krb_swap_tmp, 12); \ } #define swap_C_Block(x) {\ unsigned long _krb_swap_tmp[4]; \ swab(((char *)x) +0, ((char *)_krb_swap_tmp) +6, 2); \ swab(((char *)x) +2, ((char *)_krb_swap_tmp) +4, 2); \ swab(((char *)x) +4, ((char *)_krb_swap_tmp) +2, 2); \ swab(((char *)x) +6, ((char *)_krb_swap_tmp) +0, 2); \ memcpy((char *)x, (char *)_krb_swap_tmp, 8); \ } #define swap_u_quad(x) {\ unsigned long _krb_swap_tmp[4]; \ swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +6, 2); \ swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +4, 2); \ swab(((char *)&x) +4, ((char *)_krb_swap_tmp) +2, 2); \ swab(((char *)&x) +6, ((char *)_krb_swap_tmp) +0, 2); \ memcpy((char *)&x, (char *)_krb_swap_tmp, 8); \ } #define swap_u_long(x) { \ unsigned long _krb_swap_tmp[4]; \ swab(((char *)&x) +0, ((char *)_krb_swap_tmp) +2, 2); \ swab(((char *)&x) +2, ((char *)_krb_swap_tmp) +0, 2); \ x = _krb_swap_tmp[0]; \ } #define swap_u_short(x) {\ unsigned short _krb_swap_sh_tmp; \ swab(((char *)&x), (&_krb_swap_sh_tmp), 2); \ x = (unsigned short) _krb_swap_sh_tmp; \ } /* Kerberos ticket flag field bit definitions */ #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ #define K_FLAG_1 /* reserved */ #define K_FLAG_2 /* reserved */ #define K_FLAG_3 /* reserved */ #define K_FLAG_4 /* reserved */ #define K_FLAG_5 /* reserved */ #define K_FLAG_6 /* reserved */ #define K_FLAG_7 /* reserved, bit 7 --> msb */ #ifndef PC char *tkt_string(); #endif /* PC */ /* * forward declartion otherwise need to include netinet/in.h */ struct sockaddr_in; #ifdef OLDNAMES #define krb_mk_req mk_ap_req #define krb_rd_req rd_ap_req #define krb_kntoln an_to_ln #define krb_set_key set_serv_key #define krb_get_cred get_credentials #define krb_mk_priv mk_private_msg #define krb_rd_priv rd_private_msg #define krb_mk_safe mk_safe_msg #define krb_rd_safe rd_safe_msg #define krb_mk_err mk_appl_err_msg #define krb_rd_err rd_appl_err_msg #define krb_ck_repl check_replay #define krb_get_pw_in_tkt get_in_tkt #define krb_get_svc_in_tkt get_svc_in_tkt #define krb_get_pw_tkt get_pw_tkt #define krb_realmofhost krb_getrealm #define krb_get_phost get_phost #define krb_get_krbhst get_krbhst #define krb_get_lrealm get_krbrlm #else #ifdef __STDC__ extern int krb_mk_req(KTEXT, char *, char *, char *, long); extern int krb_rd_req(KTEXT, char *, char *, long, AUTH_DAT *, char *); extern int krb_kntoln(AUTH_DAT *, char *); extern int krb_set_key(char *, int); extern int krb_get_cred(char *, char *, char *, CREDENTIALS *); extern long krb_mk_safe(unsigned char *, unsigned char *, unsigned long, C_Block *, struct sockaddr_in *, struct sockaddr_in *); extern long krb_rd_safe(unsigned char *, unsigned long, C_Block *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *); extern long krb_mk_err(unsigned char *, long, char *); extern int krb_rd_err(unsigned char *, unsigned long, long *, MSG_DAT *); extern char *krb_realmofhost(char *); extern char *krb_get_phost(char *); extern int krb_get_krbhst(char *, char *, int); extern int krb_get_admhst(char *, char *, int); extern int krb_get_lrealm(char *realm, int n); extern int krb_sendauth(long, int, KTEXT, char *, char *, char *, unsigned long, MSG_DAT *, CREDENTIALS *, Key_schedule, struct sockaddr_in *, struct sockaddr_in *, char *); extern int krb_recvauth(long, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, Key_schedule, char *); extern int krb_net_write(int, char *, int); extern int krb_net_read(int, char *, int); extern void krb_set_tkt_string(char *); #else extern int krb_mk_req(); extern int krb_rd_req(); extern int krb_kntoln(); extern int krb_set_key(); extern int krb_get_cred(); extern long krb_mk_safe(); extern long krb_rd_safe(); extern long krb_mk_err(); extern int krb_rd_err(); extern char *krb_realmofhost(); extern char *krb_get_phost(); extern int krb_get_krbhst(); extern int krb_get_admhst(); extern int krb_get_lrealm(); extern int krb_sendauth(); extern int krb_recvauth(); extern int krb_net_write(); extern int krb_net_read(); extern void krb_set_tkt_string(); #endif /* __STDC__ */ #endif /* OLDNAMES */ /* Defines for krb_sendauth and krb_recvauth */ #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ #define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst */ /* as a hostname */ #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ #ifdef ATHENA_COMPAT #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ #endif /* ATHENA_COMPAT */ #ifdef __cplusplus } #endif #endif /* _KERBEROS_KRB_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/lsb_addr_comp.h0000777000076400007640000000315607403027615020062 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/lsb_addr_comp.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/lsb_addr_comp.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Comparison macros to emulate LSBFIRST comparison results of network * byte-order quantities */ #ifndef _KERBEROS_LSB_ADDR_COMP_H #define _KERBEROS_LSB_ADDR_COMP_H #pragma ident "@(#)lsb_addr_comp.h 1.4 93/02/04 SMI" #include #include #ifdef __cplusplus extern "C" { #endif #ifdef LSBFIRST #define lsb_net_ulong_less(x, y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) #define lsb_net_ushort_less(x, y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) #else /* MSBFIRST */ #define u_char_comp(x, y) \ (((x) > (y)) ? (1) : (((x) == (y)) ? (0) : (-1))) /* This is gross, but... */ #define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y) #define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y) #define long_less_than(x, y) \ (u_char_comp((x)[3], (y)[3]) ? u_char_comp((x)[3], (y)[3]) : \ (u_char_comp((x)[2], (y)[2]) ? u_char_comp((x)[2], (y)[2]) : \ (u_char_comp((x)[1], (y)[1]) ? u_char_comp((x)[1], (y)[1]) : \ (u_char_comp((x)[0], (y)[0]))))) #define short_less_than(x, y) \ (u_char_comp((x)[1], (y)[1]) ? u_char_comp((x)[1], (y)[1]) : \ (u_char_comp((x)[0], (y)[0]))) #endif /* LSBFIRST */ #ifdef __cplusplus } #endif #endif /* _KERBEROS_LSB_ADDR_COMP_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/prot.h0000777000076400007640000000637107403027616016261 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/prot.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/prot.h,v 1.2 2001/12/04 02:06:06 rjs3 Exp $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file * . * * Include file with authentication protocol information. */ #ifndef _KERBEROS_PROT_H #define _KERBEROS_PROT_H #ifdef RUBBISH #pragma ident "@(#)prot.h 1.3 92/07/14 SMI" #endif //#include #ifdef RUBBISH #include #endif #ifdef __cplusplus extern "C" { #endif #define KRB_PORT 750 /* PC's don't have */ /* /etc/services */ #define KRB_PROT_VERSION 4 #define MAX_PKT_LEN 1000 #define MAX_TXT_LEN 1000 #define TICKET_GRANTING_TICKET "krbtgt" /* Macro's to obtain various fields from a packet */ #define pkt_version(packet) (unsigned int) *(packet->dat) #define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) #define pkt_a_name(packet) (packet->dat+2) #define pkt_a_inst(packet) \ (packet->dat+3+strlen((char *)pkt_a_name(packet))) #define pkt_a_realm(packet) \ (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) /* Macro to obtain realm from application request */ #define apreq_realm(auth) (auth->dat + 3) #define pkt_time_ws(packet) (char *) \ (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) #define pkt_no_req(packet) (unsigned short) \ *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) #define pkt_x_date(packet) (char *) \ (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) #define pkt_err_code(packet) ((char *) \ (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet)))) #define pkt_err_text(packet) \ (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) /* Routines to create and read packets may be found in prot.c */ #ifdef RUBBISH KTEXT create_auth_reply(); KTEXT create_death_packet(); KTEXT pkt_cipher(); #endif /* Message types , always leave lsb for byte order */ #define AUTH_MSG_KDC_REQUEST 1<<1 #define AUTH_MSG_KDC_REPLY 2<<1 #define AUTH_MSG_APPL_REQUEST 3<<1 #define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 #define AUTH_MSG_ERR_REPLY 5<<1 #define AUTH_MSG_PRIVATE 6<<1 #define AUTH_MSG_SAFE 7<<1 #define AUTH_MSG_APPL_ERR 8<<1 #define AUTH_MSG_DIE 63<<1 /* values for kerb error codes */ #define KERB_ERR_OK 0 #define KERB_ERR_NAME_EXP 1 #define KERB_ERR_SERVICE_EXP 2 #define KERB_ERR_AUTH_EXP 3 #define KERB_ERR_PKT_VER 4 #define KERB_ERR_NAME_MAST_KEY_VER 5 #define KERB_ERR_SERV_MAST_KEY_VER 6 #define KERB_ERR_BYTE_ORDER 7 #define KERB_ERR_PRINCIPAL_UNKNOWN 8 #define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 #define KERB_ERR_NULL_KEY 10 #ifdef __cplusplus } #endif #endif /* _KERBEROS_PROT_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/klog.h0000777000076400007640000000347407403027615016231 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/klog.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/klog.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * This file defines the types of log messages logged by klog. Each * type of message may be selectively turned on or off. */ #ifndef _KERBEROS_KLOG_H #define _KERBEROS_KLOG_H #pragma ident "@(#)klog.h 1.3 92/07/14 SMI" #include #ifdef __cplusplus extern "C" { #endif #define KRBLOG "/kerberos/kerberos.log" /* master server */ #define KRBSLAVELOG "/kerberos/kerberos_slave.log" /* master server */ #define NLOGTYPE 100 /* Maximum number of log msg types */ #define L_NET_ERR 1 /* Error in network code */ #define L_NET_INFO 2 /* Info on network activity */ #define L_KRB_PERR 3 /* Kerberos protocol errors */ #define L_KRB_PINFO 4 /* Kerberos protocol info */ #define L_INI_REQ 5 /* Request for initial ticket */ #define L_NTGT_INTK 6 /* Initial request not for TGT */ #define L_DEATH_REQ 7 /* Request for server death */ #define L_TKT_REQ 8 /* All ticket requests using a tgt */ #define L_ERR_SEXP 9 /* Service expired */ #define L_ERR_MKV 10 /* Master key version incorrect */ #define L_ERR_NKY 11 /* User's key is null */ #define L_ERR_NUN 12 /* Principal not unique */ #define L_ERR_UNK 13 /* Principal Unknown */ #define L_ALL_REQ 14 /* All requests */ #define L_APPL_REQ 15 /* Application requests (using tgt) */ #define L_KRB_PWARN 16 /* Protocol warning messages */ char *klog(); #ifdef __cplusplus } #endif #endif /* _KERBEROS_KLOG_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/kparse.h0000777000076400007640000000514307403027615016555 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/kparse.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/kparse.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Include file for kparse routines. */ #ifndef _KERBEROS_KPARSE_H #define _KERBEROS_KPARSE_H #pragma ident "@(#)kparse.h 1.4 93/11/01 SMI" #include #ifdef __cplusplus extern "C" { #endif /* * values returned by fGetParameterSet() */ #define PS_BAD_KEYWORD -2 /* unknown or duplicate keyword */ #define PS_SYNTAX -1 /* syntax error */ #define PS_OKAY 0 /* got a complete parameter set */ #define PS_EOF 1 /* nothing more in the file */ /* * values returned by fGetKeywordValue() */ #define KV_SYNTAX -2 /* syntax error */ #define KV_EOF -1 /* nothing more in the file */ #define KV_OKAY 0 /* got a keyword/value pair */ #define KV_EOL 1 /* nothing more on this line */ /* * values returned by fGetToken() */ #define GTOK_BAD_QSTRING -1 /* newline found in quoted string */ #define GTOK_EOF 0 /* end of file encountered */ #define GTOK_QSTRING 1 /* quoted string */ #define GTOK_STRING 2 /* unquoted string */ #define GTOK_NUMBER 3 /* one or more digits */ #define GTOK_PUNK 4 /* punks are punctuation, newline, etc. */ #define GTOK_WHITE 5 /* one or more whitespace chars */ /* * extended character classification macros */ #define ISOCTAL(CH) ((CH >= '0') && (CH <= '7')) #define ISQUOTE(CH) ((CH == '\"') || (CH == '\'') || (CH == '`')) #define ISWHITESPACE(C) ((C == ' ') || (C == '\t')) #define ISLINEFEED(C) ((C == '\n') || (C == '\r') || (C == '\f')) /* * tokens consist of any printable charcacter except comma, equal, or * whitespace */ #define ISTOKENCHAR(C) ((C > 040) && (C < 0177) && (C != ',') && (C != '=')) /* * the parameter table defines the keywords that will be recognized by * fGetParameterSet, and their default values if not specified. */ typedef struct { char *keyword; char *defvalue; char *value; } parmtable; #define PARMCOUNT(P) (sizeof (P)/sizeof (P[0])) extern int LineNbr; /* current line # in parameter file */ extern char ErrorMsg[]; /* meaningful only when KV_SYNTAX, */ /* PS_SYNTAX, or PS_BAD_KEYWORD is */ /* returned by fGetKeywordValue or */ /* fGetParameterSet */ extern char *strsave(); /* defined in this module */ extern char *strutol(); /* defined in this module */ #ifdef __cplusplus } #endif #endif /* _KERBEROS_KPARSE_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/conf.h0000777000076400007640000000337607403027615016223 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/conf.h,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/conf.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Configuration info for operating system, hardware description, * language implementation, C library, etc. * * This file should be included in (almost) every file in the Kerberos * sources, and probably should *not* be needed outside of those * sources. (How do we deal with /usr/include/des.h and * /usr/include/krb.h?) */ #ifndef _KERBEROS_CONF_H #define _KERBEROS_CONF_H #pragma ident "@(#)conf.h 1.5 93/02/04 SMI" #include #include #ifdef SHORTNAMES #include #endif #ifdef __cplusplus extern "C" { #endif /* * Language implementation-specific definitions */ /* special cases */ #ifdef __HIGHC__ /* broken implementation of ANSI C */ #undef __STDC__ #endif #ifndef __STDC__ #define const #define volatile #define signed typedef char *pointer; /* pointer to generic data */ #define PROTOTYPE(p) () #else typedef void *pointer; #define PROTOTYPE(p) p #endif /* Does your compiler understand "void"? */ #ifdef notdef #define void int #endif /* * A few checks to see that necessary definitions are included. */ /* byte order */ #ifndef MSBFIRST #ifndef LSBFIRST /* #error byte order not defined */ Error: byte order not defined. #endif #endif /* machine size */ #ifndef BITS16 #ifndef BITS32 Error: how big is this machine anyways? #endif #endif /* end of checks */ #ifdef __cplusplus } #endif #endif /* _KERBEROS_CONF_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/ktypes.h0000777000076400007640000000055407403027615016610 00000000000000#ifndef __KTYPES_H__ #define __KTYPES_H__ typedef unsigned char u_char; typedef signed char int8_t; typedef unsigned char u_int8_t; typedef short int16_t; typedef unsigned short u_int16_t; #if TARGET_API_MAC_CARBON typedef long int32_t; typedef unsigned long u_int32_t; #else typedef int int32_t; typedef unsigned int u_int32_t; #endif #endif /* __KTYPES_H__ */ cyrus-sasl-2.1.25/mac/kerberos_includes/osconf.h0000777000076400007640000000305607403027616016561 00000000000000/* * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/osconf.h * $Author: rjs3 $ * $Header: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/osconf.h * 4.4 89/12/19 13:26:27 jtkohl Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Athena configuration. */ #ifndef _KERBEROS_OSCONF_H #define _KERBEROS_OSCONF_H #pragma ident "@(#)osconf.h 1.7 94/07/29 SMI" #include #ifdef tahoe #include #else /* !tahoe */ #ifdef vax #include #else /* !vax */ #if defined(mips) && defined(ultrix) #include #else /* !Ultrix MIPS-2 */ #ifdef ibm032 #include #else /* !ibm032 */ #ifdef apollo #include #else /* !apollo */ #ifdef sun #ifdef sparc #if defined(SunOS) && SunOS >= 50 #include #else #include #endif #else /* sun but not sparc */ #ifdef i386 #include #else /* sun but not sparc or i386 */ #ifdef __ppc #include #else /* sun but not (sparc, i386, or ppc) */ #include #endif /* ppc */ #endif /* i386 */ #endif /* sparc */ #else /* !sun */ #ifdef pyr #include #endif /* pyr */ #endif /* sun */ #endif /* apollo */ #endif /* ibm032 */ #endif /* mips */ #endif /* vax */ #endif /* tahoe */ #endif /* _KERBEROS_OSCONF_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/kerberos/0000777000076400007640000000000011632367343017011 500000000000000cyrus-sasl-2.1.25/mac/kerberos_includes/kerberos/des.h0000777000076400007640000003025307403027617017661 00000000000000/* crypto/des/des.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_DES_H #define HEADER_DES_H #ifdef __cplusplus extern "C" { #endif #include #if (defined(__MWERKS__)&&defined(__MC68K__)&&(!defined(DESLIB_CFM68K_NO_IMPORTS))) #pragma import on #define UNDO_CFM68K_IMPORT #endif #ifndef DES_LIB_FUNCTION #if defined(__BORLANDC__) #define DES_LIB_FUNCTION /* not-ready-definition-yet */ #elif defined(_MSC_VER) #define DES_LIB_FUNCTION /* not-ready-definition-yet2 */ #else #define DES_LIB_FUNCTION #endif #endif /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG #if defined(__alpha) #define DES_LONG unsigned int #else /* Not a 64 bit machine */ #define DES_LONG unsigned long #endif #endif typedef unsigned char des_cblock[8]; typedef struct des_ks_struct { union { des_cblock _; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG pad[2]; } ks; #undef _ #define _ ks._ } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 #define DES_CBC_MODE 0 #define DES_PCBC_MODE 1 #define des_ecb2_encrypt(i,o,k1,k2,e) \ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) #define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) #define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) #define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) #define C_Block des_cblock #define Key_schedule des_key_schedule #ifdef KERBEROS #define ENCRYPT DES_ENCRYPT #define DECRYPT DES_DECRYPT #endif #define KEY_SZ DES_KEY_SZ #define string_to_key des_string_to_key #define read_pw_string des_read_pw_string #define random_key des_random_key #define pcbc_encrypt des_pcbc_encrypt #define set_key des_set_key #define key_sched des_key_sched #define ecb_encrypt des_ecb_encrypt #define cbc_encrypt des_cbc_encrypt #define ncbc_encrypt des_ncbc_encrypt #define xcbc_encrypt des_xcbc_encrypt #define cbc_cksum des_cbc_cksum #define quad_cksum des_quad_cksum /* For compatibility with the MIT lib - eay 20/05/92 */ typedef des_key_schedule bit_64; #define des_fixup_key_parity des_set_odd_parity #define des_check_key_parity check_parity extern int des_check_key; /* defaults to false */ extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ #ifdef cplusplus extern "C" { #endif /* The next line is used to disable full ANSI prototypes, if your * compiler has problems with the prototypes, make sure this line always * evaluates to true :-) */ #if defined(MSDOS) || defined(__STDC__) #undef NOPROTO #endif #ifndef NOPROTO char *DES_LIB_FUNCTION des_options(void); void DES_LIB_FUNCTION des_ecb3_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc); DES_LONG DES_LIB_FUNCTION des_cbc_cksum(des_cblock *input,des_cblock *output, long length,des_key_schedule schedule,des_cblock *ivec); void DES_LIB_FUNCTION des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); void DES_LIB_FUNCTION des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); void DES_LIB_FUNCTION des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec, des_cblock *inw,des_cblock *outw,int enc); void DES_LIB_FUNCTION des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule sk1,des_key_schedule sk2, des_cblock *ivec1,des_cblock *ivec2,int enc); void DES_LIB_FUNCTION des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, long length,des_key_schedule schedule,des_cblock *ivec,int enc); void DES_LIB_FUNCTION des_ecb_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks,int enc); void DES_LIB_FUNCTION des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); void DES_LIB_FUNCTION des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); void DES_LIB_FUNCTION des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3); void DES_LIB_FUNCTION des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3); void DES_LIB_FUNCTION des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc); void DES_LIB_FUNCTION des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num, int encrypt); void DES_LIB_FUNCTION des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num); int DES_LIB_FUNCTION des_enc_read(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); int DES_LIB_FUNCTION des_enc_write(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); char *DES_LIB_FUNCTION des_fcrypt(const char *buf,const char *salt, char *ret); #ifdef PERL5 char *des_crypt(const char *buf,const char *salt); #else /* some stupid compilers complain because I have declared char instead * of const char */ #ifdef HEADER_DES_LOCL_H char *DES_LIB_FUNCTION crypt(const char *buf,const char *salt); #else char *crypt(); #endif #endif void DES_LIB_FUNCTION des_ofb_encrypt(unsigned char *in,unsigned char *out, int numbits,long length,des_key_schedule schedule,des_cblock *ivec); void DES_LIB_FUNCTION des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); DES_LONG DES_LIB_FUNCTION des_quad_cksum(des_cblock *input,des_cblock *output, long length,int out_count,des_cblock *seed); void DES_LIB_FUNCTION des_random_seed(des_cblock key); void DES_LIB_FUNCTION des_random_key(des_cblock ret); int DES_LIB_FUNCTION des_read_password(des_cblock *key,char *prompt,int verify); int DES_LIB_FUNCTION des_read_2passwords(des_cblock *key1,des_cblock *key2, char *prompt,int verify); int DES_LIB_FUNCTION des_read_pw_string(char *buf,int length,char *prompt,int verify); void DES_LIB_FUNCTION des_set_odd_parity(des_cblock *key); int DES_LIB_FUNCTION des_is_weak_key(des_cblock *key); int DES_LIB_FUNCTION des_set_key(des_cblock *key,des_key_schedule schedule); int DES_LIB_FUNCTION des_key_sched(des_cblock *key,des_key_schedule schedule); void DES_LIB_FUNCTION des_string_to_key(char *str,des_cblock *key); void DES_LIB_FUNCTION des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); void DES_LIB_FUNCTION des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule schedule, des_cblock *ivec, int *num, int enc); void DES_LIB_FUNCTION des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule schedule, des_cblock *ivec, int *num); /* Extra functions from Mark Murray */ void DES_LIB_FUNCTION des_cblock_print_file(des_cblock *cb, FILE *fp); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ int DES_LIB_FUNCTION des_new_random_key(des_cblock *key); void DES_LIB_FUNCTION des_init_random_number_generator(des_cblock *key); void DES_LIB_FUNCTION des_set_random_generator_seed(des_cblock *key); void DES_LIB_FUNCTION des_set_sequence_number(des_cblock new_sequence_number); void DES_LIB_FUNCTION des_generate_random_block(des_cblock *block); void DES_LIB_FUNCTION des_rand_data(unsigned char *data, int size); #else char *des_options(); void des_ecb3_encrypt(); DES_LONG des_cbc_cksum(); void des_cbc_encrypt(); void des_ncbc_encrypt(); void des_xcbc_encrypt(); void des_3cbc_encrypt(); void des_cfb_encrypt(); void des_ede3_cfb64_encrypt(); void des_ede3_ofb64_encrypt(); void des_ecb_encrypt(); void des_encrypt(); void des_encrypt2(); void des_encrypt3(); void des_decrypt3(); void des_ede3_cbc_encrypt(); int des_enc_read(); int des_enc_write(); char *des_fcrypt(); #ifdef PERL5 char *des_crypt(); #else char *crypt(); #endif void des_ofb_encrypt(); void des_pcbc_encrypt(); DES_LONG des_quad_cksum(); void des_random_seed(); void des_random_key(); int des_read_password(); int des_read_2passwords(); int des_read_pw_string(); void des_set_odd_parity(); int des_is_weak_key(); int des_set_key(); int des_key_sched(); void des_string_to_key(); void des_string_to_2keys(); void des_cfb64_encrypt(); void des_ofb64_encrypt(); /* Extra functions from Mark Murray */ void des_cblock_print_file(); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ int des_new_random_key(); void des_init_random_number_generator(); void des_set_random_generator_seed(); void des_set_sequence_number(); void des_generate_random_block(); void des_rand_data(); #endif #ifdef UNDO_CFM68K_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif #endif cyrus-sasl-2.1.25/mac/kerberos_includes/kerberos/mit-copyright.h0000777000076400007640000000222407403027617021702 00000000000000/* * Copyright (C) 1989 by the Massachusetts Institute of Technology * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * */ #ifndef _KERBEROS_MIT_COPYRIGHT_H #define _KERBEROS_MIT_COPYRIGHT_H /* #pragma ident "@(#)mit-copyright.h 1.4 93/02/04 SMI" */ #endif /* _KERBEROS_MIT_COPYRIGHT_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/kerberos/des.h.unix0000777000076400007640000000301007403027617020632 00000000000000/* * $Source: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/kerberos/des.h.unix,v $ * $Author: rjs3 $ * $Header: /afs/andrew/system/cvs/src/sasl/mac/kerberos_includes/kerberos/des.h.unix,v 1.2 2001/12/04 02:06:07 rjs3 Exp $ * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Include file for the Data Encryption Standard library. */ #ifndef _KERBEROS_DES_H #define _KERBEROS_DES_H /* #pragma ident "@(#)des.h 1.5 93/05/27 SMI" */ #include #ifdef __cplusplus extern "C" { #endif typedef unsigned char des_cblock[8]; /* crypto-block size */ /* Key schedule */ typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; #define DES_KEY_SZ (sizeof (des_cblock)) #define KRBDES_ENCRYPT 1 #define KRBDES_DECRYPT 0 #ifndef NCOMPAT #define C_Block des_cblock #define Key_schedule des_key_schedule #define ENCRYPT KRBDES_ENCRYPT #define DECRYPT KRBDES_DECRYPT #define KEY_SZ DES_KEY_SZ #define string_to_key des_string_to_key #define read_pw_string des_read_pw_string #define random_key des_random_key #define pcbc_encrypt des_pcbc_encrypt #define key_sched des_key_sched #define cbc_encrypt des_cbc_encrypt #define cbc_cksum des_cbc_cksum #define C_Block_print des_cblock_print #define quad_cksum des_quad_cksum typedef struct des_ks_struct bit_64; #endif #define des_cblock_print(x) des_cblock_print_file(x, stdout) #ifdef __cplusplus } #endif #endif /* _KERBEROS_DES_H */ cyrus-sasl-2.1.25/mac/kerberos_includes/krb.h0000777000076400007640000002463407403027615016054 00000000000000/* * $Id: krb.h,v 1.2 2001/12/04 02:06:05 rjs3 Exp $ * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Include file for the Kerberos library. */ #if !defined (__STDC__) && !defined(_MSC_VER) #define const #define signed #endif #include #include #ifndef __KRB_H__ #define __KRB_H__ /* XXX */ #ifndef __BEGIN_DECLS #if defined(__cplusplus) #define __BEGIN_DECLS extern "C" { #define __END_DECLS }; #else #define __BEGIN_DECLS #define __END_DECLS #endif #endif #if defined (__STDC__) || defined (_MSC_VER) #ifndef __P #define __P(x) x #endif #else #ifndef __P #define __P(x) () #endif #endif __BEGIN_DECLS /* Need some defs from des.h */ #if !defined(NOPROTO) && !defined(__STDC__) #define NOPROTO #endif #include /* CNS compatibility ahead! */ #ifndef KRB_INT32 #define KRB_INT32 int32_t #endif #ifndef KRB_UINT32 #define KRB_UINT32 u_int32_t #endif /* Global library variables. */ extern int krb_ignore_ip_address; /* To turn off IP address comparison */ extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ extern int krbONE; #define HOST_BYTE_ORDER (* (char *) &krbONE) /* Debug variables */ extern int krb_debug; extern int krb_ap_req_debug; extern int krb_dns_debug; /* Text describing error codes */ #define MAX_KRB_ERRORS 256 extern const char *krb_err_txt[MAX_KRB_ERRORS]; /* General definitions */ #define KSUCCESS 0 #define KFAILURE 255 /* * Kerberos specific definitions * * KRBLOG is the log file for the kerberos master server. KRB_CONF is * the configuration file where different host machines running master * and slave servers can be found. KRB_MASTER is the name of the * machine with the master database. The admin_server runs on this * machine, and all changes to the db (as opposed to read-only * requests, which can go to slaves) must go to it. KRB_HOST is the * default machine * when looking for a kerberos slave server. Other * possibilities are * in the KRB_CONF file. KRB_REALM is the name of * the realm. */ /* /etc/kerberosIV is only for backwards compatibility, don't use it! */ #ifndef KRB_CONF #define KRB_CONF "/etc/krb.conf" #endif #ifndef KRB_RLM_TRANS #define KRB_RLM_TRANS "/etc/krb.realms" #endif #ifndef KRB_CNF_FILES #define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0} #endif #ifndef KRB_RLM_FILES #define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0} #endif #ifndef KRB_EQUIV #define KRB_EQUIV "/etc/krb.equiv" #endif #define KRB_MASTER "kerberos" #ifndef KRB_REALM #define KRB_REALM (krb_get_default_realm()) #endif /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* Leave space for quoting */ #define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) #define KKEY_SZ 100 #define VERSION_SZ 1 #define MSG_TYPE_SZ 1 #define DATE_SZ 26 /* RTI date output */ #define MAX_HSTNM 100 /* for compatibility */ typedef struct krb_principal{ char name[ANAME_SZ]; char instance[INST_SZ]; char realm[REALM_SZ]; }krb_principal; #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ /* default lifetime for krb_mk_req & co., 10 hrs */ #define DEFAULT_TKT_LIFE 141 #endif #define KRB_TICKET_GRANTING_TICKET "krbtgt" /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { unsigned int length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ u_int32_t mbz; /* zero to catch runaway strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; /* Definitions for send_to_kdc */ #define CLIENT_KRB_TIMEOUT 4 /* default time between retries */ #define CLIENT_KRB_RETRY 5 /* retry this many times */ #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ /* Definitions for ticket file utilities */ #define R_TKT_FIL 0 #define W_TKT_FIL 1 /* Parameters for rd_ap_req */ /* Maximum alloable clock skew in seconds */ #define CLOCK_SKEW 5*60 /* Filename for readservkey */ #ifndef KEYFILE #define KEYFILE (krb_get_default_keyfile()) #endif /* Structure definition for rd_ap_req */ struct auth_dat { unsigned char k_flags; /* Flags from ticket */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* His Instance */ char prealm[REALM_SZ]; /* His Realm */ u_int32_t checksum; /* Data checksum (opt) */ des_cblock session; /* Session Key */ int life; /* Life of ticket */ u_int32_t time_sec; /* Time ticket issued */ u_int32_t address; /* Address in ticket */ KTEXT_ST reply; /* Auth reply (opt) */ }; typedef struct auth_dat AUTH_DAT; /* Structure definition for credentials returned by get_cred */ struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ des_cblock session; /* Session key */ int lifetime; /* Lifetime */ int kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ int32_t issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ u_int32_t app_length; /* length of appl data */ u_int32_t hash; /* hash to lookup replay */ int swap; /* swap bytes? */ int32_t time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; struct krb_host { char *realm; char *host; enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto; int port; int admin; }; /* Location of ticket file for save_cred and get_cred */ #define TKT_FILE tkt_string() #ifndef TKT_ROOT #define TKT_ROOT (krb_get_default_tkt_root()) #endif /* Error codes returned from the KDC */ #define KDC_OK 0 /* Request OK */ #define KDC_NAME_EXP 1 /* Principal expired */ #define KDC_SERVICE_EXP 2 /* Service expired */ #define KDC_AUTH_EXP 3 /* Auth expired */ #define KDC_PKT_VER 4 /* Protocol version unknown */ #define KDC_P_MKEY_VER 5 /* Wrong master key version */ #define KDC_S_MKEY_VER 6 /* Wrong master key version */ #define KDC_BYTE_ORDER 7 /* Byte order unknown */ #define KDC_PR_UNKNOWN 8 /* Principal unknown */ #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ #define KDC_NULL_KEY 10 /* Principal has null key */ #define KDC_GEN_ERR 20 /* Generic error from KDC */ /* Values returned by get_credentials */ #define GC_OK 0 /* Retrieve OK */ #define RET_OK 0 /* Retrieve OK */ #define GC_TKFIL 21 /* Can't read ticket file */ #define RET_TKFIL 21 /* Can't read ticket file */ #define GC_NOTKT 22 /* Can't find ticket or TGT */ #define RET_NOTKT 22 /* Can't find ticket or TGT */ /* Values returned by mk_ap_req */ #define MK_AP_OK 0 /* Success */ #define MK_AP_TGTEXP 26 /* TGT Expired */ /* Values returned by rd_ap_req */ #define RD_AP_OK 0 /* Request authentic */ #define RD_AP_UNDEC 31 /* Can't decode authenticator */ #define RD_AP_EXP 32 /* Ticket expired */ #define RD_AP_NYV 33 /* Ticket not yet valid */ #define RD_AP_REPEAT 34 /* Repeated request */ #define RD_AP_NOT_US 35 /* The ticket isn't for us */ #define RD_AP_INCON 36 /* Request is inconsistent */ #define RD_AP_TIME 37 /* delta_t too big */ #define RD_AP_BADD 38 /* Incorrect net address */ #define RD_AP_VERSION 39 /* protocol version mismatch */ #define RD_AP_MSG_TYPE 40 /* invalid msg type */ #define RD_AP_MODIFIED 41 /* message stream modified */ #define RD_AP_ORDER 42 /* message out of order */ #define RD_AP_UNAUTHOR 43 /* unauthorized request */ /* Values returned by get_pw_tkt */ #define GT_PW_OK 0 /* Got password changing tkt */ #define GT_PW_NULL 51 /* Current PW is null */ #define GT_PW_BADPW 52 /* Incorrect current password */ #define GT_PW_PROT 53 /* Protocol Error */ #define GT_PW_KDCERR 54 /* Error returned by KDC */ #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ /* Values returned by send_to_kdc */ #define SKDC_OK 0 /* Response received */ #define SKDC_RETRY 56 /* Retry count exceeded */ #define SKDC_CANT 57 /* Can't send request */ /* * Values returned by get_intkt * (can also return SKDC_* and KDC errors) */ #define INTK_OK 0 /* Ticket obtained */ #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ #define INTK_BADPW 62 /* Incorrect password */ #define INTK_PROT 63 /* Protocol Error */ #define INTK_ERR 70 /* Other error */ /* Values returned by get_adtkt */ #define AD_OK 0 /* Ticket Obtained */ #define AD_NOTGT 71 /* Don't have tgt */ #define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ /* Error codes returned by ticket file utilities */ #define NO_TKT_FIL 76 /* No ticket file found */ #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ #define TKT_FIL_FMT 79 /* Bad ticket file format */ #define TKT_FIL_INI 80 /* tf_init not called first */ /* Error code returned by kparse_name */ #define KNAME_FMT 81 /* Bad Kerberos name format */ /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ /* Defines for krb_sendauth and krb_recvauth */ #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ #define KOPT_DONT_CANON 0x00000004 /* * don't canonicalize inst as * a hostname */ #define KOPT_IGNORE_PROTOCOL 0x0008 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ /* flags for krb_verify_user() */ #define KRB_VERIFY_NOT_SECURE 0 #define KRB_VERIFY_SECURE 1 #define KRB_VERIFY_SECURE_FAIL 2 extern char *krb4_version; typedef int (*key_proc_t) __P((const char *name, char *instance, /* INOUT parameter */ const char *realm, const void *password, des_cblock *key)); typedef int (*decrypt_proc_t) __P((const char *name, const char *instance, const char *realm, const void *arg, key_proc_t, KTEXT *)); #include "krb-protos.h" __END_DECLS #endif /* __KRB_H__ */ cyrus-sasl-2.1.25/mac/kerberos_includes/error_table.h0000777000076400007640000000113507403027615017565 00000000000000/* * Copyright (c) 1991, by Sun Microsystems, Inc. */ #ifndef _KERBEROS_ERROR_TABLE_H #define _KERBEROS_ERROR_TABLE_H #pragma ident "@(#)error_table.h 1.4 93/08/30 SMI" #ifdef __cplusplus extern "C" { #endif typedef struct { char **msgs; int base; int n_msgs; } error_table; extern error_table **_et_list; #define ERROR_CODE "int" /* type used for error codes */ #define ERRCODE_RANGE 8 /* # of bits to shift table number */ #define BITS_PER_CHAR 6 /* # bits to shift per character in name */ extern char *error_table_name(); #ifdef __cplusplus } #endif #endif /* _KERBEROS_ERROR_TABLE_H */ cyrus-sasl-2.1.25/mac/krb4_sources/0000777000076400007640000000000011632367343014100 500000000000000cyrus-sasl-2.1.25/mac/krb4_sources/mk_safe.c0000777000076400007640000001076507403027620015575 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "sasl_mac_krb_locl.h" RCSID("$Id: mk_safe.c,v 1.2 2001/12/04 02:06:08 rjs3 Exp $"); /* application include files */ #include "krb-archaeology.h" /* from rd_safe.c */ extern int dqc_type; void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int); /* * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some * user data "in" of "length" bytes and creates a packet in "out" * consisting of the user data, a timestamp, and the sender's network * address, followed by a checksum computed on the above, using the * given "key". The length of the resulting packet is returned. * * The "out" packet consists of: * * Size Variable Field * ---- -------- ----- * * 1 byte KRB_PROT_VERSION protocol version number * 1 byte AUTH_MSG_SAFE | message type plus local * HOST_BYTE_ORDER byte order in low bit * * ===================== begin checksum ================================ * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds * 4 bytes sender->sin.addr.s_addr sender's IP address * * 4 bytes msg_time_sec or timestamp seconds with * -msg_time_sec direction in sign bit * * ======================= end checksum ================================ * * 16 bytes big_cksum quadratic checksum of * above using "key" */ int32_t krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver) { unsigned char * p = (unsigned char*)out; struct timeval tv; unsigned char *start; u_int32_t src_addr; p += krb_put_int(KRB_PROT_VERSION, p, 1, 1); p += krb_put_int(AUTH_MSG_SAFE, p, 1, 1); start = p; p += krb_put_int(length, p, 4, 4); memcpy(p, in, length); p += length; krb_kdctimeofday(&tv); *p++ = tv.tv_usec/5000; /* 5ms */ src_addr = sender->sin_addr.s_addr; p += krb_put_address(src_addr, p, 4); p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4); { /* We are faking big endian mode, so we need to fix the * checksum (that is byte order dependent). We always send a * checksum of the new type, unless we know that we are * talking to an old client (this requires a call to * krb_rd_safe first). */ unsigned char new_checksum[16]; unsigned char old_checksum[16]; fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0); if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || dqc_type == DES_QUAD_OLD) memcpy(p, old_checksum, 16); else memcpy(p, new_checksum, 16); } p += 16; return p - (unsigned char*)out; } cyrus-sasl-2.1.25/mac/krb4_sources/krb-archaeology.h0000777000076400007640000001175407403027620017245 00000000000000/* * $Id: krb-archaeology.h,v 1.2 2001/12/04 02:06:08 rjs3 Exp $ * * Most of the cruft in this file is probably: * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file * . */ #ifndef __KRB_ARCHAEOLOGY_H__ #define __KRB_ARCHAEOLOGY_H__ /* Compare x and y in VAX byte order, result is -1, 0 or 1. */ #define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y)) #define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y)) int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y); int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y); u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst); /* Macro's to obtain various fields from a packet */ #define pkt_version(packet) (unsigned int) *(packet->dat) #define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) #define pkt_a_name(packet) (packet->dat+2) #define pkt_a_inst(packet) \ (packet->dat+3+strlen((char *)pkt_a_name(packet))) #define pkt_a_realm(packet) \ (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) /* Macro to obtain realm from application request */ #define apreq_realm(auth) (auth->dat + 3) #define pkt_time_ws(packet) (char *) \ (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) #define pkt_no_req(packet) (unsigned short) \ *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) #define pkt_x_date(packet) (char *) \ (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) #define xxx_pkt_err_code(packet) ( (char *) \ (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet)))) #define pkt_err_text(packet) \ (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ strlen((char *)pkt_a_inst(packet)) + \ strlen((char *)pkt_a_realm(packet))) /* * macros for byte swapping; also scratch space * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 * u_int16_t 0-->1, 1-->0 */ #define swap_u_16(x) {\ u_int32_t _krb_swap_tmp[4];\ swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ memcpy(x, _krb_swap_tmp, 16);\ } #define swap_u_12(x) {\ u_int32_t _krb_swap_tmp[4];\ swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ memcpy(x, _krb_swap_tmp, 12);\ } #define swap_C_Block(x) {\ u_int32_t _krb_swap_tmp[4];\ swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ memcpy(x, _krb_swap_tmp, 8);\ } #define swap_u_quad(x) {\ u_int32_t _krb_swap_tmp[4];\ swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ memcpy(x, _krb_swap_tmp, 8);\ } #define swap_u_long(x) {\ u_int32_t _krb_swap_tmp[4];\ swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ x = _krb_swap_tmp[0]; \ } #define swap_u_short(x) {\ u_int16_t _krb_swap_sh_tmp; \ swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ x = (u_int16_t) _krb_swap_sh_tmp; \ } /* Kerberos ticket flag field bit definitions */ #define K_FLAG_ORDER 0 /* bit 0 --> lsb */ #define K_FLAG_1 /* reserved */ #define K_FLAG_2 /* reserved */ #define K_FLAG_3 /* reserved */ #define K_FLAG_4 /* reserved */ #define K_FLAG_5 /* reserved */ #define K_FLAG_6 /* reserved */ #define K_FLAG_7 /* reserved, bit 7 --> msb */ #endif /* __KRB_ARCHAEOLOGY_H__ */ cyrus-sasl-2.1.25/mac/krb4_sources/krb-protos.h0000777000076400007640000003314707403027620016276 00000000000000/* * Copyright (c) 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: krb-protos.h,v 1.2 2001/12/04 02:06:08 rjs3 Exp $ */ #ifndef __krb_protos_h__ #define __krb_protos_h__ #if defined (__STDC__) || defined (_MSC_VER) #include #ifndef __P #define __P(x) x #endif #else #ifndef __P #define __P(x) () #endif #endif #ifdef __STDC__ struct in_addr; struct sockaddr_in; struct timeval; #endif #ifndef KRB_LIB_FUNCTION #if defined(__BORLANDC__) #define KRB_LIB_FUNCTION /* not-ready-definition-yet */ #elif defined(_MSC_VER) #define KRB_LIB_FUNCTION /* not-ready-definition-yet2 */ #else #define KRB_LIB_FUNCTION #endif #endif void KRB_LIB_FUNCTION afs_string_to_key __P(( char *str, char *cell, des_cblock *key)); int KRB_LIB_FUNCTION create_ciph __P(( KTEXT c, unsigned char *session, char *service, char *instance, char *realm, u_int32_t life, int kvno, KTEXT tkt, u_int32_t kdc_time, des_cblock *key)); int KRB_LIB_FUNCTION cr_err_reply __P(( KTEXT pkt, char *pname, char *pinst, char *prealm, u_int32_t time_ws, u_int32_t e, char *e_string)); int KRB_LIB_FUNCTION decomp_ticket __P(( KTEXT tkt, unsigned char *flags, char *pname, char *pinstance, char *prealm, u_int32_t *paddress, unsigned char *session, int *life, u_int32_t *time_sec, char *sname, char *sinstance, des_cblock *key, des_key_schedule schedule)); int KRB_LIB_FUNCTION dest_tkt __P((void)); int KRB_LIB_FUNCTION get_ad_tkt __P(( char *service, char *sinstance, char *realm, int lifetime)); int KRB_LIB_FUNCTION getst __P(( int fd, char *s, int n)); int KRB_LIB_FUNCTION in_tkt __P(( char *pname, char *pinst)); int KRB_LIB_FUNCTION k_get_all_addrs __P((struct in_addr **l)); int KRB_LIB_FUNCTION k_gethostname __P(( char *name, int namelen)); int KRB_LIB_FUNCTION k_getportbyname __P(( const char *service, const char *proto, int default_port)); int KRB_LIB_FUNCTION k_getsockinst __P(( int fd, char *inst, size_t inst_size)); int KRB_LIB_FUNCTION k_isinst __P((char *s)); int KRB_LIB_FUNCTION k_isname __P((char *s)); int KRB_LIB_FUNCTION k_isrealm __P((char *s)); struct tm * KRB_LIB_FUNCTION k_localtime __P((u_int32_t *tp)); int KRB_LIB_FUNCTION kname_parse __P(( char *np, char *ip, char *rp, char *fullname)); int KRB_LIB_FUNCTION krb_atime_to_life __P((char *atime)); int KRB_LIB_FUNCTION krb_check_auth __P(( KTEXT packet, u_int32_t checksum, MSG_DAT *msg_data, des_cblock *session, struct des_ks_struct *schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr)); int KRB_LIB_FUNCTION krb_check_tm __P((struct tm tm)); KTEXT KRB_LIB_FUNCTION krb_create_death_packet __P((char *a_name)); int KRB_LIB_FUNCTION krb_create_ticket __P(( KTEXT tkt, unsigned char flags, char *pname, char *pinstance, char *prealm, int32_t paddress, void *session, int16_t life, int32_t time_sec, char *sname, char *sinstance, des_cblock *key)); int KRB_LIB_FUNCTION krb_decode_as_rep __P(( char *user, char *instance, char *realm, char *service, char *sinstance, key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg, KTEXT as_rep, CREDENTIALS *cred)); int KRB_LIB_FUNCTION krb_enable_debug __P((void)); int KRB_LIB_FUNCTION krb_equiv __P(( u_int32_t a, u_int32_t b)); int KRB_LIB_FUNCTION krb_get_address __P(( void *from, u_int32_t *to)); int KRB_LIB_FUNCTION krb_get_admhst __P(( char *host, char *realm, int nth)); int KRB_LIB_FUNCTION krb_get_config_bool __P((const char *variable)); const char * KRB_LIB_FUNCTION krb_get_config_string __P((const char *variable)); int KRB_LIB_FUNCTION krb_get_cred __P(( char *service, char *instance, char *realm, CREDENTIALS *c)); int KRB_LIB_FUNCTION krb_get_default_principal __P(( char *name, char *instance, char *realm)); char * KRB_LIB_FUNCTION krb_get_default_realm __P((void)); const char * KRB_LIB_FUNCTION krb_get_err_text __P((int code)); struct krb_host* KRB_LIB_FUNCTION krb_get_host __P(( int nth, char *realm, int admin)); int KRB_LIB_FUNCTION krb_get_in_tkt __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg)); int KRB_LIB_FUNCTION krb_get_int __P(( void *f, u_int32_t *to, int size, int lsb)); int KRB_LIB_FUNCTION krb_get_kdc_time_diff __P((void)); int KRB_LIB_FUNCTION krb_get_krbconf __P(( int num, char *buf, size_t len)); int KRB_LIB_FUNCTION krb_get_krbextra __P(( int num, char *buf, size_t len)); int KRB_LIB_FUNCTION krb_get_krbhst __P(( char *host, char *realm, int nth)); int KRB_LIB_FUNCTION krb_get_krbrealms __P(( int num, char *buf, size_t len)); int KRB_LIB_FUNCTION krb_get_lrealm __P(( char *r, int n)); int KRB_LIB_FUNCTION krb_get_nir __P(( void *from, char *name, char *instance, char *realm)); char * KRB_LIB_FUNCTION krb_get_phost __P((const char *alias)); int KRB_LIB_FUNCTION krb_get_pw_in_tkt __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *password)); int KRB_LIB_FUNCTION krb_get_pw_in_tkt2 __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *password, des_cblock *key)); int KRB_LIB_FUNCTION krb_get_string __P(( void *from, char *to, size_t to_size)); int KRB_LIB_FUNCTION krb_get_svc_in_tkt __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *srvtab)); int KRB_LIB_FUNCTION krb_get_tf_fullname __P(( char *ticket_file, char *name, char *instance, char *realm)); int KRB_LIB_FUNCTION krb_get_tf_realm __P(( char *ticket_file, char *realm)); void KRB_LIB_FUNCTION krb_kdctimeofday __P((struct timeval *tv)); int KRB_LIB_FUNCTION krb_kntoln __P(( AUTH_DAT *ad, char *lname)); int KRB_LIB_FUNCTION krb_kuserok __P(( char *name, char *instance, char *realm, char *luser)); char * KRB_LIB_FUNCTION krb_life_to_atime __P((int life)); u_int32_t KRB_LIB_FUNCTION krb_life_to_time __P(( u_int32_t start, int life_)); int KRB_LIB_FUNCTION krb_lsb_antinet_ulong_cmp __P(( u_int32_t x, u_int32_t y)); int KRB_LIB_FUNCTION krb_lsb_antinet_ushort_cmp __P(( u_int16_t x, u_int16_t y)); int KRB_LIB_FUNCTION krb_mk_as_req __P(( char *user, char *instance, char *realm, char *service, char *sinstance, int life, KTEXT cip)); int KRB_LIB_FUNCTION krb_mk_auth __P(( int32_t options, KTEXT ticket, char *service, char *instance, char *realm, u_int32_t checksum, char *version, KTEXT buf)); int32_t KRB_LIB_FUNCTION krb_mk_err __P(( u_char *p, int32_t e, char *e_string)); int32_t KRB_LIB_FUNCTION krb_mk_priv __P(( void *in, void *out, u_int32_t length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver)); int KRB_LIB_FUNCTION krb_mk_req __P(( KTEXT authent, char *service, char *instance, char *realm, int32_t checksum)); int32_t KRB_LIB_FUNCTION krb_mk_safe __P(( void *in, void *out, u_int32_t length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver)); int KRB_LIB_FUNCTION krb_net_read __P(( int fd, void *v, size_t len)); int KRB_LIB_FUNCTION krb_net_write __P(( int fd, const void *v, size_t len)); int KRB_LIB_FUNCTION krb_parse_name __P(( const char *fullname, krb_principal *principal)); int KRB_LIB_FUNCTION krb_put_address __P(( u_int32_t addr, void *to, size_t rem)); int KRB_LIB_FUNCTION krb_put_int __P(( u_int32_t from, void *to, size_t rem, int size)); int KRB_LIB_FUNCTION krb_put_nir __P(( char *name, char *instance, char *realm, void *to, size_t rem)); int KRB_LIB_FUNCTION krb_put_string __P(( char *from, void *to, size_t rem)); int KRB_LIB_FUNCTION krb_rd_err __P(( u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data)); int32_t KRB_LIB_FUNCTION krb_rd_priv __P(( void *in, u_int32_t in_length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data)); int KRB_LIB_FUNCTION krb_rd_req __P(( KTEXT authent, char *service, char *instance, int32_t from_addr, AUTH_DAT *ad, char *fn)); int32_t KRB_LIB_FUNCTION krb_rd_safe __P(( void *in, u_int32_t in_length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data)); int KRB_LIB_FUNCTION krb_realm_parse __P(( char *realm, int length)); char * KRB_LIB_FUNCTION krb_realmofhost __P((const char *host)); int KRB_LIB_FUNCTION krb_recvauth __P(( int32_t options, int fd, KTEXT ticket, char *service, char *instance, struct sockaddr_in *faddr, struct sockaddr_in *laddr, AUTH_DAT *kdata, char *filename, struct des_ks_struct *schedule, char *version)); int KRB_LIB_FUNCTION krb_sendauth __P(( int32_t options, int fd, KTEXT ticket, char *service, char *instance, char *realm, u_int32_t checksum, MSG_DAT *msg_data, CREDENTIALS *cred, struct des_ks_struct *schedule, struct sockaddr_in *laddr, struct sockaddr_in *faddr, char *version)); void KRB_LIB_FUNCTION krb_set_kdc_time_diff __P((int diff)); int KRB_LIB_FUNCTION krb_set_key __P(( void *key, int cvt)); int KRB_LIB_FUNCTION krb_set_lifetime __P((int newval)); void KRB_LIB_FUNCTION krb_set_tkt_string __P((const char *val)); const char * KRB_LIB_FUNCTION krb_stime __P((time_t *t)); int KRB_LIB_FUNCTION krb_time_to_life __P(( u_int32_t start, u_int32_t end)); char * KRB_LIB_FUNCTION krb_unparse_name __P((krb_principal *pr)); char * KRB_LIB_FUNCTION krb_unparse_name_long __P(( char *name, char *instance, char *realm)); char * KRB_LIB_FUNCTION krb_unparse_name_long_r __P(( char *name, char *instance, char *realm, char *fullname)); char * KRB_LIB_FUNCTION krb_unparse_name_r __P(( krb_principal *pr, char *fullname)); int KRB_LIB_FUNCTION krb_use_admin_server __P((int flag)); int KRB_LIB_FUNCTION krb_verify_user __P(( char *name, char *instance, char *realm, char *password, int secure, char *linstance)); int KRB_LIB_FUNCTION krb_verify_user_srvtab __P(( char *name, char *instance, char *realm, char *password, int secure, char *linstance, char *srvtab)); int KRB_LIB_FUNCTION kuserok __P(( AUTH_DAT *auth, char *luser)); u_int32_t KRB_LIB_FUNCTION lsb_time __P(( time_t t, struct sockaddr_in *src, struct sockaddr_in *dst)); const char * KRB_LIB_FUNCTION month_sname __P((int n)); int KRB_LIB_FUNCTION passwd_to_5key __P(( char *user, char *instance, char *realm, void *passwd, des_cblock *key)); int KRB_LIB_FUNCTION passwd_to_afskey __P(( char *user, char *instance, char *realm, void *passwd, des_cblock *key)); int KRB_LIB_FUNCTION passwd_to_key __P(( char *user, char *instance, char *realm, void *passwd, des_cblock *key)); int KRB_LIB_FUNCTION read_service_key __P(( char *service, char *instance, char *realm, int kvno, char *file, char *key)); int KRB_LIB_FUNCTION save_credentials __P(( char *service, char *instance, char *realm, unsigned char *session, int lifetime, int kvno, KTEXT ticket, int32_t issue_date)); int KRB_LIB_FUNCTION send_to_kdc __P(( KTEXT pkt, KTEXT rpkt, char *realm)); int KRB_LIB_FUNCTION srvtab_to_key __P(( char *user, char *instance, char *realm, void *srvtab, des_cblock *key)); void KRB_LIB_FUNCTION tf_close __P((void)); int KRB_LIB_FUNCTION tf_create __P((char *tf_name)); int KRB_LIB_FUNCTION tf_get_cred __P((CREDENTIALS *c)); int KRB_LIB_FUNCTION tf_get_pinst __P((char *inst)); int KRB_LIB_FUNCTION tf_get_pname __P((char *p)); int KRB_LIB_FUNCTION tf_init __P(( char *tf_name, int rw)); int KRB_LIB_FUNCTION tf_put_pinst __P((char *inst)); int KRB_LIB_FUNCTION tf_put_pname __P((char *p)); int KRB_LIB_FUNCTION tf_save_cred __P(( char *service, char *instance, char *realm, unsigned char *session, int lifetime, int kvno, KTEXT ticket, u_int32_t issue_date)); int KRB_LIB_FUNCTION tf_setup __P(( CREDENTIALS *cred, char *pname, char *pinst)); char * KRB_LIB_FUNCTION tkt_string __P((void)); #endif /* __krb_protos_h__ */ cyrus-sasl-2.1.25/mac/krb4_sources/rw.c0000777000076400007640000001006407403027621014611 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* Almost all programs use these routines (implicitly) so it's a good * place to put the version string. */ #ifdef RUBBISH #include "version.h" #endif #include "sasl_mac_krb_locl.h" RCSID("$Id: rw.c,v 1.2 2001/12/04 02:06:09 rjs3 Exp $"); int krb_get_int(void *f, u_int32_t *to, int size, int lsb) { int i; unsigned char *from = (unsigned char *)f; *to = 0; if(lsb){ for(i = size-1; i >= 0; i--) *to = (*to << 8) | from[i]; }else{ for(i = 0; i < size; i++) *to = (*to << 8) | from[i]; } return size; } int krb_put_int(u_int32_t from, void *to, size_t rem, int size) { int i; unsigned char *p = (unsigned char *)to; if (rem < size) return -1; for(i = size - 1; i >= 0; i--){ p[i] = from & 0xff; from >>= 8; } return size; } /* addresses are always sent in network byte order */ int krb_get_address(void *from, u_int32_t *to) { unsigned char *p = (unsigned char*)from; *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); return 4; } int krb_put_address(u_int32_t addr, void *to, size_t rem) { return krb_put_int(ntohl(addr), to, rem, 4); } int krb_put_string(const char *from, void *to, size_t rem) { size_t len = strlen(from) + 1; if (rem < len) return -1; memcpy(to, from, len); return len; } int krb_get_string(void *from, char *to, size_t to_size) { strcpy_truncate (to, (char *)from, to_size); return strlen((char *)from) + 1; } int krb_get_nir(void *from, char *name, char *instance, char *realm) { char *p = (char *)from; p += krb_get_string(p, name, ANAME_SZ); p += krb_get_string(p, instance, INST_SZ); if(realm) p += krb_get_string(p, realm, REALM_SZ); return p - (char *)from; } int krb_put_nir(const char *name,const char *instance,const char *realm, void *to, size_t rem) { char *p = (char *)to; int tmp; tmp = krb_put_string(name, p, rem); if (tmp < 0) return tmp; p += tmp; rem -= tmp; tmp = krb_put_string(instance, p, rem); if (tmp < 0) return tmp; p += tmp; rem -= tmp; if (realm) { tmp = krb_put_string(realm, p, rem); if (tmp < 0) return tmp; p += tmp; rem -= tmp; } return p - (char *)to; } cyrus-sasl-2.1.25/mac/krb4_sources/rd_priv.c0000777000076400007640000001064007403027621015626 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "sasl_mac_krb_locl.h" RCSID("$Id: rd_priv.c,v 1.2 2001/12/04 02:06:09 rjs3 Exp $"); /* application include files */ #include "krb-archaeology.h" /* * krb_rd_priv() decrypts and checks the integrity of an * AUTH_MSG_PRIVATE message. Given the message received, "in", * the length of that message, "in_length", the key "schedule" * and "key", and the network addresses of the * "sender" and "receiver" of the message, krb_rd_safe() returns * RD_AP_OK if the message is okay, otherwise some error code. * * The message data retrieved from "in" are returned in the structure * "m_data". The pointer to the application data * (m_data->app_data) refers back to the appropriate place in "in". * * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE * message. The structure containing the extracted message * information, MSG_DAT, is defined in "krb.h". */ int32_t krb_rd_priv(void *in, u_int32_t in_length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data) { unsigned char *p = (unsigned char*)in; int little_endian; u_int32_t clen; struct timeval tv; u_int32_t src_addr; int delta_t; unsigned char pvno, type; pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; type = *p++; little_endian = type & 1; type &= ~1; p += krb_get_int(p, &clen, 4, little_endian); if(clen + 2 > in_length) return RD_AP_MODIFIED; des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, schedule, key, DES_DECRYPT); p += krb_get_int(p, &m_data->app_length, 4, little_endian); if(m_data->app_length + 17 > in_length) return RD_AP_MODIFIED; m_data->app_data = p; p += m_data->app_length; m_data->time_5ms = *p++; p += krb_get_address(p, &src_addr); if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) return RD_AP_BADD; p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); gettimeofday(&tv, NULL); /* check the time integrity of the msg */ delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); if (delta_t > CLOCK_SKEW) return RD_AP_TIME; if (krb_debug) krb_warning("delta_t = %d\n", (int) delta_t); /* * caller must check timestamps for proper order and * replays, since server might have multiple clients * each with its own timestamps and we don't assume * tightly synchronized clocks. */ return KSUCCESS; } cyrus-sasl-2.1.25/mac/krb4_sources/rd_safe.c0000777000076400007640000001352307403027621015567 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "sasl_mac_krb_locl.h" RCSID("$Id: rd_safe.c,v 1.2 2001/12/04 02:06:09 rjs3 Exp $"); /* application include files */ #include "krb-archaeology.h" /* Generate two checksums in the given byteorder of the data, one * new-form and one old-form. It has to be done this way to be * compatible with the old version of des_quad_cksum. */ /* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */ int dqc_type = DES_QUAD_DEFAULT; void fixup_quad_cksum(void *start, size_t len, des_cblock *key, void *new_checksum, void *old_checksum, int little) { des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); if(HOST_BYTE_ORDER){ if(little){ memcpy(old_checksum, new_checksum, 16); }else{ u_int32_t *tmp = (u_int32_t*)new_checksum; memcpy(old_checksum, new_checksum, 16); swap_u_16(old_checksum); swap_u_long(tmp[0]); swap_u_long(tmp[1]); swap_u_long(tmp[2]); swap_u_long(tmp[3]); } }else{ if(little){ u_int32_t *tmp = (u_int32_t*)new_checksum; swap_u_long(tmp[0]); swap_u_long(tmp[1]); swap_u_long(tmp[2]); swap_u_long(tmp[3]); memcpy(old_checksum, new_checksum, 16); }else{ u_int32_t tmp[4]; tmp[0] = ((u_int32_t*)new_checksum)[3]; tmp[1] = ((u_int32_t*)new_checksum)[2]; tmp[2] = ((u_int32_t*)new_checksum)[1]; tmp[3] = ((u_int32_t*)new_checksum)[0]; memcpy(old_checksum, tmp, 16); } } } /* * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. * Given the message received, "in", the length of that message, * "in_length", the "key" to compute the checksum with, and the * network addresses of the "sender" and "receiver" of the message, * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise * some error code. * * The message data retrieved from "in" is returned in the structure * "m_data". The pointer to the application data (m_data->app_data) * refers back to the appropriate place in "in". * * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE * message. The structure containing the extracted message * information, MSG_DAT, is defined in "krb.h". */ int32_t krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver, MSG_DAT *m_data) { unsigned char *p = (unsigned char*)in, *start; unsigned char pvno, type; int little_endian; struct timeval tv; u_int32_t src_addr; int delta_t; pvno = *p++; if(pvno != KRB_PROT_VERSION) return RD_AP_VERSION; type = *p++; little_endian = type & 1; type &= ~1; if(type != AUTH_MSG_SAFE) return RD_AP_MSG_TYPE; start = p; p += krb_get_int(p, &m_data->app_length, 4, little_endian); if(m_data->app_length + 31 > in_length) return RD_AP_MODIFIED; m_data->app_data = p; p += m_data->app_length; m_data->time_5ms = *p++; p += krb_get_address(p, &src_addr); if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) return RD_AP_BADD; p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); gettimeofday(&tv, NULL); delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); if (delta_t > CLOCK_SKEW) return RD_AP_TIME; /* * caller must check timestamps for proper order and replays, since * server might have multiple clients each with its own timestamps * and we don't assume tightly synchronized clocks. */ { unsigned char new_checksum[16]; unsigned char old_checksum[16]; fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, little_endian); if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && memcmp(new_checksum, p, 16) == 0) dqc_type = DES_QUAD_NEW; else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && memcmp(old_checksum, p, 16) == 0) dqc_type = DES_QUAD_OLD; else return RD_AP_MODIFIED; } return KSUCCESS; } cyrus-sasl-2.1.25/mac/krb4_sources/mk_auth.c0000777000076400007640000000664507403027620015622 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "krb_locl.h" RCSID("$Id: mk_auth.c,v 1.2 2001/12/04 02:06:08 rjs3 Exp $"); /* * Generate an authenticator for service.instance@realm. * instance is canonicalized by `krb_get_phost' * realm is set to the local realm if realm == NULL * The ticket acquired by `krb_mk_req' is returned in `ticket' and the * authenticator in `buf'. * Options control the behaviour (see krb_sendauth). */ int krb_mk_auth(int32_t options, KTEXT ticket, char *service, char *instance, char *realm, u_int32_t checksum, char *version, KTEXT buf) { char realinst[INST_SZ]; char realrealm[REALM_SZ]; int ret; char *tmp; if (options & KOPT_DONT_CANON) tmp = instance; else tmp = krb_get_phost (instance); strlcpy(realinst, tmp, sizeof(realinst)); if (realm == NULL) { ret = krb_get_lrealm (realrealm, 1); if (ret != KSUCCESS) return ret; realm = realrealm; } if(!(options & KOPT_DONT_MK_REQ)) { ret = krb_mk_req (ticket, service, realinst, realm, checksum); if (ret != KSUCCESS) return ret; } { int tmp; size_t rem = sizeof(buf->dat); unsigned char *p = buf->dat; p = buf->dat; if (rem < 2 * KRB_SENDAUTH_VLEN) return KFAILURE; memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); p += KRB_SENDAUTH_VLEN; rem -= KRB_SENDAUTH_VLEN; memcpy (p, version, KRB_SENDAUTH_VLEN); p += KRB_SENDAUTH_VLEN; rem -= KRB_SENDAUTH_VLEN; tmp = krb_put_int(ticket->length, p, rem, 4); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; if (rem < ticket->length) return KFAILURE; memcpy(p, ticket->dat, ticket->length); p += ticket->length; rem -= ticket->length; buf->length = p - buf->dat; } return KSUCCESS; } cyrus-sasl-2.1.25/mac/krb4_sources/lsb_addr_comp.c0000777000076400007640000001074207403027620016753 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "sasl_mac_krb_locl.h" RCSID("$Id: lsb_addr_comp.c,v 1.2 2001/12/04 02:06:08 rjs3 Exp $"); #include "krb-archaeology.h" int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y) { int i; u_int32_t a = 0, b = 0; u_int8_t *p = (u_int8_t*) &x; u_int8_t *q = (u_int8_t*) &y; for(i = sizeof(u_int32_t) - 1; i >= 0; i--){ a = (a << 8) | p[i]; b = (b << 8) | q[i]; } if(a > b) return 1; if(a < b) return -1; return 0; } int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y) { int i; u_int16_t a = 0, b = 0; u_int8_t *p = (u_int8_t*) &x; u_int8_t *q = (u_int8_t*) &y; for(i = sizeof(u_int16_t) - 1; i >= 0; i--){ a = (a << 8) | p[i]; b = (b << 8) | q[i]; } if(a > b) return 1; if(a < b) return -1; return 0; } u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) { int dir = 1; const char *fw; /* * direction bit is the sign bit of the timestamp. Ok until * 2038?? */ if(krb_debug) { krb_warning("lsb_time: src = %s:%u\n", inet_ntoa(src->sin_addr.s_addr), ntohs(src->sin_port)); krb_warning("lsb_time: dst = %s:%u\n", inet_ntoa(dst->sin_addr.s_addr), ntohs(dst->sin_port)); } /* For compatibility with broken old code, compares are done in VAX byte order (LSBFIRST) */ if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ dst->sin_addr.s_addr) < 0) dir = -1; else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, dst->sin_addr.s_addr)==0) if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0) dir = -1; /* * all that for one tiny bit! Heaven help those that talk to * themselves. */ if(krb_get_config_bool("reverse_lsb_test")) { if(krb_debug) krb_warning("lsb_time: reversing direction: %d -> %d\n", dir, -dir); dir = -dir; } #ifdef RUBBISH else if((fw = krb_get_config_string("firewall_address"))) { struct in_addr fw_addr; fw_addr.sin_addr.s_addr = inet_addr(fw); if(fw_addr.s_addr != INADDR_NONE) { int s_lt_d, d_lt_f; krb_warning("lsb_time: fw = %s\n", inet_ntoa(fw_addr)); /* negate if src < dst < fw || fw < dst < src */ s_lt_d = (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, dst->sin_addr.s_addr) == -1); d_lt_f = (krb_lsb_antinet_ulong_less(fw_addr.s_addr, dst->sin_addr.s_addr) == 1); if((s_lt_d ^ d_lt_f) == 0) { if(krb_debug) krb_warning("lsb_time: reversing direction: %d -> %d\n", dir, -dir); dir = -dir; } } } #endif t = t * dir; t = t & 0xffffffff; return t; } cyrus-sasl-2.1.25/mac/krb4_sources/krb.h0000777000076400007640000002404007403027620014742 00000000000000/* * $Id: krb.h,v 1.2 2001/12/04 02:06:08 rjs3 Exp $ * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * Include file for the Kerberos library. */ #if !defined (__STDC__) && !defined(_MSC_VER) #define const #define signed #endif #include #include #ifndef __KRB_H__ #define __KRB_H__ /* XXX */ #ifndef __BEGIN_DECLS #if defined(__cplusplus) #define __BEGIN_DECLS extern "C" { #define __END_DECLS }; #else #define __BEGIN_DECLS #define __END_DECLS #endif #endif #if defined (__STDC__) || defined (_MSC_VER) #ifndef __P #define __P(x) x #endif #else #ifndef __P #define __P(x) () #endif #endif __BEGIN_DECLS /* Need some defs from des.h */ #if !defined(NOPROTO) && !defined(__STDC__) #define NOPROTO #endif #include /* CNS compatibility ahead! */ #ifndef KRB_INT32 #define KRB_INT32 int32_t #endif #ifndef KRB_UINT32 #define KRB_UINT32 u_int32_t #endif /* Global library variables. */ extern int krb_ignore_ip_address; /* To turn off IP address comparison */ extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ extern int krbONE; #define HOST_BYTE_ORDER (* (char *) &krbONE) /* Debug variables */ extern int krb_debug; extern int krb_ap_req_debug; extern int krb_dns_debug; /* Text describing error codes */ #define MAX_KRB_ERRORS 256 extern const char *krb_err_txt[MAX_KRB_ERRORS]; /* General definitions */ #define KSUCCESS 0 #define KFAILURE 255 /* * Kerberos specific definitions * * KRBLOG is the log file for the kerberos master server. KRB_CONF is * the configuration file where different host machines running master * and slave servers can be found. KRB_MASTER is the name of the * machine with the master database. The admin_server runs on this * machine, and all changes to the db (as opposed to read-only * requests, which can go to slaves) must go to it. KRB_HOST is the * default machine * when looking for a kerberos slave server. Other * possibilities are * in the KRB_CONF file. KRB_REALM is the name of * the realm. */ /* /etc/kerberosIV is only for backwards compatibility, don't use it! */ #ifndef KRB_CONF #define KRB_CONF "/etc/krb.conf" #endif #ifndef KRB_RLM_TRANS #define KRB_RLM_TRANS "/etc/krb.realms" #endif #ifndef KRB_CNF_FILES #define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0} #endif #ifndef KRB_RLM_FILES #define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0} #endif #ifndef KRB_EQUIV #define KRB_EQUIV "/etc/krb.equiv" #endif #define KRB_MASTER "kerberos" #ifndef KRB_REALM #define KRB_REALM (krb_get_default_realm()) #endif /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* Leave space for quoting */ #define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) #define KKEY_SZ 100 #define VERSION_SZ 1 #define MSG_TYPE_SZ 1 #define DATE_SZ 26 /* RTI date output */ #define MAX_HSTNM 100 /* for compatibility */ typedef struct krb_principal{ char name[ANAME_SZ]; char instance[INST_SZ]; char realm[REALM_SZ]; }krb_principal; #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ /* default lifetime for krb_mk_req & co., 10 hrs */ #define DEFAULT_TKT_LIFE 141 #endif #define KRB_TICKET_GRANTING_TICKET "krbtgt" /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { unsigned int length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ u_int32_t mbz; /* zero to catch runaway strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; /* Definitions for send_to_kdc */ #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ #define CLIENT_KRB_RETRY 5 /* retry this many times */ #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ /* Definitions for ticket file utilities */ #define R_TKT_FIL 0 #define W_TKT_FIL 1 /* Parameters for rd_ap_req */ /* Maximum alloable clock skew in seconds */ #define CLOCK_SKEW 5*60 /* Filename for readservkey */ #ifndef KEYFILE #define KEYFILE "/etc/srvtab" #endif /* Structure definition for rd_ap_req */ struct auth_dat { unsigned char k_flags; /* Flags from ticket */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* His Instance */ char prealm[REALM_SZ]; /* His Realm */ u_int32_t checksum; /* Data checksum (opt) */ des_cblock session; /* Session Key */ int life; /* Life of ticket */ u_int32_t time_sec; /* Time ticket issued */ u_int32_t address; /* Address in ticket */ KTEXT_ST reply; /* Auth reply (opt) */ }; typedef struct auth_dat AUTH_DAT; /* Structure definition for credentials returned by get_cred */ struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ des_cblock session; /* Session key */ int lifetime; /* Lifetime */ int kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ int32_t issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ u_int32_t app_length; /* length of appl data */ u_int32_t hash; /* hash to lookup replay */ int swap; /* swap bytes? */ int32_t time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; struct krb_host { char *realm; char *host; enum krb_host_proto { PROTO_UDP, PROTO_TCP, PROTO_HTTP } proto; int port; int admin; }; /* Location of ticket file for save_cred and get_cred */ #define TKT_FILE tkt_string() #define TKT_ROOT "/tmp/tkt" /* Error codes returned from the KDC */ #define KDC_OK 0 /* Request OK */ #define KDC_NAME_EXP 1 /* Principal expired */ #define KDC_SERVICE_EXP 2 /* Service expired */ #define KDC_AUTH_EXP 3 /* Auth expired */ #define KDC_PKT_VER 4 /* Protocol version unknown */ #define KDC_P_MKEY_VER 5 /* Wrong master key version */ #define KDC_S_MKEY_VER 6 /* Wrong master key version */ #define KDC_BYTE_ORDER 7 /* Byte order unknown */ #define KDC_PR_UNKNOWN 8 /* Principal unknown */ #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ #define KDC_NULL_KEY 10 /* Principal has null key */ #define KDC_GEN_ERR 20 /* Generic error from KDC */ /* Values returned by get_credentials */ #define GC_OK 0 /* Retrieve OK */ #define RET_OK 0 /* Retrieve OK */ #define GC_TKFIL 21 /* Can't read ticket file */ #define RET_TKFIL 21 /* Can't read ticket file */ #define GC_NOTKT 22 /* Can't find ticket or TGT */ #define RET_NOTKT 22 /* Can't find ticket or TGT */ /* Values returned by mk_ap_req */ #define MK_AP_OK 0 /* Success */ #define MK_AP_TGTEXP 26 /* TGT Expired */ /* Values returned by rd_ap_req */ #define RD_AP_OK 0 /* Request authentic */ #define RD_AP_UNDEC 31 /* Can't decode authenticator */ #define RD_AP_EXP 32 /* Ticket expired */ #define RD_AP_NYV 33 /* Ticket not yet valid */ #define RD_AP_REPEAT 34 /* Repeated request */ #define RD_AP_NOT_US 35 /* The ticket isn't for us */ #define RD_AP_INCON 36 /* Request is inconsistent */ #define RD_AP_TIME 37 /* delta_t too big */ #define RD_AP_BADD 38 /* Incorrect net address */ #define RD_AP_VERSION 39 /* protocol version mismatch */ #define RD_AP_MSG_TYPE 40 /* invalid msg type */ #define RD_AP_MODIFIED 41 /* message stream modified */ #define RD_AP_ORDER 42 /* message out of order */ #define RD_AP_UNAUTHOR 43 /* unauthorized request */ /* Values returned by get_pw_tkt */ #define GT_PW_OK 0 /* Got password changing tkt */ #define GT_PW_NULL 51 /* Current PW is null */ #define GT_PW_BADPW 52 /* Incorrect current password */ #define GT_PW_PROT 53 /* Protocol Error */ #define GT_PW_KDCERR 54 /* Error returned by KDC */ #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ /* Values returned by send_to_kdc */ #define SKDC_OK 0 /* Response received */ #define SKDC_RETRY 56 /* Retry count exceeded */ #define SKDC_CANT 57 /* Can't send request */ /* * Values returned by get_intkt * (can also return SKDC_* and KDC errors) */ #define INTK_OK 0 /* Ticket obtained */ #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ #define INTK_BADPW 62 /* Incorrect password */ #define INTK_PROT 63 /* Protocol Error */ #define INTK_ERR 70 /* Other error */ /* Values returned by get_adtkt */ #define AD_OK 0 /* Ticket Obtained */ #define AD_NOTGT 71 /* Don't have tgt */ #define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ /* Error codes returned by ticket file utilities */ #define NO_TKT_FIL 76 /* No ticket file found */ #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ #define TKT_FIL_FMT 79 /* Bad ticket file format */ #define TKT_FIL_INI 80 /* tf_init not called first */ /* Error code returned by kparse_name */ #define KNAME_FMT 81 /* Bad Kerberos name format */ /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ /* Defines for krb_sendauth and krb_recvauth */ #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ #define KOPT_DONT_CANON 0x00000004 /* * don't canonicalize inst as * a hostname */ #define KOPT_IGNORE_PROTOCOL 0x0008 #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ extern char *krb4_version; typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*)); typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*, key_proc_t, KTEXT*)); #include "krb-protos.h" __END_DECLS #endif /* __KRB_H__ */ cyrus-sasl-2.1.25/mac/krb4_sources/mk_priv.c0000777000076400007640000001002607403027620015625 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "sasl_mac_krb_locl.h" RCSID("$Id: mk_priv.c,v 1.2 2001/12/04 02:06:08 rjs3 Exp $"); /* application include files */ #include "krb-archaeology.h" /* * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes * some user data "in" of "length" bytes and creates a packet in "out" * consisting of the user data, a timestamp, and the sender's network * address. * The packet is encrypted by pcbc_encrypt(), using the given * "key" and "schedule". * The length of the resulting packet "out" is * returned. * * It is similar to krb_mk_safe() except for the additional key * schedule argument "schedule" and the fact that the data is encrypted * rather than appended with a checksum. The protocol version is * KRB_PROT_VERSION, defined in "krb.h". * * The "out" packet consists of: * * Size Variable Field * ---- -------- ----- * * 1 byte KRB_PROT_VERSION protocol version number * 1 byte AUTH_MSG_PRIVATE | message type plus local * HOST_BYTE_ORDER byte order in low bit * * 4 bytes c_length length of data * we encrypt from here with pcbc_encrypt * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds * 4 bytes sender->sin.addr.s_addr sender's IP address * * 4 bytes msg_time_sec or timestamp seconds with * -msg_time_sec direction in sign bit * * 0<=n<=7 bytes pad to 8 byte multiple zeroes */ int32_t krb_mk_priv(void *in, void *out, u_int32_t length, struct des_ks_struct *schedule, des_cblock *key, struct sockaddr_in *sender, struct sockaddr_in *receiver) { unsigned char *p = (unsigned char*)out; unsigned char *cipher; struct timeval tv; u_int32_t src_addr; u_int32_t len; p += krb_put_int(KRB_PROT_VERSION, p, 1, 1); p += krb_put_int(AUTH_MSG_PRIVATE, p, 1, 1); len = 4 + length + 1 + 4 + 4; len = (len + 7) & ~7; p += krb_put_int(len, p, 4, 4); cipher = p; p += krb_put_int(length, p, 4, 4); memcpy(p, in, length); p += length; krb_kdctimeofday(&tv); *p++ =tv.tv_usec / 5000; src_addr = sender->sin_addr.s_addr; p += krb_put_address(src_addr, p, 4); p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4, 4); memset(p, 0, 7); des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, len, schedule, key, DES_ENCRYPT); return (cipher - (unsigned char*)out) + len; } cyrus-sasl-2.1.25/mac/krb4_sources/mk_req.c0000777000076400007640000001702407403027620015441 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "sasl_mac_krb_locl.h" RCSID("$Id: mk_req.c,v 1.2 2001/12/04 02:06:08 rjs3 Exp $"); static int lifetime = 255; /* But no longer than TGT says. */ static int build_request(KTEXT req, char *name, char *inst, char *realm, u_int32_t checksum) { struct timeval tv; unsigned char *p = req->dat; int tmp; size_t rem = sizeof(req->dat); tmp = krb_put_nir(name, inst, realm, p, rem); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; tmp = krb_put_int(checksum, p, rem, 4); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; /* Fill in the times on the request id */ krb_kdctimeofday(&tv); if (rem < 1) return KFAILURE; *p++ = tv.tv_usec / 5000; /* 5ms */ --rem; tmp = krb_put_int(tv.tv_sec, p, rem, 4); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; /* Fill to a multiple of 8 bytes for DES */ req->length = ((p - req->dat + 7)/8) * 8; return 0; } /* * krb_mk_req takes a text structure in which an authenticator is to * be built, the name of a service, an instance, a realm, * and a checksum. It then retrieves a ticket for * the desired service and creates an authenticator in the text * structure passed as the first argument. krb_mk_req returns * KSUCCESS on success and a Kerberos error code on failure. * * The peer procedure on the other end is krb_rd_req. When making * any changes to this routine it is important to make corresponding * changes to krb_rd_req. * * The authenticator consists of the following: * * authent->dat * * unsigned char KRB_PROT_VERSION protocol version no. * unsigned char AUTH_MSG_APPL_REQUEST message type * (least significant * bit of above) HOST_BYTE_ORDER local byte ordering * unsigned char kvno from ticket server's key version * string realm server's realm * unsigned char tl ticket length * unsigned char idl request id length * text ticket->dat ticket for server * text req_id->dat request id * * The ticket information is retrieved from the ticket cache or * fetched from Kerberos. The request id (called the "authenticator" * in the papers on Kerberos) contains the following: * * req_id->dat * * string cr.pname {name, instance, and * string cr.pinst realm of principal * string myrealm making this request} * 4 bytes checksum checksum argument given * unsigned char tv_local.tf_usec time (milliseconds) * 4 bytes tv_local.tv_sec time (seconds) * * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, * all rounded up to multiple of 8. */ int krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, int32_t checksum) { KTEXT_ST req_st; KTEXT req_id = &req_st; CREDENTIALS cr; /* Credentials used by retr */ KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ int retval; /* Returned by krb_get_cred */ char myrealm[REALM_SZ]; unsigned char *p = authent->dat; int rem = sizeof(authent->dat); int tmp; tmp = krb_put_int(KRB_PROT_VERSION, p, rem, 1); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; tmp = krb_put_int(AUTH_MSG_APPL_REQUEST, p, rem, 1); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; /* Get the ticket and move it into the authenticator */ if (krb_ap_req_debug) krb_warning("Realm: %s\n", realm); retval = krb_get_cred(service,instance,realm,&cr); if (retval == RET_NOTKT) { retval = get_ad_tkt(service, instance, realm, lifetime); if (retval == KSUCCESS) retval = krb_get_cred(service, instance, realm, &cr); } if (retval != KSUCCESS) return retval; /* * With multi realm ticket files either find a matching TGT or * else use the first TGT for inter-realm authentication. * * In myrealm hold the realm of the principal "owning" the * corresponding ticket-granting-ticket. */ retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); if (retval == KSUCCESS) { strcpy_truncate(myrealm, realm, REALM_SZ); } else retval = krb_get_tf_realm(TKT_FILE, myrealm); if (retval != KSUCCESS) return retval; if (krb_ap_req_debug) krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm, cr.pname, cr.pinst, myrealm); tmp = krb_put_int(cr.kvno, p, rem, 1); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; tmp = krb_put_string(realm, p, rem); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; tmp = krb_put_int(ticket->length, p, rem, 1); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; retval = build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); if (retval != KSUCCESS) return retval; encrypt_ktext(req_id, &cr.session, DES_ENCRYPT); tmp = krb_put_int(req_id->length, p, rem, 1); if (tmp < 0) return KFAILURE; p += tmp; rem -= tmp; if (rem < ticket->length + req_id->length) return KFAILURE; memcpy(p, ticket->dat, ticket->length); p += ticket->length; rem -= ticket->length; memcpy(p, req_id->dat, req_id->length); p += req_id->length; rem -= req_id->length; authent->length = p - authent->dat; memset(&cr, 0, sizeof(cr)); memset(&req_st, 0, sizeof(req_st)); if (krb_ap_req_debug) krb_warning("Authent->length = %d\n", authent->length); return KSUCCESS; } /* * krb_set_lifetime sets the default lifetime for additional tickets * obtained via krb_mk_req(). * * It returns the previous value of the default lifetime. */ int krb_set_lifetime(int newval) { int olife = lifetime; lifetime = newval; return(olife); } cyrus-sasl-2.1.25/mac/osx_cfm_glue/0000777000076400007640000000000011632367343014145 500000000000000cyrus-sasl-2.1.25/mac/osx_cfm_glue/cfmglue.proj0000777000076400007640000026302707403027655016420 00000000000000cool(Z'[O ÈsCodeWarrior Projecth€P4Th —\ ±]!°à"!¡Ð)!¡08*tGT!¢aç¸o s ‚ !¢P” ãȤ ¶È!¢€×ïàäÿpòëùŽ !¡Ð)6îÈ<F!¢ÐSH[n|Œ@–¯ """"Ú!€ô"#$(!%wi0&ë?'X(¦0j) |*8086ˆ+¶ô ”,ÿÿ÷H -¹.Ñ/µò\ê05ÊÀ1ð2-3E4^5v6‰7¶ô@œ8ÿÿ÷®9%À:"Ó;)æ<*ø=- >0?33@6GA_BwCD§E¹FÅGÏHÝIìJúK LM3NNOdPŒQ£R´SÄTÑUáVïWüX YZ*[4\A]Q^a_m`~a‰b‘cdªe·fÌgÙhêiõjýklmn)o>pHqUrdsut€u•v¢wR w€°wtÿÿò°€=û%Yp vÿÿÿÿJavaClasses.zipZIP JAVA ROOTGRUP LibrariesFILEFILEFILE FILEFILEL€ ·fÀ XSgT hU VWY Zqr_`fabcde@B,.LKPjMN51396"OvlIJ) +#*SHE -/! <VXYmoRgWDU;Z:[FGQ02487?&> =rn't(ipq\] h^A_Ce`abcduksfT$%JavaClasses.zipZIP JAVAJavaClasses.zipZIP JAVAMSIEInternet ExplorerIexplore.exe a.out@U {MSIEInternet ExplorerIexplore.exe a.out@U { a.out@U {MSIEInternet ExplorerIexplore.exeabcd]`efg\_hijklmnopqrstu^vwxyžŸ ™œ¡¢£˜›¤¥¦§¨©ª«¬­®¯°±š²³´µBCDE>AFGH=@IJKLMNOPQRSTUV?WXYZ$%&' #()*"+,-./012345678!9:;<œžŸ˜› ¡¢—š£¤¥¦§¨©ª«¬­™³´µ¶¯²·¸¹®±º»¼½¾¿ÀÁÂÃÄ°~€z}‚ƒ„y|…†‡ˆ‰Š‹ŒŽ‘’{“”•–  `abc\_def[^ghijklmnopqrst]uvwxÙÚÛÜÕØÝÞßÔ×àáâãäåæçèéêëìíÖîïðñÊËÌÍÆJÉÎÏÐÅÈKÑLMNÒÓÔÕÖ×ØÙÚÛÇOPQRáâãäÝ8àåæçÜß9è:;<éêëìíîïðñòÞ=>?@øùúûôA÷üýþóöBÿCDE õFGHI&'()"%*+,!$-./01234567# S  TUVW  XYZ[€ü‚{~ƒ„…zô}õ†ò‡ˆ‰öŠ‹ŒŽý‘’“|”•÷–—»¼þ½¾·8º¿ÀÁ¶ ø¹ùÂó9ÃÄÅúÆ:;ÇÈ ÉÊÿËÌÍÎ7Ï ¸ÐÑ<ûÒÓGHIJK>EBLMNF?CAOPQRSTUVWXYZ[\]^_D`=@abcdefg& '()*+,-./ !"#%$ 0123456  ·¬ÿÿÒ#vw·©ÖèÿÿÚ” MacOS Toolbox DEBUG 68K????APPL€XÀ????U {€  cfmglue.hders.cJavaClasses.jarZIP MWZPJavaClasses.jarZIP MWZP Merge Out????APPLDLGXckidProjWSPCBasic Toolbox Multi:Custom KeywordsBasic Toolbox Multi:Access PathsBasic Toolbox Multi:Target SettingsBasic Toolbox Multi:File MappingsBasic Toolbox Multi:Build ExtrasBasic Toolbox Multi:68K CodeGenBasic Toolbox Multi:68K DisassemblerBasic Toolbox Multi:68K LinkerBasic Toolbox Multi:68K ProjectBasic Toolbox Multi:C/C++ CompilerBasic Toolbox Multi:C/C++ WarningsBasic Toolbox Multi:CFM68KBasic Toolbox Multi:IR OptimizerBasic Toolbox Multi:Java OutputBasic Toolbox Multi:Java ProjectBasic Toolbox Multi:Java VMBasic Toolbox Multi:MacOS Merge PanelBasic Toolbox Multi:Pascal CompilerBasic Toolbox Multi:Pascal WarningsBasic Toolbox Multi:PPC CodeGenBasic Toolbox Multi:PPC DisassemblerBasic Toolbox Multi:PPC LinkerBasic Toolbox Multi:PPC PEFBasic Toolbox Multi:PPC ProjectBasic Toolbox Multi:PPCAsm PanelBasic Toolbox Multi:Rez CompilerBasic Toolbox Multi:WinRC CompilerBasic Toolbox Multi:x86 CodeGenBasic Toolbox Multi:x86 LinkerBasic Toolbox Multi:x86 ProjectProject File ListBasic Toolbox 68k:Custom KeywordsBasic Toolbox 68k:Access PathsBasic Toolbox 68k:Target SettingsBasic Toolbox 68k:File MappingsBasic Toolbox 68k:Build ExtrasBasic Toolbox 68k:68K CodeGenBasic Toolbox 68k:68K DisassemblerBasic Toolbox 68k:68K LinkerBasic Toolbox 68k:68K ProjectBasic Toolbox 68k:C/C++ CompilerBasic Toolbox 68k:C/C++ WarningsBasic Toolbox 68k:CFM68KBasic Toolbox 68k:IR OptimizerBasic Toolbox 68k:Java OutputBasic Toolbox 68k:Java ProjectBasic Toolbox 68k:Java VMBasic Toolbox 68k:MacOS Merge PanelBasic Toolbox 68k:Pascal CompilerBasic Toolbox 68k:Pascal WarningsBasic Toolbox 68k:PPC CodeGenBasic Toolbox 68k:PPC DisassemblerBasic Toolbox 68k:PPC LinkerBasic Toolbox 68k:PPC PEFBasic Toolbox 68k:PPC ProjectBasic Toolbox 68k:PPCAsm PanelBasic Toolbox 68k:Rez CompilerBasic Toolbox 68k:WinRC CompilerBasic Toolbox 68k:x86 CodeGenBasic Toolbox 68k:x86 LinkerBasic Toolbox 68k:x86 ProjectBasci Toolbox PPC:Custom KeywordsBasci Toolbox PPC:Access PathsBasci Toolbox PPC:Target SettingsBasci Toolbox PPC:File MappingsBasci Toolbox PPC:Build ExtrasBasci Toolbox PPC:68K CodeGenBasci Toolbox PPC:68K DisassemblerBasci Toolbox PPC:68K LinkerBasci Toolbox PPC:68K ProjectBasci Toolbox PPC:C/C++ CompilerBasci Toolbox PPC:C/C++ WarningsBasci Toolbox PPC:CFM68KBasci Toolbox PPC:IR OptimizerBasci Toolbox PPC:Java OutputBasci Toolbox PPC:Java ProjectBasci Toolbox PPC:Java VMBasci Toolbox PPC:MacOS Merge PanelBasci Toolbox PPC:Pascal CompilerBasci Toolbox PPC:Pascal WarningsBasci Toolbox PPC:PPC CodeGenBasci Toolbox PPC:PPC DisassemblerBasci Toolbox PPC:PPC LinkerBasci Toolbox PPC:PPC PEFBasci Toolbox PPC:PPC ProjectBasci Toolbox PPC:PPCAsm PanelBasci Toolbox PPC:Rez CompilerBasci Toolbox PPC:WinRC CompilerBasci Toolbox PPC:x86 CodeGenBasci Toolbox PPC:x86 LinkerBasci Toolbox PPC:x86 ProjectBasic Toolbox PPC:Custom KeywordsBasic Toolbox PPC:Access PathsBasic Toolbox PPC:Target SettingsBasic Toolbox PPC:File MappingsBasic Toolbox PPC:Build ExtrasBasic Toolbox PPC:68K CodeGenBasic Toolbox PPC:68K DisassemblerBasic Toolbox PPC:68K LinkerBasic Toolbox PPC:68K ProjectBasic Toolbox PPC:C/C++ CompilerBasic Toolbox PPC:C/C++ WarningsBasic Toolbox PPC:CFM68KBasic Toolbox PPC:IR OptimizerBasic Toolbox PPC:Java OutputBasic Toolbox PPC:Java ProjectBasic Toolbox PPC:Java VMBasic Toolbox PPC:MacOS Merge PanelBasic Toolbox PPC:Pascal CompilerBasic Toolbox PPC:Pascal WarningsBasic Toolbox PPC:PPC CodeGenBasic Toolbox PPC:PPC DisassemblerBasic Toolbox PPC:PPC LinkerBasic Toolbox PPC:PPC PEFBasic Toolbox PPC:PPC ProjectBasic Toolbox PPC:PPCAsm PanelBasic Toolbox PPC:Rez CompilerBasic Toolbox PPC:WinRC CompilerBasic Toolbox PPC:x86 CodeGenBasic Toolbox PPC:x86 LinkerBasic Toolbox PPC:x86 ProjectBasic Toolbox FAT:Custom KeywordsBasic Toolbox FAT:Access PathsBasic Toolbox FAT:Target SettingsBasic Toolbox FAT:File MappingsBasic Toolbox FAT:Build ExtrasBasic Toolbox FAT:68K CodeGenBasic Toolbox FAT:68K DisassemblerBasic Toolbox FAT:68K LinkerBasic Toolbox FAT:68K ProjectBasic Toolbox FAT:C/C++ CompilerBasic Toolbox FAT:C/C++ WarningsBasic Toolbox FAT:CFM68KBasic Toolbox FAT:IR OptimizerBasic Toolbox FAT:Java OutputBasic Toolbox FAT:Java ProjectBasic Toolbox FAT:Java VMBasic Toolbox FAT:MacOS Merge PanelBasic Toolbox FAT:Pascal CompilerBasic Toolbox FAT:Pascal WarningsBasic Toolbox FAT:PPC CodeGenBasic Toolbox FAT:PPC DisassemblerBasic Toolbox FAT:PPC LinkerBasic Toolbox FAT:PPC PEFBasic Toolbox FAT:PPC ProjectBasic Toolbox FAT:PPCAsm PanelBasic Toolbox FAT:Rez CompilerBasic Toolbox FAT:WinRC CompilerBasic Toolbox FAT:x86 CodeGenBasic Toolbox FAT:x86 LinkerBasic Toolbox FAT:x86 ProjectBasic Toolbox DEBUG 68k:Custom KeywordsBasic Toolbox DEBUG 68k:Access PathsBasic Toolbox DEBUG 68k:Target SettingsBasic Toolbox DEBUG 68k:File MappingsBasic Toolbox DEBUG 68k:Build ExtrasBasic Toolbox DEBUG 68k:68K CodeGenBasic Toolbox DEBUG 68k:68K DisassemblerBasic Toolbox DEBUG 68k:68K LinkerBasic Toolbox DEBUG 68k:68K ProjectBasic Toolbox DEBUG 68k:C/C++ CompilerBasic Toolbox DEBUG 68k:C/C++ WarningsBasic Toolbox DEBUG 68k:CFM68KBasic Toolbox DEBUG 68k:IR OptimizerBasic Toolbox DEBUG 68k:MacOS Merge PanelBasic Toolbox DEBUG 68k:Pascal CompilerBasic Toolbox DEBUG 68k:Pascal WarningsBasic Toolbox DEBUG 68k:PPC CodeGenBasic Toolbox DEBUG 68k:PPC DisassemblerBasic Toolbox DEBUG 68k:PPC LinkerBasic Toolbox DEBUG 68k:PPC PEFBasic Toolbox DEBUG 68k:PPC ProjectBasic Toolbox DEBUG 68k:PPCAsm PanelBasic Toolbox DEBUG 68k:Rez CompilerBasic Toolbox DEBUG PPC:Custom KeywordsBasic Toolbox DEBUG PPC:Access PathsBasic Toolbox DEBUG PPC:Target SettingsBasic Toolbox DEBUG PPC:File MappingsBasic Toolbox DEBUG PPC:Build ExtrasBasic Toolbox DEBUG PPC:68K CodeGenBasic Toolbox DEBUG PPC:68K DisassemblerBasic Toolbox DEBUG PPC:68K LinkerBasic Toolbox DEBUG PPC:68K ProjectBasic Toolbox DEBUG PPC:C/C++ CompilerBasic Toolbox DEBUG PPC:C/C++ WarningsBasic Toolbox DEBUG PPC:CFM68KBasic Toolbox DEBUG PPC:IR OptimizerBasic Toolbox DEBUG PPC:MacOS Merge PanelBasic Toolbox DEBUG PPC:Pascal CompilerBasic Toolbox DEBUG PPC:Pascal WarningsBasic Toolbox DEBUG PPC:PPC CodeGenBasic Toolbox DEBUG PPC:PPC DisassemblerBasic Toolbox DEBUG PPC:PPC LinkerBasic Toolbox DEBUG PPC:PPC PEFBasic Toolbox DEBUG PPC:PPC ProjectBasic Toolbox DEBUG PPC:PPCAsm PanelBasic Toolbox DEBUG PPC:Rez CompilerMacOS Toolbox 68K:Custom KeywordsMacOS Toolbox 68K:Access PathsMacOS Toolbox 68K:Target SettingsMacOS Toolbox 68K:File MappingsMacOS Toolbox 68K:Build ExtrasMacOS Toolbox 68K:68K CodeGenMacOS Toolbox 68K:68K DisassemblerMacOS Toolbox 68K:68K LinkerMacOS Toolbox 68K:68K ProjectMacOS Toolbox 68K:C/C++ CompilerMacOS Toolbox 68K:C/C++ WarningsMacOS Toolbox 68K:CFM68KMacOS Toolbox 68K:IR OptimizerMacOS Toolbox 68K:MacOS Merge PanelMacOS Toolbox 68K:Pascal CompilerMacOS Toolbox 68K:Pascal WarningsMacOS Toolbox 68K:PPC CodeGenMacOS Toolbox 68K:PPC DisassemblerMacOS Toolbox 68K:PPC LinkerMacOS Toolbox 68K:PPC PEFMacOS Toolbox 68K:PPC ProjectMacOS Toolbox 68K:PPCAsm PanelMacOS Toolbox 68K:Rez CompilerMacOS Toolbox DEBUG 68K:Custom KeywordsMacOS Toolbox DEBUG 68K:Access PathsMacOS Toolbox DEBUG 68K:Target SettingsMacOS Toolbox DEBUG 68K:File MappingsMacOS Toolbox DEBUG 68K:Build ExtrasMacOS Toolbox DEBUG 68K:68K CodeGenMacOS Toolbox DEBUG 68K:68K DisassemblerMacOS Toolbox DEBUG 68K:68K LinkerMacOS Toolbox DEBUG 68K:68K ProjectMacOS Toolbox DEBUG 68K:C/C++ CompilerMacOS Toolbox DEBUG 68K:C/C++ WarningsMacOS Toolbox DEBUG 68K:CFM68KMacOS Toolbox DEBUG 68K:IR OptimizerMacOS Toolbox DEBUG 68K:MacOS Merge PanelMacOS Toolbox DEBUG 68K:Pascal CompilerMacOS Toolbox DEBUG 68K:Pascal WarningsMacOS Toolbox DEBUG 68K:PPC CodeGenMacOS Toolbox DEBUG 68K:PPC DisassemblerMacOS Toolbox DEBUG 68K:PPC LinkerMacOS Toolbox DEBUG 68K:PPC PEFMacOS Toolbox DEBUG 68K:PPC ProjectMacOS Toolbox DEBUG 68K:PPCAsm PanelMacOS Toolbox DEBUG 68K:Rez CompilerMacOS Toolbox DEBUG PPC:Custom KeywordsMacOS Toolbox DEBUG PPC:Access PathsMacOS Toolbox DEBUG PPC:Target SettingsMacOS Toolbox DEBUG PPC:File MappingsMacOS Toolbox DEBUG PPC:Build ExtrasMacOS Toolbox DEBUG PPC:68K CodeGenMacOS Toolbox DEBUG PPC:68K DisassemblerMacOS Toolbox DEBUG PPC:68K LinkerMacOS Toolbox DEBUG PPC:68K ProjectMacOS Toolbox DEBUG PPC:C/C++ CompilerMacOS Toolbox DEBUG PPC:C/C++ WarningsMacOS Toolbox DEBUG PPC:CFM68KMacOS Toolbox DEBUG PPC:IR OptimizerMacOS Toolbox DEBUG PPC:MacOS Merge PanelMacOS Toolbox DEBUG PPC:Pascal CompilerMacOS Toolbox DEBUG PPC:Pascal WarningsMacOS Toolbox DEBUG PPC:PPC CodeGenMacOS Toolbox DEBUG PPC:PPC DisassemblerMacOS Toolbox DEBUG PPC:PPC LinkerMacOS Toolbox DEBUG PPC:PPC PEFMacOS Toolbox DEBUG PPC:PPC ProjectMacOS Toolbox DEBUG PPC:PPCAsm PanelMacOS Toolbox DEBUG PPC:Rez CompilerMacOS Toolbox PPC:Custom KeywordsMacOS Toolbox PPC:Access PathsMacOS Toolbox PPC:Target SettingsMacOS Toolbox PPC:File MappingsMacOS Toolbox PPC:Build ExtrasMacOS Toolbox PPC:68K CodeGenMacOS Toolbox PPC:68K DisassemblerMacOS Toolbox PPC:68K LinkerMacOS Toolbox PPC:68K ProjectMacOS Toolbox PPC:C/C++ CompilerMacOS Toolbox PPC:C/C++ WarningsMacOS Toolbox PPC:CFM68KMacOS Toolbox PPC:IR OptimizerMacOS Toolbox PPC:MacOS Merge PanelMacOS Toolbox PPC:Pascal CompilerMacOS Toolbox PPC:Pascal WarningsMacOS Toolbox PPC:PPC CodeGenMacOS Toolbox PPC:PPC DisassemblerMacOS Toolbox PPC:PPC LinkerMacOS Toolbox PPC:PPC PEFMacOS Toolbox PPC:PPC ProjectMacOS Toolbox PPC:PPCAsm PanelMacOS Toolbox PPC:Rez CompilerMacOS Toolbox FAT:Custom KeywordsMacOS Toolbox FAT:Access PathsMacOS Toolbox FAT:Target SettingsMacOS Toolbox FAT:File MappingsMacOS Toolbox FAT:Build ExtrasMacOS Toolbox FAT:68K CodeGenMacOS Toolbox FAT:68K DisassemblerMacOS Toolbox FAT:68K LinkerMacOS Toolbox FAT:68K ProjectMacOS Toolbox FAT:C/C++ CompilerMacOS Toolbox FAT:C/C++ WarningsMacOS Toolbox FAT:CFM68KMacOS Toolbox FAT:IR OptimizerMacOS Toolbox FAT:MacOS Merge PanelMacOS Toolbox FAT:Pascal CompilerMacOS Toolbox FAT:Pascal WarningsMacOS Toolbox FAT:PPC CodeGenMacOS Toolbox FAT:PPC DisassemblerMacOS Toolbox FAT:PPC LinkerMacOS Toolbox FAT:PPC PEFMacOS Toolbox FAT:PPC ProjectMacOS Toolbox FAT:PPCAsm PanelMacOS Toolbox FAT:Rez CompilerMacOS Toolbox DEBUG 68K:Bison PanelMacOS Toolbox DEBUG 68K:Flex PanelMacOS Toolbox DEBUG 68K:Java OutputMacOS Toolbox DEBUG 68K:Java ProjectMacOS Toolbox DEBUG 68K:Java VMMacOS Toolbox DEBUG 68K:WinRC CompilerMacOS Toolbox DEBUG 68K:x86 CodeGenMacOS Toolbox DEBUG 68K:x86 LinkerMacOS Toolbox DEBUG 68K:x86 ProjectMacOS Toolbox DEBUG PPC:Bison PanelMacOS Toolbox DEBUG PPC:Flex PanelMacOS Toolbox DEBUG PPC:Java OutputMacOS Toolbox DEBUG PPC:Java ProjectMacOS Toolbox DEBUG PPC:Java VMMacOS Toolbox DEBUG PPC:WinRC CompilerMacOS Toolbox DEBUG PPC:x86 CodeGenMacOS Toolbox DEBUG PPC:x86 LinkerMacOS Toolbox DEBUG PPC:x86 ProjectMacOS Toolbox 68K:Bison PanelMacOS Toolbox 68K:Flex PanelMacOS Toolbox 68K:Java OutputMacOS Toolbox 68K:Java ProjectMacOS Toolbox 68K:Java VMMacOS Toolbox 68K:WinRC CompilerMacOS Toolbox 68K:x86 CodeGenMacOS Toolbox 68K:x86 LinkerMacOS Toolbox 68K:x86 ProjectMacOS Toolbox PPC:Bison PanelMacOS Toolbox PPC:Flex PanelMacOS Toolbox PPC:Java OutputMacOS Toolbox PPC:Java ProjectMacOS Toolbox PPC:Java VMMacOS Toolbox PPC:WinRC CompilerMacOS Toolbox PPC:x86 CodeGenMacOS Toolbox PPC:x86 LinkerMacOS Toolbox PPC:x86 Project68K Debug MacOS Toolbox:Custom Keywords68K Debug MacOS Toolbox:Access Paths68K Debug MacOS Toolbox:Target Settings68K Debug MacOS Toolbox:File Mappings68K Debug MacOS Toolbox:Build Extras68K Debug MacOS Toolbox:68K CodeGen68K Debug MacOS Toolbox:68K Disassembler68K Debug MacOS Toolbox:68K Linker68K Debug MacOS Toolbox:68K Project68K Debug MacOS Toolbox:C/C++ Compiler68K Debug MacOS Toolbox:C/C++ Warnings68K Debug MacOS Toolbox:CFM68K68K Debug MacOS Toolbox:IR Optimizer68K Debug MacOS Toolbox:Java Output68K Debug MacOS Toolbox:Java Project68K Debug MacOS Toolbox:Java VM68K Debug MacOS Toolbox:MacOS Merge Panel68K Debug MacOS Toolbox:Pascal Compiler68K Debug MacOS Toolbox:Pascal Warnings68K Debug MacOS Toolbox:PPC CodeGen68K Debug MacOS Toolbox:PPC Disassembler68K Debug MacOS Toolbox:PPC Linker68K Debug MacOS Toolbox:PPC PEF68K Debug MacOS Toolbox:PPC Project68K Debug MacOS Toolbox:PPCAsm Panel68K Debug MacOS Toolbox:Rez Compiler68K Debug MacOS Toolbox:WinRC Compiler68K Debug MacOS Toolbox:x86 CodeGen68K Debug MacOS Toolbox:x86 Linker68K Debug MacOS Toolbox:x86 ProjectPPC Debug MacOS Toolbox:Custom KeywordsPPC Debug MacOS Toolbox:Access PathsPPC Debug MacOS Toolbox:Target SettingsPPC Debug MacOS Toolbox:File MappingsPPC Debug MacOS Toolbox:Build ExtrasPPC Debug MacOS Toolbox:68K CodeGenPPC Debug MacOS Toolbox:68K DisassemblerPPC Debug MacOS Toolbox:68K LinkerPPC Debug MacOS Toolbox:68K ProjectPPC Debug MacOS Toolbox:C/C++ CompilerPPC Debug MacOS Toolbox:C/C++ WarningsPPC Debug MacOS Toolbox:CFM68KPPC Debug MacOS Toolbox:IR OptimizerPPC Debug MacOS Toolbox:Java OutputPPC Debug MacOS Toolbox:Java ProjectPPC Debug MacOS Toolbox:Java VMPPC Debug MacOS Toolbox:MacOS Merge PanelPPC Debug MacOS Toolbox:Pascal CompilerPPC Debug MacOS Toolbox:Pascal WarningsPPC Debug MacOS Toolbox:PPC CodeGenPPC Debug MacOS Toolbox:PPC DisassemblerPPC Debug MacOS Toolbox:PPC LinkerPPC Debug MacOS Toolbox:PPC PEFPPC Debug MacOS Toolbox:PPC ProjectPPC Debug MacOS Toolbox:PPCAsm PanelPPC Debug MacOS Toolbox:Rez CompilerPPC Debug MacOS Toolbox:WinRC CompilerPPC Debug MacOS Toolbox:x86 CodeGenPPC Debug MacOS Toolbox:x86 LinkerPPC Debug MacOS Toolbox:x86 Project68K Final MacOS Toolbox:Custom Keywords68K Final MacOS Toolbox:Access Paths68K Final MacOS Toolbox:Target Settings68K Final MacOS Toolbox:File Mappings68K Final MacOS Toolbox:Build Extras68K Final MacOS Toolbox:68K CodeGen68K Final MacOS Toolbox:68K Disassembler68K Final MacOS Toolbox:68K Linker68K Final MacOS Toolbox:68K Project68K Final MacOS Toolbox:C/C++ Compiler68K Final MacOS Toolbox:C/C++ Warnings68K Final MacOS Toolbox:CFM68K68K Final MacOS Toolbox:IR Optimizer68K Final MacOS Toolbox:Java Output68K Final MacOS Toolbox:Java Project68K Final MacOS Toolbox:Java VM68K Final MacOS Toolbox:MacOS Merge Panel68K Final MacOS Toolbox:Pascal Compiler68K Final MacOS Toolbox:Pascal Warnings68K Final MacOS Toolbox:PPC CodeGen68K Final MacOS Toolbox:PPC Disassembler68K Final MacOS Toolbox:PPC Linker68K Final MacOS Toolbox:PPC PEF68K Final MacOS Toolbox:PPC Project68K Final MacOS Toolbox:PPCAsm Panel68K Final MacOS Toolbox:Rez Compiler68K Final MacOS Toolbox:WinRC Compiler68K Final MacOS Toolbox:x86 CodeGen68K Final MacOS Toolbox:x86 Linker68K Final MacOS Toolbox:x86 ProjectPPC Final MacOS Toolbox:Custom KeywordsPPC Final MacOS Toolbox:Access PathsPPC Final MacOS Toolbox:Target SettingsPPC Final MacOS Toolbox:File MappingsPPC Final MacOS Toolbox:Build ExtrasPPC Final MacOS Toolbox:68K CodeGenPPC Final MacOS Toolbox:68K DisassemblerPPC Final MacOS Toolbox:68K LinkerPPC Final MacOS Toolbox:68K ProjectPPC Final MacOS Toolbox:C/C++ CompilerPPC Final MacOS Toolbox:C/C++ WarningsPPC Final MacOS Toolbox:CFM68KPPC Final MacOS Toolbox:IR OptimizerPPC Final MacOS Toolbox:Java OutputPPC Final MacOS Toolbox:Java ProjectPPC Final MacOS Toolbox:Java VMPPC Final MacOS Toolbox:MacOS Merge PanelPPC Final MacOS Toolbox:Pascal CompilerPPC Final MacOS Toolbox:Pascal WarningsPPC Final MacOS Toolbox:PPC CodeGenPPC Final MacOS Toolbox:PPC DisassemblerPPC Final MacOS Toolbox:PPC LinkerPPC Final MacOS Toolbox:PPC PEFPPC Final MacOS Toolbox:PPC ProjectPPC Final MacOS Toolbox:PPCAsm PanelPPC Final MacOS Toolbox:Rez CompilerPPC Final MacOS Toolbox:WinRC CompilerPPC Final MacOS Toolbox:x86 CodeGenPPC Final MacOS Toolbox:x86 LinkerPPC Final MacOS Toolbox:x86 ProjectFAT MacOS Toolbox:Custom KeywordsFAT MacOS Toolbox:Access PathsFAT MacOS Toolbox:Target SettingsFAT MacOS Toolbox:File MappingsFAT MacOS Toolbox:Build ExtrasFAT MacOS Toolbox:68K CodeGenFAT MacOS Toolbox:68K DisassemblerFAT MacOS Toolbox:68K LinkerFAT MacOS Toolbox:68K ProjectFAT MacOS Toolbox:C/C++ CompilerFAT MacOS Toolbox:C/C++ WarningsFAT MacOS Toolbox:CFM68KFAT MacOS Toolbox:IR OptimizerFAT MacOS Toolbox:Java OutputFAT MacOS Toolbox:Java ProjectFAT MacOS Toolbox:Java VMFAT MacOS Toolbox:MacOS Merge PanelFAT MacOS Toolbox:Pascal CompilerFAT MacOS Toolbox:Pascal WarningsFAT MacOS Toolbox:PPC CodeGenFAT MacOS Toolbox:PPC DisassemblerFAT MacOS Toolbox:PPC LinkerFAT MacOS Toolbox:PPC PEFFAT MacOS Toolbox:PPC ProjectFAT MacOS Toolbox:PPCAsm PanelFAT MacOS Toolbox:Rez CompilerFAT MacOS Toolbox:WinRC CompilerFAT MacOS Toolbox:x86 CodeGenFAT MacOS Toolbox:x86 LinkerFAT MacOS Toolbox:x86 ProjectPPC Debug MacOS Toolbox:Java LanguagePPC Final MacOS Toolbox:Java LanguagePPC Debug MacOS Toolbox:Debugger TargetPPC Debug MacOS Toolbox:FTP PanelPPC Debug MacOS Toolbox:JavaDoc ProjectPPC Debug MacOS Toolbox:x86 Exceptions PanelPPC Final MacOS Toolbox:Debugger TargetPPC Final MacOS Toolbox:FTP PanelPPC Final MacOS Toolbox:JavaDoc ProjectPPC Final MacOS Toolbox:x86 Exceptions PanelPPC Debug MacOS Toolbox:68K Global OptimizerPPC Debug MacOS Toolbox:PPC Global OptimizerPPC Final MacOS Toolbox:68K Global OptimizerPPC Final MacOS Toolbox:PPC Global OptimizerPPC Debug MacOS Toolbox:Java Command LinePPC Debug MacOS Toolbox:Java MacOS SettingsPPC Debug MacOS Toolbox:x86 Global OptimizerPPC Final MacOS Toolbox:Java Command LinePPC Final MacOS Toolbox:Java MacOS SettingsPPC Final MacOS Toolbox:x86 Global OptimizerPPC Debug MacOS Toolbox:Source TreesPPC Debug MacOS Toolbox:Debugger RuntimePPC Debug MacOS Toolbox:Perl PanelPPC Final MacOS Toolbox:Source TreesPPC Final MacOS Toolbox:Debugger RuntimePPC Final MacOS Toolbox:Perl PanelSASLGlueCFM:Source TreesSASLGlueCFM:Custom KeywordsSASLGlueCFM:Access PathsSASLGlueCFM:Target SettingsSASLGlueCFM:File MappingsSASLGlueCFM:Build ExtrasSASLGlueCFM:Debugger RuntimeSASLGlueCFM:Debugger TargetSASLGlueCFM:68K CodeGenSASLGlueCFM:68K DisassemblerSASLGlueCFM:68K Global OptimizerSASLGlueCFM:68K LinkerSASLGlueCFM:68K ProjectSASLGlueCFM:C/C++ CompilerSASLGlueCFM:C/C++ WarningsSASLGlueCFM:CFM68KSASLGlueCFM:MacOS Merge PanelSASLGlueCFM:PPC CodeGenSASLGlueCFM:PPC DisassemblerSASLGlueCFM:PPC Global OptimizerSASLGlueCFM:PPC LinkerSASLGlueCFM:PPC PEFSASLGlueCFM:PPC ProjectSASLGlueCFM:PPCAsm PanelSASLGlueCFM:Rez CompilerSASLGlueCFM:Remote DebugSASLGlueCFM:Auto-targetSASLGlueCFM:FTP PanelSASLGlueCFM:Java Command LineSASLGlueCFM:Java LanguageSASLGlueCFM:Java MRJAppBuilderSASLGlueCFM:Java OutputSASLGlueCFM:Java ProjectSASLGlueCFM:JavaDoc ProjectSASLGlueCFM:Output FlagsSASLGlueCFM:Packager PanelSASLGlueCFM:WinRC CompilerSASLGlueCFM:x86 CodeGenSASLGlueCFM:x86 DisassemblerSASLGlueCFM:x86 Exceptions PanelSASLGlueCFM:x86 Global OptimizerSASLGlueCFM:x86 LinkerSASLGlueCFM:x86 ProjectPPC Final MacOS Toolbox:Remote DebugPPC Final MacOS Toolbox:Auto-targetPPC Final MacOS Toolbox:Java MRJAppBuilderPPC Final MacOS Toolbox:Output FlagsPPC Final MacOS Toolbox:Packager PanelPPC Final MacOS Toolbox:x86 DisassemblerSASL2GlueCFM:Source TreesSASL2GlueCFM:Access PathsSASL2GlueCFM:Debugger RuntimeSASL2GlueCFM:Target SettingsSASL2GlueCFM:File MappingsSASL2GlueCFM:Build ExtrasSASL2GlueCFM:Debugger TargetSASL2GlueCFM:Remote DebugSASL2GlueCFM:Auto-targetSASL2GlueCFM:Custom KeywordsSASL2GlueCFM:68K CodeGenSASL2GlueCFM:68K DisassemblerSASL2GlueCFM:68K Global OptimizerSASL2GlueCFM:68K LinkerSASL2GlueCFM:68K ProjectSASL2GlueCFM:C/C++ CompilerSASL2GlueCFM:C/C++ WarningsSASL2GlueCFM:CFM68KSASL2GlueCFM:FTP PanelSASL2GlueCFM:Java Command LineSASL2GlueCFM:Java LanguageSASL2GlueCFM:Java MRJAppBuilderSASL2GlueCFM:Java OutputSASL2GlueCFM:Java ProjectSASL2GlueCFM:JavaDoc ProjectSASL2GlueCFM:MacOS Merge PanelSASL2GlueCFM:Output FlagsSASL2GlueCFM:Packager PanelSASL2GlueCFM:PPC CodeGenSASL2GlueCFM:PPC DisassemblerSASL2GlueCFM:PPC Global OptimizerSASL2GlueCFM:PPC LinkerSASL2GlueCFM:PPC PEFSASL2GlueCFM:PPC ProjectSASL2GlueCFM:PPCAsm PanelSASL2GlueCFM:Rez CompilerSASL2GlueCFM:WinRC CompilerSASL2GlueCFM:x86 CodeGenSASL2GlueCFM:x86 DisassemblerSASL2GlueCFM:x86 Exceptions PanelSASL2GlueCFM:x86 Global OptimizerSASL2GlueCFM:x86 LinkerSASL2GlueCFM:x86 ProjectBasic Toolbox MultiFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KMW Pascal 68KRezPEF Import 68KBasic Toolbox 68k:Toolbox68k.outBasci Toolbox PPCBasic Toolbox PPCLib Import PPCMW C/C++ PPCMW Pascal PPCPPCAsmXCOFF Import PPCPEF Import PPC:ToolboxPPC.outSillyBalls.cSillyBalls.rsrcInterfaceLibMathLibMSL RuntimePPC.LibMSL C.PPC.LibMSL C++.PPC.LibMacOS.libMathLib68K Fa(4i/8d).LibMSL Runtime68K.LibMSL C.68K Fa(4i_8d).LibMSL C++.68K Fa(4i_8d).LibBasic Toolbox FAT:Merge Out:ToolboxFAT.outToolbox68k.outToolboxPPC.outMathLib68K Fa(4i_8d).LibMSL SIOUX.68K.LibMSL SIOUX.PPC.Lib:Toolbox68k:ToolboxPPC:ToolboxFAT:Basic Toolbox DEBUG 68kBasic Toolbox DEBUG 68k:Basic Toolbox DEBUG PPCBasic Toolbox DEBUG PPCMacOS Toolbox 68K:MacOS Toolbox DEBUG 68KMacOS Toolbox DEBUG 68K:MacOS Toolbox DEBUG PPCMacOS Toolbox DEBUG PPC:MacOS Toolbox 68K:MacOS Toolbox PPCMacOS Toolbox PPCMacOS Toolbox FAT:MacOS Toolbox FATGameCode ConverterFlex PreprocessorBison PreprocessorMSL C.68K (2i).LibMSL C++.68K (2i).LibMathLib68K (2i).Lib68K Debug MacOS ToolboxPPC Debug MacOS Toolbox68K Final MacOS ToolboxPPC Final MacOS ToolboxFAT MacOS ToolboxApplicationLibrariesMac LibrariesANSI Libraries:SillyBalls.c:SillyBalls.rsrc:Bin:MSL C.PPC.Lib:Bin:MSL C++.PPC.Lib:MacOS Common:InterfaceLib:MacOS Common:MathLib:Runtime:Runtime PPC:MSL RuntimePPC.Lib:Bin:MSL SIOUX.PPC.LibMacOS PPC LinkerCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger TargetC/C++ CompilerC/C++ WarningsFTP PanelIR OptimizerPascal CompilerPascal WarningsPPC CodeGenPPC DisassemblerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez CompilerPPC Global OptimizerSource TreesDebugger RuntimePerl PanelMW Perl:cfmglueSASLGlueCFM:SASLGlueCFMCarbonLibMSL ShLibRuntime.Libcfmglue.cOutput FlagsPackager PanelMSL C.Carbon.Libseterror.cMSL SIOUX.Carbon.LibSASL2GlueCFM:SASL2GlueCFM @:ÿÿÿÿ@:::include:ÿÿÿÿ::include:ÿÿÿÿ:::lib:ÿÿÿÿ@Mac OS 9:CodeWarrior Pro 5:Metrowerks CodeWarrior:Carbon Support:ÿÿÿÿ@Mac OS 9:Metrowerks CodeWarrior 6.0:Metrowerks CodeWarrior:MacOS Support:ÿÿÿÿ@Mac OS 9:Metrowerks CodeWarrior 6.0:Metrowerks CodeWarrior:MSL:ÿÿÿÿ@main npstu ) )U {ÿÿÿÿ€e?î aÐÿÿÿÿ·e`·aÐÿÿÿÿÿÿÿÿartÿÿÿÿÿÿÿÿÿÿÿÿe?î ·c0 ·e`ÿÿÿÿ·aзaÐp·fÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿe?î d0ÿÿÿÿ@·f·aзe`«  ÿÿÿÿîßà·aÐë 0ÿÿö|ÿÿÿÿ€ îÑ,·e kPÿÿÿÿ·aÐÿÿÿÿßà·eÐ ·fpÿÿÿÿ·eÐð·h@·eÐÿÿÿÿßà·f0°ÿÿÿÿ·eзfp·h@ÿÿÿÿut·fpreg$EillDi5¸ ‹Get¬tMouÌtDiañdDia Dial0 ialoS wDiav ialo‘ xt I²ventÒelecóalogalog5DialYItem}topAeAleÂonAládAleýlertxt E>dGe_etDI‚Text¢t MoÁgDeáurceó urge!€4"ndedV#istv$5ò°•%³&Ö'ó() 2*_casS+5ã0l,åÀ‹-reg©.È/illDâ05¸ 1Get(2tMouJ3tDiah4dDia‹5Dial¨6ialoÂ7wDiaà8ialoÿ9xt I:vent?;elec]Dialº?ItemÙ@topAûA€BonAl:CdAleXDlert{Ext E˜FdGe¶GetDI×HTextøIt Mo JgDe 0Kurce NLurge mM ‡N «O ÍP ïQ R 0S MT gU …V ¤W ÃX Get äY Zc To [lti =\gmen _]Lib ~^68K  _rt 6 À`on H ßa€ ýbPasc cezP =dt 68 [e!¯è |f!¯ð g!¯ð ¶h!¯ð Õi!° ój!°Ø k!°È ,l!°È Pm!°È rn!°È ”o!°È ²p!°È Õq!°È òr!°È s!°È*t!°ØIu!°Øhv!°H‰w6~p§xeÜÄycallâzBàCà{HàIà#|NàOàE}TàUàe~Zà[à„`àaࢀfàgàÅ€â‚ndedƒist!„TargB…ct D[†Settz‡ Set˜ˆeSaf·‰ ÑŠ_casõ‹5ã0ŒåÀ9regWŽzillD—5¸ ±‘GetÏ’tMouî“tDia ”dDia.•DialL–ialoi—wDia‡˜ialo¯™xt IÔšventü›elec"œalogGalogkžDial”ŸItem· topAÛ¡¢)£H¤m¥—¦¿§ç¨ ©4ªW«w¬›­À®å¯ °2±Z²€³¥´ɵò¶·9¸`¹‡º¦»˼õ½¾E¿iÀ’ÁµÂÕÃùÄÅCÆeDŽȦÉÆÊåËÌ&ÍCÎaςУѼÒÛÓÿÔ!ÕCÖaׄءٻÚÙÛøÜÝ?Þdߌà²á×âûã$äGåkæ’ç¹èØéýê'ëOìwí›îÄïçðñ+òPóuôõÂöê÷ ø 5ù Yú ‚û ¥ü Éý ðþ!ÿ!6![!…!­!Õ!ù"""E"e"‰ "® "Ó "õ # #6#V#u#“#¶#Ó#ñ$$3$L$k$$±$Ó$ñ%%1%K%i %ˆ!%§"%É#%è$& %&*&&I'&g(&Š)&§*&Å+&æ,'-' .'?/'c0'…1'§2'Å3'è4(5(6(=7(\8({9(Ÿ:(Â;(æ<) =)+>)R?)v@)™A)½B)áC*D*(E*MF*mG*”H*¸I*ÛJ*ÿK+L+:M+XN+wO+‘P+²Q+ÐR+íS, T,)U,FV,dW,ƒX,Y,¾Z,Ü[,ù\-]-?^-d_-Œ`-²a-×b-ûc.$d.Ge.kf.’g.¹h.Øi.ýj/!k/Fl/fm/n/¸o/àp0q0-r0Ps0pt0”u0¹v0Þw1x1)y1Lz1p{1˜|1½}1å~2 20€2T2}‚2 ƒ2Ä„2ë…3†31‡3Vˆ3z‰3ŸŠ3¿‹3éŒ449Ž4]4†4©‘4É’4í“5”57•5^–5‚—5¥˜5É™5ñš6›6>œ6d6‰ž6­Ÿ6Ö 6ù¡7¢7D£7k¤7Š¥7¯¦7Ó§7ø¨8©8Bª8j«8’¬8¶­8ß®9¯9"°9F±9k²9³9·´9Ûµ9þ¶:"·:J¸:o¹:—º:½»:â¼;½;/¾;R¿;vÀ;Á;ÄÂ;ãÃ<Ä<,ÅÒ>4Ó>WÔ>{Õ>Ö>¼×>ÞØ>þÙ?Ú?;Û?^Ü?{Ý?™Þ?ºß?Ûà?ôá@â@1ã@Pä@jå@Žæ@°ç@Òè@ðéAêA0ëAJìAhíA‡îA¦ïAÇðAåñBòB óBFôBlõB”öB¶÷BÞøC ùC3úCUûC}üCªýC×þDÿD1D^DˆD´DáE E7EdE‰E² EÕ Eú F# FF F_F{F”F°FÊFãGGG4GQGrG‰G¡G¼G×GêHH H= H^!Hu"H‰#H¡$Hº%HÓ&Hì'I(I)I8*IR+Iq,I‰-I¢.I¾/I×0Iò1J 2J%3JB4Jc5J„6J›7J³8JØ9Jü:K';KL<Ks=Kœ>K¶?KÐ@KîAL BL&CL@DL]ELwFLGL­HLÆILäJMKMLM7MMSNMoOMƒPMšQM¹RMÔSMôTN UN'VNDWNcXN}YN™ZN²[NÐ\Nò]O ^O_O8`ORaOlbOˆcO¡dO¿eOáfPgPhñz`ytžŽ~Àz`sÙãh€-5{*:{t08t2+0@wÓ¿ÿÍ(p„ÔÔ¦®bñ¶œsÙãh®¶bñ¶œsÙãh¶¾bt0ÜÐany sÙ¨€*;K*0ÛÛ Û@macstmTEÛÛ @€ý‹Èð€ öË ðwÓ‚ €5{:{ sÕPs‡€”ÿÿÛ,Û(;Ðsˆ²ˆs‡_0h€ 5{sˆ–¼s‡¡sˆ¯°Û05{€*û»*ÎÀh×äcntl—×xcntl˜׌cntl™×cntlš×|cntlÉ×ècntlè×€cntléׄcntlë׈cntl׸cntl×¼cntl×Àcntl×Äs ÿÿÿÿÿÿ€Š+6P????APPLDLGXckidProjWSPC MSIEInternet ExplorererIexplore.exeoreruJIT__start__statartlibsasl2.shlb;Carbon SASL2GlueCFM????shlb????  NONAME.EXE@ (Rð (\ (=  MacOS PPC LinkerSASL2GlueCFMOS Toolbox:P'CODE' 'DATA' 'PICT'/ÿ00EðZð0/ÿP0Fk*ÀZð0/ÿ0http://java.sun.com/products/jdk/1.1/docs/api/ )Aï"S0<Ä0E€)×°Zð0aÿ%®0UO/ÿ0<aÿ%š0UO/ Hx B'aÿ%ˆ0UO/ HxJ/ VÀDIÀ/aÿ&¶0UO/ HxJ/ VÀDIÀ/aÿ&š0UO/ HxJ/VÀDIÀ/aÿ&~0UO/ HxJ/VÀDIÀ/aÿ&b0UO/ HxJ/VÀDIÀ/aÿ&F0UO/ HxJ/VÀDIÀ/aÿ&*0UO/ Hx J/VÀDIÀ/aÿ&0HW//aÿ,|/ HxHoaÿ'b0/ Hx?/NºþVHÀTO/aÿ%Ô0HoHoaÿ+/ Hx noname.exe@ SASLGlueCFM????shlb????NoneMMPr@TEXT.cRunTSScriptTEXT.plMW Perl€Java Linker .auJAR Importer@ .gifJAR Importer@RSRC`TEXT.cRunTSScriptTEXT.htmlTEXT.javaMW JavaTEXT.mfTEXT.plMW Perl€rsrc`.classMW Java.zipMW JavaMacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.plMW Perl€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS Merge APPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.cRunTSScriptTEXT.plMW Perl€TEXT.rRezrsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.plMW Perl€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 Linker????Obj Import x86TEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.plMW Perl€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/€Š+6P6PmainMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/ WARZ JBoundApp????ÿÿÿÿÿÿWINDnull (Rð (\ (=  JBoundApp????ÿÿÿÿÿÿWINDnull noname.exe@ñz`ytžŽ~Àz`sÙãh€-5{*:{t08t2+0@wÓ¿ÿÍ(p„ÔÔ¦®bñ¶œsÙãh®¶bñ¶œsÙãh¶¾bt0ÜÐany sÙ¨€*;K*0ÛÛ Û@macstmTEÛÛ @€ý‹Èð€ öË ðwÓ‚ €5{:{ sÕPs‡€”ÿÿÛ,Û(;Ðsˆ²ˆs‡_0h€ 5{sˆ–¼s‡¡sˆ¯°Û05{€*û»*ÎÀh×äcntl—×xcntl˜׌cntl™×cntlš×|cntlÉ×ècntlè×€cntléׄcntlë׈cntl׸cntl×¼cntl×Àcntl×Äs ÿÿÿÿÿÿ€Š+6P1†1¨Zòp1†1¨ kµpZòP1†http://java.sun.com/products/jdk/1.1/docs/api/ )Aï"S0<Ä1§s`ZòPaÿ%®0UO1†<aÿ%š0UO/ Hx B'aÿ%ˆ0UO/ HxJ/ VÀDIÀ/aÿ&¶0UO/ HxJ/ VÀDIÀ/aÿ&š0UO/ HxJ/VÀDIÀ/aÿ&~0UO/ HxJ/VÀDIÀ/aÿ&b0UO/ HxJ/VÀDIÀ/aÿ&F0UO/ HxJ/VÀDIÀ/aÿ&*0UO/ Hx J/VÀDIÀ/aÿ&0HW//aÿ,|/ HxHoaÿ'b0/ Hx?/NºþVHÀTO/aÿ%Ô0HoHoaÿ+/ HxMRJApplication????APPL&$”€&%\ƒ|?0€&#¼€&%`ƒòȃò´€&$$ƒò|ƒòxÙØØðØØ(ØèØøØØ@Ø8Ù(4ëàt°pt°L4ëä4æt°pt”4çà4çÕ4çÏ4çÁ4çº4ç¬4ç¡4ç–4çŒ4ç‚4ç]4çF4ç;4ç4è`4ç.4ç.tªp4æt”T4æt”D4æt”,4æt¬p4æt¬l4æt­´4æt­h4æPanL link Output FlagsFileLockedResourcesMapIsReadOnlyPrinterDriverIsMultiFinderCompatibleInvisibleHasBundleNameLockedStationeryHasCustomIconSharedHasBeenInitedLabelCommentst«8t«8tª¨t«8tª´tª¼t«8tªÌtªÔtªàtªìtªôt«t«4t«8t«8t«4t«8t«8t«8t«8t«8t«8t«8t«8t«8t«8t«8t«t«8t«t«(MWJava- >pin32Name4ëèMWJava_Proj_compress.ßTmstr¢ßmstlÓ mstn((msti‚ßmstrèPmstlè ¬mstnè (mstiè&Ó,mpsiè(ÿmtgl蔀PLstQn ¬.pref›•- Ipref5ð.pref/Q$pref:u pref\;’pref•u<JprefÊs=| mtslßmtpl €mtpslmtpiÈmtlo Ú.pref¢åiŠIprefçƒj ¨prefŠke$prefäv[ prefÚñw®’pref-x@Jpref–eyX.pref܆‡‰IprefÆŸˆTpref½‰‰ „$pref&”† prefÊÕ•Ò’prefìË–dJprefiá—XprefN²9` prefÕ: TprefBLB \ prefñsC hpref·FK p pref"`L |pref©T.Ó prefõ™Uåt prefM:I‡-¦2prefL㮈Å5PprefM#a‰œprefM Šëd8prefLÜÎŒëœ prefMŠà.®"prefMä•-ìprefMU‹–Ñ’prefM%“—ѧjprefLÆ`˜7 prefLÈäÃPprefM¯AÆ=8prefLëíÈ=@ prefMñÉpref€Ió»4prefMúöïpref÷ë@pref’øPmall ”¤mapl'Epref™Ru,M\pref™O£1© pref™Œ7$\pref™ áå€pref6º— A]pref7 Ü motiåpref¨­>Šß¸prefÍ-?Òprefå@×!pref¯ÚAë©pref¾ùB+pref}/C™— pref€ýDÀßprefD Eípref FñprefåG prefo§H pref'¯I) prefVJ5prefý4K,"pref)[L-(>prefÅM 8prefbòNÌ…ÚprefÝ;OÝ5ŽprefzP ¹pref}Qœ·prefåCRE_ÜprefQS-f2prefØ£T€pref“RUÁprefÒsV.bpref,šWÃåØprefúXU;pref`¯Y-ØprefiôZC prefÎj[ F prefmu\Î_ÄprefÉ]Ï#prefy2^Ð;¨prefqÐ_.b.prefå`âà prefô3aĽ"pref ^b.prefäcÇprefÌdÄßprefT"e-˜ pref_ÃfäÏ’prefÏgé‚jprefO¿hcyrus-sasl-2.1.25/mac/osx_cfm_glue/cfmglue.h0000666000076400007640000000012607403027655015657 00000000000000#define TARGET_API_MAC_CARBON 1 #define SASL_OSX_CFMGLUE 1 #include cyrus-sasl-2.1.25/mac/osx_cfm_glue/cfmglue.c0000777000076400007640000010544507671745101015667 00000000000000/* cfmglue.c by Rolf Braun, for CMU SASL on Mac OS X This file provides routines to allow CFM (os 9 linkage) Carbon applications to use the native Mach-O SASL libraries on Mac OS X, using CFBundle to load the backend libraries and automatically allocated assembly callbacks $Id: cfmglue.c,v 1.4 2003/06/12 00:33:05 rbraun Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "sasl.h" #include "saslutil.h" #include "prop.h" /* prototypes for internal functions (from saslint.h) */ int _sasl_add_string(char **out, int *alloclen, int *outlen, const char *add); int _buf_alloc(char **rwbuf, unsigned *curlen, unsigned newlen); void _sasl_get_errorbuf(sasl_conn_t *conn, char ***bufhdl, unsigned **lenhdl); void *MachOFunctionPointerForCFMFunctionPointer( void *cfmfp ); sasl_callback_t *GetCFMCallbacks(const sasl_callback_t *callbacks); void DisposeCFMCallbacks(sasl_callback_t *callbacks); int _cfmsasl_haveCustomAlloc = 0; int _cfmsasl_haveCustomMutex = 0; int _cfmsasl_initted = 0; /* DO NOT change the order of this struct! It MUST match that of the iovec struct in /usr/include/sys/uio.h on Mac OS X! It MUST also match that of the Mac OS 9 Carbon config.h since Carbon CFM stuff links at runtime against whatever it's running on! */ struct iovec { char *iov_base; long iov_len; }; typedef struct { CFURLRef bundleURL; CFBundleRef myBundle; sasl_callback_t *clientCallbacks; sasl_callback_t *serverCallbacks; int (*SASLClientNewPtr)(const char *service, const char *serverFQDN, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *prompt_supp, unsigned flags, sasl_conn_t **pconn); int (*SASLClientStartPtr)(sasl_conn_t *conn, const char *mechlist, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, const char **mech); int (*SASLClientStepPtr)(sasl_conn_t *conn, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen); const char * (*SASLErrStringPtr)(int saslerr, const char *langlist, const char **outlang); const char *(*sasl_errdetailPtr)(sasl_conn_t *conn); int (*SASLGetPropPtr)(sasl_conn_t *conn, int propnum, const void **pvalue); int (*SASLSetPropPtr)(sasl_conn_t *conn, int propnum, const void *value); int (*SASLIdlePtr)(sasl_conn_t *conn); int (*SASLEncodePtr)(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen); int (*SASLDecodePtr)(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen); int (*SASLEncodeVPtr)(sasl_conn_t *conn, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen); int (*SASLDisposePtr)(sasl_conn_t **pconn); int (*SASLDonePtr)(); void (*SASLSetAllocPtr)(sasl_malloc_t *, sasl_calloc_t *, sasl_realloc_t *, sasl_free_t *); int (*sasl_decode64Ptr)(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen); int (*sasl_encode64Ptr)(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen); int (*sasl_mkchalPtr)(sasl_conn_t *conn, char *buf, unsigned maxlen, unsigned hostflag); int (*sasl_utf8verifyPtr)(const char *str, unsigned len); void (*sasl_churnPtr)(sasl_rand_t *rpool, const char *data, unsigned len); void (*sasl_randPtr)(sasl_rand_t *rpool, char *buf, unsigned len); void (*sasl_randseedPtr)(sasl_rand_t *rpool, const char *seed, unsigned len); void (*sasl_randfreePtr)(sasl_rand_t **rpool); int (*sasl_randcreatePtr)(sasl_rand_t **rpool); void (*SASLSetMutexPtr)(sasl_mutex_alloc_t *mn, sasl_mutex_lock_t *ml, sasl_mutex_unlock_t *mu, sasl_mutex_free_t *md); int (*SASLServerNewPtr)(const char *service, const char *serverFQDN, const char *user_realm, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *callbacks, unsigned flags, sasl_conn_t **pconn); int (*sasl_listmechPtr)(sasl_conn_t *conn, const char *user, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount); int (*SASLServerStartPtr)(sasl_conn_t *conn, const char *mech, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen); int (*SASLServerStepPtr)(sasl_conn_t *conn, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen); int (*sasl_checkpassPtr)(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen); int (*sasl_user_existsPtr)(sasl_conn_t *conn, const char *service, const char *user_realm, const char *user); int (*sasl_setpassPtr)(sasl_conn_t *conn, const char *user, const char *pass, unsigned passlen, const char *oldpass, unsigned oldpasslen, unsigned flags); int (*sasl_checkapopPtr)(sasl_conn_t *conn, const char *challenge, unsigned challen, const char *response, unsigned resplen); int (*sasl_auxprop_requestPtr)(sasl_conn_t *conn, const char **propnames); struct propctx *(*sasl_auxprop_getctxPtr)(sasl_conn_t *conn); void (*sasl_erasebufferPtr)(char *pass, unsigned len); struct propctx *(*prop_newPtr)(unsigned estimate); int (*prop_dupPtr)(struct propctx *src_ctx, struct propctx **dst_ctx); const struct propval *(*prop_getPtr)(struct propctx *ctx); int (*prop_getnamesPtr)(struct propctx *ctx, const char **names, struct propval *vals); void (*prop_clearPtr)(struct propctx *ctx, int requests); void (*prop_erasePtr)(struct propctx *ctx, const char *name); void (*prop_disposePtr)(struct propctx **ctx); int (*prop_formatPtr)(struct propctx *ctx, const char *sep, int seplen, char *outbuf, unsigned outmax, unsigned *outlen); int (*prop_setPtr)(struct propctx *ctx, const char *name, const char *value, int vallen); int (*prop_setvalsPtr)(struct propctx *ctx, const char *name, const char **values); int (*_sasl_add_stringPtr)(char **out, int *alloclen, int *outlen, const char *add); int (*_buf_allocPtr)(char **rwbuf, unsigned *curlen, unsigned newlen); void (*_sasl_get_errorbufPtr)(sasl_conn_t *conn, char ***bufhdl, unsigned **lenhdl); } GlobalsRec; typedef struct { sasl_malloc_t *custMalloc; sasl_calloc_t *custCalloc; sasl_realloc_t *custRealloc; sasl_free_t *custFree; sasl_mutex_alloc_t *custMutexNew; sasl_mutex_lock_t *custMutexLock; sasl_mutex_unlock_t *custMutexUnlock; sasl_mutex_free_t *custMutexDispose; } GlobalParamsRec; typedef struct { sasl_conn_t *ctx; sasl_callback_t *cbk; } cfm_sasl_conn_t; GlobalsRec saslcfmglob; // The globals GlobalParamsRec saslcfmglobp; // From Apple sample code... (CarbonLib SDK, CFM->MachO->CFM) // // This function allocates a block of CFM glue code which contains the instructions to call CFM routines // void *MachOFunctionPointerForCFMFunctionPointer( void *cfmfp ) { UInt32 template[6] = {0x3D800000, 0x618C0000, 0x800C0000, 0x804C0004, 0x7C0903A6, 0x4E800420}; UInt32 *mfp = (UInt32*) NewPtr( sizeof(template) ); // Must later dispose of allocated memory mfp[0] = template[0] | ((UInt32)cfmfp >> 16); mfp[1] = template[1] | ((UInt32)cfmfp & 0xFFFF); mfp[2] = template[2]; mfp[3] = template[3]; mfp[4] = template[4]; mfp[5] = template[5]; MakeDataExecutable( mfp, sizeof(template) ); return( mfp ); } sasl_callback_t *GetCFMCallbacks(const sasl_callback_t *callbacks) { int cbksize = 0; const sasl_callback_t *cbk = callbacks; sasl_callback_t *ncbk, *new_callbacks; while (cbk->id) { cbksize++; cbk++; } cbksize++; cbk = callbacks; ncbk = new_callbacks = (sasl_callback_t *)NewPtr(cbksize * sizeof(sasl_callback_t)); if (!ncbk) return nil; while (cbksize--) { ncbk->id = cbk->id; ncbk->context = cbk->context; if (cbk->proc) ncbk->proc = MachOFunctionPointerForCFMFunctionPointer(cbk->proc); else ncbk->proc = nil; ncbk++; cbk++; } return new_callbacks; } void DisposeCFMCallbacks(sasl_callback_t *callbacks) { sasl_callback_t *cbk = callbacks; if (!cbk) return; while (cbk->id) { if (cbk->proc) DisposePtr((Ptr)cbk->proc); cbk++; } DisposePtr((Ptr)callbacks); } int _cfmsasl_common_init(const sasl_callback_t *callbacks, int isServer, const char *appname); int _cfmsasl_common_init(const sasl_callback_t *callbacks, int isServer, const char *appname) { int (*SASLClientInitPtr)(const sasl_callback_t *callbacks); int (*SASLServerInitPtr)(const sasl_callback_t *callbacks, const char *appname); int result = SASL_NOMEM; if (!_cfmsasl_initted) { // The skeleton for this code originally came from the CFM->MachO->CFM sample // provided by Aple with the Carbon SDK. It shows how to use CFBundle to call MachO // libraries from CFM and how to encapsulate callbacks into CFM. memset( &saslcfmglob, 0, sizeof(GlobalsRec) ); // Initialize the globals // Make a CFURLRef from the CFString representation of the bundle's path. // See the Core Foundation URL Services chapter for details. saslcfmglob.bundleURL = CFURLCreateWithFileSystemPath( nil, // workaround for Radar # 2452789 CFSTR("/Library/Frameworks/SASL2.framework"), // hard coded path for sample 0, true ); if ( saslcfmglob.bundleURL != NULL ) // Make a bundle instance using the URLRef. saslcfmglob.myBundle = CFBundleCreate( NULL /* kCFAllocatorDefault */, // workaround for Radar # 2452789 saslcfmglob.bundleURL ); if ( saslcfmglob.myBundle && CFBundleLoadExecutable( saslcfmglob.myBundle )) { // Try to load the executable from my bundle. // Now that the code is loaded, search for the functions we want by name. saslcfmglob.SASLClientNewPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_client_new") ); saslcfmglob.SASLClientStartPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_client_start") ); saslcfmglob.SASLClientStepPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_client_step") ); saslcfmglob.SASLErrStringPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_errstring") ); saslcfmglob.sasl_errdetailPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_errdetail") ); saslcfmglob.SASLGetPropPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_getprop") ); saslcfmglob.SASLSetPropPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_setprop") ); saslcfmglob.SASLIdlePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_idle") ); saslcfmglob.SASLEncodePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_encode") ); saslcfmglob.SASLEncodeVPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_encodev") ); saslcfmglob.SASLDecodePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_decode") ); saslcfmglob.SASLDisposePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_dispose") ); saslcfmglob.SASLDonePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_done") ); saslcfmglob.SASLSetAllocPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_set_alloc") ); saslcfmglob.sasl_encode64Ptr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_encode64") ); saslcfmglob.sasl_decode64Ptr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_decode64") ); saslcfmglob.sasl_mkchalPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_mkchal") ); saslcfmglob.sasl_utf8verifyPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_utf8verify") ); saslcfmglob.sasl_churnPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_churn") ); saslcfmglob.sasl_randPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_rand") ); saslcfmglob.sasl_randseedPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_randseed") ); saslcfmglob.sasl_randcreatePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_randcreate") ); saslcfmglob.sasl_randfreePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_randfree") ); saslcfmglob.SASLSetMutexPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_set_mutex") ); saslcfmglob.SASLServerNewPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_server_new") ); saslcfmglob.SASLServerStartPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_server_start") ); saslcfmglob.SASLServerStepPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_server_step") ); saslcfmglob.sasl_listmechPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_listmech") ); saslcfmglob.sasl_checkpassPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_checkpass") ); saslcfmglob.sasl_setpassPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_setpass") ); saslcfmglob.sasl_user_existsPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_user_exists") ); saslcfmglob.sasl_checkapopPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_checkapop") ); saslcfmglob.sasl_auxprop_requestPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_auxprop_request") ); saslcfmglob.sasl_auxprop_getctxPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_auxprop_getctx") ); saslcfmglob.sasl_erasebufferPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_erasebuffer") ); saslcfmglob.prop_newPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_new") ); saslcfmglob.prop_dupPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_dup") ); saslcfmglob.prop_getPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_get") ); saslcfmglob.prop_getnamesPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_getnames") ); saslcfmglob.prop_clearPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_clear") ); saslcfmglob.prop_erasePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_erase") ); saslcfmglob.prop_disposePtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_dispose") ); saslcfmglob.prop_formatPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_format") ); saslcfmglob.prop_setPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_set") ); saslcfmglob.prop_setvalsPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("prop_setvals") ); /* These are internal functions used by our sasl_seterror */ saslcfmglob._sasl_add_stringPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("_sasl_add_string") ); saslcfmglob._buf_allocPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("_buf_alloc") ); saslcfmglob._sasl_get_errorbufPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("_sasl_get_errorbuf") ); if (!_cfmsasl_haveCustomAlloc) { saslcfmglobp.custMalloc = MachOFunctionPointerForCFMFunctionPointer(malloc); saslcfmglobp.custCalloc = MachOFunctionPointerForCFMFunctionPointer(calloc); saslcfmglobp.custRealloc = MachOFunctionPointerForCFMFunctionPointer(realloc); saslcfmglobp.custFree = MachOFunctionPointerForCFMFunctionPointer(free); _cfmsasl_haveCustomAlloc = 1; } saslcfmglob.SASLSetAllocPtr(saslcfmglobp.custMalloc, saslcfmglobp.custCalloc, saslcfmglobp.custRealloc, saslcfmglobp.custFree); if (_cfmsasl_haveCustomMutex) saslcfmglob.SASLSetMutexPtr(saslcfmglobp.custMutexNew, saslcfmglobp.custMutexLock, saslcfmglobp.custMutexUnlock, saslcfmglobp.custMutexDispose); } else if (saslcfmglob.myBundle) { CFRelease(saslcfmglob.myBundle); saslcfmglob.myBundle = nil; } if (saslcfmglob.bundleURL && !saslcfmglob.myBundle) { CFRelease(saslcfmglob.bundleURL); saslcfmglob.bundleURL = nil; } if (saslcfmglob.myBundle) _cfmsasl_initted = 1; } if (_cfmsasl_initted) { if (isServer) { SASLServerInitPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_server_init") ); if (SASLServerInitPtr != nil) { sasl_callback_t *new_callbacks = NULL; if (callbacks) new_callbacks = GetCFMCallbacks(callbacks); result = SASLServerInitPtr(new_callbacks, appname); saslcfmglob.serverCallbacks = new_callbacks; } } else { SASLClientInitPtr = (void*)CFBundleGetFunctionPointerForName( saslcfmglob.myBundle, CFSTR("sasl_client_init") ); if (SASLClientInitPtr != nil) { sasl_callback_t *new_callbacks = NULL; if (callbacks) new_callbacks = GetCFMCallbacks(callbacks); result = SASLClientInitPtr(new_callbacks); saslcfmglob.clientCallbacks = new_callbacks; } } } return result; } int sasl_server_init(const sasl_callback_t *callbacks, const char *appname) { return _cfmsasl_common_init(callbacks, true, appname); } int sasl_client_init(const sasl_callback_t *callbacks) { return _cfmsasl_common_init(callbacks, false, nil); } void sasl_done(void) { if (!_cfmsasl_initted) return; if (!saslcfmglob.SASLDonePtr) return; saslcfmglob.SASLDonePtr(); DisposeCFMCallbacks(saslcfmglob.clientCallbacks); DisposeCFMCallbacks(saslcfmglob.serverCallbacks); CFBundleUnloadExecutable(saslcfmglob.myBundle); CFRelease(saslcfmglob.myBundle); CFRelease(saslcfmglob.bundleURL); saslcfmglob.myBundle = NULL; saslcfmglob.bundleURL = NULL; _cfmsasl_initted = 0; } int sasl_client_new (const char *service, const char *serverFQDN, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *prompt_supp, unsigned flags, sasl_conn_t **pconn) { sasl_callback_t *new_ps = NULL; int result; cfm_sasl_conn_t *myconn; if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLClientNewPtr) return SASL_NOMEM; if (prompt_supp) new_ps = GetCFMCallbacks(prompt_supp); // this is commented out because sasl.h incorrectly described the api // if (*pconn) // DisposeCFMCallbacks(((cfm_sasl_conn_t *)*pconn)->cbk); // else { myconn = (cfm_sasl_conn_t *) NewPtr(sizeof(cfm_sasl_conn_t)); if (myconn == NULL) { return SASL_NOMEM; } myconn->ctx = NULL; // } result = saslcfmglob.SASLClientNewPtr(service, serverFQDN, iplocalport, ipremoteport, new_ps, flags, &(myconn->ctx)); myconn->cbk = new_ps; *pconn = (sasl_conn_t *)myconn; return result; } int sasl_server_new (const char *service, const char *serverFQDN, const char *user_realm, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *callbacks, unsigned flags, sasl_conn_t **pconn) { sasl_callback_t *new_ps = NULL; int result; if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLServerNewPtr) return SASL_NOMEM; if (callbacks) new_ps = GetCFMCallbacks(callbacks); *pconn = (sasl_conn_t *)NewPtr(sizeof(cfm_sasl_conn_t)); ((cfm_sasl_conn_t *)*pconn)->ctx = nil; result = saslcfmglob.SASLServerNewPtr(service, serverFQDN, user_realm, iplocalport, ipremoteport, new_ps, flags, &((cfm_sasl_conn_t *)*pconn)->ctx); ((cfm_sasl_conn_t *)*pconn)->cbk = new_ps; return result; } void sasl_dispose(sasl_conn_t **pconn) { if (!_cfmsasl_initted) return; if (!saslcfmglob.SASLDisposePtr) return; if (!pconn) return; if (!*pconn) return; saslcfmglob.SASLDisposePtr(&((cfm_sasl_conn_t *)*pconn)->ctx); DisposeCFMCallbacks(((cfm_sasl_conn_t *)*pconn)->cbk); DisposePtr((Ptr)*pconn); *pconn = NULL; } int sasl_client_start (sasl_conn_t *conn, const char *mechlist, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, const char **mech) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLClientStartPtr) return SASL_NOMEM; return saslcfmglob.SASLClientStartPtr(((cfm_sasl_conn_t *)conn)->ctx, mechlist, prompt_need, clientout, clientoutlen, mech); } int sasl_client_step (sasl_conn_t *conn, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLClientStepPtr) return SASL_NOMEM; return saslcfmglob.SASLClientStepPtr(((cfm_sasl_conn_t *)conn)->ctx, serverin, serverinlen, prompt_need, clientout, clientoutlen); } const char *sasl_errstring(int saslerr, const char *langlist, const char **outlang) { if (!_cfmsasl_initted) return NULL; if (!saslcfmglob.SASLErrStringPtr) return NULL; return saslcfmglob.SASLErrStringPtr(saslerr, langlist, outlang); } const char *sasl_errdetail(sasl_conn_t *conn) { if (!_cfmsasl_initted) return NULL; if (!saslcfmglob.sasl_errdetailPtr) return NULL; return saslcfmglob.sasl_errdetailPtr(((cfm_sasl_conn_t *)conn)->ctx); } int sasl_getprop(sasl_conn_t *conn, int propnum, const void **pvalue) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLGetPropPtr) return SASL_NOMEM; return saslcfmglob.SASLGetPropPtr(((cfm_sasl_conn_t *)conn)->ctx, propnum, pvalue); } int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLSetPropPtr) return SASL_NOMEM; return saslcfmglob.SASLSetPropPtr(((cfm_sasl_conn_t *)conn)->ctx, propnum, value); } int sasl_idle(sasl_conn_t *conn) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLIdlePtr) return SASL_NOMEM; return saslcfmglob.SASLIdlePtr(((cfm_sasl_conn_t *)conn)->ctx); } int sasl_encode(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLEncodePtr) return SASL_NOMEM; return saslcfmglob.SASLEncodePtr(((cfm_sasl_conn_t *)conn)->ctx, input, inputlen, output, outputlen); } int sasl_encodev(sasl_conn_t *conn, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLEncodeVPtr) return SASL_NOMEM; return saslcfmglob.SASLEncodeVPtr(((cfm_sasl_conn_t *)conn)->ctx, invec, numiov, output, outputlen); } int sasl_decode(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLDecodePtr) return SASL_NOMEM; return saslcfmglob.SASLDecodePtr(((cfm_sasl_conn_t *)conn)->ctx, input, inputlen, output, outputlen); } int sasl_decode64(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_decode64Ptr) return SASL_NOMEM; return saslcfmglob.sasl_decode64Ptr(in, inlen, out, outmax, outlen); } int sasl_encode64(const char *in, unsigned inlen, char *out, unsigned outmax, unsigned *outlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_encode64Ptr) return SASL_NOMEM; return saslcfmglob.sasl_encode64Ptr(in, inlen, out, outmax, outlen); } void sasl_set_alloc(sasl_malloc_t *ma, sasl_calloc_t *ca, sasl_realloc_t *rea, sasl_free_t *fr) { if (_cfmsasl_haveCustomAlloc) { DisposePtr((Ptr)saslcfmglobp.custMalloc); DisposePtr((Ptr)saslcfmglobp.custCalloc); DisposePtr((Ptr)saslcfmglobp.custRealloc); DisposePtr((Ptr)saslcfmglobp.custFree); } saslcfmglobp.custMalloc = MachOFunctionPointerForCFMFunctionPointer(ma); saslcfmglobp.custCalloc = MachOFunctionPointerForCFMFunctionPointer(ca); saslcfmglobp.custRealloc = MachOFunctionPointerForCFMFunctionPointer(rea); saslcfmglobp.custFree = MachOFunctionPointerForCFMFunctionPointer(fr); _cfmsasl_haveCustomAlloc = 1; } int sasl_mkchal(sasl_conn_t *conn, char *buf, unsigned maxlen, unsigned hostflag) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_mkchalPtr) return SASL_NOMEM; return saslcfmglob.sasl_mkchalPtr(((cfm_sasl_conn_t *)conn)->ctx, buf, maxlen, hostflag); } int sasl_utf8verify(const char *str, unsigned len) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_utf8verifyPtr) return SASL_NOMEM; return saslcfmglob.sasl_utf8verifyPtr(str, len); } void sasl_churn(sasl_rand_t *rpool, const char *data, unsigned len) { if (!_cfmsasl_initted) return; if (!saslcfmglob.sasl_churnPtr) return; saslcfmglob.sasl_churnPtr(rpool, data, len); } void sasl_rand(sasl_rand_t *rpool, char *buf, unsigned len) { if (!_cfmsasl_initted) return; if (!saslcfmglob.sasl_randPtr) return; saslcfmglob.sasl_randPtr(rpool, buf, len); } void sasl_randseed(sasl_rand_t *rpool, const char *seed, unsigned len) { if (!_cfmsasl_initted) return; if (!saslcfmglob.sasl_randseedPtr) return; saslcfmglob.sasl_randseedPtr(rpool, seed, len); } void sasl_randfree(sasl_rand_t **rpool) { if (!_cfmsasl_initted) return; if (!saslcfmglob.sasl_randfreePtr) return; saslcfmglob.sasl_randfreePtr(rpool); } int sasl_randcreate(sasl_rand_t **rpool) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_randcreatePtr) return SASL_NOMEM; return saslcfmglob.sasl_randcreatePtr(rpool); } void sasl_set_mutex(sasl_mutex_alloc_t *mn, sasl_mutex_lock_t *ml, sasl_mutex_unlock_t *mu, sasl_mutex_free_t *md) { if (_cfmsasl_haveCustomMutex) { DisposePtr((Ptr)saslcfmglobp.custMutexNew); DisposePtr((Ptr)saslcfmglobp.custMutexLock); DisposePtr((Ptr)saslcfmglobp.custMutexUnlock); DisposePtr((Ptr)saslcfmglobp.custMutexDispose); } saslcfmglobp.custMutexNew = MachOFunctionPointerForCFMFunctionPointer(mn); saslcfmglobp.custMutexLock = MachOFunctionPointerForCFMFunctionPointer(ml); saslcfmglobp.custMutexUnlock = MachOFunctionPointerForCFMFunctionPointer(mu); saslcfmglobp.custMutexDispose = MachOFunctionPointerForCFMFunctionPointer(md); _cfmsasl_haveCustomMutex = 1; } int sasl_listmech(sasl_conn_t *conn, const char *user, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_listmechPtr) return SASL_NOMEM; return saslcfmglob.sasl_listmechPtr(((cfm_sasl_conn_t *)conn)->ctx, user, prefix, sep, suffix, result, plen, pcount); } int sasl_server_start(sasl_conn_t *conn, const char *mech, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLServerStartPtr) return SASL_NOMEM; return saslcfmglob.SASLServerStartPtr(((cfm_sasl_conn_t *)conn)->ctx, mech, clientin, clientinlen, serverout, serveroutlen); } int sasl_server_step(sasl_conn_t *conn, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.SASLServerStepPtr) return SASL_NOMEM; return saslcfmglob.SASLServerStepPtr(((cfm_sasl_conn_t *)conn)->ctx, clientin, clientinlen, serverout, serveroutlen); } int sasl_checkpass(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_checkpassPtr) return SASL_NOMEM; return saslcfmglob.sasl_checkpassPtr(((cfm_sasl_conn_t *)conn)->ctx, user, userlen, pass, passlen); } int sasl_user_exists(sasl_conn_t *conn, const char *service, const char *user_realm, const char *user) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_user_existsPtr) return SASL_NOMEM; return saslcfmglob.sasl_user_existsPtr(((cfm_sasl_conn_t *)conn)->ctx, service, user_realm, user); } int sasl_setpass(sasl_conn_t *conn, const char *user, const char *pass, unsigned passlen, const char *oldpass, unsigned oldpasslen, unsigned flags) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_setpassPtr) return SASL_NOMEM; return saslcfmglob.sasl_setpassPtr(((cfm_sasl_conn_t *)conn)->ctx, user, pass, passlen, oldpass, oldpasslen, flags); } int sasl_checkapop(sasl_conn_t *conn, const char *challenge, unsigned challen, const char *response, unsigned resplen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_checkapopPtr) return SASL_NOMEM; return saslcfmglob.sasl_checkapopPtr(((cfm_sasl_conn_t *)conn)->ctx, challenge, challen, response, resplen); } int sasl_auxprop_request(sasl_conn_t *conn, const char **propnames) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.sasl_auxprop_requestPtr) return SASL_NOMEM; return saslcfmglob.sasl_auxprop_requestPtr(((cfm_sasl_conn_t *)conn)->ctx, propnames); } struct propctx *sasl_auxprop_getctx(sasl_conn_t *conn) { if (!_cfmsasl_initted) return NULL; if (!saslcfmglob.sasl_auxprop_getctxPtr) return NULL; return saslcfmglob.sasl_auxprop_getctxPtr(((cfm_sasl_conn_t *)conn)->ctx); } void sasl_erasebuffer(char *pass, unsigned len) { if (!_cfmsasl_initted) return; if (!saslcfmglob.sasl_erasebufferPtr) return; saslcfmglob.sasl_erasebufferPtr(pass, len); } struct propctx *prop_new(unsigned estimate) { if (!_cfmsasl_initted) return NULL; if (!saslcfmglob.prop_newPtr) return NULL; return saslcfmglob.prop_newPtr(estimate); } int prop_dup(struct propctx *src_ctx, struct propctx **dst_ctx) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.prop_dupPtr) return SASL_NOMEM; return saslcfmglob.prop_dupPtr(src_ctx, dst_ctx); } const struct propval *prop_get(struct propctx *ctx) { if (!_cfmsasl_initted) return NULL; if (!saslcfmglob.prop_getPtr) return NULL; return saslcfmglob.prop_getPtr(ctx); } int prop_getnames(struct propctx *ctx, const char **names, struct propval *vals) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.prop_getnamesPtr) return SASL_NOMEM; return saslcfmglob.prop_getnamesPtr(ctx, names, vals); } void prop_clear(struct propctx *ctx, int requests) { if (!_cfmsasl_initted) return; if (!saslcfmglob.prop_clearPtr) return; saslcfmglob.prop_clearPtr(ctx, requests); } void prop_erase(struct propctx *ctx, const char *name) { if (!_cfmsasl_initted) return; if (!saslcfmglob.prop_erasePtr) return; saslcfmglob.prop_erasePtr(ctx, name); } void prop_dispose(struct propctx **ctx) { if (!_cfmsasl_initted) return; if (!saslcfmglob.prop_disposePtr) return; saslcfmglob.prop_disposePtr(ctx); } int prop_format(struct propctx *ctx, const char *sep, int seplen, char *outbuf, unsigned outmax, unsigned *outlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.prop_formatPtr) return SASL_NOMEM; return saslcfmglob.prop_formatPtr(ctx, sep, seplen, outbuf, outmax, outlen); } int prop_set(struct propctx *ctx, const char *name, const char *value, int vallen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.prop_setPtr) return SASL_NOMEM; return saslcfmglob.prop_setPtr(ctx, name, value, vallen); } int prop_setvals(struct propctx *ctx, const char *name, const char **values) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob.prop_setvalsPtr) return SASL_NOMEM; return saslcfmglob.prop_setvalsPtr(ctx, name, values); } /* internal functions used by sasl_seterror follow */ int _sasl_add_string(char **out, int *alloclen, int *outlen, const char *add) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob._sasl_add_stringPtr) return SASL_NOMEM; return saslcfmglob._sasl_add_stringPtr(out, alloclen, outlen, add); } int _buf_alloc(char **rwbuf, unsigned *curlen, unsigned newlen) { if (!_cfmsasl_initted) return SASL_NOMEM; if (!saslcfmglob._buf_allocPtr) return SASL_NOMEM; return saslcfmglob._buf_allocPtr(rwbuf, curlen, newlen); } void _sasl_get_errorbuf(sasl_conn_t *conn, char ***bufhdl, unsigned **lenhdl) { if (!_cfmsasl_initted) return; if (!saslcfmglob._sasl_add_stringPtr) return; saslcfmglob._sasl_get_errorbufPtr(((cfm_sasl_conn_t *)conn)->ctx, bufhdl, lenhdl); } cyrus-sasl-2.1.25/mac/osx_cfm_glue/cfmglue.proj.exp0000777000076400007640000000123407403027656017202 00000000000000sasl_decode sasl_encode sasl_idle sasl_setprop sasl_getprop sasl_errstring sasl_client_step sasl_client_start sasl_dispose sasl_client_new sasl_done sasl_client_init sasl_encode64 sasl_decode64 sasl_set_alloc sasl_mkchal sasl_utf8verify sasl_churn sasl_rand sasl_randseed sasl_randfree sasl_randcreate sasl_set_mutex sasl_server_init sasl_server_new sasl_listmech sasl_server_start sasl_server_step sasl_checkpass sasl_user_exists sasl_setpass sasl_errdetail sasl_checkapop sasl_auxprop_request sasl_auxprop_getctx sasl_erasebuffer sasl_encodev prop_new prop_dup prop_get prop_getnames prop_clear prop_erase prop_dispose prop_format prop_set prop_setvals sasl_seterrorcyrus-sasl-2.1.25/mac/readme/0000777000076400007640000000000011632367343012730 500000000000000cyrus-sasl-2.1.25/mac/readme/mac_testing_notes.c0000777000076400007640000000220707403027657016527 00000000000000#ifdef RUBBISH *** how to run the server on unix ./sample-server -s rcmd -i local=0.0.0.0:23,remote=0.0.0.0:23 -m KERBEROS_V4 *** arguements to the client on the mac Use this to test privacy: -b min=56,max=20000 -i local=0.0.0.0:23,remote=0.0.0.0:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw Use this to test authenticity: -b min=1,max=1 -i local=0.0.0.0:23,remote=0.0.0.0:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw Use this to test authentication only (no privacy no authenticity): -i local=0.0.0.0:23,remote=0.0.0.0:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw C: BAYAQU5EUkVXLkNNVS5FRFUAOCBx+Dj9fo8RD0Wegm7Qr2iSopuKxKGTq6cA6ux+lEPfB4GFO9BxF9jWOKLa5Hw/sIqkSfcqwah+hLFCUakVHcviUo7UOTHX0CFWy8QsnCuz6qco9FzlS23r - check lifetimes of data returned by kerberos glue functions like realm of host and gethostbyname C: AAAAbAQGAEFORFJFVy5DTVUuRURVADggcfg4/X6PEQ9FnoJu0K9okqKbisShk6unYXiKjun/vccUEytAAMdTj1pLaQjd3hkDltVId4q9la64zfZG+haHMETI+kDpHzLAtABnUTl4NHvzjbuwfwdvSA== -e ssf=-57 -i local=128.2.121.100:23,remote=128.2.121.2:23 -s rcmd -n AKUTAKTAK.ANDREW.CMU.EDU -u n3liw #endif static int bletch_the_compiler_wants_something_non_empty; cyrus-sasl-2.1.25/mac/mac_lib/0000777000076400007640000000000011632367343013061 500000000000000cyrus-sasl-2.1.25/mac/mac_lib/getopt.c0000777000076400007640000000753707403027653014464 00000000000000#include /* * $Id: getopt.c,v 1.2 2001/12/04 02:06:35 rjs3 Exp $ * Copyright (c) 1987, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)getopt.c 8.2 (Berkeley) 4/2/94"; #endif /* LIBC_SCCS and not lint */ #include #include #include int opterr = 1, /* if error message should be printed */ optind = 1, /* index into parent argv vector */ optopt, /* character checked for validity */ optreset; /* reset getopt */ char *optarg; /* argument associated with option */ #define BADCH (int)'?' #define BADARG (int)':' #define EMSG "" /* * getopt -- * Parse argc/argv argument vector. */ int getopt( int nargc, char * const *nargv, const char *ostr) { extern char *__progname; static char *place = EMSG; /* option letter processing */ char *oli; /* option letter list index */ if (optreset || !*place) { /* update scanning pointer */ optreset = 0; if (optind >= nargc || *(place = nargv[optind]) != '-') { place = EMSG; return (EOF); } if (place[1] && *++place == '-') { /* found "--" */ ++optind; place = EMSG; return (EOF); } } /* option letter okay? */ if ((optopt = (int)*place++) == (int)':' || !(oli = strchr(ostr, optopt))) { /* * if the user didn't specify '-' as an option, * assume it means EOF. */ if (optopt == (int)'-') return (EOF); if (!*place) ++optind; if (opterr && *ostr != ':') (void)fprintf(stderr, "%s: illegal option -- %c\n", __progname, optopt); return (BADCH); } if (*++oli != ':') { /* don't need argument */ optarg = NULL; if (!*place) ++optind; } else { /* need an argument */ if (*place) /* no white space */ optarg = place; else if (nargc <= ++optind) { /* no arg */ place = EMSG; if (*ostr == ':') return (BADARG); if (opterr) (void)fprintf(stderr, "%s: option requires an argument -- %c\n", __progname, optopt); return (BADCH); } else /* white space */ optarg = nargv[optind]; place = EMSG; ++optind; } return (optopt); /* dump back option letter */ } cyrus-sasl-2.1.25/mac/mac_lib/parse_cmd_line.c0000777000076400007640000000507107622774117016124 00000000000000/* * prompt for a command line */ /* $Id: parse_cmd_line.c,v 1.3 2003/02/13 19:55:59 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include static char *skip_blanks(char *s) { while(isspace(*s)) s++; return s; } static void chomp(char *dst,char ch) { dst=strchr(dst,ch); if(dst!=0) *dst=0; } int parse_cmd_line(int max_argc,char **argv,int line_size,char *line) { int argc=1; memset(line,0,line_size); fprintf(stdout,"cmd>"); fflush(stdout); fgets(line,line_size-1,stdin); *argv++="prg"; chomp(line,'\n'); max_argc-=2; while(line[0]!=0) { line=skip_blanks(line); if(line[0]==0) break; if(argc>=max_argc) break; *argv++=line; argc++; line=strchr(line,' '); if(line==0) break; *line++=0; } *argv=0; return argc; } cyrus-sasl-2.1.25/mac/mac_lib/xxx_mac_lib.c0000777000076400007640000001050507622774117015453 00000000000000/* * internaly sasl or its test programs use some functions which are not availible * on the macintosh. these have common names like strdrup gethostname etc. defining * them as routines could make conflicts with clients of the library. in config.h * we macro define such names to start with xxx_. The implementation for them is * here. The xxx_ is in hopes of not conflicting with a name in client program. */ /* $Id: xxx_mac_lib.c,v 1.3 2003/02/13 19:55:59 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include // #include /* * return the smaller of two integers */ static int xxy_min(int a,int b) { if(a0) memcpy(dest,src,slen); dest[slen]=0; return slen; } int strcpy_truncate(char *dest,char *src,int len) { return limit_strcpy(dest,src,len); } int gethostname(char *dest,int destlen) { limit_strcpy(dest,"localhost",destlen); return 0; } char *strdup(const char *str) { if(str==0) return 0; { const int len=strlen(str); char *result=malloc(len+1); strcpy(result,str); return result; } } int strncasecmp(const char *s1,const char *s2,int len) { while(len-- >0) { char c1= *s1++; char c2= *s2++; if((c1==0)&&(c2==0)) return 0; if(c1==0) return -1; if(c2==0) return 1; /* last ansi spec i read tolower was undefined for non uppercase chars * but it works in most implementations */ if(isupper(c1)) c1=tolower(c1); if(isupper(c2)) c2=tolower(c2); if(c1c2) return 1; } return 1; } int strcasecmp(const char *s1,const char *s2) { while(1) { char c1= *s1++; char c2= *s2++; if((c1==0)&&(c2==0)) return 0; if(c1==0) return -1; if(c2==0) return 1; /* last ansi spec i read tolower was undefined for non uppercase chars * but it works in most implementations */ if(isupper(c1)) c1=tolower(c1); if(isupper(c2)) c2=tolower(c2); if(c1c2) return 1; } } int inet_aton(const char *cp, struct in_addr *inp) { char *cptr1, *cptr2, *cptr3; long u; char cptr0[256]; strcpy(cptr0, cp); if (!(cptr1 = strchr(cptr0, '.'))) return 0; *cptr1++ = 0; if (!(cptr2 = strchr(cptr1, '.'))) return 0; *cptr2++ = 0; if (!(cptr3 = strchr(cptr2, '.'))) return 0; *cptr3++ = 0; if (!*cptr3) return 0; u = ((atoi(cptr0) << 8 + atoi(cptr1)) << 8 + atoi(cptr2)) << 8 + atoi(cptr3); inp->s_addr = htonl(u); return 1; } cyrus-sasl-2.1.25/mac/mac_lib/mac_monolithic_dlopen.c0000777000076400007640000000717107622774117017511 00000000000000/* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* $Id: mac_monolithic_dlopen.c,v 1.3 2003/02/13 19:55:59 rjs3 Exp $ */ #include #include #include #include #include "saslint.h" #include #undef sasl_server_plug_init #undef sasl_client_plug_init #include #undef sasl_server_plug_init #undef sasl_client_plug_init #include #undef sasl_server_plug_init #undef sasl_client_plug_init #include #undef sasl_server_plug_init #undef sasl_client_plug_init #include #undef sasl_server_plug_init #undef sasl_client_plug_init #include #undef sasl_server_plug_init #undef sasl_client_plug_init #include /* gets the list of mechanisms */ int _sasl_get_mech_list(const char *entryname, const sasl_callback_t *getpath_cb, const sasl_callback_t *verifyfile_cb, int (*add_plugin)(void *,void *)) { if(strcmp(entryname,"sasl_client_plug_init")==0) { (*add_plugin)(kerberos4_sasl_client_plug_init,(void*)1); (*add_plugin)(anonymous_sasl_client_plug_init,(void*)1); (*add_plugin)(cram_sasl_client_plug_init,(void*)1); (*add_plugin)(scram_sasl_client_plug_init,(void*)1); (*add_plugin)(md5_sasl_client_plug_init,(void*)1); (*add_plugin)(plain_sasl_client_plug_init,(void*)1); } else if(strcmp(entryname,"sasl_server_plug_init")==0) { (*add_plugin)(kerberos4_sasl_server_plug_init,(void*)1); (*add_plugin)(anonymous_sasl_server_plug_init,(void*)1); (*add_plugin)(cram_sasl_server_plug_init,(void*)1); (*add_plugin)(scram_sasl_server_plug_init,(void*)1); (*add_plugin)(md5_sasl_server_plug_init,(void*)1); (*add_plugin)(plain_sasl_server_plug_init,(void*)1); } else return SASL_BADPARAM; return SASL_OK; } int _sasl_done_with_plugin(void *plugin) { if (! plugin) return SASL_BADPARAM; return SASL_OK; } cyrus-sasl-2.1.25/mac/mac_lib/mac_dyn_dlopen.c0000777000076400007640000001760107622774117016135 00000000000000/* * load the sasl plugins * $Id: mac_dyn_dlopen.c,v 1.3 2003/02/13 19:55:59 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include "saslint.h" #include #include #include #include #include #ifdef RUBBISH #include #endif /* * The following data structure defines the structure of a code fragment * resource. We can cast the resource to be of this type to access * any fields we need to see. */ struct CfrgHeader { long res1; long res2; long version; long res3; long res4; long filler1; long filler2; long itemCount; char arrayStart; /* Array of externalItems begins here. */ }; typedef struct CfrgHeader CfrgHeader, *CfrgHeaderPtr, **CfrgHeaderPtrHand; /* * The below structure defines a cfrag item within the cfrag resource. */ struct CfrgItem { OSType archType; long updateLevel; long currVersion; long oldDefVersion; long appStackSize; short appSubFolder; char usage; char location; long codeOffset; long codeLength; long res1; long res2; short itemSize; Str255 name; /* This is actually variable sized. */ }; typedef struct CfrgItem CfrgItem; #ifndef TRUE #define TRUE 1 #endif #ifndef FALSE #define FALSE 0 #endif #if TARGET_API_MAC_CARBON #define SASL_PLUGIN_DIR "\p:sasl v2:carbon:biff" #else #define SASL_PLUGIN_DIR "\p:sasl v2:biff" #endif typedef struct lib_list { struct lib_list *next; void *library; } lib_list_t; static lib_list_t *lib_list_head = NULL; /* * add the passed extension */ int _macsasl_get_fsspec(FSSpec *fspec, void **libraryptr) { int rc; CFragConnectionID connID; Ptr dummy; unsigned long offset = 0; unsigned long length = kCFragGoesToEOF; unsigned char package_name[255]; Str255 error_text; lib_list_t *newhead; newhead = sasl_ALLOC(sizeof(lib_list_t)); if(!newhead) return SASL_NOMEM; package_name[0] = 0; rc=GetDiskFragment(fspec,offset,length,package_name, kLoadCFrag,&connID,&dummy,error_text); if(rc!=0) { sasl_FREE(newhead); return rc; } newhead->library = (void *)connID; newhead->next = lib_list_head; lib_list_head = newhead; *libraryptr = (void *)connID; return SASL_OK; } int _sasl_locate_entry(void *library, const char *entryname, void **entry_point) { int result; #if TARGET_API_MAC_CARBON char cstr[256]; #endif Str255 pentry; CFragSymbolClass symClass; OSErr rc; if(!entryname) { return SASL_BADPARAM; } if(!library) { return SASL_BADPARAM; } if(!entry_point) { return SASL_BADPARAM; } #if TARGET_API_MAC_CARBON strcpy(cstr,entryname); CopyCStringToPascal(cstr, pentry); #else strcpy(pentry,entryname); c2pstr(pentry); #endif rc = FindSymbol((CFragConnectionID)library,pentry,entry_point, &symClass); if ((rc!=noErr) || (symClass==kDataCFragSymbol)) return SASL_FAIL; return SASL_OK; } static int _sasl_plugin_load(char *plugin, void *library, const char *entryname, int (*add_plugin)(const char *, void *)) { void *entry_point; int result; result = _sasl_locate_entry(library, entryname, &entry_point); if(result == SASL_OK) { result = add_plugin(plugin, entry_point); // if(result != SASL_OK) // _sasl_log(NULL, SASL_LOG_ERR, // "_sasl_plugin_load failed on %s for plugin: %s\n", // entryname, plugin); } return result; } /* * does the passed string a occur and the end of string b? */ int _macsasl_ends_in(char *a, char *b) { int alen=strlen(a); int blen=strlen(b); if(blenentryname; cur_ep++) { _sasl_plugin_load(plugname, library, cur_ep->entryname, cur_ep->add_plugin); /* If this fails, it's not the end of the world */ } } return SASL_OK; } /* gets the list of mechanisms */ int _sasl_load_plugins(const add_plugin_list_t *entrypoints, const sasl_callback_t *getpath_cb, const sasl_callback_t *verifyfile_cb) { int rc; short extensions_vref; long extensions_dirid; FSSpec sasl_dir; /* find the extensions folder */ rc=FindFolder(kOnSystemDisk,kExtensionFolderType,FALSE, &extensions_vref,&extensions_dirid); if(rc!=0) return SASL_BADPARAM; rc=FSMakeFSSpec(extensions_vref,extensions_dirid,SASL_PLUGIN_DIR,&sasl_dir); /* * if a plugin named biff exits or not we really dont care * if it does get rc 0 if it does not get -43 (fnfErr) * if the sasl dir doesnt exist we get -120 (dirNFFErr) */ if((rc!=0)&&(rc!=fnfErr)) return SASL_BADPARAM; /* * now extensions_vref is volume * sasl_dir.parID is dirid for sasl plugins folder */ return _macsasl_find_extensions_in_dir(extensions_vref,sasl_dir.parID,entrypoints); } int _sasl_done_with_plugins(void) { lib_list_t *libptr, *libptr_next; for(libptr = lib_list_head; libptr; libptr = libptr_next) { libptr_next = libptr->next; if(libptr->library) CloseConnection((CFragConnectionID*)&libptr->library); sasl_FREE(libptr); } lib_list_head = NULL; return SASL_OK; } cyrus-sasl-2.1.25/mac/mac_lib/xxx_client_mac_lib.c0000777000076400007640000000611707622774117017015 00000000000000/* $Id: xxx_client_mac_lib.c,v 1.3 2003/02/13 19:55:59 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * routines used by the sasl test programs and not provided * by a mac. see also xxx_mac_lib.c for routines needed by * the sasl library and not supplied by the system runtime */ #include #include #include #include #include #include char *__progname="mac"; struct hostent *gethostbyname(const char *hnam) { static struct hostent result; int bytes[4]; int i; unsigned int ip=0; if(sscanf(hnam,"%d.%d.%d.%d",bytes,bytes+1,bytes+2,bytes+3)!=4) return 0; for(i=0;i<4;i++) { ip<<=8; ip|=(bytes[i]&0x0ff); } memcpy(result.h_addr,&ip,4); return &result; } /* * ala perl chomp */ static void xxy_chomp(char *s,const char stop_here) { char ch; while((ch= (*s++))!=0) if(ch==stop_here) { s[-1]=0; return; } } char* getpass(const char *prompt) { const int max_buf=200; char *buf=malloc(max_buf); if(buf==0) return 0; memset(buf,0,max_buf); /* not likely to be a performance issue eheh */ printf("%s",prompt); fgets(buf,max_buf-1,stdin); xxy_chomp(buf,'\n'); return buf; } #ifdef TARGET_API_MAC_CARBON char *strdup(const char *str) { if(str==0) return 0; { const int len=strlen(str); char *result=malloc(len+1); strcpy(result,str); return result; } } #endif cyrus-sasl-2.1.25/mac/mac_lib/yyy_mac_lib.c0000777000076400007640000000741207622774117015461 00000000000000/* $Id: yyy_mac_lib.c,v 1.3 2003/02/13 19:55:59 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "sasl_mac_krb_locl.h" #include #include int krbONE=1; int krb_debug; int krb_get_config_bool(const char *variable) { /* return the value of the only config variable we know of */ if(strcmp(variable,"reverse_lsb_test")==0) return 0; return 0; } /* * compare two ip addresses */ int krb_equiv( u_int32_t a, u_int32_t b) { if(a==0) return 1; if(b==0) return 1; #ifdef STRICT_ADDRESS_EQUIV return a==b; #else return 1; #endif } int abs(int x) { if(x>=0) return x; return -x; } /* * from kerberos.c -- return the offset from gmt */ static long getTimeZoneOffset(void ) { MachineLocation macLocation; long gmtDelta; macLocation.u.gmtDelta=0L; ReadLocation(&macLocation); gmtDelta=macLocation.u.gmtDelta & 0x00FFFFFF; if (BitTst((void *)&gmtDelta,23L)) gmtDelta |= 0xFF000000; gmtDelta /= 3600L; return(gmtDelta); } /* * from kerberos.c -- convert mac time to unix time */ static void mac_time_to_unix_time (unsigned long *time) { *time -= 66L * 365L * 24L * 60L * 60L + 17L * 60L * 60L * 24L + getTimeZoneOffset() * 60L * 60L; } /* * return the current unix time */ static unsigned long get_unix_time(void) { unsigned long result; GetDateTime(&result); mac_time_to_unix_time(&result); return result; } /* * printf a warning */ void krb_warning(const char *fmt,...) { } void krb_kdctimeofday (struct timeval *tv) { gettimeofday(tv,0); } int gettimeofday(struct timeval *tp, void *foo) { tp->tv_sec=get_unix_time(); tp->tv_usec=0; return 0; } void swab(char *src, char *dst,int len) { while(len>=2) { char a; char b; a= *src++; b= *src++; len-=2; *dst++=b; *dst++=a; } } char *inet_ntoa(unsigned long n) { #define BYTE0(xxx) ((int)((xxx)&0x0ff)) static char buf[32]; sprintf(buf,"%d.%d.%d.%d", BYTE0(n>>24), BYTE0(n>>16), BYTE0(n>>8), BYTE0(n)); return buf; } #ifdef RUBBISH u_int32_t lsb_time( time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) { return 0; } #endif cyrus-sasl-2.1.25/mac/CommonKClient/0000777000076400007640000000000011632367343014175 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/0000777000076400007640000000000011632367343016446 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/mac_krb_lib1.c0000777000076400007640000000543407622774114021052 00000000000000/* $Id: mac_krb_lib1.c,v 1.3 2003/02/13 19:55:56 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * library to emulate unix kerberos on a macintosh */ #include #include #include #include #include #include #include #ifndef TRUE #define TRUE 1 #endif #ifndef FALSE #define FALSE 0 #endif #include /* * given a hostname return the kerberos realm * NOT thread safe.... */ char *krb_realmofhost(const char *s) { s=strchr(s,'.'); if(s==0) return "ANDREW.CMU.EDU"; return (char *)(s+1); } /* * return the default instance to use for a given hostname * NOT thread safe... but then neathoer is the real kerberos one */ char *krb_get_phost(const char *alias) { #define MAX_HOST_LEN (512) static char instance[MAX_HOST_LEN]; char *dst=instance; int remaining=MAX_HOST_LEN-10; while(remaining-->0) { char ch= *alias++; if(ch==0) break; if(isupper(ch)) ch=tolower(ch); if(ch=='.') break; *dst++=ch; } *dst=0; return instance; } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/KClient.c0000777000076400007640000006660207403027555020077 00000000000000/* KClient.c -- Application library for KClient © Copyright 1994,1995 by Cornell University Initial coding 8/94 by Peter Bosanko. */ #ifndef _KrbDriver_ #include "krbdriver.h" #endif #ifndef _DEVICES_ #include #endif #include "kcglue_des.h" #define KC_SESSION ((KClientRec *)session) #define KC_PB (&(((KClientRec *)session)->hiParm)) #define OLD_KC_PB ((krbHiParmBlock *)session) #define PICK_PARM (kcRec ? (void*) kcRec : (void*) pb) #define KCLIENTDRIVER "\p.Kerberos" /* Forward Declarations */ OSErr KClientSendMessage(short msg, void *parm); OSErr KClientSetPassword( KClientSessionInfo *session, char *password ); krbHiParmBlock *KClientSessionKind( KClientSessionInfo *session, KClientRec **kcRec ); OSErr _KClientVersion( StringPtr driver, short *majorVersion, short *minorVersion, char *versionString ); /* * call into des ecb_encrypt */ /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ int KClient_des_ecb_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,int do_encrypt) { KClientKey sessionKey; Key_schedule schedule; int rc=KClientGetSessionKey(session,&sessionKey); if(rc!=0) return rc; rc=kcglue_des_key_sched(&sessionKey,schedule); if(rc!=0) return rc; kcglue_des_ecb_encrypt(v1,v2,schedule,do_encrypt); return rc; } /* * call into des pcbc_encrypt */ /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ int KClient_des_pcbc_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,long len,int do_encrypt) { KClientKey sessionKey; Key_schedule schedule; int rc=KClientGetSessionKey(session,&sessionKey); if(rc!=0) return rc; rc=kcglue_des_key_sched(&sessionKey,schedule); if(rc!=0) return rc; kcglue_des_pcbc_encrypt(v1,v2,len,schedule,&sessionKey,do_encrypt); return rc; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSendMessage(short msg, void *parm) { ParamBlockRec aPBR; short refNum = 0; /************************************************** OK to "open" driver everytime because driver just returns if it's already open. This saves us from having to pass around refNum or store it in a global. ***************************************************/ OSErr err = OpenDriver(KCLIENTDRIVER,&refNum); if (err) return err; aPBR.cntrlParam.ioCompletion = nil; aPBR.cntrlParam.ioVRefNum = 0; aPBR.cntrlParam.ioCRefNum = refNum; aPBR.cntrlParam.csCode = msg; BlockMove(&parm,aPBR.cntrlParam.csParam,sizeof(parm)); (void) PBControlImmed( &aPBR ); err = aPBR.cntrlParam.ioResult; return err; } /*---------------------------------------------------------------------------------------------------*/ krbHiParmBlock *KClientSessionKind( KClientSessionInfo *session, KClientRec **kcRec ) { if (KC_SESSION->tag==NEW_KCLIENT_TAG) { /* Newer driver, use newer session record */ if (kcRec) *kcRec = KC_SESSION; return KC_PB; } else { if (kcRec) *kcRec = NULL; return OLD_KC_PB; } } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSetPassword( KClientSessionInfo *session, char *password ) { KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->user = password; return KClientSendMessage(cKrbSetPassword,PICK_PARM); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientNewSession(KClientSessionInfo *session, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort) { OSErr err; err = KClientSendMessage(cKrbNewClientSession,KC_SESSION); if (err==cKrbBadSelector) { /* old driver, so initialize by hand */ short i,e = sizeof(KClientSessionInfo) / sizeof(long); long *s = (long *) session; for (i=0;ilibVersion = 2; KC_PB->lAddr = lAddr; KC_PB->lPort = lPort; KC_PB->fAddr = fAddr; KC_PB->fPort = fPort; return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDisposeSession(KClientSessionInfo *session) { KClientRec *kcRec; (void) KClientSessionKind(session,&kcRec); if (kcRec) return KClientSendMessage(cKrbDisposeSession,session); return noErr; } /*---------------------------------------------------------------------------------------------------*/ /* * modified by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ OSErr KClientGetTicketForService(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen) { return KClientGetTicketForServiceFull(session,service,buf,buflen,0); } #include #include /* * store the passed long in network byte order */ static char *put_long(char *dst,long aval) { *dst++=aval>>24; *dst++=aval>>16; *dst++=aval>>8; *dst++=aval; return dst; } /* * - int = 1 byte * - long = 4 bytes * long length of all the following [kclientism] * ticket format, from reading mk_req.c * int KRB_PROT_VERSION * int AUTH_MSG_APPL_REQUEST * int key version numbner * string realm * int ticket length * int authenticator length * ticket * authenticator [ * string name * string instance * string realm * long checksum * byte GMT microseconds/5 * int GMT time * ] encrypted in session key */ /*---------------------------------------------------------------------------------------------------*/ /* * created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ OSErr KClientGetTicketForServiceFull(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long cks) { char *p=(char *)buf; long tkt_len; long auth_len; char wbuf[1500]; OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->service = service; pb->buf = (char *) buf; pb->buflen = *buflen; pb->checksum = cks; err = KClientSendMessage(cKrbGetTicketForService,PICK_PARM); *buflen = pb->buflen; if(err!=0) return err; /* * if checksum is zero, buth kclientman and kclient will correctly get the ticket * if checksum is non zero, then kclientman will have incorrectly encoded 0 in the checksum * field of the authenticator, kclient will have encoded the correct checksum... * rather than check the underlying authentication package (kclient vs kclientman) * we will go ahead and decrypt the authenticator and fix the checksum. this is unessary but * harmless for kclient. */ if(cks==0) return 0; p+=4+3+strlen(p+7)+1; /*4 byte kclient len, vers,req, kvno*/ tkt_len= (*p++)&0x0ff; auth_len= (*p++)&0x0ff; p+=tkt_len; err=KClient_des_pcbc_encrypt(session,(unsigned char *)p,(unsigned char *)wbuf,auth_len,0); if(err!=0) return err; { char *w=wbuf; /* printf("name='%s'\n",w); */ w+=strlen(w)+1; /*skip name */ /* printf("instance='%s'\n",w); */ w+=strlen(w)+1; /*skip instance */ /* printf("realm='%s'\n",w); */ w+=strlen(w)+1; /*realm*/ w=put_long(w,cks); } err=KClient_des_pcbc_encrypt(session,(unsigned char *)wbuf,(unsigned char *)wbuf,auth_len,1); memcpy(p,wbuf,auth_len); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientLogin( KClientSessionInfo *session, KClientKey *privateKey ) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->service = (char *) privateKey; /* pointer to private key in first 4 bytes */ err = KClientSendMessage(cKrbLogin,PICK_PARM); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSetPrompt( KClientSessionInfo *session, char *prompt ) { KClientRec *kcRec; (void) KClientSessionKind(session,&kcRec); if (kcRec) kcRec->prompt = prompt; else return cKrbBadSelector; return noErr; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientPasswordLogin( KClientSessionInfo *session, char *password, KClientKey *privateKey ) { OSErr err; if ( ( err = KClientSetPassword(session,password) ) != noErr ) return err; return KClientLogin(session,privateKey); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientPasswordToKey( char *password, KClientKey *privateKey ) { ParamBlockRec aPBR; short refNum; OSErr err; if ( (err = OpenDriver(KCLIENTDRIVER,&refNum)) != noErr) return err; aPBR.cntrlParam.ioCompletion = nil; aPBR.cntrlParam.ioVRefNum = 0; aPBR.cntrlParam.ioCRefNum = refNum; aPBR.cntrlParam.csCode = cKrbPasswordToKey; ((long *)aPBR.cntrlParam.csParam)[0] = (long)password; ((long *)aPBR.cntrlParam.csParam)[1] = (long)privateKey; (void) PBControl( &aPBR, false ); return aPBR.cntrlParam.ioResult; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientKeyLogin( KClientSessionInfo *session, KClientKey *privateKey ) { OSErr err; err = KClientSendMessage(cKrbSetKey,privateKey); if (err) return err; return KClientLogin(session,privateKey); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientLogout( ) { krbHiParmBlock cpb; return KClientSendMessage(cKrbDeleteAllSessions, &cpb); } /*---------------------------------------------------------------------------------------------------*/ short KClientStatus( ) { char user[40]; user[0] = '\0'; (void) KClientGetUserName(user); if (*user != 0) return KClientLoggedIn; return KClientNotLoggedIn; } /*---------------------------------------------------------------------------------------------------*/ OSErr _KClientVersion( StringPtr driver, short *majorVersion, short *minorVersion, char *versionString ) { ParamBlockRec aPBR; short refNum; OSErr err; if ( (err = OpenDriver(driver,&refNum)) != noErr) return err; aPBR.cntrlParam.ioCompletion = nil; aPBR.cntrlParam.ioVRefNum = 0; aPBR.cntrlParam.ioCRefNum = refNum; aPBR.cntrlParam.csCode = cKrbDriverVersion; ((long *)aPBR.cntrlParam.csParam)[1] = (long)versionString; (void) PBControl( &aPBR, false ); err = aPBR.cntrlParam.ioResult; /* For pre-2.0, do some detective work */ if (err==cKrbBadSelector) { *majorVersion = 1; aPBR.cntrlParam.csCode = cKrbGetDesPointers; ((long *)aPBR.cntrlParam.csParam)[1] = 11; /* so it doesn't return anything */ (void) PBControl( &aPBR, false ); if (aPBR.cntrlParam.ioResult==cKrbOldDriver) { *minorVersion = 1; if (versionString) *((long *)versionString) = '1.1\0'; } else { *minorVersion = 0; if (versionString) *((long *)versionString) = '1.0\0'; } err = 0; } else { *majorVersion = aPBR.cntrlParam.csParam[0]; *minorVersion = aPBR.cntrlParam.csParam[1]; } return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientVersion( short *majorVersion, short *minorVersion, char *versionString ) { return _KClientVersion(KCLIENTDRIVER,majorVersion,minorVersion,versionString); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetUserName(char *user) { OSErr err; KClientSessionInfo s,*session = &s; KC_SESSION->tag = 0; OLD_KC_PB->user = user; err = KClientSendMessage(cKrbGetUserName,session); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetSessionUserName(KClientSessionInfo *session, char *user, short nameType ) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->user = user; kcRec->nameType = nameType; err = KClientSendMessage(cKrbGetSessionUserName,PICK_PARM); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSetUserName(char *user) { OSErr err; KClientSessionInfo s,*session = &s; KC_SESSION->tag = 0; OLD_KC_PB->user = user; err = KClientSendMessage(cKrbSetUserName,session); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientCacheInitialTicket(KClientSessionInfo *session, char *service) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->service = service; err = KClientSendMessage(cKrbCacheInitialTicket,PICK_PARM); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetSessionKey(KClientSessionInfo *session, KClientKey *sessionKey) { KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); /* Not logged in and no server context */ if ((!kcRec || !kcRec->serverContext) && KClientStatus()==KClientNotLoggedIn) return cKrbNotLoggedIn; BlockMove(&(pb->sessionKey),sessionKey,sizeof(KClientKey)); return 0; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientMakeSendAuth(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long checksum, char *applicationVersion) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->service = service; pb->buf = (char *) buf; pb->buflen = *buflen; pb->checksum = checksum; pb->applicationVersion = applicationVersion; err = KClientSendMessage(cKrbGetAuthForService,PICK_PARM); *buflen = pb->buflen; return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientVerifyReplyTicket(KClientSessionInfo *session, void *buf,unsigned long *buflen ) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->buf = (char *) buf; pb->buflen = *buflen; err = KClientSendMessage(cKrbCheckServiceResponse,PICK_PARM); *buflen = pb->buflen; return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientEncrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,void *encryptBuf,unsigned long *encryptLength) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->buf = (char *) buf; pb->buflen = buflen; pb->encryptBuf = (char *) encryptBuf; err = KClientSendMessage(cKrbEncrypt,PICK_PARM); *encryptLength = pb->encryptLength; return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDecrypt(KClientSessionInfo *session, void *buf,unsigned long buflen, unsigned long *decryptOffset,unsigned long *decryptLength) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->buf = (char *) buf; pb->buflen = buflen; err = KClientSendMessage(cKrbDecrypt,PICK_PARM); *decryptOffset = pb->decryptOffset; *decryptLength = pb->decryptLength; return err; } /*---------------------------------------------------------------------------------------------------*/ void KClientErrorText(OSErr err, char *text) { ParamBlockRec aPBR; short refNum; OSErr oerr; if ( (oerr = OpenDriver(KCLIENTDRIVER,&refNum)) != noErr) return; aPBR.cntrlParam.ioCompletion = nil; aPBR.cntrlParam.ioVRefNum = 0; aPBR.cntrlParam.ioCRefNum = refNum; aPBR.cntrlParam.csCode = cKrbGetErrorText; ((long *)aPBR.cntrlParam.csParam)[0] = (long)err; ((long *)aPBR.cntrlParam.csParam)[1] = (long)text; (void) PBControl( &aPBR, false ); /* In case driver is old, at least return something */ if (aPBR.cntrlParam.ioResult==cKrbBadSelector) { BlockMove("Kerberos error",text,15); } } /*---------------------------------------------------------------------------------------------------*/ /* Kerberized Server routines */ /*---------------------------------------------------------------------------------------------------*/ OSErr KServerNewSession( KClientSessionInfo *session, char *service,unsigned long lAddr, unsigned short lPort,unsigned long fAddr,unsigned short fPort) { OSErr err; KC_PB->service = service; err = KClientSendMessage(cKrbNewServerSession,KC_SESSION); if (err) return err; KC_SESSION->libVersion = 2; KC_PB->lAddr = lAddr; KC_PB->lPort = lPort; KC_PB->fAddr = fAddr; KC_PB->fPort = fPort; return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KServerVerifyTicket( KClientSessionInfo *session, void *buf, char *filename ) { OSErr err; KC_PB->buf = (char *) buf; KC_SESSION->filename = filename; err = KClientSendMessage(cKrbServerVerifyTicket,KC_SESSION); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KServerGetReplyTicket( KClientSessionInfo *session, void *buf, unsigned long *buflen ) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); pb->buf = (char *) buf; pb->buflen = *buflen; err = KClientSendMessage(cKrbServerGetReplyTkt,PICK_PARM); if (err) return err; *buflen = pb->buflen; return noErr; } /*---------------------------------------------------------------------------------------------------*/ OSErr KServerAddKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ) { OSErr err; KClientKey key; char srv[128]; char tkt[1250]; unsigned long len; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); if (!kcRec) return cKrbBadSelector; /* old driver */ KC_SESSION->filename = filename; KC_PB->service = service; if (!service) { /* No service, build from scratch, prompt the user */ /* Get the user to log in, using service principle and password */ KClientLogout(); err = KClientLogin( session, &key ); if (err) return err; err = KClientGetUserName(srv); if (err) return err; /* Get a service ticket for the service so that we can obtain key version number */ err = KClientGetTicketForService(session, srv,tkt,&len); if (err) return err; KC_PB->service = srv; BlockMove(&key,KC_SESSION->serverKey,8); KC_SESSION->keyVersion = tkt[6]; /* tkt contains private key's version in the seventh byte */ } else { KC_SESSION->keyVersion = version; BlockMove(privateKey,KC_SESSION->serverKey,8); KC_PB->service = service; } return KClientSendMessage(cKrbAddServiceKey,session); } /*---------------------------------------------------------------------------------------------------*/ OSErr KServerGetKey( KClientSessionInfo *session, KClientKey *privateKey,char *service, long version, char *filename ) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); if (!kcRec) return cKrbBadSelector; /* old driver */ KC_SESSION->keyVersion = version; KC_SESSION->filename = filename; KC_PB->service = service; err = KClientSendMessage(cKrbGetServiceKey,KC_SESSION); if (err) return err; BlockMove(KC_SESSION->serverKey,privateKey,8); return noErr; } /*---------------------------------------------------------------------------------------------------*/ OSErr KServerGetSessionTimeRemaining( KClientSessionInfo *session, long *seconds ) { OSErr err; KClientRec *kcRec; krbHiParmBlock *pb = KClientSessionKind(session,&kcRec); err = KClientSendMessage(cKrbGetSessionTimeRemaining,PICK_PARM); *seconds = pb->checksum; return err; } /*---------------------------------------------------------------------------------------------------*/ /* Configuration routines */ /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetLocalRealm( char *realm ) { krbParmBlock pb; pb.uRealm = realm; return KClientSendMessage(cKrbGetLocalRealm,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSetLocalRealm( char *realm ) { krbParmBlock pb; pb.uRealm = realm; return KClientSendMessage(cKrbSetLocalRealm,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetRealm( char *host, char *realm ) { krbParmBlock pb; pb.uRealm = realm; pb.host = host; return KClientSendMessage(cKrbGetRealm,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientAddRealmMap( char *host, char *realm ) { krbParmBlock pb; pb.uRealm = realm; pb.host = host; return KClientSendMessage(cKrbAddRealmMap,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDeleteRealmMap( char *host ) { krbParmBlock pb; pb.host = host; return KClientSendMessage(cKrbDeleteRealmMap,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthRealmMap( long n, char *host, char *realm ) { krbParmBlock pb; pb.host = host; pb.uRealm = realm; pb.itemNumber = &n; return KClientSendMessage(cKrbGetNthRealmMap,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthServer( long n, char *host, char *realm, Boolean admin ) { krbParmBlock pb; pb.host = host; pb.uRealm = realm; pb.itemNumber = &n; pb.admin = (long) admin; return KClientSendMessage(cKrbGetNthServer,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientAddServerMap( char *host, char *realm, Boolean admin ) { krbParmBlock pb; pb.uRealm = realm; pb.host = host; pb.admin = admin ? 1 : 0; return KClientSendMessage(cKrbAddServerMap,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDeleteServerMap( char *host, char *realm ) { krbParmBlock pb; pb.uRealm = realm; pb.host = host; return KClientSendMessage(cKrbDeleteServerMap,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthServerMap( long n, char *host, char *realm, Boolean *admin ) { OSErr err; long ladmin; krbParmBlock pb; pb.uRealm = realm; pb.host = host; pb.adminReturn = &ladmin; pb.itemNumber = &n; err = KClientSendMessage(cKrbGetNthServerMap,&pb); *admin = (ladmin==1); return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthServerPort( long n, short *port ) { OSErr err; krbParmBlock pb; pb.itemNumber = &n; err = KClientSendMessage(cKrbGetNthServerPort,&pb); *port = pb.port; return err; } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSetNthServerPort( long n, short port ) { krbParmBlock pb; pb.itemNumber = &n; pb.port = port; return KClientSendMessage(cKrbSetNthServerPort,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNumSessions( long *n ) { krbParmBlock pb; pb.itemNumber = n; return KClientSendMessage(cKrbGetNumSessions,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthSession( long n, char *name, char *instance, char *realm ) { krbParmBlock pb; pb.itemNumber = &n; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; return KClientSendMessage(cKrbGetNthSession,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDeleteSession( char *name, char *instance, char *realm ) { krbParmBlock pb; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; return KClientSendMessage(cKrbDeleteSession,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ) { krbParmBlock pb; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; pb.cred = cred; return KClientSendMessage(cKrbGetCredentials,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientAddCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ) { krbParmBlock pb; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; pb.cred = cred; return KClientSendMessage(cKrbAddCredentials,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDeleteCredentials( char *name, char *instance, char *realm, char *sname, char *sinstance, char *srealm ) { krbParmBlock pb; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; pb.sName = sname; pb.sInstance = sinstance; pb.sRealm = srealm; return KClientSendMessage(cKrbDeleteCredentials,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNumCredentials( long *n, char *name, char *instance, char *realm ) { krbParmBlock pb; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; pb.itemNumber = n; return KClientSendMessage(cKrbGetNumCredentials,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthCredential( long n, char *name, char *instance, char *realm, char *sname, char *sinstance, char *srealm ) { krbParmBlock pb; pb.uName = name; pb.uInstance = instance; pb.uRealm = realm; pb.sName = sname; pb.sInstance = sinstance; pb.sRealm = srealm; pb.itemNumber = &n; return KClientSendMessage(cKrbGetNthCredentials,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientAddSpecial( char *service, char *name ) { krbParmBlock pb; pb.uName = name; pb.sName = service; return KClientSendMessage(cKrbAddSpecial,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientDeleteSpecial( char *service ) { krbParmBlock pb; pb.sName = service; return KClientSendMessage(cKrbDeleteSpecial,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNumSpecials( long *n ) { krbParmBlock pb; pb.itemNumber = n; return KClientSendMessage(cKrbGetNumSpecials,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetNthSpecial( long n, char *name, char *service ) { krbParmBlock pb; pb.uName = name; pb.sName = service; pb.itemNumber = &n; return KClientSendMessage(cKrbGetNthSpecial,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientSetOption( short option, void *value ) { krbParmBlock pb; pb.uName = (char *) value; pb.port = option; return KClientSendMessage(cKrbSetOption,&pb); } /*---------------------------------------------------------------------------------------------------*/ OSErr KClientGetOption( short option, void *value ) { krbParmBlock pb; pb.uName = (char *) value; pb.port = option; return KClientSendMessage(cKrbGetOption,&pb); } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/kcglue_krb.c0000777000076400007640000001415007622774114020650 00000000000000/* $Id: kcglue_krb.c,v 1.3 2003/02/13 19:55:56 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "macKClientPublic.h" #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #define SOME_KRB_ERR_NUMBER (70) #define MAX_KRB_ERRORS 256 const char *krb_err_txt[MAX_KRB_ERRORS]={ "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err" }; /* * given a service instance and realm, combine them to foo.bar@REALM * return true upon success */ static int implode_krb_user_info(char *dst,const char *service,const char *instance,const char *realm) { if(strlen(service)>=KCGLUE_ITEM_SIZE) return FALSE; if(strlen(instance)>=KCGLUE_ITEM_SIZE) return FALSE; if(strlen(realm)>=KCGLUE_ITEM_SIZE) return FALSE; strcpy(dst,service); dst+=strlen(dst); if(instance[0]!=0) { *dst++='.'; strcpy(dst,instance); dst+=strlen(dst); } *dst++='@'; strcpy(dst,realm); return TRUE; } int kcglue_krb_mk_req(void *dat,int *len, const char *service, char *instance, char *realm, long checksum, void *des_key, char *pname, char *pinst) { char tkt_buf[KCGLUE_MAX_KTXT_LEN+20]; char user_id[KCGLUE_MAX_K_STR_LEN+1]; KClientSessionInfo ses; int have_session=FALSE; int rc; if(!implode_krb_user_info(user_id,service,instance,realm)) return SOME_KRB_ERR_NUMBER; rc=KClientNewSession(&ses,0,0,0,0); if(rc!=0) return SOME_KRB_ERR_NUMBER; have_session=TRUE; *len=sizeof(tkt_buf)-10; rc=KClientGetTicketForServiceFull(&ses,user_id,tkt_buf,len,checksum); if(rc==0) { memcpy(dat,tkt_buf+4,*len); /*kclient puts out a 4 byte length that mit doesnt*/ rc=KClientGetSessionKey(&ses,des_key); } if(rc==0) rc=KClientGetUserName(pname); *pinst=0; if(have_session) KClientDisposeSession(&ses); if(rc!=0) return SOME_KRB_ERR_NUMBER; return 0; } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/KrbDriver.h0000777000076400007640000000704507403027555020441 00000000000000/* KrbDriver.h -- This is the KClient driver's direct call interface. This file defines all of the csCodes used by the driver and the three structures used for passing information to and from the driver. © Copyright 1992,95 by Cornell University Initial coding 1/92 Peter Bosanko Moved some constants to kclient.h 8/95 PCB */ #ifndef _KrbDriver_ #define _KrbDriver_ #ifndef _KCLIENT_ #include "KClient.h" #endif /* csCodes for Control Calls */ enum { cKrbKillIO = 1, cKrbGetLocalRealm, cKrbSetLocalRealm, cKrbGetRealm, cKrbAddRealmMap, cKrbDeleteRealmMap, cKrbGetNthRealmMap, cKrbGetNthServer, cKrbAddServerMap, cKrbDeleteServerMap, cKrbGetNthServerMap, cKrbGetNumSessions, cKrbGetNthSession, cKrbDeleteSession, cKrbGetCredentials, cKrbAddCredentials, cKrbDeleteCredentials, cKrbGetNumCredentials, cKrbGetNthCredentials, cKrbDeleteAllSessions, cKrbGetTicketForService, cKrbGetAuthForService, cKrbCheckServiceResponse, cKrbEncrypt, cKrbDecrypt, cKrbCacheInitialTicket, cKrbGetUserName, cKrbSetUserName, cKrbSetPassword, cKrbGetDesPointers, cKrbGetErrorText, cKrbLogin, cKrbSetKey, cKrbKerberos, cKrbGetNthServerPort, cKrbSetNthServerPort, cKrbDriverVersion, cKrbPasswordToKey, cKrbNewClientSession, cKrbNewServerSession, cKrbDisposeSession, cKrbServerVerifyTicket, cKrbServerGetReplyTkt, cKrbGetServiceKey, cKrbAddServiceKey, cKrbGetOption, cKrbSetOption, cKrbAdditionalLogin, cKrbControlPanelEnter, cKrbControlPanelLeave, cKrbGetSessionTimeRemaining, cKrbGetSessionUserName, cKrbGetNumSpecials, cKrbGetNthSpecial, cKrbAddSpecial, cKrbDeleteSpecial }; /* Need to switch to short word alignment on power pc */ #if defined(powerc) || defined(__powerc) #pragma options align=mac68k #endif /* Parameter block for high level calls */ struct krbHiParmBlock { char *service; /* full name -- combined service, instance, realm */ char *buf; unsigned long buflen; long checksum; unsigned long lAddr; unsigned short lPort; unsigned long fAddr; unsigned short fPort; unsigned long decryptOffset; unsigned long decryptLength; char *encryptBuf; unsigned long encryptLength; char *applicationVersion; /* Version string must be 8 bytes long! */ char sessionKey[8]; /* for internal use */ char schedule[128]; /* for internal use */ char *user; }; typedef struct krbHiParmBlock krbHiParmBlock; typedef krbHiParmBlock *KrbParmPtr; typedef KrbParmPtr *KrbParmHandle; /* New KClient record */ #define NEW_KCLIENT_TAG 0xF7FAF7FA struct KClientRec { long tag; krbHiParmBlock hiParm; long libVersion; void *serverContext; char *filename; long keyVersion; char serverKey[8]; char *prompt; short nameType; }; typedef struct KClientRec KClientRec; /* ********************************************************* */ /* The rest of these defs are for low level calls */ /* ********************************************************* */ /* Parameter block for low level calls */ struct krbParmBlock { char *uName; char *uInstance; char *uRealm; /* also where local realm or mapping realm passed */ char *sName; char *sInstance; char *sRealm; char *host; /* also netorhost */ long admin; /* isadmin, mustadmin */ long *itemNumber; long *adminReturn; /* when it needs to be passed back */ CREDENTIALS *cred; short port; }; typedef struct krbParmBlock krbParmBlock; #if defined(powerc) || defined(__powerc) #pragma options align=reset #endif #endifcyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/KClient.h0000777000076400007640000002515307403027555020100 00000000000000/* KClient.h -- Application interface for KClient © Copyright 1994,95 by Project Mandarin Inc. Initial coding 8/94 Peter Bosanko. Added new routines 8/95 PCB Moved some constants from krbdriver.h ======================================================================== DES and Kerberos portions of this file are... ======================================================================== Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #ifndef _KCLIENT_ #define _KCLIENT_ #ifndef _TYPES_ #include #endif /* Error codes */ enum { cKrbCorruptedFile = -1024, /* couldn't find a needed resource */ cKrbNoKillIO, /* can't killIO because all calls sync */ cKrbBadSelector, /* csCode passed doesn't select a recognized function */ cKrbCantClose, /* we must always remain open */ cKrbMapDoesntExist, /* tried to access a map that doesn't exist (index too large, or criteria doesn't match anything) */ cKrbSessDoesntExist, /* tried to access a session that doesn't exist */ cKrbCredsDontExist, /* tried to access credentials that don't exist */ cKrbTCPunavailable, /* couldn't open MacTCP driver */ cKrbUserCancelled, /* user cancelled a log in operation */ cKrbConfigurationErr, /* Kerberos Preference file is not configured properly */ cKrbServerRejected, /* A server rejected our ticket */ cKrbServerImposter, /* Server appears to be a phoney */ cKrbServerRespIncomplete, /* Server response is not complete */ cKrbNotLoggedIn, /* Returned by cKrbGetUserName if user is not logged in */ cKrbOldDriver, /* old version of the driver */ cKrbDriverInUse, /* driver is not reentrant */ cKrbAppInBkgnd, /* driver won't put up password dialog when in background */ cKrbInvalidSession, /* invalid structure passed to KClient/KServer routine */ cKrbOptionNotDefined, /* returned from GetOption */ cKrbKerberosErrBlock = -20000 /* start of block of 256 kerberos error numbers */ }; #define LARGEST_DRIVER_ERROR cKrbOptionNotDefined typedef char KClientErrString[64]; enum { KClientLoggedIn, KClientNotLoggedIn }; /* Different kerberos name formats (for KServerGetUserName) */ enum { KClientLocalName, /* Don't specify realm */ KClientCommonName, /* Only specify realm if it isn't local */ KClientFullName /* Always specify realm */ }; /* Options */ enum { kclientOptionSaveName = 1, kclientOptionSynchTime, kclientOptionShowMenu, kclientOptionInstalled_1_6 }; struct KClientKey { unsigned char keyBytes[8]; }; typedef struct KClientKey KClientKey; struct KClientSessionInfo { char sessionBytes[256]; }; typedef struct KClientSessionInfo KClientSessionInfo; typedef KClientSessionInfo *KClientSessionPtr; /* Defines for obsolete function names */ #define KClientInitSession KClientNewSession #define KClientVerifySendAuth KClientVerifyReplyTicket /************************************/ /* Some includes from des.h & krb.h */ /************************************/ #if defined(powerc) || defined(__powerc) #pragma options align=mac68k #endif #ifndef DES_DEFS typedef unsigned char des_cblock[8]; /* crypto-block size */ /* Key schedule */ typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; #endif /* DES_DEFS */ #ifndef KRB_DEFS #define C_Block des_cblock #define Key_schedule des_key_schedule /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { long length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ unsigned long mbz; /* zero to catch runaway strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ C_Block session; /* Session key */ long lifetime; /* Lifetime */ long kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ long issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ unsigned long app_length; /* length of appl data */ unsigned long hash; /* hash to lookup replay */ long swap; /* swap bytes? */ long time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; typedef unsigned long u_long; typedef unsigned short u_short; #define KRB_PASSWORD_SERVICE "changepw.kerberos" #endif /* KRB_DEFS */ #if defined(powerc) || defined(__powerc) #pragma options align=reset #endif #ifdef __cplusplus extern "C" { #endif /* * call into des ecb_encrypt */ /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ int KClient_des_ecb_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,int do_encrypt); /* * call into des pcbc_encrypt */ /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ int KClient_des_pcbc_encrypt(KClientSessionInfo *session,des_cblock v1,des_cblock v2,long len,int do_encrypt); OSErr KClientNewSession(KClientSessionInfo *session, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort); OSErr KClientDisposeSession(KClientSessionInfo *session); /* created by n3liw+@cmu.edu to support SASL, need to be able to specify checksum */ OSErr KClientGetTicketForServiceFull(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long cks); OSErr KClientGetTicketForService(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen); OSErr KClientLogin( KClientSessionInfo *session, KClientKey *privateKey ); OSErr KClientSetPrompt( KClientSessionInfo *session, char *prompt ); OSErr KClientPasswordLogin( KClientSessionInfo *session, char *password, KClientKey *privateKey ); OSErr KClientPasswordToKey( char *password, KClientKey *privateKey ); OSErr KClientKeyLogin( KClientSessionInfo *session, KClientKey *privateKey ); OSErr KClientLogout( void ); short KClientStatus( void ); OSErr KClientVersion( short *majorVersion, short *minorVersion, char *versionString ); OSErr KClientGetUserName(char *user); OSErr KClientGetSessionUserName(KClientSessionInfo *session, char *user, short nameType); OSErr KClientSetUserName(char *user); OSErr KClientCacheInitialTicket(KClientSessionInfo *session, char *service); OSErr KClientGetSessionKey(KClientSessionInfo *session, KClientKey *sessionKey); OSErr KClientMakeSendAuth(KClientSessionInfo *session, char *service,void *buf,unsigned long *buflen,long checksum, char *applicationVersion); OSErr KClientVerifyReplyTicket(KClientSessionInfo *session, void *buf,unsigned long *buflen ); OSErr KClientEncrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,void *encryptBuf,unsigned long *encryptLength); OSErr KClientDecrypt(KClientSessionInfo *session, void *buf,unsigned long buflen,unsigned long *decryptOffset,unsigned long *decryptLength); void KClientErrorText(OSErr err, char *text); /* KServer calls */ OSErr KServerNewSession( KClientSessionInfo *session, char *service, unsigned long lAddr,unsigned short lPort,unsigned long fAddr,unsigned short fPort); OSErr KServerVerifyTicket( KClientSessionInfo *session, void *buf, char *keyFileName ); OSErr KServerGetReplyTicket( KClientSessionInfo *session, void *buf, unsigned long *buflen ); OSErr KServerGetKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ); OSErr KServerAddKey( KClientSessionInfo *session, KClientKey *privateKey, char *service, long version, char *filename ); OSErr KServerGetSessionTimeRemaining( KClientSessionInfo *session, long *seconds ); /* Configuration routines */ OSErr KClientGetLocalRealm( char *realm ); OSErr KClientSetLocalRealm( char *realm ); OSErr KClientGetRealm( char *host, char *realm ); OSErr KClientAddRealmMap( char *host, char *realm ); OSErr KClientDeleteRealmMap( char *host ); OSErr KClientGetNthRealmMap( long n, char *host, char *realm ); OSErr KClientGetNthServer( long n, char *host, char *realm, Boolean admin ); OSErr KClientAddServerMap( char *host, char *realm, Boolean admin ); OSErr KClientDeleteServerMap( char *host, char *realm ); OSErr KClientGetNthServerMap( long n, char *host, char *realm, Boolean *admin ); OSErr KClientGetNthServerPort( long n, short *port ); OSErr KClientSetNthServerPort( long n, short port ); OSErr KClientGetNumSessions( long *n ); OSErr KClientGetNthSession( long n, char *name, char *instance, char *realm ); OSErr KClientDeleteSession( char *name, char *instance, char *realm ); OSErr KClientGetCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ); OSErr KClientAddCredentials( char *name, char *instance, char *realm, CREDENTIALS *cred ); OSErr KClientDeleteCredentials( char *name, char *instance, char *realm, char *sname, char *sinstance, char *srealm ); OSErr KClientGetNumCredentials( long *n, char *name, char *instance, char *realm ); OSErr KClientGetNthCredential( long n, char *name, char *instance, char *realm, char *sname, char *sinstance, char *srealm ); OSErr KClientAddSpecial( char *service, char *name ); OSErr KClientDeleteSpecial( char *service ); OSErr KClientGetNumSpecials( long *n ); OSErr KClientGetNthSpecial( long n, char *name, char *service ); OSErr KClientSetOption( short option, void *value ); OSErr KClientGetOption( short option, void *value ); #ifdef __cplusplus } #endif #endifcyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/kcglue_des.c0000777000076400007640000000120507403027555020637 00000000000000#include "des.h" #include "kcglue_des.h" /* $Id: kcglue_des.c,v 1.2 2001/12/04 02:05:33 rjs3 Exp $ * kclient and des have different definitions for key schedules * this file is to include in the kclient code without dragging in the des definitions */ int kcglue_des_key_sched(void *akey,void *asched) { return des_key_sched(akey,asched); } void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction) { des_ecb_encrypt(asrc,adest,asched,direction); } void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction) { des_pcbc_encrypt(asrc,adest,length,asched,akey,direction); } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/kcglue_des.h0000777000076400007640000000070107403027555020644 00000000000000 /* $Id: kcglue_des.h,v 1.2 2001/12/04 02:05:33 rjs3 Exp $ * kclient and des have different definitions for key schedules * this file is to include in the kclient code without dragging in the des definitions */ int kcglue_des_key_sched(void *akey,void *asched); void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction); void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction); cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/kcglue_krb.h0000777000076400007640000000124507403027555020653 00000000000000/* $Id: kcglue_krb.h,v 1.2 2001/12/04 02:05:33 rjs3 Exp $ * mit kerberos and kclient include files are not compatable * the define things with the same name but different implementations * this is an interface that can be included with either kclient.h * or krb.h. It bridges between the two of them */ #define KCGLUE_ITEM_SIZE (40) /* name instance or realm size*/ #define KCGLUE_MAX_K_STR_LEN (KCGLUE_ITEM_SIZE*3+2) /* id.instance@realm */ #define KCGLUE_MAX_KTXT_LEN 1250 int kcglue_krb_mk_req( void *dat, int *len, const char *service, char *instance, char *realm, long checksum, void *des_key, char *pname, char *pinst ); cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient/macKClientPublic.h0000777000076400007640000000002407403027555021706 00000000000000#include "KClient.h"cyrus-sasl-2.1.25/mac/CommonKClient/KClientPublic.h0000777000076400007640000000044607403027554016763 00000000000000// include file for portable interface to KClient #if __dest_os == __mac_os #include "macKClientPublic.h" #else if __dest_os == __win32_os #define PC #if defined(__cplusplus) extern "C" { #endif #include "win32KClientPublic.h" #include "KClientKrbPC.h" #if defined(__cplusplus) } #endif #endif cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/0000777000076400007640000000000011632367343016531 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/mac_krb_lib1.c0000777000076400007640000000543407622774115021136 00000000000000/* $Id: mac_krb_lib1.c,v 1.3 2003/02/13 19:55:57 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * library to emulate unix kerberos on a macintosh */ #include #include #include #include #include #include #include #ifndef TRUE #define TRUE 1 #endif #ifndef FALSE #define FALSE 0 #endif #include /* * given a hostname return the kerberos realm * NOT thread safe.... */ char *krb_realmofhost(const char *s) { s=strchr(s,'.'); if(s==0) return "ANDREW.CMU.EDU"; return (char *)(s+1); } /* * return the default instance to use for a given hostname * NOT thread safe... but then neathoer is the real kerberos one */ char *krb_get_phost(const char *alias) { #define MAX_HOST_LEN (512) static char instance[MAX_HOST_LEN]; char *dst=instance; int remaining=MAX_HOST_LEN-10; while(remaining-->0) { char ch= *alias++; if(ch==0) break; if(isupper(ch)) ch=tolower(ch); if(ch=='.') break; *dst++=ch; } *dst=0; return instance; } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/saslk4.h0000777000076400007640000000007507403027557020031 00000000000000#define TARGET_API_MAC_OS8 1 #define TARGET_API_MAC_CARBON 1 cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/kcglue_krb.c0000777000076400007640000001511507622774115020736 00000000000000/* $Id: kcglue_krb.c,v 1.3 2003/02/13 19:55:57 rjs3 Exp $ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include //#include "macKClientPublic.h" #include "KClient.h" #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #define SOME_KRB_ERR_NUMBER (70) #define MAX_KRB_ERRORS 256 const char *krb_err_txt[MAX_KRB_ERRORS]={ "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err", "krb err","krb err","krb err","krb err","krb err","krb err","krb err","krb err" }; /* * given a service instance and realm, combine them to foo.bar@REALM * return true upon success */ static int implode_krb_user_info(char *dst,const char *service,const char *instance,const char *realm) { if(strlen(service)>=KCGLUE_ITEM_SIZE) return FALSE; if(strlen(instance)>=KCGLUE_ITEM_SIZE) return FALSE; if(strlen(realm)>=KCGLUE_ITEM_SIZE) return FALSE; strcpy(dst,service); dst+=strlen(dst); if(instance[0]!=0) { *dst++='.'; strcpy(dst,instance); dst+=strlen(dst); } *dst++='@'; strcpy(dst,realm); return TRUE; } int kcglue_krb_mk_req(void *dat,int *len, const char *service, char *instance, char *realm, long checksum, void *des_key, char *pname, char *pinst) { char tkt_buf[KCGLUE_MAX_KTXT_LEN+20]; char user_id[KCGLUE_MAX_K_STR_LEN+1]; char dummy1[KCGLUE_MAX_K_STR_LEN+1], dummy2[KCGLUE_MAX_K_STR_LEN+1]; KClientSession ses; KClientPrincipal prin, srvp; int have_session=FALSE; int rc; if(!implode_krb_user_info(user_id,service,instance,realm)) return SOME_KRB_ERR_NUMBER; rc=KClientNewClientSession(&ses/*,0,0,0,0*/ ); if(rc!=0) return SOME_KRB_ERR_NUMBER; have_session=TRUE; *len=sizeof(tkt_buf)-10; //rc=KClientGetTicketForServiceFull(&ses,user_id,tkt_buf,len,checksum); rc=KClientV4StringToPrincipal(user_id, &srvp); if (rc==0) rc=KClientSetServerPrincipal(ses,srvp); if (rc==0) rc=KClientGetTicketForService(ses,checksum,tkt_buf,len); if(rc==0) { memcpy(dat,tkt_buf/*+4*/,*len); /*kclient puts out a 4 byte length that mit doesnt*/ rc=KClientGetSessionKey(ses,des_key); } if(rc==0) { // rc=KClientGetUserName(pname); rc=KClientGetClientPrincipal(ses, &prin); if (rc==0) { rc=KClientPrincipalToV4Triplet(prin, pname, dummy1, dummy2); KClientDisposePrincipal(prin); } } *pinst=0; if(have_session) KClientDisposeSession(ses); if(rc!=0) return SOME_KRB_ERR_NUMBER; return 0; } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/kcglue_des.c0000777000076400007640000000120507403027557020724 00000000000000#include "des.h" #include "kcglue_des.h" /* $Id: kcglue_des.c,v 1.2 2001/12/04 02:05:35 rjs3 Exp $ * kclient and des have different definitions for key schedules * this file is to include in the kclient code without dragging in the des definitions */ int kcglue_des_key_sched(void *akey,void *asched) { return des_key_sched(akey,asched); } void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction) { des_ecb_encrypt(asrc,adest,asched,direction); } void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction) { des_pcbc_encrypt(asrc,adest,length,asched,akey,direction); } cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/0000777000076400007640000000000011632367343020104 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosManager/0000777000076400007640000000000011632367343023153 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosManager/KerberosManagerLib.h0000777000076400007640000001316007403027601026735 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Export of this software from the United States of America may require a * specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute * this software and its documentation for any purpose and without fee is * hereby granted, provided that the above copyright notice appear in all * copies and that both that copyright notice and this permission notice * appear in supporting documentation, and that the name of M.I.T. not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. Furthermore if you * modify this software you must label your software as modified software * and not distribute it in such a fashion that it might be confused with * the original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosManager/KerberosManagerLib.h,v 1.2 2001/12/04 02:05:53 rjs3 Exp $ */ #pragma once #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #include #include #else #error "Unknown OS" #endif #ifdef __cplusplus extern "C" { #endif #if PRAGMA_IMPORT #pragma import on #endif /* * KMAE_SendQuitApplication * * Send quit event to Kerberos Manager. * */ OSStatus KMAE_SendQuitApplication (Boolean waitForAEReply); /* * KMAE_SendOpenApplication * * Send open event to Kerberos Manager. This will launch Kerberos Manager. Kerberos * Manager could display an error dialog that requires the user's response if Kerb for * the Mac isn't installed properly, but no AE reply is sent about this. */ OSStatus KMAE_SendOpenApplication (Boolean waitForAEReply); /* * KMAE_SendOpenApplicationFSSpec * * Send open event to Kerberos Manager specified by inKMFileSpec. * This will launch Kerberos Manager. Kerberos Manager could display * an error dialog that requires the user's response if Kerb for * the Mac isn't installed properly, but no AE reply is sent about this. */ OSStatus KMAE_SendOpenApplicationFSSpec (FSSpec *inKMFileSpec, Boolean waitForAEReply); /* * KMAE_SendLogin * * Tell Kerberos Manager to display login dialog (no AE replies right now). * Kerberos Manager will be launched if necessary. */ OSStatus KMAE_SendLogin (Boolean waitForAEReply); /* * IsKerberosManagerRunning * * Determine if Kerberos Manager is running */ /* * KMAE_SendLoginFSSpec * * Tell Kerberos Manager specified by inKmFileSpec to display login dialog * (no AE replies right now) Kerberos Manager will be launched if necessary. * */ OSStatus KMAE_SendLoginFSSpec (FSSpec *inKMFileSpec, Boolean waitForAEReply); /* IsKerberosManagerRunning() Return true if KM is running, and fills out outPSN if the pointer is non-null. Return false if KM is not running, and outPSN is unchanged. */ Boolean IsKerberosManagerRunning (ProcessSerialNumber *outPSN); /* FindKerberosManagerInControlPanels() Uses IterateDirectory from MoreFiles to search the Control Panels folder for copies of Kerberos Manager. If it finds one, returns true and fills out *kmSpec. If it doesn't find one or an error occurs, returns false and *kmSpec is unchanged. */ Boolean FindKerberosManagerInControlPanels(FSSpec *kmSpec); /* KMAE_FindTargetKerberosManager() Searches the startup volume to find the Kerberos Manager that would receive AppleEvents if any of the KerberosManagerLib functions that send AEs were called. First checks to see if KM is running, and returns the FSSpec of that one if it is. Next looks in the Control Panels Folder. Finally it searches the drive for a copy. If a Kerberos Manager is found, returns true and fills out *kmSpec. If it doesn't find one or an error occurs, returns false and *kmSpec is unchanged. If the hard drive catalog changes during the search, continues anyway. */ Boolean KMAE_FindTargetKerberosManager(FSSpec *kmSpec); #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif /* * Constants */ enum { kKerberosManagerClass = FOUR_CHAR_CODE ('KrbM') }; enum { kKerberosManagerSignature = FOUR_CHAR_CODE ('KrbM') }; enum { kAELogin = FOUR_CHAR_CODE ('Lgin') }; cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/0000777000076400007640000000000011632367343023255 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/Sockets.h0000777000076400007640000002233107403027605024760 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/Sockets.h,v 1.2 2001/12/04 02:05:57 rjs3 Exp $ */ /* * * Sockets.h -- Main external header file for the sockets library. * */ #include #include #include #include #include #include #include #ifndef _SOCKETS_ #define _SOCKETS_ #ifdef __cplusplus extern "C" { #endif #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import on #endif /*******************/ /* API Definitions */ /*******************/ #define FD_SETSIZE 256 /* The maximum # of sockets -- cannot be changed */ /* socket types */ #define SOCK_STREAM 0 /* stream socket -- connection oriented */ #define SOCK_DGRAM 1 /* datagram socket -- connectionless */ #define SOCK_RAW 2 /* raw socket */ #define SOCK_SEQPACKET 3 /* sequenced packet socket */ #define SOCK_RDM 4 /* reliably delivered message socket */ /* address families -- get AF_INET from OpenTptInternet.h */ #define AF_UNSPEC 0 /* Unspecified */ #define AF_UNIX 1 /* Unix internal protocols */ /* protocol families */ #define PF_UNSPEC AF_UNSPEC /* Unspecified */ #define PF_UNIX AF_UNIX /* Unix internal protocols */ #define PF_INET AF_INET /* Internet protocols */ /* IP Address Wildcard */ #define INADDR_ANY kOTAnyInetAddress #define INADDR_NONE 0xffffffff /* recv and send flags */ #define MSG_DONTROUTE 1 #define MSG_DONTWAIT 2 #define MSG_OOB 4 #define MSG_PEEK 8 #define MSG_WAITALL 16 #define NUMBITSPERBYTE 8 /* Number of bits per byte */ /* socket_fnctl() requests */ #define F_GETFL 3 /* Get file flags */ #define F_SETFL 4 /* Set file flags */ /* shutdown() flags */ #define SHUT_RD 0 /* Shutdown read side of the connection */ #define SHUT_WR 1 /* Shutdown write side of the connection */ #define SHUT_RDWR 2 /* Shutdown read and write sides of the connection */ /* IP address sizes */ #define INET_ADDRSTRLEN 16 /* for IPv4 dotted decimal */ #define INET6_ADDRSTRLEN 46 /* for IPv6 dhex string */ #define INADDRSZ 4 /* size of IPv4 addr in bytes */ #define IN6ADDRSZ 16 /* size of IPv6 addr in bytes */ /* host name size */ #define MAXHOSTNAMESIZE kMaxHostNameLen #define MAXHOSTNAMELEN kMaxHostNameLen #ifdef USE_STREAMS /* Constants for poll() */ #define POLLIN 0x001 /* A non-priority message is available */ #define POLLPRI 0x002 /* A high priority message is available */ #define POLLOUT 0x004 /* The stream is writable for non-priority messages */ #define POLLERR 0x008 /* A error message has arrived */ #define POLLHUP 0x010 /* A hangup has occurred */ #define POLLNVAL 0x020 /* This fd is bogus */ #define POLLRDNORM 0x040 /* A non-priority message is available */ #define POLLRDBAND 0x080 /* A priority message (band > 0) message is available */ #define POLLWRNORM 0x100 /* Same as POLLOUT */ #define POLLWRBAND 0x200 /* A priority band exists and is writable */ #define POLLMSG 0x400 /* A signal message has reached the front of the queue */ #endif /* USE_STREAMS */ /**********/ /* Macros */ /**********/ /* network byte order conversion [none since we're already big-endian] */ #define ntohl(x) (x) #define ntohs(x) (x) #define htonl(x) (x) #define htons(x) (x) /* macros for select */ #define FD_SET(fd, fdset) ((fdset)->fds_bits[(fd) / NFDBITS] |= ((unsigned)1 << ((fd) % NFDBITS))) #define FD_CLR(fd, fdset) ((fdset)->fds_bits[(fd) / NFDBITS] &= ~((unsigned)1 << ((fd) % NFDBITS))) #define FD_ISSET(fd, fdset) ((fdset)->fds_bits[(fd) / NFDBITS] & ((unsigned)1 << ((fd) % NFDBITS))) #define FD_ZERO(fdset) memset((char *)(fdset), 0, sizeof(*(fdset))) /****************************/ /* API Structures and Types */ /****************************/ /* An internet address */ typedef UInt32 in_addr_t; /* size of address structures */ typedef UInt32 socklen_t; /* structure used to store addresses */ struct sockaddr { u_short sa_family; char sa_data[14]; }; /* INET protocol structures */ struct in_addr { in_addr_t s_addr; }; /* A TCP address -- the same as a OT InetAddress */ struct sockaddr_in { /* struct InetAddress { */ u_short sin_family; /* OTAddressType fAddressType */ u_short sin_port; /* InetPort fPort */ struct in_addr sin_addr; /* InetHost fHost */ char sin_zero[8]; /* UInt8 fUnused */ }; /* }; */ /* structures for select */ typedef long fd_mask; #define NFDBITS (sizeof(fd_mask) * NUMBITSPERBYTE) /* bits per mask */ typedef struct fd_set { fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS]; } fd_set; /* Structure for non-contiguous data */ struct iovec { struct iovec *next; /* For compatibility with Open Transport */ void *iov_base; /* Starting address of buffer */ size_t iov_len; /* size of buffer */ }; /* For poll() */ struct pollfd { int fd; short events; short revents; }; /***********************/ /* Function Prototypes */ /***********************/ #if !TARGET_RT_MAC_CFM # pragma d0_pointers on #else # define SocketsLibraryIsPresent() ((Ptr) (socket) != (Ptr) (kUnresolvedCFragSymbolAddress)) #endif /* Sockets Control API calls */ OSStatus AbortSocketOperation(int sockFD); OSStatus AbortAllDNSOperations(void); Boolean IsValidSocket(int sockFD); /* Sockets API calls */ int socket(int family, int type, int protocol); int socket_bind(int sockFD, const struct sockaddr *myAddr, int addrLength); int socket_fcntl(int sockFD, int command, int flags); int socket_close(int sockFD); int socket_shutdown(int sockFD, int howTo); int socket_connect(int sockFD, struct sockaddr *servAddr, int addrLength); int socket_select(int maxFDsExamined, fd_set *readFDs, fd_set *writeFDs, fd_set *exceptFDs, struct timeval *timeOut); #ifdef USE_STREAMS int socket_poll (struct pollfd *fds, unsigned int nfds, int timeout); #endif /* USE_STREAMS */ int socket_getpeername(int sockFD, struct sockaddr *peerAddr, int *addrLength); int socket_getsockname(int sockFD, struct sockaddr *localAddr, int *addrLength); int socket_read(int sockFD, void *buffer, UInt32 numBytes); int socket_write(int sockFD, const void *buffer, UInt32 numBytes); int socket_readv(int sockFD, struct iovec *iov, UInt32 iovCount); int socket_writev(int sockFD, struct iovec *iov, UInt32 iovCount); int socket_recv(int sockFD, void *buffer, UInt32 numBytes, int flags); int socket_send(int sockFD, const void *buffer, UInt32 numBytes, int flags); int socket_recvfrom(int sockFD, void *buffer, UInt32 numBytes, int flags, struct sockaddr *fromAddr, socklen_t *addrLength); int socket_sendto(int sockFD, const void *buffer, UInt32 numBytes, int flags, struct sockaddr *toAddr, socklen_t addrLength); /* Utilites API calls */ char *inet_ntoa(struct in_addr addr); int inet_aton(const char *str, struct in_addr *addr); in_addr_t inet_addr(const char *str); int inet_pton(int family, const char *str, void *addr); const char *inet_ntop(int family, const void *addr, char *str, size_t len); #if !TARGET_RT_MAC_CFM # pragma d0_pointers reset #endif #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import reset #endif #ifdef __cplusplus } #endif #endif /* _SOCKETS_ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/SocketErrors.h0000777000076400007640000001740207403027605025775 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/SocketErrors.h,v 1.2 2001/12/04 02:05:57 rjs3 Exp $ */ /* * * SocketErrors.h -- Error codes for socket errors. * */ /* NOTE: Before you add a new error code, check the other libraries to make sure that you have not taken an error code range designated for another library. */ #ifndef _SOCKET_ERRORS_ #define _SOCKET_ERRORS_ /* New error definitions */ #define kSocketsFirstErr 200 /* The beginning of the sockets errors */ #define kENOTDIRErr 201 /* Not a directory */ #define kEISDIRErr 202 /* Is a directory */ #define kEPFNOSUPPORTErr 203 /* Protocol family not supported */ #define kEAFNOSUPPORTErr 204 /* Address family not supported */ #define kSockNotInitErr 205 /* Sockets lib is not initialized */ #define kSockAlreadyInitErr 206 /* Sockets lib is already initialized */ #define kNoOTErr 207 /* Open Transport is unavailable */ #define kSocketIsIdleErr 208 /* No operation in progress on socket */ #define kEMFILEErr 209 /* Too many sockets open */ #define kENOSPCErr 210 /* Not enough space to write output */ #define kEBADDOMAINNAMEErr 211 /* Bad domain name in TCP/IP settings */ #define kEBADNAMESERVERSErr 212 /* Bad name servers in TCP/IP settings */ #define kENONETWORKErr 213 /* No network: check TCP/IP settings */ #define kSocketsLastErr 299 /* The last sockets error */ #ifndef rez /* This part cannot be included by a rez file */ #include #include #undef ERANGE /* defined by errno.h -- but we want the OT definition */ /* Mappings from errno.h errors to OT LibC errors */ enum OTCompatErrors { /* EPERM = kEPERMErr, /* Permission denied */ /* ENOENT = kENOENTErr, /* No such file or directory */ ESRCH = kESRCHErr, /* No such process */ ENORSRC = kENORSRCErr, /* No such resource */ EINTR = kEINTRErr, /* Interrupted system service */ /* EIO = kEIOErr, /* I/O error */ ENXIO = kENXIOErr, /* No such device or address */ /* EBADF = kEBADFErr, /* Bad file number */ EAGAIN = kEAGAINErr, /* Try operation again later */ /* ENOMEM = kENOMEMErr, /* Not enough space */ /* EACCES = kEACCESErr, /* Permission denied */ EFAULT = kEFAULTErr, /* Bad address */ EBUSY = kEBUSYErr, /* Device or resource busy */ /* EEXIST = kEEXISTErr, /* File exists */ ENODEV = kENODEVErr, /* No such device */ ENOTDIR = kENOTDIRErr, /* Not a directory */ /* EISDIR = kEISDIRErr, /* Is a directory */ /* EMFILE = kEMFILEErr, /* Too many sockets open */ /* EINVAL = kEINVALErr, /* Invalid argument */ ENOTTY = kENOTTYErr, /* Not a character device */ EPIPE = kEPIPEErr, /* Broken pipe */ /* ENOSPC = kENOSPCErr, /* Not enough space to write output */ ERANGE = kERANGEErr, /* Message size too large for STREAM */ EDEADLK = kEDEADLKErr, /* or a deadlock would occur */ EPROTO = kEPROTOErr, /* Protocol error */ EBADMSG = kEBADMSGErr, /* Trying to read unreadable message */ ECANCEL = kECANCELErr, /* Operation cancelled */ ENOMSG = kENOMSGErr, /* No message of desired type */ ENOSTR = kENOSTRErr, /* Device not a stream */ ENODATA = kENODATAErr, /* No data (for no delay I/O) */ ETIME = kETIMEErr, /* Timer expired */ ENOSR = kENOSRErr, /* Out of streams resources */ ENOTSOCK = kENOTSOCKErr, /* Socket operation on non-socket */ EDESTADDRREQ = kEDESTADDRREQErr, /* Destination address required */ EMSGSIZE = kEMSGSIZEErr, /* Message too long */ EPROTOTYPE = kEPROTOTYPEErr, /* Protocol wrong type for socket */ ENOPROTOOPT = kENOPROTOOPTErr, /* Protocol not available */ EPROTONOSUPPORT = kEPROTONOSUPPORTErr, /* Protocol not supported */ ESOCKTNOSUPPORT = kESOCKTNOSUPPORTErr, /* Socket type not supported */ EOPNOTSUPP = kEOPNOTSUPPErr, /* Operation not supported on socket */ EPFNOSUPPORT = kEPFNOSUPPORTErr, /* Protocol family not supported */ EAFNOSUPPORT = kEAFNOSUPPORTErr, /* Address family not supported */ EADDRINUSE = kEADDRINUSEErr, /* Address already in use */ EADDRNOTAVAIL = kEADDRNOTAVAILErr, /* Can't assign requested address */ ENETDOWN = kENETDOWNErr, /* No network, check TCP/IP settings */ ENETUNREACH = kENETUNREACHErr, /* Network is unreachable */ ENETRESET = kENETRESETErr, /* Network dropped connection on reset */ ECONNABORTED = kECONNABORTEDErr, /* Software caused connection abort */ ECONNRESET = kECONNRESETErr, /* Connection reset by peer */ ENOBUFS = kENOBUFSErr, /* No buffer space available */ EISCONN = kEISCONNErr, /* Socket is already connected */ ENOTCONN = kENOTCONNErr, /* Socket is not connected */ ESHUTDOWN = kESHUTDOWNErr, /* Can't send after socket shutdown */ ETOOMANYREFS = kETOOMANYREFSErr, /* Too many references: can't splice */ ETIMEDOUT = kETIMEDOUTErr, /* Connection timed out */ ECONNREFUSED = kECONNREFUSEDErr, /* Connection refused */ EHOSTDOWN = kEHOSTDOWNErr, /* Host is down */ EHOSTUNREACH = kEHOSTUNREACHErr, /* No route to host */ EWOULDBLOCK = kEWOULDBLOCKErr, /* Call would block, so was aborted */ EALREADY = kEALREADYErr, /* Operation already in progress */ EINPROGRESS = kEINPROGRESSErr, /* Operation now in progress */ EBADDOMAINNAME = kEBADDOMAINNAMEErr, /* Bad domain name in TCP/IP settings */ EBADNAMESERVERS = kEBADNAMESERVERSErr, /* Bad name servers in TCP/IP settings */ ENONETWORK = kENONETWORKErr /* No network: check TCP/IP settings */ }; #endif /* !rez */ #endif /* _SOCKET_ERRORS_ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/hesiod.h0000777000076400007640000000631207403027605024621 00000000000000/* $Id: hesiod.h,v 1.2 2001/12/04 02:05:57 rjs3 Exp $ */ /* * Copyright (c) 1996 by Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ #ifndef HESIOD__INCLUDED #define HESIOD__INCLUDED #include #if TARGET_RT_MAC_CFM #include #include #include #endif #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import on #endif #ifdef __cplusplus extern "C" { #endif /* Application-visible define to signal that we have the new interfaces. */ #define HESIOD_INTERFACES struct hesiod_postoffice { char *hesiod_po_type; char *hesiod_po_host; char *hesiod_po_name; }; /* Library control functions */ #define HesiodLibIsPresent_ ((Ptr) hesiod_init != (Ptr) kUnresolvedCFragSymbolAddress) OSStatus hesiod_abort_operations(void); /* Hesiod API functions */ int hesiod_init(void **context); void hesiod_end(void *context); char *hesiod_to_bind(void *context, const char *name, const char *type); char **hesiod_resolve(void *context, const char *name, const char *type); void hesiod_free_list(void *context, char **list); struct passwd *hesiod_getpwnam(void *context, const char *name); struct passwd *hesiod_getpwuid(void *context, uid_t uid); void hesiod_free_passwd(void *context, struct passwd *pw); struct servent *hesiod_getservbyname(void *context, const char *name, const char *proto); void hesiod_free_servent(void *context, struct servent *serv); struct hesiod_postoffice *hesiod_getmailhost(void *context, const char *user); void hesiod_free_postoffice(void *context, struct hesiod_postoffice *po); /* Compatibility stuff. */ #define HES_ER_UNINIT -1 /* uninitialized */ #define HES_ER_OK 0 /* no error */ #define HES_ER_NOTFOUND 1 /* Hesiod name not found by server */ #define HES_ER_CONFIG 2 /* local problem (no config file?) */ #define HES_ER_NET 3 /* network problem */ struct hes_postoffice { char *po_type; char *po_host; char *po_name; }; int hes_init(void); char *hes_to_bind(const char *name, const char *type); char **hes_resolve(const char *name, const char *type); int hes_error(void); struct passwd *hes_getpwnam(const char *name); struct passwd *hes_getpwuid(uid_t uid); struct servent *hes_getservbyname(const char *name, const char *proto); struct hes_postoffice *hes_getmailhost(const char *name); #ifdef __cplusplus } #endif #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import reset #endif #endif /* HESIOD__INCLUDED */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/netdb.h0000777000076400007640000001014107403027605024435 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/netdb.h,v 1.2 2001/12/04 02:05:57 rjs3 Exp $ */ /* MIT Sockets Library * netdb.h * macdev@mit.edu */ #ifndef _NETDB_H #define _NETDB_H #include #ifdef __cplusplus extern "C" { #endif struct hostent { char *h_name; /* official (cannonical) name of host */ char **h_aliases; /* pointer to array of pointers of alias names */ int h_addrtype; /* host address type: AF_INET or AF_INET6 */ int h_length; /* length of address: 4 or 16 */ char **h_addr_list; /* pointer to array of pointers with IPv4 or IPv6 addresses */ }; #define h_addr h_addr_list[0] /* first address in list */ struct servent { char *s_name; /* official service name */ char **s_aliases; /* alias list */ int s_port; /* port number, network-byte order */ char *s_proto; /* protocol to use */ }; #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import on #endif #if !TARGET_RT_MAC_CFM # pragma d0_pointers on #endif struct hostent *gethostbyname(const char *hostname); struct hostent *gethostbyaddr(const char *addr, size_t len, int family); /* Gets the local host's hostname. If namelen isn't long enough, it puts in as much of the name as possible, without a terminating null. This is done so it is compatible with the unix version. This is, admittedly, the wrong way to write a code, but my excuse is compatibility. It should really dynamically allocate space. Oh well. It also assert()'s if you don't pass it a reasonably sized buffer. */ int gethostname(char *name, size_t namelen); /* Opens the service database if needed and gets the next service entry. Returns NULL if you have read them all. On error, returns NULL and calls SetMITLibError(). */ struct servent *getservent (void); /* Closes the service database. On error, calls SetMITLibError(). */ void endservent (void); struct servent *getservbyname (const char *servname, const char *protname); struct servent *getservbyport (int port, const char *protname); #if !TARGET_RT_MAC_CFM # pragma d0_pointers reset #endif #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import reset #endif #ifdef __cplusplus } #endif #endif /* _NETDB_H */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/KerberosSupport.h0000777000076400007640000000164407403027604026521 00000000000000#ifndef __KERBEROSSUPPORT__ #define __KERBEROSSUPPORT__ #include /* * I don't want to export any of these to the general public * If you need them, you should be including them directly, * using the paths as below: #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include */ #endif /* __KERBEROSSUPPORT__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/Idle.h0000777000076400007640000001025307403027604024221 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/Idle.h,v 1.2 2001/12/04 02:05:56 rjs3 Exp $ */ /* * * Idle.h -- Main external header file for the Idle library. * */ #ifndef _IDLELIB_ #define _IDLELIB_ #include #ifdef __cplusplus extern "C" { #endif #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import on #endif /****************************/ /* API Structures and Types */ /****************************/ /* Callback API for Event handler proc for idle loop */ typedef CALLBACK_API (Boolean, IdleEventHandlerProcPtr) (const EventRecord *theEvent, UInt32 refCon); /* UPP for Idle Library event filter */ #if !TARGET_API_MAC_CARBON typedef STACK_UPP_TYPE (IdleEventHandlerProcPtr) IdleEventHandlerUPP; #define NewIdleEventHandlerProc(userRoutine) \ (IdleEventHandlerUPP) NewRoutineDescriptor((ProcPtr)(userRoutine), uppIdleEventHandlerProcInfo, GetCurrentArchitecture()) #else typedef IdleEventHandlerProcPtr IdleEventHandlerUPP; #define NewIdleEventHandlerProc(userRoutine) \ userRoutine #endif /* Procinfo for Idle Library event filter */ enum { uppIdleEventHandlerProcInfo = kPascalStackBased | RESULT_SIZE (sizeof (Boolean)) | STACK_ROUTINE_PARAMETER (1, SIZE_CODE (sizeof (const EventRecord *))) | STACK_ROUTINE_PARAMETER (2, SIZE_CODE (sizeof (UInt32))) }; /***********************/ /* Function Prototypes */ /***********************/ #define IdleLibIsPresent_ ((Ptr) Idle != (Ptr) kUnresolvedCFragSymbolAddress) /* IdleLib API calls */ OSStatus IdleAddEventHandler(IdleEventHandlerUPP eventHandlerUPP, Boolean isApplication, UInt16 mask, UInt32 refCon); OSStatus IdleRemoveEventHandler(IdleEventHandlerUPP eventHandlerUPP); void IdleSetActive(IdleEventHandlerUPP eventHandlerUPP); void IdleSetInactive(IdleEventHandlerUPP eventHandlerUPP); void IdleSetIdleFrequency(UInt32 idleFrequency); UInt32 IdleGetIdleFrequency(void); void IdleSetEventSleepTime(UInt32 eventSleepTime); UInt32 IdleGetEventSleepTime(void); void IdleSetThreaded(Boolean isThreaded); Boolean IdleGetThreaded(void); void IdleSetShouldIdle(Boolean shouldIdle); Boolean IdleGetShouldIdle(void); Boolean IdleHandleEvent (const EventRecord *theEvent); OSStatus Idle(void); #if defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) # pragma import reset #endif #ifdef __cplusplus } #endif #endif /* _IDLELIB_ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ErrorLib.h0000777000076400007640000001142207403027604025063 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ErrorLib.h,v 1.2 2001/12/04 02:05:56 rjs3 Exp $ */ /* * * errorlib.h -- Functions to handle socket/dns lib errors. * */ #ifndef __ERRORLIB__ #define __ERRORLIB__ #include #if TARGET_RT_MAC_CFM #if TARGET_API_MAC_CARBON #include #endif #include #include #else #include #endif #include #if PRAGMA_ONCE #pragma once #endif #ifdef __cplusplus extern "C" { #endif #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /* ********************* */ /* The global error code */ /* ********************* */ extern OSStatus gMITLibError; /* ****************************************************** */ /* length the buffer passed to GetErrorString() should be */ /* ****************************************************** */ #define kMaxErrorLength 512 /* ******************* */ /* type of error table */ /* ******************* */ #define kErrorTableResType 'ErrT' /* *********************************************** */ /* Format of the error string for GetErrorString() */ /* *********************************************** */ enum ErrorFormat { kErrorLongFormat, kErrorShortFormat, kErrorManager, kErrorShortString, kErrorLongString }; typedef enum ErrorFormat ErrorFormat; /* ******************* */ /* Function prototypes */ /* ******************* */ #if !TARGET_RT_MAC_CFM # pragma d0_pointers on #else # define ErrorLibraryIsPresent() ((Ptr) (RegisterErrorTable) != (Ptr) (kUnresolvedCFragSymbolAddress)) #endif extern OSStatus GetMITLibError(void); extern void SetMITLibError(OSStatus theError); extern void ClearMITLibError(void); extern OSStatus RegisterErrorTable(const FSSpec* inResFile, SInt16 inResID); #if TARGET_API_MAC_CARBON extern OSStatus RegisterErrorTableForBundle(CFStringRef inBundleID, SInt16 inResID); #endif extern OSStatus GetErrorLongFormat(OSStatus error, char *message, long messageLength); extern OSStatus GetErrorShortFormat(OSStatus error, char *message, long messageLength); extern OSStatus GetErrorManager(OSStatus error, char *message, long messageLength); extern OSStatus GetErrorShortString(OSStatus error, char *message, long messageLength); extern OSStatus GetErrorLongString(OSStatus error, char *message, long messageLength); extern OSStatus GetErrorString(OSStatus error, char *message, long messageLength, ErrorFormat format); #if !TARGET_RT_MAC_CFM # pragma d0_pointers reset #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif #endif /* __ERRORLIB__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/Utilities.h0000777000076400007640000001065607403027605025327 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/Utilities.h,v 1.2 2001/12/04 02:05:57 rjs3 Exp $ */ /* * Utilities.h - Public header file for the Utilities library */ #ifndef __UTILITIES__ #define __UTILITIES__ #include #include #include #include #if PRAGMA_ONCE #pragma once #endif #ifdef __cplusplus extern "C" { #endif #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /************************/ /* Structures and Types */ /************************/ /* common types for POSIX structures */ typedef unsigned char u_char; typedef unsigned short u_short; typedef unsigned int u_int; typedef unsigned long u_long; typedef unsigned char uchar_t; typedef unsigned short ushort_t; /*typedef UInt32 uint_t;*/ /* We don't define uint_t because OpenTransport.h does. */ typedef unsigned long ulong_t; typedef char *caddr_t; typedef SInt32 daddr_t; typedef SInt16 cnt_t; typedef ulong_t paddr_t; typedef uchar_t use_t; typedef SInt16 sysid_t; typedef SInt16 index_t; /**********/ /* Macros */ /**********/ /* macros for BSD memory utilities */ #define bzero(dest, nbytes) memset(dest, 0, nbytes) #define bcopy(src, dest, nbytes) memcpy(dest, src, nbytes) #define bcmp(ptr1, ptr2, nbytes) memcmp(ptr1, ptr2, nbytes) #define index(s, c) strchr(s, c) #define rindex(s, c) strrchr(s, c) /***********************/ /* Function Prototypes */ /***********************/ /* String Utilities */ int strcasecmp(const char *s1, const char *s2); int strncasecmp(const char *s1, const char *s2, register int n); char *strtoken (const char *s, const char *delim, int index); char *strdup (const char *s); void swab(register char *from, register char *to, register int n); /* Time Utilities */ int gettimeofday (struct timeval *tp, struct timezone *); int settimeofday (struct timeval *tp, struct timezone *); void get_gmt_offset(void); void mac_time_to_unix_time (time_t *time); void unix_time_to_mac_time (time_t *time); void msl_time_to_unix_time (time_t *time); void unix_time_to_msl_time (time_t *time); /* Mac OS X Runtime utilities */ Boolean RunningUnderClassic (void); Boolean RunningUnderMacOSX (void); #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif #endif /* __UTILTIES__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ShlibDriver.h0000777000076400007640000000125407403027605025563 00000000000000#pragma once #include #include #if PRAGMA_IMPORT #pragma import on #endif enum { kShlibDriverOffendingProcessGestalt = FOUR_CHAR_CODE ('hl¿Ä') }; #define kShlibDriverFragmentName "\pMIT Support¥ShlibDriverLib" #ifdef __cplusplus extern "C" { #endif OSErr LoadSharedLibraryDriver ( Str31 inDriverName, Str255 inDispatchLibraryName); OSErr UnloadSharedLibraryDriver ( Str31 inDriverName, ProcessSerialNumber* outOffendingProcess); OSErr RegisterFileWithCodeFragmentManager ( const FSSpec* inFile); #ifdef __cplusplus } #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ErrorList.r0000777000076400007640000000520107403027604025300 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/ErrorList.r,v 1.2 2001/12/04 02:05:56 rjs3 Exp $ */ type 'ErrT' { integer = $$CountOf (ErrorTable); // Number of errors in the table align long; wide array ErrorTable { EntryStart: // Calculate the length of this // array element (in bytes) integer = (EntryEnd [$$ArrayIndex (ErrorTable)] - EntryStart [$$ArrayIndex (ErrorTable)]) / 8; align long; longint; // ErrorCode cstring; // Short error string align long; cstring; // Long error string align long; EntryEnd: }; }; /* sample format: error number, short error string, long error string error numbers don't have to be consecutive resource 'ErrT' (129, "Manager Name") { { -1, "Short 1", "Long 1", -2, "Short 2", "Long 2" } }; */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/KerberosConditionalMacros.h0000777000076400007640000000175007403027604030453 00000000000000/* * Shim header file to get the functionality of ConditionalMacros.h * in all environments */ #ifndef KERBEROSCONDITIONALMACROS_H #define KERBEROSCONDITIONALMACROS_H #if defined(macintosh) && !(defined(__MACH__) && defined(__APPLE__)) /* Mac OS 8 and 9 */ #include #elif defined(__GNUC__) && ( defined(__APPLE_CPP__) || defined(__APPLE_CC__) || defined(__MACOS_CLASSIC__)) /* Mac OS X compilers we support */ #include /* Darwin macros: TARGET_OS_*, TARGET_CPU_*, TARGET_RT_* */ /* Things we use which are not defined by Darwin's conditional macros */ #define TARGET_API_MAC_CARBON 1 /* Currently we require Carbon */ #define TARGET_API_MAC_OSX 1 /* This is a Mac OS X box */ #define BAGEL_STAPLING 1 /* We love Mac OS X */ #define ALL_YOUR_KERBEROS_ARE_BELONG_TO_US 1 /* We love Kerberos */ #else #error "Unsupported environment" #endif #endif /* KERBEROSCONDITIONALMACROS_H */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/pwd.h0000777000076400007640000000442307403027605024141 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosSupport/pwd.h,v 1.2 2001/12/04 02:05:57 rjs3 Exp $ */ /* pwd.h -- struct passwd */ #ifndef __PWD__ #define __PWD__ #include /* passwd structure for passwd fields */ struct passwd { char *pw_name; char *pw_passwd; uid_t pw_uid; uid_t pw_gid; int pw_quota; char *pw_comment; char *pw_gecos; char *pw_dir; char *pw_shell; }; #endif /* __PWD__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClient/0000777000076400007640000000000011632367343021435 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClient/KClient.h0000777000076400007640000001446307403027562023067 00000000000000/* * KClient 3.0 API declarations * See KClient30-API.html * * $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KClient/KClient.h,v 1.2 2001/12/04 02:05:38 rjs3 Exp $ */ #ifndef __KCLIENT__ #define __KCLIENT__ /* Constants */ enum { /* No error */ kcNoError = 0, /* General runtime errors */ kcErrNoMemory = 23000, kcErrBadParam, /* Various invalid structures */ kcErrInvalidSession = 23010, kcErrInvalidPrincipal, kcErrInvalidAddress, kcErrInvalidFile, /* Missing required settings in the session */ kcErrNoClientPrincipal = 23020, kcErrNoServerPrincipal, kcErrNoLocalAddress, kcErrNoRemoteAddress, kcErrNoSessionKey, kcErrNoServiceKey, kcErrNoChecksum, kcErrNotLoggedIn = 23030, kcErrUserCancelled, kcErrIncorrectPassword, kcErrBufferTooSmall = 23040, kcErrKeyFileAccess, kcErrFileNotFound, kcErrInvalidPreferences, kcErrChecksumMismatch, kcFirstKerberosError = 20000, kcLastKerberosError = kcFirstKerberosError + 256 }; #ifndef rez #include #include #include #include #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #else #error "Unknown OS" #endif #ifdef __cplusplus extern "C" { #endif /* Functions */ OSStatus KClientGetVersion ( UInt16* outMajorVersion, UInt16* outMinorVersion, const char** outVersionString); /* Initialization / destruction */ OSStatus KClientNewClientSession ( KClientSession* outSession); OSStatus KClientNewServerSession ( KClientSession* inSession, KClientPrincipal inService); OSStatus KClientDisposeSession ( KClientSession inSession); /* Accessing session properties */ OSStatus KClientGetClientPrincipal ( KClientSession inSession, KClientPrincipal* outPrincipal); OSStatus KClientSetClientPrincipal ( KClientSession inSession, KClientPrincipal inPrincipal); OSStatus KClientGetServerPrincipal ( KClientSession inSession, KClientPrincipal* outPrincipal); OSStatus KClientSetServerPrincipal ( KClientSession inSession, KClientPrincipal inPrincipal); OSStatus KClientGetLocalAddress ( KClientSession inSession, KClientAddress* outLocalAddress); OSStatus KClientSetLocalAddress ( KClientSession inSession, const KClientAddress* inLocalAddress); OSStatus KClientGetRemoteAddress ( KClientSession inSession, KClientAddress* outRemoteAddress); OSStatus KClientSetRemoteAddress ( KClientSession inSession, const KClientAddress* inRemoteAddress); OSStatus KClientGetSessionKey ( KClientSession inSession, KClientKey* outKey); OSStatus KClientGetExpirationTime ( KClientSession inSession, UInt32* outExpiration); OSStatus KClientSetKeyFile ( KClientSession inSession, const KClientFile* inKeyFile); /* Logging in and out (client) */ OSStatus KClientLogin ( KClientSession inSession); OSStatus KClientPasswordLogin ( KClientSession inSession, const char* inPassword); OSStatus KClientKeyFileLogin ( KClientSession inSession); /*OSStatus KClientKeyLogin ( KClientSession inSession, const KClientKey* inKey);*/ OSStatus KClientLogout ( KClientSession inSession); /* Accessing service keys (server) */ OSStatus KClientGetServiceKey ( KClientSession inSession, UInt32 inVersion, KClientKey* outKey); OSStatus KClientAddServiceKey ( KClientSession inSession, UInt32 inVersion, const KClientKey* inKey); /* Authenticating to a service (client) */ OSStatus KClientGetTicketForService ( KClientSession inSession, UInt32 inChecksum, void* outBuffer, UInt32* ioBufferLength); OSStatus KClientGetAuthenticatorForService ( KClientSession inSession, UInt32 inChecksum, const char* inApplicationVersion, void* outBuffer, UInt32* ioBufferLength); OSStatus KClientVerifyEncryptedServiceReply ( KClientSession inSession, const void* inBuffer, UInt32 inBufferLength); OSStatus KClientVerifyProtectedServiceReply ( KClientSession inSession, const void* inBuffer, UInt32 inBufferLength); /* Authenticating a client (server) */ OSStatus KClientVerifyAuthenticator ( KClientSession inSession, const void* inBuffer, UInt32 inBufferLength); OSStatus KClientGetEncryptedServiceReply ( KClientSession inSession, void* outBuffer, UInt32* ioBufferSize); OSStatus KClientGetProtectedServiceReply ( KClientSession inSession, void* outBuffer, UInt32* ioBufferSize); /* Communicating between a server and a client */ OSStatus KClientEncrypt ( KClientSession inSession, const void* inPlainBuffer, UInt32 inPlainBufferLength, void* outEncryptedBuffer, UInt32* ioEncryptedBufferLength); OSStatus KClientDecrypt ( KClientSession inSession, void* inEncryptedBuffer, UInt32 inDecryptedBufferLength, UInt32* outPlainOffset, UInt32* outPlainLength); OSStatus KClientProtectIntegrity ( KClientSession inSession, const void* inPlainBuffer, UInt32 inPlainBufferLength, void* outProtectedBuffer, UInt32* ioProtectedBufferLength); OSStatus KClientVerifyIntegrity ( KClientSession inSession, void* inProtectedBuffer, UInt32 inProtectedBufferLength, UInt32* outPlainOffset, UInt32* outPlainLength); /* Miscellaneous */ OSStatus KClientPasswordToKey ( KClientSession inSession, const char* inPassword, KClientKey* outKey); /* Getting to other APIs */ OSStatus KClientGetCCacheReference ( KClientSession inSession, cc_ccache_t* outCCacheReference); OSStatus KClientGetProfileHandle ( KClientSession inSession, profile_t* outProfileHandle); /* Principal manipulation */ OSStatus KClientV4StringToPrincipal ( const char* inPrincipalString, KClientPrincipal* outPrincipal); OSStatus KClientPrincipalToV4String ( KClientPrincipal inPrincipal, char* outPrincipalString); OSStatus KClientPrincipalToV4Triplet ( KClientPrincipal inPrincipal, char* outName, char* outInstance, char* outRealm); OSStatus KClientDisposePrincipal ( KClientPrincipal inPrincipal); #ifdef __cplusplus } #endif #endif /* !rez */ #endif /* __KCLIENT__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClient/KClientTypes.h0000777000076400007640000000230307403027563024103 00000000000000#ifndef KClientTypes_h #define KClientTypes_h #include #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #else #error "Unknown OS" #endif #ifdef __cplusplus extern "C" { #endif /* Constants */ /* Different kerberos name formats */ enum { KClientLocalName, /* Don't specify realm */ KClientCommonName, /* Only specify realm if it isn't local */ KClientFullName /* Always specify realm */ }; /* Opaque types */ struct KClientSessionOpaque; typedef struct KClientSessionOpaque* KClientSession; struct KClientPrincipalOpaque; typedef struct KClientPrincipalOpaque* KClientPrincipal; /* Visible types */ typedef FSSpec KClientFile; struct KClientAddress { UInt32 address; UInt16 port; }; typedef struct KClientAddress KClientAddress; struct KClientKey { des_cblock key; }; typedef struct KClientKey KClientKey; struct KClientKeySchedule { des_key_schedule keySchedule; }; typedef struct KClientKeySchedule KClientKeySchedule; #ifdef __cplusplus } #endif #endif /* KClientTypes_h */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosDES/0000777000076400007640000000000011632367343022214 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosDES/des.h0000777000076400007640000001501707403027577023072 00000000000000/* * des.h * * Copyright (C) 1987, 1988, 1989 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * Include file for the Data Encryption Standard library. */ /* only do the whole thing once */ #ifndef DES_H #define DES_H #include #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #endif #if TARGET_API_MAC_OSX #include #ifndef DES_INT32 #define DES_INT32 int32_t #endif #ifndef DES_UINT32 #define DES_UINT32 u_int32_t #endif #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #ifndef DES_INT32 #define DES_INT32 SInt32 #endif #ifndef DES_UINT32 #define DES_UINT32 UInt32 #endif #endif #if !defined(DES_INT32) || !defined(DES_UINT32) #error "Unsupported platform. Need definitions for UInt32 and SInt32." #endif /* There are some declarations in the system-specific header files which can't be done until DES_INT32 is defined. So they are in a macro, which we expand here if defined. */ #ifdef DECL_THAT_NEEDS_DES_INT32 DECL_THAT_NEEDS_DES_INT32 #endif typedef unsigned char des_cblock[8]; /* crypto-block size */ /* Key schedule */ typedef struct des_ks_struct { union { DES_INT32 pad; des_cblock _;} __; } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 #ifndef NCOMPAT #define C_Block des_cblock #define Key_schedule des_key_schedule #define ENCRYPT DES_ENCRYPT #define DECRYPT DES_DECRYPT #define KEY_SZ DES_KEY_SZ #define mit_string_to_key des_string_to_key #define string_to_key des_string_to_key #define read_pw_string des_read_pw_string #define random_key des_random_key #define pcbc_encrypt des_pcbc_encrypt #define key_sched des_key_sched #define cbc_encrypt des_cbc_encrypt #define cbc_cksum des_cbc_cksum #define C_Block_print des_cblock_print #define quad_cksum des_quad_cksum typedef struct des_ks_struct bit_64; #endif #define des_cblock_print(x) des_cblock_print_file(x, stdout) /* Function declarations */ #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* Macintosh CFM-68K magic incantation */ #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif #if TARGET_RT_MAC_CFM # define DESLibraryIsPresent() ((Ptr) (des_cbc_encrypt) != (Ptr) (kUnresolvedCFragSymbolAddress)) #elif TARGET_CPU_68K # pragma d0_pointers on #endif int des_cbc_encrypt(des_cblock *in, des_cblock *out, long length, des_key_schedule schedule, des_cblock ivec, int encrypt); void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock ivec, int encrypt); unsigned long des_cbc_cksum(des_cblock *in, des_cblock *out, long length, des_key_schedule schedule, des_cblock *ivec); int des_ecb_encrypt(des_cblock *in, des_cblock *out, des_key_schedule schedule, int encrypt); void des_3ecb_encrypt(des_cblock *in, des_cblock *out, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, int encrypt); void des_fixup_key_parity(register des_cblock key); int des_check_key_parity(register des_cblock key); int des_pcbc_encrypt(des_cblock *in, des_cblock *out, long length, des_key_schedule schedule, des_cblock ivec, int encrypt); int make_key_sched(des_cblock *key, des_key_schedule schedule); int des_key_sched(des_cblock k, des_key_schedule schedule); int des_new_random_key(des_cblock key); void des_init_random_number_generator(des_cblock key); void des_set_random_generator_seed(des_cblock key); void des_set_sequence_number(des_cblock new_sequence_number); void des_generate_random_block(des_cblock block); unsigned long des_quad_cksum(unsigned char *in, unsigned long *out, long length, int out_count, des_cblock *c_seed); int des_random_key(des_cblock *key); int des_read_password(des_cblock *k, char *prompt, int verify); int des_read_pw_string(char *s, int max, char *prompt, int verify); int des_string_to_key(char *str, des_cblock key); void afs_string_to_key(char *str, char *cell, des_cblock key); void des_cblock_print_file(des_cblock *x, FILE *fp); int des_is_weak_key(des_cblock key); char *des_crypt(const char *buf, const char *salt); char *des_fcrypt(const char *buf, const char *salt, char *ret); int des_set_key(des_cblock *key, des_key_schedule schedule); #if !TARGET_RT_MAC_CFM # pragma d0_pointers reset #endif /* Macintosh CFM-68K magic incantation */ #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* DES_H */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosDES/KerberosDES.h0000777000076400007640000000226607403027577024431 00000000000000/* * KerberosDES.h * * Copyright (C) 1987, 1988, 1989 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America is assumed * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * Include file for the Data Encryption Standard library. */ #ifndef __KERBEROSDES__ #define __KERBEROSDES__ #include #endif /* __KERBEROSDES__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClientDeprecated/0000777000076400007640000000000011632367343023416 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClientDeprecated/KClientDeprecated.h0000777000076400007640000000714207403027565027030 00000000000000/* * KClient 1.9 deprecated API * * $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KClientDeprecated/KClientDeprecated.h,v 1.2 2001/12/04 02:05:41 rjs3 Exp $ */ #ifndef __KCLIENTDEPRECATED__ #define __KCLIENTDEPRECATED__ #if PRAGMA_ONCE #pragma once #endif /* PRAGMA_ONCE */ #include #include #include #ifdef __cplusplus extern "C" { #endif /* * Important! * * The following functions are deprecated. They will be removed from the library * and the header files in the future. See documentation for moving to KClient * 3.0 API to see how you can update your code. */ OSStatus KClientCacheInitialTicketDeprecated ( KClientSession* inSession, char* inService); OSStatus KClientGetLocalRealmDeprecated ( char* outRealm); OSStatus KClientSetLocalRealmDeprecated ( const char* inRealm); OSStatus KClientGetRealmDeprecated ( const char* inHost, char* outRealm); OSStatus KClientAddRealmMapDeprecated ( char* inHost, char* inRealm); OSStatus KClientDeleteRealmMapDeprecated ( char* inHost); OSStatus KClientGetNthRealmMapDeprecated ( SInt32 inIndex, char* outHost, char* outRealm); OSStatus KClientGetNthServerDeprecated ( SInt32 inIndex, char* outHost, char* inRealm, Boolean inAdmin); OSStatus KClientAddServerMapDeprecated ( char* inHost, char* inRealm, Boolean inAdmin); OSStatus KClientDeleteServerMapDeprecated ( char* inHost, char* inRealm); OSStatus KClientGetNthServerMapDeprecated ( SInt32 inIndex, char* outHost, char* outRealm, Boolean* outAdmin); OSStatus KClientGetNthServerPortDeprecated ( SInt32 inIndex, UInt16* outPort); OSStatus KClientSetNthServerPortDeprecated ( SInt32 inIndex, UInt16 inPort); OSStatus KClientGetNumSessionsDeprecated ( SInt32* outSessions); OSStatus KClientGetNthSessionDeprecated ( SInt32 inIndex, char* outName, char* outInstance, char* outRealm); OSStatus KClientDeleteSessionDeprecated ( char* inName, char* inInstance, char* inRealm); OSStatus KClientGetCredentialsDeprecated ( char* inName, char* inInstance, char* inRealm, CREDENTIALS* outCred); OSStatus KClientAddCredentialsDeprecated ( char* inName, char* inInstance, char* inRealm, CREDENTIALS* inCred); OSStatus KClientDeleteCredentialsDeprecated ( char* inName, char* inInstance, char* inRealm, char* inSname, char* inSinstance, char* inSrealm); OSStatus KClientGetNumCredentialsDeprecated ( SInt32* outNumCredentials, char* inName, char* inInstance, char* inRealm); OSStatus KClientGetNthCredentialDeprecated ( SInt32 inIndex, char* inName, char* inInstance, char* inRealm, char* inSname, char* inSinstance, char* inSrealm); OSStatus KClientGetUserNameDeprecated ( char* outUserName); void KClientGetErrorTextDeprecated ( OSErr inError, char* outBuffer); /* * Warning! * * The following are K5Client calls. Not only are they deprecated, but they should * never have existed in the first place. They are here so that KClient can swallow * K5Client (Yummmmmm) */ OSStatus K5ClientGetTicketForServiceDeprecated ( char* inService, void* outBuffer, UInt32* outBufferLength); OSStatus K5ClientGetAuthenticatorForServiceDeprecated ( char* inService, char* inApplicationVersion, void* outBuffer, UInt32* outBufferLength); #ifdef __cplusplus } #endif #endif /* __KCLIENTDEPRECATED__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/CredentialsCache/0000777000076400007640000000000011632367343023265 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/CredentialsCache/CredentialsCache2.h0000777000076400007640000001355707403027560026632 00000000000000/* * This is backwards compatibility for CCache API v2 clients to be able to run * against the CCache API v3 library */ #ifndef __CREDENTIALSCACHE2__ #define __CREDENTIALSCACHE2__ #include #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ #include #if PRAGMA_IMPORT # pragma import on #endif /* This stuff is to make sure that we always use the same compiler options for this header file. Otherwise we get really exciting failure modes -- meeroh */ /* Sadly, the v2 APi didn't specify the alignment, so we use the default except on MacOS (where our implementation defined it to be 2-byte aligned) */ #if TARGET_OS_MAC #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif #endif #if PRAGMA_ENUM_ALWAYSINT #pragma enumsalwaysint on #endif #if TARGET_CPU_68K #pragma fourbyteints on #endif /* Some old types get directly mapped to new types */ typedef cc_context_d apiCB; typedef cc_ccache_d ccache_p; typedef cc_credentials_iterator_d ccache_cit_creds; typedef cc_ccache_iterator_d ccache_cit_ccache; typedef cc_data cc_data_compat; typedef cc_int32 cc_cred_vers; typedef cc_int32 cc_result; /* This doesn't exist in API v3 */ typedef cc_uint32 cc_flags; /* Credentials types are visible to the caller so we have to keep binary compatibility */ typedef struct cc_credentials_v5_compat { char* client; char* server; cc_data_compat keyblock; cc_time_t authtime; cc_time_t starttime; cc_time_t endtime; cc_time_t renew_till; cc_uint32 is_skey; cc_uint32 ticket_flags; cc_data_compat** addresses; cc_data_compat ticket; cc_data_compat second_ticket; cc_data_compat** authdata; } cc_credentials_v5_compat; enum { MAX_V4_CRED_LEN = 1250 }; enum { KRB_NAME_SZ = 40, KRB_INSTANCE_SZ = 40, KRB_REALM_SZ = 40 }; typedef struct cc_credentials_v4_compat { unsigned char kversion; char principal[KRB_NAME_SZ+1]; char principal_instance[KRB_INSTANCE_SZ+1]; char service[KRB_NAME_SZ+1]; char service_instance[KRB_INSTANCE_SZ+1]; char realm[KRB_REALM_SZ+1]; unsigned char session_key[8]; cc_int32 kvno; cc_int32 str_to_key; long issue_date; cc_int32 lifetime; cc_uint32 address; cc_int32 ticket_sz; unsigned char ticket[MAX_V4_CRED_LEN]; unsigned long oops; } cc_credentials_v4_compat; typedef union cred_ptr_union_compat { cc_credentials_v4_compat* pV4Cred; cc_credentials_v5_compat* pV5Cred; } cred_ptr_union_compat; typedef struct cred_union { cc_int32 cred_type; // cc_cred_vers cred_ptr_union_compat cred; } cred_union; /* NC info structure is gone in v3 */ struct infoNC { char* name; char* principal; cc_int32 vers; }; typedef struct infoNC infoNC; /* Some old type names */ typedef cc_credentials_v4_compat V4Cred_type; typedef cc_credentials_v5_compat cc_creds; struct ccache_cit; typedef struct ccache_cit ccache_cit; enum { CC_API_VER_2 = ccapi_version_2 }; enum { CC_NOERROR, CC_BADNAME, CC_NOTFOUND, CC_END, CC_IO, CC_WRITE, CC_NOMEM, CC_FORMAT, CC_LOCKED, CC_BAD_API_VERSION, CC_NO_EXIST, CC_NOT_SUPP, CC_BAD_PARM, CC_ERR_CACHE_ATTACH, CC_ERR_CACHE_RELEASE, CC_ERR_CACHE_FULL, CC_ERR_CRED_VERSION }; enum { CC_CRED_UNKNOWN, CC_CRED_V4, CC_CRED_V5, CC_CRED_MAX }; cc_int32 cc_shutdown ( apiCB** ioContext); cc_int32 cc_get_NC_info ( apiCB* inContext, infoNC*** outInfo); cc_int32 cc_get_change_time ( apiCB* inContext, cc_time_t* outTime); cc_int32 cc_open ( apiCB* inContext, const char* inName, cc_int32 inVersion, cc_uint32 inFlags, ccache_p** outCCache); cc_int32 cc_create ( apiCB* inContext, const char* inName, const char* inPrincipal, cc_int32 inVersion, cc_uint32 inFlags, ccache_p** outCCache); cc_int32 cc_close ( apiCB* inContext, ccache_p** ioCCache); cc_int32 cc_destroy ( apiCB* inContext, ccache_p** ioCCache); cc_int32 cc_seq_fetch_NCs_begin ( apiCB* inContext, ccache_cit** outIterator); cc_int32 cc_seq_fetch_NCs_next ( apiCB* inContext, ccache_p** outCCache, ccache_cit* inIterator); cc_int32 cc_seq_fetch_NCs_end ( apiCB* inContext, ccache_cit** ioIterator); cc_int32 cc_get_name ( apiCB* inContext, ccache_p* inCCache, char** outName); cc_int32 cc_get_cred_version ( apiCB* inContext, ccache_p* inCCache, cc_int32* outVersion); cc_int32 cc_set_principal ( apiCB* inContext, ccache_p* inCCache, cc_int32 inVersion, char* inPrincipal); cc_int32 cc_get_principal ( apiCB* inContext, ccache_p* inCCache, char** outPrincipal); cc_int32 cc_store ( apiCB* inContext, ccache_p* inCCache, cred_union inCredentials); cc_int32 cc_remove_cred ( apiCB* inContext, ccache_p* inCCache, cred_union inCredentials); cc_int32 cc_seq_fetch_creds_begin ( apiCB* inContext, const ccache_p* inCCache, ccache_cit** outIterator); cc_int32 cc_seq_fetch_creds_next ( apiCB* inContext, cred_union** outCreds, ccache_cit* inIterator); cc_int32 cc_seq_fetch_creds_end ( apiCB* inContext, ccache_cit** ioIterator); cc_int32 cc_free_principal ( apiCB* inContext, char** ioPrincipal); cc_int32 cc_free_name ( apiCB* inContext, char** ioName); cc_int32 cc_free_creds ( apiCB* inContext, cred_union** creds); cc_int32 cc_free_NC_info ( apiCB* inContext, infoNC*** ioInfo); #if TARGET_OS_MAC #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #endif #if PRAGMA_ENUM_ALWAYSINT #pragma enumsalwaysint reset #endif #if TARGET_CPU_68K #pragma fourbyteints reset #endif #if PRAGMA_IMPORT # pragma import reset #endif #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* __CREDENTIALSCACHE2__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/CredentialsCache/CredentialsCache.h0000777000076400007640000004400307403027560026536 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Export of this software from the United States of America may require a * specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute * this software and its documentation for any purpose and without fee is * hereby granted, provided that the above copyright notice appear in all * copies and that both that copyright notice and this permission notice * appear in supporting documentation, and that the name of M.I.T. not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. Furthermore if you * modify this software you must label your software as modified software * and not distribute it in such a fashion that it might be confused with * the original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/CredentialsCache/CredentialsCache.h,v 1.2 2001/12/04 02:05:36 rjs3 Exp $ */ /* * Declarations for Credentials Cache API Library * * API specification: * * Revision 1: Frank Dabek, 6/4/1998 * Revision 2: meeroh, 2/24/1999 * Revision 3: meeroh, 11/12/1999 * */ #ifndef __CREDENTIALSCACHE__ #define __CREDENTIALSCACHE__ #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #else #error "Unknown OS; no system types available" #endif #if PRAGMA_IMPORT # pragma import on #endif /* This stuff is to make sure that we always use the same compiler options for this header file. Otherwise we get really exciting failure modes -- meeroh */ #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k4byte #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 4) #elif PRAGMA_STRUCT_PACK #pragma pack(4) #endif #if PRAGMA_ENUM_ALWAYSINT #pragma enumsalwaysint on #endif #if TARGET_CPU_68K #pragma fourbyteints on #endif /* * Constants */ /* API versions */ enum { ccapi_version_2 = 2, ccapi_version_3 = 3, ccapi_version_4 = 4 }; /* Errors */ enum { ccNoError = 0, ccIteratorEnd = 201, ccErrBadParam, ccErrNoMem, ccErrInvalidContext, ccErrInvalidCCache, ccErrInvalidString, /* 206 */ ccErrInvalidCredentials, ccErrInvalidCCacheIterator, ccErrInvalidCredentialsIterator, ccErrInvalidLock, ccErrBadName, /* 211 */ ccErrBadCredentialsVersion, ccErrBadAPIVersion, ccErrContextLocked, ccErrContextUnlocked, ccErrCCacheLocked, /* 216 */ ccErrCCacheUnlocked, ccErrBadLockType, ccErrNeverDefault, ccErrCredentialsNotFound, ccErrCCacheNotFound, /* 221 */ ccErrContextNotFound, ccErrServerUnavailable }; /* Credentials versions */ enum { cc_credentials_v4 = 1, cc_credentials_v5 = 2, cc_credentials_v4_v5 = 3 }; /* * Basic types */ typedef UInt32 cc_uint32; typedef SInt32 cc_int32; typedef cc_uint32 cc_time_t; /* * API types */ /* Forward declarations */ struct cc_context_f; typedef struct cc_context_f cc_context_f; struct cc_ccache_f; typedef struct cc_ccache_f cc_ccache_f; struct cc_ccache_iterator_f; typedef struct cc_ccache_iterator_f cc_ccache_iterator_f; struct cc_ccache_iterator_f; typedef struct cc_credentials_iterator_f cc_credentials_iterator_f; struct cc_string_f; typedef struct cc_string_f cc_string_f; struct cc_credentials_f; typedef struct cc_credentials_f cc_credentials_f; /* Credentials types */ enum { /* Make sure all of these are multiples of four (for alignment sanity) */ cc_v4_name_size = 40, cc_v4_instance_size = 40, cc_v4_realm_size = 40, cc_v4_ticket_size = 1254 }; enum cc_string_to_key_type { cc_v4_stk_afs = 0, cc_v4_stk_des = 1, cc_v4_stk_columbia_special = 2, cc_v4_stk_unknown = 3 }; struct cc_credentials_v4_t { cc_uint32 version; char principal [cc_v4_name_size]; char principal_instance [cc_v4_instance_size]; char service [cc_v4_name_size]; char service_instance [cc_v4_instance_size]; char realm [cc_v4_realm_size]; unsigned char session_key [8]; cc_int32 kvno; cc_int32 string_to_key_type; cc_time_t issue_date; cc_int32 lifetime; cc_uint32 address; cc_int32 ticket_size; unsigned char ticket [cc_v4_ticket_size]; }; typedef struct cc_credentials_v4_t cc_credentials_v4_t; struct cc_data { cc_uint32 type; cc_uint32 length; void* data; }; typedef struct cc_data cc_data; struct cc_credentials_v5_t { char* client; char* server; cc_data keyblock; cc_time_t authtime; cc_time_t starttime; cc_time_t endtime; cc_time_t renew_till; cc_uint32 is_skey; cc_uint32 ticket_flags; cc_data** addresses; cc_data ticket; cc_data second_ticket; cc_data** authdata; }; typedef struct cc_credentials_v5_t cc_credentials_v5_t; struct cc_credentials_union { cc_int32 version; union { cc_credentials_v4_t* credentials_v4; cc_credentials_v5_t* credentials_v5; } credentials; }; typedef struct cc_credentials_union cc_credentials_union; /* Exposed parts */ struct cc_context_d { const cc_context_f* functions; #if TARGET_OS_MAC const cc_context_f* otherFunctions; #endif }; typedef struct cc_context_d cc_context_d; typedef cc_context_d* cc_context_t; struct cc_ccache_d { const cc_ccache_f* functions; #if TARGET_OS_MAC const cc_ccache_f* otherFunctions; #endif }; typedef struct cc_ccache_d cc_ccache_d; typedef cc_ccache_d* cc_ccache_t; struct cc_ccache_iterator_d { const cc_ccache_iterator_f* functions; #if TARGET_OS_MAC const cc_ccache_iterator_f* otherFunctions; #endif }; typedef struct cc_ccache_iterator_d cc_ccache_iterator_d; typedef cc_ccache_iterator_d* cc_ccache_iterator_t; struct cc_credentials_iterator_d { const cc_credentials_iterator_f* functions; #if TARGET_OS_MAC const cc_credentials_iterator_f* otherFunctions; #endif }; typedef struct cc_credentials_iterator_d cc_credentials_iterator_d; typedef cc_credentials_iterator_d* cc_credentials_iterator_t; struct cc_string_d { const char* data; const cc_string_f* functions; #if TARGET_OS_MAC const cc_string_f* otherFunctions; #endif }; typedef struct cc_string_d cc_string_d; typedef cc_string_d* cc_string_t; struct cc_credentials_d { const cc_credentials_union* data; const cc_credentials_f* functions; #if TARGET_OS_MAC const cc_credentials_f* otherFunctions; #endif }; typedef struct cc_credentials_d cc_credentials_d; typedef cc_credentials_d* cc_credentials_t; /* Function pointer structs */ struct cc_context_f { cc_int32 (*release) ( cc_context_t context); cc_int32 (*get_change_time) ( cc_context_t context, cc_time_t* time); cc_int32 (*get_default_ccache_name) ( cc_context_t context, cc_string_t* name); cc_int32 (*open_ccache) ( cc_context_t context, const char* name, cc_ccache_t* ccache); cc_int32 (*open_default_ccache) ( cc_context_t context, cc_ccache_t* ccache); cc_int32 (*create_ccache) ( cc_context_t context, const char* name, cc_uint32 cred_vers, const char* principal, cc_ccache_t* ccache); cc_int32 (*create_default_ccache) ( cc_context_t context, cc_uint32 cred_vers, const char* principal, cc_ccache_t* ccache); cc_int32 (*create_new_ccache) ( cc_context_t context, cc_uint32 cred_vers, const char* principal, cc_ccache_t* ccache); cc_int32 (*new_ccache_iterator) ( cc_context_t context, cc_ccache_iterator_t* iterator); cc_int32 (*lock) ( cc_context_t context, cc_uint32 lock_type, cc_uint32 block); cc_int32 (*unlock) ( cc_context_t context); cc_int32 (*compare) ( cc_context_t context, cc_context_t compare_to, cc_uint32* equal); }; struct cc_ccache_f { cc_int32 (*release) ( cc_ccache_t ccache); cc_int32 (*destroy) ( cc_ccache_t ccache); cc_int32 (*set_default) ( cc_ccache_t ccache); cc_int32 (*get_credentials_version) ( cc_ccache_t ccache, cc_uint32* credentials_version); cc_int32 (*get_name) ( cc_ccache_t ccache, cc_string_t* name); cc_int32 (*get_principal) ( cc_ccache_t ccache, cc_uint32 credentials_version, cc_string_t* principal); cc_int32 (*set_principal) ( cc_ccache_t ccache, cc_uint32 credentials_version, const char* principal); cc_int32 (*store_credentials) ( cc_ccache_t ccache, const cc_credentials_union* credentials); cc_int32 (*remove_credentials) ( cc_ccache_t ccache, cc_credentials_t credentials); cc_int32 (*new_credentials_iterator) ( cc_ccache_t ccache, cc_credentials_iterator_t* iterator); cc_int32 (*move) ( cc_ccache_t source, cc_ccache_t destination); cc_int32 (*lock) ( cc_ccache_t ccache, cc_uint32 block, cc_uint32 lock_type); cc_int32 (*unlock) ( cc_ccache_t ccache); cc_int32 (*get_last_default_time) ( cc_ccache_t ccache, cc_time_t* time); cc_int32 (*get_change_time) ( cc_ccache_t ccache, cc_time_t* time); cc_int32 (*compare) ( cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32* equal); }; struct cc_string_f { cc_int32 (*release) ( cc_string_t string); }; struct cc_credentials_f { cc_int32 (*release) ( cc_credentials_t credentials); cc_int32 (*compare) ( cc_credentials_t credentials, cc_credentials_t compare_to, cc_uint32* equal); }; struct cc_ccache_iterator_f { cc_int32 (*release) ( cc_ccache_iterator_t iter); cc_int32 (*next) ( cc_ccache_iterator_t iter, cc_ccache_t* ccache); }; struct cc_credentials_iterator_f { cc_int32 (*release) ( cc_credentials_iterator_t iter); cc_int32 (*next) ( cc_credentials_iterator_t iter, cc_credentials_t* ccache); }; /* * API functions */ cc_int32 cc_initialize ( cc_context_t* outContext, cc_int32 inVersion, cc_int32* outSupportedVersion, char const** outVendor); /* * Convenience macros */ #define cc_context_release(context) \ ((context) -> functions -> release (context)) #define cc_context_get_change_time(context, time) \ ((context) -> functions -> get_change_time (context, time)) #define cc_context_get_default_ccache_name(context, name) \ ((context) -> functions -> get_default_ccache_name (context, name)) #define cc_context_open_ccache(context, name, ccache) \ ((context) -> functions -> open_ccache (context, name, ccache)) #define cc_context_open_default_ccache(context, ccache) \ ((context) -> functions -> open_default_ccache (context, ccache)) #define cc_context_create_ccache(context, name, version, principal, ccache) \ ((context) -> functions -> create_ccache (context, name, version, principal, ccache)) #define cc_context_create_default_ccache(context, version, principal, ccache) \ ((context) -> functions -> create_default_ccache (context, version, principal, ccache)) #define cc_context_create_new_ccache(context, version, principal, ccache) \ ((context) -> functions -> create_new_ccache (context, version, principal, ccache)) #define cc_context_new_ccache_iterator(context, iterator) \ ((context) -> functions -> new_ccache_iterator (context, iterator)) #define cc_context_lock(context, type, lock) \ ((context) -> functions -> lock (context, type, lock)) #define cc_context_unlock(context) \ ((context) -> functions -> unlock (context)) #define cc_context_compare(context, compare_to, equal) \ ((context) -> functions -> compare (context, compare_to, equal)) #define cc_ccache_release(ccache) \ ((ccache) -> functions -> release (ccache)) #define cc_ccache_destroy(ccache) \ ((ccache) -> functions -> destroy (ccache)) #define cc_ccache_set_default(ccache) \ ((ccache) -> functions -> set_default (ccache)) #define cc_ccache_get_credentials_version(ccache, version) \ ((ccache) -> functions -> get_credentials_version (ccache, version)) #define cc_ccache_get_name(ccache, name) \ ((ccache) -> functions -> get_name (ccache, name)) #define cc_ccache_get_principal(ccache, version, principal) \ ((ccache) -> functions -> get_principal (ccache, version, principal)) #define cc_ccache_set_principal(ccache, version, principal) \ ((ccache) -> functions -> set_principal (ccache, version, principal)) #define cc_ccache_store_credentials(ccache, credentials) \ ((ccache) -> functions -> store_credentials (ccache, credentials)) #define cc_ccache_remove_credentials(ccache, credentials) \ ((ccache) -> functions -> remove_credentials (ccache, credentials)) #define cc_ccache_new_credentials_iterator(ccache, iterator) \ ((ccache) -> functions -> new_credentials_iterator (ccache, iterator)) #define cc_ccache_lock(ccache, lock) \ ((ccache) -> functions -> lock (ccache, lock)) #define cc_ccache_unlock(ccache, unlock) \ ((ccache) -> functions -> unlock (ccache, unlock)) #define cc_ccache_get_last_default_time(ccache, time) \ ((ccache) -> functions -> get_last_default_time (ccache, time)) #define cc_ccache_get_change_time(ccache, time) \ ((ccache) -> functions -> get_change_time (ccache, time)) #define cc_ccache_move(source, destination) \ ((source) -> functions -> move (source, destination)) #define cc_ccache_compare(ccache, compare_to, equal) \ ((ccache) -> functions -> compare (ccache, compare_to, equal)) #define cc_string_release(string) \ ((string) -> functions -> release (string)) #define cc_credentials_release(credentials) \ ((credentials) -> functions -> release (credentials)) #define cc_credentials_compare(credentials, compare_to, equal) \ ((credentials) -> functions -> compare (credentials, compare_to, equal)) #define cc_ccache_iterator_release(iterator) \ ((iterator) -> functions -> release (iterator)) #define cc_ccache_iterator_next(iterator, ccache) \ ((iterator) -> functions -> next (iterator, ccache)) #define cc_credentials_iterator_release(iterator) \ ((iterator) -> functions -> release (iterator)) #define cc_credentials_iterator_next(iterator, credentials) \ ((iterator) -> functions -> next (iterator, credentials)) #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #if PRAGMA_ENUM_ALWAYSINT #pragma enumsalwaysint reset #endif #if TARGET_CPU_68K #pragma fourbyteints reset #endif #if PRAGMA_IMPORT # pragma import reset #endif #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* __CREDENTIALSCACHE__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos4/0000777000076400007640000000000011632367343021744 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos4/Kerberos4.h0000777000076400007640000000070707403027573023703 00000000000000/* * Kerberos4.h * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * External defintions for the Kerberos library. Internal definitions * (visible to Kerberos library source files) are in kerberos.h. */ /* Only one time, please */ #ifndef __KERBEROS4__ #define __KERBEROS4__ #include #endif /* __KERBEROS4__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos4/krb.h0000777000076400007640000004501007403027573022615 00000000000000/* * krb-sed.h * * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * . * * External defintions for the Kerberos library. Internal definitions * (visible to Kerberos library source files) are in kerberos.h. */ /* Only one time, please */ #ifndef KRB_H #define KRB_H /* Kerberos 4 Error Codes: */ #define KSUCCESS 0 #define KFAILURE 255 #define KRB_NEVERDATE (0xFFFFFFFFUL) /* Error codes returned from the KDC */ #define KDC_OK 0 /* Request OK */ #define KDC_NAME_EXP 1 /* Principal expired */ #define KDC_SERVICE_EXP 2 /* Service expired */ #define KDC_AUTH_EXP 3 /* Auth expired */ #define KDC_PKT_VER 4 /* Protocol version unknown */ #define KDC_P_MKEY_VER 5 /* Wrong master key version */ #define KDC_S_MKEY_VER 6 /* Wrong master key version */ #define KDC_BYTE_ORDER 7 /* Byte order unknown */ #define KDC_PR_UNKNOWN 8 /* Principal unknown */ #define KDC_PR_N_UNIQUE 9 /* Principal not unique */ #define KDC_NULL_KEY 10 /* Principal has null key */ #define KDC_GEN_ERR 20 /* Generic error from KDC */ /* Values returned by get_credentials */ #define GC_OK 0 /* Retrieve OK */ #define RET_OK 0 /* Retrieve OK */ #define GC_TKFIL 21 /* Can't read ticket file */ #define RET_TKFIL 21 /* Can't read ticket file */ #define GC_NOTKT 22 /* Can't find ticket or TGT */ #define RET_NOTKT 22 /* Can't find ticket or TGT */ /* Values returned by mk_ap_req */ #define MK_AP_OK 0 /* Success */ #define MK_AP_TGTEXP 26 /* TGT Expired */ /* Values returned by rd_ap_req */ #define RD_AP_OK 0 /* Request authentic */ #define RD_AP_UNDEC 31 /* Can't decode authenticator */ #define RD_AP_EXP 32 /* Ticket expired */ #define RD_AP_NYV 33 /* Ticket not yet valid */ #define RD_AP_REPEAT 34 /* Repeated request */ #define RD_AP_NOT_US 35 /* The ticket isn't for us */ #define RD_AP_INCON 36 /* Request is inconsistent */ #define RD_AP_TIME 37 /* delta_t too big */ #define RD_AP_BADD 38 /* Incorrect net address */ #define RD_AP_VERSION 39 /* protocol version mismatch */ #define RD_AP_MSG_TYPE 40 /* invalid msg type */ #define RD_AP_MODIFIED 41 /* message stream modified */ #define RD_AP_ORDER 42 /* message out of order */ #define RD_AP_UNAUTHOR 43 /* unauthorized request */ /* Values returned by get_pw_tkt */ #define GT_PW_OK 0 /* Got password changing tkt */ #define GT_PW_NULL 51 /* Current PW is null */ #define GT_PW_BADPW 52 /* Incorrect current password */ #define GT_PW_PROT 53 /* Protocol Error */ #define GT_PW_KDCERR 54 /* Error returned by KDC */ #define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ /* Values returned by send_to_kdc */ #define SKDC_OK 0 /* Response received */ #define SKDC_RETRY 56 /* Retry count exceeded */ #define SKDC_CANT 57 /* Can't send request */ /* * Values returned by get_in_tkt * (can also return SKDC_* and KDC errors) */ #define INTK_OK 0 /* Ticket obtained */ #define INTK_PW_NULL 51 /* Current PW is null */ #define INTK_W_NOTALL 61 /* Not ALL tickets returned */ #define INTK_BADPW 62 /* Incorrect password */ #define INTK_PROT 63 /* Protocol Error */ #define INTK_ERR 70 /* Other error */ /* Values returned by get_adtkt */ #define AD_OK 0 /* Ticket Obtained */ #define AD_NOTGT 71 /* Don't have tgt */ /* Error codes returned by ticket file utilities */ #define NO_TKT_FIL 76 /* No ticket file found */ #define TKT_FIL_ACC 77 /* Couldn't access tkt file */ #define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ #define TKT_FIL_FMT 79 /* Bad ticket file format */ #define TKT_FIL_INI 80 /* tf_init not called first */ /* Error code returned by kparse_name */ #define KNAME_FMT 81 /* Bad Kerberos name format */ /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ #define KADM_RCSID (-1783126272) #define KADM_NO_REALM (-1783126271) #define KADM_NO_CRED (-1783126270) #define KADM_BAD_KEY (-1783126269) #define KADM_NO_ENCRYPT (-1783126268) #define KADM_NO_AUTH (-1783126267) #define KADM_WRONG_REALM (-1783126266) #define KADM_NO_ROOM (-1783126265) #define KADM_BAD_VER (-1783126264) #define KADM_BAD_CHK (-1783126263) #define KADM_NO_READ (-1783126262) #define KADM_NO_OPCODE (-1783126261) #define KADM_NO_HOST (-1783126260) #define KADM_UNK_HOST (-1783126259) #define KADM_NO_SERV (-1783126258) #define KADM_NO_SOCK (-1783126257) #define KADM_NO_CONN (-1783126256) #define KADM_NO_HERE (-1783126255) #define KADM_NO_MAST (-1783126254) #define KADM_NO_VERI (-1783126253) #define KADM_INUSE (-1783126252) #define KADM_UK_SERROR (-1783126251) #define KADM_UK_RERROR (-1783126250) #define KADM_UNAUTH (-1783126249) #define KADM_DATA (-1783126248) #define KADM_NOENTRY (-1783126247) #define KADM_NOMEM (-1783126246) #define KADM_NO_HOSTNAME (-1783126245) #define KADM_NO_BIND (-1783126244) #define KADM_LENGTH_ERROR (-1783126243) #define KADM_ILL_WILDCARD (-1783126242) #define KADM_DB_INUSE (-1783126241) #define KADM_INSECURE_PW (-1783126240) #define KADM_PW_MISMATCH (-1783126239) #define KADM_NOT_SERV_PRINC (-1783126238) #ifndef rez /* This stuff will confuse rez */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #endif #if TARGET_OS_MAC #include #include #else #include #include #endif #if TARGET_API_MAC_OSX #include #include #include #else struct sockaddr_in; #endif #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #else #error "Unknown OS" #endif #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ #if PRAGMA_IMPORT # pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif #if PRAGMA_ENUM_ALWAYSINT #pragma enumsalwaysint on #endif #if TARGET_CPU_68K #pragma fourbyteints on #endif #if !defined(PROTOTYPE) #if defined(__STDC__) || defined(__cplusplus) || defined(_MSDOS) || defined(_WIN32) #define PROTOTYPE(x) x #else #define PROTOTYPE(x) () #endif #endif #define INTERFACE /* No special declaration?? FIXME. */ #define FAR /* Sizes of types we need */ #ifndef KRB_INT32 #define KRB_INT32 SInt32 #endif #ifndef KRB_UINT32 #define KRB_UINT32 UInt32 #endif /* The maximum sizes for aname, realm, sname, and instance +1 */ #define ANAME_SZ 40 #define REALM_SZ 40 #define SNAME_SZ 40 #define INST_SZ 40 /* include space for '.' and '@' */ #define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) #define KKEY_SZ 100 #define VERSION_SZ 1 #define MSG_TYPE_SZ 1 #define DATE_SZ 26 /* RTI date output */ #ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ #define DEFAULT_TKT_LIFE 120 /* default lifetime 10 hrs */ #endif #define TICKET_GRANTING_TICKET "krbtgt" /* Definition of text structure used to pass text around */ #define MAX_KTXT_LEN 1250 struct ktext { int length; /* Length of the text */ unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ unsigned long mbz; /* zero to catch runaway strings */ }; typedef struct ktext *KTEXT; typedef struct ktext KTEXT_ST; /* Definitions for send_to_kdc */ #define CLIENT_KRB_TIMEOUT 4 /* time between retries */ #define CLIENT_KRB_RETRY 5 /* retry this many times */ #define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ /* Definitions for ticket file utilities */ #define R_TKT_FIL 0 #define W_TKT_FIL 1 /* Structure definition for rd_ap_req */ struct auth_dat { unsigned char k_flags; /* Flags from ticket */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* His Instance */ char prealm[REALM_SZ]; /* His Realm */ KRB_UINT32 checksum; /* Data checksum (opt) */ C_Block session; /* Session Key */ int life; /* Life of ticket */ KRB_UINT32 time_sec; /* Time ticket issued */ KRB_UINT32 address; /* Address in ticket */ KTEXT_ST reply; /* Auth reply (opt) */ }; typedef struct auth_dat AUTH_DAT; /* Structure definition for credentials returned by get_cred */ struct credentials { char service[ANAME_SZ]; /* Service name */ char instance[INST_SZ]; /* Instance */ char realm[REALM_SZ]; /* Auth domain */ C_Block session; /* Session key */ int lifetime; /* Lifetime */ int kvno; /* Key version number */ KTEXT_ST ticket_st; /* The ticket itself */ long issue_date; /* The issue time */ char pname[ANAME_SZ]; /* Principal's name */ char pinst[INST_SZ]; /* Principal's instance */ KRB_UINT32 address; /* Address in ticket */ KRB_UINT32 stk_type; /* string_to_key function needed */ }; typedef struct credentials CREDENTIALS; /* Structure definition for rd_private_msg and rd_safe_msg */ struct msg_dat { unsigned char *app_data; /* pointer to appl data */ KRB_UINT32 app_length; /* length of appl data */ unsigned long hash; /* hash to lookup replay */ int swap; /* swap bytes? */ KRB_INT32 time_sec; /* msg timestamp seconds */ unsigned char time_5ms; /* msg timestamp 5ms units */ }; typedef struct msg_dat MSG_DAT; /* Location of default ticket file for save_cred and get_cred */ #ifndef TKT_FILE #define TKT_FILE tkt_string() #endif /* TKT_FILE */ /* Defines for krb_sendauth, krb_mk_auth, krb_check_auth, and krb_recvauth */ #define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ #define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ #define KOPT_DONT_CANON 0x00000004 /* * don't canonicalize inst as * a hostname */ #define KRB_SENDAUTH_VLEN 8 /* length for version strings */ #ifdef ATHENA_COMPAT #define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ #endif /* ATHENA_COMPAT */ /* Constants for KerberosProfileLib */ #define REALMS_V4_PROF_REALMS_SECTION "v4 realms" #define REALMS_V4_PROF_KDC "kdc" #define REALMS_V4_PROF_ADMIN_KDC "admin_server" #define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server" #define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm" #define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults" #define REALMS_V4_PROF_LOCAL_REALM "default_realm" #define REALMS_V4_PROF_STK "string_to_key_type" #define REALMS_V4_MIT_STK "mit_string_to_key" #define REALMS_V4_AFS_STK "afs_string_to_key" #define REALMS_V4_COLUMBIA_STK "columbia_string_to_key" #define REALMS_V4_DEFAULT_REALM "default_realm" #define REALMS_V4_NO_ADDRESSES "noaddresses" /* Define a couple of function types including parameters. These are needed on MS-Windows to convert arguments of the function pointers to the proper types during calls. */ typedef int (*key_proc_type) PROTOTYPE ((char *, char *, char *, char *, C_Block)); typedef int (*decrypt_tkt_type) PROTOTYPE ((char *, char *, char *, char *, key_proc_type, KTEXT *)); #define KEY_PROC_TYPE_DEFINED #define DECRYPT_TKT_TYPE_DEFINED /******************************************/ /*** EXPORTED FUNTIONS (by source file) ***/ /******************************************/ /* change_password.c */ extern int INTERFACE krb_change_password PROTOTYPE ((char *, char *, char *, char *, char *)); /* decomp_tkt.c */ extern int INTERFACE decomp_ticket PROTOTYPE ((KTEXT, unsigned char *, char *, char *, char *, KRB_UINT32 *, C_Block, int *, KRB_UINT32 *, char *, char *, C_Block, Key_schedule)); /* err_txt.c */ extern const char * INTERFACE krb_get_err_text PROTOTYPE ((int)); /* g_ad_tkt.c */ extern int INTERFACE get_ad_tkt PROTOTYPE ((char *service, char *sinstance, char *realm, int lifetime)); /* g_in_tkt.c */ extern int INTERFACE krb_get_in_tkt PROTOTYPE ((char *, char *, char *, char *, char *, int, key_proc_type, decrypt_tkt_type, char *arg)); extern int INTERFACE krb_get_in_tkt_creds PROTOTYPE ((char *, char *, char *, char *, char *, int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *)); /* g_phost.c */ extern char * INTERFACE krb_get_phost PROTOTYPE ((char *)); /* g_pw_in_tkt.c */ extern int INTERFACE krb_get_pw_in_tkt PROTOTYPE ((char *, char *, char *, char *, char *, int, char *)); extern int INTERFACE krb_get_pw_in_tkt_creds PROTOTYPE ((char *, char *, char *, char *, char *, int, char *, CREDENTIALS *)); /* g_pw_tkt.c */ extern int INTERFACE get_pw_tkt PROTOTYPE ((char *, char *, char *, char *)); /* g_svc_in_tkt.c */ extern int INTERFACE krb_get_svc_in_tkt PROTOTYPE ((char *, char *, char *, char *, char *, int, char *)); #if TARGET_OS_MAC extern int INTERFACE FSp_krb_get_svc_in_tkt PROTOTYPE ((char *, char *, char *, char *, char *, int, const FSSpec *)); #endif /* g_tkt_svc.c */ extern int INTERFACE krb_get_ticket_for_service PROTOTYPE ((char *, char *, KRB_UINT32 *, int, des_cblock, Key_schedule, char *, int)); /* kname_parse.c */ int k_isname (const char *s); int k_isinst (const char *s); int k_isrealm (const char *s); int kname_parse (char *, char *, char *, const char *); int kname_unparse (char *, const char *, const char *, const char *); /* lifetime.c */ KRB5_DLLIMP UInt32 KRB5_CALLCONV krb_life_to_time PROTOTYPE((UInt32 start, int life)); KRB5_DLLIMP int KRB5_CALLCONV krb_time_to_life PROTOTYPE((UInt32 start, UInt32 end)); /* mk_auth.c */ extern int INTERFACE krb_check_auth PROTOTYPE ((KTEXT, KRB_UINT32, MSG_DAT *, C_Block FAR, Key_schedule, struct sockaddr_in *, struct sockaddr_in *)); extern int INTERFACE krb_mk_auth PROTOTYPE ((long, KTEXT, char *, char *, char *, KRB_UINT32, char *, KTEXT)); /* mk_err.c */ extern long INTERFACE krb_mk_err PROTOTYPE ((unsigned char *, KRB_INT32, char *)); /* mk_priv.c */ extern long INTERFACE krb_mk_priv PROTOTYPE ((unsigned char *, unsigned char *, KRB_UINT32, Key_schedule FAR, C_Block, struct sockaddr_in *, struct sockaddr_in *)); /* mk_req.c */ extern int INTERFACE krb_mk_req PROTOTYPE ((KTEXT, char *, char *, char *, KRB_INT32)); extern int INTERFACE krb_mk_req_creds PROTOTYPE ((register KTEXT, CREDENTIALS *, KRB_INT32)); int krb_set_lifetime(int newval); /* mk_safe.c */ extern long INTERFACE krb_mk_safe PROTOTYPE ((unsigned char *, unsigned char *, KRB_UINT32, C_Block, struct sockaddr_in *, struct sockaddr_in *)); /* rd_err.c */ extern int INTERFACE krb_rd_err PROTOTYPE ((unsigned char *, unsigned long, long *, MSG_DAT *)); /* rd_priv.c */ extern long INTERFACE krb_rd_priv PROTOTYPE ((unsigned char *, KRB_UINT32, Key_schedule FAR, C_Block, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); /* rd_req.c */ extern int INTERFACE krb_rd_req PROTOTYPE ((KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, char *)); /* rd_req_int.c */ extern int INTERFACE krb_rd_req_int PROTOTYPE ((KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block)); /* rd_svc_key.c */ extern int INTERFACE read_service_key PROTOTYPE ((char *, char *, char *, int, char *, char *)); #if TARGET_OS_MAC extern int INTERFACE FSp_read_service_key PROTOTYPE ((char *, char *, char *, int, const FSSpec*, char *)); #endif /* rd_safe.c */ extern long INTERFACE krb_rd_safe PROTOTYPE ((unsigned char *, KRB_UINT32, C_Block, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); /* recvauth.c */ extern int INTERFACE krb_recvauth PROTOTYPE ((long, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, Key_schedule FAR, char *)); /* sendauth.c */ extern int INTERFACE krb_sendauth PROTOTYPE ((long, int, KTEXT, char *, char *, char *, KRB_UINT32, MSG_DAT *, CREDENTIALS *, Key_schedule, struct sockaddr_in *, struct sockaddr_in *, char *)); /* CCache-glue.c */ extern int INTERFACE krb_get_tf_realm PROTOTYPE ((const char *, char *)); extern int INTERFACE krb_get_tf_fullname PROTOTYPE ((char *, char *, char *, char *)); extern int INTERFACE krb_get_cred PROTOTYPE ((char *, char *, char *, CREDENTIALS *)); extern const char * INTERFACE tkt_string PROTOTYPE ((void)); extern void INTERFACE krb_set_tkt_string PROTOTYPE ((const char *)); extern int INTERFACE dest_tkt PROTOTYPE ((void)); #if TARGET_OS_MAC /* The following functions are not part of the standard Kerberos v4 API. * They were created for Mac implementation, and used by admin tools * such as CNS-Config. */ extern int INTERFACE krb_get_num_cred PROTOTYPE ((void)); extern int INTERFACE krb_get_nth_cred PROTOTYPE ((char *, char *, char *, int)); extern int INTERFACE krb_delete_cred PROTOTYPE ((char *, char *,char *)); extern int INTERFACE dest_all_tkts PROTOTYPE ((void)); #endif /* TARGET_OS_MAC */ /* RealmConfig-glue.c */ extern int INTERFACE krb_get_profile PROTOTYPE ((profile_t* profile)); extern int INTERFACE krb_get_lrealm PROTOTYPE ((char *, int)); extern int INTERFACE krb_get_admhst PROTOTYPE ((char *, char *, int)); extern int INTERFACE krb_get_krbhst PROTOTYPE ((char *, const char *, int)); extern char * INTERFACE krb_realmofhost PROTOTYPE ((char *)); extern int INTERFACE put_svc_key PROTOTYPE ((char *, char *, char *, char *, int, char *)); #if TARGET_API_MAC_CARBON || TARGET_API_MAC_OS8 extern int INTERFACE FSp_put_svc_key PROTOTYPE ((const FSSpec *, char *, char *, char *, int, char *)); #endif #if TARGET_CPU_68K #pragma fourbyteints reset #endif #if PRAGMA_ENUM_ALWAYSINT #pragma enumsalwaysint reset #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #if PRAGMA_IMPORT # pragma import reset #endif #ifdef __cplusplus } #endif #endif /* !rez */ #endif /* KRB_H */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosProfile/0000777000076400007640000000000011632367343023201 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosProfile/KerberosProfile.h0000777000076400007640000000004507403027603026362 00000000000000#include cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosProfile/profile.h0000777000076400007640000001761107403027603024734 00000000000000/* * profile.h */ #ifndef _KRB5_PROFILE_H #define _KRB5_PROFILE_H #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #if TARGET_API_MAC_OS8 || (TARGET_API_MAC_CARBON && !TARGET_API_MAC_OSX) #include #endif #endif #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #else #error "Unknown OS" #endif #if defined(_MSDOS) || defined(_WIN32) #include #endif #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #define KRB5_DLLIMP #define GSS_DLLIMP #define KRB5_EXPORTVAR #define FAR #define NEAR #endif typedef struct _profile_t *profile_t; #if !defined(PROTOTYPE) #if defined(__STDC__) || defined(__cplusplus) || defined(_MSDOS) || defined(_WIN32) #define PROTOTYPE(x) x #else #define PROTOTYPE(x) () #endif #endif /* * Used by the profile iterator in prof_get.c */ #define PROFILE_ITER_LIST_SECTION 0x0001 #define PROFILE_ITER_SECTIONS_ONLY 0x0002 #define PROFILE_ITER_RELATIONS_ONLY 0x0004 #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* Macintoh CFM-68K magic incantation */ #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /* We use file paths as unique file identifiers except Mac OS 8 and 9*/ #if TARGET_API_MAC_OS8 || (TARGET_API_MAC_CARBON && !TARGET_API_MAC_OSX) /* On CFM MacOS, we use native file specifiers as unique file identifiers */ typedef FSSpec profile_filespec_t; typedef FSSpec* profile_filespec_list_t; /* array should be terminated with {0, 0, ""} */ typedef FSSpec const_profile_filespec_t; typedef FSSpec* const_profile_filespec_list_t; #else #define PROFILE_USES_PATHS typedef char* profile_filespec_t; /* path as C string */ typedef char* profile_filespec_list_t; /* list of : separated paths, C string */ typedef const char* const_profile_filespec_t; /* path as C string */ typedef const char* const_profile_filespec_list_t; /* list of : separated paths, C string */ #endif KRB5_DLLIMP long KRB5_CALLCONV profile_init PROTOTYPE ((const_profile_filespec_t *files, profile_t *ret_profile)); KRB5_DLLIMP long KRB5_CALLCONV profile_init_path PROTOTYPE ((const_profile_filespec_list_t filelist, profile_t *ret_profile)); /* On Mac Carbon, also provide FSSpec variants */ #if TARGET_OS_MAC KRB5_DLLIMP long KRB5_CALLCONV FSp_profile_init PROTOTYPE ((const FSSpec* files, profile_t *ret_profile)); KRB5_DLLIMP long KRB5_CALLCONV FSp_profile_init_path PROTOTYPE ((const FSSpec* files, profile_t *ret_profile)); #endif KRB5_DLLIMP long KRB5_CALLCONV profile_flush PROTOTYPE ((profile_t profile)); KRB5_DLLIMP void KRB5_CALLCONV profile_abandon PROTOTYPE ((profile_t profile)); KRB5_DLLIMP void KRB5_CALLCONV profile_release PROTOTYPE ((profile_t profile)); KRB5_DLLIMP long KRB5_CALLCONV profile_get_values PROTOTYPE ((profile_t profile, const char **names, char ***ret_values)); KRB5_DLLIMP void KRB5_CALLCONV profile_free_list PROTOTYPE ((char **list)); KRB5_DLLIMP long KRB5_CALLCONV profile_get_string PROTOTYPE((profile_t profile, const char *name, const char *subname, const char *subsubname, const char *def_val, char **ret_string)); KRB5_DLLIMP long KRB5_CALLCONV profile_get_integer PROTOTYPE((profile_t profile, const char *name, const char *subname, const char *subsubname, int def_val, int *ret_default)); KRB5_DLLIMP long KRB5_CALLCONV profile_get_boolean PROTOTYPE((profile_t profile, const char *name, const char *subname, const char *subsubname, int def_val, int *ret_default)); KRB5_DLLIMP long KRB5_CALLCONV profile_get_relation_names PROTOTYPE((profile_t profile, const char **names, char ***ret_names)); KRB5_DLLIMP long KRB5_CALLCONV profile_get_subsection_names PROTOTYPE((profile_t profile, const char **names, char ***ret_names)); KRB5_DLLIMP long KRB5_CALLCONV profile_iterator_create PROTOTYPE((profile_t profile, const char **names, int flags, void **ret_iter)); KRB5_DLLIMP void KRB5_CALLCONV profile_iterator_free PROTOTYPE((void **iter_p)); KRB5_DLLIMP long KRB5_CALLCONV profile_iterator PROTOTYPE((void **iter_p, char **ret_name, char **ret_value)); KRB5_DLLIMP void KRB5_CALLCONV profile_release_string PROTOTYPE((char *str)); KRB5_DLLIMP long KRB5_CALLCONV profile_update_relation PROTOTYPE((profile_t profile, const char **names, const char *old_value, const char *new_value)); KRB5_DLLIMP long KRB5_CALLCONV profile_clear_relation PROTOTYPE((profile_t profile, const char **names)); KRB5_DLLIMP long KRB5_CALLCONV profile_rename_section PROTOTYPE((profile_t profile, const char **names, const char *new_name)); KRB5_DLLIMP long KRB5_CALLCONV profile_add_relation PROTOTYPE((profile_t profile, const char **names, const char *new_value)); /* Macintosh CFM-68K magic incantation */ #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* _KRB5_PROFILE_H */ /* * :::MITKerberosLib:GSSKerberos5Sources_9:util:profile:prof_err.h: * This file is automatically generated; please do not edit it. */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #else #include #endif #define PROF_VERSION (-1429577728L) #define PROF_MAGIC_NODE (-1429577727L) #define PROF_NO_SECTION (-1429577726L) #define PROF_NO_RELATION (-1429577725L) #define PROF_ADD_NOT_SECTION (-1429577724L) #define PROF_SECTION_WITH_VALUE (-1429577723L) #define PROF_BAD_LINK_LIST (-1429577722L) #define PROF_BAD_GROUP_LVL (-1429577721L) #define PROF_BAD_PARENT_PTR (-1429577720L) #define PROF_MAGIC_ITERATOR (-1429577719L) #define PROF_SET_SECTION_VALUE (-1429577718L) #define PROF_EINVAL (-1429577717L) #define PROF_READ_ONLY (-1429577716L) #define PROF_SECTION_NOTOP (-1429577715L) #define PROF_SECTION_SYNTAX (-1429577714L) #define PROF_RELATION_SYNTAX (-1429577713L) #define PROF_EXTRA_CBRACE (-1429577712L) #define PROF_MISSING_OBRACE (-1429577711L) #define PROF_MAGIC_PROFILE (-1429577710L) #define PROF_MAGIC_SECTION (-1429577709L) #define PROF_TOPSECTION_ITER_NOSUPP (-1429577708L) #define PROF_INVALID_SECTION (-1429577707L) #define PROF_END_OF_SECTIONS (-1429577706L) #define PROF_BAD_NAMESET (-1429577705L) #define PROF_NO_PROFILE (-1429577704L) #define PROF_MAGIC_FILE (-1429577703L) #define PROF_MAGIC_FILE_DATA (-1429577702L) #define PROF_FAIL_OPEN (-1429577701L) #define PROF_EXISTS (-1429577700L) #define PROF_BAD_BOOLEAN (-1429577699L) #define PROF_BAD_INTEGER (-1429577698L) #define ERROR_TABLE_BASE_prof (-1429577728L) extern struct error_table et_prof_error_table; #if (defined(unix) || defined(_AIX)) && !(defined(__MACH__) && defined(__APPLE__)) /* for compatibility with older versions... */ extern void initialize_prof_error_table (); #define init_prof_err_tbl initialize_prof_error_table #define prof_err_base ERROR_TABLE_BASE_prof #else #define initialize_prof_error_table() #endif cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos/0000777000076400007640000000000011632367343021660 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos/Kerberos.h0000777000076400007640000000316307403027571023530 00000000000000/* * Kerberos Framework Header File * * $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/Kerberos/Kerberos.h,v 1.2 2001/12/04 02:05:45 rjs3 Exp $ */ #ifndef __KERBEROS__ #define __KERBEROS__ #ifndef __KERBEROSSUPPORT__ #include #endif /* __KERBEROSSUPPORT__ */ #ifndef __KERBEROSPREFERENCES__ #include #endif /* __KERBEROSPREFERENCES__ */ #ifndef __KERBEROSDES__ #include #endif /* __KERBEROSDES__ */ #ifndef __CREDENTIALSCACHE__ #include #endif /* __CREDENTIALSCACHE__ */ #ifndef __KERBEROSLOGIN__ #include #endif /* __KERBEROSLOGIN__ */ #ifndef __KERBEROSCOMERR__ #include #endif /* __KERBEROSCOMERR__ */ #ifndef __KERBEROSPROFILE__ #include #endif /* __KERBEROSPROFILE__ */ #ifndef __KERBEROS5__ #include #endif /* __KERBEROS5__ */ #ifndef __GSS__ #include #endif /* __GSS__ */ #ifndef __KERBEROS4__ #include #endif /* __KERBEROS4__ */ /* This is private for Macdev #ifndef __KERBEROSWRAPPERS__ #include #endif /* __KERBEROSWRAPPERS__ */ #ifndef __KCLIENT__ #include #endif /* __KCLIENT__ */ #ifndef __KCLIENTCOMPAT__ #include #endif /* __KCLIENTCOMPAT__ */ #ifndef __KCLIENTDEPRECATED__ #include #endif /* __KCLIENTDEPRECATED__ */ #endif /* __KERBEROS__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/0000777000076400007640000000000011632367343022651 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/KLLoginLogoutNotification.h0000777000076400007640000000167407403027600030003 00000000000000/* * API for Kerberos Login and Logout Notification plugins */ #ifndef KLLoginLogoutNotification_h_ #define KLLoginLogoutNotification_h_ #include /* API Versions */ enum { kKLN_APIVersion_1 = 1, kKLN_APIVersion_Current = kKLN_APIVersion_1 }; /* File types */ const OSType kKLN_PluginFileType = FOUR_CHAR_CODE ('LNot'); /* Login types */ enum { kKLN_DialogLogin = 1, kKLN_PasswordLogin = 2 }; /* Types */ typedef UInt32 KLN_APIVersion; typedef UInt32 KLN_LoginType; /* Function prototypes */ #ifdef __cplusplus extern "C" { #endif #pragma export on KLStatus KerberosLoginNotification_InitializePlugin ( KLN_APIVersion inAPIVersion); KLStatus KerberosLoginNotification_Login ( KLN_LoginType inLoginType, const char* inCredentialsCache); void KerberosLoginNotification_Logout ( const char* inCredentialsCache); #ifdef __cplusplus } #endif #endif /* KLLoginLogoutNotification_h_ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/KLPrincipalTranslation.h0000777000076400007640000000175507403027600027332 00000000000000/* * API for Kerberos Login Principal Translation plugins */ #include #ifndef KLPrincipalTranslation_h_ #define KLPrincipalTranslation_h_ /* API Versions */ enum { kKLPT_APIVersion_1 = 1, kKLPT_APIVersion_Current = kKLPT_APIVersion_1 }; /* File types */ const OSType kKLPT_PluginFileType = FOUR_CHAR_CODE ('PTrn'); /* Types */ typedef UInt32 KLPT_APIVersion; /* Function prototypes */ #ifdef __cplusplus extern "C" { #endif #pragma export on KLStatus KerberosLoginPrincipalTranslation_InitializePlugin ( KLPT_APIVersion inAPIVersion); KLStatus KerberosLoginPrincipalTranslation_TranslatePrincipal ( const char* inName, const char* inInstance, const char* inRealm, const char** outName, const char** outInstance, const char** outRealm, KLBoolean* outChanged); void KerberosLoginPrincipalTranslation_ReleasePrincipal ( char* inName, char* inInstance, char* inRealm); #ifdef __cplusplus } #endif #endif /* KLPrincipalTranslation_h_ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/KerberosLogin.h0000777000076400007640000002660707403027600025513 00000000000000/* * KerberosLogin.h * * $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosLogin/KerberosLogin.h,v 1.2 2001/12/04 02:05:52 rjs3 Exp $ * */ /* * This file contains part of the login library API. See * * for API documentation */ #ifndef __KERBEROSLOGIN__ #define __KERBEROSLOGIN__ /* * * Constants * */ /* Kerberos versions */ enum KLEKerberosVersion { kerberosVersion_Any = 0, kerberosVersion_V4 = 1, kerberosVersion_V5 = 2, kerberosVersion_All = 0xFFFFFFFF }; /* dialog identifier constants */ enum KLEDialogIdentifiers { loginLibrary_LoginDialog, loginLibrary_OptionsDialog, loginLibrary_ChangePasswordDialog, loginLibrary_ProgressDialog, loginLibrary_PrompterDialog }; /* Login dialog items */ enum KLELoginDialogItems { loginDialog_Username, loginDialog_Password, loginDialog_Realm, loginDialog_TicketLifetime, loginDialog_ForwardableTicket }; /* Password dialog items */ enum KLEChangePasswordDialogItems { changePasswordDialog_OldPassword, changePasswordDialog_NewPassword, changePasswordDialog_VerifyPassword }; /* Option identifier constants */ enum KLEDefaultLoginOptions { /* Dialog state options */ loginOption_LoginName = 'name', loginOption_LoginInstance = 'inst', loginOption_AdvancedLoginMode = 'adv ', loginOption_ShowTicketLifetime = 'life', loginOption_ShowForwardableTicket = 'forw', loginOption_ShowProxiableTicket = 'prox', /* Initial values and ranges */ loginOption_RememberPrincipal = 'prin', loginOption_RememberExtras = 'extr', loginOption_MinimalTicketLifetime = '-lif', loginOption_MaximalTicketLifetime = '+lif', loginOption_DefaultTicketLifetime = '0lif', loginOption_LongTicketLifetimeDisplay = 'hms ', loginOption_DefaultForwardableTicket = '0fwd', loginOption_DefaultProxiableTicket = '0prx' }; /* Login mode identifier constants (for loginOption_AdvancedLoginMode) */ enum KLELoginMode { loginMode_Basic = 1, loginMode_Advanced = 2 }; /* Realm list constants */ enum KLERealmListIndexes { realmList_Start = 0, realmList_End = 0xFFFF }; #define klFirstError 19276 #define klLastError 19876 /* Error codes */ enum KLEStatus { klNoErr = 0, /* parameter errors */ klParameterErr = 19276, klBadPrincipalErr, klBadPasswordErr, klBadLoginOptionsErr, klInvalidVersionErr, /* Runtime Login errors */ klUserCanceledErr = 19476, klMemFullErr, klPreferencesReadErr, klPreferencesWriteErr, klV5InitializationFailedErr, klPrincipalDoesNotExistErr, klSystemDefaultDoesNotExistErr, klCredentialsExpiredErr, klNoRealmsErr, klRealmDoesNotExistErr, klNoCredentialsErr, klCredentialsBadAddressErr, klCacheDoesNotExistErr, /* Get/SetKerberosOption errors */ klBufferTooSmallErr = 19376, klBufferTooLargeErr, klInvalidOptionErr, klBadOptionValueErr, /* Password changing errors */ klPasswordMismatchErr = 19576, klInsecurePasswordErr, klPasswordChangeFailedErr, /* Dialog errors */ klDialogDoesNotExistErr = 19676, klDialogAlreadyExistsErr, klNotInForegroundErr, klNoAppearanceErr, klFatalDialogErr, klCarbonUnavailableErr, /* Login IPC errors */ klCantContactServerErr = 19776 }; #ifndef rez /* This stuff will confuse rez */ #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #include #include #else #error "Unknown OS" #endif #if PRAGMA_ONCE #pragma once #endif #if PRAGMA_IMPORT #pragma import on #endif #ifdef __cplusplus extern "C" { #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /* * * Types * */ typedef OSStatus KLStatus; /* one of KLEStatus */ typedef UInt32 KLKerberosVersion; /* one of KLEKerberosVersion */ typedef UInt32 KLDefaultLoginOption; /* one of KLEDefaultLoginOptions */ typedef UInt32 KLLoginMode; /* one of KLELoginMode */ typedef UInt32 KLDialogIdentifier; /* one of KLEDialogIdentifiers */ typedef UInt32 KLIndex; /* index (used for the realm list) */ typedef UInt32 KLLifetime; /* Lifetime in seconds */ typedef UInt32 KLTime; /* Unix time (seconds since 1/1/1970 00:00:00 GMT) */ typedef UInt32 KLSize; /* size of a buffer (KLG/SetDefaultLoginOptions) or realm list (CountKerberosRealms) */ typedef UInt32 KLRefCon; /* application ref con */ typedef Boolean KLBoolean; /* true or false! */ typedef SInt16 KLSInt16; /* used for Darwin-compat for KLApplicationOptions */ /* Callback API for Kerberos Login event filter */ /* Must be the same as an Idle Library event filter */ /* Callback API for Event handler proc for idle loop */ typedef CALLBACK_API (Boolean, KLEventFilterProcPtr) (const EventRecord *theEvent, KLRefCon appData); /* Procinfo for Login Library event filter */ enum { uppKLEventFilterProcInfo = kPascalStackBased | RESULT_SIZE (sizeof (Boolean)) | STACK_ROUTINE_PARAMETER (1, SIZE_CODE (sizeof (const EventRecord *))) | STACK_ROUTINE_PARAMETER (2, SIZE_CODE (sizeof (KLRefCon))) }; #if !TARGET_API_MAC_CARBON /* UPP for Kerberos Login event filter */ typedef STACK_UPP_TYPE (KLEventFilterProcPtr) KLEventFilterUPP; #define NewKLEventFilterProc(userRoutine) \ (KLEventFilterUPP) NewRoutineDescriptor((ProcPtr)(userRoutine), uppKLEventFilterProcInfo, GetCurrentArchitecture()) /* How to call the event Handler UPPs */ #define CallKLEventFilterProc(userRoutine, theEvent, appData) \ ((Boolean)CALL_TWO_PARAMETER_UPP ((userRoutine), uppKLEventFilterProcInfo, theEvent, appData)) #else typedef KLEventFilterProcPtr KLEventFilterUPP; #define NewKLEventFilterProc(userRoutine) \ userRoutine #define CallKLEventFilterProc(userRoutine, theEvent, appData) \ ((userRoutine) (theEvent, appData)) #endif /* Application options */ typedef struct { KLEventFilterUPP eventFilter; KLRefCon eventFilterAppData; KLSInt16 realmsPopupMenuID; KLSInt16 loginModeMenuID; } KLApplicationOptions; /* Principal information */ struct OpaqueKLPrincipal; typedef struct OpaqueKLPrincipal * KLPrincipal; /* Login Options */ struct OpaqueKLLoginOptions; typedef struct OpaqueKLLoginOptions * KLLoginOptions; /* * * Functions * */ /* Kerberos Login high-level API */ KLStatus KLAcquireTickets ( KLPrincipal inPrincipal, KLPrincipal *outPrincipal, char **outCredCacheName); KLStatus KLAcquireNewTickets ( KLPrincipal inPrincipal, KLPrincipal *outPrincipal, char **outCredCacheName); KLStatus KLDestroyTickets (KLPrincipal inPrincipal); KLStatus KLChangePassword (KLPrincipal inPrincipal); /* Kerberos Login dialog low level functions */ KLStatus KLAcquireTicketsWithPassword ( KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, char **outCredCacheName); KLStatus KLAcquireNewTicketsWithPassword ( KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, char **outCredCacheName); KLStatus KLLastChangedTime (KLTime *outLastChangedTime); KLStatus KLCacheHasValidTickets ( KLPrincipal inPrincipal, KLKerberosVersion inKerberosVersion, KLBoolean *outFoundValidTickets, KLPrincipal *outPrincipal, char **outCredCacheName); KLStatus KLTicketStartTime ( KLPrincipal inPrincipal, KLKerberosVersion inKerberosVersion, KLTime *outStartTime); KLStatus KLTicketExpirationTime ( KLPrincipal inPrincipal, KLKerberosVersion inKerberosVersion, KLTime *outExpirationTime); KLStatus KLSetSystemDefaultCache (KLPrincipal inPrincipal); KLStatus KLHandleError ( KLStatus inError, KLDialogIdentifier inDialogIdentifier, Boolean inShowAlert); KLStatus KLGetErrorString ( KLStatus inError, char **outErrorString); KLStatus KLCancelAllDialogs (void); /* Kerberos change password dialog low level functions */ KLStatus KLChangePasswordWithPasswords ( KLPrincipal inPrincipal, const char *inOldPassword, const char *inNewPassword); /* Application Configuration functions */ KLStatus KLSetApplicationOptions (const KLApplicationOptions *inAppOptions); KLStatus KLGetApplicationOptions (KLApplicationOptions *outAppOptions); /* Library configuration functions */ KLStatus KLGetDefaultLoginOption ( const KLDefaultLoginOption inOption, void *ioBuffer, KLSize *ioBufferSize); KLStatus KLSetDefaultLoginOption ( const KLDefaultLoginOption inOption, const void *inBuffer, const KLSize inBufferSize); /* Realm configuration functions */ KLStatus KLFindKerberosRealmByName ( const char *inRealmName, KLIndex *outIndex); KLStatus KLGetKerberosRealm ( KLIndex inIndex, char **outRealmName); KLStatus KLSetKerberosRealm ( KLIndex inIndex, const char *inRealmName); KLStatus KLRemoveKerberosRealm (UInt32 inIndex); KLStatus KLInsertKerberosRealm ( KLIndex inInsertBeforeIndex, const char *inRealmName); KLStatus KLRemoveAllKerberosRealms (void); KLSize KLCountKerberosRealms (void); KLStatus KLGetKerberosDefaultRealm(KLIndex *outIndex); KLStatus KLGetKerberosDefaultRealmByName (char **outRealmName); KLStatus KLSetKerberosDefaultRealm (KLIndex inIndex); KLStatus KLSetKerberosDefaultRealmByName (const char *inRealm); /* KLPrincipal functions */ KLStatus KLCreatePrincipalFromTriplet( const char *inName, const char *inInstance, const char *inRealm, KLPrincipal *outPrincipal); KLStatus KLCreatePrincipalFromString( const char *inFullPrincipal, KLKerberosVersion inKerberosVersion, KLPrincipal *outPrincipal); KLStatus KLGetTripletFromPrincipal( KLPrincipal inPrincipal, char **outName, char **outInstance, char **outRealm); KLStatus KLGetStringFromPrincipal( KLPrincipal inPrincipal, KLKerberosVersion inKerberosVersion, char **outFullPrincipal); KLStatus KLGetDisplayStringFromPrincipal( KLPrincipal inPrincipal, KLKerberosVersion inKerberosVersion, char **outFullPrincipal); KLStatus KLComparePrincipal( KLPrincipal inFirstPrincipal, KLPrincipal inSecondPrincipal, KLBoolean *outAreEquivalent); KLStatus KLDisposePrincipal(KLPrincipal inPrincipal); /* KLLoginOptions functions */ KLStatus KLCreateLoginOptions (KLLoginOptions *outOptions); KLStatus KLLoginOptionsSetTicketLifetime ( KLLoginOptions ioOptions, KLLifetime inTicketLifetime); KLStatus KLLoginOptionsSetForwardable ( KLLoginOptions ioOptions, KLBoolean inForwardable); KLStatus KLLoginOptionsSetProxiable ( KLLoginOptions ioOptions, KLBoolean inProxiable); KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions); /* Misc function */ KLStatus KLDisposeString(char *inStringToDispose); #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif #endif /* Rez */ #endif /* __KERBEROSLOGIN__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClientCompat/0000777000076400007640000000000011632367343022601 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KClientCompat/KClientCompat.h0000777000076400007640000001202407403027564025370 00000000000000/* * KClient 1.9 deprecated API * * $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KClientCompat/KClientCompat.h,v 1.2 2001/12/04 02:05:40 rjs3 Exp $ */ #ifndef __KCLIENTCOMPAT__ #define __KCLIENTCOMPAT__ /* Constants */ /* Error codes, only listing the ones actually returned by the library */ enum { cKrbMapDoesntExist = -1020, /* tried to access a map that doesn't exist (index too large, or criteria doesn't match anything) */ cKrbSessDoesntExist = -1019, /* tried to access a session that doesn't exist */ cKrbCredsDontExist = -1018, /* tried to access credentials that don't exist */ cKrbUserCancelled = -1016, /* user cancelled a log in operation */ cKrbConfigurationErr = -1015, /* Kerberos Preference file is not configured properly */ cKrbServerRejected = -1014, /* A server rejected our ticket */ cKrbServerImposter = -1013, /* Server appears to be a phoney */ cKrbServerRespIncomplete = -1012, /* Server response is not complete */ cKrbNotLoggedIn = -1011, /* Returned by cKrbGetUserName if user is not logged in */ cKrbAppInBkgnd = -1008, /* driver won't put up password dialog when in background */ cKrbInvalidSession = -1007, /* invalid structure passed to KClient/KServer routine */ cKrbKerberosErrBlock = -20000 /* start of block of 256 kerberos error numbers */ }; #ifndef rez #if PRAGMA_ONCE #pragma once #endif /* PRAGMA_ONCE */ #include #include #ifdef __cplusplus extern "C" { #endif typedef KClientSession KClientSessionInfo; enum { KClientLoggedIn, KClientNotLoggedIn }; OSErr KClientVersionCompat ( SInt16* outMajorVersion, SInt16* outMinorVersion, char* outVersionString); OSErr KClientNewSessionCompat ( KClientSessionInfo* inSession, UInt32 inLocalAddress, UInt16 inLocalPort, UInt32 inRemoteAddress, UInt16 inRemotePort); OSErr KClientDisposeSessionCompat ( KClientSessionInfo* inSession); OSErr KClientGetTicketForServiceCompat ( KClientSessionInfo* inSession, char* inService, void* inBuffer, UInt32* outBufferLength); OSErr KClientGetTicketForServiceWithChecksumCompat ( KClientSessionInfo* inSession, UInt32 inChecksum, char* inService, void* inBuffer, UInt32* outBufferLength); OSErr KClientLoginCompat ( KClientSessionInfo* inSession, KClientKey* outPrivateKey); OSErr KClientPasswordLoginCompat ( KClientSessionInfo* inSession, char* inPassword, KClientKey* outPrivateKey); OSErr KClientLogoutCompat (void); SInt16 KClientStatusCompat (void); OSErr KClientGetSessionKeyCompat ( KClientSessionInfo* inSession, KClientKey* outSessionKey); OSErr KClientEncryptCompat ( KClientSessionInfo* inSession, void* inPlainBuffer, UInt32 inPlainBufferLength, void* outEncryptedBuffer, UInt32* ioEncryptedBufferLength); OSErr KClientDecryptCompat ( KClientSessionInfo* inSession, void* inEncryptedBuffer, UInt32 inEncryptedBufferLength, UInt32* outPlainBufferOffset, UInt32* outPlainBufferLength); OSErr KClientProtectIntegrityCompat ( KClientSessionInfo* inSession, void* inPlainBuffer, UInt32 inPlainBufferLength, void* outProtectedBuffer, UInt32* ioProtectedBufferLength); OSErr KClientVerifyIntegrityCompat ( KClientSessionInfo* inSession, void* inProtectedBuffer, UInt32 inProtectedBufferLength, UInt32* outPlainBufferOffset, UInt32* outPlainBufferLength); OSErr KServerNewSessionCompat ( KClientSessionInfo* inSession, char* inService, UInt32 inLocalAddress, UInt16 inLocalPort, UInt32 inRemoteAddress, UInt16 inRemotePort); OSErr KServerVerifyTicketCompat ( KClientSessionInfo* inSession, void* inBuffer, char* inFilename); OSErr KServerGetReplyTicketCompat ( KClientSessionInfo* inSession, void* outBuffer, UInt32* ioBufferLength); OSErr KServerAddKeyCompat ( KClientSessionInfo* inSession, KClientKey* inPrivateKey, char* inService, SInt32 inVersion, char* inFilename); OSErr KServerGetKeyCompat ( KClientSessionInfo* inSession, KClientKey* outPrivateKey, char* inService, SInt32 inVersion, char* inFilename); OSErr KServerGetSessionTimeRemainingCompat ( KClientSessionInfo* inSession, SInt32* outSeconds); OSErr KClientGetSessionUserNameCompat ( KClientSessionInfo* inSession, char* outUserName, SInt16 inNameType); OSErr KClientMakeSendAuthCompat ( KClientSessionInfo* inSession, char* inService, void* outBuffer, UInt32* ioBufferLength, SInt32 inChecksum, char* inApplicationVersion); OSErr KClientVerifyReplyTicketCompat ( KClientSessionInfo* inSession, void* inBuffer, UInt32* ioBufferLength); OSErr KClientVerifyUnencryptedReplyTicketCompat ( KClientSessionInfo* inSession, void* inBuffer, UInt32* ioBufferLength); #ifdef __cplusplus } #endif #endif /* !rez */ #endif /* __KCLIENTCOMPAT__ */cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/GSS/0000777000076400007640000000000011632367343020540 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/GSS/GSS.h0000777000076400007640000000006507403027561021265 00000000000000#include #include cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/GSS/gssapi_krb5.h0000777000076400007640000001153207403027561023043 00000000000000/* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GSSAPI_KRB5_H_ #define _GSSAPI_KRB5_H_ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #endif #if TARGET_OS_MAC #include #else #include #endif /* C++ friendlyness */ #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* Reserved static storage for GSS_oids. See rfc 1964 for more details. */ /* 2.1.1. Kerberos Principal Name Form: */ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME; /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * krb5(2) krb5_name(1)}. The recommended symbolic name for this type * is "GSS_KRB5_NT_PRINCIPAL_NAME". */ /* 2.1.2. Host-Based Service Name Form */ #define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) service_name(4)}. The previously recommended symbolic * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME". The * currently preferred symbolic name for this type is * "GSS_C_NT_HOSTBASED_SERVICE". */ /* 2.2.1. User Name Form */ #define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) user_name(1)}. The recommended symbolic name for this * type is "GSS_KRB5_NT_USER_NAME". */ /* 2.2.2. Machine UID Form */ #define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) machine_uid_name(2)}. The recommended symbolic name for * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */ /* 2.2.3. String UID Form */ #define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) string_uid_name(3)}. The recommended symbolic name for * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ extern const gss_OID_desc * const gss_mech_krb5; extern const gss_OID_desc * const gss_mech_krb5_old; extern const gss_OID_desc * const gss_mech_krb5_v2; extern const gss_OID_set_desc * const gss_mech_set_krb5; extern const gss_OID_set_desc * const gss_mech_set_krb5_old; extern const gss_OID_set_desc * const gss_mech_set_krb5_both; extern const gss_OID_set_desc * const gss_mech_set_krb5_v2; extern const gss_OID_set_desc * const gss_mech_set_krb5_v1v2; extern const gss_OID_desc * const gss_nt_krb5_name; extern const gss_OID_desc * const gss_nt_krb5_principal; extern const gss_OID_desc krb5_gss_oid_array[]; #define gss_krb5_nt_general_name gss_nt_krb5_name #define gss_krb5_nt_principal gss_nt_krb5_principal #define gss_krb5_nt_service_name gss_nt_service_name #define gss_krb5_nt_user_name gss_nt_user_name #define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name #define gss_krb5_nt_string_uid_name gss_nt_string_uid_name GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags PROTOTYPE((OM_uint32 *minor_status, gss_ctx_id_t context_handle, krb5_flags *ticket_flags)); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache PROTOTYPE((OM_uint32 *minor_status, gss_cred_id_t cred_handle, krb5_ccache out_ccache)); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name PROTOTYPE((OM_uint32 *minor_status, const char *name, const char **out_name)); #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* _GSSAPI_KRB5_H_ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/GSS/gssapi.h0000777000076400007640000006544707403027561022136 00000000000000/* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _GSSAPI_H_ #define _GSSAPI_H_ /* * Determine platform-dependent configuration. */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #if TARGET_API_MAC_OS8 || (TARGET_API_MAC_CARBON && !TARGET_API_MAC_OSX) #include #endif #endif #if defined(_MSDOS) || defined(_WIN32) #include #endif #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #define KRB5_DLLIMP #define GSS_DLLIMP #define KRB5_EXPORTVAR #endif #ifndef FAR #define FAR #define NEAR #endif #define GSS_SIZEOF_INT SIZEOF_INT #define GSS_SIZEOF_LONG SIZEOF_LONG #define GSS_SIZEOF_SHORT SIZEOF_SHORT /* * Make sure we have a definition for PROTOTYPE. */ #if !defined(PROTOTYPE) #if defined(__STDC__) || defined(__cplusplus) || defined(_MSDOS) || defined(_WIN32) || defined(__ultrix) #define PROTOTYPE(x) x #else #define PROTOTYPE(x) () #endif #endif /* * First, include stddef.h to get size_t defined. */ #if HAVE_STDDEF_H #include #endif /* HAVE_STDDEF_H */ /* * POSIX says that sys/types.h is where size_t is defined. */ #ifndef macintosh #include #endif /* * If the platform supports the xom.h header file, it should be included here. */ #if HAVE_XOM_H #include #endif /* HAVE_XOM_H */ /* * $Id: gssapi.h,v 1.2 2001/12/04 02:05:37 rjs3 Exp $ */ /* * First, define the three platform-dependent pointer types. */ typedef void FAR * gss_name_t; typedef void FAR * gss_cred_id_t; typedef void FAR * gss_ctx_id_t; /* * The following type must be defined as the smallest natural unsigned integer * supported by the platform that has at least 32 bits of precision. */ #if (GSS_SIZEOF_SHORT == 4) typedef unsigned short gss_uint32; typedef short gss_int32; #elif (GSS_SIZEOF_INT == 4) typedef unsigned int gss_uint32; typedef int gss_int32; #elif (GSS_SIZEOF_LONG == 4) typedef unsigned long gss_uint32; typedef long gss_int32; #endif #ifdef OM_STRING /* * We have included the xom.h header file. Use the definition for * OM_object identifier. */ typedef OM_object_identifier gss_OID_desc, *gss_OID; #else /* OM_STRING */ /* * We can't use X/Open definitions, so roll our own. */ typedef gss_uint32 OM_uint32; typedef struct gss_OID_desc_struct { OM_uint32 length; void FAR *elements; } gss_OID_desc, FAR *gss_OID; #endif /* OM_STRING */ typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, FAR *gss_OID_set; typedef struct gss_buffer_desc_struct { size_t length; void FAR *value; } gss_buffer_desc, FAR *gss_buffer_t; typedef struct gss_channel_bindings_struct { OM_uint32 initiator_addrtype; gss_buffer_desc initiator_address; OM_uint32 acceptor_addrtype; gss_buffer_desc acceptor_address; gss_buffer_desc application_data; } FAR *gss_channel_bindings_t; /* * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing * discussions). */ typedef OM_uint32 gss_qop_t; typedef int gss_cred_usage_t; /* * Flag bits for context-level services. */ #define GSS_C_DELEG_FLAG 1 #define GSS_C_MUTUAL_FLAG 2 #define GSS_C_REPLAY_FLAG 4 #define GSS_C_SEQUENCE_FLAG 8 #define GSS_C_CONF_FLAG 16 #define GSS_C_INTEG_FLAG 32 #define GSS_C_ANON_FLAG 64 #define GSS_C_PROT_READY_FLAG 128 #define GSS_C_TRANS_FLAG 256 /* * Credential usage options */ #define GSS_C_BOTH 0 #define GSS_C_INITIATE 1 #define GSS_C_ACCEPT 2 /* * Status code types for gss_display_status */ #define GSS_C_GSS_CODE 1 #define GSS_C_MECH_CODE 2 /* * The constant definitions for channel-bindings address families */ #define GSS_C_AF_UNSPEC 0 #define GSS_C_AF_LOCAL 1 #define GSS_C_AF_INET 2 #define GSS_C_AF_IMPLINK 3 #define GSS_C_AF_PUP 4 #define GSS_C_AF_CHAOS 5 #define GSS_C_AF_NS 6 #define GSS_C_AF_NBS 7 #define GSS_C_AF_ECMA 8 #define GSS_C_AF_DATAKIT 9 #define GSS_C_AF_CCITT 10 #define GSS_C_AF_SNA 11 #define GSS_C_AF_DECnet 12 #define GSS_C_AF_DLI 13 #define GSS_C_AF_LAT 14 #define GSS_C_AF_HYLINK 15 #define GSS_C_AF_APPLETALK 16 #define GSS_C_AF_BSC 17 #define GSS_C_AF_DSS 18 #define GSS_C_AF_OSI 19 #define GSS_C_AF_X25 21 #define GSS_C_AF_NULLADDR 255 /* * Various Null values. */ #define GSS_C_NO_NAME ((gss_name_t) 0) #define GSS_C_NO_BUFFER ((gss_buffer_t) 0) #define GSS_C_NO_OID ((gss_OID) 0) #define GSS_C_NO_OID_SET ((gss_OID_set) 0) #define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) #define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) #define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) #define GSS_C_EMPTY_BUFFER {0, NULL} /* * Some alternate names for a couple of the above values. These are defined * for V1 compatibility. */ #define GSS_C_NULL_OID GSS_C_NO_OID #define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET /* * Define the default Quality of Protection for per-message services. Note * that an implementation that offers multiple levels of QOP may either reserve * a value (for example zero, as assumed here) to mean "default protection", or * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit * QOP value. However a value of 0 should always be interpreted by a GSSAPI * implementation as a request for the default protection level. */ #define GSS_C_QOP_DEFAULT 0 /* * Expiration time of 2^32-1 seconds means infinite lifetime for a * credential or security context */ #define GSS_C_INDEFINITE ((OM_uint32) 0xfffffffful) /* Major status codes */ #define GSS_S_COMPLETE 0 /* * Some "helper" definitions to make the status code macros obvious. */ #define GSS_C_CALLING_ERROR_OFFSET 24 #define GSS_C_ROUTINE_ERROR_OFFSET 16 #define GSS_C_SUPPLEMENTARY_OFFSET 0 #define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul) #define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul) #define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul) /* * The macros that test status codes for error conditions. Note that the * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now * evaluates its argument only once. */ #define GSS_CALLING_ERROR(x) \ ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) #define GSS_ROUTINE_ERROR(x) \ ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) #define GSS_SUPPLEMENTARY_INFO(x) \ ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) #define GSS_ERROR(x) \ ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) /* * Now the actual status code definitions */ /* * Calling errors: */ #define GSS_S_CALL_INACCESSIBLE_READ \ (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET) #define GSS_S_CALL_INACCESSIBLE_WRITE \ (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET) #define GSS_S_CALL_BAD_STRUCTURE \ (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET) /* * Routine errors: */ #define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DEFECTIVE_CREDENTIAL \ (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_CREDENTIALS_EXPIRED \ (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_CONTEXT_EXPIRED \ (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DUPLICATE_ELEMENT \ (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NAME_NOT_MN \ (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET) /* * Supplementary info bits: */ #define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) #define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) #define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) #define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) #define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) /* * Finally, function prototypes for the GSSAPI routines. */ #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* Macintoh CFM-68K magic incantation */ #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. * * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant * GSS_C_NT_USER_NAME should be initialized to point * to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_USER_NAME; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. * The constant GSS_C_NT_MACHINE_UID_NAME should be * initialized to point to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_MACHINE_UID_NAME; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. * The constant GSS_C_NT_STRING_UID_NAME should be * initialized to point to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_STRING_UID_NAME; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, * corresponding to an object-identifier value of * {iso(1) org(3) dod(6) internet(1) security(5) * nametypes(6) gss-host-based-services(2)). The constant * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point * to that gss_OID_desc. This is a deprecated OID value, and * implementations wishing to support hostbased-service names * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, * defined below, to identify such names; * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input * parameter, but should not be emitted by GSS-API * implementations */ GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" * "\x01\x02\x01\x04"}, corresponding to an * object-identifier value of {iso(1) member-body(2) * Unites States(840) mit(113554) infosys(1) gssapi(2) * generic(1) service_name(4)}. The constant * GSS_C_NT_HOSTBASED_SERVICE should be initialized * to point to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, * corresponding to an object identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 3(gss-anonymous-name)}. The constant * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_ANONYMOUS; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, * corresponding to an object-identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 4(gss-api-exported-name)}. The constant * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME; /* Function Prototypes */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_acquire_cred PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t FAR *, /* output_cred_handle */ gss_OID_set FAR *, /* actual_mechs */ OM_uint32 FAR * /* time_rec */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_release_cred PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_cred_id_t FAR * /* cred_handle */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_init_sec_context PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t FAR *, /* context_handle */ gss_name_t, /* target_name */ gss_OID, /* mech_type (used to be const) */ OM_uint32, /* req_flags */ OM_uint32, /* time_req */ gss_channel_bindings_t, /* input_chan_bindings */ gss_buffer_t, /* input_token */ gss_OID FAR *, /* actual_mech_type */ gss_buffer_t, /* output_token */ OM_uint32 FAR *, /* ret_flags */ OM_uint32 FAR * /* time_rec */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_accept_sec_context PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t FAR *, /* context_handle */ gss_cred_id_t, /* acceptor_cred_handle */ gss_buffer_t, /* input_token_buffer */ gss_channel_bindings_t, /* input_chan_bindings */ gss_name_t FAR *, /* src_name */ gss_OID FAR *, /* mech_type */ gss_buffer_t, /* output_token */ OM_uint32 FAR *, /* ret_flags */ OM_uint32 FAR *, /* time_rec */ gss_cred_id_t FAR * /* delegated_cred_handle */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_process_context_token PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_delete_sec_context PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t FAR *, /* context_handle */ gss_buffer_t /* output_token */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_context_time PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32 FAR * /* time_rec */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_get_mic PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_verify_mic PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* message_token */ gss_qop_t * /* qop_state */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_wrap PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int FAR *, /* conf_state */ gss_buffer_t /* output_message_buffer */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_unwrap PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int FAR *, /* conf_state */ gss_qop_t FAR * /* qop_state */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_display_status PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ gss_OID, /* mech_type (used to be const) */ OM_uint32 FAR *, /* message_context */ gss_buffer_t /* status_string */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_indicate_mechs PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID_set FAR * /* mech_set */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_compare_name PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ int FAR * /* name_equal */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_display_name PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID FAR * /* output_name_type */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_import_name PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type(used to be const) */ gss_name_t FAR * /* output_name */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_release_name PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_name_t FAR * /* input_name */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_release_buffer PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_buffer_t /* buffer */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_release_oid_set PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID_set FAR * /* set */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_inquire_cred PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t FAR *, /* name */ OM_uint32 FAR *, /* lifetime */ gss_cred_usage_t FAR *, /* cred_usage */ gss_OID_set FAR * /* mechanisms */ )); /* Last argument new for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_inquire_context PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t FAR *, /* src_name */ gss_name_t FAR *, /* targ_name */ OM_uint32 FAR *, /* lifetime_rec */ gss_OID FAR *, /* mech_type */ OM_uint32 FAR *, /* ctx_flags */ int FAR *, /* locally_initiated */ int FAR * /* open */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_wrap_size_limit PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ gss_qop_t, /* qop_req */ OM_uint32, /* req_output_size */ OM_uint32 * /* max_input_size */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_import_name_object PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ void FAR *, /* input_name */ gss_OID, /* input_name_type */ gss_name_t FAR * /* output_name */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_export_name_object PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_name_t, /* input_name */ gss_OID, /* desired_name_type */ void FAR * FAR * /* output_name */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_add_cred PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ gss_OID, /* desired_mech */ gss_cred_usage_t, /* cred_usage */ OM_uint32, /* initiator_time_req */ OM_uint32, /* acceptor_time_req */ gss_cred_id_t FAR *, /* output_cred_handle */ gss_OID_set FAR *, /* actual_mechs */ OM_uint32 FAR *, /* initiator_time_rec */ OM_uint32 FAR * /* acceptor_time_rec */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_mech PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_OID, /* mech_type */ gss_name_t FAR *, /* name */ OM_uint32 FAR *, /* initiator_lifetime */ OM_uint32 FAR *, /* acceptor_lifetime */ gss_cred_usage_t FAR * /* cred_usage */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_export_sec_context PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t FAR *, /* context_handle */ gss_buffer_t /* interprocess_token */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_import_sec_context PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_buffer_t, /* interprocess_token */ gss_ctx_id_t FAR * /* context_handle */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_release_oid PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID FAR * /* oid */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_create_empty_oid_set PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID_set FAR * /* oid_set */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_add_oid_set_member PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID, /* member_oid */ gss_OID_set FAR * /* oid_set */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_test_oid_set_member PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID, /* member */ gss_OID_set, /* set */ int FAR * /* present */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_str_to_oid PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_buffer_t, /* oid_str */ gss_OID FAR * /* oid */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_oid_to_str PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID, /* oid */ gss_buffer_t /* oid_str */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_inquire_names_for_mech PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set FAR * /* name_types */ )); /* * The following routines are obsolete variants of gss_get_mic, gss_wrap, * gss_verify_mic and gss_unwrap. They should be provided by GSSAPI V2 * implementations for backwards compatibility with V1 applications. Distinct * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI * V1 applications to link against GSSAPI V2 implementations. */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_sign PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_verify PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ int FAR * /* qop_state */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_seal PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ int, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int FAR *, /* conf_state */ gss_buffer_t /* output_message_buffer */ )); GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_unseal PROTOTYPE( (OM_uint32 FAR *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int FAR *, /* conf_state */ int FAR * /* qop_state */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_export_name PROTOTYPE( (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_duplicate_name PROTOTYPE( (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_name_t * /* dest_name */ )); /* New for V2 */ GSS_DLLIMP OM_uint32 KRB5_CALLCONV gss_canonicalize_name PROTOTYPE( (OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ const gss_OID, /* mech_type */ gss_name_t * /* output_name */ )); /* Macintosh CFM-68K magic incantation */ #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif /* __cplusplus */ /* XXXX these are not part of the GSSAPI C bindings! (but should be) */ #define GSS_CALLING_ERROR_FIELD(x) \ (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK) #define GSS_ROUTINE_ERROR_FIELD(x) \ (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK) #define GSS_SUPPLEMENTARY_INFO_FIELD(x) \ (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK) /* XXXX This is a necessary evil until the spec is fixed */ #define GSS_S_CRED_UNAVAIL GSS_S_FAILURE #endif /* _GSSAPI_H_ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosComErr/0000777000076400007640000000000011632367343022770 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosComErr/KerberosComErr.h0000777000076400007640000000004407403027576025750 00000000000000#include cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosComErr/com_err.h0000777000076400007640000000503607403027576024520 00000000000000/* * Header file for common error description library. * * Copyright 1988, Student Information Processing Board of the * Massachusetts Institute of Technology. * * Copyright 1995 by Cygnus Support. * * For copyright and distribution info, see the documentation supplied * with this package. */ #ifndef __COM_ERR_H #if defined(_MSDOS) || defined(_WIN32) || defined(macintosh) #include #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) #pragma import on #endif #endif #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #define KRB5_DLLIMP #define GSS_DLLIMP #define KRB5_EXPORTVAR #endif #ifndef FAR #define FAR #define NEAR #endif #if defined(__STDC__) || defined(__cplusplus) || defined(_MSDOS) || defined(_WIN32) || defined(macintosh) /* End-user programs may need this -- oh well */ #ifndef HAVE_STDARG_H #define HAVE_STDARG_H 1 #endif #define ET_P(x) x #else #define ET_P(x) () #endif /* __STDC__ */ #ifdef HAVE_STDARG_H #include #define ET_STDARG_P(x) x #else #include #define ET_STDARG_P(x) () #define ET_VARARGS #endif typedef long errcode_t; typedef void (*et_old_error_hook_func) ET_P((const char FAR *, errcode_t, const char FAR *, va_list ap)); struct error_table { char const FAR * const FAR * msgs; unsigned long base; unsigned int n_msgs; }; #ifdef __cplusplus extern "C" { #endif KRB5_DLLIMP extern void KRB5_CALLCONV_C com_err ET_STDARG_P((const char FAR *, errcode_t, const char FAR *, ...)); KRB5_DLLIMP extern void KRB5_CALLCONV com_err_va ET_P((const char FAR *whoami, errcode_t code, const char FAR *fmt, va_list ap)); KRB5_DLLIMP extern const char FAR * KRB5_CALLCONV error_message ET_P((errcode_t)); KRB5_DLLIMP extern errcode_t KRB5_CALLCONV add_error_table ET_P((const struct error_table FAR *)); KRB5_DLLIMP extern errcode_t KRB5_CALLCONV remove_error_table ET_P((const struct error_table FAR *)); #if !defined(_MSDOS) && !defined(_WIN32) && !defined(macintosh) && !defined(__MACH__) /* * The display routine should be application specific. A global hook, * may cause inappropriate display procedures to be called between * applications under non-Unix environments. */ extern et_old_error_hook_func set_com_err_hook ET_P((et_old_error_hook_func)); extern et_old_error_hook_func reset_com_err_hook ET_P((void)); #endif #ifdef __cplusplus } #endif #if defined(macintosh) && defined(__CFM68K__) && !defined(__USING_STATIC_LIBS__) #pragma import reset #endif #define __COM_ERR_H #endif /* ! defined(__COM_ERR_H) */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosPreferences/0000777000076400007640000000000011632367343024042 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/KerberosPreferences/KerberosPreferences.h0000777000076400007640000001225407403027602030070 00000000000000/* $Copyright: * * Copyright © 2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Permission to use, copy, modify, and distribute this software and its * documentation for any purpose and without fee is hereby granted, * provided that the above copyright notice appear in all copies and that * both that copyright notice and this permission notice appear in * supporting documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Furthermore if you modify * this software you must label your software as modified software and not * distribute it in such a fashion that it might be confused with the * original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/KerberosPreferences/KerberosPreferences.h,v 1.2 2001/12/04 02:05:54 rjs3 Exp $ */ /* * * PreferenceLib.h -- Functions to handle Kerberos Preference file access. * */ #ifndef __KERBEROSPREFERENCES__ #define __KERBEROSPREFERENCES__ #include #if TARGET_API_MAC_OSX && TARGET_API_MAC_CARBON #include #elif TARGET_API_MAC_OS8 || TARGET_API_MAC_CARBON #include #include #else #error "Unknown OS" #endif #if PRAGMA_ONCE #pragma once #endif #ifdef __cplusplus extern "C" { #endif #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /* ************************************************ */ /* Locations for where to look for preference files */ /* ************************************************ */ enum { kpUserPreferences = 0x00000001, kpSystemPreferences = 0x00000002 }; /* ********************** */ /* Name, Creator and Type */ /* ********************** */ #define kerberosPreferences_FileType FOUR_CHAR_CODE ('pref') #define kerberosPreferences_Creator FOUR_CHAR_CODE ('Krb ') #define kerberosPreferences_FileName "\pKerberos Preferences" /* ******************* */ /* Function prototypes */ /* ******************* */ /* ********************************************************* */ /* Creates a valid preference file at the location specified */ /* ********************************************************* */ OSErr KPInitializeWithDefaultKerberosLibraryPreferences ( const FSSpec* prefLocation); /* ****************************************************************************** */ /* File the array with list of preferences that match the options provided */ /* ****************************************************************************** */ OSErr KPGetListOfPreferencesFiles ( UInt32 userSystemFlags, FSSpecPtr* thePrefFiles, UInt32* outNumberOfFiles); /* ********************************************************* */ /* Free the array containing the list of preference files */ /* ********************************************************* */ void KPFreeListOfPreferencesFiles ( FSSpecPtr thePrefFiles); /* ********************************************************* */ /* Check if file exists and is readable */ /* ********************************************************* */ OSErr KPPreferencesFileIsReadable ( const FSSpec* inPrefsFile); /* ********************************************************* */ /* Check if file is writable */ /* ********************************************************* */ OSErr KPPreferencesFileIsWritable ( const FSSpec* inPrefsFile); /* ********************************************************* */ /* Create an empty file */ /* ********************************************************* */ OSErr KPCreatePreferencesFile ( const FSSpec* inPrefsFile); #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif #endif /* __KERBEROSPREFERENCES__ */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos5/0000777000076400007640000000000011632367343021745 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos5/krb5.h0000777000076400007640000031415207403027574022712 00000000000000/* * include/krb5.h * * Copyright 1989,1990,1995 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * * General definitions for Kerberos version 5. */ /* * Copyright (C) 1998 by the FundsXpress, INC. * * All rights reserved. * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of FundsXpress. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef KRB5_GENERAL__ #define KRB5_GENERAL__ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #if TARGET_API_MAC_OS8 || (TARGET_API_MAC_CARBON && !TARGET_API_MAC_OSX) #include #endif #endif #if defined(_MSDOS) || defined(_WIN32) #include #endif #ifndef KRB5_CONFIG__ #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #define KRB5_DLLIMP #define GSS_DLLIMP #define KRB5_EXPORTVAR #define FAR #define NEAR #endif /* !KRB5_CALLCONV */ #endif /* !KRB5_CONFIG__ */ #ifndef THREEPARAMOPEN #define THREEPARAMOPEN(x,y,z) open(x,y,z) #endif #define KRB5_OLD_CRYPTO #ifdef HAVE_SYS_TYPES_H #include #endif #include /* * begin "error_def.h" */ #if TARGET_OS_MAC #include #else #include #endif #include /* * end "error_def.h" */ #ifdef __cplusplus extern "C" { #endif /* Macintoh CFM-68K magic incantation */ #if PRAGMA_IMPORT #pragma import on #endif #if PRAGMA_STRUCT_ALIGN #pragma options align=mac68k #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(push, 2) #elif PRAGMA_STRUCT_PACK #pragma pack(2) #endif /* * begin wordsize.h */ /* * Word-size related definition. */ typedef unsigned char krb5_octet; typedef unsigned char krb5_ui_1; #if (SIZEOF_INT == 2) typedef int krb5_int16; typedef unsigned int krb5_ui_2; #define VALID_INT_BITS 0x7fff #define VALID_UINT_BITS 0xffff #elif (SIZEOF_SHORT == 2) typedef short krb5_int16; typedef unsigned short krb5_ui_2; #else ?==error: undefined 16 bit type #endif #if (SIZEOF_INT == 4) typedef int krb5_int32; typedef unsigned int krb5_ui_4; #define VALID_INT_BITS 0x7fffffff #define VALID_UINT_BITS 0xffffffff #elif (SIZEOF_LONG == 4) typedef long krb5_int32; typedef unsigned long krb5_ui_4; #elif (SIZEOF_SHORT == 4) typedef short krb5_int32; typedef unsigned short krb5_ui_4; #else ?== error: undefined 32 bit type #endif #define KRB5_INT32_MAX 2147483647 /* this strange form is necessary since - is a unary operator, not a sign indicator */ #define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) #define KRB5_INT16_MAX 65535 /* this strange form is necessary since - is a unary operator, not a sign indicator */ #define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) /* * end wordsize.h */ /* * begin "base-defs.h" */ /* * Basic definitions for Kerberos V5 library */ #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif typedef unsigned int krb5_boolean; typedef unsigned int krb5_msgtype; typedef unsigned int krb5_kvno; typedef krb5_int32 krb5_addrtype; typedef krb5_int32 krb5_enctype; typedef krb5_int32 krb5_cksumtype; typedef krb5_int32 krb5_authdatatype; typedef krb5_int32 krb5_keyusage; typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ typedef krb5_int32 krb5_flags; typedef krb5_int32 krb5_timestamp; typedef krb5_int32 krb5_error_code; typedef krb5_int32 krb5_deltat; typedef krb5_error_code krb5_magic; typedef struct _krb5_data { krb5_magic magic; int length; char FAR *data; } krb5_data; /* Define krb5_const as necessary */ /* * Hardcoded scrudge to deal with Ultrix; see note on NPROTOTYPE below */ #if defined(KRB5_NO_CONST) || (defined(__ultrix) && !defined(__GNUC__)) #define krb5_const #else #define krb5_const const #endif #if defined(__STDC__) || defined(__cplusplus) || defined(HAS_VOID_TYPE) typedef void FAR * krb5_pointer; typedef void krb5_const FAR * krb5_const_pointer; #else typedef char FAR * krb5_pointer; typedef char krb5_const FAR * krb5_const_pointer; #endif #if (defined(__STDC__) || defined(__cplusplus) || defined(_MSDOS) || defined(_WIN32) || defined(KRB5_PROVIDE_PROTOTYPES)) && !defined(KRB5_NO_PROTOTYPES) #define KRB5_PROTOTYPE(x) x #if defined(__STDC__) || defined(__cplusplus) || defined(HAVE_STDARG_H) || defined(_MSDOS) || defined(_WIN32) #define KRB5_STDARG_P(x) x #else #define KRB5_STDARG_P(x) () #endif /* defined(__STDC__) || defined(__cplusplus) || defined(HAVE_STDARG_H) */ #else #define KRB5_PROTOTYPE(x) () #define KRB5_STDARG_P(x) () #endif /* STDC or PROTOTYPES */ /* * This gross compiler dependency is in here because the stock Ultrix * compiler defines __STDC__ but doesn't deal with nested prototypes * properly. The reason this isn't tested for is so that this header * is actually useful when installed. */ #if defined(KRB5_NO_NESTED_PROTOTYPES) || (defined(__ultrix) && !defined(__GNUC__)) #define KRB5_NPROTOTYPE(x) () #else #define KRB5_NPROTOTYPE(x) KRB5_PROTOTYPE(x) #endif typedef struct krb5_principal_data { krb5_magic magic; krb5_data realm; krb5_data FAR *data; /* An array of strings */ krb5_int32 length; krb5_int32 type; } krb5_principal_data; typedef krb5_principal_data FAR * krb5_principal; /* * Per V5 spec on definition of principal types */ /* Name type not known */ #define KRB5_NT_UNKNOWN 0 /* Just the name of the principal as in DCE, or for users */ #define KRB5_NT_PRINCIPAL 1 /* Service and other unique instance (krbtgt) */ #define KRB5_NT_SRV_INST 2 /* Service with host name as instance (telnet, rcommands) */ #define KRB5_NT_SRV_HST 3 /* Service with host as remaining components */ #define KRB5_NT_SRV_XHST 4 /* Unique ID */ #define KRB5_NT_UID 5 /* constant version thereof: */ typedef krb5_const krb5_principal_data FAR *krb5_const_principal; #define krb5_princ_realm(context, princ) (&(princ)->realm) #define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) #define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) #define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) #define krb5_princ_size(context, princ) (princ)->length #define krb5_princ_type(context, princ) (princ)->type #define krb5_princ_name(context, princ) (princ)->data #define krb5_princ_component(context, princ,i) ((princ)->data + i) /* * end "base-defs.h" */ /* * begin "hostaddr.h" */ /* structure for address */ typedef struct _krb5_address { krb5_magic magic; krb5_addrtype addrtype; int length; krb5_octet FAR *contents; } krb5_address; /* per Kerberos v5 protocol spec */ #define ADDRTYPE_INET 0x0002 #define ADDRTYPE_CHAOS 0x0005 #define ADDRTYPE_XNS 0x0006 #define ADDRTYPE_ISO 0x0007 #define ADDRTYPE_DDP 0x0010 #define ADDRTYPE_INET6 0x0018 /* not yet in the spec... */ #define ADDRTYPE_ADDRPORT 0x0100 #define ADDRTYPE_IPPORT 0x0101 /* macros to determine if a type is a local type */ #define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) /* * end "hostaddr.h" */ struct _krb5_context; typedef struct _krb5_context FAR * krb5_context; struct _krb5_auth_context; typedef struct _krb5_auth_context FAR * krb5_auth_context; struct _krb5_cryptosystem_entry; /* * begin "encryption.h" */ typedef struct _krb5_keyblock { krb5_magic magic; krb5_enctype enctype; int length; krb5_octet FAR *contents; } krb5_keyblock; #ifdef KRB5_OLD_CRYPTO typedef struct _krb5_encrypt_block { krb5_magic magic; krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need this. it was a pointer, but it doesn't have to be. gross. */ krb5_keyblock FAR *key; } krb5_encrypt_block; #endif typedef struct _krb5_checksum { krb5_magic magic; krb5_cksumtype checksum_type; /* checksum type */ int length; krb5_octet FAR *contents; } krb5_checksum; typedef struct _krb5_enc_data { krb5_magic magic; krb5_enctype enctype; krb5_kvno kvno; krb5_data ciphertext; } krb5_enc_data; /* per Kerberos v5 protocol spec */ #define ENCTYPE_NULL 0x0000 #define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ #define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ #define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ #define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ /* XXX deprecated? */ #define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ #define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ #define ENCTYPE_DES_HMAC_SHA1 0x0008 #define ENCTYPE_DES3_CBC_SHA1 0x0010 #define ENCTYPE_UNKNOWN 0x01ff /* local crud */ /* marc's DES-3 with 32-bit length */ #define ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007 #define CKSUMTYPE_CRC32 0x0001 #define CKSUMTYPE_RSA_MD4 0x0002 #define CKSUMTYPE_RSA_MD4_DES 0x0003 #define CKSUMTYPE_DESCBC 0x0004 /* des-mac-k */ /* rsa-md4-des-k */ #define CKSUMTYPE_RSA_MD5 0x0007 #define CKSUMTYPE_RSA_MD5_DES 0x0008 #define CKSUMTYPE_NIST_SHA 0x0009 #define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #ifndef krb5_roundup /* round x up to nearest multiple of y */ #define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y)) #endif /* roundup */ /* macro function definitions to help clean up code */ #if 1 #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) #else #define krb5_x(ptr,args) ((*(ptr)) args) #define krb5_xc(ptr,args) ((*(ptr)) args) #endif KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_encrypt KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *ivec, krb5_const krb5_data *input, krb5_enc_data *output)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_decrypt KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *ivec, krb5_const krb5_enc_data *input, krb5_data *output)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_encrypt_length KRB5_PROTOTYPE((krb5_context context, krb5_enctype enctype, size_t inputlen, size_t *length)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_block_size KRB5_PROTOTYPE((krb5_context context, krb5_enctype enctype, size_t *blocksize)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_make_random_key KRB5_PROTOTYPE((krb5_context context, krb5_enctype enctype, krb5_keyblock *random_key)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_random_make_octets KRB5_PROTOTYPE((krb5_context context, krb5_data *data)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_random_seed KRB5_PROTOTYPE((krb5_context context, krb5_data *data)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_string_to_key KRB5_PROTOTYPE((krb5_context context, krb5_enctype enctype, krb5_const krb5_data *string, krb5_const krb5_data *salt, krb5_keyblock *key)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_enctype_compare KRB5_PROTOTYPE((krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_make_checksum KRB5_PROTOTYPE((krb5_context context, krb5_cksumtype cksumtype, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *input, krb5_checksum *cksum)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_verify_checksum KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *data, krb5_const krb5_checksum *cksum, krb5_boolean *valid)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_checksum_length KRB5_PROTOTYPE((krb5_context context, krb5_cksumtype cksumtype, size_t *length)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_c_keyed_checksum_types KRB5_PROTOTYPE((krb5_context context, krb5_enctype enctype, unsigned int *count, krb5_cksumtype **cksumtypes)); #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 #define KRB5_KEYUSAGE_KDC_REP_TICKET 2 #define KRB5_KEYUSAGE_AS_REP_ENCPART 3 #define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 #define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 #define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 #define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 #define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 #define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 #define KRB5_KEYUSAGE_AP_REQ_AUTH 11 #define KRB5_KEYUSAGE_AP_REP_ENCPART 12 #define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 #define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 #define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 #define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 #define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 #define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 #define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 #define KRB5_KEYUSAGE_AD_MTE 20 #define KRB5_KEYUSAGE_AD_ITE 21 /* XXX need to register these */ #define KRB5_KEYUSAGE_GSS_TOK_MIC 22 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 #define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 KRB5_DLLIMP krb5_boolean KRB5_CALLCONV valid_enctype KRB5_PROTOTYPE((krb5_const krb5_enctype ktype)); KRB5_DLLIMP krb5_boolean KRB5_CALLCONV valid_cksumtype KRB5_PROTOTYPE((krb5_const krb5_cksumtype ctype)); KRB5_DLLIMP krb5_boolean KRB5_CALLCONV is_coll_proof_cksum KRB5_PROTOTYPE((krb5_const krb5_cksumtype ctype)); KRB5_DLLIMP krb5_boolean KRB5_CALLCONV is_keyed_cksum KRB5_PROTOTYPE((krb5_const krb5_cksumtype ctype)); #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered * on top of the functions above. */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_encrypt KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_pointer inptr, krb5_pointer outptr, krb5_const size_t size, krb5_encrypt_block FAR * eblock, krb5_pointer ivec)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_decrypt KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_pointer inptr, krb5_pointer outptr, krb5_const size_t size, krb5_encrypt_block FAR * eblock, krb5_pointer ivec)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_process_key KRB5_PROTOTYPE((krb5_context context, krb5_encrypt_block FAR * eblock, krb5_const krb5_keyblock FAR * key)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_finish_key KRB5_PROTOTYPE((krb5_context context, krb5_encrypt_block FAR * eblock)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_string_to_key KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_encrypt_block FAR * eblock, krb5_keyblock FAR * keyblock, krb5_const krb5_data FAR * data, krb5_const krb5_data FAR * salt)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_init_random_key KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_encrypt_block FAR * eblock, krb5_const krb5_keyblock FAR * keyblock, krb5_pointer FAR * ptr)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_finish_random_key KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_encrypt_block FAR * eblock, krb5_pointer FAR * ptr)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_random_key KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_encrypt_block FAR * eblock, krb5_pointer ptr, krb5_keyblock FAR * FAR * keyblock)); KRB5_DLLIMP krb5_enctype KRB5_CALLCONV krb5_eblock_enctype KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_encrypt_block FAR * eblock)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_use_enctype KRB5_PROTOTYPE((krb5_context context, krb5_encrypt_block FAR * eblock, krb5_const krb5_enctype enctype)); KRB5_DLLIMP size_t KRB5_CALLCONV krb5_encrypt_size KRB5_PROTOTYPE((krb5_const size_t length, krb5_enctype crypto)); KRB5_DLLIMP size_t KRB5_CALLCONV krb5_checksum_size KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_cksumtype ctype)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_calculate_checksum KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_cksumtype ctype, krb5_const krb5_pointer in, krb5_const size_t in_length, krb5_const krb5_pointer seed, krb5_const size_t seed_length, krb5_checksum FAR * outcksum)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_verify_checksum KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_cksumtype ctype, krb5_const krb5_checksum FAR * cksum, krb5_const krb5_pointer in, krb5_const size_t in_length, krb5_const krb5_pointer seed, krb5_const size_t seed_length)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_random_confounder KRB5_PROTOTYPE((size_t, krb5_pointer)); krb5_error_code krb5_encrypt_data KRB5_PROTOTYPE((krb5_context context, krb5_keyblock *key, krb5_pointer ivec, krb5_data *data, krb5_enc_data *enc_data)); krb5_error_code krb5_decrypt_data KRB5_PROTOTYPE((krb5_context context, krb5_keyblock *key, krb5_pointer ivec, krb5_enc_data *data, krb5_data *enc_data)); #endif /* KRB5_OLD_CRYPTO */ /* * end "encryption.h" */ /* * begin "fieldbits.h" */ /* kdc_options for kdc_request */ /* options is 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ /* #define KDC_OPT_RESERVED 0x80000000 */ #define KDC_OPT_FORWARDABLE 0x40000000 #define KDC_OPT_FORWARDED 0x20000000 #define KDC_OPT_PROXIABLE 0x10000000 #define KDC_OPT_PROXY 0x08000000 #define KDC_OPT_ALLOW_POSTDATE 0x04000000 #define KDC_OPT_POSTDATED 0x02000000 /* #define KDC_OPT_UNUSED 0x01000000 */ #define KDC_OPT_RENEWABLE 0x00800000 /* #define KDC_OPT_UNUSED 0x00400000 */ /* #define KDC_OPT_RESERVED 0x00200000 */ /* #define KDC_OPT_RESERVED 0x00100000 */ /* #define KDC_OPT_RESERVED 0x00080000 */ /* #define KDC_OPT_RESERVED 0x00040000 */ /* #define KDC_OPT_RESERVED 0x00020000 */ /* #define KDC_OPT_RESERVED 0x00010000 */ /* #define KDC_OPT_RESERVED 0x00008000 */ /* #define KDC_OPT_RESERVED 0x00004000 */ /* #define KDC_OPT_RESERVED 0x00002000 */ /* #define KDC_OPT_RESERVED 0x00001000 */ /* #define KDC_OPT_RESERVED 0x00000800 */ /* #define KDC_OPT_RESERVED 0x00000400 */ /* #define KDC_OPT_RESERVED 0x00000200 */ /* #define KDC_OPT_RESERVED 0x00000100 */ /* #define KDC_OPT_RESERVED 0x00000080 */ /* #define KDC_OPT_RESERVED 0x00000040 */ /* #define KDC_OPT_RESERVED 0x00000020 */ #define KDC_OPT_RENEWABLE_OK 0x00000010 #define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 /* #define KDC_OPT_UNUSED 0x00000004 */ #define KDC_OPT_RENEW 0x00000002 #define KDC_OPT_VALIDATE 0x00000001 /* * Mask of ticket flags in the TGT which should be converted into KDC * options when using the TGT to get derivitive tickets. * * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE */ #define KDC_TKT_COMMON_MASK 0x54800000 /* definitions for ap_options fields */ /* ap_options are 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ #define AP_OPTS_RESERVED 0x80000000 #define AP_OPTS_USE_SESSION_KEY 0x40000000 #define AP_OPTS_MUTUAL_REQUIRED 0x20000000 /* #define AP_OPTS_RESERVED 0x10000000 */ /* #define AP_OPTS_RESERVED 0x08000000 */ /* #define AP_OPTS_RESERVED 0x04000000 */ /* #define AP_OPTS_RESERVED 0x02000000 */ /* #define AP_OPTS_RESERVED 0x01000000 */ /* #define AP_OPTS_RESERVED 0x00800000 */ /* #define AP_OPTS_RESERVED 0x00400000 */ /* #define AP_OPTS_RESERVED 0x00200000 */ /* #define AP_OPTS_RESERVED 0x00100000 */ /* #define AP_OPTS_RESERVED 0x00080000 */ /* #define AP_OPTS_RESERVED 0x00040000 */ /* #define AP_OPTS_RESERVED 0x00020000 */ /* #define AP_OPTS_RESERVED 0x00010000 */ /* #define AP_OPTS_RESERVED 0x00008000 */ /* #define AP_OPTS_RESERVED 0x00004000 */ /* #define AP_OPTS_RESERVED 0x00002000 */ /* #define AP_OPTS_RESERVED 0x00001000 */ /* #define AP_OPTS_RESERVED 0x00000800 */ /* #define AP_OPTS_RESERVED 0x00000400 */ /* #define AP_OPTS_RESERVED 0x00000200 */ /* #define AP_OPTS_RESERVED 0x00000100 */ /* #define AP_OPTS_RESERVED 0x00000080 */ /* #define AP_OPTS_RESERVED 0x00000040 */ /* #define AP_OPTS_RESERVED 0x00000020 */ /* #define AP_OPTS_RESERVED 0x00000010 */ /* #define AP_OPTS_RESERVED 0x00000008 */ /* #define AP_OPTS_RESERVED 0x00000004 */ /* #define AP_OPTS_RESERVED 0x00000002 */ #define AP_OPTS_USE_SUBKEY 0x00000001 #define AP_OPTS_WIRE_MASK 0xfffffff0 /* definitions for ad_type fields. */ #define AD_TYPE_RESERVED 0x8000 #define AD_TYPE_EXTERNAL 0x4000 #define AD_TYPE_REGISTERED 0x2000 #define AD_TYPE_FIELD_TYPE_MASK 0x1fff /* Ticket flags */ /* flags are 32 bits; each host is responsible to put the 4 bytes representing these bits into net order before transmission */ /* #define TKT_FLG_RESERVED 0x80000000 */ #define TKT_FLG_FORWARDABLE 0x40000000 #define TKT_FLG_FORWARDED 0x20000000 #define TKT_FLG_PROXIABLE 0x10000000 #define TKT_FLG_PROXY 0x08000000 #define TKT_FLG_MAY_POSTDATE 0x04000000 #define TKT_FLG_POSTDATED 0x02000000 #define TKT_FLG_INVALID 0x01000000 #define TKT_FLG_RENEWABLE 0x00800000 #define TKT_FLG_INITIAL 0x00400000 #define TKT_FLG_PRE_AUTH 0x00200000 #define TKT_FLG_HW_AUTH 0x00100000 /* #define TKT_FLG_RESERVED 0x00080000 */ /* #define TKT_FLG_RESERVED 0x00040000 */ /* #define TKT_FLG_RESERVED 0x00020000 */ /* #define TKT_FLG_RESERVED 0x00010000 */ /* #define TKT_FLG_RESERVED 0x00008000 */ /* #define TKT_FLG_RESERVED 0x00004000 */ /* #define TKT_FLG_RESERVED 0x00002000 */ /* #define TKT_FLG_RESERVED 0x00001000 */ /* #define TKT_FLG_RESERVED 0x00000800 */ /* #define TKT_FLG_RESERVED 0x00000400 */ /* #define TKT_FLG_RESERVED 0x00000200 */ /* #define TKT_FLG_RESERVED 0x00000100 */ /* #define TKT_FLG_RESERVED 0x00000080 */ /* #define TKT_FLG_RESERVED 0x00000040 */ /* #define TKT_FLG_RESERVED 0x00000020 */ /* #define TKT_FLG_RESERVED 0x00000010 */ /* #define TKT_FLG_RESERVED 0x00000008 */ /* #define TKT_FLG_RESERVED 0x00000004 */ /* #define TKT_FLG_RESERVED 0x00000002 */ /* #define TKT_FLG_RESERVED 0x00000001 */ /* definitions for lr_type fields. */ #define LR_TYPE_THIS_SERVER_ONLY 0x8000 #define LR_TYPE_INTERPRETATION_MASK 0x7fff /* definitions for ad_type fields. */ #define AD_TYPE_EXTERNAL 0x4000 #define AD_TYPE_REGISTERED 0x2000 #define AD_TYPE_FIELD_TYPE_MASK 0x1fff #define AD_TYPE_INTERNAL_MASK 0x3fff /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ #define MSEC_DIRBIT 0x8000 #define MSEC_VAL_MASK 0x7fff /* * end "fieldbits.h" */ /* * begin "proto.h" */ /* Protocol version number */ #define KRB5_PVNO 5 /* Message types */ #define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ #define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ #define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ #define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ #define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ #define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ #define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ #define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ #define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ #define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ /* LastReq types */ #define KRB5_LRQ_NONE 0 #define KRB5_LRQ_ALL_LAST_TGT 1 #define KRB5_LRQ_ONE_LAST_TGT (-1) #define KRB5_LRQ_ALL_LAST_INITIAL 2 #define KRB5_LRQ_ONE_LAST_INITIAL (-2) #define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 #define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) #define KRB5_LRQ_ALL_LAST_RENEWAL 4 #define KRB5_LRQ_ONE_LAST_RENEWAL (-4) #define KRB5_LRQ_ALL_LAST_REQ 5 #define KRB5_LRQ_ONE_LAST_REQ (-5) /* PADATA types */ #define KRB5_PADATA_NONE 0 #define KRB5_PADATA_AP_REQ 1 #define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ #define KRB5_PADATA_ENC_TIMESTAMP 2 #define KRB5_PADATA_PW_SALT 3 #if 0 /* Not used */ #define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ #endif #define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ #define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ #define KRB5_PADATA_SESAME 7 /* Sesame project */ #define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ #define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ #define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ #define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ #define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ #define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 #define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ /* Reserved for SPX pre-authentication. */ #define KRB5_PADATA_DASS 16 /* Transited encoding types */ #define KRB5_DOMAIN_X500_COMPRESS 1 /* alternate authentication types */ #define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 /* authorization data types */ #define KRB5_AUTHDATA_OSF_DCE 64 #define KRB5_AUTHDATA_SESAME 65 /* password change constants */ #define KRB5_KPASSWD_SUCCESS 0 #define KRB5_KPASSWD_MALFORMED 1 #define KRB5_KPASSWD_HARDERROR 2 #define KRB5_KPASSWD_AUTHERROR 3 #define KRB5_KPASSWD_SOFTERROR 4 /* * end "proto.h" */ /* Time set */ typedef struct _krb5_ticket_times { krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime in ticket? otherwise client can't get this */ krb5_timestamp starttime; /* optional in ticket, if not present, use authtime */ krb5_timestamp endtime; krb5_timestamp renew_till; } krb5_ticket_times; /* structure for auth data */ typedef struct _krb5_authdata { krb5_magic magic; krb5_authdatatype ad_type; int length; krb5_octet FAR *contents; } krb5_authdata; /* structure for transited encoding */ typedef struct _krb5_transited { krb5_magic magic; krb5_octet tr_type; krb5_data tr_contents; } krb5_transited; typedef struct _krb5_enc_tkt_part { krb5_magic magic; /* to-be-encrypted portion */ krb5_flags flags; /* flags */ krb5_keyblock FAR *session; /* session key: includes enctype */ krb5_principal client; /* client name/realm */ krb5_transited transited; /* list of transited realms */ krb5_ticket_times times; /* auth, start, end, renew_till */ krb5_address FAR * FAR *caddrs; /* array of ptrs to addresses */ krb5_authdata FAR * FAR *authorization_data; /* auth data */ } krb5_enc_tkt_part; typedef struct _krb5_ticket { krb5_magic magic; /* cleartext portion */ krb5_principal server; /* server name/realm */ krb5_enc_data enc_part; /* encryption type, kvno, encrypted encoding */ krb5_enc_tkt_part FAR *enc_part2; /* ptr to decrypted version, if available */ } krb5_ticket; /* the unencrypted version */ typedef struct _krb5_authenticator { krb5_magic magic; krb5_principal client; /* client name/realm */ krb5_checksum FAR *checksum; /* checksum, includes type, optional */ krb5_int32 cusec; /* client usec portion */ krb5_timestamp ctime; /* client sec portion */ krb5_keyblock FAR *subkey; /* true session key, optional */ krb5_int32 seq_number; /* sequence #, optional */ krb5_authdata FAR * FAR *authorization_data; /* New add by Ari, auth data */ } krb5_authenticator; typedef struct _krb5_tkt_authent { krb5_magic magic; krb5_ticket FAR *ticket; krb5_authenticator FAR *authenticator; krb5_flags ap_options; } krb5_tkt_authent; /* credentials: Ticket, session key, etc. */ typedef struct _krb5_creds { krb5_magic magic; krb5_principal client; /* client's principal identifier */ krb5_principal server; /* server's principal identifier */ krb5_keyblock keyblock; /* session encryption key info */ krb5_ticket_times times; /* lifetime info */ krb5_boolean is_skey; /* true if ticket is encrypted in another ticket's skey */ krb5_flags ticket_flags; /* flags in ticket */ krb5_address FAR * FAR *addresses; /* addrs in ticket */ krb5_data ticket; /* ticket string itself */ krb5_data second_ticket; /* second ticket, if related to ticket (via DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ krb5_authdata FAR * FAR *authdata; /* authorization data */ } krb5_creds; /* Last request fields */ typedef struct _krb5_last_req_entry { krb5_magic magic; krb5_octet lr_type; krb5_timestamp value; } krb5_last_req_entry; /* pre-authentication data */ typedef struct _krb5_pa_data { krb5_magic magic; krb5_preauthtype pa_type; int length; krb5_octet FAR *contents; } krb5_pa_data; typedef struct _krb5_kdc_req { krb5_magic magic; krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ krb5_pa_data FAR * FAR *padata; /* e.g. encoded AP_REQ */ /* real body */ krb5_flags kdc_options; /* requested options */ krb5_principal client; /* includes realm; optional */ krb5_principal server; /* includes realm (only used if no client) */ krb5_timestamp from; /* requested starttime */ krb5_timestamp till; /* requested endtime */ krb5_timestamp rtime; /* (optional) requested renew_till */ krb5_int32 nonce; /* nonce to match request/response */ int nktypes; /* # of ktypes, must be positive */ krb5_enctype FAR *ktype; /* requested enctype(s) */ krb5_address FAR * FAR *addresses; /* requested addresses, optional */ krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ krb5_authdata FAR * FAR *unenc_authdata; /* unencrypted auth data, if available */ krb5_ticket FAR * FAR *second_ticket;/* second ticket array; OPTIONAL */ } krb5_kdc_req; typedef struct _krb5_enc_kdc_rep_part { krb5_magic magic; /* encrypted part: */ krb5_msgtype msg_type; /* krb5 message type */ krb5_keyblock FAR *session; /* session key */ krb5_last_req_entry FAR * FAR *last_req; /* array of ptrs to entries */ krb5_int32 nonce; /* nonce from request */ krb5_timestamp key_exp; /* expiration date */ krb5_flags flags; /* ticket flags */ krb5_ticket_times times; /* lifetime info */ krb5_principal server; /* server's principal identifier */ krb5_address FAR * FAR *caddrs; /* array of ptrs to addresses, optional */ } krb5_enc_kdc_rep_part; typedef struct _krb5_kdc_rep { krb5_magic magic; /* cleartext part: */ krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ krb5_pa_data FAR * FAR *padata; /* preauthentication data from KDC */ krb5_principal client; /* client's principal identifier */ krb5_ticket FAR *ticket; /* ticket */ krb5_enc_data enc_part; /* encryption type, kvno, encrypted encoding */ krb5_enc_kdc_rep_part FAR *enc_part2;/* unencrypted version, if available */ } krb5_kdc_rep; /* error message structure */ typedef struct _krb5_error { krb5_magic magic; /* some of these may be meaningless in certain contexts */ krb5_timestamp ctime; /* client sec portion; optional */ krb5_int32 cusec; /* client usec portion; optional */ krb5_int32 susec; /* server usec portion */ krb5_timestamp stime; /* server sec portion */ krb5_ui_4 error; /* error code (protocol error #'s) */ krb5_principal client; /* client's principal identifier; optional */ krb5_principal server; /* server's principal identifier */ krb5_data text; /* descriptive text */ krb5_data e_data; /* additional error-describing data */ } krb5_error; typedef struct _krb5_ap_req { krb5_magic magic; krb5_flags ap_options; /* requested options */ krb5_ticket FAR *ticket; /* ticket */ krb5_enc_data authenticator; /* authenticator (already encrypted) */ } krb5_ap_req; typedef struct _krb5_ap_rep { krb5_magic magic; krb5_enc_data enc_part; } krb5_ap_rep; typedef struct _krb5_ap_rep_enc_part { krb5_magic magic; krb5_timestamp ctime; /* client time, seconds portion */ krb5_int32 cusec; /* client time, microseconds portion */ krb5_keyblock FAR *subkey; /* true session key, optional */ krb5_int32 seq_number; /* sequence #, optional */ } krb5_ap_rep_enc_part; typedef struct _krb5_response { krb5_magic magic; krb5_octet message_type; krb5_data response; krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ krb5_timestamp request_time; /* When we made the request */ } krb5_response; typedef struct _krb5_safe { krb5_magic magic; krb5_data user_data; /* user data */ krb5_timestamp timestamp; /* client time, optional */ krb5_int32 usec; /* microsecond portion of time, optional */ krb5_int32 seq_number; /* sequence #, optional */ krb5_address FAR *s_address; /* sender address */ krb5_address FAR *r_address; /* recipient address, optional */ krb5_checksum FAR *checksum; /* data integrity checksum */ } krb5_safe; typedef struct _krb5_priv { krb5_magic magic; krb5_enc_data enc_part; /* encrypted part */ } krb5_priv; typedef struct _krb5_priv_enc_part { krb5_magic magic; krb5_data user_data; /* user data */ krb5_timestamp timestamp; /* client time, optional */ krb5_int32 usec; /* microsecond portion of time, opt. */ krb5_int32 seq_number; /* sequence #, optional */ krb5_address FAR *s_address; /* sender address */ krb5_address FAR *r_address; /* recipient address, optional */ } krb5_priv_enc_part; typedef struct _krb5_cred_info { krb5_magic magic; krb5_keyblock FAR *session; /* session key used to encrypt */ /* ticket */ krb5_principal client; /* client name/realm, optional */ krb5_principal server; /* server name/realm, optional */ krb5_flags flags; /* ticket flags, optional */ krb5_ticket_times times; /* auth, start, end, renew_till, */ /* optional */ krb5_address FAR * FAR *caddrs; /* array of ptrs to addresses */ } krb5_cred_info; typedef struct _krb5_cred_enc_part { krb5_magic magic; krb5_int32 nonce; /* nonce, optional */ krb5_timestamp timestamp; /* client time */ krb5_int32 usec; /* microsecond portion of time */ krb5_address FAR *s_address; /* sender address, optional */ krb5_address FAR *r_address; /* recipient address, optional */ krb5_cred_info FAR * FAR *ticket_info; } krb5_cred_enc_part; typedef struct _krb5_cred { krb5_magic magic; krb5_ticket FAR * FAR *tickets; /* tickets */ krb5_enc_data enc_part; /* encrypted part */ krb5_cred_enc_part FAR *enc_part2; /* unencrypted version, if available*/ } krb5_cred; /* Sandia password generation structures */ typedef struct _passwd_phrase_element { krb5_magic magic; krb5_data FAR *passwd; krb5_data FAR *phrase; } passwd_phrase_element; typedef struct _krb5_pwd_data { krb5_magic magic; int sequence_count; passwd_phrase_element FAR * FAR *element; } krb5_pwd_data; /* these need to be here so the typedefs are available for the prototypes */ /* * begin "safepriv.h" */ #define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 #define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 #define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 #define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 typedef struct krb5_replay_data { krb5_timestamp timestamp; krb5_int32 usec; krb5_int32 seq; } krb5_replay_data; /* flags for krb5_auth_con_genaddrs() */ #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 /* * end "safepriv.h" */ /* * begin "ccache.h" */ typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ struct _krb5_ccache; typedef struct _krb5_ccache FAR *krb5_ccache; struct _krb5_cc_ops; typedef struct _krb5_cc_ops krb5_cc_ops; /* for retrieve_cred */ #define KRB5_TC_MATCH_TIMES 0x00000001 #define KRB5_TC_MATCH_IS_SKEY 0x00000002 #define KRB5_TC_MATCH_FLAGS 0x00000004 #define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 #define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 #define KRB5_TC_MATCH_AUTHDATA 0x00000020 #define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 #define KRB5_TC_MATCH_2ND_TKT 0x00000080 #define KRB5_TC_MATCH_KTYPE 0x00000100 #define KRB5_TC_SUPPORTED_KTYPES 0x00000200 /* for set_flags and other functions */ #define KRB5_TC_OPENCLOSE 0x00000001 KRB5_DLLIMP const char FAR * KRB5_CALLCONV krb5_cc_get_name (krb5_context context, krb5_ccache cache); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_gen_new (krb5_context context, krb5_ccache FAR *cache); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_initialize(krb5_context context, krb5_ccache cache, krb5_principal principal); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_destroy (krb5_context context, krb5_ccache cache); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_close (krb5_context context, krb5_ccache cache); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_store_cred (krb5_context context, krb5_ccache cache, krb5_creds FAR *creds); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds FAR *mcreds, krb5_creds FAR *creds); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_get_principal (krb5_context context, krb5_ccache cache, krb5_principal FAR *principal); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, krb5_cc_cursor FAR *cursor); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_next_cred (krb5_context context, krb5_ccache cache, krb5_cc_cursor FAR *cursor, krb5_creds FAR *creds); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, krb5_cc_cursor FAR *cursor); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds FAR *creds); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags); KRB5_DLLIMP const char FAR * krb5_cc_get_type (krb5_context context, krb5_ccache cache); /* * end "ccache.h" */ /* * begin "rcache.h" */ typedef struct krb5_rc_st { krb5_magic magic; struct _krb5_rc_ops FAR *ops; krb5_pointer data; } FAR *krb5_rcache; typedef struct _krb5_donot_replay { krb5_magic magic; char FAR *server; /* null-terminated */ char FAR *client; /* null-terminated */ krb5_int32 cusec; krb5_timestamp ctime; } krb5_donot_replay; typedef struct _krb5_rc_ops { krb5_magic magic; char FAR *type; krb5_error_code (KRB5_CALLCONV *init) KRB5_NPROTOTYPE((krb5_context, krb5_rcache,krb5_deltat)); /* create */ krb5_error_code (KRB5_CALLCONV *recover) KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); /* open */ krb5_error_code (KRB5_CALLCONV *destroy) KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); krb5_error_code (KRB5_CALLCONV *close) KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); krb5_error_code (KRB5_CALLCONV *store) KRB5_NPROTOTYPE((krb5_context, krb5_rcache,krb5_donot_replay FAR *)); krb5_error_code (KRB5_CALLCONV *expunge) KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); krb5_error_code (KRB5_CALLCONV *get_span) KRB5_NPROTOTYPE((krb5_context, krb5_rcache,krb5_deltat FAR *)); char FAR *(KRB5_CALLCONV *get_name) KRB5_NPROTOTYPE((krb5_context, krb5_rcache)); krb5_error_code (KRB5_CALLCONV *resolve) KRB5_NPROTOTYPE((krb5_context, krb5_rcache, char FAR *)); } krb5_rc_ops; krb5_error_code krb5_rc_default KRB5_PROTOTYPE((krb5_context, krb5_rcache FAR *)); krb5_error_code krb5_rc_register_type KRB5_PROTOTYPE((krb5_context, krb5_rc_ops FAR *)); krb5_error_code krb5_rc_resolve_type KRB5_PROTOTYPE((krb5_context, krb5_rcache FAR *,char FAR *)); krb5_error_code krb5_rc_resolve_full KRB5_PROTOTYPE((krb5_context, krb5_rcache FAR *,char FAR *)); char FAR * krb5_rc_get_type KRB5_PROTOTYPE((krb5_context, krb5_rcache)); char FAR * krb5_rc_default_type KRB5_PROTOTYPE((krb5_context)); char FAR * krb5_rc_default_name KRB5_PROTOTYPE((krb5_context)); krb5_error_code krb5_auth_to_rep KRB5_PROTOTYPE((krb5_context, krb5_tkt_authent FAR *, krb5_donot_replay FAR *)); #define krb5_rc_initialize(context, id, span) krb5_x((id)->ops->init,(context, id, span)) #define krb5_rc_recover(context, id) krb5_x((id)->ops->recover,(context, id)) #define krb5_rc_destroy(context, id) krb5_x((id)->ops->destroy,(context, id)) #define krb5_rc_close(context, id) krb5_x((id)->ops->close,(context, id)) #define krb5_rc_store(context, id, dontreplay) krb5_x((id)->ops->store,(context, id, dontreplay)) #define krb5_rc_expunge(context, id) krb5_x((id)->ops->expunge,(context, id)) #define krb5_rc_get_lifespan(context, id, spanp) krb5_x((id)->ops->get_span,(context, id, spanp)) #define krb5_rc_get_name(context, id) krb5_xc((id)->ops->get_name,(context, id)) #define krb5_rc_resolve(context, id, name) krb5_x((id)->ops->resolve,(context, id, name)) extern krb5_rc_ops krb5_rc_dfl_ops; /* * end "rcache.h" */ /* * begin "keytab.h" */ /* XXX */ #define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ typedef krb5_pointer krb5_kt_cursor; /* XXX */ typedef struct krb5_keytab_entry_st { krb5_magic magic; krb5_principal principal; /* principal of this key */ krb5_timestamp timestamp; /* time entry written to keytable */ krb5_kvno vno; /* key version number */ krb5_keyblock key; /* the secret key */ } krb5_keytab_entry; typedef struct _krb5_kt { krb5_magic magic; struct _krb5_kt_ops FAR *ops; krb5_pointer data; } FAR *krb5_keytab; typedef struct _krb5_kt_ops { krb5_magic magic; char FAR *prefix; /* routines always present */ krb5_error_code (KRB5_CALLCONV *resolve) KRB5_NPROTOTYPE((krb5_context, krb5_const char FAR *, krb5_keytab FAR *)); krb5_error_code (KRB5_CALLCONV *get_name) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, char FAR *, int)); krb5_error_code (KRB5_CALLCONV *close) KRB5_NPROTOTYPE((krb5_context, krb5_keytab)); krb5_error_code (KRB5_CALLCONV *get) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry FAR *)); krb5_error_code (KRB5_CALLCONV *start_seq_get) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, krb5_kt_cursor FAR *)); krb5_error_code (KRB5_CALLCONV *get_next) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, krb5_keytab_entry FAR *, krb5_kt_cursor FAR *)); krb5_error_code (KRB5_CALLCONV *end_get) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, krb5_kt_cursor FAR *)); /* routines to be included on extended version (write routines) */ krb5_error_code (KRB5_CALLCONV *add) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, krb5_keytab_entry FAR *)); krb5_error_code (KRB5_CALLCONV *remove) KRB5_NPROTOTYPE((krb5_context, krb5_keytab, krb5_keytab_entry FAR *)); /* Handle for serializer */ void * serializer; } krb5_kt_ops; #define krb5_kt_get_type(context, keytab) ((keytab)->ops->prefix) #define krb5_kt_get_name(context, keytab, name, namelen) krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen)) #define krb5_kt_close(context, keytab) krb5_x((keytab)->ops->close,(context, keytab)) #define krb5_kt_get_entry(context, keytab, principal, vno, enctype, entry) krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype, entry)) #define krb5_kt_start_seq_get(context, keytab, cursor) krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor)) #define krb5_kt_next_entry(context, keytab, entry, cursor) krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor)) #define krb5_kt_end_seq_get(context, keytab, cursor) krb5_x((keytab)->ops->end_get,(context, keytab, cursor)) /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ extern krb5_kt_ops krb5_kt_dfl_ops; /* * end "keytab.h" */ /* * begin "func-proto.h" */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_init_context KRB5_PROTOTYPE((krb5_context FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_init_secure_context KRB5_PROTOTYPE((krb5_context FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_context KRB5_PROTOTYPE((krb5_context)); krb5_error_code krb5_set_default_in_tkt_ktypes KRB5_PROTOTYPE((krb5_context, krb5_const krb5_enctype *)); krb5_error_code krb5_get_default_in_tkt_ktypes KRB5_PROTOTYPE((krb5_context, krb5_enctype **)); krb5_error_code krb5_set_default_tgs_ktypes KRB5_PROTOTYPE((krb5_context, krb5_const krb5_enctype *)); krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes KRB5_PROTOTYPE((krb5_context, krb5_const_principal, krb5_enctype **)); krb5_error_code krb5_get_permitted_enctypes KRB5_PROTOTYPE((krb5_context, krb5_enctype **)); void KRB5_CALLCONV krb5_free_ktypes KRB5_PROTOTYPE ((krb5_context, krb5_enctype *)); krb5_boolean krb5_is_permitted_enctype KRB5_PROTOTYPE((krb5_context, krb5_enctype)); /* libkrb.spec */ krb5_error_code krb5_kdc_rep_decrypt_proc KRB5_PROTOTYPE((krb5_context, krb5_const krb5_keyblock *, krb5_const_pointer, krb5_kdc_rep * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part KRB5_PROTOTYPE((krb5_context, krb5_const krb5_keyblock FAR *, krb5_ticket FAR * )); krb5_error_code krb5_get_cred_from_kdc KRB5_PROTOTYPE((krb5_context, krb5_ccache, /* not const, as reading may save state */ krb5_creds *, krb5_creds **, krb5_creds *** )); krb5_error_code krb5_get_cred_from_kdc_validate KRB5_PROTOTYPE((krb5_context, krb5_ccache, /* not const, as reading may save state */ krb5_creds *, krb5_creds **, krb5_creds *** )); krb5_error_code krb5_get_cred_from_kdc_renew KRB5_PROTOTYPE((krb5_context, krb5_ccache, /* not const, as reading may save state */ krb5_creds *, krb5_creds **, krb5_creds *** )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_tgt_creds KRB5_PROTOTYPE((krb5_context, krb5_creds FAR * FAR* )); /* XXX too hard to do with const */ #define KRB5_GC_USER_USER 1 /* want user-user ticket */ #define KRB5_GC_CACHED 2 /* want cached ticket only */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_credentials KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_ccache, krb5_creds FAR *, krb5_creds FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_ccache, krb5_creds FAR *, krb5_creds FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_ccache, krb5_creds FAR *, krb5_creds FAR * FAR *)); krb5_error_code krb5_get_cred_via_tkt KRB5_PROTOTYPE((krb5_context, krb5_creds *, krb5_const krb5_flags, krb5_address * krb5_const *, krb5_creds *, krb5_creds **)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_req KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *, krb5_const krb5_flags, char FAR *, char FAR *, krb5_data FAR *, krb5_ccache, krb5_data FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_req_extended KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *, krb5_const krb5_flags, krb5_data FAR *, krb5_creds FAR *, krb5_data FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_rep KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_rep KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_const krb5_data FAR *, krb5_ap_rep_enc_part FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_error KRB5_PROTOTYPE((krb5_context, krb5_const krb5_error FAR *, krb5_data FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_error KRB5_PROTOTYPE((krb5_context, krb5_const krb5_data FAR *, krb5_error FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_safe KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_const krb5_data FAR *, krb5_data FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_priv KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_const krb5_data FAR *, krb5_data FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_parse_name KRB5_PROTOTYPE((krb5_context, krb5_const char FAR *, krb5_principal FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_unparse_name KRB5_PROTOTYPE((krb5_context, krb5_const_principal, char FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext KRB5_PROTOTYPE((krb5_context, krb5_const_principal, char FAR * FAR *, int FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_set_principal_realm KRB5_PROTOTYPE((krb5_context, krb5_principal, const char FAR *)); krb5_boolean krb5_address_search KRB5_PROTOTYPE((krb5_context, krb5_const krb5_address *, krb5_address * krb5_const *)); krb5_boolean krb5_address_compare KRB5_PROTOTYPE((krb5_context, krb5_const krb5_address *, krb5_const krb5_address *)); int krb5_address_order KRB5_PROTOTYPE((krb5_context, krb5_const krb5_address *, krb5_const krb5_address *)); krb5_boolean krb5_realm_compare KRB5_PROTOTYPE((krb5_context, krb5_const_principal, krb5_const_principal)); KRB5_DLLIMP krb5_boolean KRB5_CALLCONV krb5_principal_compare KRB5_PROTOTYPE((krb5_context, krb5_const_principal, krb5_const_principal)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_keyblock KRB5_PROTOTYPE((krb5_context, krb5_const krb5_keyblock FAR *, krb5_keyblock FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents KRB5_PROTOTYPE((krb5_context, krb5_const krb5_keyblock FAR *, krb5_keyblock FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_creds KRB5_PROTOTYPE((krb5_context, krb5_const krb5_creds FAR *, krb5_creds FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_data KRB5_PROTOTYPE((krb5_context, krb5_const krb5_data FAR *, krb5_data FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_principal KRB5_PROTOTYPE((krb5_context, krb5_const_principal, krb5_principal FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_addr KRB5_PROTOTYPE((krb5_context, const krb5_address FAR *, krb5_address FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_addresses KRB5_PROTOTYPE((krb5_context, krb5_address FAR * krb5_const FAR *, krb5_address FAR * FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_ticket KRB5_PROTOTYPE((krb5_context, krb5_const krb5_ticket FAR *, krb5_ticket FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_authdata KRB5_PROTOTYPE((krb5_context, krb5_authdata FAR * krb5_const FAR *, krb5_authdata FAR * FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_authenticator KRB5_PROTOTYPE((krb5_context, krb5_const krb5_authenticator FAR *, krb5_authenticator FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_copy_checksum KRB5_PROTOTYPE((krb5_context, krb5_const krb5_checksum FAR *, krb5_checksum FAR * FAR *)); void krb5_init_ets KRB5_PROTOTYPE((krb5_context)); void krb5_free_ets KRB5_PROTOTYPE((krb5_context)); krb5_error_code krb5_generate_subkey KRB5_PROTOTYPE((krb5_context, krb5_const krb5_keyblock *, krb5_keyblock **)); krb5_error_code krb5_generate_seq_number KRB5_PROTOTYPE((krb5_context, krb5_const krb5_keyblock *, krb5_int32 *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_server_rcache KRB5_PROTOTYPE((krb5_context, krb5_const krb5_data *, krb5_rcache *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext KRB5_STDARG_P((krb5_context, krb5_principal FAR *, int, krb5_const char FAR *, ...)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV_C krb5_build_principal KRB5_STDARG_P((krb5_context, krb5_principal FAR *, int, krb5_const char FAR *, ...)); #ifdef va_start /* XXX depending on varargs include file defining va_start... */ krb5_error_code krb5_build_principal_va KRB5_PROTOTYPE((krb5_context, krb5_principal, int, krb5_const char *, va_list)); #endif KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_425_conv_principal KRB5_PROTOTYPE((krb5_context, krb5_const char FAR *name, krb5_const char FAR *instance, krb5_const char FAR *realm, krb5_principal FAR *princ)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_524_conv_principal KRB5_PROTOTYPE((krb5_context context, krb5_const krb5_principal princ, char FAR *name, char FAR *inst, char FAR *realm)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_chpw_req KRB5_PROTOTYPE((krb5_context context, krb5_auth_context auth_context, krb5_data *ap_req, char *passwd, krb5_data *packet)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_chpw_rep KRB5_PROTOTYPE((krb5_context context, krb5_auth_context auth_context, krb5_data *packet, int *result_code, krb5_data *result_data)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_chpw_result_code_string KRB5_PROTOTYPE((krb5_context context, int result_code, char **result_codestr)); /* libkt.spec */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_register KRB5_PROTOTYPE((krb5_context, krb5_kt_ops FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_resolve KRB5_PROTOTYPE((krb5_context, krb5_const char FAR *, krb5_keytab FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_default_name KRB5_PROTOTYPE((krb5_context, char FAR *, int )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_default KRB5_PROTOTYPE((krb5_context, krb5_keytab FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_free_entry KRB5_PROTOTYPE((krb5_context, krb5_keytab_entry FAR * )); /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry KRB5_PROTOTYPE((krb5_context, krb5_keytab, krb5_keytab_entry FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_add_entry KRB5_PROTOTYPE((krb5_context, krb5_keytab, krb5_keytab_entry FAR * )); krb5_error_code krb5_principal2salt KRB5_PROTOTYPE((krb5_context, krb5_const_principal, krb5_data *)); krb5_error_code krb5_principal2salt_norealm KRB5_PROTOTYPE((krb5_context, krb5_const_principal, krb5_data *)); /* librc.spec--see rcache.h */ /* libcc.spec */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_resolve KRB5_PROTOTYPE((krb5_context, const char FAR *, krb5_ccache FAR * )); KRB5_DLLIMP const char FAR * KRB5_CALLCONV krb5_cc_default_name KRB5_PROTOTYPE((krb5_context)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name KRB5_PROTOTYPE((krb5_context, const char *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_default KRB5_PROTOTYPE((krb5_context, krb5_ccache FAR *)); KRB5_DLLIMP unsigned int KRB5_CALLCONV krb5_get_notification_message KRB5_PROTOTYPE((void)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds KRB5_PROTOTYPE((krb5_context context, krb5_ccache incc, krb5_ccache outcc)); /* chk_trans.c */ krb5_error_code krb5_check_transited_list KRB5_PROTOTYPE((krb5_context, krb5_data *trans, krb5_data *realm1, krb5_data *realm2)); /* free_rtree.c */ void krb5_free_realm_tree KRB5_PROTOTYPE((krb5_context, krb5_principal *)); /* krb5_free.c */ KRB5_DLLIMP void KRB5_CALLCONV krb5_free_principal KRB5_PROTOTYPE((krb5_context, krb5_principal )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_authenticator KRB5_PROTOTYPE((krb5_context, krb5_authenticator FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_authenticator_contents KRB5_PROTOTYPE((krb5_context, krb5_authenticator FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_addresses KRB5_PROTOTYPE((krb5_context, krb5_address FAR * FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_address KRB5_PROTOTYPE((krb5_context, krb5_address FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_authdata KRB5_PROTOTYPE((krb5_context, krb5_authdata FAR * FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_enc_tkt_part KRB5_PROTOTYPE((krb5_context, krb5_enc_tkt_part FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_ticket KRB5_PROTOTYPE((krb5_context, krb5_ticket FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_tickets KRB5_PROTOTYPE((krb5_context, krb5_ticket FAR * FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_kdc_req KRB5_PROTOTYPE((krb5_context, krb5_kdc_req FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_kdc_rep KRB5_PROTOTYPE((krb5_context, krb5_kdc_rep FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_last_req KRB5_PROTOTYPE((krb5_context, krb5_last_req_entry FAR * FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_enc_kdc_rep_part KRB5_PROTOTYPE((krb5_context, krb5_enc_kdc_rep_part FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_error KRB5_PROTOTYPE((krb5_context, krb5_error FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_ap_req KRB5_PROTOTYPE((krb5_context, krb5_ap_req FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_ap_rep KRB5_PROTOTYPE((krb5_context, krb5_ap_rep FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_safe KRB5_PROTOTYPE((krb5_context, krb5_safe FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_priv KRB5_PROTOTYPE((krb5_context, krb5_priv FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_priv_enc_part KRB5_PROTOTYPE((krb5_context, krb5_priv_enc_part FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_cred KRB5_PROTOTYPE((krb5_context, krb5_cred FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_creds KRB5_PROTOTYPE((krb5_context, krb5_creds FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_cred_contents KRB5_PROTOTYPE((krb5_context, krb5_creds FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_cred_enc_part KRB5_PROTOTYPE((krb5_context, krb5_cred_enc_part FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_checksum KRB5_PROTOTYPE((krb5_context, krb5_checksum FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_checksum_contents KRB5_PROTOTYPE((krb5_context, krb5_checksum FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_keyblock KRB5_PROTOTYPE((krb5_context, krb5_keyblock FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_keyblock_contents KRB5_PROTOTYPE((krb5_context, krb5_keyblock FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_pa_data KRB5_PROTOTYPE((krb5_context, krb5_pa_data FAR * FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_ap_rep_enc_part KRB5_PROTOTYPE((krb5_context, krb5_ap_rep_enc_part FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_tkt_authent KRB5_PROTOTYPE((krb5_context, krb5_tkt_authent FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_pwd_data KRB5_PROTOTYPE((krb5_context, krb5_pwd_data FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_pwd_sequences KRB5_PROTOTYPE((krb5_context, passwd_phrase_element FAR * FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_data KRB5_PROTOTYPE((krb5_context, krb5_data FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_data_contents KRB5_PROTOTYPE((krb5_context, krb5_data FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_unparsed_name KRB5_PROTOTYPE((krb5_context, char FAR *)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_cksumtypes KRB5_PROTOTYPE((krb5_context, krb5_cksumtype FAR *)); /* From krb5/os but needed but by the outside world */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_us_timeofday KRB5_PROTOTYPE((krb5_context, krb5_int32 FAR *, krb5_int32 FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_timeofday KRB5_PROTOTYPE((krb5_context, krb5_int32 FAR * )); /* get all the addresses of this host */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_os_localaddr KRB5_PROTOTYPE((krb5_context, krb5_address FAR * FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_default_realm KRB5_PROTOTYPE((krb5_context, char FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_set_default_realm KRB5_PROTOTYPE((krb5_context, krb5_const char FAR * )); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_default_realm KRB5_PROTOTYPE((krb5_context, char FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_sname_to_principal KRB5_PROTOTYPE((krb5_context, krb5_const char FAR *, krb5_const char FAR *, krb5_int32, krb5_principal FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_change_password KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string)); #ifndef macintosh krb5_error_code krb5_set_config_files KRB5_PROTOTYPE ((krb5_context, krb5_const char FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_default_config_files KRB5_PROTOTYPE((char ***filenames)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_config_files KRB5_PROTOTYPE((char **filenames)); #endif KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_profile KRB5_PROTOTYPE((krb5_context, profile_t *)); krb5_error_code krb5_send_tgs KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_const krb5_ticket_times *, krb5_const krb5_enctype *, krb5_const_principal, krb5_address * krb5_const *, krb5_authdata * krb5_const *, krb5_pa_data * krb5_const *, krb5_const krb5_data *, krb5_creds *, krb5_response * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_in_tkt KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_address FAR * krb5_const FAR *, krb5_enctype FAR *, krb5_preauthtype FAR *, krb5_error_code ( FAR * )(krb5_context, krb5_const krb5_enctype, krb5_data FAR *, krb5_const_pointer, krb5_keyblock FAR * FAR *), krb5_const_pointer, krb5_error_code ( FAR * )(krb5_context, krb5_const krb5_keyblock FAR *, krb5_const_pointer, krb5_kdc_rep FAR * ), krb5_const_pointer, krb5_creds FAR *, krb5_ccache, krb5_kdc_rep FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_address FAR * krb5_const FAR *, krb5_enctype FAR *, krb5_preauthtype FAR *, krb5_const char FAR *, krb5_ccache, krb5_creds FAR *, krb5_kdc_rep FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_address FAR * krb5_const FAR *, krb5_enctype FAR *, krb5_preauthtype FAR *, krb5_const krb5_keyblock FAR *, krb5_ccache, krb5_creds FAR *, krb5_kdc_rep FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab KRB5_PROTOTYPE((krb5_context, krb5_const krb5_flags, krb5_address FAR * krb5_const FAR *, krb5_enctype FAR *, krb5_preauthtype FAR *, krb5_const krb5_keytab, krb5_ccache, krb5_creds FAR *, krb5_kdc_rep FAR * FAR * )); krb5_error_code krb5_decode_kdc_rep KRB5_PROTOTYPE((krb5_context, krb5_data *, krb5_const krb5_keyblock *, krb5_kdc_rep ** )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_req KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *, krb5_const krb5_data FAR *, krb5_const_principal, krb5_keytab, krb5_flags FAR *, krb5_ticket FAR * FAR *)); krb5_error_code krb5_rd_req_decoded KRB5_PROTOTYPE((krb5_context, krb5_auth_context *, krb5_const krb5_ap_req *, krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **)); krb5_error_code krb5_rd_req_decoded_anyflag KRB5_PROTOTYPE((krb5_context, krb5_auth_context *, krb5_const krb5_ap_req *, krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key KRB5_PROTOTYPE((krb5_context, krb5_pointer, krb5_principal, krb5_kvno, krb5_enctype, krb5_keyblock FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_safe KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_const krb5_data FAR *, krb5_data FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_priv KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_const krb5_data FAR *, krb5_data FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cc_register KRB5_PROTOTYPE((krb5_context, krb5_cc_ops FAR *, krb5_boolean )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_sendauth KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *, krb5_pointer, char FAR *, krb5_principal, krb5_principal, krb5_flags, krb5_data FAR *, krb5_creds FAR *, krb5_ccache, krb5_error FAR * FAR *, krb5_ap_rep_enc_part FAR * FAR *, krb5_creds FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_recvauth KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *, krb5_pointer, char FAR *, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_recvauth_version KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *, krb5_pointer, krb5_principal, krb5_int32, krb5_keytab, krb5_ticket FAR * FAR *, krb5_data FAR *)); krb5_error_code krb5_walk_realm_tree KRB5_PROTOTYPE((krb5_context, krb5_const krb5_data *, krb5_const krb5_data *, krb5_principal **, int)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_ncred KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_creds FAR * FAR *, krb5_data FAR * FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_mk_1cred KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_creds FAR *, krb5_data FAR * FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_rd_cred KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_data FAR *, krb5_creds FAR * FAR * FAR *, krb5_replay_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds KRB5_PROTOTYPE((krb5_context, krb5_auth_context, char FAR *, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_init KRB5_PROTOTYPE((krb5_context, krb5_auth_context FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_free KRB5_PROTOTYPE((krb5_context, krb5_auth_context)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_int32)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_int32 FAR *)); krb5_error_code krb5_auth_con_setaddrs KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_address *, krb5_address *)); krb5_error_code krb5_auth_con_getaddrs KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_address **, krb5_address **)); krb5_error_code krb5_auth_con_setports KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_address *, krb5_address *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_keyblock FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_keyblock **)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_keyblock FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_cksumtype)); krb5_error_code krb5_auth_con_set_safe_cksumtype KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_cksumtype)); krb5_error_code krb5_auth_con_getcksumtype KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_cksumtype *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_int32 FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_int32 FAR *)); krb5_error_code krb5_auth_con_initivector KRB5_PROTOTYPE((krb5_context, krb5_auth_context)); krb5_error_code krb5_auth_con_setivector KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_pointer)); krb5_error_code krb5_auth_con_getivector KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_pointer *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_rcache)); krb5_error_code krb5_auth_con_getrcache KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_rcache *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_authenticator FAR * FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey KRB5_PROTOTYPE((krb5_context, krb5_auth_context, krb5_keyblock FAR * FAR *)); #define KRB5_REALM_BRANCH_CHAR '.' /* * end "func-proto.h" */ /* * begin stuff from libos.h */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_read_password KRB5_PROTOTYPE((krb5_context, const char FAR *, const char FAR *, char FAR *, int FAR * )); krb5_error_code krb5_aname_to_localname KRB5_PROTOTYPE((krb5_context, krb5_const_principal, const int, char * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_host_realm KRB5_PROTOTYPE((krb5_context, const char FAR *, char FAR * FAR * FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_free_host_realm KRB5_PROTOTYPE((krb5_context, char FAR * const FAR * )); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_realm_domain KRB5_PROTOTYPE((krb5_context, const char *, char ** )); KRB5_DLLIMP krb5_boolean KRB5_CALLCONV krb5_kuserok KRB5_PROTOTYPE((krb5_context, krb5_principal, const char *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs KRB5_PROTOTYPE((krb5_context, krb5_auth_context, int, int)); krb5_error_code krb5_gen_portaddr KRB5_PROTOTYPE((krb5_context, const krb5_address *, krb5_const_pointer, krb5_address **)); krb5_error_code krb5_make_fulladdr KRB5_PROTOTYPE((krb5_context, krb5_address *, krb5_address *, krb5_address *)); krb5_error_code krb5_os_hostaddr KRB5_PROTOTYPE((krb5_context, const char *, krb5_address ***)); krb5_error_code krb5_set_real_time KRB5_PROTOTYPE((krb5_context, krb5_int32, krb5_int32)); krb5_error_code krb5_set_debugging_time KRB5_PROTOTYPE((krb5_context, krb5_int32, krb5_int32)); krb5_error_code krb5_use_natural_time KRB5_PROTOTYPE((krb5_context)); krb5_error_code krb5_get_time_offsets KRB5_PROTOTYPE((krb5_context, krb5_int32 *, krb5_int32 *)); krb5_error_code krb5_set_time_offsets KRB5_PROTOTYPE((krb5_context, krb5_int32, krb5_int32)); /* str_conv.c */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_string_to_enctype KRB5_PROTOTYPE((char FAR *, krb5_enctype FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_string_to_salttype KRB5_PROTOTYPE((char FAR *, krb5_int32 FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype KRB5_PROTOTYPE((char FAR *, krb5_cksumtype FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp KRB5_PROTOTYPE((char FAR *, krb5_timestamp FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_string_to_deltat KRB5_PROTOTYPE((char FAR *, krb5_deltat FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_enctype_to_string KRB5_PROTOTYPE((krb5_enctype, char FAR *, size_t)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_salttype_to_string KRB5_PROTOTYPE((krb5_int32, char FAR *, size_t)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string KRB5_PROTOTYPE((krb5_cksumtype, char FAR *, size_t)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string KRB5_PROTOTYPE((krb5_timestamp, char FAR *, size_t)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring KRB5_PROTOTYPE((krb5_timestamp, char FAR *, size_t, char FAR *)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_deltat_to_string KRB5_PROTOTYPE((krb5_deltat, char FAR *, size_t)); /* The name of the Kerberos ticket granting service... and its size */ #define KRB5_TGS_NAME "krbtgt" #define KRB5_TGS_NAME_SIZE 6 /* flags for recvauth */ #define KRB5_RECVAUTH_SKIP_VERSION 0x0001 #define KRB5_RECVAUTH_BADAUTHVERS 0x0002 /* initial ticket api functions */ typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data *reply; } krb5_prompt; typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_prompter_posix KRB5_PROTOTYPE((krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[])); typedef struct _krb5_get_init_creds_opt { krb5_flags flags; krb5_deltat tkt_life; krb5_deltat renew_life; int forwardable; int proxiable; krb5_enctype *etype_list; int etype_list_length; krb5_address **address_list; krb5_preauthtype *preauth_list; int preauth_list_length; krb5_data *salt; } krb5_get_init_creds_opt; #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_init KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_tkt_life KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, krb5_deltat tkt_life)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_renew_life KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, krb5_deltat renew_life)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_forwardable KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, int forwardable)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_proxiable KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, int proxiable)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_etype_list KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_address_list KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, krb5_address **addresses)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_preauth_list KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length)); KRB5_DLLIMP void KRB5_CALLCONV krb5_get_init_creds_opt_set_salt KRB5_PROTOTYPE((krb5_get_init_creds_opt *opt, krb5_data *salt)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_init_creds_password KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, krb5_principal client, char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_init_creds_keytab KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options)); typedef struct _krb5_verify_init_creds_opt { krb5_flags flags; int ap_req_nofail; } krb5_verify_init_creds_opt; #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 KRB5_DLLIMP void KRB5_CALLCONV krb5_verify_init_creds_opt_init KRB5_PROTOTYPE((krb5_verify_init_creds_opt *options)); KRB5_DLLIMP void KRB5_CALLCONV krb5_verify_init_creds_opt_set_ap_req_nofail KRB5_PROTOTYPE((krb5_verify_init_creds_opt *options, int ap_req_nofail)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_verify_init_creds KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab, krb5_ccache *ccache, krb5_verify_init_creds_opt *options)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_validated_creds KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_get_renewed_creds KRB5_PROTOTYPE((krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_decode_ticket KRB5_PROTOTYPE((const krb5_data *code, krb5_ticket **rep)); KRB5_DLLIMP void KRB5_CALLCONV krb5_appdefault_string KRB5_PROTOTYPE((krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char ** ret_value)); KRB5_DLLIMP void KRB5_CALLCONV krb5_appdefault_boolean KRB5_PROTOTYPE((krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value)); /* * The realm iterator functions */ KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create KRB5_PROTOTYPE((krb5_context context, void **iter_p)); KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_realm_iterator KRB5_PROTOTYPE((krb5_context context, void **iter_p, char **ret_realm)); KRB5_DLLIMP void KRB5_CALLCONV krb5_realm_iterator_free KRB5_PROTOTYPE((krb5_context context, void **iter_p)); KRB5_DLLIMP void KRB5_CALLCONV krb5_free_realm_string KRB5_PROTOTYPE((krb5_context context, char *str)); /* * Prompter enhancements */ #define KRB5_PROMPT_TYPE_PASSWORD 0x1 #define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2 #define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3 #define KRB5_PROMPT_TYPE_PREAUTH 0x4 typedef krb5_int32 krb5_prompt_type; KRB5_DLLIMP krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types KRB5_PROTOTYPE((krb5_context context)); /* Macintosh CFM-68K magic incantation */ #if PRAGMA_STRUCT_ALIGN #pragma options align=reset #elif PRAGMA_STRUCT_PACKPUSH #pragma pack(pop) #elif PRAGMA_STRUCT_PACK #pragma pack() #endif #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* KRB5_GENERAL__ */ /* * :::MITKerberosLib:GSSKerberos5Sources_9:include:krb5_err.h: * This file is automatically generated; please do not edit it. */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #else #include #endif #define KRB5KDC_ERR_NONE (-1765328384L) #define KRB5KDC_ERR_NAME_EXP (-1765328383L) #define KRB5KDC_ERR_SERVICE_EXP (-1765328382L) #define KRB5KDC_ERR_BAD_PVNO (-1765328381L) #define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L) #define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L) #define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L) #define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L) #define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L) #define KRB5KDC_ERR_NULL_KEY (-1765328375L) #define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L) #define KRB5KDC_ERR_NEVER_VALID (-1765328373L) #define KRB5KDC_ERR_POLICY (-1765328372L) #define KRB5KDC_ERR_BADOPTION (-1765328371L) #define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L) #define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L) #define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L) #define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L) #define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L) #define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L) #define KRB5KDC_ERR_TGT_REVOKED (-1765328364L) #define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L) #define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L) #define KRB5KDC_ERR_KEY_EXP (-1765328361L) #define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L) #define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L) #define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L) #define KRB5PLACEHOLD_27 (-1765328357L) #define KRB5PLACEHOLD_28 (-1765328356L) #define KRB5PLACEHOLD_29 (-1765328355L) #define KRB5PLACEHOLD_30 (-1765328354L) #define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L) #define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L) #define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L) #define KRB5KRB_AP_ERR_REPEAT (-1765328350L) #define KRB5KRB_AP_ERR_NOT_US (-1765328349L) #define KRB5KRB_AP_ERR_BADMATCH (-1765328348L) #define KRB5KRB_AP_ERR_SKEW (-1765328347L) #define KRB5KRB_AP_ERR_BADADDR (-1765328346L) #define KRB5KRB_AP_ERR_BADVERSION (-1765328345L) #define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L) #define KRB5KRB_AP_ERR_MODIFIED (-1765328343L) #define KRB5KRB_AP_ERR_BADORDER (-1765328342L) #define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L) #define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L) #define KRB5KRB_AP_ERR_NOKEY (-1765328339L) #define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L) #define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L) #define KRB5KRB_AP_ERR_METHOD (-1765328336L) #define KRB5KRB_AP_ERR_BADSEQ (-1765328335L) #define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L) #define KRB5PLACEHOLD_51 (-1765328333L) #define KRB5PLACEHOLD_52 (-1765328332L) #define KRB5PLACEHOLD_53 (-1765328331L) #define KRB5PLACEHOLD_54 (-1765328330L) #define KRB5PLACEHOLD_55 (-1765328329L) #define KRB5PLACEHOLD_56 (-1765328328L) #define KRB5PLACEHOLD_57 (-1765328327L) #define KRB5PLACEHOLD_58 (-1765328326L) #define KRB5PLACEHOLD_59 (-1765328325L) #define KRB5KRB_ERR_GENERIC (-1765328324L) #define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L) #define KRB5PLACEHOLD_62 (-1765328322L) #define KRB5PLACEHOLD_63 (-1765328321L) #define KRB5PLACEHOLD_64 (-1765328320L) #define KRB5PLACEHOLD_65 (-1765328319L) #define KRB5PLACEHOLD_66 (-1765328318L) #define KRB5PLACEHOLD_67 (-1765328317L) #define KRB5PLACEHOLD_68 (-1765328316L) #define KRB5PLACEHOLD_69 (-1765328315L) #define KRB5PLACEHOLD_70 (-1765328314L) #define KRB5PLACEHOLD_71 (-1765328313L) #define KRB5PLACEHOLD_72 (-1765328312L) #define KRB5PLACEHOLD_73 (-1765328311L) #define KRB5PLACEHOLD_74 (-1765328310L) #define KRB5PLACEHOLD_75 (-1765328309L) #define KRB5PLACEHOLD_76 (-1765328308L) #define KRB5PLACEHOLD_77 (-1765328307L) #define KRB5PLACEHOLD_78 (-1765328306L) #define KRB5PLACEHOLD_79 (-1765328305L) #define KRB5PLACEHOLD_80 (-1765328304L) #define KRB5PLACEHOLD_81 (-1765328303L) #define KRB5PLACEHOLD_82 (-1765328302L) #define KRB5PLACEHOLD_83 (-1765328301L) #define KRB5PLACEHOLD_84 (-1765328300L) #define KRB5PLACEHOLD_85 (-1765328299L) #define KRB5PLACEHOLD_86 (-1765328298L) #define KRB5PLACEHOLD_87 (-1765328297L) #define KRB5PLACEHOLD_88 (-1765328296L) #define KRB5PLACEHOLD_89 (-1765328295L) #define KRB5PLACEHOLD_90 (-1765328294L) #define KRB5PLACEHOLD_91 (-1765328293L) #define KRB5PLACEHOLD_92 (-1765328292L) #define KRB5PLACEHOLD_93 (-1765328291L) #define KRB5PLACEHOLD_94 (-1765328290L) #define KRB5PLACEHOLD_95 (-1765328289L) #define KRB5PLACEHOLD_96 (-1765328288L) #define KRB5PLACEHOLD_97 (-1765328287L) #define KRB5PLACEHOLD_98 (-1765328286L) #define KRB5PLACEHOLD_99 (-1765328285L) #define KRB5PLACEHOLD_100 (-1765328284L) #define KRB5PLACEHOLD_101 (-1765328283L) #define KRB5PLACEHOLD_102 (-1765328282L) #define KRB5PLACEHOLD_103 (-1765328281L) #define KRB5PLACEHOLD_104 (-1765328280L) #define KRB5PLACEHOLD_105 (-1765328279L) #define KRB5PLACEHOLD_106 (-1765328278L) #define KRB5PLACEHOLD_107 (-1765328277L) #define KRB5PLACEHOLD_108 (-1765328276L) #define KRB5PLACEHOLD_109 (-1765328275L) #define KRB5PLACEHOLD_110 (-1765328274L) #define KRB5PLACEHOLD_111 (-1765328273L) #define KRB5PLACEHOLD_112 (-1765328272L) #define KRB5PLACEHOLD_113 (-1765328271L) #define KRB5PLACEHOLD_114 (-1765328270L) #define KRB5PLACEHOLD_115 (-1765328269L) #define KRB5PLACEHOLD_116 (-1765328268L) #define KRB5PLACEHOLD_117 (-1765328267L) #define KRB5PLACEHOLD_118 (-1765328266L) #define KRB5PLACEHOLD_119 (-1765328265L) #define KRB5PLACEHOLD_120 (-1765328264L) #define KRB5PLACEHOLD_121 (-1765328263L) #define KRB5PLACEHOLD_122 (-1765328262L) #define KRB5PLACEHOLD_123 (-1765328261L) #define KRB5PLACEHOLD_124 (-1765328260L) #define KRB5PLACEHOLD_125 (-1765328259L) #define KRB5PLACEHOLD_126 (-1765328258L) #define KRB5PLACEHOLD_127 (-1765328257L) #define KRB5_ERR_RCSID (-1765328256L) #define KRB5_LIBOS_BADLOCKFLAG (-1765328255L) #define KRB5_LIBOS_CANTREADPWD (-1765328254L) #define KRB5_LIBOS_BADPWDMATCH (-1765328253L) #define KRB5_LIBOS_PWDINTR (-1765328252L) #define KRB5_PARSE_ILLCHAR (-1765328251L) #define KRB5_PARSE_MALFORMED (-1765328250L) #define KRB5_CONFIG_CANTOPEN (-1765328249L) #define KRB5_CONFIG_BADFORMAT (-1765328248L) #define KRB5_CONFIG_NOTENUFSPACE (-1765328247L) #define KRB5_BADMSGTYPE (-1765328246L) #define KRB5_CC_BADNAME (-1765328245L) #define KRB5_CC_UNKNOWN_TYPE (-1765328244L) #define KRB5_CC_NOTFOUND (-1765328243L) #define KRB5_CC_END (-1765328242L) #define KRB5_NO_TKT_SUPPLIED (-1765328241L) #define KRB5KRB_AP_WRONG_PRINC (-1765328240L) #define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L) #define KRB5_PRINC_NOMATCH (-1765328238L) #define KRB5_KDCREP_MODIFIED (-1765328237L) #define KRB5_KDCREP_SKEW (-1765328236L) #define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L) #define KRB5_PROG_ETYPE_NOSUPP (-1765328234L) #define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L) #define KRB5_WRONG_ETYPE (-1765328232L) #define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L) #define KRB5_REALM_UNKNOWN (-1765328230L) #define KRB5_SERVICE_UNKNOWN (-1765328229L) #define KRB5_KDC_UNREACH (-1765328228L) #define KRB5_NO_LOCALNAME (-1765328227L) #define KRB5_MUTUAL_FAILED (-1765328226L) #define KRB5_RC_TYPE_EXISTS (-1765328225L) #define KRB5_RC_MALLOC (-1765328224L) #define KRB5_RC_TYPE_NOTFOUND (-1765328223L) #define KRB5_RC_UNKNOWN (-1765328222L) #define KRB5_RC_REPLAY (-1765328221L) #define KRB5_RC_IO (-1765328220L) #define KRB5_RC_NOIO (-1765328219L) #define KRB5_RC_PARSE (-1765328218L) #define KRB5_RC_IO_EOF (-1765328217L) #define KRB5_RC_IO_MALLOC (-1765328216L) #define KRB5_RC_IO_PERM (-1765328215L) #define KRB5_RC_IO_IO (-1765328214L) #define KRB5_RC_IO_UNKNOWN (-1765328213L) #define KRB5_RC_IO_SPACE (-1765328212L) #define KRB5_TRANS_CANTOPEN (-1765328211L) #define KRB5_TRANS_BADFORMAT (-1765328210L) #define KRB5_LNAME_CANTOPEN (-1765328209L) #define KRB5_LNAME_NOTRANS (-1765328208L) #define KRB5_LNAME_BADFORMAT (-1765328207L) #define KRB5_CRYPTO_INTERNAL (-1765328206L) #define KRB5_KT_BADNAME (-1765328205L) #define KRB5_KT_UNKNOWN_TYPE (-1765328204L) #define KRB5_KT_NOTFOUND (-1765328203L) #define KRB5_KT_END (-1765328202L) #define KRB5_KT_NOWRITE (-1765328201L) #define KRB5_KT_IOERR (-1765328200L) #define KRB5_NO_TKT_IN_RLM (-1765328199L) #define KRB5DES_BAD_KEYPAR (-1765328198L) #define KRB5DES_WEAK_KEY (-1765328197L) #define KRB5_BAD_ENCTYPE (-1765328196L) #define KRB5_BAD_KEYSIZE (-1765328195L) #define KRB5_BAD_MSIZE (-1765328194L) #define KRB5_CC_TYPE_EXISTS (-1765328193L) #define KRB5_KT_TYPE_EXISTS (-1765328192L) #define KRB5_CC_IO (-1765328191L) #define KRB5_FCC_PERM (-1765328190L) #define KRB5_FCC_NOFILE (-1765328189L) #define KRB5_FCC_INTERNAL (-1765328188L) #define KRB5_CC_WRITE (-1765328187L) #define KRB5_CC_NOMEM (-1765328186L) #define KRB5_CC_FORMAT (-1765328185L) #define KRB5_CC_NOT_KTYPE (-1765328184L) #define KRB5_INVALID_FLAGS (-1765328183L) #define KRB5_NO_2ND_TKT (-1765328182L) #define KRB5_NOCREDS_SUPPLIED (-1765328181L) #define KRB5_SENDAUTH_BADAUTHVERS (-1765328180L) #define KRB5_SENDAUTH_BADAPPLVERS (-1765328179L) #define KRB5_SENDAUTH_BADRESPONSE (-1765328178L) #define KRB5_SENDAUTH_REJECTED (-1765328177L) #define KRB5_PREAUTH_BAD_TYPE (-1765328176L) #define KRB5_PREAUTH_NO_KEY (-1765328175L) #define KRB5_PREAUTH_FAILED (-1765328174L) #define KRB5_RCACHE_BADVNO (-1765328173L) #define KRB5_CCACHE_BADVNO (-1765328172L) #define KRB5_KEYTAB_BADVNO (-1765328171L) #define KRB5_PROG_ATYPE_NOSUPP (-1765328170L) #define KRB5_RC_REQUIRED (-1765328169L) #define KRB5_ERR_BAD_HOSTNAME (-1765328168L) #define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328167L) #define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328166L) #define KRB5KRB_AP_ERR_V4_REPLY (-1765328165L) #define KRB5_REALM_CANT_RESOLVE (-1765328164L) #define KRB5_TKT_NOT_FORWARDABLE (-1765328163L) #define KRB5_FWD_BAD_PRINCIPAL (-1765328162L) #define KRB5_GET_IN_TKT_LOOP (-1765328161L) #define KRB5_CONFIG_NODEFREALM (-1765328160L) #define KRB5_SAM_UNSUPPORTED (-1765328159L) #define KRB5_KT_NAME_TOOLONG (-1765328158L) #define KRB5_KT_KVNONOTFOUND (-1765328157L) #define KRB5_APPL_EXPIRED (-1765328156L) #define KRB5_LIB_EXPIRED (-1765328155L) #define KRB5_CHPW_PWDNULL (-1765328154L) #define KRB5_CHPW_FAIL (-1765328153L) #define KRB5_KT_FORMAT (-1765328152L) #define KRB5_NOPERM_ETYPE (-1765328151L) #define KRB5_CONFIG_ETYPE_NOSUPP (-1765328150L) #define KRB5_OBSOLETE_FN (-1765328149L) #define ERROR_TABLE_BASE_krb5 (-1765328384L) extern struct error_table et_krb5_error_table; #if (defined(unix) || defined(_AIX)) && !(defined(__MACH__) && defined(__APPLE__)) /* for compatibility with older versions... */ extern void initialize_krb5_error_table (); #define init_krb5_err_tbl initialize_krb5_error_table #define krb5_err_base ERROR_TABLE_BASE_krb5 #else #define initialize_krb5_error_table() #endif /* * :::MITKerberosLib:GSSKerberos5Sources_9:include:kdb5_err.h: * This file is automatically generated; please do not edit it. */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #else #include #endif #define KRB5_KDB_RCSID (-1780008448L) #define KRB5_KDB_INUSE (-1780008447L) #define KRB5_KDB_UK_SERROR (-1780008446L) #define KRB5_KDB_UK_RERROR (-1780008445L) #define KRB5_KDB_UNAUTH (-1780008444L) #define KRB5_KDB_NOENTRY (-1780008443L) #define KRB5_KDB_ILL_WILDCARD (-1780008442L) #define KRB5_KDB_DB_INUSE (-1780008441L) #define KRB5_KDB_DB_CHANGED (-1780008440L) #define KRB5_KDB_TRUNCATED_RECORD (-1780008439L) #define KRB5_KDB_RECURSIVELOCK (-1780008438L) #define KRB5_KDB_NOTLOCKED (-1780008437L) #define KRB5_KDB_BADLOCKMODE (-1780008436L) #define KRB5_KDB_DBNOTINITED (-1780008435L) #define KRB5_KDB_DBINITED (-1780008434L) #define KRB5_KDB_ILLDIRECTION (-1780008433L) #define KRB5_KDB_NOMASTERKEY (-1780008432L) #define KRB5_KDB_BADMASTERKEY (-1780008431L) #define KRB5_KDB_INVALIDKEYSIZE (-1780008430L) #define KRB5_KDB_CANTREAD_STORED (-1780008429L) #define KRB5_KDB_BADSTORED_MKEY (-1780008428L) #define KRB5_KDB_CANTLOCK_DB (-1780008427L) #define KRB5_KDB_DB_CORRUPT (-1780008426L) #define KRB5_KDB_BAD_VERSION (-1780008425L) #define KRB5_KDB_BAD_SALTTYPE (-1780008424L) #define KRB5_KDB_BAD_ENCTYPE (-1780008423L) #define KRB5_KDB_BAD_CREATEFLAGS (-1780008422L) #define ERROR_TABLE_BASE_kdb5 (-1780008448L) extern struct error_table et_kdb5_error_table; #if (defined(unix) || defined(_AIX)) && !(defined(__MACH__) && defined(__APPLE__)) /* for compatibility with older versions... */ extern void initialize_kdb5_error_table (); #define init_kdb5_err_tbl initialize_kdb5_error_table #define kdb5_err_base ERROR_TABLE_BASE_kdb5 #else #define initialize_kdb5_error_table() #endif /* * :::MITKerberosLib:GSSKerberos5Sources_9:include:kv5m_err.h: * This file is automatically generated; please do not edit it. */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #else #include #endif #define KV5M_NONE (-1760647424L) #define KV5M_PRINCIPAL (-1760647423L) #define KV5M_DATA (-1760647422L) #define KV5M_KEYBLOCK (-1760647421L) #define KV5M_CHECKSUM (-1760647420L) #define KV5M_ENCRYPT_BLOCK (-1760647419L) #define KV5M_ENC_DATA (-1760647418L) #define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L) #define KV5M_CS_TABLE_ENTRY (-1760647416L) #define KV5M_CHECKSUM_ENTRY (-1760647415L) #define KV5M_AUTHDATA (-1760647414L) #define KV5M_TRANSITED (-1760647413L) #define KV5M_ENC_TKT_PART (-1760647412L) #define KV5M_TICKET (-1760647411L) #define KV5M_AUTHENTICATOR (-1760647410L) #define KV5M_TKT_AUTHENT (-1760647409L) #define KV5M_CREDS (-1760647408L) #define KV5M_LAST_REQ_ENTRY (-1760647407L) #define KV5M_PA_DATA (-1760647406L) #define KV5M_KDC_REQ (-1760647405L) #define KV5M_ENC_KDC_REP_PART (-1760647404L) #define KV5M_KDC_REP (-1760647403L) #define KV5M_ERROR (-1760647402L) #define KV5M_AP_REQ (-1760647401L) #define KV5M_AP_REP (-1760647400L) #define KV5M_AP_REP_ENC_PART (-1760647399L) #define KV5M_RESPONSE (-1760647398L) #define KV5M_SAFE (-1760647397L) #define KV5M_PRIV (-1760647396L) #define KV5M_PRIV_ENC_PART (-1760647395L) #define KV5M_CRED (-1760647394L) #define KV5M_CRED_INFO (-1760647393L) #define KV5M_CRED_ENC_PART (-1760647392L) #define KV5M_PWD_DATA (-1760647391L) #define KV5M_ADDRESS (-1760647390L) #define KV5M_KEYTAB_ENTRY (-1760647389L) #define KV5M_CONTEXT (-1760647388L) #define KV5M_OS_CONTEXT (-1760647387L) #define KV5M_ALT_METHOD (-1760647386L) #define KV5M_ETYPE_INFO_ENTRY (-1760647385L) #define KV5M_DB_CONTEXT (-1760647384L) #define KV5M_AUTH_CONTEXT (-1760647383L) #define KV5M_KEYTAB (-1760647382L) #define KV5M_RCACHE (-1760647381L) #define KV5M_CCACHE (-1760647380L) #define KV5M_PREAUTH_OPS (-1760647379L) #define KV5M_SAM_CHALLENGE (-1760647378L) #define KV5M_SAM_KEY (-1760647377L) #define KV5M_ENC_SAM_RESPONSE_ENC (-1760647376L) #define KV5M_SAM_RESPONSE (-1760647375L) #define KV5M_PREDICTED_SAM_RESPONSE (-1760647374L) #define KV5M_PASSWD_PHRASE_ELEMENT (-1760647373L) #define KV5M_GSS_OID (-1760647372L) #define KV5M_GSS_QUEUE (-1760647371L) #define ERROR_TABLE_BASE_kv5m (-1760647424L) extern struct error_table et_kv5m_error_table; #if (defined(unix) || defined(_AIX)) && !(defined(__MACH__) && defined(__APPLE__)) /* for compatibility with older versions... */ extern void initialize_kv5m_error_table (); #define init_kv5m_err_tbl initialize_kv5m_error_table #define kv5m_err_base ERROR_TABLE_BASE_kv5m #else #define initialize_kv5m_error_table() #endif /* * :::MITKerberosLib:GSSKerberos5Sources_9:include:asn1_err.h: * This file is automatically generated; please do not edit it. */ #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) #include #else #include #endif #define ASN1_BAD_TIMEFORMAT (1859794432L) #define ASN1_MISSING_FIELD (1859794433L) #define ASN1_MISPLACED_FIELD (1859794434L) #define ASN1_TYPE_MISMATCH (1859794435L) #define ASN1_OVERFLOW (1859794436L) #define ASN1_OVERRUN (1859794437L) #define ASN1_BAD_ID (1859794438L) #define ASN1_BAD_LENGTH (1859794439L) #define ASN1_BAD_FORMAT (1859794440L) #define ASN1_PARSE_ERROR (1859794441L) #define ASN1_BAD_GMTIME (1859794442L) #define ASN1_MISMATCH_INDEF (1859794443L) #define ASN1_MISSING_EOC (1859794444L) #define ERROR_TABLE_BASE_asn1 (1859794432L) extern struct error_table et_asn1_error_table; #if (defined(unix) || defined(_AIX)) && !(defined(__MACH__) && defined(__APPLE__)) /* for compatibility with older versions... */ extern void initialize_asn1_error_table (); #define init_asn1_err_tbl initialize_asn1_error_table #define asn1_err_base ERROR_TABLE_BASE_asn1 #else #define initialize_asn1_error_table() #endif cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos5/Kerberos5.h0000777000076400007640000000003407403027574023677 00000000000000#include cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/Kerberos5/win-mac.h0000777000076400007640000001764107403027574023405 00000000000000/* * type functions split out of here to make things look nicer in the * various include files which need these definitions, as well as in * the util/ directories. */ #ifndef _KRB5_WIN_MAC_H #define _KRB5_WIN_MAC_H #if (defined(_MSDOS) || defined(_WIN32)) /* * Machine-type definitions: PC Clone 386 running Microloss Windows */ #define ID_READ_PWD_DIALOG 10000 #define ID_READ_PWD_PROMPT 10001 #define ID_READ_PWD_PROMPT2 10002 #define ID_READ_PWD_PWD 10003 #ifdef RES_ONLY #define APSTUDIO_HIDDEN_SYMBOLS #include #else #if defined(_MSDOS) /* Windows 16 specific */ #define BITS16 #define SIZEOF_INT 2 #define SIZEOF_SHORT 2 #define SIZEOF_LONG 4 #ifndef KRB5_CALLCONV #define KRB5_CALLCONV __far __export __pascal #define KRB5_CALLCONV_C __far __export __cdecl #define KRB5_EXPORTVAR __far __export #define KRB5_DLLIMP #endif /* !KRB5_CALLCONV */ #include /* * The following defines are needed to make work * in stdc mode (/Za flag). Winsock.h needs . */ #ifndef FAR #define FAR __far #define NEAR __near #endif #ifndef _far #define _far __far #define _near __near #define _pascal __pascal #define _cdecl __cdecl #define _huge __huge #endif #else /* Windows 32 specific */ #define SIZEOF_INT 4 #define SIZEOF_SHORT 2 #define SIZEOF_LONG 4 #include /* always include this here, to get correct FAR and NEAR */ #define HAVE_LABS #ifndef KRB5_CALLCONV # ifdef _MSC_VER # ifdef KRB5_DLL_FILE # define KRB5_DLLIMP __declspec(dllexport) # else # define KRB5_DLLIMP __declspec(dllimport) # endif # ifdef GSS_DLL_FILE # define GSS_DLLIMP __declspec(dllexport) # else # define GSS_DLLIMP __declspec(dllimport) # endif # else /* !_MSC_VER */ # define KRB5_DLLIMP # define GSS_DLLIMP # endif # define KRB5_CALLCONV __stdcall # define KRB5_CALLCONV_C __cdecl # define KRB5_EXPORTVAR #endif /* !KRB5_CALLCONV */ #endif /* _MSDOS */ #ifndef KRB5_SYSTYPES__ #define KRB5_SYSTYPES__ #include typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ typedef unsigned int u_int; typedef unsigned short u_short; typedef unsigned char u_char; #endif /* KRB5_SYSTYPES__ */ #define MAXHOSTNAMELEN 512 #ifndef MAXPATHLEN #define MAXPATHLEN 256 /* Also for Windows temp files */ #endif #define HAVE_NETINET_IN_H #define MSDOS_FILESYSTEM #define HAVE_STRING_H #define HAVE_SRAND #define HAVE_ERRNO #define HAVE_STRDUP #define NO_USERID #define NO_PASSWORD #define WM_KERBEROS5_CHANGED "Kerberos5 Changed" #ifdef KRB4 #define WM_KERBEROS_CHANGED "Kerberos Changed" #endif /* Kerberos Windows initialization file */ #define KERBEROS_INI "kerberos.ini" #ifdef CYGNUS #define KERBEROS_HLP "kerbnet.hlp" #else #define KERBEROS_HLP "krb5clnt.hlp" #endif #define INI_DEFAULTS "Defaults" #define INI_USER "User" /* Default user */ #define INI_INSTANCE "Instance" /* Default instance */ #define INI_REALM "Realm" /* Default realm */ #define INI_POSITION "Position" #define INI_OPTIONS "Options" #define INI_DURATION "Duration" /* Ticket duration in minutes */ #define INI_EXPIRATION "Expiration" /* Action on expiration (alert or beep) */ #define INI_ALERT "Alert" #define INI_BEEP "Beep" #define INI_FILES "Files" #ifdef KRB4 #define INI_KRB_CONF "krb.conf" /* Location of krb.conf file */ #define DEF_KRB_CONF "krb.conf" /* Default name for krb.conf file */ #else #define INI_KRB5_CONF "krb5.ini" /* From k5-config.h */ #define INI_KRB_CONF INI_KRB5_CONF /* Location of krb.conf file */ #define DEF_KRB_CONF INI_KRB5_CONF /* Default name for krb.conf file */ #define INI_TICKETOPTS "TicketOptions" /* Ticket options */ #define INI_FORWARDABLE "Forwardable" /* get forwardable tickets */ #define INI_KRB_CCACHE "krb5cc" /* From k5-config.h */ #endif #define INI_KRB_REALMS "krb.realms" /* Location of krb.realms file */ #define DEF_KRB_REALMS "krb.realms" /* Default name for krb.realms file */ #define INI_RECENT_LOGINS "Recent Logins" #define INI_LOGIN "Login" #define HAS_ANSI_VOLATILE #define HAS_VOID_TYPE #define KRB5_PROVIDE_PROTOTYPES #define HAVE_STDARG_H #define HAVE_SYS_TYPES_H #define HAVE_STDLIB_H /* This controls which encryption routines libcrypto will provide */ #define PROVIDE_DES_CBC_MD5 #define PROVIDE_DES_CBC_CRC #define PROVIDE_DES_CBC_RAW #define PROVIDE_DES_CBC_CKSUM #define PROVIDE_CRC32 #define PROVIDE_RSA_MD4 #define PROVIDE_RSA_MD5 /* #define PROVIDE_DES3_CBC_SHA */ /* #define PROVIDE_DES3_CBC_RAW */ /* #define PROVIDE_NIST_SHA */ /* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o * routines directly. Rather, they only export the _ version. * The following defines works around this problem. */ #include #include #include #include #include #define THREEPARAMOPEN(x,y,z) open(x,y,z) #ifndef _WIN32 #define O_RDONLY _O_RDONLY #define O_WRONLY _O_WRONLY #define O_RDWR _O_RDWR #define O_APPEND _O_APPEND #define O_CREAT _O_CREAT #define O_TRUNC _O_TRUNC #define O_EXCL _O_EXCL #define O_TEXT _O_TEXT #define O_BINARY _O_BINARY #define O_NOINHERIT _O_NOINHERIT #define stat _stat #define unlink _unlink #define lseek _lseek #define write _write #define open _open #define close _close #define read _read #define fstat _fstat #define mktemp _mktemp #define dup _dup #define getpid _getpid #endif #ifdef NEED_SYSERROR /* Only needed by util/et/error_message.c but let's keep the source clean */ #define sys_nerr _sys_nerr #define sys_errlist _sys_errlist #endif /* * Functions with slightly different names on the PC */ #define strcasecmp stricmp #define strncasecmp strnicmp HINSTANCE get_lib_instance(void); #endif /* !RES_ONLY */ #endif /* _MSDOS || _WIN32 */ #ifdef macintosh #include #define USE_LOGIN_LIBRARY #define KRB5_CALLCONV #define KRB5_CALLCONV_C #define KRB5_DLLIMP #define GSS_DLLIMP #ifndef FAR #define FAR #endif #ifndef NEAR #define NEAR #endif #define SIZEOF_INT 4 #define SIZEOF_SHORT 2 #define HAVE_SRAND #define NO_PASSWORD #define HAVE_LABS /*#define ENOMEM 12*/ #include /* * Which encryption routines libcrypto will provide is controlled by * mac/libraries/KerberosHeaders.h. */ /* there is no for mpw */ #ifndef __MWERKS__ typedef unsigned long size_t; typedef unsigned long mode_t; typedef unsigned long ino_t; typedef unsigned long dev_t; typedef short nlink_t; typedef unsigned long uid_t; typedef unsigned long gid_t; typedef long off_t; struct stat { mode_t st_mode; /* File mode; see #define's below */ ino_t st_ino; /* File serial number */ dev_t st_dev; /* ID of device containing this file */ nlink_t st_nlink; /* Number of links */ uid_t st_uid; /* User ID of the file's owner */ gid_t st_gid; /* Group ID of the file's group */ dev_t st_rdev; /* Device type */ off_t st_size; /* File size in bytes */ unsigned long st_atime; /* Time of last access */ unsigned long st_mtime; /* Time of last data modification */ unsigned long st_ctime; /* Time of last file status change */ long st_blksize; /* Optimal blocksize */ long st_blocks; /* blocks allocated for file */ }; int stat(const char *path, struct stat *buf); #endif int fstat(int fildes, struct stat *buf); #define EFBIG 1000 #define NOFCHMOD 1 #define NOCHMOD 1 #define _MACSOCKAPI_ #define THREEPARAMOPEN(x,y,z) open(x,y) #else /* macintosh */ #define THREEPARAMOPEN(x,y,z) open(x,y,z) #endif /* macintosh */ #ifndef KRB5_CALLCONV #define KRB5_CALLCONV #define KRB5_CALLCONV_C #define KRB5_DLLIMP #endif #ifndef FAR #define FAR #endif #ifndef NEAR #define NEAR #endif #endif /* _KRB5_WIN_MAC_H */ cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/TicketKeeper/0000777000076400007640000000000011632367343022463 500000000000000cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/Headers/TicketKeeper/TicketKeeper.h0000777000076400007640000003400707403027606025136 00000000000000/* $Copyright: * * Copyright 1998-2000 by the Massachusetts Institute of Technology. * * All rights reserved. * * Export of this software from the United States of America may require a * specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute * this software and its documentation for any purpose and without fee is * hereby granted, provided that the above copyright notice appear in all * copies and that both that copyright notice and this permission notice * appear in supporting documentation, and that the name of M.I.T. not be * used in advertising or publicity pertaining to distribution of the * software without specific, written prior permission. Furthermore if you * modify this software you must label your software as modified software * and not distribute it in such a fashion that it might be confused with * the original MIT software. M.I.T. makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Individual source code files are copyright MIT, Cygnus Support, * OpenVision, Oracle, Sun Soft, FundsXpress, and others. * * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, * and Zephyr are trademarks of the Massachusetts Institute of Technology * (MIT). No commercial use of these trademarks may be made without prior * written permission of MIT. * * "Commercial use" means use of a name in a product or other for-profit * manner. It does NOT prevent a commercial firm from referring to the MIT * trademarks in order to convey information (although in doing so, * recognition of their trademark status should be given). * $ */ /* $Header: /afs/andrew/system/cvs/src/sasl/mac/CommonKClient/mac_kclient3/Headers/TicketKeeper/TicketKeeper.h,v 1.2 2001/12/04 02:05:58 rjs3 Exp $ */ #pragma once #include #include #include #include #ifdef __cplusplus extern "C" { #endif #if PRAGMA_IMPORT #pragma import on #endif /* * TKAE_SendQuitApplication * * Send quit event to ticket keeper. This will cause Ticket Keeper to remove its * notification if it's up */ OSStatus TKAE_SendQuitApplication (); /* * TKAE_SendOpenApplication * * Send open event to ticket keeper. Thiw will launch ticket keeper, and it will * display its self-dismissing notification if there's a problem */ OSStatus TKAE_SendOpenApplication (); /* * TKAE_SendOpenApplicationNoNotification * * Send open event to Ticket Keeper. This will launch Ticket Keeper, and it will not * display its notification if there's a problem. It will stay running. */ OSStatus TKAE_SendOpenApplicationNoNotification (); /* * TKAE_SendOpenApplicationNoNotificationFSSpec * * Send open event to the copy of Ticket Keeper specified in inTKFileSpec. * This will launch Ticket Keeper, and it will not * display its notification if there's a problem. It will stay running. */ OSStatus TKAE_SendOpenApplicationNoNotificationFSSpec (FSSpec *inTKFileSpec); /* * TKAE_SendGetStatus * * Get status from Ticket Keeper */ OSStatus TKAE_SendGetStatus ( OSErr* outStatus); /* * IsTicketKeeperRunning * * Return true if TK is running, and fills out outPSN if the pointer is non-null. * Return false if TK is not running, and outPSN is unchanged. * */ Boolean IsTicketKeeperRunning (ProcessSerialNumber *outPSN); /* FindTicketKeeperInExtensions() Searches the startup volume for copies of Ticket Keeper and checks to see if any of them are in the Extensions Folder. If it finds one, returns true and fills out *tkSpec. If it doesn't find one or an error occurs, returns false and *tkSpec is unchanged. If the hard drive catalog changes during the search, continues anyway. Uses functions from MoreFiles. */ Boolean FindTicketKeeperInExtensions(FSSpec *tkSpec); /* TKAE_FindTargetTicketKeeper() Searches the startup volume to find the Ticket Keeper that would receive AppleEvents if any of the TicketKeeperLib functions that send AEs were called. First checks to see if TK is running, and returns the FSSpec of that one if it is. Next looks in the Extensions Folder. Finally it searches the drive for a copy. If a Ticket Keeper is found, returns true and fills out *tkSpec. If it doesn't find one or an error occurs, returns false and *tkSpec is unchanged. If the hard drive catalog changes during the search, continues anyway. */ Boolean TKAE_FindTargetTicketKeeper(FSSpec *tkSpec); #if !TARGET_API_MAC_CARBON /* Menu State functions Ticket Keeper provides information needed for menus presented by the Kerberos Control Strip and Kerberos Menu. */ struct MenuStateHeader; typedef struct MenuStateHeader MenuStateHeader; typedef MenuStateHeader** MenuState; /* TKMS_GetMenuState Returns the current menu state. Dispose with TKMS_DisposeMenuState */ OSErr TKMS_GetMenuState (MenuState* outMenuState); /* TKMS_DisposeMenuState Disposes the menu state. */ void TKMS_DisposeMenuState (MenuState outMenuState); /* TKMS_GetDefaultCacheExpiration Pass in the menu state returned by TKMS_GetMenuState Returns the expiration time of the default cache, in Mac epoch */ OSErr TKMS_GetDefaultCacheExpiration (MenuState inState, UInt32* outExpiration); /* TKMS_GetDefaultCacheLastChangeTime Pass in the menu state returned by TKMS_GetMenuState Returns the last change time of the default cache, in Mac epoch */ OSErr TKMS_GetDefaultCacheLastChangeTime (MenuState inState, UInt32* outChangeTime); /* TKMS_GetDefaultCachePrincipal Pass in the menu state returned by TKMS_GetMenuState Returns the principal of the default cache, realm removed if necessary */ OSErr TKMS_GetDefaultCachePrincipal (MenuState inState, Str255 outPrincipal); /* TKMS_GetDefaultCacheDisplayPrincipal Pass in the menu state returned by TKMS_GetMenuState Returns the principal of the default cache, quoting removed */ OSErr TKMS_GetDefaultCacheDisplayPrincipal (MenuState inState, Str255 outPrincipal); /* TKMS_GetDefaultCacheShortDisplayPrincipal Pass in the menu state returned by TKMS_GetMenuState Returns the principal of the default cache, quoting and default realm removed */ OSErr TKMS_GetDefaultCacheShortDisplayPrincipal (MenuState inState, Str255 outPrincipal); /* TKMS_GetDefaultCacheHasValidTickets Pass in the menu state returned by TKMS_GetMenuState Returns whether the default cache has valid tickets */ OSErr TKMS_GetDefaultCacheHasValidTickets (MenuState inState, Boolean* outValidTickets); /* TKMS_GetNumberOfCaches Pass in the menu state returned by TKMS_GetMenuState Returns the total number of caches in the list */ OSErr TKMS_GetNumberOfCaches (MenuState inState, UInt32* outNumCaches); /* TKMS_SortCachesAlphabetically Pass in the menu state returned by TKMS_GetMenuState Sorts the caches in the list alphabetically by principal */ OSErr TKMS_SortCachesAlphabetically ( MenuState inState); /* TKMS_GetCacheListChangeTime Pass in the menu state returned by TKMS_GetMenuState Returns the last change time of the cache list in Mac epoch */ OSErr TKMS_GetCacheListLastChangeTime (MenuState inState, UInt32* outChangeTime); /* TKMS_GetIndexedCachePrincipal Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns the cache principal of the cache at the index */ OSErr TKMS_GetIndexedCachePrincipal (MenuState inState, UInt32 inIndex, Str255 outPrincipal); /* TKMS_GetIndexedCacheDisplayPrincipal Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns the cache principal of the cache at the index, quoting removed */ OSErr TKMS_GetIndexedCacheDisplayPrincipal (MenuState inState, UInt32 inIndex, Str255 outPrincipal); /* TKMS_GetIndexedCacheShortDisplayPrincipal Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns the cache principal of the cache at the index, quoting and default realm removed */ OSErr TKMS_GetIndexedCacheShortDisplayPrincipal (MenuState inState, UInt32 inIndex, Str255 outPrincipal); /* TKMS_GetIndexedCacheVersion Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns the cache version of the cache at the index (version constants same as ccahe and login lib */ OSErr TKMS_GetIndexedCacheVersion (MenuState inState, UInt32 inIndex, UInt32* outVersion); /* TKMS_GetIndexedCacheIsDefault Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns whether the cache at the index is default */ OSErr TKMS_GetIndexedCacheIsDefault (MenuState inState, UInt32 inIndex, Boolean* outIsDefault); /* TKMS_GetIndexedCacheIsValid Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns whether the cache at the index has valid tickets */ OSErr TKMS_GetIndexedCacheIsValid (MenuState inState, UInt32 inIndex, Boolean* outIsValid); /* TKMS_GetIndexedCacheStartTime Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns the start time of the cache at the index in Mac epoch */ OSErr TKMS_GetIndexedCacheStartTime (MenuState inState, UInt32 inIndex, UInt32* outStartTime); /* TKMS_GetIndexedCacheExpirationTime Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Returns the expiration time of the cache at the index in Mac epoch */ OSErr TKMS_GetIndexedCacheExpirationTime (MenuState inState, UInt32 inIndex, UInt32* outExpirationTime); /* TKMS_SetIndexedDefaultCache Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Sets the cache at the index to be default */ OSErr TKMS_SetIndexedDefaultCache (MenuState inState, UInt32 inIndex); /* TKMS_DestroyIndexedCache Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Destroys the cache */ OSErr TKMS_DestroyIndexedCache (MenuState inState, UInt32 inIndex); /* TKMS_RenewIndexedCache Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Renews the cache */ OSErr TKMS_RenewIndexedCache (MenuState inState, UInt32 inIndex); /* TKMS_ChangeIndexedCachePassword Pass in the menu state returned by TKMS_GetMenuState Pass in index (zero based, less than value returned from TKMS_GetCachePrincipalForIndex) Changes the password of the principal associated with the cache */ OSErr TKMS_ChangeIndexedCachePassword (MenuState inState, UInt32 inIndex); /* TKMS_GetFloaterStructureRegion Pass in the menu state returned by TKMS_GetMenuState Copies the structure region of the floater window into ioRegion. Used by tear-off MDEF. */ OSErr TKMS_GetFloaterStructureRegion ( MenuState inState, RgnHandle ioRegion); /* TKMS_DestroyDefaultCache Destroys the default cache */ OSErr TKMS_DestroyDefaultCache (void); /* TKMS_NewLogin Create a new cache, log in a new principal. */ OSErr TKMS_NewLogin (void); /* TKMS_RenewDefaultCache Renew tickets for the default cache */ OSErr TKMS_RenewDefaultCache (void); /* TKMS_ChangeDefaultCachePassword Changes the password of the principal associated with the default cache */ OSErr TKMS_ChangeDefaultCachePassword (void); /* TKMS_MoveFloaterStructureRegion Pass in the new bounding box for the structure region of the floater Moves the floater to the new location */ OSErr TKMS_MoveFloaterStructureRegion ( const Rect* inNewBounds); /* TKMS_OpenKerberosControlPanel Open the Kerberos Control Panel (if you can't calle KMLib because you're not able to send events) */ OSErr TKMS_OpenKerberosControlPanel (void); /* TKF_SetHasCloseBox Set whether the floater has a close box or not */ OSErr TKF_SetHasCloseBox ( Boolean inHasCloseBox); /* TKF_GetHasCloseBox return whether the floater has a close box or not */ OSErr TKF_GetHasCloseBox ( Boolean* outHasCloseBox); /* TKF_SetDrawPies Set whether the floater draws pies for time remaining or not */ OSErr TKF_SetDrawPies ( Boolean inDrawPies); /* TKF_GetDrawPies return whether the floater draws pies for time remaining or not */ OSErr TKF_GetDrawPies ( Boolean* outDrawPies); /* TKF_SetIsVisible Set whether the floater is visible or not */ OSErr TKF_SetIsVisible ( Boolean inIsVisible); /* TKF_GetIsVisible Return whether the floater is visible or not */ OSErr TKF_GetIsVisible ( Boolean* outIsVisible); /* TKF_SetIsZoomedOut Set whether the floater is zoomed out or not */ OSErr TKF_SetIsZoomedOut ( Boolean inIsZoomedOut); /* TKF_GetIsZoomedOut Return whether the floater is zoomed out or not */ OSErr TKF_GetIsZoomedOut ( Boolean* outIsZoomedOut); #endif /* !TARGET_API_MAC_CARBON */ #ifdef PRAGMA_IMPORT_OFF #pragma import off #elif PRAGMA_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif /* * Constants */ enum { keyDontQuit = FOUR_CHAR_CODE ('stay'), keyStatus = FOUR_CHAR_CODE ('Stat') }; enum { kTicketKeeperClass = FOUR_CHAR_CODE ('TixK') }; enum { kAEGetStatus = FOUR_CHAR_CODE ('Stat') }; enum { kTicketKeeperSignature = FOUR_CHAR_CODE ('TixK') }; cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/kcglue_des.h0000777000076400007640000000070107403027557020731 00000000000000 /* $Id: kcglue_des.h,v 1.2 2001/12/04 02:05:35 rjs3 Exp $ * kclient and des have different definitions for key schedules * this file is to include in the kclient code without dragging in the des definitions */ int kcglue_des_key_sched(void *akey,void *asched); void kcglue_des_ecb_encrypt(void *asrc,void *adest,void *asched,int direction); void kcglue_des_pcbc_encrypt(void *asrc,void *adest,long length,void *asched,void *akey,int direction); cyrus-sasl-2.1.25/mac/CommonKClient/mac_kclient3/kcglue_krb.h0000777000076400007640000000124507403027557020740 00000000000000/* $Id: kcglue_krb.h,v 1.2 2001/12/04 02:05:35 rjs3 Exp $ * mit kerberos and kclient include files are not compatable * the define things with the same name but different implementations * this is an interface that can be included with either kclient.h * or krb.h. It bridges between the two of them */ #define KCGLUE_ITEM_SIZE (40) /* name instance or realm size*/ #define KCGLUE_MAX_K_STR_LEN (KCGLUE_ITEM_SIZE*3+2) /* id.instance@realm */ #define KCGLUE_MAX_KTXT_LEN 1250 int kcglue_krb_mk_req( void *dat, int *len, const char *service, char *instance, char *realm, long checksum, void *des_key, char *pname, char *pinst ); cyrus-sasl-2.1.25/mac/README.filetypes0000666000076400007640000000030407403027553014270 00000000000000CodeWarrior will not recognize files with type other than 'TEXT' as valid source code or headers, and there appears to be no workaround. Please read the file doc/macosx.html for more information. cyrus-sasl-2.1.25/mac/libdes/0000777000076400007640000000000011632367343012735 500000000000000cyrus-sasl-2.1.25/mac/libdes/public/0000777000076400007640000000000011632367343014213 500000000000000cyrus-sasl-2.1.25/mac/libdes/public/des.h0000777000076400007640000003025307403027640015057 00000000000000/* crypto/des/des.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_DES_H #define HEADER_DES_H #ifdef __cplusplus extern "C" { #endif #include #if (defined(__MWERKS__)&&defined(__MC68K__)&&(!defined(DESLIB_CFM68K_NO_IMPORTS))) #pragma import on #define UNDO_CFM68K_IMPORT #endif #ifndef DES_LIB_FUNCTION #if defined(__BORLANDC__) #define DES_LIB_FUNCTION /* not-ready-definition-yet */ #elif defined(_MSC_VER) #define DES_LIB_FUNCTION /* not-ready-definition-yet2 */ #else #define DES_LIB_FUNCTION #endif #endif /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG #if defined(__alpha) #define DES_LONG unsigned int #else /* Not a 64 bit machine */ #define DES_LONG unsigned long #endif #endif typedef unsigned char des_cblock[8]; typedef struct des_ks_struct { union { des_cblock _; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG pad[2]; } ks; #undef _ #define _ ks._ } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 #define DES_CBC_MODE 0 #define DES_PCBC_MODE 1 #define des_ecb2_encrypt(i,o,k1,k2,e) \ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) #define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) #define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) #define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) #define C_Block des_cblock #define Key_schedule des_key_schedule #ifdef KERBEROS #define ENCRYPT DES_ENCRYPT #define DECRYPT DES_DECRYPT #endif #define KEY_SZ DES_KEY_SZ #define string_to_key des_string_to_key #define read_pw_string des_read_pw_string #define random_key des_random_key #define pcbc_encrypt des_pcbc_encrypt #define set_key des_set_key #define key_sched des_key_sched #define ecb_encrypt des_ecb_encrypt #define cbc_encrypt des_cbc_encrypt #define ncbc_encrypt des_ncbc_encrypt #define xcbc_encrypt des_xcbc_encrypt #define cbc_cksum des_cbc_cksum #define quad_cksum des_quad_cksum /* For compatibility with the MIT lib - eay 20/05/92 */ typedef des_key_schedule bit_64; #define des_fixup_key_parity des_set_odd_parity #define des_check_key_parity check_parity extern int des_check_key; /* defaults to false */ extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ #ifdef cplusplus extern "C" { #endif /* The next line is used to disable full ANSI prototypes, if your * compiler has problems with the prototypes, make sure this line always * evaluates to true :-) */ #if defined(MSDOS) || defined(__STDC__) #undef NOPROTO #endif #ifndef NOPROTO char *DES_LIB_FUNCTION des_options(void); void DES_LIB_FUNCTION des_ecb3_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc); DES_LONG DES_LIB_FUNCTION des_cbc_cksum(des_cblock *input,des_cblock *output, long length,des_key_schedule schedule,des_cblock *ivec); void DES_LIB_FUNCTION des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); void DES_LIB_FUNCTION des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); void DES_LIB_FUNCTION des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec, des_cblock *inw,des_cblock *outw,int enc); void DES_LIB_FUNCTION des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule sk1,des_key_schedule sk2, des_cblock *ivec1,des_cblock *ivec2,int enc); void DES_LIB_FUNCTION des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, long length,des_key_schedule schedule,des_cblock *ivec,int enc); void DES_LIB_FUNCTION des_ecb_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks,int enc); void DES_LIB_FUNCTION des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); void DES_LIB_FUNCTION des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); void DES_LIB_FUNCTION des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3); void DES_LIB_FUNCTION des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3); void DES_LIB_FUNCTION des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc); void DES_LIB_FUNCTION des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num, int encrypt); void DES_LIB_FUNCTION des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num); int DES_LIB_FUNCTION des_enc_read(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); int DES_LIB_FUNCTION des_enc_write(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); char *DES_LIB_FUNCTION des_fcrypt(const char *buf,const char *salt, char *ret); #ifdef PERL5 char *des_crypt(const char *buf,const char *salt); #else /* some stupid compilers complain because I have declared char instead * of const char */ #ifdef HEADER_DES_LOCL_H char *DES_LIB_FUNCTION crypt(const char *buf,const char *salt); #else char *crypt(); #endif #endif void DES_LIB_FUNCTION des_ofb_encrypt(unsigned char *in,unsigned char *out, int numbits,long length,des_key_schedule schedule,des_cblock *ivec); void DES_LIB_FUNCTION des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); DES_LONG DES_LIB_FUNCTION des_quad_cksum(des_cblock *input,des_cblock *output, long length,int out_count,des_cblock *seed); void DES_LIB_FUNCTION des_random_seed(des_cblock key); void DES_LIB_FUNCTION des_random_key(des_cblock ret); int DES_LIB_FUNCTION des_read_password(des_cblock *key,char *prompt,int verify); int DES_LIB_FUNCTION des_read_2passwords(des_cblock *key1,des_cblock *key2, char *prompt,int verify); int DES_LIB_FUNCTION des_read_pw_string(char *buf,int length,char *prompt,int verify); void DES_LIB_FUNCTION des_set_odd_parity(des_cblock *key); int DES_LIB_FUNCTION des_is_weak_key(des_cblock *key); int DES_LIB_FUNCTION des_set_key(des_cblock *key,des_key_schedule schedule); int DES_LIB_FUNCTION des_key_sched(des_cblock *key,des_key_schedule schedule); void DES_LIB_FUNCTION des_string_to_key(char *str,des_cblock *key); void DES_LIB_FUNCTION des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); void DES_LIB_FUNCTION des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule schedule, des_cblock *ivec, int *num, int enc); void DES_LIB_FUNCTION des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule schedule, des_cblock *ivec, int *num); /* Extra functions from Mark Murray */ void DES_LIB_FUNCTION des_cblock_print_file(des_cblock *cb, FILE *fp); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ int DES_LIB_FUNCTION des_new_random_key(des_cblock *key); void DES_LIB_FUNCTION des_init_random_number_generator(des_cblock *key); void DES_LIB_FUNCTION des_set_random_generator_seed(des_cblock *key); void DES_LIB_FUNCTION des_set_sequence_number(des_cblock new_sequence_number); void DES_LIB_FUNCTION des_generate_random_block(des_cblock *block); void DES_LIB_FUNCTION des_rand_data(unsigned char *data, int size); #else char *des_options(); void des_ecb3_encrypt(); DES_LONG des_cbc_cksum(); void des_cbc_encrypt(); void des_ncbc_encrypt(); void des_xcbc_encrypt(); void des_3cbc_encrypt(); void des_cfb_encrypt(); void des_ede3_cfb64_encrypt(); void des_ede3_ofb64_encrypt(); void des_ecb_encrypt(); void des_encrypt(); void des_encrypt2(); void des_encrypt3(); void des_decrypt3(); void des_ede3_cbc_encrypt(); int des_enc_read(); int des_enc_write(); char *des_fcrypt(); #ifdef PERL5 char *des_crypt(); #else char *crypt(); #endif void des_ofb_encrypt(); void des_pcbc_encrypt(); DES_LONG des_quad_cksum(); void des_random_seed(); void des_random_key(); int des_read_password(); int des_read_2passwords(); int des_read_pw_string(); void des_set_odd_parity(); int des_is_weak_key(); int des_set_key(); int des_key_sched(); void des_string_to_key(); void des_string_to_2keys(); void des_cfb64_encrypt(); void des_ofb64_encrypt(); /* Extra functions from Mark Murray */ void des_cblock_print_file(); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ int des_new_random_key(); void des_init_random_number_generator(); void des_set_random_generator_seed(); void des_set_sequence_number(); void des_generate_random_block(); void des_rand_data(); #endif #ifdef UNDO_CFM68K_IMPORT #pragma import reset #endif #ifdef __cplusplus } #endif #endif cyrus-sasl-2.1.25/mac/libdes/public/cfm68k_import_off.h0000777000076400007640000000041407403027640017622 00000000000000/* * set a macro for des.h from libdes to not turn all the des functions * for cfm68k into pragma imports */ #define DESLIB_CFM68K_NO_IMPORTS 1 /* * compiler doesnt allow an empty file even for precompiled... go figure */ typedef int cfm68_des_enable_braindead; cyrus-sasl-2.1.25/mac/libdes/public/destest.c0000777000076400007640000006332507403027640015760 00000000000000/* crypto/des/destest.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifdef HAVE_CONFIG_H #include #endif #if defined(WIN32) || defined(WIN16) || defined(WINDOWS) #ifndef MSDOS #define MSDOS #endif #endif #include #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_IO_H #include #endif #include "des.h" /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ #define NUM_TESTS 34 static unsigned char key_data[NUM_TESTS][8]={ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; static unsigned char plain_data[NUM_TESTS][8]={ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; static unsigned char cipher_data[NUM_TESTS][8]={ {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58}, {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B}, {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33}, {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D}, {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD}, {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4}, {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B}, {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71}, {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A}, {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A}, {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95}, {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B}, {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09}, {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A}, {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F}, {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88}, {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77}, {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A}, {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56}, {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56}, {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56}, {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC}, {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A}, {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41}, {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93}, {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00}, {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06}, {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7}, {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51}, {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE}, {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D}, {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}}; static unsigned char cipher_ecb2[NUM_TESTS-1][8]={ {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E}, {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16}, {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27}, {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6}, {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25}, {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A}, {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74}, {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6}, {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67}, {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10}, {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85}, {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA}, {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3}, {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3}, {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A}, {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69}, {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1}, {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7}, {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F}, {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87}, {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A}, {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE}, {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3}, {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD}, {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84}, {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85}, {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC}, {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89}, {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E}, {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89}, {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7}, {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8}, {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}}; static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; static char cbc_data[40]="7654321 Now is the time for "; static unsigned char cbc_ok[32]={ 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb, 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; static unsigned char xcbc_ok[32]={ 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48, 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD, 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76, 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2, }; static unsigned char cbc3_ok[32]={ 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC, 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4, 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75}; static unsigned char pcbc_ok[32]={ 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15, 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f, 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88}; static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; static unsigned char plain[24]= { 0x4e,0x6f,0x77,0x20,0x69,0x73, 0x20,0x74,0x68,0x65,0x20,0x74, 0x69,0x6d,0x65,0x20,0x66,0x6f, 0x72,0x20,0x61,0x6c,0x6c,0x20 }; static unsigned char cfb_cipher8[24]= { 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8, 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 }; static unsigned char cfb_cipher16[24]={ 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70, 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B }; static unsigned char cfb_cipher32[24]={ 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD, 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 }; static unsigned char cfb_cipher48[24]={ 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85, 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F }; static unsigned char cfb_cipher64[24]={ 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B, 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 }; static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8]; static unsigned char ofb_cipher[24]= { 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; DES_LONG cbc_cksum_ret=0xB462FEF7L; unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; #ifndef NOPROTO static char *pt(unsigned char *p); static int cfb_test(int bits, unsigned char *cfb_cipher); static int cfb64_test(unsigned char *cfb_cipher); static int ede_cfb64_test(unsigned char *cfb_cipher); #else static char *pt(); static int cfb_test(); static int cfb64_test(); static int ede_cfb64_test(); #endif int main(argc,argv) int argc; char *argv[]; { int i,j,err=0; des_cblock in,out,outin,iv3; des_key_schedule ks,ks2,ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; unsigned char cret[8]; DES_LONG lqret[4]; int num; char *str; printf("Doing ecb\n"); for (i=0; i>4)&0xf]; ret[i*2+1]=f[p[i]&0xf]; } ret[16]='\0'; return(ret); } #ifndef LIBDES_LIT static int cfb_test(bits, cfb_cipher) int bits; unsigned char *cfb_cipher; { des_key_schedule ks; int i,err=0; des_key_sched((C_Block *)cfb_key,ks); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks, (C_Block *)cfb_tmp,DES_ENCRYPT); if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt encrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks, (C_Block *)cfb_tmp,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt decrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } return(err); } static int cfb64_test(cfb_cipher) unsigned char *cfb_cipher; { des_key_schedule ks; int err=0,i,n; des_key_sched((C_Block *)cfb_key,ks); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), (long)sizeof(plain)-12,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt encrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), (long)sizeof(plain)-17,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { err=1; printf("cfb_encrypt decrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf2[i]))); } return(err); } static int ede_cfb64_test(cfb_cipher) unsigned char *cfb_cipher; { des_key_schedule ks; int err=0,i,n; des_key_sched((C_Block *)cfb_key,ks); memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), (long)sizeof(plain)-12,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_ENCRYPT); if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) { err=1; printf("ede_cfb_encrypt encrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); n=0; des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), (long)sizeof(plain)-17,ks,ks,ks, (C_Block *)cfb_tmp,&n,DES_DECRYPT); if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) { err=1; printf("ede_cfb_encrypt decrypt error\n"); for (i=0; i<24; i+=8) printf("%s\n",pt(&(cfb_buf2[i]))); } return(err); } #endif cyrus-sasl-2.1.25/mac/libdes/libdes_fat/0000777000076400007640000000000011632367343015031 500000000000000cyrus-sasl-2.1.25/mac/libdes/libdes_fat/libdes_fat0000777000076400007640000011143607403027624016775 00000000000000cool(Œ&NÐ>CodeWarrior Projectlibdes_fat:Source Treeslibdes_fat:Custom Keywordslibdes_fat:Access Pathslibdes_fat:Target Settingslibdes_fat:File Mappingslibdes_fat:Build Extraslibdes_fat:Debugger Runtimelibdes_fat:Debugger Targetlibdes_fat:68K CodeGenlibdes_fat:68K Disassemblerlibdes_fat:68K Global Optimizerlibdes_fat:68K Linkerlibdes_fat:68K Projectlibdes_fat:C/C++ Compilerlibdes_fat:C/C++ Warningslibdes_fat:CFM68Klibdes_fat:MacOS Merge Panellibdes_fat:PPC CodeGenlibdes_fat:PPC Disassemblerlibdes_fat:PPC Global Optimizerlibdes_fat:PPC Linkerlibdes_fat:PPC PEFlibdes_fat:PPC Projectlibdes_fat:PPCAsm Panellibdes_fat:Rez Compilerlibdes_fat:WinRC Compilerlibdes_fat:x86 CodeGenlibdes_fat:x86 Exceptions Panellibdes_fat:x86 Global Optimizerlibdes_fat:x86 Linkerlibdes_fat:x86 ProjectProject File Listlibdes_fat:Remote Debuglibdes_fat:Auto-targetlibdes_fat:FTP Panellibdes_fat:Java Command Linelibdes_fat:Java Languagelibdes_fat:Java MRJAppBuilderlibdes_fat:Java Outputlibdes_fat:Java Projectlibdes_fat:JavaDoc Projectlibdes_fat:Output Flagslibdes_fat:Packager Panellibdes_fat:x86 Disassembler3Kf—³Î å  ! 7 Nh‚”±Èä-D\tŽ¥Ååû $!<"S#h$…%ž&¼'Ó(ë)*+8, ! "#$%&'()* + libdes_fatFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68K:Merge OutMacOS MergeSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger TargetMacOS Merge PanelRez Compilerlibdes_ppc.shlblibdes_68K.shlb:libdes.shlblibdes_version.rsrcOutput Flags  />KX\ k v ‚ Ÿ¬¼Ê×èø '7DX    ÿÿÿÿ @:ÿÿÿÿ::libdes_ppc:ÿÿÿÿ@::libdes_68K:ÿÿÿÿ@:ÿÿÿÿ@ MacOS Mergenkerlibdes_fat:NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW Java a.out????APPL€XÀ????€  libdes.shlb????shlbDLGXckidProjWSPCmain__starta.out????APPL€€@XÀ????  e  ,@T,gug¨gžg­g‹grÕ0__startP'CODE' 'DATA' 'PICT' NONAME.EXE@qROOTFILEFILEFILEo¡KH‰0'~bÐ~kà~Zp·Uþßÿÿø>  ·™ÕöÿÿŽú    pØqjÀ$|ðpØmainqjÀ±ÿP$|ðqjÀMRJApplicationJavaClasses.jarZIP MWZP WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/q°`Ð$|ðX%ÿÿÿÿ!…qªu!l!l #„`#ƒx%ÿÿÿÿ!…!t!r!u!e #„`#ƒ %ÿÿÿÿ!¥!f!a!l!s!e#„`#ƒÈ"0java_lang_String!!!P ! ¸€ƒò~Ô„¬!#„#„"¢P"¡ #????APPLqqµ$|ð_UnknownErroq¯!#‰²#Šø! !<!#‰Ì "£È"£À#‰Ô"ÀЂ Àà pÀØ£  `£°£¨£˜££ˆ¿¨"¿ #Š¼!>java_lang_UnsatisfiedLinkError!!#ŠV#y ! !<!#Šx "£Ø"£Ð#Š€"ÀЂ Àà pÀØ£  `£°£¨£˜££ˆ¿¨"¿ #‹d!=java_lang_VirtualMachineErrr!!#‹#f¸! !<"#‹ "£è"£à#‹("ÀЂ Àà pÀØ£  `£°£¨£˜££ˆ¿¨"¿ #Œ($ÿÿÿÿ!…!v!o!i!d #„`#‹¨".java_lang_Void!# ¸”#‹Ò#~Ô!! †!…‹ä"£ø"£ð#‹ì"ÀЂÀà pÀØ h" `#³|$ÿÿÿÿ!%!)#„`#ŒP%ÿÿÿÿ %) != key length (#„`#Œp%ÿÿÿÿ¥Data length (#„`#Œ° ) *java_lang_Object!!java_lang_Throwable!!java_lang_Exception!!java_lang_RuntimeException!!java_lang_IndexOutOfBoundsException!!java_lang_ArrayIndexOutOfBoundsException!!$ÿÿÿÿ!…!E!r!s#„`#’%ÿÿÿÿ%Languages#„`#¸% ÿÿÿÿ%Countries#„`#è% ÿÿÿÿ!…!E!r!a!s #„`#Ž5[[Ljava/lang/String;$ÿÿÿÿ %CollationElements#„`#ŽV%ÿÿÿÿ DateTimeElements#„`#Ž˜%ÿÿÿÿ DateTimeElements#„`#ŽØ%ÿÿÿÿ DateTimePatterns#„`#%ÿÿÿÿ DateTimePatterns#„`#X%ÿÿÿÿ DateTimePatterns#„`#˜%ÿÿÿÿ DateTimePatterns#„`#Ø%ÿÿÿÿ DateTimePatterns#„`#%ÿÿÿÿ DateTimePatterns#„`#X%ÿÿÿÿ DateTimePatterns#„`#˜%ÿÿÿÿ DateTimePatterns#„`#Ø%ÿÿÿÿ DateTimePatterns#„`#‘%ÿÿÿÿ CurrencyElements#„`#‘X%ÿÿÿÿ (mstr (mstl (mstnØmstrèØ€mstlèX€mstnè HmtplH€mtps ( mtslÈmtpiM mtloØpref WÅàpref ³úppref $B!jpref Òv'~Ðpref ·UCNpref ”{QÎpref jêFü pref ‹jDUpref HŽ Di pref ¹` Ds pref – Dpref ŠÈ Dpref ÁÀ E“>pref –EÑpref XðMÚpref 2¥Eßbpref bŒFApref 'FU pref uéF_ pref :ÎJÊpref âKœpref g·Jæ¨pref W)Fk.pref ONø pref ¶½F™"pref h³F»pref ÞFÏpref ž'L´ pref ) VÞ’pref øµQjpref ShFó motiLÀ(mstièWpmtglèYŒ,mpsièLè(mstiK”mall[¸\maplQ€@PLst Û6 \prefË.!FépreföZ"_Žpref4-#d¨pref Â$i°prefC[%jÀÜprefÕ¾&zœ2pref?˜'z΀prefµ#(ƒNprefÒÀ)†bØprefî>*‡:prefãk+Qnpref8,cyrus-sasl-2.1.25/mac/libdes/src/0000777000076400007640000000000011632367343013524 500000000000000cyrus-sasl-2.1.25/mac/libdes/src/des.org0000777000076400007640000002556407403027644014745 00000000000000/* crypto/des/des.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef HEADER_DES_H #define HEADER_DES_H #ifdef __cplusplus extern "C" { #endif #include /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG #define DES_LONG unsigned long #endif typedef unsigned char des_cblock[8]; typedef struct des_ks_struct { union { des_cblock _; /* make sure things are correct size on machines with * 8 byte longs */ DES_LONG pad[2]; } ks; #undef _ #define _ ks._ } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 #define DES_CBC_MODE 0 #define DES_PCBC_MODE 1 #define des_ecb2_encrypt(i,o,k1,k2,e) \ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) #define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) #define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) #define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) #define C_Block des_cblock #define Key_schedule des_key_schedule #ifdef KERBEROS #define ENCRYPT DES_ENCRYPT #define DECRYPT DES_DECRYPT #endif #define KEY_SZ DES_KEY_SZ #define string_to_key des_string_to_key #define read_pw_string des_read_pw_string #define random_key des_random_key #define pcbc_encrypt des_pcbc_encrypt #define set_key des_set_key #define key_sched des_key_sched #define ecb_encrypt des_ecb_encrypt #define cbc_encrypt des_cbc_encrypt #define ncbc_encrypt des_ncbc_encrypt #define xcbc_encrypt des_xcbc_encrypt #define cbc_cksum des_cbc_cksum #define quad_cksum des_quad_cksum /* For compatibility with the MIT lib - eay 20/05/92 */ typedef des_key_schedule bit_64; #define des_fixup_key_parity des_set_odd_parity #define des_check_key_parity check_parity extern int des_check_key; /* defaults to false */ extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ /* The next line is used to disable full ANSI prototypes, if your * compiler has problems with the prototypes, make sure this line always * evaluates to true :-) */ #if defined(MSDOS) || defined(__STDC__) #undef NOPROTO #endif #ifndef NOPROTO char *des_options(void); void des_ecb3_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc); DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output, long length,des_key_schedule schedule,des_cblock *ivec); void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec, des_cblock *inw,des_cblock *outw,int enc); void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule sk1,des_key_schedule sk2, des_cblock *ivec1,des_cblock *ivec2,int enc); void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, long length,des_key_schedule schedule,des_cblock *ivec,int enc); void des_ecb_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks,int enc); void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3); void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3); void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc); void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num, int encrypt); void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num); int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); char *des_fcrypt(const char *buf,const char *salt, char *ret); #ifdef PERL5 char *des_crypt(const char *buf,const char *salt); #else /* some stupid compilers complain because I have declared char instead * of const char */ #ifdef HEADER_DES_LOCL_H char *crypt(const char *buf,const char *salt); #else char *crypt(); #endif #endif void des_ofb_encrypt(unsigned char *in,unsigned char *out, int numbits,long length,des_key_schedule schedule,des_cblock *ivec); void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output, long length,int out_count,des_cblock *seed); void des_random_seed(des_cblock key); void des_random_key(des_cblock ret); int des_read_password(des_cblock *key,char *prompt,int verify); int des_read_2passwords(des_cblock *key1,des_cblock *key2, char *prompt,int verify); int des_read_pw_string(char *buf,int length,char *prompt,int verify); void des_set_odd_parity(des_cblock *key); int des_is_weak_key(des_cblock *key); int des_set_key(des_cblock *key,des_key_schedule schedule); int des_key_sched(des_cblock *key,des_key_schedule schedule); void des_string_to_key(char *str,des_cblock *key); void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule schedule, des_cblock *ivec, int *num, int enc); void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, des_key_schedule schedule, des_cblock *ivec, int *num); /* Extra functions from Mark Murray */ void des_cblock_print_file(des_cblock *cb, FILE *fp); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ int des_new_random_key(des_cblock *key); void des_init_random_number_generator(des_cblock *key); void des_set_random_generator_seed(des_cblock *key); void des_set_sequence_number(des_cblock new_sequence_number); void des_generate_random_block(des_cblock *block); #else char *des_options(); void des_ecb3_encrypt(); DES_LONG des_cbc_cksum(); void des_cbc_encrypt(); void des_ncbc_encrypt(); void des_xcbc_encrypt(); void des_3cbc_encrypt(); void des_cfb_encrypt(); void des_ede3_cfb64_encrypt(); void des_ede3_ofb64_encrypt(); void des_ecb_encrypt(); void des_encrypt(); void des_encrypt2(); void des_encrypt3(); void des_decrypt3(); void des_ede3_cbc_encrypt(); int des_enc_read(); int des_enc_write(); char *des_fcrypt(); #ifdef PERL5 char *des_crypt(); #else char *crypt(); #endif void des_ofb_encrypt(); void des_pcbc_encrypt(); DES_LONG des_quad_cksum(); void des_random_seed(); void des_random_key(); int des_read_password(); int des_read_2passwords(); int des_read_pw_string(); void des_set_odd_parity(); int des_is_weak_key(); int des_set_key(); int des_key_sched(); void des_string_to_key(); void des_string_to_2keys(); void des_cfb64_encrypt(); void des_ofb64_encrypt(); /* Extra functions from Mark Murray */ void des_cblock_print_file(); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ #ifdef FreeBSD int des_new_random_key(); void des_init_random_number_generator(); void des_set_random_generator_seed(); void des_set_sequence_number(); void des_generate_random_block(); #endif #endif #ifdef __cplusplus } #endif #endif cyrus-sasl-2.1.25/mac/libdes/src/des.doc0000777000076400007640000004572307403027643014721 00000000000000The DES library. Please note that this library was originally written to operate with eBones, a version of Kerberos that had had encryption removed when it left the USA and then put back in. As such there are some routines that I will advise not using but they are still in the library for historical reasons. For all calls that have an 'input' and 'output' variables, they can be the same. This library requires the inclusion of 'des.h'. All of the encryption functions take what is called a des_key_schedule as an argument. A des_key_schedule is an expanded form of the des key. A des_key is 8 bytes of odd parity, the type used to hold the key is a des_cblock. A des_cblock is an array of 8 bytes, often in this library description I will refer to input bytes when the function specifies des_cblock's as input or output, this just means that the variable should be a multiple of 8 bytes. The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to specify decryption. The functions and global variable are as follows: int des_check_key; DES keys are supposed to be odd parity. If this variable is set to a non-zero value, des_set_key() will check that the key has odd parity and is not one of the known weak DES keys. By default this variable is turned off; void des_set_odd_parity( des_cblock *key ); This function takes a DES key (8 bytes) and sets the parity to odd. int des_is_weak_key( des_cblock *key ); This function returns a non-zero value if the DES key passed is a weak, DES key. If it is a weak key, don't use it, try a different one. If you are using 'random' keys, the chances of hitting a weak key are 1/2^52 so it is probably not worth checking for them. int des_set_key( des_cblock *key, des_key_schedule schedule); Des_set_key converts an 8 byte DES key into a des_key_schedule. A des_key_schedule is an expanded form of the key which is used to perform actual encryption. It can be regenerated from the DES key so it only needs to be kept when encryption or decryption is about to occur. Don't save or pass around des_key_schedule's since they are CPU architecture dependent, DES keys are not. If des_check_key is non zero, zero is returned if the key has the wrong parity or the key is a weak key, else 1 is returned. int des_key_sched( des_cblock *key, des_key_schedule schedule); An alternative name for des_set_key(). int des_rw_mode; /* defaults to DES_PCBC_MODE */ This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). This specifies the function to use in the enc_read() and enc_write() functions. void des_encrypt( unsigned long *data, des_key_schedule ks, int enc); This is the DES encryption function that gets called by just about every other DES routine in the library. You should not use this function except to implement 'modes' of DES. I say this because the functions that call this routine do the conversion from 'char *' to long, and this needs to be done to make sure 'non-aligned' memory access do not occur. The characters are loaded 'little endian', have a look at my source code for more details on how I use this function. Data is a pointer to 2 unsigned long's and ks is the des_key_schedule to use. enc, is non zero specifies encryption, zero if decryption. void des_encrypt2( unsigned long *data, des_key_schedule ks, int enc); This functions is the same as des_encrypt() except that the DES initial permutation (IP) and final permutation (FP) have been left out. As for des_encrypt(), you should not use this function. It is used by the routines in my library that implement triple DES. IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same as des_encrypt() des_encrypt() des_encrypt() except faster :-). void des_ecb_encrypt( des_cblock *input, des_cblock *output, des_key_schedule ks, int enc); This is the basic Electronic Code Book form of DES, the most basic form. Input is encrypted into output using the key represented by ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise decryption occurs. Input is 8 bytes long and output is 8 bytes. (the des_cblock structure is 8 chars). void des_ecb3_encrypt( des_cblock *input, des_cblock *output, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, int enc); This is the 3 key EDE mode of ECB DES. What this means is that the 8 bytes of input is encrypted with ks1, decrypted with ks2 and then encrypted again with ks3, before being put into output; C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() that only takes 2 des_key_schedules that implements, C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. void des_cbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule ks, des_cblock *ivec, int enc); This routine implements DES in Cipher Block Chaining mode. Input, which should be a multiple of 8 bytes is encrypted (or decrypted) to output which will also be a multiple of 8 bytes. The number of bytes is in length (and from what I've said above, should be a multiple of 8). If length is not a multiple of 8, I'm not being held responsible :-). ivec is the initialisation vector. This function does not modify this variable. To correctly implement cbc mode, you need to do one of 2 things; copy the last 8 bytes of cipher text for use as the next ivec in your application, or use des_ncbc_encrypt(). Only this routine has this problem with updating the ivec, all other routines that are implementing cbc mode update ivec. void des_ncbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule sk, des_cblock *ivec, int enc); For historical reasons, des_cbc_encrypt() did not update the ivec with the value requires so that subsequent calls to des_cbc_encrypt() would 'chain'. This was needed so that the same 'length' values would not need to be used when decrypting. des_ncbc_encrypt() does the right thing. It is the same as des_cbc_encrypt accept that ivec is updates with the correct value to pass in subsequent calls to des_ncbc_encrypt(). I advise using des_ncbc_encrypt() instead of des_cbc_encrypt(); void des_xcbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule sk, des_cblock *ivec, des_cblock *inw, des_cblock *outw, int enc); This is RSA's DESX mode of DES. It uses inw and outw to 'whiten' the encryption. inw and outw are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than cbc des. void des_3cbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule sk1, des_key_schedule sk2, des_cblock *ivec1, des_cblock *ivec2, int enc); This function is flawed, do not use it. I have left it in the library because it is used in my des(1) program and will function correctly when used by des(1). If I removed the function, people could end up unable to decrypt files. This routine implements outer triple cbc encryption using 2 ks and 2 ivec's. Use des_ede2_cbc_encrypt() instead. void des_ede3_cbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc); This function implements inner triple CBC DES encryption with 3 keys. What this means is that each 'DES' operation inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). Again, this is cbc mode so an ivec is requires. This mode is used by SSL. There is also a des_ede2_cbc_encrypt() that only uses 2 des_key_schedule's, the first being reused for the final encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES is used by the RSAref library. void des_pcbc_encrypt( des_cblock *input, des_cblock *output, long length, des_key_schedule ks, des_cblock *ivec, int enc); This is Propagating Cipher Block Chaining mode of DES. It is used by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). void des_cfb_encrypt( unsigned char *in, unsigned char *out, int numbits, long length, des_key_schedule ks, des_cblock *ivec, int enc); Cipher Feedback Back mode of DES. This implementation 'feeds back' in numbit blocks. The input (and output) is in multiples of numbits bits. numbits should to be a multiple of 8 bits. Length is the number of bytes input. If numbits is not a multiple of 8 bits, the extra bits in the bytes will be considered padding. So if numbits is 12, for each 2 input bytes, the 4 high bits of the second byte will be ignored. So to encode 72 bits when using a numbits of 12 take 12 bytes. To encode 72 bits when using numbits of 9 will take 16 bytes. To encode 80 bits when using numbits of 16 will take 10 bytes. etc, etc. This padding will apply to both input and output. void des_cfb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks, des_cblock *ivec, int *num, int enc); This is one of the more useful functions in this DES library, it implements CFB mode of DES with 64bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, no 8 byte padding. Each call to this routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about cfb mode of DES :-). void des_ede3_cfb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num, int enc); Same as des_cfb64_encrypt() accept that the DES operation is triple DES. As usual, there is a macro for des_ede2_cfb64_encrypt() which reuses ks1. void des_ofb_encrypt( unsigned char *in, unsigned char *out, int numbits, long length, des_key_schedule ks, des_cblock *ivec); This is a implementation of Output Feed Back mode of DES. It is the same as des_cfb_encrypt() in that numbits is the size of the units dealt with during input and output (in bits). void des_ofb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks, des_cblock *ivec, int *num); The same as des_cfb64_encrypt() except that it is Output Feed Back mode. void des_ede3_ofb64_encrypt( unsigned char *in, unsigned char *out, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int *num); Same as des_ofb64_encrypt() accept that the DES operation is triple DES. As usual, there is a macro for des_ede2_ofb64_encrypt() which reuses ks1. int des_read_pw_string( char *buf, int length, char *prompt, int verify); This routine is used to get a password from the terminal with echo turned off. Buf is where the string will end up and length is the size of buf. Prompt is a string presented to the 'user' and if verify is set, the key is asked for twice and unless the 2 copies match, an error is returned. A return code of -1 indicates a system error, 1 failure due to use interaction, and 0 is success. unsigned long des_cbc_cksum( des_cblock *input, des_cblock *output, long length, des_key_schedule ks, des_cblock *ivec); This function produces an 8 byte checksum from input that it puts in output and returns the last 4 bytes as a long. The checksum is generated via cbc mode of DES in which only the last 8 byes are kept. I would recommend not using this function but instead using the EVP_Digest routines, or at least using MD5 or SHA. This function is used by Kerberos v4 so that is why it stays in the library. char *des_fcrypt( const char *buf, const char *salt char *ret); This is my fast version of the unix crypt(3) function. This version takes only a small amount of space relative to other fast crypt() implementations. This is different to the normal crypt in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt. char *crypt( const char *buf, const char *salt); This function calls des_fcrypt() with a static array passed as the third parameter. This emulates the normal non-thread safe semantics of crypt(3). void des_string_to_key( char *str, des_cblock *key); This function takes str and converts it into a DES key. I would recommend using MD5 instead and use the first 8 bytes of output. When I wrote the first version of these routines back in 1990, MD5 did not exist but I feel these routines are still sound. This routines is compatible with the one in MIT's libdes. void des_string_to_2keys( char *str, des_cblock *key1, des_cblock *key2); This function takes str and converts it into 2 DES keys. I would recommend using MD5 and using the 16 bytes as the 2 keys. I have nothing against these 2 'string_to_key' routines, it's just that if you say that your encryption key is generated by using the 16 bytes of an MD5 hash, every-one knows how you generated your keys. int des_read_password( des_cblock *key, char *prompt, int verify); This routine combines des_read_pw_string() with des_string_to_key(). int des_read_2passwords( des_cblock *key1, des_cblock *key2, char *prompt, int verify); This routine combines des_read_pw_string() with des_string_to_2key(). void des_random_seed( des_cblock key); This routine sets a starting point for des_random_key(). void des_random_key( des_cblock ret); This function return a random key. Make sure to 'seed' the random number generator (with des_random_seed()) before using this function. I personally now use a MD5 based random number system. int des_enc_read( int fd, char *buf, int len, des_key_schedule ks, des_cblock *iv); This function will write to a file descriptor the encrypted data from buf. This data will be preceded by a 4 byte 'byte count' and will be padded out to 8 bytes. The encryption is either CBC of PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use DES_PCBC_MODE. int des_enc_write( int fd, char *buf, int len, des_key_schedule ks, des_cblock *iv); This routines read stuff written by des_enc_read() and decrypts it. I have used these routines quite a lot but I don't believe they are suitable for non-blocking io. If you are after a full authentication/encryption over networks, have a look at SSL instead. unsigned long des_quad_cksum( des_cblock *input, des_cblock *output, long length, int out_count, des_cblock *seed); This is a function from Kerberos v4 that is not anything to do with DES but was needed. It is a cksum that is quicker to generate than des_cbc_cksum(); I personally would use MD5 routines now. ===== Modes of DES Quite a bit of the following information has been taken from AS 2805.5.2 Australian Standard Electronic funds transfer - Requirements for interfaces, Part 5.2: Modes of operation for an n-bit block cipher algorithm Appendix A There are several different modes in which DES can be used, they are as follows. Electronic Codebook Mode (ECB) (des_ecb_encrypt()) - 64 bits are enciphered at a time. - The order of the blocks can be rearranged without detection. - The same plaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a 'dictionary attack'. - An error will only affect one ciphertext block. Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) - a multiple of 64 bits are enciphered at a time. - The CBC mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. - The chaining operation makes the ciphertext blocks dependent on the current and all preceding plaintext blocks and therefore blocks can not be rearranged. - The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. - An error will affect the current and the following ciphertext blocks. Cipher Feedback Mode (CFB) (des_cfb_encrypt()) - a number of bits (j) <= 64 are enciphered at a time. - The CFB mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. - The chaining operation makes the ciphertext variables dependent on the current and all preceding variables and therefore j-bit variables are chained together and can not be rearranged. - The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. - The strength of the CFB mode depends on the size of k (maximal if j == k). In my implementation this is always the case. - Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. - Only multiples of j bits can be enciphered. - An error will affect the current and the following ciphertext variables. Output Feedback Mode (OFB) (des_ofb_encrypt()) - a number of bits (j) <= 64 are enciphered at a time. - The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key. - The absence of chaining makes the OFB more vulnerable to specific attacks. - The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams. - Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. - Only multiples of j bits can be enciphered. - OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext. - OFB mode is not self-synchronising. If the two operation of encipherment and decipherment get out of synchronism, the system needs to be re-initialised. - Each re-initialisation should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a ' known plaintext' attack. Triple ECB Mode (des_ecb3_encrypt()) - Encrypt with key1, decrypt with key2 and encrypt with key3 again. - As for ECB encryption but increases the key length to 168 bits. There are theoretic attacks that can be used that make the effective key length 112 bits, but this attack also requires 2^56 blocks of memory, not very likely, even for the NSA. - If both keys are the same it is equivalent to encrypting once with just one key. - If the first and last key are the same, the key length is 112 bits. There are attacks that could reduce the key space to 55 bit's but it requires 2^56 blocks of memory. - If all 3 keys are the same, this is effectively the same as normal ecb mode. Triple CBC Mode (des_ede3_cbc_encrypt()) - Encrypt with key1, decrypt with key2 and then encrypt with key3. - As for CBC encryption but increases the key length to 168 bits with the same restrictions as for triple ecb mode. cyrus-sasl-2.1.25/mac/libdes/src/enc_writ.c0000777000076400007640000001200207403027645015417 00000000000000/* crypto/des/enc_writ.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include "des_locl.h" int des_enc_write(fd, buf, len, sched, iv) int fd; char *buf; int len; des_key_schedule sched; des_cblock (*iv); { #ifdef _LIBC extern int srandom(); extern unsigned long time(); extern int random(); extern int write(); #endif long rnum; int i,j,k,outnum; char *outbuf=NULL; char shortbuf[8]; char *p; static int start=1; if (outbuf == NULL) { outbuf=(char *)malloc(BSIZE+HDRSIZE); if (outbuf == NULL) return(-1); } /* If we are sending less than 8 bytes, the same char will look * the same if we don't pad it out with random bytes */ if (start) { start=0; srandom((unsigned int)time(NULL)); } /* lets recurse if we want to send the data in small chunks */ if (len > MAXWRITE) { j=0; for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv); if (k < 0) return(k); else j+=k; } return(j); } /* write length first */ p=outbuf; l2n(len,p); /* pad short strings */ if (len < 8) { p=shortbuf; memcpy(shortbuf,buf,(unsigned int)len); for (i=len; i<8; i++) shortbuf[i]=random(); rnum=8; } else { p=buf; rnum=((len+7)/8*8); /* round up to nearest eight */ } if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)p, (des_cblock *)&(outbuf[HDRSIZE]), (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); else des_cbc_encrypt((des_cblock *)p, (des_cblock *)&(outbuf[HDRSIZE]), (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); /* output */ outnum=(int)rnum+HDRSIZE; for (j=0; j= sizeof(des_cblock)) memcpy(niv1,output[off],sizeof(des_cblock)); des_cbc_encrypt(output,output,l8,ks2,iv1,!encrypt); des_cbc_encrypt(output,output,l8,ks1,iv2, encrypt); if (length >= sizeof(des_cblock)) memcpy(niv2,output[off],sizeof(des_cblock)); } else { if (length >= sizeof(des_cblock)) memcpy(niv2,input[off],sizeof(des_cblock)); des_cbc_encrypt(input,output,l8,ks1,iv2,encrypt); des_cbc_encrypt(output,output,l8,ks2,iv1,!encrypt); if (length >= sizeof(des_cblock)) memcpy(niv1,output[off],sizeof(des_cblock)); des_cbc_encrypt(output,output,length,ks1,iv1, encrypt); } memcpy(*iv1,niv1,sizeof(des_cblock)); memcpy(*iv2,niv2,sizeof(des_cblock)); } cyrus-sasl-2.1.25/mac/libdes/src/ofb_enc.c0000777000076400007640000001053307403027646015210 00000000000000/* crypto/des/ofb_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output are loaded in multiples of 8 bits. * What this means is that if you hame numbits=12 and length=2 * the first 12 bits will be retrieved from the first byte and half * the second. The second 12 bits will come from the 3rd and half the 4th * byte. */ void des_ofb_encrypt(in, out, numbits, length, schedule, ivec) unsigned char *in; unsigned char *out; int numbits; long length; des_key_schedule schedule; des_cblock (*ivec); { register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; register DES_LONG mask0,mask1; register long l=length; register int num=numbits; DES_LONG ti[2]; unsigned char *iv; if (num > 64) return; if (num > 32) { mask0=0xffffffffL; if (num >= 64) mask1=mask0; else mask1=(1L<<(num-32))-1; } else { if (num == 32) mask0=0xffffffffL; else mask0=(1L< 0) { des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; d0=(d0^ti[0])&mask0; d1=(d1^ti[1])&mask1; l2cn(d0,d1,out,n); out+=n; } v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); v0=v1=d0=d1=ti[0]=ti[1]=0; } cyrus-sasl-2.1.25/mac/libdes/src/rpc_des.h0000777000076400007640000001274707403027647015253 00000000000000/* crypto/des/rpc_des.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ /* * Sun RPC is a product of Sun Microsystems, Inc. and is provided for * unrestricted use provided that this legend is included on all tape * media and as a part of the software program in whole or part. Users * may copy or modify Sun RPC without charge, but are not authorized * to license or distribute it to anyone else except as part of a product or * program developed by the user. * * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. * * Sun RPC is provided with no support and without any obligation on the * part of Sun Microsystems, Inc. to assist in its use, correction, * modification or enhancement. * * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC * OR ANY PART THEREOF. * * In no event will Sun Microsystems, Inc. be liable for any lost revenue * or profits or other special, indirect and consequential damages, even if * Sun has been advised of the possibility of such damages. * * Sun Microsystems, Inc. * 2550 Garcia Avenue * Mountain View, California 94043 */ /* * Generic DES driver interface * Keep this file hardware independent! * Copyright (c) 1986 by Sun Microsystems, Inc. */ #define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */ #define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */ #ifdef HEADER_DES_H #undef ENCRYPT #undef DECRYPT #endif enum desdir { ENCRYPT, DECRYPT }; enum desmode { CBC, ECB }; /* * parameters to ioctl call */ struct desparams { unsigned char des_key[8]; /* key (with low bit parity) */ enum desdir des_dir; /* direction */ enum desmode des_mode; /* mode */ unsigned char des_ivec[8]; /* input vector */ unsigned des_len; /* number of bytes to crypt */ union { unsigned char UDES_data[DES_QUICKLEN]; unsigned char *UDES_buf; } UDES; # define des_data UDES.UDES_data /* direct data here if quick */ # define des_buf UDES.UDES_buf /* otherwise, pointer to data */ }; /* * Encrypt an arbitrary sized buffer */ #define DESIOCBLOCK _IOWR(d, 6, struct desparams) /* * Encrypt of small amount of data, quickly */ #define DESIOCQUICK _IOWR(d, 7, struct desparams) cyrus-sasl-2.1.25/mac/libdes/src/fcrypt.c0000777000076400007640000003040307403027645015121 00000000000000/* crypto/des/fcrypt.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include /* Eric Young. * This version of crypt has been developed from my MIT compatable * DES library. * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au * eay@mincom.oz.au or eay@psych.psy.uq.oz.au */ /* Modification by Jens Kupferschmidt (Cu) * I have included directive PARA for shared memory computers. * I have included a directive LONGCRYPT to using this routine to cipher * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN * definition is the maximum of lenght of password and can changed. I have * defined 24. */ #define FCRYPT_MOD(R,u,t,E0,E1,tmp) \ u=R>>16; \ t=R^u; \ u=t&E0; t=t&E1; \ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ tmp=(t<<16); t^=R^s[S+1]; t^=tmp #define DES_FCRYPT #include "des_locl.h" #undef DES_FCRYPT #undef PERM_OP #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ (b)^=(t),\ (a)^=((t)<<(n))) #undef HPERM_OP #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ (a)=(a)^(t)^(t>>(16-(n))))\ #ifdef PARA #define STATIC #else #define STATIC static #endif /* It is really only FreeBSD that still suffers from MD5 based crypts */ #ifdef __FreeBSD__ #define MD5_CRYPT_SUPPORT 1 #endif #if MD5_CRYPT_SUPPORT /* * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): * wrote this file. As long as you retain this notice you * can do whatever you want with this stuff. If we meet some day, and you think * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- */ #ifdef HAVE_CONFIG_H #include #endif #include static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; static void to64(s, v, n) char *s; unsigned long v; int n; { while (--n >= 0) { *s++ = itoa64[v&0x3f]; v >>= 6; } } /* * UNIX password * * Use MD5 for what it is best at... */ static char * crypt_md5(pw, salt) register const char *pw; register const char *salt; { static char *magic = "$1$"; /* * This string is magic for * this algorithm. Having * it this way, we can get * get better later on */ static char passwd[120], *p; static const char *sp,*ep; unsigned char final[16]; int sl,pl,i,j; MD5_CTX ctx,ctx1; unsigned long l; /* Refine the Salt first */ sp = salt; /* If it starts with the magic string, then skip that */ if(!strncmp(sp,magic,strlen(magic))) sp += strlen(magic); /* It stops at the first '$', max 8 chars */ for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) continue; /* get the length of the true salt */ sl = ep - sp; MD5Init(&ctx); /* The password first, since that is what is most unknown */ MD5Update(&ctx,pw,strlen(pw)); /* Then our magic string */ MD5Update(&ctx,magic,strlen(magic)); /* Then the raw salt */ MD5Update(&ctx,sp,sl); /* Then just as many characters of the MD5(pw,salt,pw) */ MD5Init(&ctx1); MD5Update(&ctx1,pw,strlen(pw)); MD5Update(&ctx1,sp,sl); MD5Update(&ctx1,pw,strlen(pw)); MD5Final(final,&ctx1); for(pl = strlen(pw); pl > 0; pl -= 16) MD5Update(&ctx,final,pl>16 ? 16 : pl); /* Don't leave anything around in vm they could use. */ memset(final,0,sizeof final); /* Then something really weird... */ for (j=0,i = strlen(pw); i ; i >>= 1) if(i&1) MD5Update(&ctx, final+j, 1); else MD5Update(&ctx, pw+j, 1); /* Now make the output string */ snprintf (passwd, sizeof(passwd), "%s%.*s$", magic, sl, sp); MD5Final(final,&ctx); /* * and now, just to make sure things don't run too fast * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ for(i=0;i<1000;i++) { MD5Init(&ctx1); if(i & 1) MD5Update(&ctx1,pw,strlen(pw)); else MD5Update(&ctx1,final,16); if(i % 3) MD5Update(&ctx1,sp,sl); if(i % 7) MD5Update(&ctx1,pw,strlen(pw)); if(i & 1) MD5Update(&ctx1,final,16); else MD5Update(&ctx1,pw,strlen(pw)); MD5Final(final,&ctx1); } p = passwd + strlen(passwd); l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4; l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4; l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4; l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4; l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4; l = final[11] ; to64(p,l,2); p += 2; *p = '\0'; /* Don't leave anything around in vm they could use. */ memset(final,0,sizeof final); return passwd; } #endif /* MD5_CRYPT_SUPPORT */ #ifndef NOPROTO STATIC int fcrypt_body(DES_LONG *out0, DES_LONG *out1, des_key_schedule ks, DES_LONG Eswap0, DES_LONG Eswap1); #else STATIC int fcrypt_body(); #endif /* Added more values to handle illegal salt values the way normal * crypt() implementations do. The patch was sent by * Bjorn Gronvall */ static unsigned const char con_salt[128]={ 0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9, 0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1, 0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9, 0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1, 0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9, 0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01, 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09, 0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A, 0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12, 0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A, 0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22, 0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24, 0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C, 0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34, 0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C, 0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44, }; static unsigned const char cov_2char[64]={ 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A }; #ifndef NOPROTO #ifdef PERL5 char *des_crypt(const char *buf,const char *salt); #else char *crypt(const char *buf,const char *salt); #endif #else #ifdef PERL5 char *des_crypt(); #else char *crypt(); #endif #endif #ifdef PERL5 char *des_crypt(buf,salt) #else char *crypt(buf,salt) #endif const char *buf; const char *salt; { static char buff[14]; #if MD5_CRYPT_SUPPORT if (!strncmp(salt, "$1$", 3)) return crypt_md5(buf, salt); #endif return(des_fcrypt(buf,salt,buff)); } char *des_fcrypt(buf,salt,ret) const char *buf; const char *salt; char *ret; { unsigned int i,j,x,y; DES_LONG Eswap0,Eswap1; DES_LONG out[2],ll; des_cblock key; des_key_schedule ks; unsigned char bb[9]; unsigned char *b=bb; unsigned char c,u; /* eay 25/08/92 * If you call crypt("pwd","*") as often happens when you * have * as the pwd field in /etc/passwd, the function * returns *\0XXXXXXXXX * The \0 makes the string look like * so the pwd "*" would * crypt to "*". This was found when replacing the crypt in * our shared libraries. People found that the disbled * accounts effectivly had no passwd :-(. */ x=ret[0]=((salt[0] == '\0')?'A':salt[0]); Eswap0=con_salt[x]<<2; x=ret[1]=((salt[1] == '\0')?'A':salt[1]); Eswap1=con_salt[x]<<6; /* EAY r=strlen(buf); r=(r+7)/8; */ for (i=0; i<8; i++) { c= *(buf++); if (!c) break; key[i]=(c<<1); } for (; i<8; i++) key[i]=0; des_set_key((des_cblock *)(key),ks); fcrypt_body(&(out[0]),&(out[1]),ks,Eswap0,Eswap1); ll=out[0]; l2c(ll,b); ll=out[1]; l2c(ll,b); y=0; u=0x80; bb[8]=0; for (i=2; i<13; i++) { c=0; for (j=0; j<6; j++) { c<<=1; if (bb[y] & u) c|=1; u>>=1; if (!u) { y++; u=0x80; } } ret[i]=cov_2char[c]; } ret[13]='\0'; return(ret); } STATIC int fcrypt_body(out0, out1, ks, Eswap0, Eswap1) DES_LONG *out0; DES_LONG *out1; des_key_schedule ks; DES_LONG Eswap0; DES_LONG Eswap1; { register DES_LONG l,r,t,u; #ifdef DES_PTR register unsigned char *des_SP=(unsigned char *)des_SPtrans; #endif register DES_LONG *s; register int j; register DES_LONG E0,E1; l=0; r=0; s=(DES_LONG *)ks; E0=Eswap0; E1=Eswap1; for (j=0; j<25; j++) { #ifdef DES_UNROLL register int i; for (i=0; i<32; i+=8) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ D_ENCRYPT(l,r,i+4); /* 3 */ D_ENCRYPT(r,l,i+6); /* 4 */ } #else D_ENCRYPT(l,r, 0); /* 1 */ D_ENCRYPT(r,l, 2); /* 2 */ D_ENCRYPT(l,r, 4); /* 3 */ D_ENCRYPT(r,l, 6); /* 4 */ D_ENCRYPT(l,r, 8); /* 5 */ D_ENCRYPT(r,l,10); /* 6 */ D_ENCRYPT(l,r,12); /* 7 */ D_ENCRYPT(r,l,14); /* 8 */ D_ENCRYPT(l,r,16); /* 9 */ D_ENCRYPT(r,l,18); /* 10 */ D_ENCRYPT(l,r,20); /* 11 */ D_ENCRYPT(r,l,22); /* 12 */ D_ENCRYPT(l,r,24); /* 13 */ D_ENCRYPT(r,l,26); /* 14 */ D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #endif t=l; l=r; r=t; } l=ROTATE(l,3)&0xffffffffL; r=ROTATE(r,3)&0xffffffffL; PERM_OP(l,r,t, 1,0x55555555L); PERM_OP(r,l,t, 8,0x00ff00ffL); PERM_OP(l,r,t, 2,0x33333333L); PERM_OP(r,l,t,16,0x0000ffffL); PERM_OP(l,r,t, 4,0x0f0f0f0fL); *out0=r; *out1=l; return(0); } cyrus-sasl-2.1.25/mac/libdes/src/supp.c0000777000076400007640000001223407403027650014577 00000000000000/* crypto/des/supp.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* * Copyright (c) 1995 * Mark Murray. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Mark Murray * 4. Neither the name of the author nor the names of any co-contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: supp.c,v 1.2 2001/12/04 02:06:32 rjs3 Exp $ */ #include #include "des_locl.h" void des_cblock_print_file(cb, fp) des_cblock *cb; FILE *fp; { int i; unsigned int *p = (unsigned int *)cb; fprintf(fp, " 0x { "); for (i = 0; i < 8; i++) { fprintf(fp, "%x", p[i]); if (i != 7) fprintf(fp, ", "); } fprintf(fp, " }"); } cyrus-sasl-2.1.25/mac/libdes/src/doIP0000777000076400007640000000147707403027645014235 00000000000000#!/usr/local/bin/perl @l=( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31 ); @r=( 32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55, 56,57,58,59,60,61,62,63 ); require 'shifts.pl'; sub PERM_OP { local(*a,*b,*t,$n,$m)=@_; @z=&shift(*a,-$n); @z=&xor(*b,*z); @z=&and(*z,$m); @b=&xor(*b,*z); @z=&shift(*z,$n); @a=&xor(*a,*z); } @L=@l; @R=@r; &PERM_OP(*R,*L,*T,4,0x0f0f0f0f); &PERM_OP(*L,*R,*T,16,0x0000ffff); &PERM_OP(*R,*L,*T,2,0x33333333); &PERM_OP(*L,*R,*T,8,0x00ff00ff); &PERM_OP(*R,*L,*T,1,0x55555555); &printit(@L); &printit(@R); &PERM_OP(*R,*L,*T,1,0x55555555); &PERM_OP(*L,*R,*T,8,0x00ff00ff); &PERM_OP(*R,*L,*T,2,0x33333333); &PERM_OP(*L,*R,*T,16,0x0000ffff); &PERM_OP(*R,*L,*T,4,0x0f0f0f0f); &printit(@L); &printit(@R); cyrus-sasl-2.1.25/mac/libdes/src/passwd_dialog.aps0000777000076400007640000007333407403027646017006 00000000000000 ØØØØ;$HWBØ؈tC:\USERS\d93-jka\Projects\des\winlocl\passwd_dialog.rcã9$HWBØØé0!!resource.hIDD_PASSWD_DIALOG101IDC_EDIT11000IDC_PASSWD_EDIT1001_APS_NEXT_RESOURCE_VALUE102 _APS_NEXT_COMMAND_VALUE40001_APS_NEXT_CONTROL_VALUE1002_APS_NEXT_SYMED_VALUE101!!afxres.h!winres.hVS_VERSION_INFO1IDOK1BIDCANCEL2CIDABORT3DIDRETRY4EIDIGNORE5FIDYES6GIDNO7HIDCLOSE8JIDHELP9KIDC_STATIC(-1)Q!CBRS_ALIGN_LEFT0x1000L8CBRS_ALIGN_TOP0x2000L9CBRS_ALIGN_RIGHT0x4000L:CBRS_ALIGN_BOTTOM0x8000L;CBRS_ALIGN_ANY0xF000L<CBRS_BORDER_LEFT0x0100L>CBRS_BORDER_TOP0x0200L?CBRS_BORDER_RIGHT0x0400L@CBRS_BORDER_BOTTOM0x0800LACBRS_BORDER_ANY0x0F00LBCBRS_TOOLTIPS0x0010LDCBRS_FLYBY0x0020LECBRS_FLOAT_MULTI0x0040LFCBRS_BORDER_3D0x0080LGCBRS_HIDE_INPLACE0x0008LHCBRS_SIZE_DYNAMIC0x0004LICBRS_SIZE_FIXED0x0002LJCBRS_FLOATING0x0001LKCBRS_ORIENT_HORZ(CBRS_ALIGN_TOP|CBRS_ALIGN_BOTTOM)MCBRS_ORIENT_VERT(CBRS_ALIGN_LEFT|CBRS_ALIGN_RIGHT)NCBRS_ORIENT_ANY(CBRS_ORIENT_HORZ|CBRS_ORIENT_VERT)OCBRS_ALL0xFFFFLQCBRS_NOALIGN0x00000000LWCBRS_LEFT(CBRS_ALIGN_LEFT|CBRS_BORDER_RIGHT)XCBRS_TOP(CBRS_ALIGN_TOP|CBRS_BORDER_BOTTOM)YCBRS_RIGHT(CBRS_ALIGN_RIGHT|CBRS_BORDER_LEFT)ZCBRS_BOTTOM(CBRS_ALIGN_BOTTOM|CBRS_BORDER_TOP)[ID_INDICATOR_EXT0xE700aID_INDICATOR_CAPS0xE701bID_INDICATOR_NUM0xE702cID_INDICATOR_SCRL0xE703dID_INDICATOR_OVR0xE704eID_INDICATOR_REC0xE705fID_INDICATOR_KANA0xE706gID_SEPARATOR0iAFX_IDS_APP_TITLE0xE000úAFX_IDS_IDLEMESSAGE0xE001ýAFX_IDS_HELPMODEMESSAGE0xE002ÿAFX_IDS_APP_TITLE_EMBEDDING0xE003ÄAFX_IDS_COMPANY_NAME0xE004ÁAFX_IDS_OBJ_TITLE_INPLACE0xE005£ID_FILE_NEW0xE100©ID_FILE_OPEN0xE101»ID_FILE_CLOSE0xE102ÇID_FILE_SAVE0xE103ÂID_FILE_SAVE_AS0xE104ÐID_FILE_PAGE_SETUP0xE105¨ID_FILE_PRINT_SETUP0xE106øID_FILE_PRINT0xE107¡ID_FILE_PRINT_DIRECT0xE108±ID_FILE_PRINT_PREVIEW0xE109ÓID_FILE_UPDATE0xE10AÒID_FILE_SAVE_COPY_AS0xE10B«ID_FILE_SEND_MAIL0xE10CµID_FILE_MRU_FIRST0xE110áID_FILE_MRU_FILE10xE110üID_FILE_MRU_FILE20xE111ÕID_FILE_MRU_FILE30xE112¼ID_FILE_MRU_FILE40xE113ÈID_FILE_MRU_FILE50xE114¹ID_FILE_MRU_FILE60xE115¸ID_FILE_MRU_FILE70xE116²ID_FILE_MRU_FILE80xE117ÀID_FILE_MRU_FILE90xE118ËID_FILE_MRU_FILE100xE119çID_FILE_MRU_FILE110xE11AåID_FILE_MRU_FILE120xE11BÌID_FILE_MRU_FILE130xE11C€ID_FILE_MRU_FILE140xE11DID_FILE_MRU_FILE150xE11E®ID_FILE_MRU_FILE160xE11F‚ID_FILE_MRU_LAST0xE11FéID_EDIT_CLEAR0xE120èID_EDIT_CLEAR_ALL0xE121íID_EDIT_COPY0xE122êID_EDIT_CUT0xE123ëID_EDIT_FIND0xE124ìID_EDIT_PASTE0xE125ÜID_EDIT_PASTE_LINK0xE126„ID_EDIT_PASTE_SPECIAL0xE127ñID_EDIT_REPEAT0xE128îID_EDIT_REPLACE0xE129ïID_EDIT_SELECT_ALL0xE12AÍID_EDIT_UNDO0xE12B…ID_EDIT_REDO0xE12C×ID_WINDOW_NEW0xE130òID_WINDOW_ARRANGE0xE131óID_WINDOW_CASCADE0xE132†ID_WINDOW_TILE_HORZ0xE133 ID_WINDOW_TILE_VERT0xE134ÞID_WINDOW_SPLIT0xE135§ID_APP_ABOUT0xE140ID_APP_EXIT0xE141ID_HELP_INDEX0xE142ŽID_HELP_FINDER0xE143ID_HELP_USING0xE144‘ID_CONTEXT_HELP0xE145“ID_HELP0xE146”ID_DEFAULT_HELP0xE147•ID_NEXT_PANE0xE150˜ID_PREV_PANE0xE151—ID_FORMAT_FONT0xE160šID_OLE_INSERT_NEW0xE200ID_OLE_EDIT_LINKS0xE201œID_OLE_EDIT_CONVERT0xE202žID_OLE_EDIT_CHANGE_ICON0xE203ŸID_OLE_EDIT_PROPERTIES0xE204àID_OLE_VERB_FIRST0xE210ßAFX_ID_PREVIEW_CLOSE0xE300AFX_ID_PREVIEW_NUMPAGE0xE301AFX_ID_PREVIEW_NEXT0xE302AFX_ID_PREVIEW_PREV0xE303AFX_ID_PREVIEW_PRINT0xE304AFX_ID_PREVIEW_ZOOMIN0xE305 AFX_ID_PREVIEW_ZOOMOUT0xE306 ID_VIEW_TOOLBAR0xE800 ID_VIEW_STATUS_BAR0xE801ID_RECORD_FIRST0xE900ID_RECORD_LAST0xE901ID_RECORD_NEXT0xE902ID_RECORD_PREV0xE903IDC_STATIC(-1)AFX_IDS_SCSIZE0xEF00&AFX_IDS_SCMOVE0xEF01'AFX_IDS_SCMINIMIZE0xEF02(AFX_IDS_SCMAXIMIZE0xEF03)AFX_IDS_SCNEXTWINDOW0xEF04*AFX_IDS_SCPREVWINDOW0xEF05+AFX_IDS_SCCLOSE0xEF06,AFX_IDS_SCRESTORE0xEF12-AFX_IDS_SCTASKLIST0xEF13.AFX_IDS_MDICHILD0xEF1F0AFX_IDS_DESKACCESSORY0xEFDA2AFX_IDS_OPENFILE0xF0005AFX_IDS_SAVEFILE0xF0016AFX_IDS_ALLFILTER0xF0027AFX_IDS_UNTITLED0xF0038AFX_IDS_SAVEFILECOPY0xF0049AFX_IDS_PREVIEW_CLOSE0xF005:AFX_IDS_UNNAMED_FILE0xF006;AFX_IDS_HIDE0xF011?AFX_IDP_NO_ERROR_AVAILABLE0xF020BAFX_IDS_NOT_SUPPORTED_EXCEPTION0xF021CAFX_IDS_RESOURCE_EXCEPTION0xF022DAFX_IDS_MEMORY_EXCEPTION0xF023EAFX_IDS_USER_EXCEPTION0xF024FAFX_IDS_PRINTONPORT0xF040IAFX_IDS_ONEPAGE0xF041JAFX_IDS_TWOPAGE0xF042KAFX_IDS_PRINTPAGENUM0xF043LAFX_IDS_PREVIEWPAGEDESC0xF044MAFX_IDS_PRINTDEFAULTEXT0xF045NAFX_IDS_PRINTDEFAULT0xF046OAFX_IDS_PRINTFILTER0xF047PAFX_IDS_PRINTCAPTION0xF048QAFX_IDS_PRINTTOFILE0xF049RAFX_IDS_OBJECT_MENUITEM0xF080VAFX_IDS_EDIT_VERB0xF081WAFX_IDS_ACTIVATE_VERB0xF082XAFX_IDS_CHANGE_LINK0xF083YAFX_IDS_AUTO0xF084ZAFX_IDS_MANUAL0xF085[AFX_IDS_FROZEN0xF086\AFX_IDS_ALL_FILES0xF087]AFX_IDS_SAVE_MENU0xF088_AFX_IDS_UPDATE_MENU0xF089`AFX_IDS_SAVE_AS_MENU0xF08AaAFX_IDS_SAVE_COPY_AS_MENU0xF08BbAFX_IDS_EXIT_MENU0xF08CcAFX_IDS_UPDATING_ITEMS0xF08DdAFX_IDS_METAFILE_FORMAT0xF08EfAFX_IDS_DIB_FORMAT0xF08FgAFX_IDS_BITMAP_FORMAT0xF090hAFX_IDS_LINKSOURCE_FORMAT0xF091iAFX_IDS_EMBED_FORMAT0xF092jAFX_IDS_PASTELINKEDTYPE0xF094lAFX_IDS_UNKNOWNTYPE0xF095mAFX_IDS_RTF_FORMAT0xF096nAFX_IDS_TEXT_FORMAT0xF097oAFX_IDS_INVALID_CURRENCY0xF098qAFX_IDS_INVALID_DATETIME0xF099rAFX_IDS_INVALID_DATETIMESPAN0xF09AsAFX_IDP_INVALID_FILENAME0xF100vAFX_IDP_FAILED_TO_OPEN_DOC0xF101wAFX_IDP_FAILED_TO_SAVE_DOC0xF102xAFX_IDP_ASK_TO_SAVE0xF103yAFX_IDP_FAILED_TO_CREATE_DOC0xF104zAFX_IDP_FILE_TOO_LARGE0xF105{AFX_IDP_FAILED_TO_START_PRINT0xF106|AFX_IDP_FAILED_TO_LAUNCH_HELP0xF107}AFX_IDP_INTERNAL_FAILURE0xF108~AFX_IDP_COMMAND_FAILURE0xF109AFX_IDP_FAILED_MEMORY_ALLOC0xF10A¥AFX_IDP_PARSE_INT0xF110°AFX_IDP_PARSE_REAL0xF111³AFX_IDP_PARSE_INT_RANGE0xF112·AFX_IDP_PARSE_REAL_RANGE0xF113ºAFX_IDP_PARSE_STRING_SIZE0xF114½AFX_IDP_PARSE_RADIO_BUTTON0xF115ÃAFX_IDP_PARSE_BYTE0xF116ÅAFX_IDP_PARSE_UINT0xF117ÉAFX_IDP_PARSE_DATETIME0xF118ÑAFX_IDP_PARSE_CURRENCY0xF119ÔAFX_IDP_FAILED_INVALID_FORMAT0xF120¶AFX_IDP_FAILED_INVALID_PATH0xF121ÆAFX_IDP_FAILED_DISK_FULL0xF122ÎAFX_IDP_FAILED_ACCESS_READ0xF123âAFX_IDP_FAILED_ACCESS_WRITE0xF124ãAFX_IDP_FAILED_IO_ERROR_READ0xF125äAFX_IDP_FAILED_IO_ERROR_WRITE0xF126ðAFX_IDP_STATIC_OBJECT0xF180ùAFX_IDP_FAILED_TO_CONNECT0xF181úAFX_IDP_SERVER_BUSY0xF182ûAFX_IDP_BAD_VERB0xF183ýAFX_IDP_FAILED_TO_NOTIFY0xF185þAFX_IDP_FAILED_TO_LAUNCH0xF186ÿAFX_IDP_ASK_TO_UPDATE0xF187õAFX_IDP_FAILED_TO_UPDATE0xF188ÄAFX_IDP_FAILED_TO_REGISTER0xF189ÊAFX_IDP_FAILED_TO_AUTO_REGISTER0xF18AÁAFX_IDP_FAILED_TO_CONVERT0xF18B¢AFX_IDP_GET_NOT_SUPPORTED0xF18C£AFX_IDP_SET_NOT_SUPPORTED0xF18DÛAFX_IDP_ASK_TO_DISCARD0xF18E´AFX_IDP_FAILED_TO_CREATE0xF18FÏAFX_IDP_FAILED_MAPI_LOAD0xF190©AFX_IDP_INVALID_MAPI_DLL0xF191»AFX_IDP_FAILED_MAPI_SEND0xF192ÇAFX_IDP_FILE_NONE0xF1A0ÐAFX_IDP_FILE_GENERIC0xF1A1¨AFX_IDP_FILE_NOT_FOUND0xF1A2øAFX_IDP_FILE_BAD_PATH0xF1A3¡AFX_IDP_FILE_TOO_MANY_OPEN0xF1A4±AFX_IDP_FILE_ACCESS_DENIED0xF1A5ÓAFX_IDP_FILE_INVALID_FILE0xF1A6ÒAFX_IDP_FILE_REMOVE_CURRENT0xF1A7«AFX_IDP_FILE_DIR_FULL0xF1A8µAFX_IDP_FILE_BAD_SEEK0xF1A9¦AFX_IDP_FILE_HARD_IO0xF1AAáAFX_IDP_FILE_SHARING0xF1ABüAFX_IDP_FILE_LOCKING0xF1ACÕAFX_IDP_FILE_DISKFULL0xF1AD¼AFX_IDP_FILE_EOF0xF1AEÈAFX_IDP_ARCH_NONE0xF1B0¸AFX_IDP_ARCH_GENERIC0xF1B1²AFX_IDP_ARCH_READONLY0xF1B2ÀAFX_IDP_ARCH_ENDOFFILE0xF1B3ËAFX_IDP_ARCH_WRITEONLY0xF1B4çAFX_IDP_ARCH_BADINDEX0xF1B5åAFX_IDP_ARCH_BADCLASS0xF1B6ÌAFX_IDP_ARCH_BADSCHEMA0xF1B7€AFX_IDS_OCC_SCALEUNITS_PIXELS0xF1C0®AFX_IDS_STATUS_FONT0xF230èAFX_IDS_TOOLTIP_FONT0xF231íAFX_IDS_UNICODE_FONT0xF232êAFX_IDS_MINI_FONT0xF233ëAFX_IDP_SQL_CONNECT_FAIL0xF281ïAFX_IDP_SQL_RECORDSET_FORWARD_ONLY0xF282ÍAFX_IDP_SQL_EMPTY_COLUMN_LIST0xF283…AFX_IDP_SQL_FIELD_SCHEMA_MISMATCH0xF284×AFX_IDP_SQL_ILLEGAL_MODE0xF285¯AFX_IDP_SQL_MULTIPLE_ROWS_AFFECTED0xF286ôAFX_IDP_SQL_NO_CURRENT_RECORD0xF287òAFX_IDP_SQL_NO_ROWS_AFFECTED0xF288óAFX_IDP_SQL_RECORDSET_READONLY0xF289†AFX_IDP_SQL_SQL_NO_TOTAL0xF28A AFX_IDP_SQL_ODBC_LOAD_FAILED0xF28BÞAFX_IDP_SQL_DYNASET_NOT_SUPPORTED0xF28C§AFX_IDP_SQL_SNAPSHOT_NOT_SUPPORTED0xF28DˆAFX_IDP_SQL_API_CONFORMANCE0xF28E‡AFX_IDP_SQL_SQL_CONFORMANCE0xF28F‰AFX_IDP_SQL_NO_DATA_FOUND0xF290‹AFX_IDP_SQL_ROW_UPDATE_NOT_SUPPORTED0xF291ŠAFX_IDP_SQL_ODBC_V2_REQUIRED0xF292ŒAFX_IDP_SQL_NO_POSITIONED_UPDATES0xF293¾AFX_IDP_SQL_LOCK_MODE_NOT_SUPPORTED0xF294AFX_IDP_SQL_DATA_TRUNCATED0xF295AFX_IDP_SQL_ROW_FETCH0xF296ŽAFX_IDP_SQL_INCORRECT_ODBC0xF297AFX_IDP_SQL_UPDATE_DELETE_FAILED0xF298‘AFX_IDP_SQL_DYNAMIC_CURSOR_NOT_SUPPORTED0xF299“AFX_IDP_DAO_ENGINE_INITIALIZATION0xF2A0˜AFX_IDP_DAO_DFX_BIND0xF2A1—AFX_IDP_DAO_OBJECT_NOT_OPEN0xF2A2™AFX_IDP_DAO_ROWTOOSHORT0xF2A3AFX_IDP_DAO_BADBINDINFO0xF2A4œAFX_IDP_DAO_COLUMNUNAVAILABLE0xF2A5žAFX_IDC_LISTBOX100AFX_IDC_CHANGE101AFX_IDC_PRINT_DOCNAME201AFX_IDC_PRINT_PRINTERNAME202AFX_IDC_PRINT_PORTNAME203AFX_IDC_PRINT_PAGENUM204ID_APPLY_NOW0x3021 ID_WIZBACK0x3023 ID_WIZNEXT0x3024 ID_WIZFINISH0x3025AFX_IDC_TAB_CONTROL0x3020AFX_IDD_NEWTYPEDLG30721"AFX_IDD_PRINTDLG30722#AFX_IDD_PREVIEW_TOOLBAR30723$AFX_IDD_INSERTOBJECT30724*AFX_IDD_CHANGEICON30725+AFX_IDD_CONVERT30726,AFX_IDD_PASTESPECIAL30727-AFX_IDD_EDITLINKS30728.AFX_IDD_FILEBROWSE30729/AFX_IDD_BUSY307300AFX_IDD_OBJECTPROPERTIES307322AFX_IDD_CHANGESOURCE307333AFX_IDC_CONTEXTHELP309777AFX_IDC_MAGNIFY309788AFX_IDC_SMALLARROWS309799AFX_IDC_HSPLITBAR30980:AFX_IDC_VSPLITBAR30981;AFX_IDC_NODROPCRSR30982<AFX_IDC_TRACKNWSE30983=AFX_IDC_TRACKNESW30984>AFX_IDC_TRACKNS30985?AFX_IDC_TRACKWE30986@AFX_IDC_TRACK4WAY30987AAFX_IDC_MOVE4WAY30988BAFX_IDB_MINIFRAME_MENU30994EAFX_IDB_CHECKLISTBOX_NT30995HAFX_IDB_CHECKLISTBOX_9530996IAFX_IDR_PREVIEW_ACCEL30997LAFX_IDI_STD_MDIFRAME31233OAFX_IDI_STD_FRAME31234PAFX_IDC_FONTPROP1000VAFX_IDC_FONTNAMES1001WAFX_IDC_FONTSTYLES1002XAFX_IDC_FONTSIZES1003YAFX_IDC_STRIKEOUT1004ZAFX_IDC_UNDERLINE1005[AFX_IDC_SAMPLEBOX1006\AFX_IDC_COLOR_BLACK1100_AFX_IDC_COLOR_WHITE1101`AFX_IDC_COLOR_RED1102aAFX_IDC_COLOR_GREEN1103bAFX_IDC_COLOR_BLUE1104cAFX_IDC_COLOR_YELLOW1105dAFX_IDC_COLOR_MAGENTA1106eAFX_IDC_COLOR_CYAN1107fAFX_IDC_COLOR_GRAY1108gAFX_IDC_COLOR_LIGHTGRAY1109hAFX_IDC_COLOR_DARKRED1110iAFX_IDC_COLOR_DARKGREEN1111jAFX_IDC_COLOR_DARKBLUE1112kAFX_IDC_COLOR_LIGHTBROWN1113lAFX_IDC_COLOR_DARKMAGENTA1114mAFX_IDC_COLOR_DARKCYAN1115nAFX_IDC_COLORPROP1116oAFX_IDC_SYSTEMCOLORS1117pAFX_IDC_PROPNAME1201sAFX_IDC_PICTURE1202tAFX_IDC_BROWSE1203uAFX_IDC_CLEAR1204vAFX_IDD_PROPPAGE_COLOR32257|AFX_IDD_PROPPAGE_FONT32258}AFX_IDD_PROPPAGE_PICTURE32259~AFX_IDB_TRUETYPE32384¥AFX_IDS_PROPPAGE_UNKNOWN0xFE01ºAFX_IDS_COLOR_DESKTOP0xFE04½AFX_IDS_COLOR_APPWORKSPACE0xFE05ÃAFX_IDS_COLOR_WNDBACKGND0xFE06ÅAFX_IDS_COLOR_WNDTEXT0xFE07ÉAFX_IDS_COLOR_MENUBAR0xFE08ÑAFX_IDS_COLOR_MENUTEXT0xFE09ÔAFX_IDS_COLOR_ACTIVEBAR0xFE0AÙAFX_IDS_COLOR_INACTIVEBAR0xFE0BÚAFX_IDS_COLOR_ACTIVETEXT0xFE0C¶AFX_IDS_COLOR_INACTIVETEXT0xFE0DÆAFX_IDS_COLOR_ACTIVEBORDER0xFE0EÎAFX_IDS_COLOR_INACTIVEBORDER0xFE0FâAFX_IDS_COLOR_WNDFRAME0xFE10ãAFX_IDS_COLOR_SCROLLBARS0xFE11äAFX_IDS_COLOR_BTNFACE0xFE12ðAFX_IDS_COLOR_BTNSHADOW0xFE13öAFX_IDS_COLOR_BTNTEXT0xFE14÷AFX_IDS_COLOR_BTNHIGHLIGHT0xFE15ùAFX_IDS_COLOR_DISABLEDTEXT0xFE16úAFX_IDS_COLOR_HIGHLIGHT0xFE17ûAFX_IDS_COLOR_HIGHLIGHTTEXT0xFE18ýAFX_IDS_REGULAR0xFE19þAFX_IDS_BOLD0xFE1AÿAFX_IDS_ITALIC0xFE1BõAFX_IDS_BOLDITALIC0xFE1CÄAFX_IDS_SAMPLETEXT0xFE1DÊAFX_IDS_DISPLAYSTRING_FONT0xFE1EÁAFX_IDS_DISPLAYSTRING_COLOR0xFE1F¢AFX_IDS_DISPLAYSTRING_PICTURE0xFE20£AFX_IDS_PICTUREFILTER0xFE21ÛAFX_IDS_PICTYPE_UNKNOWN0xFE22´AFX_IDS_PICTYPE_NONE0xFE23ÏAFX_IDS_PICTYPE_BITMAP0xFE24¤AFX_IDS_PICTYPE_METAFILE0xFE25¬AFX_IDS_PICTYPE_ICON0xFE26©AFX_IDS_COLOR_PPG0xFE28»AFX_IDS_COLOR_PPG_CAPTION0xFE29ÇAFX_IDS_FONT_PPG0xFE2AÂAFX_IDS_FONT_PPG_CAPTION0xFE2BÐAFX_IDS_PICTURE_PPG0xFE2C¨AFX_IDS_PICTURE_PPG_CAPTION0xFE2DøAFX_IDS_PICTUREBROWSETITLE0xFE30¡AFX_IDS_BORDERSTYLE_00xFE31±AFX_IDS_BORDERSTYLE_10xFE32ÓAFX_IDS_VERB_EDIT0xFE40µAFX_IDS_VERB_PROPERTIES0xFE41¦AFX_IDP_PICTURECANTOPEN0xFE83ÕAFX_IDP_PICTURECANTLOAD0xFE84¼AFX_IDP_PICTURETOOLARGE0xFE85ÈAFX_IDP_PICTUREREADFAILED0xFE86¹AFX_IDP_E_ILLEGALFUNCTIONCALL0xFEA0ÀAFX_IDP_E_OVERFLOW0xFEA1ËAFX_IDP_E_OUTOFMEMORY0xFEA2çAFX_IDP_E_DIVISIONBYZERO0xFEA3åAFX_IDP_E_OUTOFSTRINGSPACE0xFEA4ÌAFX_IDP_E_OUTOFSTACKSPACE0xFEA5€AFX_IDP_E_BADFILENAMEORNUMBER0xFEA6AFX_IDP_E_FILENOTFOUND0xFEA7®AFX_IDP_E_BADFILEMODE0xFEA8‚AFX_IDP_E_FILEALREADYOPEN0xFEA9éAFX_IDP_E_DEVICEIOERROR0xFEAAƒAFX_IDP_E_FILEALREADYEXISTS0xFEABæAFX_IDP_E_BADRECORDLENGTH0xFEACèAFX_IDP_E_DISKFULL0xFEADíAFX_IDP_E_BADRECORDNUMBER0xFEAEêAFX_IDP_E_BADFILENAME0xFEAFëAFX_IDP_E_TOOMANYFILES0xFEB0ìAFX_IDP_E_DEVICEUNAVAILABLE0xFEB1ÜAFX_IDP_E_PERMISSIONDENIED0xFEB2„AFX_IDP_E_DISKNOTREADY0xFEB3ñAFX_IDP_E_PATHFILEACCESSERROR0xFEB4îAFX_IDP_E_PATHNOTFOUND0xFEB5ïAFX_IDP_E_INVALIDPATTERNSTRING0xFEB6ÍAFX_IDP_E_INVALIDUSEOFNULL0xFEB7…AFX_IDP_E_INVALIDFILEFORMAT0xFEB8×AFX_IDP_E_INVALIDPROPERTYVALUE0xFEB9¯AFX_IDP_E_INVALIDPROPERTYARRAYINDEX0xFEBAôAFX_IDP_E_SETNOTSUPPORTEDATRUNTIME0xFEBBòAFX_IDP_E_SETNOTSUPPORTED0xFEBCóAFX_IDP_E_NEEDPROPERTYARRAYINDEX0xFEBD†AFX_IDP_E_SETNOTPERMITTED0xFEBE AFX_IDP_E_GETNOTSUPPORTEDATRUNTIME0xFEBFÞAFX_IDP_E_GETNOTSUPPORTED0xFEC0§AFX_IDP_E_PROPERTYNOTFOUND0xFEC1ˆAFX_IDP_E_INVALIDCLIPBOARDFORMAT0xFEC2‡AFX_IDP_E_INVALIDPICTURE0xFEC3‰AFX_IDP_E_PRINTERERROR0xFEC4‹AFX_IDP_E_CANTSAVEFILETOTEMP0xFEC5ŠAFX_IDP_E_SEARCHTEXTNOTFOUND0xFEC6ŒAFX_IDP_E_REPLACEMENTSTOOLONG0xFEC7¾!!‹Ø$HWBØØæ05101IDD_PASSWD_DIALOGC:\USERS\D93-JKA\PROJECTS\DES\WINLOCL\PASSWD_DIALOG.RCIDC_PASSWD_EDITŽIDOKIDCANCELIDC_STATICØØ$ØØDESIGNINFOGUIDELINES$ØØTEXTINCLUDE1$ØØTEXTINCLUDE2$ØØTEXTINCLUDE3$ØØ$ØØû$HWBØØ/0C:\USERS\D93-JKA\PROJECTS\DES\WINLOCL\resource.hC:\Program\programmering\MSDEV\MFC\include/afxres.hC:\Program\programmering\MSDEV\MFC\include/winres.h\$HWBØØ-05101IDD_PASSWD_DIALOGDESIGNINFOGUIDELINESTEXTINCLUDE1TEXTINCLUDE2TEXTINCLUDE3å5$HWBØØ.0¼ID_SEPARATOR0VS_VERSION_INFO1IDOK1IDCANCEL2IDABORT3IDRETRY4IDIGNORE5IDYES6IDNO7IDCLOSE8IDHELP9AFX_IDC_LISTBOX100IDD_PASSWD_DIALOG101AFX_IDC_CHANGE101_APS_NEXT_SYMED_VALUE101_APS_NEXT_RESOURCE_VALUE102AFX_IDC_PRINT_DOCNAME201AFX_IDC_PRINT_PRINTERNAME202AFX_IDC_PRINT_PORTNAME203AFX_IDC_PRINT_PAGENUM204IDC_EDIT11000AFX_IDC_FONTPROP1000IDC_PASSWD_EDIT1001AFX_IDC_FONTNAMES1001AFX_IDC_FONTSTYLES1002_APS_NEXT_CONTROL_VALUE1002AFX_IDC_FONTSIZES1003AFX_IDC_STRIKEOUT1004AFX_IDC_UNDERLINE1005AFX_IDC_SAMPLEBOX1006AFX_IDC_COLOR_BLACK1100AFX_IDC_COLOR_WHITE1101AFX_IDC_COLOR_RED1102AFX_IDC_COLOR_GREEN1103AFX_IDC_COLOR_BLUE1104AFX_IDC_COLOR_YELLOW1105AFX_IDC_COLOR_MAGENTA1106AFX_IDC_COLOR_CYAN1107AFX_IDC_COLOR_GRAY1108AFX_IDC_COLOR_LIGHTGRAY1109AFX_IDC_COLOR_DARKRED1110AFX_IDC_COLOR_DARKGREEN1111AFX_IDC_COLOR_DARKBLUE1112AFX_IDC_COLOR_LIGHTBROWN1113AFX_IDC_COLOR_DARKMAGENTA1114AFX_IDC_COLOR_DARKCYAN1115AFX_IDC_COLORPROP1116AFX_IDC_SYSTEMCOLORS1117AFX_IDC_PROPNAME1201AFX_IDC_PICTURE1202AFX_IDC_BROWSE1203AFX_IDC_CLEAR1204AFX_IDC_TAB_CONTROL0x3020ID_APPLY_NOW0x3021ID_WIZBACK0x3023ID_WIZNEXT0x3024ID_WIZFINISH0x3025AFX_IDD_NEWTYPEDLG30721AFX_IDD_PRINTDLG30722AFX_IDD_PREVIEW_TOOLBAR30723AFX_IDD_INSERTOBJECT30724AFX_IDD_CHANGEICON30725AFX_IDD_CONVERT30726AFX_IDD_PASTESPECIAL30727AFX_IDD_EDITLINKS30728AFX_IDD_FILEBROWSE30729AFX_IDD_BUSY30730AFX_IDD_OBJECTPROPERTIES30732AFX_IDD_CHANGESOURCE30733AFX_IDC_CONTEXTHELP30977AFX_IDC_MAGNIFY30978AFX_IDC_SMALLARROWS30979AFX_IDC_HSPLITBAR30980AFX_IDC_VSPLITBAR30981AFX_IDC_NODROPCRSR30982AFX_IDC_TRACKNWSE30983AFX_IDC_TRACKNESW30984AFX_IDC_TRACKNS30985AFX_IDC_TRACKWE30986AFX_IDC_TRACK4WAY30987AFX_IDC_MOVE4WAY30988AFX_IDB_MINIFRAME_MENU30994AFX_IDB_CHECKLISTBOX_NT30995AFX_IDB_CHECKLISTBOX_9530996AFX_IDR_PREVIEW_ACCEL30997AFX_IDI_STD_MDIFRAME31233AFX_IDI_STD_FRAME31234AFX_IDD_PROPPAGE_COLOR32257AFX_IDD_PROPPAGE_FONT32258AFX_IDD_PROPPAGE_PICTURE32259AFX_IDB_TRUETYPE32384_APS_NEXT_COMMAND_VALUE40001AFX_IDS_APP_TITLE0xE000AFX_IDS_IDLEMESSAGE0xE001AFX_IDS_HELPMODEMESSAGE0xE002AFX_IDS_APP_TITLE_EMBEDDING0xE003AFX_IDS_COMPANY_NAME0xE004AFX_IDS_OBJ_TITLE_INPLACE0xE005ID_FILE_NEW0xE100ID_FILE_OPEN0xE101ID_FILE_CLOSE0xE102ID_FILE_SAVE0xE103ID_FILE_SAVE_AS0xE104ID_FILE_PAGE_SETUP0xE105ID_FILE_PRINT_SETUP0xE106ID_FILE_PRINT0xE107ID_FILE_PRINT_DIRECT0xE108ID_FILE_PRINT_PREVIEW0xE109ID_FILE_UPDATE0xE10AID_FILE_SAVE_COPY_AS0xE10BID_FILE_SEND_MAIL0xE10CID_FILE_MRU_FIRST0xE110ID_FILE_MRU_FILE10xE110ID_FILE_MRU_FILE20xE111ID_FILE_MRU_FILE30xE112ID_FILE_MRU_FILE40xE113ID_FILE_MRU_FILE50xE114ID_FILE_MRU_FILE60xE115ID_FILE_MRU_FILE70xE116ID_FILE_MRU_FILE80xE117ID_FILE_MRU_FILE90xE118ID_FILE_MRU_FILE100xE119ID_FILE_MRU_FILE110xE11AID_FILE_MRU_FILE120xE11BID_FILE_MRU_FILE130xE11CID_FILE_MRU_FILE140xE11DID_FILE_MRU_FILE150xE11EID_FILE_MRU_FILE160xE11FID_FILE_MRU_LAST0xE11FID_EDIT_CLEAR0xE120ID_EDIT_CLEAR_ALL0xE121ID_EDIT_COPY0xE122ID_EDIT_CUT0xE123ID_EDIT_FIND0xE124ID_EDIT_PASTE0xE125ID_EDIT_PASTE_LINK0xE126ID_EDIT_PASTE_SPECIAL0xE127ID_EDIT_REPEAT0xE128ID_EDIT_REPLACE0xE129ID_EDIT_SELECT_ALL0xE12AID_EDIT_UNDO0xE12BID_EDIT_REDO0xE12CID_WINDOW_NEW0xE130ID_WINDOW_ARRANGE0xE131ID_WINDOW_CASCADE0xE132ID_WINDOW_TILE_HORZ0xE133ID_WINDOW_TILE_VERT0xE134ID_WINDOW_SPLIT0xE135ID_APP_ABOUT0xE140ID_APP_EXIT0xE141ID_HELP_INDEX0xE142ID_HELP_FINDER0xE143ID_HELP_USING0xE144ID_CONTEXT_HELP0xE145ID_HELP0xE146ID_DEFAULT_HELP0xE147ID_NEXT_PANE0xE150ID_PREV_PANE0xE151ID_FORMAT_FONT0xE160ID_OLE_INSERT_NEW0xE200ID_OLE_EDIT_LINKS0xE201ID_OLE_EDIT_CONVERT0xE202ID_OLE_EDIT_CHANGE_ICON0xE203ID_OLE_EDIT_PROPERTIES0xE204ID_OLE_VERB_FIRST0xE210AFX_ID_PREVIEW_CLOSE0xE300AFX_ID_PREVIEW_NUMPAGE0xE301AFX_ID_PREVIEW_NEXT0xE302AFX_ID_PREVIEW_PREV0xE303AFX_ID_PREVIEW_PRINT0xE304AFX_ID_PREVIEW_ZOOMIN0xE305AFX_ID_PREVIEW_ZOOMOUT0xE306ID_INDICATOR_EXT0xE700ID_INDICATOR_CAPS0xE701ID_INDICATOR_NUM0xE702ID_INDICATOR_SCRL0xE703ID_INDICATOR_OVR0xE704ID_INDICATOR_REC0xE705ID_INDICATOR_KANA0xE706ID_VIEW_TOOLBAR0xE800ID_VIEW_STATUS_BAR0xE801ID_RECORD_FIRST0xE900ID_RECORD_LAST0xE901ID_RECORD_NEXT0xE902ID_RECORD_PREV0xE903AFX_IDS_SCSIZE0xEF00AFX_IDS_SCMOVE0xEF01AFX_IDS_SCMINIMIZE0xEF02AFX_IDS_SCMAXIMIZE0xEF03AFX_IDS_SCNEXTWINDOW0xEF04AFX_IDS_SCPREVWINDOW0xEF05AFX_IDS_SCCLOSE0xEF06AFX_IDS_SCRESTORE0xEF12AFX_IDS_SCTASKLIST0xEF13AFX_IDS_MDICHILD0xEF1FAFX_IDS_DESKACCESSORY0xEFDAAFX_IDS_OPENFILE0xF000AFX_IDS_SAVEFILE0xF001AFX_IDS_ALLFILTER0xF002AFX_IDS_UNTITLED0xF003AFX_IDS_SAVEFILECOPY0xF004AFX_IDS_PREVIEW_CLOSE0xF005AFX_IDS_UNNAMED_FILE0xF006AFX_IDS_HIDE0xF011AFX_IDP_NO_ERROR_AVAILABLE0xF020AFX_IDS_NOT_SUPPORTED_EXCEPTION0xF021AFX_IDS_RESOURCE_EXCEPTION0xF022AFX_IDS_MEMORY_EXCEPTION0xF023AFX_IDS_USER_EXCEPTION0xF024AFX_IDS_PRINTONPORT0xF040AFX_IDS_ONEPAGE0xF041AFX_IDS_TWOPAGE0xF042AFX_IDS_PRINTPAGENUM0xF043AFX_IDS_PREVIEWPAGEDESC0xF044AFX_IDS_PRINTDEFAULTEXT0xF045AFX_IDS_PRINTDEFAULT0xF046AFX_IDS_PRINTFILTER0xF047AFX_IDS_PRINTCAPTION0xF048AFX_IDS_PRINTTOFILE0xF049AFX_IDS_OBJECT_MENUITEM0xF080AFX_IDS_EDIT_VERB0xF081AFX_IDS_ACTIVATE_VERB0xF082AFX_IDS_CHANGE_LINK0xF083AFX_IDS_AUTO0xF084AFX_IDS_MANUAL0xF085AFX_IDS_FROZEN0xF086AFX_IDS_ALL_FILES0xF087AFX_IDS_SAVE_MENU0xF088AFX_IDS_UPDATE_MENU0xF089AFX_IDS_SAVE_AS_MENU0xF08AAFX_IDS_SAVE_COPY_AS_MENU0xF08BAFX_IDS_EXIT_MENU0xF08CAFX_IDS_UPDATING_ITEMS0xF08DAFX_IDS_METAFILE_FORMAT0xF08EAFX_IDS_DIB_FORMAT0xF08FAFX_IDS_BITMAP_FORMAT0xF090AFX_IDS_LINKSOURCE_FORMAT0xF091AFX_IDS_EMBED_FORMAT0xF092AFX_IDS_PASTELINKEDTYPE0xF094AFX_IDS_UNKNOWNTYPE0xF095AFX_IDS_RTF_FORMAT0xF096AFX_IDS_TEXT_FORMAT0xF097AFX_IDS_INVALID_CURRENCY0xF098AFX_IDS_INVALID_DATETIME0xF099AFX_IDS_INVALID_DATETIMESPAN0xF09AAFX_IDP_INVALID_FILENAME0xF100AFX_IDP_FAILED_TO_OPEN_DOC0xF101AFX_IDP_FAILED_TO_SAVE_DOC0xF102AFX_IDP_ASK_TO_SAVE0xF103AFX_IDP_FAILED_TO_CREATE_DOC0xF104AFX_IDP_FILE_TOO_LARGE0xF105AFX_IDP_FAILED_TO_START_PRINT0xF106AFX_IDP_FAILED_TO_LAUNCH_HELP0xF107AFX_IDP_INTERNAL_FAILURE0xF108AFX_IDP_COMMAND_FAILURE0xF109AFX_IDP_FAILED_MEMORY_ALLOC0xF10AAFX_IDP_PARSE_INT0xF110AFX_IDP_PARSE_REAL0xF111AFX_IDP_PARSE_INT_RANGE0xF112AFX_IDP_PARSE_REAL_RANGE0xF113AFX_IDP_PARSE_STRING_SIZE0xF114AFX_IDP_PARSE_RADIO_BUTTON0xF115AFX_IDP_PARSE_BYTE0xF116AFX_IDP_PARSE_UINT0xF117AFX_IDP_PARSE_DATETIME0xF118AFX_IDP_PARSE_CURRENCY0xF119AFX_IDP_FAILED_INVALID_FORMAT0xF120AFX_IDP_FAILED_INVALID_PATH0xF121AFX_IDP_FAILED_DISK_FULL0xF122AFX_IDP_FAILED_ACCESS_READ0xF123AFX_IDP_FAILED_ACCESS_WRITE0xF124AFX_IDP_FAILED_IO_ERROR_READ0xF125AFX_IDP_FAILED_IO_ERROR_WRITE0xF126AFX_IDP_STATIC_OBJECT0xF180AFX_IDP_FAILED_TO_CONNECT0xF181AFX_IDP_SERVER_BUSY0xF182AFX_IDP_BAD_VERB0xF183AFX_IDP_FAILED_TO_NOTIFY0xF185AFX_IDP_FAILED_TO_LAUNCH0xF186AFX_IDP_ASK_TO_UPDATE0xF187AFX_IDP_FAILED_TO_UPDATE0xF188AFX_IDP_FAILED_TO_REGISTER0xF189AFX_IDP_FAILED_TO_AUTO_REGISTER0xF18AAFX_IDP_FAILED_TO_CONVERT0xF18BAFX_IDP_GET_NOT_SUPPORTED0xF18CAFX_IDP_SET_NOT_SUPPORTED0xF18DAFX_IDP_ASK_TO_DISCARD0xF18EAFX_IDP_FAILED_TO_CREATE0xF18FAFX_IDP_FAILED_MAPI_LOAD0xF190AFX_IDP_INVALID_MAPI_DLL0xF191AFX_IDP_FAILED_MAPI_SEND0xF192AFX_IDP_FILE_NONE0xF1A0AFX_IDP_FILE_GENERIC0xF1A1AFX_IDP_FILE_NOT_FOUND0xF1A2AFX_IDP_FILE_BAD_PATH0xF1A3AFX_IDP_FILE_TOO_MANY_OPEN0xF1A4AFX_IDP_FILE_ACCESS_DENIED0xF1A5AFX_IDP_FILE_INVALID_FILE0xF1A6AFX_IDP_FILE_REMOVE_CURRENT0xF1A7AFX_IDP_FILE_DIR_FULL0xF1A8AFX_IDP_FILE_BAD_SEEK0xF1A9AFX_IDP_FILE_HARD_IO0xF1AAAFX_IDP_FILE_SHARING0xF1ABAFX_IDP_FILE_LOCKING0xF1ACAFX_IDP_FILE_DISKFULL0xF1ADAFX_IDP_FILE_EOF0xF1AEAFX_IDP_ARCH_NONE0xF1B0AFX_IDP_ARCH_GENERIC0xF1B1AFX_IDP_ARCH_READONLY0xF1B2AFX_IDP_ARCH_ENDOFFILE0xF1B3AFX_IDP_ARCH_WRITEONLY0xF1B4AFX_IDP_ARCH_BADINDEX0xF1B5AFX_IDP_ARCH_BADCLASS0xF1B6AFX_IDP_ARCH_BADSCHEMA0xF1B7AFX_IDS_OCC_SCALEUNITS_PIXELS0xF1C0AFX_IDS_STATUS_FONT0xF230AFX_IDS_TOOLTIP_FONT0xF231AFX_IDS_UNICODE_FONT0xF232AFX_IDS_MINI_FONT0xF233AFX_IDP_SQL_CONNECT_FAIL0xF281AFX_IDP_SQL_RECORDSET_FORWARD_ONLY0xF282AFX_IDP_SQL_EMPTY_COLUMN_LIST0xF283AFX_IDP_SQL_FIELD_SCHEMA_MISMATCH0xF284AFX_IDP_SQL_ILLEGAL_MODE0xF285AFX_IDP_SQL_MULTIPLE_ROWS_AFFECTED0xF286AFX_IDP_SQL_NO_CURRENT_RECORD0xF287AFX_IDP_SQL_NO_ROWS_AFFECTED0xF288AFX_IDP_SQL_RECORDSET_READONLY0xF289AFX_IDP_SQL_SQL_NO_TOTAL0xF28AAFX_IDP_SQL_ODBC_LOAD_FAILED0xF28BAFX_IDP_SQL_DYNASET_NOT_SUPPORTED0xF28CAFX_IDP_SQL_SNAPSHOT_NOT_SUPPORTED0xF28DAFX_IDP_SQL_API_CONFORMANCE0xF28EAFX_IDP_SQL_SQL_CONFORMANCE0xF28FAFX_IDP_SQL_NO_DATA_FOUND0xF290AFX_IDP_SQL_ROW_UPDATE_NOT_SUPPORTED0xF291AFX_IDP_SQL_ODBC_V2_REQUIRED0xF292AFX_IDP_SQL_NO_POSITIONED_UPDATES0xF293AFX_IDP_SQL_LOCK_MODE_NOT_SUPPORTED0xF294AFX_IDP_SQL_DATA_TRUNCATED0xF295AFX_IDP_SQL_ROW_FETCH0xF296AFX_IDP_SQL_INCORRECT_ODBC0xF297AFX_IDP_SQL_UPDATE_DELETE_FAILED0xF298AFX_IDP_SQL_DYNAMIC_CURSOR_NOT_SUPPORTED0xF299AFX_IDP_DAO_ENGINE_INITIALIZATION0xF2A0AFX_IDP_DAO_DFX_BIND0xF2A1AFX_IDP_DAO_OBJECT_NOT_OPEN0xF2A2AFX_IDP_DAO_ROWTOOSHORT0xF2A3AFX_IDP_DAO_BADBINDINFO0xF2A4AFX_IDP_DAO_COLUMNUNAVAILABLE0xF2A5AFX_IDS_PROPPAGE_UNKNOWN0xFE01AFX_IDS_COLOR_DESKTOP0xFE04AFX_IDS_COLOR_APPWORKSPACE0xFE05AFX_IDS_COLOR_WNDBACKGND0xFE06AFX_IDS_COLOR_WNDTEXT0xFE07AFX_IDS_COLOR_MENUBAR0xFE08AFX_IDS_COLOR_MENUTEXT0xFE09AFX_IDS_COLOR_ACTIVEBAR0xFE0AAFX_IDS_COLOR_INACTIVEBAR0xFE0BAFX_IDS_COLOR_ACTIVETEXT0xFE0CAFX_IDS_COLOR_INACTIVETEXT0xFE0DAFX_IDS_COLOR_ACTIVEBORDER0xFE0EAFX_IDS_COLOR_INACTIVEBORDER0xFE0FAFX_IDS_COLOR_WNDFRAME0xFE10AFX_IDS_COLOR_SCROLLBARS0xFE11AFX_IDS_COLOR_BTNFACE0xFE12AFX_IDS_COLOR_BTNSHADOW0xFE13AFX_IDS_COLOR_BTNTEXT0xFE14AFX_IDS_COLOR_BTNHIGHLIGHT0xFE15AFX_IDS_COLOR_DISABLEDTEXT0xFE16AFX_IDS_COLOR_HIGHLIGHT0xFE17AFX_IDS_COLOR_HIGHLIGHTTEXT0xFE18AFX_IDS_REGULAR0xFE19AFX_IDS_BOLD0xFE1AAFX_IDS_ITALIC0xFE1BAFX_IDS_BOLDITALIC0xFE1CAFX_IDS_SAMPLETEXT0xFE1DAFX_IDS_DISPLAYSTRING_FONT0xFE1EAFX_IDS_DISPLAYSTRING_COLOR0xFE1FAFX_IDS_DISPLAYSTRING_PICTURE0xFE20AFX_IDS_PICTUREFILTER0xFE21AFX_IDS_PICTYPE_UNKNOWN0xFE22AFX_IDS_PICTYPE_NONE0xFE23AFX_IDS_PICTYPE_BITMAP0xFE24AFX_IDS_PICTYPE_METAFILE0xFE25AFX_IDS_PICTYPE_ICON0xFE26AFX_IDS_COLOR_PPG0xFE28AFX_IDS_COLOR_PPG_CAPTION0xFE29AFX_IDS_FONT_PPG0xFE2AAFX_IDS_FONT_PPG_CAPTION0xFE2BAFX_IDS_PICTURE_PPG0xFE2CAFX_IDS_PICTURE_PPG_CAPTION0xFE2DAFX_IDS_PICTUREBROWSETITLE0xFE30AFX_IDS_BORDERSTYLE_00xFE31AFX_IDS_BORDERSTYLE_10xFE32AFX_IDS_VERB_EDIT0xFE40AFX_IDS_VERB_PROPERTIES0xFE41AFX_IDP_PICTURECANTOPEN0xFE83AFX_IDP_PICTURECANTLOAD0xFE84AFX_IDP_PICTURETOOLARGE0xFE85AFX_IDP_PICTUREREADFAILED0xFE86AFX_IDP_E_ILLEGALFUNCTIONCALL0xFEA0AFX_IDP_E_OVERFLOW0xFEA1AFX_IDP_E_OUTOFMEMORY0xFEA2AFX_IDP_E_DIVISIONBYZERO0xFEA3AFX_IDP_E_OUTOFSTRINGSPACE0xFEA4AFX_IDP_E_OUTOFSTACKSPACE0xFEA5AFX_IDP_E_BADFILENAMEORNUMBER0xFEA6AFX_IDP_E_FILENOTFOUND0xFEA7AFX_IDP_E_BADFILEMODE0xFEA8AFX_IDP_E_FILEALREADYOPEN0xFEA9AFX_IDP_E_DEVICEIOERROR0xFEAAAFX_IDP_E_FILEALREADYEXISTS0xFEABAFX_IDP_E_BADRECORDLENGTH0xFEACAFX_IDP_E_DISKFULL0xFEADAFX_IDP_E_BADRECORDNUMBER0xFEAEAFX_IDP_E_BADFILENAME0xFEAFAFX_IDP_E_TOOMANYFILES0xFEB0AFX_IDP_E_DEVICEUNAVAILABLE0xFEB1AFX_IDP_E_PERMISSIONDENIED0xFEB2AFX_IDP_E_DISKNOTREADY0xFEB3AFX_IDP_E_PATHFILEACCESSERROR0xFEB4AFX_IDP_E_PATHNOTFOUND0xFEB5AFX_IDP_E_INVALIDPATTERNSTRING0xFEB6AFX_IDP_E_INVALIDUSEOFNULL0xFEB7AFX_IDP_E_INVALIDFILEFORMAT0xFEB8AFX_IDP_E_INVALIDPROPERTYVALUE0xFEB9AFX_IDP_E_INVALIDPROPERTYARRAYINDEX0xFEBAAFX_IDP_E_SETNOTSUPPORTEDATRUNTIME0xFEBBAFX_IDP_E_SETNOTSUPPORTED0xFEBCAFX_IDP_E_NEEDPROPERTYARRAYINDEX0xFEBDAFX_IDP_E_SETNOTPERMITTED0xFEBEAFX_IDP_E_GETNOTSUPPORTEDATRUNTIME0xFEBFAFX_IDP_E_GETNOTSUPPORTED0xFEC0AFX_IDP_E_PROPERTYNOTFOUND0xFEC1AFX_IDP_E_INVALIDCLIPBOARDFORMAT0xFEC2AFX_IDP_E_INVALIDPICTURE0xFEC3AFX_IDP_E_PRINTERERROR0xFEC4AFX_IDP_E_CANTSAVEFILETOTEMP0xFEC5AFX_IDP_E_SEARCHTEXTNOTFOUND0xFEC6AFX_IDP_E_REPLACEMENTSTOOLONG0xFEC7IDC_STATIC-1 ØØØØe0ç ËƼBPassword queryMS Sans Serif ªP}ŽØتP-2ØØ¥OKPi-2ØØ¥CancelP WØØØØ­Please insert password:HDDESIGNINFOGUIDELINES0ØØØØe0EGÒ; 4TEXTINCLUDEØØ0resource.h4TEXTINCLUDEØØ0#include "afxres.h" 4TEXTINCLUDEØØ0 ¯$HWBØØ;DHWBØØã9ÛHWBØØé0\:HWBØØæ0ûl;HWBØØ/0\,<HWBØØ-0å5Â<HWBØØ.0ÆrØØØØe0HïsDESIGNINFOGUIDELINES0 PtTEXTINCLUDEØØ0ÆtTEXTINCLUDEØØ0†tTEXTINCLUDEØØ0cyrus-sasl-2.1.25/mac/libdes/src/Makefile.PL0000777000076400007640000000076507403027642015425 00000000000000use ExtUtils::MakeMaker; # See lib/ExtUtils/MakeMaker.pm for details of how to influence # the contents of the Makefile being created. &writeMakefile( 'potential_libs' => '', # e.g., '-lm' 'INC' => '', # e.g., '-I/usr/include/other' 'DISTNAME' => 'DES', 'VERSION' => '0.1', 'DEFINE' => '-DPERL5', 'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \ rand_key.o set_key.o str2key.o \ enc_read.o enc_writ.o fcrypt.o cfb_enc.o \ ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o', ); cyrus-sasl-2.1.25/mac/libdes/src/passwd_dialog.rc0000777000076400007640000000626407403027646016625 00000000000000//Microsoft Developer Studio generated resource script. // #include "resource.h" #define APSTUDIO_READONLY_SYMBOLS ///////////////////////////////////////////////////////////////////////////// // // Generated from the TEXTINCLUDE 2 resource. // #include "afxres.h" ///////////////////////////////////////////////////////////////////////////// #undef APSTUDIO_READONLY_SYMBOLS ///////////////////////////////////////////////////////////////////////////// // Swedish resources #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_SVE) #ifdef _WIN32 LANGUAGE LANG_SWEDISH, SUBLANG_DEFAULT #pragma code_page(1252) #endif //_WIN32 ///////////////////////////////////////////////////////////////////////////// // // Dialog // IDD_PASSWD_DIALOG DIALOG DISCARDABLE 0, 0, 186, 66 STYLE DS_ABSALIGN | DS_MODALFRAME | DS_SETFOREGROUND | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "Password query" FONT 8, "MS Sans Serif" BEGIN EDITTEXT IDC_PASSWD_EDIT,30,22,125,14,ES_PASSWORD DEFPUSHBUTTON "OK",IDOK,30,45,50,14 PUSHBUTTON "Cancel",IDCANCEL,105,45,50,14 LTEXT "Please insert password:",IDC_STATIC,30,13,87,8,NOT WS_GROUP END ///////////////////////////////////////////////////////////////////////////// // // DESIGNINFO // #ifdef APSTUDIO_INVOKED GUIDELINES DESIGNINFO DISCARDABLE BEGIN IDD_PASSWD_DIALOG, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 179 TOPMARGIN, 7 BOTTOMMARGIN, 59 END END #endif // APSTUDIO_INVOKED #ifdef APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // TEXTINCLUDE // 1 TEXTINCLUDE DISCARDABLE BEGIN "resource.h\0" END 2 TEXTINCLUDE DISCARDABLE BEGIN "#include ""afxres.h""\r\n" "\0" END 3 TEXTINCLUDE DISCARDABLE BEGIN "\r\n" "\0" END #endif // APSTUDIO_INVOKED #ifndef _MAC ///////////////////////////////////////////////////////////////////////////// // // Version // VS_VERSION_INFO VERSIONINFO FILEVERSION 1,0,0,1 PRODUCTVERSION 1,0,0,1 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L #else FILEFLAGS 0x0L #endif FILEOS 0x40004L FILETYPE 0x2L FILESUBTYPE 0x0L BEGIN BLOCK "StringFileInfo" BEGIN BLOCK "040904b0" BEGIN VALUE "CompanyName", "Royal Institute of Technology (KTH)\0" VALUE "FileDescription", "des\0" VALUE "FileVersion", "4, 0, 9, 9\0" VALUE "InternalName", "des\0" VALUE "LegalCopyright", "Copyright © 1996 - 1998 Royal Institute of Technology (KTH)\0" VALUE "OriginalFilename", "des.dll\0" VALUE "ProductName", "KTH Kerberos\0" VALUE "ProductVersion", "4,0,9,9\0" END END BLOCK "VarFileInfo" BEGIN VALUE "Translation", 0x409, 1200 END END #endif // !_MAC #endif // Swedish resources ///////////////////////////////////////////////////////////////////////////// #ifndef APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // Generated from the TEXTINCLUDE 3 resource. // ///////////////////////////////////////////////////////////////////////////// #endif // not APSTUDIO_INVOKED cyrus-sasl-2.1.25/mac/libdes/src/cbc_cksm.c0000777000076400007640000000771607403027643015367 00000000000000/* crypto/des/cbc_cksm.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" DES_LONG des_cbc_cksum(input, output, length, schedule, ivec) des_cblock (*input); des_cblock (*output); long length; des_key_schedule schedule; des_cblock (*ivec); { register DES_LONG tout0,tout1,tin0,tin1; register long l=length; DES_LONG tin[2]; unsigned char *in,*out,*iv; in=(unsigned char *)input; out=(unsigned char *)output; iv=(unsigned char *)ivec; c2l(iv,tout0); c2l(iv,tout1); for (; l>0; l-=8) { if (l >= 8) { c2l(in,tin0); c2l(in,tin1); } else c2ln(in,tin0,tin1,l); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); /* fix 15/10/91 eay - thanks to keithr@sco.COM */ tout0=tin[0]; tout1=tin[1]; } if (out != NULL) { l2c(tout0,out); l2c(tout1,out); } tout0=tin0=tin1=tin[0]=tin[1]=0; return(tout1); } cyrus-sasl-2.1.25/mac/libdes/src/des_ver.h0000777000076400007640000000635307403027645015255 00000000000000/* crypto/des/des_ver.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ extern char *DES_version; /* SSLeay version string */ extern char *libdes_version; /* old libdes version string */ cyrus-sasl-2.1.25/mac/libdes/src/ncbc_enc.c0000777000076400007640000001147007403027646015350 00000000000000/* crypto/des/ncbc_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" void des_ncbc_encrypt(input, output, length, schedule, ivec, encrypt) des_cblock (*input); des_cblock (*output); long length; des_key_schedule schedule; des_cblock (*ivec); int encrypt; { register DES_LONG tin0,tin1; register DES_LONG tout0,tout1,xor0,xor1; register unsigned char *in,*out; register long l=length; DES_LONG tin[2]; unsigned char *iv; in=(unsigned char *)input; out=(unsigned char *)output; iv=(unsigned char *)ivec; if (encrypt) { c2l(iv,tout0); c2l(iv,tout1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); c2l(in,tin1); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; l2c(tout0,out); tout1=tin[1]; l2c(tout1,out); } if (l != -8) { c2ln(in,tin0,tin1,l+8); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; l2c(tout0,out); tout1=tin[1]; l2c(tout1,out); } iv=(unsigned char *)ivec; l2c(tout0,iv); l2c(tout1,iv); } else { c2l(iv,xor0); c2l(iv,xor1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); tin[0]=tin0; c2l(in,tin1); tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2c(tout0,out); l2c(tout1,out); xor0=tin0; xor1=tin1; } if (l != -8) { c2l(in,tin0); tin[0]=tin0; c2l(in,tin1); tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2cn(tout0,tout1,out,l+8); xor0=tin0; xor1=tin1; } iv=(unsigned char *)ivec; l2c(xor0,iv); l2c(xor1,iv); } tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; } cyrus-sasl-2.1.25/mac/libdes/src/cfb64enc.c0000777000076400007640000001063507403027643015207 00000000000000/* crypto/des/cfb64enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit cfb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) unsigned char *in; unsigned char *out; long length; des_key_schedule schedule; des_cblock (*ivec); int *num; int encrypt; { register DES_LONG v0,v1; register long l=length; register int n= *num; DES_LONG ti[2]; unsigned char *iv,c,cc; iv=(unsigned char *)ivec; if (encrypt) { while (l--) { if (n == 0) { c2l(iv,v0); ti[0]=v0; c2l(iv,v1); ti[1]=v1; des_encrypt((DES_LONG *)ti, schedule,DES_ENCRYPT); iv=(unsigned char *)ivec; v0=ti[0]; l2c(v0,iv); v0=ti[1]; l2c(v0,iv); iv=(unsigned char *)ivec; } c= *(in++)^iv[n]; *(out++)=c; iv[n]=c; n=(n+1)&0x07; } } else { while (l--) { if (n == 0) { c2l(iv,v0); ti[0]=v0; c2l(iv,v1); ti[1]=v1; des_encrypt((DES_LONG *)ti, schedule,DES_ENCRYPT); iv=(unsigned char *)ivec; v0=ti[0]; l2c(v0,iv); v0=ti[1]; l2c(v0,iv); iv=(unsigned char *)ivec; } cc= *(in++); c=iv[n]; iv[n]=cc; *(out++)=c^cc; n=(n+1)&0x07; } } v0=v1=ti[0]=ti[1]=c=cc=0; *num=n; } cyrus-sasl-2.1.25/mac/libdes/src/passwd_dlg.c0000777000076400007640000000607107403027646015746 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* passwd_dlg.c - Dialog boxes for Windows95/NT * Author: Jšrgen Karlsson - d93-jka@nada.kth.se * Date: June 1996 */ #ifdef HAVE_CONFIG_H #include RCSID("$Id: passwd_dlg.c,v 1.2 2001/12/04 02:06:30 rjs3 Exp $"); #endif #ifdef WIN32 /* Visual C++ 4.0 (Windows95/NT) */ #include #include "passwd_dlg.h" #include "Resource.h" #define passwdBufSZ 64 char passwd[passwdBufSZ]; BOOL CALLBACK pwd_dialog_proc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch(uMsg) { case WM_COMMAND: switch(wParam) { case IDOK: if(!GetDlgItemText(hwndDlg,IDC_PASSWD_EDIT, passwd, passwdBufSZ)) EndDialog(hwndDlg, IDCANCEL); case IDCANCEL: EndDialog(hwndDlg, wParam); return TRUE; } } return FALSE; } /* return 0 if ok, 1 otherwise */ int pwd_dialog(char *buf, int size) { int i; HWND wnd = GetActiveWindow(); HANDLE hInst = GetModuleHandle("des"); switch(DialogBox(hInst,MAKEINTRESOURCE(IDD_PASSWD_DIALOG),wnd,pwd_dialog_proc)) { case IDOK: strcpy_truncate(buf, passwd, size); memset (passwd, 0, sizeof(passwd)); return 0; case IDCANCEL: default: memset (passwd, 0, sizeof(passwd)); return 1; } } #endif /* WIN32 */ cyrus-sasl-2.1.25/mac/libdes/src/shifts.pl0000777000076400007640000000454407403027647015314 00000000000000#/usr/local/bin/perl sub lab_shift { local(*a,$n)=@_; local(@r,$i,$j,$k,$d,@z); @r=&shift(*a,$n); foreach $i (0 .. 31) { @z=split(/\^/,$r[$i]); for ($j=0; $j <= $#z; $j++) { ($d)=($z[$j] =~ /^(..)/); ($k)=($z[$j] =~ /\[(.*)\]$/); $k.=",$n" if ($k ne ""); $k="$n" if ($k eq ""); $d="$d[$k]"; $z[$j]=$d; } $r[$i]=join('^',@z); } return(@r); } sub shift { local(*a,$n)=@_; local(@f); if ($n > 0) { @f=&shiftl(*a,$n); } else { @f=&shiftr(*a,-$n); } return(@f); } sub rotate { local(*a,$n)=@_; local(@f); if ($n > 0) { @f=&rotatel(*a,$n); } else { @f=&rotater(*a,-$n); } return(@f); } sub rotater { local(*a,$n)=@_; local(@f,@g); @f=&shiftr(*a,$n); @g=&shiftl(*a,32-$n); $#f=31; $#g=31; return(&or(*f,*g)); } sub rotatel { local(*a,$n)=@_; local(@f,@g); @f=&shiftl(*a,$n); @g=&shiftr(*a,32-$n); $#f=31; $#g=31; return(&or(*f,*g)); } sub shiftr { local(*a,$n)=@_; local(@r,$i); $#r=31; foreach $i (0 .. 31) { if (($i+$n) > 31) { $r[$i]="--"; } else { $r[$i]=$a[$i+$n]; } } return(@r); } sub shiftl { local(*a,$n)=@_; local(@r,$i); $#r=31; foreach $i (0 .. 31) { if ($i < $n) { $r[$i]="--"; } else { $r[$i]=$a[$i-$n]; } } return(@r); } sub printit { local(@a)=@_; local($i); foreach $i (0 .. 31) { printf "%2s ",$a[$i]; print "\n" if (($i%8) == 7); } print "\n"; } sub xor { local(*a,*b)=@_; local(@r,$i); $#r=31; foreach $i (0 .. 31) { $r[$i]=&compress($a[$i].'^'.$b[$i]); # $r[$i]=$a[$i]."^".$b[$i]; } return(@r); } sub and { local(*a,$m)=@_; local(@r,$i); $#r=31; foreach $i (0 .. 31) { $r[$i]=(($m & (1<<$i))?($a[$i]):('--')); } return(@r); } sub or { local(*a,*b)=@_; local(@r,$i); $#r=31; foreach $i (0 .. 31) { $r[$i]='--' if (($a[$i] eq '--') && ($b[$i] eq '--')); $r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--')); $r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--')); $r[$i]='++' if (($a[$i] ne '--') && ($b[$i] ne '--')); } return(@r); } sub compress { local($s)=@_; local($_,$i,@a,%a,$r); $s =~ s/\^\^/\^/g; $s =~ s/^\^//; $s =~ s/\^$//; @a=split(/\^/,$s); while ($#a >= 0) { $_=shift(@a); next unless /\d/; $a{$_}++; } foreach $i (sort keys %a) { next if ($a{$i}%2 == 0); $r.="$i^"; } chop($r); return($r); } 1; cyrus-sasl-2.1.25/mac/libdes/src/Imakefile0000777000076400007640000000201507403027642015252 00000000000000# This Imakefile has not been tested for a while but it should still # work when placed in the correct directory in the kerberos v 4 distribution SRCS= cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \ enc_read.c enc_writ.c fcrypt.c cfb_enc.c \ ecb3_enc.c ofb_enc.c ofb64enc.c OBJS= cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \ qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \ enc_read.o enc_writ.o fcrypt.o cfb_enc.o \ ecb3_enc.o ofb_enc.o ofb64enc.o GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \ vms.com KERBEROS DES= des.c des.man TESTING=destest.c speed.c rpw.c LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl CODE= $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL) SRCDIR=$(SRCTOP)/lib/des DBG= -O INCLUDE= -I$(SRCDIR) CC= cc library_obj_rule() install_library_target(des,$(OBJS),$(SRCS),) test(destest,libdes.a,) test(rpw,libdes.a,) cyrus-sasl-2.1.25/mac/libdes/src/xcbc_enc.c0000777000076400007640000001605607403027650015362 00000000000000/* crypto/des/xcbc_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* RSA's DESX */ static unsigned char desx_white_in2out[256]={ 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, 0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36, 0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C, 0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60, 0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA, 0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E, 0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF, 0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6, 0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3, 0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C, 0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2, 0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5, 0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5, 0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F, 0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB, }; void des_xwhite_in2out(des_key,in_white,out_white) des_cblock (*des_key); des_cblock (*in_white); des_cblock (*out_white); { unsigned char *key,*in,*out; int out0,out1; int i; key=(unsigned char *)des_key; in=(unsigned char *)in_white; out=(unsigned char *)out_white; out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0; out0=out1=0; for (i=0; i<8; i++) { out[i]=key[i]^desx_white_in2out[out0^out1]; out0=out1; out1=(int)out[i&0x07]; } out0=out[0]; out1=out[i]; for (i=0; i<8; i++) { out[i]=in[i]^desx_white_in2out[out0^out1]; out0=out1; out1=(int)out[i&0x07]; } } void des_xcbc_encrypt(input, output, length, schedule, ivec, inw,outw,encrypt) des_cblock (*input); des_cblock (*output); long length; des_key_schedule schedule; des_cblock (*ivec); des_cblock (*inw); des_cblock (*outw); int encrypt; { register DES_LONG tin0,tin1; register DES_LONG tout0,tout1,xor0,xor1; register DES_LONG inW0,inW1,outW0,outW1; register unsigned char *in,*out; register long l=length; DES_LONG tin[2]; unsigned char *iv; in=(unsigned char *)inw; c2l(in,inW0); c2l(in,inW1); in=(unsigned char *)outw; c2l(in,outW0); c2l(in,outW1); in=(unsigned char *)input; out=(unsigned char *)output; iv=(unsigned char *)ivec; if (encrypt) { c2l(iv,tout0); c2l(iv,tout1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); c2l(in,tin1); tin0^=tout0^inW0; tin[0]=tin0; tin1^=tout1^inW1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]^outW0; l2c(tout0,out); tout1=tin[1]^outW1; l2c(tout1,out); } if (l != -8) { c2ln(in,tin0,tin1,l+8); tin0^=tout0^inW0; tin[0]=tin0; tin1^=tout1^inW1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]^outW0; l2c(tout0,out); tout1=tin[1]^outW1; l2c(tout1,out); } iv=(unsigned char *)ivec; l2c(tout0,iv); l2c(tout1,iv); } else { c2l(iv,xor0); c2l(iv,xor1); for (l-=8; l>0; l-=8) { c2l(in,tin0); tin[0]=tin0^outW0; c2l(in,tin1); tin[1]=tin1^outW1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0^inW0; tout1=tin[1]^xor1^inW1; l2c(tout0,out); l2c(tout1,out); xor0=tin0; xor1=tin1; } if (l != -8) { c2l(in,tin0); tin[0]=tin0^outW0; c2l(in,tin1); tin[1]=tin1^outW1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0^inW0; tout1=tin[1]^xor1^inW1; l2cn(tout0,tout1,out,l+8); xor0=tin0; xor1=tin1; } iv=(unsigned char *)ivec; l2c(xor0,iv); l2c(xor1,iv); } tin0=tin1=tout0=tout1=xor0=xor1=0; inW0=inW1=outW0=outW1=0; tin[0]=tin[1]=0; } cyrus-sasl-2.1.25/mac/libdes/src/DES.xs0000777000076400007640000001033707403027642014436 00000000000000#include "EXTERN.h" #include "perl.h" #include "XSUB.h" #include "des.h" #define deschar char static STRLEN len; static int not_here(s) char *s; { croak("%s not implemented on this architecture", s); return -1; } MODULE = DES PACKAGE = DES PREFIX = des_ char * des_crypt(buf,salt) char * buf char * salt void des_set_odd_parity(key) des_cblock * key PPCODE: { SV *s; s=sv_newmortal(); sv_setpvn(s,(char *)key,8); des_set_odd_parity((des_cblock *)SvPV(s,na)); PUSHs(s); } int des_is_weak_key(key) des_cblock * key des_key_schedule des_set_key(key) des_cblock * key CODE: des_set_key(key,RETVAL); OUTPUT: RETVAL des_cblock des_ecb_encrypt(input,ks,encrypt) des_cblock * input des_key_schedule * ks int encrypt CODE: des_ecb_encrypt(input,&RETVAL,*ks,encrypt); OUTPUT: RETVAL void des_cbc_encrypt(input,ks,ivec,encrypt) char * input des_key_schedule * ks des_cblock * ivec int encrypt PPCODE: { SV *s; STRLEN len,l; char *c; l=SvCUR(ST(0)); len=((((unsigned long)l)+7)/8)*8; s=sv_newmortal(); sv_setpvn(s,"",0); SvGROW(s,len); SvCUR_set(s,len); c=(char *)SvPV(s,na); des_cbc_encrypt((des_cblock *)input,(des_cblock *)c, l,*ks,ivec,encrypt); sv_setpvn(ST(2),(char *)c[len-8],8); PUSHs(s); } void des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt) char * input des_key_schedule * ks1 des_key_schedule * ks2 des_cblock * ivec1 des_cblock * ivec2 int encrypt PPCODE: { SV *s; STRLEN len,l; l=SvCUR(ST(0)); len=((((unsigned long)l)+7)/8)*8; s=sv_newmortal(); sv_setpvn(s,"",0); SvGROW(s,len); SvCUR_set(s,len); des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na), l,*ks1,*ks2,ivec1,ivec2,encrypt); sv_setpvn(ST(3),(char *)ivec1,8); sv_setpvn(ST(4),(char *)ivec2,8); PUSHs(s); } void des_cbc_cksum(input,ks,ivec) char * input des_key_schedule * ks des_cblock * ivec PPCODE: { SV *s1,*s2; STRLEN len,l; des_cblock c; unsigned long i1,i2; s1=sv_newmortal(); s2=sv_newmortal(); l=SvCUR(ST(0)); des_cbc_cksum((des_cblock *)input,(des_cblock *)c, l,*ks,ivec); i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24); i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24); sv_setiv(s1,i1); sv_setiv(s2,i2); sv_setpvn(ST(2),(char *)c,8); PUSHs(s1); PUSHs(s2); } void des_cfb_encrypt(input,numbits,ks,ivec,encrypt) char * input int numbits des_key_schedule * ks des_cblock * ivec int encrypt PPCODE: { SV *s; STRLEN len; char *c; len=SvCUR(ST(0)); s=sv_newmortal(); sv_setpvn(s,"",0); SvGROW(s,len); SvCUR_set(s,len); c=(char *)SvPV(s,na); des_cfb_encrypt((unsigned char *)input,(unsigned char *)c, (int)numbits,(long)len,*ks,ivec,encrypt); sv_setpvn(ST(3),(char *)ivec,8); PUSHs(s); } des_cblock * des_ecb3_encrypt(input,ks1,ks2,encrypt) des_cblock * input des_key_schedule * ks1 des_key_schedule * ks2 int encrypt CODE: { des_cblock c; des_3ecb_encrypt((des_cblock *)input,(des_cblock *)&c, *ks1,*ks2,encrypt); RETVAL= &c; } OUTPUT: RETVAL void des_ofb_encrypt(input,numbits,ks,ivec) unsigned char * input int numbits des_key_schedule * ks des_cblock * ivec PPCODE: { SV *s; STRLEN len,l; unsigned char *c; len=SvCUR(ST(0)); s=sv_newmortal(); sv_setpvn(s,"",0); SvGROW(s,len); SvCUR_set(s,len); c=(unsigned char *)SvPV(s,na); des_ofb_encrypt((unsigned char *)input,(unsigned char *)c, numbits,len,*ks,ivec); sv_setpvn(ST(3),(char *)ivec,8); PUSHs(s); } void des_pcbc_encrypt(input,ks,ivec,encrypt) char * input des_key_schedule * ks des_cblock * ivec int encrypt PPCODE: { SV *s; STRLEN len,l; char *c; l=SvCUR(ST(0)); len=((((unsigned long)l)+7)/8)*8; s=sv_newmortal(); sv_setpvn(s,"",0); SvGROW(s,len); SvCUR_set(s,len); c=(char *)SvPV(s,na); des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c, l,*ks,ivec,encrypt); sv_setpvn(ST(2),(char *)c[len-8],8); PUSHs(s); } des_cblock * des_random_key() CODE: { des_cblock c; des_random_key(c); RETVAL=&c; } OUTPUT: RETVAL des_cblock * des_string_to_key(str) char * str CODE: { des_cblock c; des_string_to_key(str,&c); RETVAL=&c; } OUTPUT: RETVAL void des_string_to_2keys(str) char * str PPCODE: { des_cblock c1,c2; SV *s1,*s2; des_string_to_2keys(str,&c1,&c2); EXTEND(sp,2); s1=sv_newmortal(); sv_setpvn(s1,(char *)c1,8); s2=sv_newmortal(); sv_setpvn(s2,(char *)c2,8); PUSHs(s1); PUSHs(s2); } cyrus-sasl-2.1.25/mac/libdes/src/makefile.bc0000777000076400007640000000220007403027645015523 00000000000000# # Origional BC Makefile from Teun # # CC = bcc TLIB = tlib /0 /C # note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s OPTIMIZE= -3 -O2 #WINDOWS= -W CFLAGS = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS LFLAGS = -ml $(WINDOWS) .c.obj: $(CC) $(CFLAGS) $*.c .obj.exe: $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib all: $(LIB) destest.exe rpw.exe des.exe speed.exe # "make clean": use a directory containing only libdes .exe and .obj files... clean: del *.exe del *.obj del libdes.lib del libdes.rsp OBJS= cbc_cksm.obj cbc_enc.obj ecb_enc.obj pcbc_enc.obj \ qud_cksm.obj rand_key.obj set_key.obj str2key.obj \ enc_read.obj enc_writ.obj fcrypt.obj cfb_enc.obj \ ecb3_enc.obj ofb_enc.obj cbc3_enc.obj read_pwd.obj\ cfb64enc.obj ofb64enc.obj ede_enc.obj cfb64ede.obj\ ofb64ede.obj supp.obj LIB= libdes.lib $(LIB): $(OBJS) del $(LIB) makersp "+%s &\n" &&| $(OBJS) | >libdes.rsp $(TLIB) libdes.lib @libdes.rsp,nul del libdes.rsp destest.exe: destest.obj libdes.lib rpw.exe: rpw.obj libdes.lib speed.exe: speed.obj libdes.lib des.exe: des.obj libdes.lib cyrus-sasl-2.1.25/mac/libdes/src/ChangeLog0000777000076400007640000000051407403027642015215 00000000000000Mon May 25 05:24:56 1998 Assar Westerlund * Makefile.in (clean): try to remove shared library debris Sun Apr 19 09:50:53 1998 Assar Westerlund * Makefile.in: add symlink magic for linux Sun Nov 9 07:14:45 1997 Assar Westerlund * mdtest.c: print out old and new string cyrus-sasl-2.1.25/mac/libdes/src/md4.h0000777000076400007640000000455607403027646014316 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: md4.h,v 1.2 2001/12/04 02:06:30 rjs3 Exp $ */ #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_BITYPES_H #include #endif #ifdef KRB5 #include #elif defined(KRB4) #include #endif struct md4 { unsigned int offset; unsigned int sz; u_int32_t counter[4]; unsigned char save[64]; }; void md4_init (struct md4 *m); void md4_update (struct md4 *m, const void *p, size_t len); void md4_finito (struct md4 *m, void *res); cyrus-sasl-2.1.25/mac/libdes/src/mdtest.c0000777000076400007640000001474007403027646015121 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include RCSID("$Id: mdtest.c,v 1.2 2001/12/04 02:06:30 rjs3 Exp $"); #endif #include #include #include #include #include static int md4_tests (void) { struct test { char *str; unsigned char hash[16]; } tests[] = { {"", {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0}}, {"a", {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24}}, {"abc", {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d}}, {"message digest", {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b}}, {"abcdefghijklmnopqrstuvwxyz", {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9, }}, {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4}}, {"12345678901234567890123456789012345678901234567890123456789012345678901234567890", {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36, }}, {NULL, { 0x0 }}}; struct test *t; printf ("md4... "); for (t = tests; t->str; ++t) { struct md4 md4; char res[16]; int i; md4_init (&md4); md4_update (&md4, (unsigned char *)t->str, strlen(t->str)); md4_finito (&md4, res); if (memcmp (res, t->hash, 16) != 0) { printf ("MD4(\"%s\") failed\n", t->str); printf("should be: "); for(i = 0; i < 16; ++i) printf("%02x ", t->hash[i]); printf("\nresult was: "); for(i = 0; i < 16; ++i) printf("%02x ", res[i]); printf("\n"); return 1; } } printf ("success\n"); return 0; } static int md5_tests (void) { struct test { char *str; unsigned char hash[16]; } tests[] = { {"", {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e}}, {"a", {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61}}, {"abc", {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72}}, {"message digest", {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0}}, {"abcdefghijklmnopqrstuvwxyz", {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b}}, {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f}}, {"12345678901234567890123456789012345678901234567890123456789012345678901234567890", {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a}}, {NULL, { 0x0 }}}; struct test *t; printf ("md5... "); for (t = tests; t->str; ++t) { struct md5 md5; char res[16]; md5_init (&md5); md5_update (&md5, (unsigned char *)t->str, strlen(t->str)); md5_finito (&md5, res); if (memcmp (res, t->hash, 16) != 0) { int i; printf ("MD5(\"%s\") failed\n", t->str); printf("should be: "); for(i = 0; i < 16; ++i) printf("%02x ", t->hash[i]); printf("\nresult was: "); for(i = 0; i < 16; ++i) printf("%02x ", res[i]); printf("\n"); return 1; } } printf ("success\n"); return 0; } static int sha_tests (void) { struct test { char *str; unsigned char hash[20]; } tests[] = { {"abc", {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D}}, {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1}}, {NULL, { 0x0 }}}; struct test *t; printf ("sha... "); for (t = tests; t->str; ++t) { struct sha sha; char res[20]; sha_init (&sha); sha_update (&sha, (unsigned char *)t->str, strlen(t->str)); sha_finito (&sha, res); if (memcmp (res, t->hash, 20) != 0) { int i; printf ("SHA(\"%s\") failed\n", t->str); printf("should be: "); for(i = 0; i < 20; ++i) printf("%02x ", t->hash[i]); printf("\nresult was: "); for(i = 0; i < 20; ++i) printf("%02x ", res[i]); printf("\n"); return 1; } } printf ("success\n"); return 0; } int main (void) { return md4_tests() + md5_tests() + sha_tests(); } cyrus-sasl-2.1.25/mac/libdes/src/resource.h0000777000076400007640000000103007403027647015442 00000000000000//{{NO_DEPENDENCIES}} // Microsoft Developer Studio generated include file. // Used by passwd_dialog.rc // #define IDD_PASSWD_DIALOG 101 #define IDC_EDIT1 1000 #define IDC_PASSWD_EDIT 1001 // Next default values for new objects // #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NEXT_RESOURCE_VALUE 102 #define _APS_NEXT_COMMAND_VALUE 40001 #define _APS_NEXT_CONTROL_VALUE 1002 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif cyrus-sasl-2.1.25/mac/libdes/src/times0000777000076400007640000002001007403027650014477 00000000000000existing library on a DEC 3000/500 set_key per sec = 256294.06 ( 3.9uS) DES ecb bytes per sec = 3553694.40 ( 2.3uS) DES cbc bytes per sec = 3661004.80 ( 2.2uS) DES ede cbc bytes per sec = 1353115.99 ( 5.9uS) crypt per sec = 16829.40 ( 59.4uS) Intel P6/200 (NEXTSTEP) - cc -O3 (cc: gcc 2.5.8) set_key per sec = 219220.82 ( 4.6uS) DES ecb bytes per sec = 2438014.04 ( 3.3uS) DES cbc bytes per sec = 2467648.85 ( 3.2uS) DES ede cbc bytes per sec = 942121.58 ( 8.5uS) crypt per sec = 11398.73 ( 87.7uS) # DECstation Alpha 3000 Model 700 AXP / OSF1 V3.0 # gcc 2.6.3 / Young libdes 3.21 set_key per sec = 149369.74 ( 6.7uS) DES ecb bytes per sec = 2011976.68 ( 4.0uS) DES cbc bytes per sec = 2002245.35 ( 4.0uS) DES ede cbc bytes per sec = 793677.19 ( 10.1uS) crypt per sec = 9244.52 (108.2uS) # Sun Ultra I gcc 2.7.2 / Young libdes 3.21 set_key per sec = 147172.22 ( 6.8uS) DES ecb bytes per sec = 1815054.70 ( 4.4uS) DES cbc bytes per sec = 1829405.18 ( 4.4uS) DES ede cbc bytes per sec = 714490.23 ( 11.2uS) crypt per sec = 8896.24 (112.4uS) SGI Challenge (MIPS R4400 200mhz) - gcc -O2 set_key per sec = 114141.13 ( 8.8uS) DES ecb bytes per sec = 1573472.84 ( 5.1uS) DES cbc bytes per sec = 1580418.20 ( 5.1uS) crypt per sec = 7137.84 (140.1uS) DEC Alpha DEC 4000/710 AXP OSF/1 v 3.0 - gcc -O2 2.6.1 set_key per sec = 123138.49 ( 8.1uS) DES ecb bytes per sec = 1407546.76 ( 5.7uS) DES cbc bytes per sec = 1404103.21 ( 5.7uS) crypt per sec = 7746.76 (129.1uS) DEC Alpha DEC 4000/710 AXP OSF/1 v 3.0 - cc -O4 'DEC Compiler Driver 3.11' set_key per sec = 135160.83 ( 7.4uS) DES ecb bytes per sec = 1267753.22 ( 6.3uS) DES cbc bytes per sec = 1260564.90 ( 6.3uS) crypt per sec = 6479.37 (154.3uS) SGI Challenge (MIPS R4400 200mhz) - cc -O2 set_key per sec = 124000.10 ( 8.1uS) DES ecb bytes per sec = 1338138.45 ( 6.0uS) DES cbc bytes per sec = 1356515.84 ( 5.9uS) crypt per sec = 6223.92 (160.7uS) Intel P5/133 (NEXTSTEP) - cc -O3 (cc: gcc 2.5.8) set_key per sec = 81923.10 ( 12.2uS) DES ecb bytes per sec = 1104711.61 ( 7.2uS) DES cbc bytes per sec = 1091536.05 ( 7.3uS) DES ede cbc bytes per sec = 410502.62 ( 19.5uS) crypt per sec = 4849.60 (206.2uS) Sun SPARC 20 (NEXTSTEP) - cc -O3 (cc: gcc 2.5.8) set_key per sec = 60973.05 ( 16.4uS) DES ecb bytes per sec = 806032.15 ( 9.9uS) DES cbc bytes per sec = 801534.95 ( 10.0uS) DES ede cbc bytes per sec = 298799.73 ( 26.8uS) crypt per sec = 3678.42 (271.9uS) SGI Indy (MIPS R4600 133mhz) -cc -O2 set_key per sec = 88470.54 ( 11.3uS) DES ecb bytes per sec = 1023040.33 ( 7.8uS) DES cbc bytes per sec = 1033610.01 ( 7.7uS) crypt per sec = 4641.51 (215.4uS) HP-UX 9000/887 cc +O3 set_key per sec = 76824.30 ( 13.0uS) DES ecb bytes per sec = 1048911.20 ( 7.6uS) DES cbc bytes per sec = 1072332.80 ( 7.5uS) crypt per sec = 4968.64 (201.3uS) IRIX 5.2 IP22 (R4000) cc -O2 (galilo) set_key per sec = 60615.73 ( 16.5uS) DES ecb bytes per sec = 584741.32 ( 13.7uS) DES cbc bytes per sec = 584306.94 ( 13.7uS) crypt per sec = 3049.33 (327.9uS) HP-UX 9000/867 cc -O set_key per sec = 48600.00 ( 20.6uS) DES ecb bytes per sec = 616235.14 ( 13.0uS) DES cbc bytes per sec = 638669.44 ( 12.5uS) crypt per sec = 3016.68 (331.5uS) HP-UX 9000/867 gcc -O2 set_key per sec = 52120.50 ( 19.2uS) DES ecb bytes per sec = 715156.55 ( 11.2uS) DES cbc bytes per sec = 724424.28 ( 11.0uS) crypt per sec = 3295.87 (303.4uS) DGUX AViiON mc88110 gcc -O2 set_key per sec = 55604.91 ( 18.0uS) DES ecb bytes per sec = 658513.25 ( 12.1uS) DES cbc bytes per sec = 675552.71 ( 11.8uS) crypt per sec = 3438.10 (290.9uS) Sparc 10 cc -O2 (orb) set_key per sec = 53002.30 ( 18.9uS) DES ecb bytes per sec = 705250.40 ( 11.3uS) DES cbc bytes per sec = 714342.40 ( 11.2uS) crypt per sec = 2943.99 (339.7uS) Sparc 10 gcc -O2 (orb) set_key per sec = 58681.21 ( 17.0uS) DES ecb bytes per sec = 772390.20 ( 10.4uS) DES cbc bytes per sec = 774144.00 ( 10.3uS) crypt per sec = 3606.90 (277.2uS) DEC Alpha DEC 4000/610 AXP OSF/1 v 1.3 - gcc v 2.3.3 set_key per sec = 101840.19 ( 9.8uS) DES ecb bytes per sec = 1223712.35 ( 6.5uS) DES cbc bytes per sec = 1230542.98 ( 6.5uS) crypt per sec = 6428.75 (155.6uS) DEC Alpha DEC 4000/610 APX OSF/1 v 1.3 - cc -O2 - OSF/1 AXP set_key per sec = 114198.91 ( 8.8uS) DES ecb bytes per sec = 1022710.93 ( 7.8uS) DES cbc bytes per sec = 1008821.93 ( 7.9uS) crypt per sec = 5454.13 (183.3uS) DEC Alpha - DEC 3000/500 AXP OSF/1 - cc -O2 - 02/12/92 set_key per sec = 83587.04 ( 12.0uS) DES ecb bytes per sec = 822620.82 ( 9.7uS) DES cbc bytes per sec = 832929.60 ( 9.6uS) crypt per sec = 4807.62 (208.0uS) sun sparc 10/30 - gcc -O2 set_key per sec = 42005.24 ( 23.8uS) DES ecb bytes per sec = 555949.47 ( 14.4uS) DES cbc bytes per sec = 549440.28 ( 14.6uS) crypt per sec = 2580.25 (387.6uS) PA-RISC 1.1 HP 710 set_key per sec = 38916.86 DES ecb bytes per sec = 505971.82 DES cbc bytes per sec = 515381.13 crypt per sec = 2438.24 iris (spike) cc -O2 set_key per sec = 23128.83 ( 43.2uS) DES ecb bytes per sec = 261577.94 ( 30.6uS) DES cbc bytes per sec = 261746.41 ( 30.6uS) crypt per sec = 1231.76 (811.8uS) sun sparc 10/30 - cc -O4 set_key per sec = 38379.86 ( 26.1uS) DES ecb bytes per sec = 460051.34 ( 17.4uS) DES cbc bytes per sec = 464970.54 ( 17.2uS) crypt per sec = 2092.64 (477.9uS) sun sparc 2 - gcc2 -O2 set_key per sec = 21559.10 DES ecb bytes per sec = 305566.92 DES cbc bytes per sec = 303497.50 crypt per sec = 1410.48 RS/6000 model 320 set_key per sec = 14371.93 DES ecb bytes per sec = 222231.26 DES cbc bytes per sec = 223926.79 crypt per sec = 981.20 80486dx/66MHz Solaris 2.1 - gcc -O2 (gcc 2.6.3) set_key per sec = 26814.15 ( 37.3uS) DES ecb bytes per sec = 345029.95 ( 23.2uS) DES cbc bytes per sec = 344064.00 ( 23.3uS) crypt per sec = 1551.97 (644.3uS) 80486dx/50MHz Solaris 2.1 - gcc -O2 (gcc 2.5.2) set_key per sec = 18558.29 ( 53.9uS) DES ecb bytes per sec = 240873.90 ( 33.2uS) DES cbc bytes per sec = 239993.37 ( 33.3uS) crypt per sec = 1073.67 (931.4uS) 80486dx/50MHz Solaris 2.1 - cc -xO4 (cc: PC2.0.1 30 April 1993) set_key per sec = 18302.79 ( 54.6uS) DES ecb bytes per sec = 242640.29 ( 33.0uS) DES cbc bytes per sec = 239568.89 ( 33.4uS) crypt per sec = 1057.92 (945.2uS) 68030 HP400 set_key per sec = 5251.28 DES ecb bytes per sec = 56186.56 DES cbc bytes per sec = 58681.53 crypt per sec = 276.15 80486sx/33MHz MSDOS Turbo C v 2.0 set_key per sec = 1883.22 (531.0uS) DES ecb bytes per sec = 63393.31 (126.2uS) DES cbc bytes per sec = 63416.83 (126.1uS) crypt per sec = 158.71 (6300.6uS) 80486sx/33MHz MSDOS djgpp gcc 1.39 (32bit compiler) set_key per sec = 12603.08 (79.3) DES ecb bytes per sec = 158875.15 (50.4) DES cbc bytes per sec = 159893.85 (50.0) crypt per sec = 780.24 (1281.7) Version 1.99 26/08/92 8MHz 68000 Atari-ST gcc 2.1 -O2 MiNT 0.94 set_key per sec = 325.68 (3070.5uS) DES ecb bytes per sec = 4173.67 (1916.8uS) DES cbc bytes per sec = 4249.89 (1882.4uS) crypt per sec = 20.19 (49521.6uS) 8088/4.77mh MSDOS Turbo C v 2.0 set_key per sec = 35.09 DES ecb bytes per sec = 563.63 crypt per sec = 2.69 cyrus-sasl-2.1.25/mac/libdes/src/doPC20000777000076400007640000000305207403027645014300 00000000000000#!/usr/local/bin/perl @PC2_C=(14,17,11,24, 1, 5, 3,28,15, 6,21,10, 23,19,12, 4,26, 8, 16, 7,27,20,13, 2, ); @PC2_D=(41,52,31,37,47,55, 30,40,51,45,33,48, 44,49,39,56,34,53, 46,42,50,36,29,32, ); $i=0; foreach (@PC2_C) { $_--; # printf "%2d,",$_; $C{$_}=$i; ++$i; # print "\n" if ((($i) % 8) == 0); } $i=0; #print "\n"; foreach (@PC2_D) { $_-=28; $_--; # printf "%2d,",$_; $D{$_}=$i; $i++; # print "\n" if ((($i) % 8) == 0); } #print "\n"; foreach $i (0 .. 27) { $_=$C{$i}; # printf "%2d,",$_; $i++; # print "\n" if ((($i) % 8) == 0); } #print "\n"; #print "\n"; foreach $i (0 .. 27) { $_=$D{$i}; # printf "%2d,",$_; $i++; # print "\n" if ((($i) % 8) == 0); } #print "\n"; print "static ulong skb[8][64]={\n"; &doit("C",*C, 0, 1, 2, 3, 4, 5); &doit("C",*C, 6, 7, 9,10,11,12); &doit("C",*C,13,14,15,16,18,19); &doit("C",*C,20,22,23,25,26,27); &doit("D",*D, 0, 1, 2, 3, 4, 5); &doit("D",*D, 7, 8,10,11,12,13); &doit("D",*D,15,16,17,18,19,20); &doit("D",*D,21,22,23,24,26,27); print "};\n"; sub doit { local($l,*A,@b)=@_; local(@out); printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n", $b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1); for ($i=0; $i<64; $i++) { $out[$i]=0; $j=1; #print "\n"; for ($k=0; $k<6; $k++) { $l=$A{$b[$k]}; #print"$l - "; if ((1<<$k) & $i) { $ll=int($l/6)*8+($l%6); $out[$i]|=1<<($ll); } } $pp=$out[$i]; $pp=($pp&0xff0000ff)| (($pp&0x00ff0000)>>8)| (($pp&0x0000ff00)<<8); printf("0x%08X,",$pp); print "\n" if (($i+1) % 4 == 0); } } cyrus-sasl-2.1.25/mac/libdes/src/rpw.c0000777000076400007640000000762007403027647014431 00000000000000/* crypto/des/rpw.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifdef HAVE_CONFIG_H #include #endif #include #include "des.h" int main(argc,argv) int argc; char *argv[]; { des_cblock k,k1; int i; printf("read passwd\n"); if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0) { printf("password = "); for (i=0; i<8; i++) printf("%02x ",k[i]); } else printf("error %d\n",i); printf("\n"); printf("read 2passwds and verify\n"); if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1, "Enter verified password:",1)) == 0) { printf("password1 = "); for (i=0; i<8; i++) printf("%02x ",k[i]); printf("\n"); printf("password2 = "); for (i=0; i<8; i++) printf("%02x ",k1[i]); printf("\n"); exit(1); } else { printf("error %d\n",i); exit(0); } #ifdef LINT return(0); #endif } cyrus-sasl-2.1.25/mac/libdes/src/sk.h0000777000076400007640000002342407403027647014243 00000000000000/* crypto/des/sk.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ static const DES_LONG des_skb[8][64]={ { /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ 0x00000000L,0x00000010L,0x20000000L,0x20000010L, 0x00010000L,0x00010010L,0x20010000L,0x20010010L, 0x00000800L,0x00000810L,0x20000800L,0x20000810L, 0x00010800L,0x00010810L,0x20010800L,0x20010810L, 0x00000020L,0x00000030L,0x20000020L,0x20000030L, 0x00010020L,0x00010030L,0x20010020L,0x20010030L, 0x00000820L,0x00000830L,0x20000820L,0x20000830L, 0x00010820L,0x00010830L,0x20010820L,0x20010830L, 0x00080000L,0x00080010L,0x20080000L,0x20080010L, 0x00090000L,0x00090010L,0x20090000L,0x20090010L, 0x00080800L,0x00080810L,0x20080800L,0x20080810L, 0x00090800L,0x00090810L,0x20090800L,0x20090810L, 0x00080020L,0x00080030L,0x20080020L,0x20080030L, 0x00090020L,0x00090030L,0x20090020L,0x20090030L, 0x00080820L,0x00080830L,0x20080820L,0x20080830L, 0x00090820L,0x00090830L,0x20090820L,0x20090830L, },{ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ 0x00000000L,0x02000000L,0x00002000L,0x02002000L, 0x00200000L,0x02200000L,0x00202000L,0x02202000L, 0x00000004L,0x02000004L,0x00002004L,0x02002004L, 0x00200004L,0x02200004L,0x00202004L,0x02202004L, 0x00000400L,0x02000400L,0x00002400L,0x02002400L, 0x00200400L,0x02200400L,0x00202400L,0x02202400L, 0x00000404L,0x02000404L,0x00002404L,0x02002404L, 0x00200404L,0x02200404L,0x00202404L,0x02202404L, 0x10000000L,0x12000000L,0x10002000L,0x12002000L, 0x10200000L,0x12200000L,0x10202000L,0x12202000L, 0x10000004L,0x12000004L,0x10002004L,0x12002004L, 0x10200004L,0x12200004L,0x10202004L,0x12202004L, 0x10000400L,0x12000400L,0x10002400L,0x12002400L, 0x10200400L,0x12200400L,0x10202400L,0x12202400L, 0x10000404L,0x12000404L,0x10002404L,0x12002404L, 0x10200404L,0x12200404L,0x10202404L,0x12202404L, },{ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ 0x00000000L,0x00000001L,0x00040000L,0x00040001L, 0x01000000L,0x01000001L,0x01040000L,0x01040001L, 0x00000002L,0x00000003L,0x00040002L,0x00040003L, 0x01000002L,0x01000003L,0x01040002L,0x01040003L, 0x00000200L,0x00000201L,0x00040200L,0x00040201L, 0x01000200L,0x01000201L,0x01040200L,0x01040201L, 0x00000202L,0x00000203L,0x00040202L,0x00040203L, 0x01000202L,0x01000203L,0x01040202L,0x01040203L, 0x08000000L,0x08000001L,0x08040000L,0x08040001L, 0x09000000L,0x09000001L,0x09040000L,0x09040001L, 0x08000002L,0x08000003L,0x08040002L,0x08040003L, 0x09000002L,0x09000003L,0x09040002L,0x09040003L, 0x08000200L,0x08000201L,0x08040200L,0x08040201L, 0x09000200L,0x09000201L,0x09040200L,0x09040201L, 0x08000202L,0x08000203L,0x08040202L,0x08040203L, 0x09000202L,0x09000203L,0x09040202L,0x09040203L, },{ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ 0x00000000L,0x00100000L,0x00000100L,0x00100100L, 0x00000008L,0x00100008L,0x00000108L,0x00100108L, 0x00001000L,0x00101000L,0x00001100L,0x00101100L, 0x00001008L,0x00101008L,0x00001108L,0x00101108L, 0x04000000L,0x04100000L,0x04000100L,0x04100100L, 0x04000008L,0x04100008L,0x04000108L,0x04100108L, 0x04001000L,0x04101000L,0x04001100L,0x04101100L, 0x04001008L,0x04101008L,0x04001108L,0x04101108L, 0x00020000L,0x00120000L,0x00020100L,0x00120100L, 0x00020008L,0x00120008L,0x00020108L,0x00120108L, 0x00021000L,0x00121000L,0x00021100L,0x00121100L, 0x00021008L,0x00121008L,0x00021108L,0x00121108L, 0x04020000L,0x04120000L,0x04020100L,0x04120100L, 0x04020008L,0x04120008L,0x04020108L,0x04120108L, 0x04021000L,0x04121000L,0x04021100L,0x04121100L, 0x04021008L,0x04121008L,0x04021108L,0x04121108L, },{ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ 0x00000000L,0x10000000L,0x00010000L,0x10010000L, 0x00000004L,0x10000004L,0x00010004L,0x10010004L, 0x20000000L,0x30000000L,0x20010000L,0x30010000L, 0x20000004L,0x30000004L,0x20010004L,0x30010004L, 0x00100000L,0x10100000L,0x00110000L,0x10110000L, 0x00100004L,0x10100004L,0x00110004L,0x10110004L, 0x20100000L,0x30100000L,0x20110000L,0x30110000L, 0x20100004L,0x30100004L,0x20110004L,0x30110004L, 0x00001000L,0x10001000L,0x00011000L,0x10011000L, 0x00001004L,0x10001004L,0x00011004L,0x10011004L, 0x20001000L,0x30001000L,0x20011000L,0x30011000L, 0x20001004L,0x30001004L,0x20011004L,0x30011004L, 0x00101000L,0x10101000L,0x00111000L,0x10111000L, 0x00101004L,0x10101004L,0x00111004L,0x10111004L, 0x20101000L,0x30101000L,0x20111000L,0x30111000L, 0x20101004L,0x30101004L,0x20111004L,0x30111004L, },{ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ 0x00000000L,0x08000000L,0x00000008L,0x08000008L, 0x00000400L,0x08000400L,0x00000408L,0x08000408L, 0x00020000L,0x08020000L,0x00020008L,0x08020008L, 0x00020400L,0x08020400L,0x00020408L,0x08020408L, 0x00000001L,0x08000001L,0x00000009L,0x08000009L, 0x00000401L,0x08000401L,0x00000409L,0x08000409L, 0x00020001L,0x08020001L,0x00020009L,0x08020009L, 0x00020401L,0x08020401L,0x00020409L,0x08020409L, 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, },{ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ 0x00000000L,0x00000100L,0x00080000L,0x00080100L, 0x01000000L,0x01000100L,0x01080000L,0x01080100L, 0x00000010L,0x00000110L,0x00080010L,0x00080110L, 0x01000010L,0x01000110L,0x01080010L,0x01080110L, 0x00200000L,0x00200100L,0x00280000L,0x00280100L, 0x01200000L,0x01200100L,0x01280000L,0x01280100L, 0x00200010L,0x00200110L,0x00280010L,0x00280110L, 0x01200010L,0x01200110L,0x01280010L,0x01280110L, 0x00000200L,0x00000300L,0x00080200L,0x00080300L, 0x01000200L,0x01000300L,0x01080200L,0x01080300L, 0x00000210L,0x00000310L,0x00080210L,0x00080310L, 0x01000210L,0x01000310L,0x01080210L,0x01080310L, 0x00200200L,0x00200300L,0x00280200L,0x00280300L, 0x01200200L,0x01200300L,0x01280200L,0x01280300L, 0x00200210L,0x00200310L,0x00280210L,0x00280310L, 0x01200210L,0x01200310L,0x01280210L,0x01280310L, },{ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ 0x00000000L,0x04000000L,0x00040000L,0x04040000L, 0x00000002L,0x04000002L,0x00040002L,0x04040002L, 0x00002000L,0x04002000L,0x00042000L,0x04042000L, 0x00002002L,0x04002002L,0x00042002L,0x04042002L, 0x00000020L,0x04000020L,0x00040020L,0x04040020L, 0x00000022L,0x04000022L,0x00040022L,0x04040022L, 0x00002020L,0x04002020L,0x00042020L,0x04042020L, 0x00002022L,0x04002022L,0x00042022L,0x04042022L, 0x00000800L,0x04000800L,0x00040800L,0x04040800L, 0x00000802L,0x04000802L,0x00040802L,0x04040802L, 0x00002800L,0x04002800L,0x00042800L,0x04042800L, 0x00002802L,0x04002802L,0x00042802L,0x04042802L, 0x00000820L,0x04000820L,0x00040820L,0x04040820L, 0x00000822L,0x04000822L,0x00040822L,0x04040822L, 0x00002820L,0x04002820L,0x00042820L,0x04042820L, 0x00002822L,0x04002822L,0x00042822L,0x04042822L, }}; cyrus-sasl-2.1.25/mac/libdes/src/md4.c0000777000076400007640000001433407403027645014303 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include "config.h" RCSID("$Id: md4.c,v 1.2 2001/12/04 02:06:29 rjs3 Exp $"); #endif #include #include #include "md4.h" #ifndef min #define min(a,b) (((a)>(b))?(b):(a)) #endif #define A m->counter[0] #define B m->counter[1] #define C m->counter[2] #define D m->counter[3] #define X data void md4_init (struct md4 *m) { m->offset = 0; m->sz = 0; D = 0x10325476; C = 0x98badcfe; B = 0xefcdab89; A = 0x67452301; } static inline u_int32_t cshift (u_int32_t x, unsigned int n) { return (x << n) | (x >> (32 - n)); } #define F(x,y,z) ((x & y) | (~x & z)) #define G(x,y,z) ((x & y) | (x & z) | (y & z)) #define H(x,y,z) (x ^ y ^ z) #define DOIT(a,b,c,d,k,s,i,OP) \ a = cshift(a + OP(b,c,d) + X[k] + i, s) #define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) #define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) #define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) static inline void calc (struct md4 *m, u_int32_t *data) { u_int32_t AA, BB, CC, DD; AA = A; BB = B; CC = C; DD = D; /* Round 1 */ DO1(A,B,C,D,0,3,0); DO1(D,A,B,C,1,7,0); DO1(C,D,A,B,2,11,0); DO1(B,C,D,A,3,19,0); DO1(A,B,C,D,4,3,0); DO1(D,A,B,C,5,7,0); DO1(C,D,A,B,6,11,0); DO1(B,C,D,A,7,19,0); DO1(A,B,C,D,8,3,0); DO1(D,A,B,C,9,7,0); DO1(C,D,A,B,10,11,0); DO1(B,C,D,A,11,19,0); DO1(A,B,C,D,12,3,0); DO1(D,A,B,C,13,7,0); DO1(C,D,A,B,14,11,0); DO1(B,C,D,A,15,19,0); /* Round 2 */ DO2(A,B,C,D,0,3,0x5A827999); DO2(D,A,B,C,4,5,0x5A827999); DO2(C,D,A,B,8,9,0x5A827999); DO2(B,C,D,A,12,13,0x5A827999); DO2(A,B,C,D,1,3,0x5A827999); DO2(D,A,B,C,5,5,0x5A827999); DO2(C,D,A,B,9,9,0x5A827999); DO2(B,C,D,A,13,13,0x5A827999); DO2(A,B,C,D,2,3,0x5A827999); DO2(D,A,B,C,6,5,0x5A827999); DO2(C,D,A,B,10,9,0x5A827999); DO2(B,C,D,A,14,13,0x5A827999); DO2(A,B,C,D,3,3,0x5A827999); DO2(D,A,B,C,7,5,0x5A827999); DO2(C,D,A,B,11,9,0x5A827999); DO2(B,C,D,A,15,13,0x5A827999); /* Round 3 */ DO3(A,B,C,D,0,3,0x6ED9EBA1); DO3(D,A,B,C,8,9,0x6ED9EBA1); DO3(C,D,A,B,4,11,0x6ED9EBA1); DO3(B,C,D,A,12,15,0x6ED9EBA1); DO3(A,B,C,D,2,3,0x6ED9EBA1); DO3(D,A,B,C,10,9,0x6ED9EBA1); DO3(C,D,A,B,6,11,0x6ED9EBA1); DO3(B,C,D,A,14,15,0x6ED9EBA1); DO3(A,B,C,D,1,3,0x6ED9EBA1); DO3(D,A,B,C,9,9,0x6ED9EBA1); DO3(C,D,A,B,5,11,0x6ED9EBA1); DO3(B,C,D,A,13,15,0x6ED9EBA1); DO3(A,B,C,D,3,3,0x6ED9EBA1); DO3(D,A,B,C,11,9,0x6ED9EBA1); DO3(C,D,A,B,7,11,0x6ED9EBA1); DO3(B,C,D,A,15,15,0x6ED9EBA1); A += AA; B += BB; C += CC; D += DD; } /* * From `Performance analysis of MD5' by Joseph D. Touch */ static inline u_int32_t swap_u_int32_t (u_int32_t t) { #if defined(WORDS_BIGENDIAN) #define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) u_int32_t temp1, temp2; temp1 = ROL(t,16); temp2 = temp1 >> 8; temp1 &= 0x00ff00ff; temp2 &= 0x00ff00ff; temp1 <<= 8; return temp1 | temp2; #else return t; #endif } struct x32{ unsigned int a:32; unsigned int b:32; }; void md4_update (struct md4 *m, const void *v, size_t len) { const unsigned char *p = v; m->sz += len; while(len > 0){ size_t l = min(len, 64 - m->offset); memcpy(m->save + m->offset, p, l); m->offset += l; p += l; len -= l; if(m->offset == 64){ #if defined(WORDS_BIGENDIAN) int i; u_int32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ current[2*i+0] = swap_u_int32_t(u[i].a); current[2*i+1] = swap_u_int32_t(u[i].b); } calc(m, current); #else calc(m, (u_int32_t*)m->save); #endif m->offset = 0; } } } void md4_finito (struct md4 *m, void *res) { static unsigned char zeros[72]; u_int32_t len; unsigned int dstart = (120 - m->offset - 1) % 64 + 1; *zeros = 0x80; memset (zeros + 1, 0, sizeof(zeros) - 1); len = 8 * m->sz; zeros[dstart+0] = (len >> 0) & 0xff; zeros[dstart+1] = (len >> 8) & 0xff; zeros[dstart+2] = (len >> 16) & 0xff; zeros[dstart+3] = (len >> 24) & 0xff; md4_update (m, zeros, dstart + 8); { int i; unsigned char *r = (unsigned char *)res; for (i = 0; i < 4; ++i) { r[4*i] = m->counter[i] & 0xFF; r[4*i+1] = (m->counter[i] >> 8) & 0xFF; r[4*i+2] = (m->counter[i] >> 16) & 0xFF; r[4*i+3] = (m->counter[i] >> 24) & 0xFF; } } #if 0 { int i; u_int32_t *r = (u_int32_t *)res; for (i = 0; i < 4; ++i) r[i] = swap_u_int32_t (m->counter[i]); } #endif } cyrus-sasl-2.1.25/mac/libdes/src/INSTALL0000777000076400007640000000535107403027642014500 00000000000000Check the CC and CFLAGS lines in the makefile If your C library does not support the times(3) function, change the #define TIMES to #undef TIMES in speed.c If it does, check the HZ value for the times(3) function. If your system does not define CLK_TCK it will be assumed to be 100.0. If possible use gcc v 2.7.? Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc) In recent times, some system compilers give better performace. type 'make' run './destest' to check things are ok. run './rpw' to check the tty code for reading passwords works. run './speed' to see how fast those optimisations make the library run :-) run './des_opts' to determin the best compile time options. The output from des_opts should be put in the makefile options and des_enc.c should be rebuilt. For 64 bit computers, do not use the DES_PTR option. For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int' and then you can use the 'DES_PTR' option. The file options.txt has the options listed for best speed on quite a few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then turn on the relevent option in the Makefile There are some special Makefile targets that make life easier. make cc - standard cc build make gcc - standard gcc build make x86-elf - x86 assember (elf), linux-elf. make x86-out - x86 assember (a.out), FreeBSD make x86-solaris- x86 assember make x86-bsdi - x86 assember (a.out with primative assember). If at all possible use the assember (for Windows NT/95, use asm/win32.obj to link with). The x86 assember is very very fast. A make install will by default install libdes.a in /usr/local/lib/libdes.a des in /usr/local/bin/des des_crypt.man in /usr/local/man/man3/des_crypt.3 des.man in /usr/local/man/man1/des.1 des.h in /usr/include/des.h des(1) should be compatible with sunOS's but I have been unable to test it. These routines should compile on MSDOS, most 32bit and 64bit version of Unix (BSD and SYSV) and VMS, without modification. The only problems should be #include files that are in the wrong places. These routines can be compiled under MSDOS. I have successfully encrypted files using des(1) under MSDOS and then decrypted the files on a SparcStation. I have been able to compile and test the routines with Microsoft C v 5.1 and Turbo C v 2.0. The code in this library is in no way optimised for the 16bit operation of MSDOS. When building for glibc, ignore all of the above and just unpack into glibc-1.??/des and then gmake as per normal. As a final note on performace. Certain CPUs like sparcs and Alpha often give a %10 speed difference depending on the link order. It is rather anoying when one program reports 'x' DES encrypts a second and another reports 'x*0.9' the speed. cyrus-sasl-2.1.25/mac/libdes/src/passwd_dialog.clw0000777000076400007640000000133707403027646017002 00000000000000; CLW file contains information for the MFC ClassWizard [General Info] Version=1 LastClass= LastTemplate=CDialog NewFileInclude1=#include "stdafx.h" NewFileInclude2=#include "passwd_dialog.h" LastPage=0 ClassCount=0 ResourceCount=2 Resource1=IDD_DIALOG1 Resource2=IDD_PASSWD_DIALOG [DLG:IDD_DIALOG1] Type=1 ControlCount=6 Control1=IDOK,button,1342242817 Control2=IDCANCEL,button,1342242816 Control3=IDC_STATIC,static,1342308352 Control4=IDC_STATIC,static,1342308352 Control5=IDC_EDIT1,edit,1350631552 Control6=IDC_EDIT2,edit,1350631584 [DLG:IDD_PASSWD_DIALOG] Type=1 ControlCount=4 Control1=IDC_PASSWD_EDIT,edit,1350631456 Control2=IDOK,button,1342242817 Control3=IDCANCEL,button,1342242816 Control4=IDC_STATIC,static,1342177280 cyrus-sasl-2.1.25/mac/libdes/src/read_pwd.c0000777000076400007640000002362207403027647015406 00000000000000/* crypto/des/read_pwd.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifdef WIN16TTY #undef WIN16 #undef _WINDOWS #include #endif /* 06-Apr-92 Luke Brennan Support for VMS */ #include "des_locl.h" #include #include #include #include /* There are 5 types of terminal interface supported, * TERMIO, TERMIOS, VMS, MSDOS and SGTTY */ #if defined(__sgi) && !defined(TERMIOS) #define TERMIOS #undef TERMIO #undef SGTTY #endif #if defined(linux) && !defined(TERMIO) #undef TERMIOS #define TERMIO #undef SGTTY #endif #ifdef _LIBC #define TERMIO #endif #if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS) #define SGTTY #endif #ifdef TERMIOS #include #define TTY_STRUCT struct termios #define TTY_FLAGS c_lflag #define TTY_get(tty,data) tcgetattr(tty,data) #define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) #endif #ifdef TERMIO #include #define TTY_STRUCT struct termio #define TTY_FLAGS c_lflag #define TTY_get(tty,data) ioctl(tty,TCGETA,data) #define TTY_set(tty,data) ioctl(tty,TCSETA,data) #endif #ifdef SGTTY #include #define TTY_STRUCT struct sgttyb #define TTY_FLAGS sg_flags #define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) #define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) #endif #if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS) #include #endif #ifdef MSDOS #include #define fgets(a,b,c) noecho_fgets(a,b,c) #endif #ifdef VMS #include #include #include #include struct IOSB { short iosb$w_value; short iosb$w_count; long iosb$l_info; }; #endif #ifndef NX509_SIG #define NX509_SIG 32 #endif #ifndef NOPROTO static void read_till_nl(FILE *); static int read_pw(char *buf, char *buff, int size, char *prompt, int verify); static void recsig(int); static void pushsig(void); static void popsig(void); #if defined(MSDOS) && !defined(WIN16) static int noecho_fgets(char *buf, int size, FILE *tty); #endif #else static void read_till_nl(); static int read_pw(); static void recsig(); static void pushsig(); static void popsig(); #if defined(MSDOS) && !defined(WIN16) static int noecho_fgets(); #endif #endif #ifndef NOPROTO static void (*savsig[NX509_SIG])(int ); #else static void (*savsig[NX509_SIG])(); #endif static jmp_buf save; int des_read_password(key, prompt, verify) des_cblock (*key); char *prompt; int verify; { int ok; char buf[BUFSIZ],buff[BUFSIZ]; if ((ok=read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_key(buf,key); memset(buf,0,BUFSIZ); memset(buff,0,BUFSIZ); return(ok); } int des_read_2passwords(key1, key2, prompt, verify) des_cblock (*key1); des_cblock (*key2); char *prompt; int verify; { int ok; char buf[BUFSIZ],buff[BUFSIZ]; if ((ok=read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) des_string_to_2keys(buf,key1,key2); memset(buf,0,BUFSIZ); memset(buff,0,BUFSIZ); return(ok); } int des_read_pw_string(buf, length, prompt, verify) char *buf; int length; char *prompt; int verify; { char buff[BUFSIZ]; int ret; ret=read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); memset(buff,0,BUFSIZ); return(ret); } #ifndef WIN16 static void read_till_nl(in) FILE *in; { #define SIZE 4 char buf[SIZE+1]; do { fgets(buf,SIZE,in); } while (strchr(buf,'\n') == NULL); } /* return 0 if ok, 1 (or -1) otherwise */ static int read_pw(buf, buff, size, prompt, verify) char *buf; char *buff; int size; char *prompt; int verify; { #ifdef VMS struct IOSB iosb; $DESCRIPTOR(terminal,"TT"); long tty_orig[3], tty_new[3]; long status; unsigned short channel = 0; #else #ifndef MSDOS TTY_STRUCT tty_orig,tty_new; #endif #endif int number=5; int ok=0; int ps=0; int is_a_tty=1; FILE *tty=NULL; char *p; #ifdef __CYGWIN32__ tty = stdin; #elif !defined(MSDOS) if ((tty=fopen("/dev/tty","r")) == NULL) tty=stdin; #else /* MSDOS */ if ((tty=fopen("con","r")) == NULL) tty=stdin; #endif /* MSDOS */ #if defined(TTY_get) && !defined(VMS) if (TTY_get(fileno(tty),&tty_orig) == -1) { #ifdef ENOTTY if (errno == ENOTTY) is_a_tty=0; else #endif return(-1); } memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); #endif #ifdef VMS status = SYS$ASSIGN(&terminal,&channel,0,0); if (status != SS$_NORMAL) return(-1); status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) return(-1); #endif if (setjmp(save)) { ok=0; goto error; } pushsig(); ps=1; #ifdef TTY_FLAGS tty_new.TTY_FLAGS &= ~ECHO; #endif #if defined(TTY_set) && !defined(VMS) if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1)) return(-1); #endif #ifdef VMS tty_new[0] = tty_orig[0]; tty_new[1] = tty_orig[1] | TT$M_NOECHO; tty_new[2] = tty_orig[2]; status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) return(-1); #endif ps=2; while ((!ok) && (number--)) { fputs(prompt,stderr); fflush(stderr); buf[0]='\0'; fgets(buf,size,tty); if (feof(tty)) goto error; if (ferror(tty)) goto error; if ((p=(char *)strchr(buf,'\n')) != NULL) *p='\0'; else read_till_nl(tty); if (verify) { fprintf(stderr,"\nVerifying password - %s",prompt); fflush(stderr); buff[0]='\0'; fgets(buff,size,tty); if (feof(tty)) goto error; if ((p=(char *)strchr(buff,'\n')) != NULL) *p='\0'; else read_till_nl(tty); if (strcmp(buf,buff) != 0) { fprintf(stderr,"\nVerify failure"); fflush(stderr); break; /* continue; */ } } ok=1; } error: fprintf(stderr,"\n"); #ifdef DEBUG perror("fgets(tty)"); #endif /* What can we do if there is an error? */ #if defined(TTY_set) && !defined(VMS) if (ps >= 2) TTY_set(fileno(tty),&tty_orig); #endif #ifdef VMS if (ps >= 2) status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0 ,tty_orig,12,0,0,0,0); #endif if (ps >= 1) popsig(); if (stdin != tty) fclose(tty); #ifdef VMS status = SYS$DASSGN(channel); #endif return(!ok); } #else /* WIN16 */ static int read_pw(buf, buff, size, prompt, verify) char *buf; char *buff; int size; char *prompt; int verify; { memset(buf,0,size); memset(buff,0,size); return(0); } #endif static void pushsig() { int i; for (i=1; i 4); # The following 8 arrays are used in des_set_key @skb0=( # for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 0x00000000,0x00000010,0x20000000,0x20000010, 0x00010000,0x00010010,0x20010000,0x20010010, 0x00000800,0x00000810,0x20000800,0x20000810, 0x00010800,0x00010810,0x20010800,0x20010810, 0x00000020,0x00000030,0x20000020,0x20000030, 0x00010020,0x00010030,0x20010020,0x20010030, 0x00000820,0x00000830,0x20000820,0x20000830, 0x00010820,0x00010830,0x20010820,0x20010830, 0x00080000,0x00080010,0x20080000,0x20080010, 0x00090000,0x00090010,0x20090000,0x20090010, 0x00080800,0x00080810,0x20080800,0x20080810, 0x00090800,0x00090810,0x20090800,0x20090810, 0x00080020,0x00080030,0x20080020,0x20080030, 0x00090020,0x00090030,0x20090020,0x20090030, 0x00080820,0x00080830,0x20080820,0x20080830, 0x00090820,0x00090830,0x20090820,0x20090830, ); @skb1=( # for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 0x00000000,0x02000000,0x00002000,0x02002000, 0x00200000,0x02200000,0x00202000,0x02202000, 0x00000004,0x02000004,0x00002004,0x02002004, 0x00200004,0x02200004,0x00202004,0x02202004, 0x00000400,0x02000400,0x00002400,0x02002400, 0x00200400,0x02200400,0x00202400,0x02202400, 0x00000404,0x02000404,0x00002404,0x02002404, 0x00200404,0x02200404,0x00202404,0x02202404, 0x10000000,0x12000000,0x10002000,0x12002000, 0x10200000,0x12200000,0x10202000,0x12202000, 0x10000004,0x12000004,0x10002004,0x12002004, 0x10200004,0x12200004,0x10202004,0x12202004, 0x10000400,0x12000400,0x10002400,0x12002400, 0x10200400,0x12200400,0x10202400,0x12202400, 0x10000404,0x12000404,0x10002404,0x12002404, 0x10200404,0x12200404,0x10202404,0x12202404, ); @skb2=( # for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 0x00000000,0x00000001,0x00040000,0x00040001, 0x01000000,0x01000001,0x01040000,0x01040001, 0x00000002,0x00000003,0x00040002,0x00040003, 0x01000002,0x01000003,0x01040002,0x01040003, 0x00000200,0x00000201,0x00040200,0x00040201, 0x01000200,0x01000201,0x01040200,0x01040201, 0x00000202,0x00000203,0x00040202,0x00040203, 0x01000202,0x01000203,0x01040202,0x01040203, 0x08000000,0x08000001,0x08040000,0x08040001, 0x09000000,0x09000001,0x09040000,0x09040001, 0x08000002,0x08000003,0x08040002,0x08040003, 0x09000002,0x09000003,0x09040002,0x09040003, 0x08000200,0x08000201,0x08040200,0x08040201, 0x09000200,0x09000201,0x09040200,0x09040201, 0x08000202,0x08000203,0x08040202,0x08040203, 0x09000202,0x09000203,0x09040202,0x09040203, ); @skb3=( # for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 0x00000000,0x00100000,0x00000100,0x00100100, 0x00000008,0x00100008,0x00000108,0x00100108, 0x00001000,0x00101000,0x00001100,0x00101100, 0x00001008,0x00101008,0x00001108,0x00101108, 0x04000000,0x04100000,0x04000100,0x04100100, 0x04000008,0x04100008,0x04000108,0x04100108, 0x04001000,0x04101000,0x04001100,0x04101100, 0x04001008,0x04101008,0x04001108,0x04101108, 0x00020000,0x00120000,0x00020100,0x00120100, 0x00020008,0x00120008,0x00020108,0x00120108, 0x00021000,0x00121000,0x00021100,0x00121100, 0x00021008,0x00121008,0x00021108,0x00121108, 0x04020000,0x04120000,0x04020100,0x04120100, 0x04020008,0x04120008,0x04020108,0x04120108, 0x04021000,0x04121000,0x04021100,0x04121100, 0x04021008,0x04121008,0x04021108,0x04121108, ); @skb4=( # for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 0x00000000,0x10000000,0x00010000,0x10010000, 0x00000004,0x10000004,0x00010004,0x10010004, 0x20000000,0x30000000,0x20010000,0x30010000, 0x20000004,0x30000004,0x20010004,0x30010004, 0x00100000,0x10100000,0x00110000,0x10110000, 0x00100004,0x10100004,0x00110004,0x10110004, 0x20100000,0x30100000,0x20110000,0x30110000, 0x20100004,0x30100004,0x20110004,0x30110004, 0x00001000,0x10001000,0x00011000,0x10011000, 0x00001004,0x10001004,0x00011004,0x10011004, 0x20001000,0x30001000,0x20011000,0x30011000, 0x20001004,0x30001004,0x20011004,0x30011004, 0x00101000,0x10101000,0x00111000,0x10111000, 0x00101004,0x10101004,0x00111004,0x10111004, 0x20101000,0x30101000,0x20111000,0x30111000, 0x20101004,0x30101004,0x20111004,0x30111004, ); @skb5=( # for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 0x00000000,0x08000000,0x00000008,0x08000008, 0x00000400,0x08000400,0x00000408,0x08000408, 0x00020000,0x08020000,0x00020008,0x08020008, 0x00020400,0x08020400,0x00020408,0x08020408, 0x00000001,0x08000001,0x00000009,0x08000009, 0x00000401,0x08000401,0x00000409,0x08000409, 0x00020001,0x08020001,0x00020009,0x08020009, 0x00020401,0x08020401,0x00020409,0x08020409, 0x02000000,0x0A000000,0x02000008,0x0A000008, 0x02000400,0x0A000400,0x02000408,0x0A000408, 0x02020000,0x0A020000,0x02020008,0x0A020008, 0x02020400,0x0A020400,0x02020408,0x0A020408, 0x02000001,0x0A000001,0x02000009,0x0A000009, 0x02000401,0x0A000401,0x02000409,0x0A000409, 0x02020001,0x0A020001,0x02020009,0x0A020009, 0x02020401,0x0A020401,0x02020409,0x0A020409, ); @skb6=( # for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 0x00000000,0x00000100,0x00080000,0x00080100, 0x01000000,0x01000100,0x01080000,0x01080100, 0x00000010,0x00000110,0x00080010,0x00080110, 0x01000010,0x01000110,0x01080010,0x01080110, 0x00200000,0x00200100,0x00280000,0x00280100, 0x01200000,0x01200100,0x01280000,0x01280100, 0x00200010,0x00200110,0x00280010,0x00280110, 0x01200010,0x01200110,0x01280010,0x01280110, 0x00000200,0x00000300,0x00080200,0x00080300, 0x01000200,0x01000300,0x01080200,0x01080300, 0x00000210,0x00000310,0x00080210,0x00080310, 0x01000210,0x01000310,0x01080210,0x01080310, 0x00200200,0x00200300,0x00280200,0x00280300, 0x01200200,0x01200300,0x01280200,0x01280300, 0x00200210,0x00200310,0x00280210,0x00280310, 0x01200210,0x01200310,0x01280210,0x01280310, ); @skb7=( # for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 0x00000000,0x04000000,0x00040000,0x04040000, 0x00000002,0x04000002,0x00040002,0x04040002, 0x00002000,0x04002000,0x00042000,0x04042000, 0x00002002,0x04002002,0x00042002,0x04042002, 0x00000020,0x04000020,0x00040020,0x04040020, 0x00000022,0x04000022,0x00040022,0x04040022, 0x00002020,0x04002020,0x00042020,0x04042020, 0x00002022,0x04002022,0x00042022,0x04042022, 0x00000800,0x04000800,0x00040800,0x04040800, 0x00000802,0x04000802,0x00040802,0x04040802, 0x00002800,0x04002800,0x00042800,0x04042800, 0x00002802,0x04002802,0x00042802,0x04042802, 0x00000820,0x04000820,0x00040820,0x04040820, 0x00000822,0x04000822,0x00040822,0x04040822, 0x00002820,0x04002820,0x00042820,0x04042820, 0x00002822,0x04002822,0x00042822,0x04042822, ); @shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0); # used in ecb_encrypt @SP0=( 0x00410100, 0x00010000, 0x40400000, 0x40410100, 0x00400000, 0x40010100, 0x40010000, 0x40400000, 0x40010100, 0x00410100, 0x00410000, 0x40000100, 0x40400100, 0x00400000, 0x00000000, 0x40010000, 0x00010000, 0x40000000, 0x00400100, 0x00010100, 0x40410100, 0x00410000, 0x40000100, 0x00400100, 0x40000000, 0x00000100, 0x00010100, 0x40410000, 0x00000100, 0x40400100, 0x40410000, 0x00000000, 0x00000000, 0x40410100, 0x00400100, 0x40010000, 0x00410100, 0x00010000, 0x40000100, 0x00400100, 0x40410000, 0x00000100, 0x00010100, 0x40400000, 0x40010100, 0x40000000, 0x40400000, 0x00410000, 0x40410100, 0x00010100, 0x00410000, 0x40400100, 0x00400000, 0x40000100, 0x40010000, 0x00000000, 0x00010000, 0x00400000, 0x40400100, 0x00410100, 0x40000000, 0x40410000, 0x00000100, 0x40010100, ); @SP1=( 0x08021002, 0x00000000, 0x00021000, 0x08020000, 0x08000002, 0x00001002, 0x08001000, 0x00021000, 0x00001000, 0x08020002, 0x00000002, 0x08001000, 0x00020002, 0x08021000, 0x08020000, 0x00000002, 0x00020000, 0x08001002, 0x08020002, 0x00001000, 0x00021002, 0x08000000, 0x00000000, 0x00020002, 0x08001002, 0x00021002, 0x08021000, 0x08000002, 0x08000000, 0x00020000, 0x00001002, 0x08021002, 0x00020002, 0x08021000, 0x08001000, 0x00021002, 0x08021002, 0x00020002, 0x08000002, 0x00000000, 0x08000000, 0x00001002, 0x00020000, 0x08020002, 0x00001000, 0x08000000, 0x00021002, 0x08001002, 0x08021000, 0x00001000, 0x00000000, 0x08000002, 0x00000002, 0x08021002, 0x00021000, 0x08020000, 0x08020002, 0x00020000, 0x00001002, 0x08001000, 0x08001002, 0x00000002, 0x08020000, 0x00021000, ); @SP2=( 0x20800000, 0x00808020, 0x00000020, 0x20800020, 0x20008000, 0x00800000, 0x20800020, 0x00008020, 0x00800020, 0x00008000, 0x00808000, 0x20000000, 0x20808020, 0x20000020, 0x20000000, 0x20808000, 0x00000000, 0x20008000, 0x00808020, 0x00000020, 0x20000020, 0x20808020, 0x00008000, 0x20800000, 0x20808000, 0x00800020, 0x20008020, 0x00808000, 0x00008020, 0x00000000, 0x00800000, 0x20008020, 0x00808020, 0x00000020, 0x20000000, 0x00008000, 0x20000020, 0x20008000, 0x00808000, 0x20800020, 0x00000000, 0x00808020, 0x00008020, 0x20808000, 0x20008000, 0x00800000, 0x20808020, 0x20000000, 0x20008020, 0x20800000, 0x00800000, 0x20808020, 0x00008000, 0x00800020, 0x20800020, 0x00008020, 0x00800020, 0x00000000, 0x20808000, 0x20000020, 0x20800000, 0x20008020, 0x00000020, 0x00808000, ); @SP3=( 0x00080201, 0x02000200, 0x00000001, 0x02080201, 0x00000000, 0x02080000, 0x02000201, 0x00080001, 0x02080200, 0x02000001, 0x02000000, 0x00000201, 0x02000001, 0x00080201, 0x00080000, 0x02000000, 0x02080001, 0x00080200, 0x00000200, 0x00000001, 0x00080200, 0x02000201, 0x02080000, 0x00000200, 0x00000201, 0x00000000, 0x00080001, 0x02080200, 0x02000200, 0x02080001, 0x02080201, 0x00080000, 0x02080001, 0x00000201, 0x00080000, 0x02000001, 0x00080200, 0x02000200, 0x00000001, 0x02080000, 0x02000201, 0x00000000, 0x00000200, 0x00080001, 0x00000000, 0x02080001, 0x02080200, 0x00000200, 0x02000000, 0x02080201, 0x00080201, 0x00080000, 0x02080201, 0x00000001, 0x02000200, 0x00080201, 0x00080001, 0x00080200, 0x02080000, 0x02000201, 0x00000201, 0x02000000, 0x02000001, 0x02080200, ); @SP4=( 0x01000000, 0x00002000, 0x00000080, 0x01002084, 0x01002004, 0x01000080, 0x00002084, 0x01002000, 0x00002000, 0x00000004, 0x01000004, 0x00002080, 0x01000084, 0x01002004, 0x01002080, 0x00000000, 0x00002080, 0x01000000, 0x00002004, 0x00000084, 0x01000080, 0x00002084, 0x00000000, 0x01000004, 0x00000004, 0x01000084, 0x01002084, 0x00002004, 0x01002000, 0x00000080, 0x00000084, 0x01002080, 0x01002080, 0x01000084, 0x00002004, 0x01002000, 0x00002000, 0x00000004, 0x01000004, 0x01000080, 0x01000000, 0x00002080, 0x01002084, 0x00000000, 0x00002084, 0x01000000, 0x00000080, 0x00002004, 0x01000084, 0x00000080, 0x00000000, 0x01002084, 0x01002004, 0x01002080, 0x00000084, 0x00002000, 0x00002080, 0x01002004, 0x01000080, 0x00000084, 0x00000004, 0x00002084, 0x01002000, 0x01000004, ); @SP5=( 0x10000008, 0x00040008, 0x00000000, 0x10040400, 0x00040008, 0x00000400, 0x10000408, 0x00040000, 0x00000408, 0x10040408, 0x00040400, 0x10000000, 0x10000400, 0x10000008, 0x10040000, 0x00040408, 0x00040000, 0x10000408, 0x10040008, 0x00000000, 0x00000400, 0x00000008, 0x10040400, 0x10040008, 0x10040408, 0x10040000, 0x10000000, 0x00000408, 0x00000008, 0x00040400, 0x00040408, 0x10000400, 0x00000408, 0x10000000, 0x10000400, 0x00040408, 0x10040400, 0x00040008, 0x00000000, 0x10000400, 0x10000000, 0x00000400, 0x10040008, 0x00040000, 0x00040008, 0x10040408, 0x00040400, 0x00000008, 0x10040408, 0x00040400, 0x00040000, 0x10000408, 0x10000008, 0x10040000, 0x00040408, 0x00000000, 0x00000400, 0x10000008, 0x10000408, 0x10040400, 0x10040000, 0x00000408, 0x00000008, 0x10040008, ); @SP6=( 0x00000800, 0x00000040, 0x00200040, 0x80200000, 0x80200840, 0x80000800, 0x00000840, 0x00000000, 0x00200000, 0x80200040, 0x80000040, 0x00200800, 0x80000000, 0x00200840, 0x00200800, 0x80000040, 0x80200040, 0x00000800, 0x80000800, 0x80200840, 0x00000000, 0x00200040, 0x80200000, 0x00000840, 0x80200800, 0x80000840, 0x00200840, 0x80000000, 0x80000840, 0x80200800, 0x00000040, 0x00200000, 0x80000840, 0x00200800, 0x80200800, 0x80000040, 0x00000800, 0x00000040, 0x00200000, 0x80200800, 0x80200040, 0x80000840, 0x00000840, 0x00000000, 0x00000040, 0x80200000, 0x80000000, 0x00200040, 0x00000000, 0x80200040, 0x00200040, 0x00000840, 0x80000040, 0x00000800, 0x80200840, 0x00200000, 0x00200840, 0x80000000, 0x80000800, 0x80200840, 0x80200000, 0x00200840, 0x00200800, 0x80000800, ); @SP7=( 0x04100010, 0x04104000, 0x00004010, 0x00000000, 0x04004000, 0x00100010, 0x04100000, 0x04104010, 0x00000010, 0x04000000, 0x00104000, 0x00004010, 0x00104010, 0x04004010, 0x04000010, 0x04100000, 0x00004000, 0x00104010, 0x00100010, 0x04004000, 0x04104010, 0x04000010, 0x00000000, 0x00104000, 0x04000000, 0x00100000, 0x04004010, 0x04100010, 0x00100000, 0x00004000, 0x04104000, 0x00000010, 0x00100000, 0x00004000, 0x04000010, 0x04104010, 0x00004010, 0x04000000, 0x00000000, 0x00104000, 0x04100010, 0x04004010, 0x04004000, 0x00100010, 0x04104000, 0x00000010, 0x00100010, 0x04004000, 0x04104010, 0x00100000, 0x04100000, 0x04000010, 0x00104000, 0x00004010, 0x04004010, 0x04100000, 0x00000010, 0x04104000, 0x00104010, 0x00000000, 0x04000000, 0x04100010, 0x00004000, 0x00104010, ); sub main'des_set_key { local($param)=@_; local(@key); local($c,$d,$i,$s,$t); local(@ks)=(); # Get the bytes in the order we want. @key=unpack("C8",$param); $c= ($key[0] )| ($key[1]<< 8)| ($key[2]<<16)| ($key[3]<<24); $d= ($key[4] )| ($key[5]<< 8)| ($key[6]<<16)| ($key[7]<<24); &doPC1(*c,*d); for $i (@shifts2) { if ($i) { $c=($c>>2)|($c<<26); $d=($d>>2)|($d<<26); } else { $c=($c>>1)|($c<<27); $d=($d>>1)|($d<<27); } $c&=0x0fffffff; $d&=0x0fffffff; $s= $skb0[ ($c )&0x3f ]| $skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]| $skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]| $skb3[(($c>>20)&0x01)|(($c>>21)&0x06) | (($c>>22)&0x38)]; $t= $skb4[ ($d )&0x3f ]| $skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]| $skb6[ ($d>>15)&0x3f ]| $skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)]; push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff); $s= (($s>>16)&0x0000ffff)|($t&0xffff0000) ; push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff); } @ks; } sub doPC1 { local(*a,*b)=@_; local($t); $t=(($b>>4)^$a)&0x0f0f0f0f; $b^=($t<<4); $a^=$t; # do $a first $t=(($a<<18)^$a)&0xcccc0000; $a=$a^$t^(($t>>18)&0x00003fff); $t=(($a<<17)^$a)&0xaaaa0000; $a=$a^$t^(($t>>17)&0x00007fff); $t=(($a<< 8)^$a)&0x00ff0000; $a=$a^$t^(($t>> 8)&0x00ffffff); $t=(($a<<17)^$a)&0xaaaa0000; $a=$a^$t^(($t>>17)&0x00007fff); # now do $b $t=(($b<<24)^$b)&0xff000000; $b=$b^$t^(($t>>24)&0x000000ff); $t=(($b<< 8)^$b)&0x00ff0000; $b=$b^$t^(($t>> 8)&0x00ffffff); $t=(($b<<14)^$b)&0x33330000; $b=$b^$t^(($t>>14)&0x0003ffff); $b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55); $b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff); $a&=0x0fffffff; } sub doIP { local(*a,*b)=@_; local($t); $t=(($b>> 4)^$a)&0x0f0f0f0f; $b^=($t<< 4); $a^=$t; $t=(($a>>16)^$b)&0x0000ffff; $a^=($t<<16); $b^=$t; $t=(($b>> 2)^$a)&0x33333333; $b^=($t<< 2); $a^=$t; $t=(($a>> 8)^$b)&0x00ff00ff; $a^=($t<< 8); $b^=$t; $t=(($b>> 1)^$a)&0x55555555; $b^=($t<< 1); $a^=$t; $t=$a; $a=$b&0xffffffff; $b=$t&0xffffffff; } sub doFP { local(*a,*b)=@_; local($t); $t=(($b>> 1)^$a)&0x55555555; $b^=($t<< 1); $a^=$t; $t=(($a>> 8)^$b)&0x00ff00ff; $a^=($t<< 8); $b^=$t; $t=(($b>> 2)^$a)&0x33333333; $b^=($t<< 2); $a^=$t; $t=(($a>>16)^$b)&0x0000ffff; $a^=($t<<16); $b^=$t; $t=(($b>> 4)^$a)&0x0f0f0f0f; $b^=($t<< 4); $a^=$t; $a&=0xffffffff; $b&=0xffffffff; } sub main'des_ecb_encrypt { local(*ks,$encrypt,$in)=@_; local($l,$r,$i,$t,$u,@input); @input=unpack("C8",$in); # Get the bytes in the order we want. $l= ($input[0] )| ($input[1]<< 8)| ($input[2]<<16)| ($input[3]<<24); $r= ($input[4] )| ($input[5]<< 8)| ($input[6]<<16)| ($input[7]<<24); $l&=0xffffffff; $r&=0xffffffff; &doIP(*l,*r); if ($encrypt) { for ($i=0; $i<32; $i+=4) { $t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001)); $u=$t^$ks[$i ]; $t=$t^$ks[$i+1]; $t2=(($t&0x0000000f)<<28); $t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28)); $l^= $SP1[ $t &0x3f]| $SP3[($t>> 8)&0x3f]| $SP5[($t>>16)&0x3f]| $SP7[($t>>24)&0x3f]| $SP0[ $u &0x3f]| $SP2[($u>> 8)&0x3f]| $SP4[($u>>16)&0x3f]| $SP6[($u>>24)&0x3f]; $t=(($l<<1)|(($l>>31)&0x1))&0xffffffff; $u=$t^$ks[$i+2]; $t=$t^$ks[$i+3]; $t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff; $r^= $SP1[ $t &0x3f]| $SP3[($t>> 8)&0x3f]| $SP5[($t>>16)&0x3f]| $SP7[($t>>24)&0x3f]| $SP0[ $u &0x3f]| $SP2[($u>> 8)&0x3f]| $SP4[($u>>16)&0x3f]| $SP6[($u>>24)&0x3f]; } } else { for ($i=30; $i>0; $i-=4) { $t=(($r<<1)|(($r>>31)&0x1))&0xffffffff; $u=$t^$ks[$i ]; $t=$t^$ks[$i+1]; $t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff; $l^= $SP1[ $t &0x3f]| $SP3[($t>> 8)&0x3f]| $SP5[($t>>16)&0x3f]| $SP7[($t>>24)&0x3f]| $SP0[ $u &0x3f]| $SP2[($u>> 8)&0x3f]| $SP4[($u>>16)&0x3f]| $SP6[($u>>24)&0x3f]; $t=(($l<<1)|(($l>>31)&0x1))&0xffffffff; $u=$t^$ks[$i-2]; $t=$t^$ks[$i-1]; $t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff; $r^= $SP1[ $t &0x3f]| $SP3[($t>> 8)&0x3f]| $SP5[($t>>16)&0x3f]| $SP7[($t>>24)&0x3f]| $SP0[ $u &0x3f]| $SP2[($u>> 8)&0x3f]| $SP4[($u>>16)&0x3f]| $SP6[($u>>24)&0x3f]; } } &doFP(*l,*r); pack("C8",$l&0xff, ($l>> 8)&0x00ffffff, ($l>>16)&0x0000ffff, ($l>>24)&0x000000ff, $r&0xff, ($r>> 8)&0x00ffffff, ($r>>16)&0x0000ffff, ($r>>24)&0x000000ff); } cyrus-sasl-2.1.25/mac/libdes/src/des_enc.c0000777000076400007640000002122507403027644015213 00000000000000/* crypto/des/des_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" void des_encrypt(data, ks, encrypt) DES_LONG *data; des_key_schedule ks; int encrypt; { register DES_LONG l,r,t,u; #ifdef DES_PTR register unsigned char *des_SP=(unsigned char *)des_SPtrans; #endif #ifndef DES_UNROLL register int i; #endif register DES_LONG *s; r=data[0]; l=data[1]; IP(r,l); /* Things have been modified so that the initial rotate is * done outside the loop. This required the * des_SPtrans values in sp.h to be rotated 1 bit to the right. * One perl script later and things have a 5% speed up on a sparc2. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> * for pointing this out. */ /* clear the top bits on machines with 8byte longs */ /* shift left by 2 */ r=ROTATE(r,29)&0xffffffffL; l=ROTATE(l,29)&0xffffffffL; s=(DES_LONG *)ks; /* I don't know if it is worth the effort of loop unrolling the * inner loop */ if (encrypt) { #ifdef DES_UNROLL D_ENCRYPT(l,r, 0); /* 1 */ D_ENCRYPT(r,l, 2); /* 2 */ D_ENCRYPT(l,r, 4); /* 3 */ D_ENCRYPT(r,l, 6); /* 4 */ D_ENCRYPT(l,r, 8); /* 5 */ D_ENCRYPT(r,l,10); /* 6 */ D_ENCRYPT(l,r,12); /* 7 */ D_ENCRYPT(r,l,14); /* 8 */ D_ENCRYPT(l,r,16); /* 9 */ D_ENCRYPT(r,l,18); /* 10 */ D_ENCRYPT(l,r,20); /* 11 */ D_ENCRYPT(r,l,22); /* 12 */ D_ENCRYPT(l,r,24); /* 13 */ D_ENCRYPT(r,l,26); /* 14 */ D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #else for (i=0; i<32; i+=8) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ D_ENCRYPT(l,r,i+4); /* 3 */ D_ENCRYPT(r,l,i+6); /* 4 */ } #endif } else { #ifdef DES_UNROLL D_ENCRYPT(l,r,30); /* 16 */ D_ENCRYPT(r,l,28); /* 15 */ D_ENCRYPT(l,r,26); /* 14 */ D_ENCRYPT(r,l,24); /* 13 */ D_ENCRYPT(l,r,22); /* 12 */ D_ENCRYPT(r,l,20); /* 11 */ D_ENCRYPT(l,r,18); /* 10 */ D_ENCRYPT(r,l,16); /* 9 */ D_ENCRYPT(l,r,14); /* 8 */ D_ENCRYPT(r,l,12); /* 7 */ D_ENCRYPT(l,r,10); /* 6 */ D_ENCRYPT(r,l, 8); /* 5 */ D_ENCRYPT(l,r, 6); /* 4 */ D_ENCRYPT(r,l, 4); /* 3 */ D_ENCRYPT(l,r, 2); /* 2 */ D_ENCRYPT(r,l, 0); /* 1 */ #else for (i=30; i>0; i-=8) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ D_ENCRYPT(l,r,i-4); /* 14 */ D_ENCRYPT(r,l,i-6); /* 13 */ } #endif } /* rotate and clear the top bits on machines with 8byte longs */ l=ROTATE(l,3)&0xffffffffL; r=ROTATE(r,3)&0xffffffffL; FP(r,l); data[0]=l; data[1]=r; l=r=t=u=0; } void des_encrypt2(data, ks, encrypt) DES_LONG *data; des_key_schedule ks; int encrypt; { register DES_LONG l,r,t,u; #ifdef DES_PTR register unsigned char *des_SP=(unsigned char *)des_SPtrans; #endif #ifndef DES_UNROLL register int i; #endif register DES_LONG *s; r=data[0]; l=data[1]; /* Things have been modified so that the initial rotate is * done outside the loop. This required the * des_SPtrans values in sp.h to be rotated 1 bit to the right. * One perl script later and things have a 5% speed up on a sparc2. * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> * for pointing this out. */ /* clear the top bits on machines with 8byte longs */ r=ROTATE(r,29)&0xffffffff; l=ROTATE(l,29)&0xffffffff; s=(DES_LONG *)ks; /* I don't know if it is worth the effort of loop unrolling the * inner loop */ if (encrypt) { #ifdef DES_UNROLL D_ENCRYPT(l,r, 0); /* 1 */ D_ENCRYPT(r,l, 2); /* 2 */ D_ENCRYPT(l,r, 4); /* 3 */ D_ENCRYPT(r,l, 6); /* 4 */ D_ENCRYPT(l,r, 8); /* 5 */ D_ENCRYPT(r,l,10); /* 6 */ D_ENCRYPT(l,r,12); /* 7 */ D_ENCRYPT(r,l,14); /* 8 */ D_ENCRYPT(l,r,16); /* 9 */ D_ENCRYPT(r,l,18); /* 10 */ D_ENCRYPT(l,r,20); /* 11 */ D_ENCRYPT(r,l,22); /* 12 */ D_ENCRYPT(l,r,24); /* 13 */ D_ENCRYPT(r,l,26); /* 14 */ D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #else for (i=0; i<32; i+=8) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ D_ENCRYPT(l,r,i+4); /* 3 */ D_ENCRYPT(r,l,i+6); /* 4 */ } #endif } else { #ifdef DES_UNROLL D_ENCRYPT(l,r,30); /* 16 */ D_ENCRYPT(r,l,28); /* 15 */ D_ENCRYPT(l,r,26); /* 14 */ D_ENCRYPT(r,l,24); /* 13 */ D_ENCRYPT(l,r,22); /* 12 */ D_ENCRYPT(r,l,20); /* 11 */ D_ENCRYPT(l,r,18); /* 10 */ D_ENCRYPT(r,l,16); /* 9 */ D_ENCRYPT(l,r,14); /* 8 */ D_ENCRYPT(r,l,12); /* 7 */ D_ENCRYPT(l,r,10); /* 6 */ D_ENCRYPT(r,l, 8); /* 5 */ D_ENCRYPT(l,r, 6); /* 4 */ D_ENCRYPT(r,l, 4); /* 3 */ D_ENCRYPT(l,r, 2); /* 2 */ D_ENCRYPT(r,l, 0); /* 1 */ #else for (i=30; i>0; i-=8) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ D_ENCRYPT(l,r,i-4); /* 14 */ D_ENCRYPT(r,l,i-6); /* 13 */ } #endif } /* rotate and clear the top bits on machines with 8byte longs */ data[0]=ROTATE(l,3)&0xffffffff; data[1]=ROTATE(r,3)&0xffffffff; l=r=t=u=0; } void des_encrypt3(data,ks1,ks2,ks3) DES_LONG *data; des_key_schedule ks1; des_key_schedule ks2; des_key_schedule ks3; { register DES_LONG l,r; l=data[0]; r=data[1]; IP(l,r); data[0]=l; data[1]=r; des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); l=data[0]; r=data[1]; FP(r,l); data[0]=l; data[1]=r; } void des_decrypt3(data,ks1,ks2,ks3) DES_LONG *data; des_key_schedule ks1; des_key_schedule ks2; des_key_schedule ks3; { register DES_LONG l,r; l=data[0]; r=data[1]; IP(l,r); data[0]=l; data[1]=r; des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); l=data[0]; r=data[1]; FP(r,l); data[0]=l; data[1]=r; } cyrus-sasl-2.1.25/mac/libdes/src/set_key.c0000777000076400007640000001747007403027647015270 00000000000000/* crypto/des/set_key.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* set_key.c v 1.4 eay 24/9/91 * 1.4 Speed up by 400% :-) * 1.3 added register declarations. * 1.2 unrolled make_key_sched a bit more * 1.1 added norm_expand_bits * 1.0 First working version */ #include "des_locl.h" #include "podd.h" #include "sk.h" #ifndef NOPROTO static int check_parity(des_cblock (*key)); #else static int check_parity(); #endif int des_check_key=0; void des_set_odd_parity(key) des_cblock (*key); { int i; for (i=0; i>(n))^(b))&(m)),\ * (b)^=(t),\ * (a)=((a)^((t)<<(n)))) */ #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ (a)=(a)^(t)^(t>>(16-(n)))) /* return 0 if key parity is odd (correct), * return -1 if key parity error, * return -2 if illegal weak key. */ int des_set_key(key, schedule) des_cblock (*key); des_key_schedule schedule; { static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; register unsigned char *in; register DES_LONG *k; register int i; if (des_check_key) { if (!check_parity(key)) return(-1); if (des_is_weak_key(key)) return(-2); } k=(DES_LONG *)schedule; in=(unsigned char *)key; c2l(in,c); c2l(in,d); /* do PC1 in 60 simple operations */ /* PERM_OP(d,c,t,4,0x0f0f0f0fL); HPERM_OP(c,t,-2, 0xcccc0000L); HPERM_OP(c,t,-1, 0xaaaa0000L); HPERM_OP(c,t, 8, 0x00ff0000L); HPERM_OP(c,t,-1, 0xaaaa0000L); HPERM_OP(d,t,-8, 0xff000000L); HPERM_OP(d,t, 8, 0x00ff0000L); HPERM_OP(d,t, 2, 0x33330000L); d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L); d=(d>>8)|((c&0xf0000000L)>>4); c&=0x0fffffffL; */ /* I now do it in 47 simple operations :-) * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) * for the inspiration. :-) */ PERM_OP (d,c,t,4,0x0f0f0f0fL); HPERM_OP(c,t,-2,0xcccc0000L); HPERM_OP(d,t,-2,0xcccc0000L); PERM_OP (d,c,t,1,0x55555555L); PERM_OP (c,d,t,8,0x00ff00ffL); PERM_OP (d,c,t,1,0x55555555L); d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); c&=0x0fffffffL; for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } else { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } c&=0x0fffffffL; d&=0x0fffffffL; /* could be a few less shifts but I am to lazy at this * point in time to investigate */ s= des_skb[0][ (c )&0x3f ]| des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]| des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]| des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) | ((c>>22L)&0x38)]; t= des_skb[4][ (d )&0x3f ]| des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| des_skb[6][ (d>>15L)&0x3f ]| des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; /* table contained 0213 4657 */ t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; *(k++)=ROTATE(t2,30)&0xffffffffL; t2=((s>>16L)|(t&0xffff0000L)); *(k++)=ROTATE(t2,26)&0xffffffffL; } return(0); } int des_key_sched(key, schedule) des_cblock (*key); des_key_schedule schedule; { return(des_set_key(key,schedule)); } cyrus-sasl-2.1.25/mac/libdes/src/Makefile.ssl0000777000076400007640000000477307403027643015717 00000000000000# # SSLeay/crypto/des/Makefile # DIR= des TOP= ../.. CC= cc CPP= cc -E INCLUDES= CFLAG=-g INSTALLTOP=/usr/local/ssl MAKE= make -f Makefile.ssl MAKEDEPEND= makedepend -fMakefile.ssl MAKEFILE= Makefile.ssl DES_ENC= des_enc.o CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile des.org des_locl.org TEST=destest.c APPS= LIB=$(TOP)/libcrypto.a LIBSRC= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c \ fcrypt.c ncbc_enc.c ofb64enc.c ofb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c \ xcbc_enc.c des_enc.c \ str2key.c cfb64ede.c ofb64ede.c supp.c LIBOBJ= set_key.o ecb_enc.o ede_enc.o cbc_enc.o cbc3_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o fcrypt.o ncbc_enc.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ xcbc_enc.o ${DES_ENC} \ read_pwd.o rpc_enc.o cbc_cksm.o supp.o SRC= $(LIBSRC) EXHEADER= des.h HEADER= des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) all: lib lib: $(LIBOBJ) ar r $(LIB) $(LIBOBJ) sh $(TOP)/util/ranlib.sh $(LIB) @touch lib asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o files: perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: /bin/rm -f Makefile $(TOP)/util/point.sh Makefile.ssl Makefile ; /bin/rm -f des.doc $(TOP)/util/point.sh ../../doc/des.doc des.doc ; $(TOP)/util/mklink.sh ../../include $(EXHEADER) $(TOP)/util/mklink.sh ../../test $(TEST) $(TOP)/util/mklink.sh ../../apps $(APPS) install: installs installs: @for i in $(EXHEADER) ; \ do \ (cp $$i $(INSTALLTOP)/include/$$i; \ chmod 644 $(INSTALLTOP)/include/$$i ) \ done; tags: ctags $(SRC) tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) dclean: perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: /bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff errors: # DO NOT DELETE THIS LINE -- make depend depends on it. cyrus-sasl-2.1.25/mac/libdes/src/doPC10000777000076400007640000000407207403027645014302 00000000000000#!/usr/local/bin/perl @l=( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23, 24,25,26,27,28,29,30,31 ); @r=( 32,33,34,35,36,37,38,39, 40,41,42,43,44,45,46,47, 48,49,50,51,52,53,54,55, 56,57,58,59,60,61,62,63 ); require 'shifts.pl'; sub PERM_OP { local(*a,*b,*t,$n,$m)=@_; @z=&shift(*a,-$n); @z=&xor(*b,*z); @z=&and(*z,$m); @b=&xor(*b,*z); @z=&shift(*z,$n); @a=&xor(*a,*z); } sub HPERM_OP2 { local(*a,*t,$n,$m)=@_; local(@x,@y,$i); @z=&shift(*a,16-$n); @z=&xor(*a,*z); @z=&and(*z,$m); @a=&xor(*a,*z); @z=&shift(*z,$n-16); @a=&xor(*a,*z); } sub HPERM_OP { local(*a,*t,$n,$m)=@_; local(@x,@y,$i); for ($i=0; $i<16; $i++) { $x[$i]=$a[$i]; $y[$i]=$a[16+$i]; } @z=&shift(*x,-$n); @z=&xor(*y,*z); @z=&and(*z,$m); @y=&xor(*y,*z); @z=&shift(*z,$n); @x=&xor(*x,*z); for ($i=0; $i<16; $i++) { $a[$i]=$x[$i]; $a[16+$i]=$y[$i]; } } @L=@l; @R=@r; print "---\n"; &printit(@R); &PERM_OP(*R,*L,*T,4,0x0f0f0f0f); print "---\n"; &printit(@R); &HPERM_OP2(*L,*T,-2,0xcccc0000); &HPERM_OP2(*R,*T,-2,0xcccc0000); print "---\n"; &printit(@R); &PERM_OP(*R,*L,*T,1,0x55555555); print "---\n"; &printit(@R); &PERM_OP(*L,*R,*T,8,0x00ff00ff); print "---\n"; &printit(@R); &PERM_OP(*R,*L,*T,1,0x55555555); print "---\n"; &printit(@R); # &printit(@L); &printit(@R); print <<"EOF"; ============================== 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 60 52 44 36 -- -- -- -- 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 28 20 12 4 -- -- -- -- EOF exit(1); @A=&and(*R,0x000000ff); @A=&shift(*A,16); @B=&and(*R,0x0000ff00); @C=&and(*R,0x00ff0000); @C=&shift(*C,-16); @D=&and(*L,0xf0000000); @D=&shift(*D,-4); @A=&or(*A,*B); @B=&or(*D,*C); @R=&or(*A,*B); @L=&and(*L,0x0fffffff); &printit(@L); &printit(@R); cyrus-sasl-2.1.25/mac/libdes/src/PC10000777000076400007640000000070607403027643013755 00000000000000#!/usr/local/bin/perl @PC1=( 57,49,41,33,25,17, 9, 1,58,50,42,34,26,18, 10, 2,59,51,43,35,27, 19,11, 3,60,52,44,36, "-","-","-","-", 63,55,47,39,31,23,15, 7,62,54,46,38,30,22, 14, 6,61,53,45,37,29, 21,13, 5,28,20,12, 4, "-","-","-","-", ); foreach (@PC1) { if ($_ ne "-") { $_--; $_=int($_/8)*8+7-($_%8); printf "%2d ",$_; } else { print "-- "; } print "\n" if (((++$i) % 8) == 0); print "\n" if ((($i) % 32) == 0); } cyrus-sasl-2.1.25/mac/libdes/src/FILES0000777000076400007640000000724407403027642014237 00000000000000/* General stuff */ COPYRIGHT - Copyright info. MODES.DES - A description of the features of the different modes of DES. FILES - This file. INSTALL - How to make things compile. Imakefile - For use with kerberos. README - What this package is. VERSION - Which version this is and what was changed. KERBEROS - Kerberos version 4 notes. Makefile.PL - An old makefile to build with perl5, not current. Makefile.ssl - The SSLeay makefile Makefile.uni - The normal unix makefile. GNUmakefile - The makefile for use with glibc. makefile.bc - A Borland C makefile times - Some outputs from 'speed' on some machines. vms.com - For use when compiling under VMS /* My SunOS des(1) replacement */ des.c - des(1) source code. des.man - des(1) manual. /* Testing and timing programs. */ destest.c - Source for libdes.a test program. speed.c - Source for libdes.a timing program. rpw.c - Source for libdes.a testing password reading routines. /* libdes.a source code */ des_crypt.man - libdes.a manual page. des.h - Public libdes.a header file. ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code. ecb3_enc.c - des_ecb3_encrypt() source. cbc_ckm.c - des_cbc_cksum() source. cbc_enc.c - des_cbc_encrypt() source. ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies the new iv values back in the passed iv vector. ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES. cbc3_enc.c - des_3cbc_encrypt() source, don't use this function. cfb_enc.c - des_cfb_encrypt() source. cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be used as a stream cipher. cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be used as a stream cipher and using triple DES. ofb_enc.c - des_cfb_encrypt() source. ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be used as a stream cipher. ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be used as a stream cipher and using triple DES. enc_read.c - des_enc_read() source. enc_writ.c - des_enc_write() source. pcbc_enc.c - des_pcbc_encrypt() source. qud_cksm.c - quad_cksum() source. rand_key.c - des_random_key() source. read_pwd.c - Source for des_read_password() plus related functions. set_key.c - Source for des_set_key(). str2key.c - Covert a string of any length into a key. fcrypt.c - A small, fast version of crypt(3). des_locl.h - Internal libdes.a header file. podd.h - Odd parity tables - used in des_set_key(). sk.h - Lookup tables used in des_set_key(). spr.h - What is left of the S tables - used in ecb_encrypt(). des_ver.h - header file for the external definition of the version string. des.doc - SSLeay documentation for the library. /* The perl scripts - you can ignore these files they are only * included for the curious */ des.pl - des in perl anyone? des_set_key and des_ecb_encrypt both done in a perl library. testdes.pl - Testing program for des.pl doIP - Perl script used to develop IP xor/shift code. doPC1 - Perl script used to develop PC1 xor/shift code. doPC2 - Generates sk.h. PC1 - Output of doPC1 should be the same as output from PC1. PC2 - used in development of doPC2. shifts.pl - Perl library used by my perl scripts. /* I started making a perl5 dynamic library for libdes * but did not fully finish, these files are part of that effort. */ DES.pm DES.pod DES.xs t typemap /* The following are for use with sun RPC implementaions. */ rpc_des.h rpc_enc.c /* The following are contibuted by Mark Murray . They * are not normally built into libdes due to machine specific routines * contained in them. They are for use in the most recent incarnation of * export kerberos v 4 (eBones). */ supp.c new_rkey.c cyrus-sasl-2.1.25/mac/libdes/src/podd.h0000777000076400007640000001026307403027647014551 00000000000000/* crypto/des/podd.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ static const unsigned char odd_parity[256]={ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; cyrus-sasl-2.1.25/mac/libdes/src/passwd_dlg.h0000777000076400007640000000421607403027646015752 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* passwd_dlg.h - Dialog boxes for Windows95/NT * Author: Jšrgen Karlsson - d93-jka@nada.kth.se * Date: June 1996 */ /* $Id: passwd_dlg.h,v 1.2 2001/12/04 02:06:30 rjs3 Exp $ */ #ifndef PASSWD_DLG_H #define PASSWD_DLG_H int pwd_dialog(char *buf, int size); #endif /* PASSWD_DLG_H */ cyrus-sasl-2.1.25/mac/libdes/src/rnd_keys.c0000777000076400007640000002537507403027647015446 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include "config.h" RCSID("$Id: rnd_keys.c,v 1.2 2001/12/04 02:06:31 rjs3 Exp $"); #endif #include #include #ifdef KRB5 #include #elif defined(KRB4) #include #endif #include #ifdef TIME_WITH_SYS_TIME #include #include #elif defined(HAVE_SYS_TIME_H) #include #else #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_IO_H #include #endif #ifdef HAVE_SIGNAL_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_WINSOCK_H #include #endif /* * Generate "random" data by checksumming a file. * * Returns -1 if there were any problems with permissions or I/O * errors. */ static int sumFile (const char *name, int len, void *res) { u_int32_t sum[2]; u_int32_t buf[1024*2]; int fd, i; fd = open (name, 0); if (fd < 0) return -1; while (len > 0) { int n = read(fd, buf, sizeof(buf)); if (n < 0) { close(fd); return n; } for (i = 0; i < (n/sizeof(buf[0])); i++) { sum[0] += buf[i]; i++; sum[1] += buf[i]; } len -= n; } close (fd); memcpy (res, &sum, sizeof(sum)); return 0; } #if 0 static int md5sumFile (const char *name, int len, int32_t sum[4]) { int32_t buf[1024*2]; int fd, cnt; struct md5 md5; fd = open (name, 0); if (fd < 0) return -1; md5_init(&md5); while (len > 0) { int n = read(fd, buf, sizeof(buf)); if (n < 0) { close(fd); return n; } md5_update(&md5, buf, n); len -= n; } md5_finito(&md5, (unsigned char *)sum); close (fd); return 0; } #endif /* * Create a sequence of random 64 bit blocks. * The sequence is indexed with a long long and * based on an initial des key used as a seed. */ static des_key_schedule sequence_seed; static u_int32_t sequence_index[2]; /* * Random number generator based on ideas from truerand in cryptolib * as described on page 424 in Applied Cryptography 2 ed. by Bruce * Schneier. */ static volatile int counter; static volatile unsigned char *gdata; /* Global data */ static volatile int igdata; /* Index into global data */ static int gsize; #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) /* Visual C++ 4.0 (Windows95/NT) */ static RETSIGTYPE sigALRM(int sig) { if (igdata < gsize) gdata[igdata++] ^= counter & 0xff; #ifndef HAVE_SIGACTION signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */ #endif SIGRETURN(0); } #endif #if !defined(HAVE_RANDOM) && defined(HAVE_RAND) #ifndef srandom #define srandom srand #endif #ifndef random #define random rand #endif #endif static void des_not_rand_data(unsigned char *data, int size) { int i; srandom (time (NULL)); for(i = 0; i < size; ++i) data[i] ^= random() % 0x100; } #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) #ifndef HAVE_SETITIMER static void pacemaker(struct timeval *tv) { fd_set fds; pid_t pid; pid = getppid(); while(1){ FD_ZERO(&fds); FD_SET(0, &fds); select(1, &fds, NULL, NULL, tv); kill(pid, SIGALRM); } } #endif /* * Generate size bytes of "random" data using timed interrupts. * It takes about 40ms/byte random data. * It's not neccessary to be root to run it. */ void des_rand_data(unsigned char *data, int size) { struct itimerval tv, otv; #ifdef HAVE_SIGACTION struct sigaction sa, osa; #else RETSIGTYPE (*osa)(int); #endif int i, j; #ifndef HAVE_SETITIMER pid_t pid; #endif char *rnd_devices[] = {"/dev/random", "/dev/srandom", "/dev/urandom", NULL}; char **p; for(p = rnd_devices; *p; p++) { int fd = open(*p, O_RDONLY | O_NDELAY); if(fd >= 0 && read(fd, data, size) == size) { close(fd); return; } close(fd); } /* Paranoia? Initialize data from /dev/mem if we can read it. */ if (size >= 8) sumFile("/dev/mem", (1024*1024*2), data); gdata = data; gsize = size; igdata = 0; #ifdef HAVE_SIGACTION /* Setup signal handler */ sa.sa_handler = sigALRM; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); sigaction(SIGALRM, &sa, &osa); #else osa = signal(SIGALRM, sigALRM); #endif /* Start timer */ tv.it_value.tv_sec = 0; tv.it_value.tv_usec = 10 * 1000; /* 10 ms */ tv.it_interval = tv.it_value; #ifdef HAVE_SETITIMER setitimer(ITIMER_REAL, &tv, &otv); #else pid = fork(); if(pid == -1){ des_not_rand_data(data, size); return; } if(pid == 0) pacemaker(&tv.it_interval); #endif for(i = 0; i < 4; i++) { for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */ counter++; for (j = 0; j < size; j++) /* Only use 2 bits each lap */ gdata[j] = (gdata[j]>>2) | (gdata[j]<<6); } #ifdef HAVE_SETITIMER setitimer(ITIMER_REAL, &otv, 0); #else kill(pid, SIGKILL); waitpid(pid, NULL, 0); #endif #ifdef HAVE_SIGACTION sigaction(SIGALRM, &osa, 0); #else signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL); #endif } #else void des_rand_data(unsigned char *p, int s) { des_not_rand_data (p, s); } #endif void des_generate_random_block(des_cblock *block) { des_rand_data((unsigned char *)block, sizeof(*block)); } /* * Generate a "random" DES key. */ void des_rand_data_key(des_cblock *key) { unsigned char data[8]; des_key_schedule sched; do { des_rand_data(data, sizeof(data)); des_rand_data((unsigned char*)key, sizeof(des_cblock)); des_set_odd_parity(key); des_key_sched(key, sched); des_ecb_encrypt(&data, key, sched, DES_ENCRYPT); memset(&data, 0, sizeof(data)); memset(&sched, 0, sizeof(sched)); des_set_odd_parity(key); } while(des_is_weak_key(key)); } /* * Generate "random" data by checksumming /dev/mem * * It's neccessary to be root to run it. Returns -1 if there were any * problems with permissions. */ int des_mem_rand8(unsigned char *data) { return 1; } /* * In case the generator does not get initialized use this as fallback. */ static int initialized; static void do_initialize(void) { des_cblock default_seed; do { des_generate_random_block(&default_seed); des_set_odd_parity(&default_seed); } while (des_is_weak_key(&default_seed)); des_init_random_number_generator(&default_seed); } #define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0) #define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0) #define set_sequence_number(ll) \ memcpy((char *)sequence_index, (ll), sizeof(sequence_index)); /* * Set the sequnce number to this value (a long long). */ void des_set_sequence_number(unsigned char *ll) { set_sequence_number(ll); } /* * Set the generator seed and reset the sequence number to 0. */ void des_set_random_generator_seed(des_cblock *seed) { des_key_sched(seed, sequence_seed); zero_long_long(sequence_index); initialized = 1; } /* * Generate a sequence of random des keys * using the random block sequence, fixup * parity and skip weak keys. */ int des_new_random_key(des_cblock *key) { if (!initialized) do_initialize(); do { des_ecb_encrypt((des_cblock *) sequence_index, key, sequence_seed, DES_ENCRYPT); incr_long_long(sequence_index); /* random key must have odd parity and not be weak */ des_set_odd_parity(key); } while (des_is_weak_key(key)); return(0); } /* * des_init_random_number_generator: * * Initialize the sequence of random 64 bit blocks. The input seed * can be a secret key since it should be well hidden and is also not * kept. * */ void des_init_random_number_generator(des_cblock *seed) { struct timeval now; des_cblock uniq; des_cblock new_key; gettimeofday(&now, (struct timezone *)0); des_generate_random_block(&uniq); /* Pick a unique random key from the shared sequence. */ des_set_random_generator_seed(seed); set_sequence_number((unsigned char *)&uniq); des_new_random_key(&new_key); /* Select a new nonshared sequence, */ des_set_random_generator_seed(&new_key); /* and use the current time to pick a key for the new sequence. */ set_sequence_number((unsigned char *)&now); des_new_random_key(&new_key); des_set_random_generator_seed(&new_key); } /* This is for backwards compatibility. */ void des_random_key(des_cblock ret) { des_new_random_key((des_cblock *)ret); } #ifdef TESTRUN int main() { unsigned char data[8]; int i; while (1) { if (sumFile("/dev/mem", (1024*1024*8), data) != 0) { perror("sumFile"); exit(1); } for (i = 0; i < 8; i++) printf("%02x", data[i]); printf("\n"); } } #endif #ifdef TESTRUN2 int main() { des_cblock data; int i; while (1) { do_initialize(); des_random_key(data); for (i = 0; i < 8; i++) printf("%02x", data[i]); printf("\n"); } } #endif cyrus-sasl-2.1.25/mac/libdes/src/ecb3_enc.c0000777000076400007640000000721307403027645015256 00000000000000/* crypto/des/ecb3_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" void des_ecb3_encrypt(input, output, ks1, ks2, ks3, encrypt) des_cblock (*input); des_cblock (*output); des_key_schedule ks1; des_key_schedule ks2; des_key_schedule ks3; int encrypt; { register DES_LONG l0,l1; register unsigned char *in,*out; DES_LONG ll[2]; in=(unsigned char *)input; out=(unsigned char *)output; c2l(in,l0); c2l(in,l1); ll[0]=l0; ll[1]=l1; if (encrypt) des_encrypt3(ll,ks1,ks2,ks3); else des_decrypt3(ll,ks1,ks2,ks3); l0=ll[0]; l1=ll[1]; l2c(l0,out); l2c(l1,out); } cyrus-sasl-2.1.25/mac/libdes/src/typemap0000777000076400007640000000115007403027650015041 00000000000000# # DES SECTION # deschar * T_DESCHARP des_cblock * T_CBLOCK des_cblock T_CBLOCK des_key_schedule T_SCHEDULE des_key_schedule * T_SCHEDULE INPUT T_CBLOCK $var=(des_cblock *)SvPV($arg,len); if (len < DES_KEY_SZ) { croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ); } T_SCHEDULE $var=(des_key_schedule *)SvPV($arg,len); if (len < DES_SCHEDULE_SZ) { croak(\"$var needs to be at least %u bytes long\", DES_SCHEDULE_SZ); } OUTPUT T_CBLOCK sv_setpvn($arg,(char *)$var,DES_KEY_SZ); T_SCHEDULE sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ); T_DESCHARP sv_setpvn($arg,(char *)$var,len); cyrus-sasl-2.1.25/mac/libdes/src/cfb_enc.c0000777000076400007640000001301507403027643015167 00000000000000/* crypto/des/cfb_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output are loaded in multiples of 8 bits. * What this means is that if you hame numbits=12 and length=2 * the first 12 bits will be retrieved from the first byte and half * the second. The second 12 bits will come from the 3rd and half the 4th * byte. */ void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, encrypt) unsigned char *in; unsigned char *out; int numbits; long length; des_key_schedule schedule; des_cblock (*ivec); int encrypt; { register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; register DES_LONG mask0,mask1; register unsigned long l=length; register int num=numbits; DES_LONG ti[2]; unsigned char *iv; if (num > 64) return; if (num > 32) { mask0=0xffffffffL; if (num == 64) mask1=mask0; else mask1=(1L<<(num-32))-1; } else { if (num == 32) mask0=0xffffffffL; else mask0=(1L<= n) { l-=n; ti[0]=v0; ti[1]=v1; des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; d0=(d0^ti[0])&mask0; d1=(d1^ti[1])&mask1; l2cn(d0,d1,out,n); out+=n; /* 30-08-94 - eay - changed because l>>32 and * l<<32 are bad under gcc :-( */ if (num == 32) { v0=v1; v1=d0; } else if (num == 64) { v0=d0; v1=d1; } else if (num > 32) /* && num != 64 */ { v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; } else /* num < 32 */ { v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; } } } else { while (l >= n) { l-=n; ti[0]=v0; ti[1]=v1; des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; /* 30-08-94 - eay - changed because l>>32 and * l<<32 are bad under gcc :-( */ if (num == 32) { v0=v1; v1=d0; } else if (num == 64) { v0=d0; v1=d1; } else if (num > 32) /* && num != 64 */ { v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; } else /* num < 32 */ { v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; } d0=(d0^ti[0])&mask0; d1=(d1^ti[1])&mask1; l2cn(d0,d1,out,n); out+=n; } } iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); v0=v1=d0=d1=ti[0]=ti[1]=0; } cyrus-sasl-2.1.25/mac/libdes/src/ede_enc.c0000777000076400007640000001242407403027645015177 00000000000000/* crypto/des/ede_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, encrypt) des_cblock (*input); des_cblock (*output); long length; des_key_schedule ks1; des_key_schedule ks2; des_key_schedule ks3; des_cblock (*ivec); int encrypt; { register DES_LONG tin0,tin1; register DES_LONG tout0,tout1,xor0,xor1; register unsigned char *in,*out; register long l=length; DES_LONG tin[2]; unsigned char *iv; in=(unsigned char *)input; out=(unsigned char *)output; iv=(unsigned char *)ivec; if (encrypt) { c2l(iv,tout0); c2l(iv,tout1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); c2l(in,tin1); tin0^=tout0; tin1^=tout1; tin[0]=tin0; tin[1]=tin1; des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); tout0=tin[0]; tout1=tin[1]; l2c(tout0,out); l2c(tout1,out); } if (l != -8) { c2ln(in,tin0,tin1,l+8); tin0^=tout0; tin1^=tout1; tin[0]=tin0; tin[1]=tin1; des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); tout0=tin[0]; tout1=tin[1]; l2c(tout0,out); l2c(tout1,out); } iv=(unsigned char *)ivec; l2c(tout0,iv); l2c(tout1,iv); } else { register DES_LONG t0,t1; c2l(iv,xor0); c2l(iv,xor1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); c2l(in,tin1); t0=tin0; t1=tin1; tin[0]=tin0; tin[1]=tin1; des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); tout0=tin[0]; tout1=tin[1]; tout0^=xor0; tout1^=xor1; l2c(tout0,out); l2c(tout1,out); xor0=t0; xor1=t1; } if (l != -8) { c2l(in,tin0); c2l(in,tin1); t0=tin0; t1=tin1; tin[0]=tin0; tin[1]=tin1; des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); tout0=tin[0]; tout1=tin[1]; tout0^=xor0; tout1^=xor1; l2cn(tout0,tout1,out,l+8); xor0=t0; xor1=t1; } iv=(unsigned char *)ivec; l2c(xor0,iv); l2c(xor1,iv); } tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; } #ifdef undef /* MACRO */ void des_ede2_cbc_encrypt(input, output, length, ks1, ks2, ivec, enc) des_cblock (*input); des_cblock (*output); long length; des_key_schedule ks1; des_key_schedule ks2; des_cblock (*ivec); int enc; { des_ede3_cbc_encrypt(input,output,length,ks1,ks2,ks1,ivec,enc); } #endif cyrus-sasl-2.1.25/mac/libdes/src/passwd_dialog.res0000777000076400007640000000050007403027646016775 00000000000000 ØØØØ ØØØØe0ç ËƼBPassword queryMS Sans Serif ªP}ŽØتP-2ØØ¥OKPi-2ØØ¥CancelP WØØØØ­Please insert password:cyrus-sasl-2.1.25/mac/libdes/src/ofb64ede.c0000777000076400007640000001067407403027646015221 00000000000000/* crypto/des/ofb64ede.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num) register unsigned char *in; register unsigned char *out; long length; des_key_schedule k1,k2,k3; des_cblock (*ivec); int *num; { register DES_LONG v0,v1; register int n= *num; register long l=length; des_cblock d; register char *dp; DES_LONG ti[2]; unsigned char *iv; int save=0; iv=(unsigned char *)ivec; c2l(iv,v0); c2l(iv,v1); ti[0]=v0; ti[1]=v1; dp=(char *)d; l2c(v0,dp); l2c(v1,dp); while (l--) { if (n == 0) { ti[0]=v0; ti[1]=v1; des_encrypt3((DES_LONG *)ti,k1,k2,k3); v0=ti[0]; v1=ti[1]; dp=(char *)d; l2c(v0,dp); l2c(v1,dp); save++; } *(out++)= *(in++)^d[n]; n=(n+1)&0x07; } if (save) { /* v0=ti[0]; v1=ti[1];*/ iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); } v0=v1=ti[0]=ti[1]=0; *num=n; } #ifdef undef /* MACRO */ void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num) register unsigned char *in; register unsigned char *out; long length; des_key_schedule k1,k2; des_cblock (*ivec); int *num; { des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); } #endif cyrus-sasl-2.1.25/mac/libdes/src/version.h0000777000076400007640000000474607403027650015313 00000000000000/* lib/des/version.h */ /* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL * specification. This library and applications are * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE * as long as the following conditions are aheared to. * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. If this code is used in a product, * Eric Young should be given attribution as the author of the parts used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Eric Young (eay@mincom.oz.au) * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ extern char *DES_version; cyrus-sasl-2.1.25/mac/libdes/src/cbc_enc.c0000777000076400007640000001130107403027643015160 00000000000000/* crypto/des/cbc_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" void des_cbc_encrypt(input, output, length, schedule, ivec, encrypt) des_cblock (*input); des_cblock (*output); long length; des_key_schedule schedule; des_cblock (*ivec); int encrypt; { register DES_LONG tin0,tin1; register DES_LONG tout0,tout1,xor0,xor1; register unsigned char *in,*out; register long l=length; DES_LONG tin[2]; unsigned char *iv; in=(unsigned char *)input; out=(unsigned char *)output; iv=(unsigned char *)ivec; if (encrypt) { c2l(iv,tout0); c2l(iv,tout1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); c2l(in,tin1); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; l2c(tout0,out); tout1=tin[1]; l2c(tout1,out); } if (l != -8) { c2ln(in,tin0,tin1,l+8); tin0^=tout0; tin[0]=tin0; tin1^=tout1; tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; l2c(tout0,out); tout1=tin[1]; l2c(tout1,out); } } else { c2l(iv,xor0); c2l(iv,xor1); for (l-=8; l>=0; l-=8) { c2l(in,tin0); tin[0]=tin0; c2l(in,tin1); tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2c(tout0,out); l2c(tout1,out); xor0=tin0; xor1=tin1; } if (l != -8) { c2l(in,tin0); tin[0]=tin0; c2l(in,tin1); tin[1]=tin1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; l2cn(tout0,tout1,out,l+8); /* xor0=tin0; xor1=tin1; */ } } tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; } cyrus-sasl-2.1.25/mac/libdes/src/DES.pm0000777000076400007640000000064707403027642014423 00000000000000package DES; require Exporter; require DynaLoader; @ISA = qw(Exporter DynaLoader); # Items to export into callers namespace by default # (move infrequently used names to @EXPORT_OK below) @EXPORT = qw( ); # Other items we are prepared to export if requested @EXPORT_OK = qw( crypt ); # Preloaded methods go here. Autoload methods go after __END__, and are # processed by the autosplit program. bootstrap DES; 1; __END__ cyrus-sasl-2.1.25/mac/libdes/src/des.man0000777000076400007640000001107407403027644014720 00000000000000.TH DES 1 .SH NAME des - encrypt or decrypt data using Data Encryption Standard .SH SYNOPSIS .B des ( .B \-e | .B \-E ) | ( .B \-d | .B \-D ) | ( .B \-\fR[\fPcC\fR][\fPckname\fR]\fP ) | [ .B \-b3hfs ] [ .B \-k .I key ] ] [ .B \-u\fR[\fIuuname\fR] [ .I input-file [ .I output-file ] ] .SH DESCRIPTION .B des encrypts and decrypts data using the Data Encryption Standard algorithm. One of .B \-e, \-E (for encrypt) or .B \-d, \-D (for decrypt) must be specified. It is also possible to use .B \-c or .B \-C in conjunction or instead of the a encrypt/decrypt option to generate a 16 character hexadecimal checksum, generated via the .I des_cbc_cksum. .LP Two standard encryption modes are supported by the .B des program, Cipher Block Chaining (the default) and Electronic Code Book (specified with .B \-b ). .LP The key used for the DES algorithm is obtained by prompting the user unless the .B `\-k .I key' option is given. If the key is an argument to the .B des command, it is potentially visible to users executing .BR ps (1) or a derivative. To minimise this possibility, .B des takes care to destroy the key argument immediately upon entry. If your shell keeps a history file be careful to make sure it is not world readable. .LP Since this program attempts to maintain compatability with sunOS's des(1) command, there are 2 different methods used to convert the user supplied key to a des key. Whenever and one or more of .B \-E, \-D, \-C or .B \-3 options are used, the key conversion procedure will not be compatible with the sunOS des(1) version but will use all the user supplied character to generate the des key. .B des command reads from standard input unless .I input-file is specified and writes to standard output unless .I output-file is given. .SH OPTIONS .TP .B \-b Select ECB (eight bytes at a time) encryption mode. .TP .B \-3 Encrypt using triple encryption. By default triple cbc encryption is used but if the .B \-b option is used then triple ecb encryption is performed. If the key is less than 8 characters long, the flag has no effect. .TP .B \-e Encrypt data using an 8 byte key in a manner compatible with sunOS des(1). .TP .B \-E Encrypt data using a key of nearly unlimited length (1024 bytes). This will product a more secure encryption. .TP .B \-d Decrypt data that was encrypted with the \-e option. .TP .B \-D Decrypt data that was encrypted with the \-E option. .TP .B \-c Generate a 16 character hexadecimal cbc checksum and output this to stderr. If a filename was specified after the .B \-c option, the checksum is output to that file. The checksum is generated using a key generated in a sunOS compatible manner. .TP .B \-C A cbc checksum is generated in the same manner as described for the .B \-c option but the DES key is generated in the same manner as used for the .B \-E and .B \-D options .TP .B \-f Does nothing - allowed for compatibility with sunOS des(1) command. .TP .B \-s Does nothing - allowed for compatibility with sunOS des(1) command. .TP .B "\-k \fIkey\fP" Use the encryption .I key specified. .TP .B "\-h" The .I key is assumed to be a 16 character hexadecimal number. If the .B "\-3" option is used the key is assumed to be a 32 character hexadecimal number. .TP .B \-u This flag is used to read and write uuencoded files. If decrypting, the input file is assumed to contain uuencoded, DES encrypted data. If encrypting, the characters following the -u are used as the name of the uuencoded file to embed in the begin line of the uuencoded output. If there is no name specified after the -u, the name text.des will be embedded in the header. .SH SEE ALSO .B ps (1) .B des_crypt(3) .SH BUGS .LP The problem with using the .B -e option is the short key length. It would be better to use a real 56-bit key rather than an ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII radically reduces the time necessary for a brute-force cryptographic attack. My attempt to remove this problem is to add an alternative text-key to DES-key function. This alternative function (accessed via .B -E, -D, -S and .B -3 ) uses DES to help generate the key. .LP Be carefully when using the -u option. Doing des -ud will not decrypt filename (the -u option will gobble the d option). .LP The VMS operating system operates in a world where files are always a multiple of 512 bytes. This causes problems when encrypted data is send from unix to VMS since a 88 byte file will suddenly be padded with 424 null bytes. To get around this problem, use the -u option to uuencode the data before it is send to the VMS system. .SH AUTHOR .LP Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au) cyrus-sasl-2.1.25/mac/libdes/src/PC20000777000076400007640000000153507403027643013757 00000000000000#!/usr/local/bin/perl @PC2_C=(14,17,11,24, 1, 5, 3,28,15, 6,21,10, 23,19,12, 4,26, 8, 16, 7,27,20,13, 2, ); @PC2_D=(41,52,31,37,47,55, 30,40,51,45,33,48, 44,49,39,56,34,53, 46,42,50,36,29,32, ); foreach (@PC2_C) { if ($_ ne "-") { $_--; printf "%2d ",$_; } else { print "-- "; } $C{$_}=1; print "\n" if (((++$i) % 8) == 0); } $i=0; print "\n"; foreach (@PC2_D) { if ($_ ne "-") { $_-=29; printf "%2d ",$_; } else { print "-- "; } $D{$_}=1; print "\n" if (((++$i) % 8) == 0); } print "\n"; foreach $i (0 .. 27) { $_=$C{$i}; if ($_ ne "-") {printf "%2d ",$_;} else { print "-- "; } print "\n" if (((++$i) % 8) == 0); } print "\n"; print "\n"; foreach $i (0 .. 27) { $_=$D{$i}; if ($_ ne "-") {printf "%2d ",$_;} else { print "-- "; } print "\n" if (((++$i) % 8) == 0); } print "\n"; sub numsort { $a-$b; } cyrus-sasl-2.1.25/mac/libdes/src/ofb64enc.c0000777000076400007640000001017507403027646015225 00000000000000/* crypto/des/ofb64enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit ofb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_ofb64_encrypt(in, out, length, schedule, ivec, num) register unsigned char *in; register unsigned char *out; long length; des_key_schedule schedule; des_cblock (*ivec); int *num; { register DES_LONG v0,v1,t; register int n= *num; register long l=length; des_cblock d; register char *dp; DES_LONG ti[2]; unsigned char *iv; int save=0; iv=(unsigned char *)ivec; c2l(iv,v0); c2l(iv,v1); ti[0]=v0; ti[1]=v1; dp=(char *)d; l2c(v0,dp); l2c(v1,dp); while (l--) { if (n == 0) { des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); dp=(char *)d; t=ti[0]; l2c(t,dp); t=ti[1]; l2c(t,dp); save++; } *(out++)= *(in++)^d[n]; n=(n+1)&0x07; } if (save) { v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); } t=v0=v1=ti[0]=ti[1]=0; *num=n; } cyrus-sasl-2.1.25/mac/libdes/src/sha.c0000777000076400007640000001475007403027647014376 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include "config.h" RCSID("$Id: sha.c,v 1.2 2001/12/04 02:06:31 rjs3 Exp $"); #endif #include #include #include "sha.h" #ifndef min #define min(a,b) (((a)>(b))?(b):(a)) #endif #define A m->counter[0] #define B m->counter[1] #define C m->counter[2] #define D m->counter[3] #define E m->counter[4] #define X data void sha_init (struct sha *m) { m->offset = 0; m->sz = 0; A = 0x67452301; B = 0xefcdab89; C = 0x98badcfe; D = 0x10325476; E = 0xc3d2e1f0; } static inline u_int32_t cshift (u_int32_t x, unsigned int n) { return (x << n) | (x >> (32 - n)); } #define F0(x,y,z) ((x & y) | (~x & z)) #define F1(x,y,z) (x ^ y ^ z) #define F2(x,y,z) ((x & y) | (x & z) | (y & z)) #define F3(x,y,z) F1(x,y,z) #define K0 0x5a827999 #define K1 0x6ed9eba1 #define K2 0x8f1bbcdc #define K3 0xca62c1d6 #define DO(t,f,k) \ do { \ u_int32_t temp; \ \ temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ EE = DD; \ DD = CC; \ CC = cshift(BB, 30); \ BB = AA; \ AA = temp; \ } while(0) static inline void calc (struct sha *m, u_int32_t *in) { u_int32_t AA, BB, CC, DD, EE; u_int32_t data[80]; int i; AA = A; BB = B; CC = C; DD = D; EE = E; for (i = 0; i < 16; ++i) data[i] = in[i]; for (i = 16; i < 80; ++i) data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1); /* t=[0,19] */ DO(0,F0,K0); DO(1,F0,K0); DO(2,F0,K0); DO(3,F0,K0); DO(4,F0,K0); DO(5,F0,K0); DO(6,F0,K0); DO(7,F0,K0); DO(8,F0,K0); DO(9,F0,K0); DO(10,F0,K0); DO(11,F0,K0); DO(12,F0,K0); DO(13,F0,K0); DO(14,F0,K0); DO(15,F0,K0); DO(16,F0,K0); DO(17,F0,K0); DO(18,F0,K0); DO(19,F0,K0); /* t=[20,39] */ DO(20,F1,K1); DO(21,F1,K1); DO(22,F1,K1); DO(23,F1,K1); DO(24,F1,K1); DO(25,F1,K1); DO(26,F1,K1); DO(27,F1,K1); DO(28,F1,K1); DO(29,F1,K1); DO(30,F1,K1); DO(31,F1,K1); DO(32,F1,K1); DO(33,F1,K1); DO(34,F1,K1); DO(35,F1,K1); DO(36,F1,K1); DO(37,F1,K1); DO(38,F1,K1); DO(39,F1,K1); /* t=[40,59] */ DO(40,F2,K2); DO(41,F2,K2); DO(42,F2,K2); DO(43,F2,K2); DO(44,F2,K2); DO(45,F2,K2); DO(46,F2,K2); DO(47,F2,K2); DO(48,F2,K2); DO(49,F2,K2); DO(50,F2,K2); DO(51,F2,K2); DO(52,F2,K2); DO(53,F2,K2); DO(54,F2,K2); DO(55,F2,K2); DO(56,F2,K2); DO(57,F2,K2); DO(58,F2,K2); DO(59,F2,K2); /* t=[60,79] */ DO(60,F3,K3); DO(61,F3,K3); DO(62,F3,K3); DO(63,F3,K3); DO(64,F3,K3); DO(65,F3,K3); DO(66,F3,K3); DO(67,F3,K3); DO(68,F3,K3); DO(69,F3,K3); DO(70,F3,K3); DO(71,F3,K3); DO(72,F3,K3); DO(73,F3,K3); DO(74,F3,K3); DO(75,F3,K3); DO(76,F3,K3); DO(77,F3,K3); DO(78,F3,K3); DO(79,F3,K3); A += AA; B += BB; C += CC; D += DD; E += EE; } /* * From `Performance analysis of SHA' by Joseph D. Touch */ static inline u_int32_t swap_u_int32_t (u_int32_t t) { #if !defined(WORDS_BIGENDIAN) #define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) u_int32_t temp1, temp2; temp1 = ROL(t,16); temp2 = temp1 >> 8; temp1 &= 0x00ff00ff; temp2 &= 0x00ff00ff; temp1 <<= 8; return temp1 | temp2; #else return t; #endif } struct x32{ unsigned int a:32; unsigned int b:32; }; void sha_update (struct sha *m, const void *v, size_t len) { const unsigned char *p = v; m->sz += len; while(len > 0){ size_t l = min(len, 64 - m->offset); memcpy(m->save + m->offset, p, l); m->offset += l; p += l; len -= l; if(m->offset == 64){ #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) int i; u_int32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ current[2*i+0] = swap_u_int32_t(u[i].a); current[2*i+1] = swap_u_int32_t(u[i].b); } calc(m, current); #else calc(m, (u_int32_t*)m->save); #endif m->offset = 0; } } } void sha_finito (struct sha *m, void *res) { static unsigned char zeros[72]; u_int32_t len; unsigned int dstart = (120 - m->offset - 1) % 64 + 1; *zeros = 0x80; memset (zeros + 1, 0, sizeof(zeros) - 1); len = 8 * m->sz; zeros[dstart+7] = (len >> 0) & 0xff; zeros[dstart+6] = (len >> 8) & 0xff; zeros[dstart+5] = (len >> 16) & 0xff; zeros[dstart+4] = (len >> 24) & 0xff; sha_update (m, zeros, dstart + 8); { int i; unsigned char *r = (unsigned char*)res; for (i = 0; i < 5; ++i) { r[4*i+3] = m->counter[i] & 0xFF; r[4*i+2] = (m->counter[i] >> 8) & 0xFF; r[4*i+1] = (m->counter[i] >> 16) & 0xFF; r[4*i] = (m->counter[i] >> 24) & 0xFF; } } #if 0 { int i; u_int32_t *r = (u_int32_t *)res; for (i = 0; i < 5; ++i) r[i] = swap_u_int32_t (m->counter[i]); } #endif } cyrus-sasl-2.1.25/mac/libdes/src/des.dsp0000777000076400007640000001402007403027644014725 00000000000000# Microsoft Developer Studio Project File - Name="des" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 5.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 CFG=des - Win32 Release !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE !MESSAGE NMAKE /f "des.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE !MESSAGE NMAKE /f "des.mak" CFG="des - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE !MESSAGE "des - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE "des - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE # Begin Project # PROP Scc_ProjName "" # PROP Scc_LocalPath "" CPP=cl.exe MTL=midl.exe RSC=rc.exe !IF "$(CFG)" == "des - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 # PROP BASE Output_Dir ".\Release" # PROP BASE Intermediate_Dir ".\Release" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 # PROP Output_Dir ".\Release" # PROP Intermediate_Dir ".\Release" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c # ADD CPP /nologo /MT /W3 /GX /O2 /I "..\roken" /I "." /I "..\..\include" /I "..\..\include\win32" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c # ADD BASE MTL /nologo /D "NDEBUG" /win32 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 # ADD LINK32 ..\roken\Release\roken.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /machine:I386 !ELSEIF "$(CFG)" == "des - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 # PROP BASE Output_Dir ".\Debug" # PROP BASE Intermediate_Dir ".\Debug" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 # PROP Output_Dir ".\Debug" # PROP Intermediate_Dir ".\Debug" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c # ADD CPP /nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\roken" /I "." /I "..\..\include" /I "..\..\include\win32" /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /FD /c # ADD BASE MTL /nologo /D "_DEBUG" /win32 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 # ADD LINK32 ..\roken\Debug\roken.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib /nologo /subsystem:windows /dll /debug /machine:I386 !ENDIF # Begin Target # Name "des - Win32 Release" # Name "des - Win32 Debug" # Begin Group "Source Files" # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90" # Begin Source File SOURCE=.\cbc3_enc.c # End Source File # Begin Source File SOURCE=.\cbc_cksm.c # End Source File # Begin Source File SOURCE=.\cbc_enc.c # End Source File # Begin Source File SOURCE=.\cfb64ede.c # End Source File # Begin Source File SOURCE=.\cfb64enc.c # End Source File # Begin Source File SOURCE=.\cfb_enc.c # End Source File # Begin Source File SOURCE=.\des.def # End Source File # Begin Source File SOURCE=.\des_enc.c # End Source File # Begin Source File SOURCE=.\dllmain.c # End Source File # Begin Source File SOURCE=.\ecb3_enc.c # End Source File # Begin Source File SOURCE=.\ecb_enc.c # End Source File # Begin Source File SOURCE=.\ede_enc.c # End Source File # Begin Source File SOURCE=.\enc_read.c # End Source File # Begin Source File SOURCE=.\enc_writ.c # End Source File # Begin Source File SOURCE=.\fcrypt.c # End Source File # Begin Source File SOURCE=.\key_par.c # End Source File # Begin Source File SOURCE=.\ncbc_enc.c # End Source File # Begin Source File SOURCE=.\ofb64ede.c # End Source File # Begin Source File SOURCE=.\ofb64enc.c # End Source File # Begin Source File SOURCE=.\ofb_enc.c # End Source File # Begin Source File SOURCE=.\passwd_dlg.c # End Source File # Begin Source File SOURCE=.\pcbc_enc.c # End Source File # Begin Source File SOURCE=.\qud_cksm.c # End Source File # Begin Source File SOURCE=.\read_pwd.c # End Source File # Begin Source File SOURCE=.\rnd_keys.c # End Source File # Begin Source File SOURCE=.\rpc_enc.c # End Source File # Begin Source File SOURCE=.\set_key.c # End Source File # Begin Source File SOURCE=.\str2key.c # End Source File # Begin Source File SOURCE=.\supp.c # End Source File # End Group # Begin Group "Header Files" # PROP Default_Filter "h;hpp;hxx;hm;inl;fi;fd" # Begin Source File SOURCE=.\des.h # End Source File # Begin Source File SOURCE=.\des_locl.h # End Source File # Begin Source File SOURCE=.\des_ver.h # End Source File # Begin Source File SOURCE=.\md5.h # End Source File # Begin Source File SOURCE=.\passwd_dlg.h # End Source File # Begin Source File SOURCE=.\podd.h # End Source File # Begin Source File SOURCE=.\rpc_des.h # End Source File # Begin Source File SOURCE=.\sk.h # End Source File # Begin Source File SOURCE=.\spr.h # End Source File # End Group # Begin Group "Resource Files" # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe" # Begin Source File SOURCE=.\passwd_dialog.rc # End Source File # End Group # End Target # End Project cyrus-sasl-2.1.25/mac/libdes/src/pcbc_enc.c0000777000076400007640000001055307403027647015354 00000000000000/* crypto/des/pcbc_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" void des_pcbc_encrypt(input, output, length, schedule, ivec, encrypt) des_cblock (*input); des_cblock (*output); long length; des_key_schedule schedule; des_cblock (*ivec); int encrypt; { register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; DES_LONG tin[2]; unsigned char *in,*out,*iv; in=(unsigned char *)input; out=(unsigned char *)output; iv=(unsigned char *)ivec; if (encrypt) { c2l(iv,xor0); c2l(iv,xor1); for (; length>0; length-=8) { if (length >= 8) { c2l(in,sin0); c2l(in,sin1); } else c2ln(in,sin0,sin1,length); tin[0]=sin0^xor0; tin[1]=sin1^xor1; des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); tout0=tin[0]; tout1=tin[1]; xor0=sin0^tout0; xor1=sin1^tout1; l2c(tout0,out); l2c(tout1,out); } } else { c2l(iv,xor0); c2l(iv,xor1); for (; length>0; length-=8) { c2l(in,sin0); c2l(in,sin1); tin[0]=sin0; tin[1]=sin1; des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); tout0=tin[0]^xor0; tout1=tin[1]^xor1; if (length >= 8) { l2c(tout0,out); l2c(tout1,out); } else l2cn(tout0,tout1,out,length); xor0=tout0^sin0; xor1=tout1^sin1; } } tin[0]=tin[1]=0; sin0=sin1=xor0=xor1=tout0=tout1=0; } cyrus-sasl-2.1.25/mac/libdes/src/testdes.pl0000777000076400007640000001301407403027650015451 00000000000000#!/usr/local/bin/perl # des.pl tesing code require 'des.pl'; $num_tests=34; @key_data=( 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10, 0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57, 0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E, 0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86, 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E, 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6, 0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE, 0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6, 0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE, 0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16, 0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F, 0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46, 0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E, 0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76, 0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07, 0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F, 0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7, 0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF, 0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6, 0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E, 0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10, ); @plain_data=( 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01, 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42, 0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA, 0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72, 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A, 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2, 0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A, 0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2, 0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A, 0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02, 0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A, 0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32, 0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA, 0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62, 0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2, 0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA, 0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92, 0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A, 0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2, 0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF); @cipher_data=( 0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7, 0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58, 0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B, 0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33, 0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D, 0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD, 0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7, 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4, 0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B, 0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71, 0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A, 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A, 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95, 0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B, 0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09, 0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A, 0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F, 0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88, 0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77, 0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A, 0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56, 0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56, 0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56, 0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC, 0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A, 0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41, 0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93, 0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00, 0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06, 0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7, 0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51, 0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE, 0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D, 0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2); print "Doing ecb tests\n"; for ($i=0; $i<$num_tests; $i++) { printf "Doing test $i\n"; $key =pack("C8",splice(@key_data ,0,8)); $data=pack("C8",splice(@plain_data ,0,8)); $res =pack("C8",splice(@cipher_data,0,8)); @ks= &des_set_key($key); $out1= &des_ecb_encrypt(*ks,1,$data); $out2= &des_ecb_encrypt(*ks,0,$out1); $out3= &des_ecb_encrypt(*ks,0,$res); &eprint("encryption failure",$res,$out1) if ($out1 ne $res); &eprint("encryption/decryption failure",$data,$out2) if ($out2 ne $data); &eprint("decryption failure",$data,$out3) if ($data ne $out3); } print "Done\n"; print "doing speed test over 30 seconds\n"; $SIG{'ALRM'}='done'; sub done {$done=1;} $done=0; $count=0; $d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef); @ks= &des_set_key($d); alarm(30); $start=(times)[0]; while (!$done) { $count++; $d=&des_ecb_encrypt(*ks,1,$d); } $end=(times)[0]; $t=$end-$start; printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n", 1.0*$t,1.0*$count/$t,$count*8.0/$t; sub eprint { local($s,$c,$e)=@_; local(@k); @k=unpack("C8",$c); printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c); printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e); print " $s\n"; } cyrus-sasl-2.1.25/mac/libdes/src/enc_read.c0000777000076400007640000001535707403027645015365 00000000000000/* crypto/des/enc_read.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include "des_locl.h" /* This has some uglies in it but it works - even over sockets. */ /*extern int errno;*/ int des_rw_mode=DES_PCBC_MODE; int des_enc_read(fd, buf, len, sched, iv) int fd; char *buf; int len; des_key_schedule sched; des_cblock (*iv); { /* data to be unencrypted */ int net_num=0; static unsigned char *net=NULL; /* extra unencrypted data * for when a block of 100 comes in but is des_read one byte at * a time. */ static char *unnet=NULL; static int unnet_start=0; static int unnet_left=0; static char *tmpbuf=NULL; int i; long num=0,rnum; unsigned char *p; if (tmpbuf == NULL) { tmpbuf=(char *)malloc(BSIZE); if (tmpbuf == NULL) return(-1); } if (net == NULL) { net=(unsigned char *)malloc(BSIZE); if (net == NULL) return(-1); } if (unnet == NULL) { unnet=(char *)malloc(BSIZE); if (unnet == NULL) return(-1); } /* left over data from last decrypt */ if (unnet_left != 0) { if (unnet_left < len) { /* we still still need more data but will return * with the number of bytes we have - should always * check the return value */ memcpy(buf,&(unnet[unnet_start]), (unsigned int)unnet_left); /* eay 26/08/92 I had the next 2 lines * reversed :-( */ i=unnet_left; unnet_start=unnet_left=0; } else { memcpy(buf,&(unnet[unnet_start]),(unsigned int)len); unnet_start+=len; unnet_left-=len; i=len; } return(i); } /* We need to get more data. */ if (len > MAXWRITE) len=MAXWRITE; /* first - get the length */ while (net_num < HDRSIZE) { i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num); if ((i == -1) && (errno == EINTR)) continue; if (i <= 0) return(0); net_num+=i; } /* we now have at net_num bytes in net */ p=net; /* num=0; */ n2l(p,num); /* num should be rounded up to the next group of eight * we make sure that we have read a multiple of 8 bytes from the net. */ if ((num > MAXWRITE) || (num < 0)) /* error */ return(-1); rnum=(num < 8)?8:((num+7)/8*8); net_num=0; while (net_num < rnum) { i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num); if ((i == -1) && (errno == EINTR)) continue; if (i <= 0) return(0); net_num+=i; } /* Check if there will be data left over. */ if (len < num) { if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet, num,sched,iv,DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet, num,sched,iv,DES_DECRYPT); memcpy(buf,unnet,(unsigned int)len); unnet_start=len; unnet_left=(int)num-len; /* The following line is done because we return num * as the number of bytes read. */ num=len; } else { /* >output is a multiple of 8 byes, if len < rnum * >we must be careful. The user must be aware that this * >routine will write more bytes than he asked for. * >The length of the buffer must be correct. * FIXED - Should be ok now 18-9-90 - eay */ if (len < rnum) { if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net, (des_cblock *)tmpbuf, num,sched,iv,DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net, (des_cblock *)tmpbuf, num,sched,iv,DES_DECRYPT); /* eay 26/08/92 fix a bug that returned more * bytes than you asked for (returned len bytes :-( */ memcpy(buf,tmpbuf,(unsigned int)num); } else { if (des_rw_mode & DES_PCBC_MODE) des_pcbc_encrypt((des_cblock *)net, (des_cblock *)buf,num,sched,iv, DES_DECRYPT); else des_cbc_encrypt((des_cblock *)net, (des_cblock *)buf,num,sched,iv, DES_DECRYPT); } } return((int)num); } cyrus-sasl-2.1.25/mac/libdes/src/vms.com0000777000076400007640000000440707403027650014754 00000000000000$! --- VMS.com --- $! $ GoSub defines $ GoSub linker_options $ If (P1 .nes. "") $ Then $ GoSub 'P1' $ Else $ GoSub lib $ GoSub destest $ GoSub rpw $ GoSub speed $ GoSub des $ EndIF $! $ Exit $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $DEFINES: $ OPT_FILE := "VAX_LINKER_OPTIONS.OPT" $! $ CC_OPTS := "/NODebug/OPTimize/NOWarn" $! $ LINK_OPTS := "/NODebug/NOTraceback/Contiguous" $! $ OBJS = "cbc_cksm.obj,cbc_enc.obj,ecb_enc.obj,pcbc_enc.obj," + - "qud_cksm.obj,rand_key.obj,read_pwd.obj,set_key.obj," + - "str2key.obj,enc_read.obj,enc_writ.obj,fcrypt.obj," + - "cfb_enc.obj,3ecb_enc.obj,ofb_enc.obj" $! $ LIBDES = "cbc_cksm.c,cbc_enc.c,ecb_enc.c,enc_read.c," + - "enc_writ.c,pcbc_enc.c,qud_cksm.c,rand_key.c," + - "read_pwd.c,set_key.c,str2key.c,fcrypt.c," + - "cfb_enc.c,3ecb_enc.c,ofb_enc.c" $ Return $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $LINKER_OPTIONS: $ If (f$search(OPT_FILE) .eqs. "") $ Then $ Create 'OPT_FILE' $DECK ! Default system options file to link against the sharable C runtime library ! Sys$Share:VAXcRTL.exe/Share $EOD $ EndIF $ Return $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $LIB: $ CC 'CC_OPTS' 'LIBDES' $ If (f$search("LIBDES.OLB") .nes. "") $ Then Library /Object /Replace libdes 'OBJS' $ Else Library /Create /Object libdes 'OBJS' $ EndIF $ Return $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $DESTEST: $ CC 'CC_OPTS' destest $ Link 'link_opts' /Exec=destest destest.obj,libdes/LIBRARY,'opt_file'/Option $ Return $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $RPW: $ CC 'CC_OPTS' rpw $ Link 'link_opts' /Exec=rpw rpw.obj,libdes/LIBRARY,'opt_file'/Option $ Return $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $SPEED: $ CC 'CC_OPTS' speed $ Link 'link_opts' /Exec=speed speed.obj,libdes/LIBRARY,'opt_file'/Option $ Return $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $DES: $ CC 'CC_OPTS' des $ Link 'link_opts' /Exec=des des.obj,libdes/LIBRARY,'opt_file'/Option $ Return cyrus-sasl-2.1.25/mac/libdes/src/rand_key.c0000777000076400007640000001040507403027647015410 00000000000000/* crypto/des/rand_key.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" #include static int seed=0; static des_cblock init; void des_random_seed(key) des_cblock key; { memcpy(init,key,sizeof(des_cblock)); seed=1; } /* Old source */ /* void des_random_key(ret) unsigned char *ret; { des_key_schedule ks; static DES_LONG c=0; static unsigned short pid=0; static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; des_cblock key; unsigned char *p; DES_LONG t; int i; #if defined(MSDOS) || defined(WIN32) pid=1; #else if (!pid) pid=getpid(); #endif p=key; if (seed) { for (i=0; i<8; i++) { data[i] ^= init[i]; init[i]=0; } seed=0; } t=(DES_LONG)time(NULL); l2c(t,p); t=(DES_LONG)((pid)|((c++)<<16)); l2c(t,p); des_set_odd_parity((des_cblock *)data); des_set_key((des_cblock *)data,ks); des_cbc_cksum((des_cblock *)key,(des_cblock *)key, (long)sizeof(key),ks,(des_cblock *)data); des_set_odd_parity((des_cblock *)key); des_set_key((des_cblock *)key,ks); des_cbc_cksum((des_cblock *)key,(des_cblock *)data, (long)sizeof(key),ks,(des_cblock *)key); memcpy(ret,data,sizeof(key)); memset(key,0,sizeof(key)); memset(ks,0,sizeof(ks)); t=0; } */ cyrus-sasl-2.1.25/mac/libdes/src/md5.c0000777000076400007640000001660507403027646014310 00000000000000/* * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include "config.h" RCSID("$Id: md5.c,v 1.2 2001/12/04 02:06:30 rjs3 Exp $"); #endif #include #include #include "md5.h" #ifndef min #define min(a,b) (((a)>(b))?(b):(a)) #endif #define A m->counter[0] #define B m->counter[1] #define C m->counter[2] #define D m->counter[3] #define X data void md5_init (struct md5 *m) { m->offset = 0; m->sz = 0; D = 0x10325476; C = 0x98badcfe; B = 0xefcdab89; A = 0x67452301; } static inline u_int32_t cshift (u_int32_t x, unsigned int n) { return (x << n) | (x >> (32 - n)); } #define F(x,y,z) ((x & y) | (~x & z)) #define G(x,y,z) ((x & z) | (y & ~z)) #define H(x,y,z) (x ^ y ^ z) #define I(x,y,z) (y ^ (x | ~z)) #define DOIT(a,b,c,d,k,s,i,OP) \ a = b + cshift(a + OP(b,c,d) + X[k] + (i), s) #define DO1(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,F) #define DO2(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,G) #define DO3(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,H) #define DO4(a,b,c,d,k,s,i) DOIT(a,b,c,d,k,s,i,I) static inline void calc (struct md5 *m, u_int32_t *data) { u_int32_t AA, BB, CC, DD; AA = A; BB = B; CC = C; DD = D; /* Round 1 */ DO1(A,B,C,D,0,7,0xd76aa478); DO1(D,A,B,C,1,12,0xe8c7b756); DO1(C,D,A,B,2,17,0x242070db); DO1(B,C,D,A,3,22,0xc1bdceee); DO1(A,B,C,D,4,7,0xf57c0faf); DO1(D,A,B,C,5,12,0x4787c62a); DO1(C,D,A,B,6,17,0xa8304613); DO1(B,C,D,A,7,22,0xfd469501); DO1(A,B,C,D,8,7,0x698098d8); DO1(D,A,B,C,9,12,0x8b44f7af); DO1(C,D,A,B,10,17,0xffff5bb1); DO1(B,C,D,A,11,22,0x895cd7be); DO1(A,B,C,D,12,7,0x6b901122); DO1(D,A,B,C,13,12,0xfd987193); DO1(C,D,A,B,14,17,0xa679438e); DO1(B,C,D,A,15,22,0x49b40821); /* Round 2 */ DO2(A,B,C,D,1,5,0xf61e2562); DO2(D,A,B,C,6,9,0xc040b340); DO2(C,D,A,B,11,14,0x265e5a51); DO2(B,C,D,A,0,20,0xe9b6c7aa); DO2(A,B,C,D,5,5,0xd62f105d); DO2(D,A,B,C,10,9,0x2441453); DO2(C,D,A,B,15,14,0xd8a1e681); DO2(B,C,D,A,4,20,0xe7d3fbc8); DO2(A,B,C,D,9,5,0x21e1cde6); DO2(D,A,B,C,14,9,0xc33707d6); DO2(C,D,A,B,3,14,0xf4d50d87); DO2(B,C,D,A,8,20,0x455a14ed); DO2(A,B,C,D,13,5,0xa9e3e905); DO2(D,A,B,C,2,9,0xfcefa3f8); DO2(C,D,A,B,7,14,0x676f02d9); DO2(B,C,D,A,12,20,0x8d2a4c8a); /* Round 3 */ DO3(A,B,C,D,5,4,0xfffa3942); DO3(D,A,B,C,8,11,0x8771f681); DO3(C,D,A,B,11,16,0x6d9d6122); DO3(B,C,D,A,14,23,0xfde5380c); DO3(A,B,C,D,1,4,0xa4beea44); DO3(D,A,B,C,4,11,0x4bdecfa9); DO3(C,D,A,B,7,16,0xf6bb4b60); DO3(B,C,D,A,10,23,0xbebfbc70); DO3(A,B,C,D,13,4,0x289b7ec6); DO3(D,A,B,C,0,11,0xeaa127fa); DO3(C,D,A,B,3,16,0xd4ef3085); DO3(B,C,D,A,6,23,0x4881d05); DO3(A,B,C,D,9,4,0xd9d4d039); DO3(D,A,B,C,12,11,0xe6db99e5); DO3(C,D,A,B,15,16,0x1fa27cf8); DO3(B,C,D,A,2,23,0xc4ac5665); /* Round 4 */ DO4(A,B,C,D,0,6,0xf4292244); DO4(D,A,B,C,7,10,0x432aff97); DO4(C,D,A,B,14,15,0xab9423a7); DO4(B,C,D,A,5,21,0xfc93a039); DO4(A,B,C,D,12,6,0x655b59c3); DO4(D,A,B,C,3,10,0x8f0ccc92); DO4(C,D,A,B,10,15,0xffeff47d); DO4(B,C,D,A,1,21,0x85845dd1); DO4(A,B,C,D,8,6,0x6fa87e4f); DO4(D,A,B,C,15,10,0xfe2ce6e0); DO4(C,D,A,B,6,15,0xa3014314); DO4(B,C,D,A,13,21,0x4e0811a1); DO4(A,B,C,D,4,6,0xf7537e82); DO4(D,A,B,C,11,10,0xbd3af235); DO4(C,D,A,B,2,15,0x2ad7d2bb); DO4(B,C,D,A,9,21,0xeb86d391); A += AA; B += BB; C += CC; D += DD; } /* * From `Performance analysis of MD5' by Joseph D. Touch */ static inline u_int32_t swap_u_int32_t (u_int32_t t) { #if defined(WORDS_BIGENDIAN) #define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) u_int32_t temp1, temp2; temp1 = ROL(t,16); temp2 = temp1 >> 8; temp1 &= 0x00ff00ff; temp2 &= 0x00ff00ff; temp1 <<= 8; return temp1 | temp2; #else return t; #endif } struct x32{ unsigned int a:32; unsigned int b:32; }; void md5_update (struct md5 *m, const void *v, size_t len) { const unsigned char *p = v; m->sz += len; while(len > 0){ size_t l = min(len, 64 - m->offset); memcpy(m->save + m->offset, p, l); m->offset += l; p += l; len -= l; if(m->offset == 64){ #if defined(WORDS_BIGENDIAN) int i; u_int32_t current[16]; struct x32 *u = (struct x32*)m->save; for(i = 0; i < 8; i++){ current[2*i+0] = swap_u_int32_t(u[i].a); current[2*i+1] = swap_u_int32_t(u[i].b); } calc(m, current); #else calc(m, (u_int32_t*)m->save); #endif m->offset = 0; } } } void md5_finito (struct md5 *m, void *res) { static unsigned char zeros[72]; u_int32_t len; unsigned int dstart = (120 - m->offset - 1) % 64 + 1; *zeros = 0x80; memset (zeros + 1, 0, sizeof(zeros) - 1); len = 8 * m->sz; zeros[dstart+0] = (len >> 0) & 0xff; zeros[dstart+1] = (len >> 8) & 0xff; zeros[dstart+2] = (len >> 16) & 0xff; zeros[dstart+3] = (len >> 24) & 0xff; md5_update (m, zeros, dstart + 8); { int i; unsigned char *r = (unsigned char *)res; for (i = 0; i < 4; ++i) { r[4*i] = m->counter[i] & 0xFF; r[4*i+1] = (m->counter[i] >> 8) & 0xFF; r[4*i+2] = (m->counter[i] >> 16) & 0xFF; r[4*i+3] = (m->counter[i] >> 24) & 0xFF; } } #if 0 { int i; u_int32_t *r = (u_int32_t *)res; for (i = 0; i < 4; ++i) r[i] = swap_u_int32_t (m->counter[i]); } #endif } /* * This is only for linkage compatibility! */ #undef MD5Init #undef MD5Update #undef MD5Final void MD5Init (MD5_CTX *mdContext) { md5_init(&mdContext->m.d5); } void MD5Update (MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen) { md5_update(&mdContext->m.d5, (unsigned char *)inBuf, inLen); } void MD5Final (unsigned char digest[16], MD5_CTX *mdContext) { md5_finito(&mdContext->m.d5, digest); } cyrus-sasl-2.1.25/mac/libdes/src/md5.h0000777000076400007640000000620607403027646014311 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: md5.h,v 1.2 2001/12/04 02:06:30 rjs3 Exp $ */ #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_BITYPES_H #include #endif #ifdef KRB5 #include #elif defined(KRB4) #include #endif struct md5 { unsigned int offset; unsigned int sz; u_int32_t counter[4]; unsigned char save[64]; }; void md5_init (struct md5 *m); void md5_update (struct md5 *m, const void *p, size_t len); void md5_finito (struct md5 *m, void *res); /* u_int32_t res[4] */ /* * Functions for compatibility that have never been tested. */ typedef struct { u_int32_t i[2]; /* number of _bits_ handled mod 2^64 */ u_int32_t buf[4]; /* scratch buffer */ unsigned char in[64]; /* input buffer */ } MD5_CTX_PREAMBLE; typedef struct { union { MD5_CTX_PREAMBLE preamble_; struct md5 d5; } m; } MD5_CTX; void MD5Init (MD5_CTX *mdContext); void MD5Update (MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen); void MD5Final (unsigned char digest[16], MD5_CTX *mdContext); #ifndef NO_MD5_MACROS #define MD5Init(mdContext) md5_init(&(mdContext)->m.d5) #define MD5Update(mdCtx, inBuf, inLen) md5_update(&(mdCtx)->m.d5, inBuf, inLen) #define MD5Final(digest, mdCtx) md5_finito(&(mdCtx)->m.d5, (digest)) #endif cyrus-sasl-2.1.25/mac/libdes/src/qud_cksm.c0000777000076400007640000001217307403027647015426 00000000000000/* crypto/des/qud_cksm.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 * This module in only based on the code in this paper and is * almost definitely not the same as the MIT implementation. */ #include "des_locl.h" /* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */ #define Q_B0(a) (((DES_LONG)(a))) #define Q_B1(a) (((DES_LONG)(a))<<8) #define Q_B2(a) (((DES_LONG)(a))<<16) #define Q_B3(a) (((DES_LONG)(a))<<24) /* used to scramble things a bit */ /* Got the value MIT uses via brute force :-) 2/10/90 eay */ #define NOISE ((DES_LONG)83653421L) DES_LONG des_quad_cksum(input, output, length, out_count, seed) des_cblock (*input); des_cblock (*output); long length; int out_count; des_cblock (*seed); { DES_LONG z0,z1,t0,t1; int i; long l; #ifdef _CRAY typedef struct { unsigned int a:32; unsigned int b:32; } XXX; #else typedef DES_LONG XXX; #endif unsigned char *cp; XXX *lp; if (out_count < 1) out_count=1; lp=(XXX*)output; z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]); z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]); for (i=0; ((i<4)&&(i 0) { if (l > 1) { t0= (DES_LONG)(*(cp++)); t0|=(DES_LONG)Q_B1(*(cp++)); l--; } else t0= (DES_LONG)(*(cp++)); l--; /* add */ t0+=z0; t0&=0xffffffffL; t1=z1; /* square, well sort of square */ z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL)) &0xffffffffL)%0x7fffffffL; z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL; } if (lp != NULL) { /* The MIT library assumes that the checksum is * composed of 2*out_count 32 bit ints */ #ifdef _CRAY lp->a = z0; lp->b = z1; lp++; #else *lp++ = (XXX)z0; *lp++ = (XXX)z1; #endif } } return(z0); } cyrus-sasl-2.1.25/mac/libdes/src/MODES.DES0000777000076400007640000001024507403027642014651 00000000000000Modes of DES Quite a bit of the following information has been taken from AS 2805.5.2 Australian Standard Electronic funds transfer - Requirements for interfaces, Part 5.2: Modes of operation for an n-bit block cipher algorithm Appendix A There are several different modes in which DES can be used, they are as follows. Electronic Codebook Mode (ECB) (des_ecb_encrypt()) - 64 bits are enciphered at a time. - The order of the blocks can be rearranged without detection. - The same plaintext block always produces the same ciphertext block (for the same key) making it vulnerable to a 'dictionary attack'. - An error will only affect one ciphertext block. Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) - a multiple of 64 bits are enciphered at a time. - The CBC mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. - The chaining operation makes the ciphertext blocks dependent on the current and all preceding plaintext blocks and therefore blocks can not be rearranged. - The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. - An error will affect the current and the following ciphertext blocks. Cipher Feedback Mode (CFB) (des_cfb_encrypt()) - a number of bits (j) <= 64 are enciphered at a time. - The CFB mode produces the same ciphertext whenever the same plaintext is encrypted using the same key and starting variable. - The chaining operation makes the ciphertext variables dependent on the current and all preceding variables and therefore j-bit variables are chained together and con not be rearranged. - The use of different starting variables prevents the same plaintext enciphering to the same ciphertext. - The strength of the CFB mode depends on the size of k (maximal if j == k). In my implementation this is always the case. - Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. - Only multiples of j bits can be enciphered. - An error will affect the current and the following ciphertext variables. Output Feedback Mode (OFB) (des_ofb_encrypt()) - a number of bits (j) <= 64 are enciphered at a time. - The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key. - The absence of chaining makes the OFB more vulnerable to specific attacks. - The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams. - Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads. - Only multiples of j bits can be enciphered. - OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext. - OFB mode is not self-synchronising. If the two operation of encipherment and decipherment get out of synchronism, the system needs to be re-initialised. - Each re-initialisation should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a 'known plaintext' attack. Triple ECB Mode (des_3ecb_encrypt()) - Encrypt with key1, decrypt with key2 and encrypt with key1 again. - As for ECB encryption but increases the effective key length to 112 bits. - If both keys are the same it is equivalent to encrypting once with just one key. Triple CBC Mode (des_3cbc_encrypt()) - Encrypt with key1, decrypt with key2 and encrypt with key1 again. - As for CBC encryption but increases the effective key length to 112 bits. - If both keys are the same it is equivalent to encrypting once with just one key. cyrus-sasl-2.1.25/mac/libdes/src/cfb64ede.c0000777000076400007640000001133607403027643015176 00000000000000/* crypto/des/cfb64ede.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" /* The input and output encrypted as though 64bit cfb mode is being * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, encrypt) unsigned char *in; unsigned char *out; long length; des_key_schedule ks1,ks2,ks3; des_cblock (*ivec); int *num; int encrypt; { register DES_LONG v0,v1; register long l=length; register int n= *num; DES_LONG ti[2]; unsigned char *iv,c,cc; iv=(unsigned char *)ivec; if (encrypt) { while (l--) { if (n == 0) { c2l(iv,v0); c2l(iv,v1); ti[0]=v0; ti[1]=v1; des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3); v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); iv=(unsigned char *)ivec; } c= *(in++)^iv[n]; *(out++)=c; iv[n]=c; n=(n+1)&0x07; } } else { while (l--) { if (n == 0) { c2l(iv,v0); c2l(iv,v1); ti[0]=v0; ti[1]=v1; des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3); v0=ti[0]; v1=ti[1]; iv=(unsigned char *)ivec; l2c(v0,iv); l2c(v1,iv); iv=(unsigned char *)ivec; } cc= *(in++); c=iv[n]; iv[n]=cc; *(out++)=c^cc; n=(n+1)&0x07; } } v0=v1=ti[0]=ti[1]=c=cc=0; *num=n; } #ifdef undef /* MACRO */ void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, encrypt) unsigned char *in; unsigned char *out; long length; des_key_schedule ks1,ks2; des_cblock (*ivec); int *num; int encrypt; { des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,encrypt); } #endif cyrus-sasl-2.1.25/mac/libdes/src/des.c0000777000076400007640000004762007403027643014374 00000000000000/* crypto/des/des.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_IO_H #include #endif #include #include "des_ver.h" #ifdef VMS #include #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_STAT_H #include #endif #include "des.h" #ifndef HAVE_RANDOM #define random rand #define srandom(s) srand(s) #endif #ifndef NOPROTO void usage(void); void doencryption(void); int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp); void uufwriteEnd(FILE *fp); int uufread(unsigned char *out,int size,unsigned int num,FILE *fp); int uuencode(unsigned char *in,int num,unsigned char *out); int uudecode(unsigned char *in,int num,unsigned char *out); #else void usage(); void doencryption(); int uufwrite(); void uufwriteEnd(); int uufread(); int uuencode(); int uudecode(); #endif #ifdef VMS #define EXIT(a) exit(a&0x10000000) #else #define EXIT(a) exit(a) #endif #define BUFSIZE (8*1024) #define VERIFY 1 #define KEYSIZ 8 #define KEYSIZB 1024 /* should hit tty line limit first :-) */ char key[KEYSIZB+1]; int do_encrypt,longk=0; FILE *DES_IN,*DES_OUT,*CKSUM_OUT; char uuname[200]; unsigned char uubuf[50]; int uubufnum=0; #define INUUBUFN (45*100) #define OUTUUBUF (65*100) unsigned char b[OUTUUBUF]; unsigned char bb[300]; des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; char cksumname[200]=""; int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error; int main(argc, argv) int argc; char **argv; { int i; struct stat ins,outs; char *p; char *in=NULL,*out=NULL; vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0; error=0; memset(key,0,sizeof(key)); for (i=1; i=0; j--) argv[i][j]='\0'; } break; default: fprintf(stderr,"'%c' unknown flag\n",p[-1]); error=1; break; } } } else { if (in == NULL) in=argv[i]; else if (out == NULL) out=argv[i]; else error=1; } } if (error) usage(); /* We either * do checksum or * do encrypt or * do decrypt or * do decrypt then ckecksum or * do checksum then encrypt */ if (((eflag+dflag) == 1) || cflag) { if (eflag) do_encrypt=DES_ENCRYPT; if (dflag) do_encrypt=DES_DECRYPT; } else { if (vflag) { #ifndef _Windows fprintf(stderr,"des(1) built with %s\n",libdes_version); #endif EXIT(1); } else usage(); } #ifndef _Windows if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version); #endif if ( (in != NULL) && (out != NULL) && #ifndef MSDOS (stat(in,&ins) != -1) && (stat(out,&outs) != -1) && (ins.st_dev == outs.st_dev) && (ins.st_ino == outs.st_ino)) #else /* MSDOS */ (strcmp(in,out) == 0)) #endif { fputs("input and output file are the same\n",stderr); EXIT(3); } if (!kflag) if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0)) { fputs("password error\n",stderr); EXIT(2); } if (in == NULL) DES_IN=stdin; else if ((DES_IN=fopen(in,"r")) == NULL) { perror("opening input file"); EXIT(4); } CKSUM_OUT=stdout; if (out == NULL) { DES_OUT=stdout; CKSUM_OUT=stderr; } else if ((DES_OUT=fopen(out,"w")) == NULL) { perror("opening output file"); EXIT(5); } #ifdef MSDOS /* This should set the file to binary mode. */ { #include if (!(uflag && dflag)) setmode(fileno(DES_IN),O_BINARY); if (!(uflag && eflag)) setmode(fileno(DES_OUT),O_BINARY); } #endif doencryption(); fclose(DES_IN); fclose(DES_OUT); EXIT(0); } void usage() { char **u; static const char *Usage[]={ "des [input-file [output-file]]", "options:", "-v : des(1) version number", "-e : encrypt using sunOS compatible user key to DES key conversion.", "-E : encrypt ", "-d : decrypt using sunOS compatible user key to DES key conversion.", "-D : decrypt ", "-c[ckname] : generate a cbc_cksum using sunOS compatible user key to", " DES key conversion and output to ckname (stdout default,", " stderr if data being output on stdout). The checksum is", " generated before encryption and after decryption if used", " in conjunction with -[eEdD].", "-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].", "-k key : use key 'key'", "-h : the key that is entered will be a hexidecimal number", " that is used directly as the des key", "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]", " (uuname is the filename to put in the uuencode header).", "-b : encrypt using DES in ecb encryption mode, the defaut is cbc mode.", "-3 : encrypt using tripple DES encryption. This uses 2 keys", " generated from the input key. If the input key is less", " than 8 characters long, this is equivelent to normal", " encryption. Default is tripple cbc, -b makes it tripple ecb.", NULL }; for (u=(char **)Usage; *u; u++) { fputs(*u,stderr); fputc('\n',stderr); } EXIT(1); } void doencryption() { #ifdef _LIBC extern int srandom(); extern int random(); extern unsigned long time(); #endif register int i; des_key_schedule ks,ks2; unsigned char iv[8],iv2[8]; char *p; int num=0,j,k,l,rem,ll,len,last,ex=0; des_cblock kk,k2; FILE *O; int Exit=0; #ifndef MSDOS static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8]; #else static unsigned char *buf=NULL,*obuf=NULL; if (buf == NULL) { if ( (( buf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL) || ((obuf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL)) { fputs("Not enough memory\n",stderr); Exit=10; goto problems; } } #endif if (hflag) { j=(flag3?16:8); p=key; for (i=0; i= '0')) k=(*p-'0')<<4; else if ((*p <= 'f') && (*p >= 'a')) k=(*p-'a'+10)<<4; else if ((*p <= 'F') && (*p >= 'A')) k=(*p-'A'+10)<<4; else { fputs("Bad hex key\n",stderr); Exit=9; goto problems; } p++; if ((*p <= '9') && (*p >= '0')) k|=(*p-'0'); else if ((*p <= 'f') && (*p >= 'a')) k|=(*p-'a'+10); else if ((*p <= 'F') && (*p >= 'A')) k|=(*p-'A'+10); else { fputs("Bad hex key\n",stderr); Exit=9; goto problems; } p++; if (i < 8) kk[i]=k; else k2[i-8]=k; } des_set_key((C_Block *)k2,ks2); memset(k2,0,sizeof(k2)); } else if (longk || flag3) { if (flag3) { des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2); des_set_key((C_Block *)k2,ks2); memset(k2,0,sizeof(k2)); } else des_string_to_key(key,(C_Block *)kk); } else for (i=0; i>=1; } if (l & 1) kk[i]=key[i]&0x7f; else kk[i]=key[i]|0x80; } des_set_key((C_Block *)kk,ks); memset(key,0,sizeof(key)); memset(kk,0,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); l=1; rem=0; /* first read */ if (eflag || (!dflag && cflag)) { for (;;) { num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN); l+=rem; num+=rem; if (l < 0) { perror("read error"); Exit=6; goto problems; } rem=l%8; len=l-rem; if (feof(DES_IN)) { srandom((unsigned int)time(NULL)); for (i=7-rem; i>0; i--) buf[l++]=random()&0xff; buf[l++]=rem; ex=1; len+=rem; } else l-=rem; if (cflag) { des_cbc_cksum((C_Block *)buf,(C_Block *)cksum, (long)len,ks,(C_Block *)cksum); if (!eflag) { if (feof(DES_IN)) break; else continue; } } if (bflag && !flag3) for (i=0; i= 8) memcpy(iv,&(obuf[l-8]),8); } if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem); i=0; while (i < l) { if (uflag) j=uufwrite(obuf,1,(unsigned int)l-i, DES_OUT); else j=fwrite(obuf,1,(unsigned int)l-i, DES_OUT); if (j == -1) { perror("Write error"); Exit=7; goto problems; } i+=j; } if (feof(DES_IN)) { if (uflag) uufwriteEnd(DES_OUT); break; } } } else /* decrypt */ { ex=1; for (;;) { if (ex) { if (uflag) l=uufread(buf,1,BUFSIZE,DES_IN); else l=fread(buf,1,BUFSIZE,DES_IN); ex=0; rem=l%8; l-=rem; } if (l < 0) { perror("read error"); Exit=6; goto problems; } if (bflag && !flag3) for (i=0; i= 8) memcpy(iv,&(buf[l-8]),8); } if (uflag) ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN); else ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN); ll+=rem; rem=ll%8; ll-=rem; if (feof(DES_IN) && (ll == 0)) { last=obuf[l-1]; if ((last > 7) || (last < 0)) { fputs("The file was not decrypted correctly.\n", stderr); Exit=8; last=0; } l=l-8+last; } i=0; if (cflag) des_cbc_cksum((C_Block *)obuf, (C_Block *)cksum,(long)l/8*8,ks, (C_Block *)cksum); while (i != l) { j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT); if (j == -1) { perror("Write error"); Exit=7; goto problems; } i+=j; } l=ll; if ((l == 0) && feof(DES_IN)) break; } } if (cflag) { l=0; if (cksumname[0] != '\0') { if ((O=fopen(cksumname,"w")) != NULL) { CKSUM_OUT=O; l=1; } } for (i=0; i<8; i++) fprintf(CKSUM_OUT,"%02X",cksum[i]); fprintf(CKSUM_OUT,"\n"); if (l) fclose(CKSUM_OUT); } problems: memset(buf,0,sizeof(buf)); memset(obuf,0,sizeof(obuf)); memset(ks,0,sizeof(ks)); memset(ks2,0,sizeof(ks2)); memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); memset(kk,0,sizeof(kk)); memset(k2,0,sizeof(k2)); memset(uubuf,0,sizeof(uubuf)); memset(b,0,sizeof(b)); memset(bb,0,sizeof(bb)); memset(cksum,0,sizeof(cksum)); if (Exit) EXIT(Exit); } int uufwrite(data, size, num, fp) unsigned char *data; int size; unsigned int num; FILE *fp; /* We ignore this parameter but it should be > ~50 I believe */ { int i,j,left,rem,ret=num; static int start=1; if (start) { fprintf(fp,"begin 600 %s\n", (uuname[0] == '\0')?"text.d":uuname); start=0; } if (uubufnum) { if (uubufnum+num < 45) { memcpy(&(uubuf[uubufnum]),data,(unsigned int)num); uubufnum+=num; return(num); } else { i=45-uubufnum; memcpy(&(uubuf[uubufnum]),data,(unsigned int)i); j=uuencode((unsigned char *)uubuf,45,b); fwrite(b,1,(unsigned int)j,fp); uubufnum=0; data+=i; num-=i; } } for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN) { j=uuencode(&(data[i]),INUUBUFN,b); fwrite(b,1,(unsigned int)j,fp); } rem=(num-i)%45; left=(num-i-rem); if (left) { j=uuencode(&(data[i]),left,b); fwrite(b,1,(unsigned int)j,fp); i+=left; } if (i != num) { memcpy(uubuf,&(data[i]),(unsigned int)rem); uubufnum=rem; } return(ret); } void uufwriteEnd(fp) FILE *fp; { int j; static const char *end=" \nend\n"; if (uubufnum != 0) { uubuf[uubufnum]='\0'; uubuf[uubufnum+1]='\0'; uubuf[uubufnum+2]='\0'; j=uuencode(uubuf,uubufnum,b); fwrite(b,1,(unsigned int)j,fp); } fwrite(end,1,strlen(end),fp); } int uufread(out, size, num, fp) unsigned char *out; int size; /* should always be > ~ 60; I actually ignore this parameter :-) */ unsigned int num; FILE *fp; { int i,j,tot; static int done=0; static int valid=0; static int start=1; if (start) { for (;;) { b[0]='\0'; fgets((char *)b,300,fp); if (b[0] == '\0') { fprintf(stderr,"no 'begin' found in uuencoded input\n"); return(-1); } if (strncmp((char *)b,"begin ",6) == 0) break; } start=0; } if (done) return(0); tot=0; if (valid) { memcpy(out,bb,(unsigned int)valid); tot=valid; valid=0; } for (;;) { b[0]='\0'; fgets((char *)b,300,fp); if (b[0] == '\0') break; i=strlen((char *)b); if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) { done=1; while (!feof(fp)) { fgets((char *)b,300,fp); } break; } i=uudecode(b,i,bb); if (i < 0) break; if ((i+tot+8) > num) { /* num to copy to make it a multiple of 8 */ j=(num/8*8)-tot-8; memcpy(&(out[tot]),bb,(unsigned int)j); tot+=j; memcpy(bb,&(bb[j]),(unsigned int)i-j); valid=i-j; break; } memcpy(&(out[tot]),bb,(unsigned int)i); tot+=i; } return(tot); } #define ccc2l(c,l) (l =((DES_LONG)(*((c)++)))<<16, \ l|=((DES_LONG)(*((c)++)))<< 8, \ l|=((DES_LONG)(*((c)++)))) #define l2ccc(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) int uuencode(in, num, out) unsigned char *in; int num; unsigned char *out; { int j,i,n,tot=0; DES_LONG l; register unsigned char *p; p=out; for (j=0; j num) i=(num-j); else i=45; *(p++)=i+' '; for (n=0; n>18)&0x3f)+' '; *(p++)=((l>>12)&0x3f)+' '; *(p++)=((l>> 6)&0x3f)+' '; *(p++)=((l )&0x3f)+' '; tot+=4; } *(p++)='\n'; tot+=2; } *p='\0'; l=0; return(tot); } int uudecode(in, num, out) unsigned char *in; int num; unsigned char *out; { int j,i,k; unsigned int n=0,space=0; DES_LONG l; DES_LONG w,x,y,z; unsigned int blank=(unsigned int)'\n'-' '; for (j=0; j 60) { fprintf(stderr,"uuencoded line length too long\n"); return(-1); } j++; for (i=0; i 63) || (x > 63) || (y > 63) || (z > 63)) { k=0; if (w == blank) k=1; if (x == blank) k=2; if (y == blank) k=3; if (z == blank) k=4; space=1; switch (k) { case 1: w=0; in--; case 2: x=0; in--; case 3: y=0; in--; case 4: z=0; in--; break; case 0: space=0; fprintf(stderr,"bad uuencoded data values\n"); w=x=y=z=0; return(-1); break; } } l=(w<<18)|(x<<12)|(y<< 6)|(z ); l2ccc(l,out); } if (*(in++) != '\n') { fprintf(stderr,"missing nl in uuencoded line\n"); w=x=y=z=0; return(-1); } j++; } *out='\0'; w=x=y=z=0; return(n); } cyrus-sasl-2.1.25/mac/libdes/src/Makefile.am0000777000076400007640000000117107403027642015477 00000000000000# $Id: Makefile.am,v 1.2 2001/12/04 02:06:26 rjs3 Exp $ AUTOMAKE_OPTIONS = no-dependencies foreign INCLUDES = -I$(top_builddir)/include #lib_LIBRARIES = libdes.a lib_LTLIBRARIES = libdes.la include_HEADERS = des.h noinst_PROGRAMS = destest mdtest bin_PROGRAMS = des rpw speed LDADD = $(lib_LTLIBRARIES) libdes_la_SOURCES = \ cbc3_enc.c cbc_cksm.c cbc_enc.c \ cfb64ede.c cfb64enc.c cfb_enc.c des_enc.c \ ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c \ enc_writ.c fcrypt.c key_par.c md4.c md5.c \ ncbc_enc.c ofb64ede.c ofb64enc.c ofb_enc.c \ pcbc_enc.c qud_cksm.c read_pwd.c rnd_keys.c \ set_key.c sha.c str2key.c xcbc_enc.c cyrus-sasl-2.1.25/mac/libdes/src/ecb_enc.c0000777000076400007640000001031207403027645015165 00000000000000/* crypto/des/ecb_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" #include "spr.h" char *libdes_version="libdes v 4.01 - 13-Jan-1997 - eay"; char *DES_version="DES part of SSLeay 0.6.6 14-Jan-1997"; char *des_options() { static int init=1; static char buf[32]; if (init) { char *ptr,*unroll,*risc,*size; init=0; #ifdef DES_PTR ptr="ptr"; #else ptr="idx"; #endif #if defined(DES_RISC1) || defined(DES_RISC2) #ifdef DES_RISC1 risc="risc1"; #endif #ifdef DES_RISC2 risc="risc2"; #endif #else risc="cisc"; #endif #ifdef DES_UNROLL unroll="16"; #else unroll="4"; #endif if (sizeof(DES_LONG) != sizeof(long)) size="int"; else size="long"; sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); } return(buf); } void des_ecb_encrypt(input, output, ks, encrypt) des_cblock (*input); des_cblock (*output); des_key_schedule ks; int encrypt; { register DES_LONG l; register unsigned char *in,*out; DES_LONG ll[2]; in=(unsigned char *)input; out=(unsigned char *)output; c2l(in,l); ll[0]=l; c2l(in,l); ll[1]=l; des_encrypt(ll,ks,encrypt); l=ll[0]; l2c(l,out); l=ll[1]; l2c(l,out); l=ll[0]=ll[1]=0; } cyrus-sasl-2.1.25/mac/libdes/src/Makefile.uni0000777000076400007640000001432707403027643015705 00000000000000# You must select the correct terminal control system to be used to # turn character echo off when reading passwords. There a 5 systems # SGTTY - the old BSD system # TERMIO - most system V boxes # TERMIOS - SGI (ala IRIX). # VMS - the DEC operating system # MSDOS - we all know what it is :-) # read_pwd.c makes a reasonable guess at what is correct. # If you are on a DEC Alpha, edit des.h and change the DES_LONG # define to 'unsigned int'. I have seen this give a %20 speedup. OPTS0= -DRAND -DTERMIO #-DNOCONST # Version 1.94 has changed the strings_to_key function so that it is # now compatible with MITs when the string is longer than 8 characters. # If you wish to keep the old version, uncomment the following line. # This will affect the -E/-D options on des(1). #OPTS1= -DOLD_STR_TO_KEY # There are 4 possible performance options # -DDES_PTR # -DDES_RISC1 # -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2) # -DDES_UNROLL # after the initial build, run 'des_opts' to see which options are best # for your platform. There are some listed in options.txt #OPTS2= -DDES_PTR #OPTS3= -DDES_RISC1 # or DES_RISC2 OPTS4= -DDES_UNROLL OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4) CC=cc CFLAGS= -D_HPUX_SOURCE -Aa +O2 $(OPTS) $(CFLAG) #CC=gcc #CFLAGS= -O3 -fomit-frame-pointer $(OPTS) $(CFLAG) CPP=$(CC) -E DES_ENC=des_enc.o # normal C version #DES_ENC=asm/dx86-elf.o # elf format x86 #DES_ENC=asm/dx86-out.o # a.out format x86 #DES_ENC=asm/dx86-sol.o # solaris format x86 #DES_ENC=asm/dx86bsdi.o # bsdi format x86 LIBDIR=/usr/local/lib BINDIR=/usr/local/bin INCDIR=/usr/local/include MANDIR=/usr/local/man MAN1=1 MAN3=3 SHELL=/bin/sh OBJS= cbc3_enc.o cbc_cksm.o cbc_enc.o ncbc_enc.o pcbc_enc.o qud_cksm.o \ cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o ecb_enc.o ede_enc.o \ enc_read.o enc_writ.o fcrypt.o ofb64ede.o ofb64enc.o ofb_enc.o \ rand_key.o read_pwd.o set_key.o rpc_enc.o str2key.o supp.o \ $(DES_ENC) xcbc_enc.o GENERAL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \ GNUmakefile des.man DES.pm DES.pod DES.xs Makefile.PL \ Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \ des.org des_locl.org DES= des.c TESTING=rpw.c $(TESTING_LIT) HEADERS= $(HEADERS_LIT) rpc_des.h LIBDES= cbc_cksm.c pcbc_enc.c qud_cksm.c \ cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c cbc3_enc.c \ enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c \ rand_key.c rpc_enc.c str2key.c supp.c \ xcbc_enc.c $(LIBDES_LIT) read_pwd.c TESTING_LIT=destest.c speed.c des_opts.c GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \ des.doc options.txt asm HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h LIBDES_LIT=ede_enc.c cbc_enc.c ncbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c PERL= des.pl testdes.pl doIP doIP2 doPC1 doPC2 PC1 PC2 shifts.pl ALL= $(GENERAL) $(DES) $(TESTING) $(LIBDES) $(PERL) $(HEADERS) DLIB= libdes.a all: $(DLIB) destest rpw des speed des_opts cc: make CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all gcc: make CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all x86-elf: make DES_ENC=asm/dx86-elf.o CC=gcc CFLAGS="-DELF -O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all x86-out: make DES_ENC=asm/dx86-out.o CC=gcc CFLAGS="-DOUT -O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all x86-solaris: make DES_ENC=asm/dx86-sol.o CFLAGS="-DSOL -O $(OPTS) $(CFLAG)" all x86-bsdi: make DES_ENC=asm/dx86bsdi.o CC=gcc CFLAGS="-DBSDI -O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all asm/dx86-elf.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o asm/dx86-sol.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o asm/dx86-out.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o asm/dx86bsdi.o: asm/dx86-cpp.s asm/dx86unix.cpp $(CPP) -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o test: all ./destest $(DLIB): $(OBJS) /bin/rm -f $(DLIB) ar cr $(DLIB) $(OBJS) -if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \ else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \ else exit 0; fi; fi des_opts: des_opts.o libdes.a $(CC) $(CFLAGS) -o des_opts des_opts.o libdes.a destest: destest.o libdes.a $(CC) $(CFLAGS) -o destest destest.o libdes.a rpw: rpw.o libdes.a $(CC) $(CFLAGS) -o rpw rpw.o libdes.a speed: speed.o libdes.a $(CC) $(CFLAGS) -o speed speed.o libdes.a des: des.o libdes.a $(CC) $(CFLAGS) -o des des.o libdes.a tags: ctags $(DES) $(TESTING) $(LIBDES) tar_lit: /bin/mv Makefile Makefile.tmp /bin/cp Makefile.lit Makefile tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \ $(GENERAL_LIT) $(TESTING_LIT) /bin/rm -f Makefile /bin/mv Makefile.tmp Makefile tar: tar chf libdes.tar $(ALL) shar: shar $(ALL) >libdes.shar depend: makedepend $(LIBDES) $(DES) $(TESTING) clean: /bin/rm -f *.o tags core rpw destest des speed $(DLIB) .nfs* *.old \ *.bak destest rpw des_opts asm/*.o dclean: sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new mv -f Makefile.new Makefile # Eric is probably going to choke when he next looks at this --tjh install: $(DLIB) des if test $(INSTALLTOP); then \ echo SSL style install; \ cp $(DLIB) $(INSTALLTOP)/lib; \ if test -s /bin/ranlib; then \ /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \ else \ if test -s /usr/bin/ranlib; then \ /usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \ fi; fi; \ chmod 644 $(INSTALLTOP)/lib/$(DLIB); \ cp des.h $(INSTALLTOP)/include; \ chmod 644 $(INSTALLTOP)/include/des.h; \ cp des $(INSTALLTOP)/bin; \ chmod 755 $(INSTALLTOP)/bin/des; \ else \ echo Standalone install; \ cp $(DLIB) $(LIBDIR)/$(DLIB); \ if test -s /bin/ranlib; then \ /bin/ranlib $(LIBDIR)/$(DLIB); \ else \ if test -s /usr/bin/ranlib; then \ /usr/bin/ranlib $(LIBDIR)/$(DLIB); \ fi; \ fi; \ chmod 644 $(LIBDIR)/$(DLIB); \ cp des $(BINDIR)/des; \ chmod 711 $(BINDIR)/des; \ cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \ chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \ cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \ chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \ cp des.h $(INCDIR)/des.h; \ chmod 644 $(INCDIR)/des.h; \ fi # DO NOT DELETE THIS LINE -- make depend depends on it. cyrus-sasl-2.1.25/mac/libdes/src/des_opts.c0000777000076400007640000003621707403027645015443 00000000000000/* crypto/des/des_opts.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* define PART1, PART2, PART3 or PART4 to build only with a few of the options. * This is for machines with 64k code segment size restrictions. */ #ifndef MSDOS #define TIMES #endif #include #ifndef MSDOS #include #else #include extern void exit(); #endif #include #ifndef VMS #ifndef _IRIX #include #endif #ifdef TIMES #include #include #endif #else /* VMS */ #include struct tms { time_t tms_utime; time_t tms_stime; time_t tms_uchild; /* I dunno... */ time_t tms_uchildsys; /* so these names are a guess :-) */ } #endif #ifndef TIMES #include #endif #ifdef sun #include #include #endif #include "des.h" #include "spr.h" #define DES_DEFAULT_OPTIONS #if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4) #define PART1 #define PART2 #define PART3 #define PART4 #endif #ifdef PART1 #undef DES_UNROLL #undef DES_RISC1 #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT #define des_encrypt des_encrypt_u4_cisc_idx #define des_encrypt2 des_encrypt2_u4_cisc_idx #define des_encrypt3 des_encrypt3_u4_cisc_idx #define des_decrypt3 des_decrypt3_u4_cisc_idx #undef HEADER_DES_LOCL_H #include "des_enc.c" #define DES_UNROLL #undef DES_RISC1 #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u16_cisc_idx #define des_encrypt2 des_encrypt2_u16_cisc_idx #define des_encrypt3 des_encrypt3_u16_cisc_idx #define des_decrypt3 des_decrypt3_u16_cisc_idx #undef HEADER_DES_LOCL_H #include "des_enc.c" #undef DES_UNROLL #define DES_RISC1 #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u4_risc1_idx #define des_encrypt2 des_encrypt2_u4_risc1_idx #define des_encrypt3 des_encrypt3_u4_risc1_idx #define des_decrypt3 des_decrypt3_u4_risc1_idx #undef HEADER_DES_LOCL_H #include "des_enc.c" #endif #ifdef PART2 #undef DES_UNROLL #undef DES_RISC1 #define DES_RISC2 #undef DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u4_risc2_idx #define des_encrypt2 des_encrypt2_u4_risc2_idx #define des_encrypt3 des_encrypt3_u4_risc2_idx #define des_decrypt3 des_decrypt3_u4_risc2_idx #undef HEADER_DES_LOCL_H #include "des_enc.c" #define DES_UNROLL #define DES_RISC1 #undef DES_RISC2 #undef DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u16_risc1_idx #define des_encrypt2 des_encrypt2_u16_risc1_idx #define des_encrypt3 des_encrypt3_u16_risc1_idx #define des_decrypt3 des_decrypt3_u16_risc1_idx #undef HEADER_DES_LOCL_H #include "des_enc.c" #define DES_UNROLL #undef DES_RISC1 #define DES_RISC2 #undef DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u16_risc2_idx #define des_encrypt2 des_encrypt2_u16_risc2_idx #define des_encrypt3 des_encrypt3_u16_risc2_idx #define des_decrypt3 des_decrypt3_u16_risc2_idx #undef HEADER_DES_LOCL_H #include "des_enc.c" #endif #ifdef PART3 #undef DES_UNROLL #undef DES_RISC1 #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u4_cisc_ptr #define des_encrypt2 des_encrypt2_u4_cisc_ptr #define des_encrypt3 des_encrypt3_u4_cisc_ptr #define des_decrypt3 des_decrypt3_u4_cisc_ptr #undef HEADER_DES_LOCL_H #include "des_enc.c" #define DES_UNROLL #undef DES_RISC1 #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u16_cisc_ptr #define des_encrypt2 des_encrypt2_u16_cisc_ptr #define des_encrypt3 des_encrypt3_u16_cisc_ptr #define des_decrypt3 des_decrypt3_u16_cisc_ptr #undef HEADER_DES_LOCL_H #include "des_enc.c" #undef DES_UNROLL #define DES_RISC1 #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u4_risc1_ptr #define des_encrypt2 des_encrypt2_u4_risc1_ptr #define des_encrypt3 des_encrypt3_u4_risc1_ptr #define des_decrypt3 des_decrypt3_u4_risc1_ptr #undef HEADER_DES_LOCL_H #include "des_enc.c" #endif #ifdef PART4 #undef DES_UNROLL #undef DES_RISC1 #define DES_RISC2 #define DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u4_risc2_ptr #define des_encrypt2 des_encrypt2_u4_risc2_ptr #define des_encrypt3 des_encrypt3_u4_risc2_ptr #define des_decrypt3 des_decrypt3_u4_risc2_ptr #undef HEADER_DES_LOCL_H #include "des_enc.c" #define DES_UNROLL #define DES_RISC1 #undef DES_RISC2 #define DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u16_risc1_ptr #define des_encrypt2 des_encrypt2_u16_risc1_ptr #define des_encrypt3 des_encrypt3_u16_risc1_ptr #define des_decrypt3 des_decrypt3_u16_risc1_ptr #undef HEADER_DES_LOCL_H #include "des_enc.c" #define DES_UNROLL #undef DES_RISC1 #define DES_RISC2 #define DES_PTR #undef D_ENCRYPT #undef des_encrypt #undef des_encrypt2 #undef des_encrypt3 #undef des_decrypt3 #define des_encrypt des_encrypt_u16_risc2_ptr #define des_encrypt2 des_encrypt2_u16_risc2_ptr #define des_encrypt3 des_encrypt3_u16_risc2_ptr #define des_decrypt3 des_decrypt3_u16_risc2_ptr #undef HEADER_DES_LOCL_H #include "des_enc.c" #endif /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ #ifndef CLK_TCK #ifndef VMS #define HZ 100.0 #else /* VMS */ #define HZ 100.0 #endif #else /* CLK_TCK */ #define HZ ((double)CLK_TCK) #endif #endif #define BUFSIZE ((long)1024) long run=0; #ifndef NOPROTO double Time_F(int s); #else double Time_F(); #endif #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) #define SIGRETTYPE void #else #define SIGRETTYPE int #endif #ifndef NOPROTO SIGRETTYPE sig_done(int sig); #else SIGRETTYPE sig_done(); #endif SIGRETTYPE sig_done(sig) int sig; { signal(SIGALRM,sig_done); run=0; #ifdef LINT sig=sig; #endif } #endif #define START 0 #define STOP 1 double Time_F(s) int s; { double ret; #ifdef TIMES static struct tms tstart,tend; if (s == START) { times(&tstart); return(0); } else { times(&tend); ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } #else /* !times() */ static struct timeb tstart,tend; long i; if (s == START) { ftime(&tstart); return(0); } else { ftime(&tend); i=(long)tend.millitm-(long)tstart.millitm; ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; return((ret == 0.0)?1e-6:ret); } #endif } #ifdef SIGALRM #define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); #else #define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); #endif #define time_it(func,name,index) \ print_name(name); \ Time_F(START); \ for (count=0,run=1; COND(cb); count++) \ { \ unsigned long d[2]; \ func(d,&(sch[0]),DES_ENCRYPT); \ } \ tm[index]=Time_F(STOP); \ fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ tm[index]=((double)COUNT(cb))/tm[index]; #define print_it(name,index) \ fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ tm[index]*8,1.0e6/tm[index]); int main(argc,argv) int argc; char **argv; { long count; static unsigned char buf[BUFSIZE]; static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; des_key_schedule sch,sch2,sch3; double d,tm[16],max=0; int rank[16]; char *str[16]; int max_idx=0,i,num=0,j; #ifndef SIGALARM long ca,cb,cc,cd,ce; #endif for (i=0; i<12; i++) { tm[i]=0.0; rank[i]=0; } #ifndef TIMES fprintf(stderr,"To get the most acurate results, try to run this\n"); fprintf(stderr,"program when this computer is idle.\n"); #endif des_set_key((C_Block *)key,sch); des_set_key((C_Block *)key2,sch2); des_set_key((C_Block *)key3,sch3); #ifndef SIGALRM fprintf(stderr,"First we calculate the approximate speed ...\n"); des_set_key((C_Block *)key,sch); count=10; do { long i; unsigned long data[2]; count*=2; Time_F(START); for (i=count; i; i--) des_encrypt(data,&(sch[0]),DES_ENCRYPT); d=Time_F(STOP); } while (d < 3.0); ca=count; cb=count*3; cc=count*3*8/BUFSIZE+1; cd=count*8/BUFSIZE+1; ce=count/20+1; #define COND(d) (count != (d)) #define COUNT(d) (d) #else #define COND(c) (run) #define COUNT(d) (count) signal(SIGALRM,sig_done); alarm(10); #endif #ifdef PART1 time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0); time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1); time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2); num+=3; #endif #ifdef PART2 time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3); time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4); time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5); num+=3; #endif #ifdef PART3 time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6); time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7); time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8); num+=3; #endif #ifdef PART4 time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9); time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10); time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11); num+=3; #endif #ifdef PART1 str[0]=" 4 c i"; print_it("des_encrypt_u4_cisc_idx ",0); max=tm[0]; max_idx=0; str[1]="16 c i"; print_it("des_encrypt_u16_cisc_idx ",1); if (max < tm[1]) { max=tm[1]; max_idx=1; } str[2]=" 4 r1 i"; print_it("des_encrypt_u4_risc1_idx ",2); if (max < tm[2]) { max=tm[2]; max_idx=2; } #endif #ifdef PART2 str[3]="16 r1 i"; print_it("des_encrypt_u16_risc1_idx",3); if (max < tm[3]) { max=tm[3]; max_idx=3; } str[4]=" 4 r2 i"; print_it("des_encrypt_u4_risc2_idx ",4); if (max < tm[4]) { max=tm[4]; max_idx=4; } str[5]="16 r2 i"; print_it("des_encrypt_u16_risc2_idx",5); if (max < tm[5]) { max=tm[5]; max_idx=5; } #endif #ifdef PART3 str[6]=" 4 c p"; print_it("des_encrypt_u4_cisc_ptr ",6); if (max < tm[6]) { max=tm[6]; max_idx=6; } str[7]="16 c p"; print_it("des_encrypt_u16_cisc_ptr ",7); if (max < tm[7]) { max=tm[7]; max_idx=7; } str[8]=" 4 r1 p"; print_it("des_encrypt_u4_risc1_ptr ",8); if (max < tm[8]) { max=tm[8]; max_idx=8; } #endif #ifdef PART4 str[9]="16 r1 p"; print_it("des_encrypt_u16_risc1_ptr",9); if (max < tm[9]) { max=tm[9]; max_idx=9; } str[10]=" 4 r2 p"; print_it("des_encrypt_u4_risc2_ptr ",10); if (max < tm[10]) { max=tm[10]; max_idx=10; } str[11]="16 r2 p"; print_it("des_encrypt_u16_risc2_ptr",11); if (max < tm[11]) { max=tm[11]; max_idx=11; } #endif printf("options des ecb/s\n"); printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); d=tm[max_idx]; tm[max_idx]= -2.0; max= -1.0; for (;;) { for (i=0; i<12; i++) { if (max < tm[i]) { max=tm[i]; j=i; } } if (max < 0.0) break; printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); tm[j]= -2.0; max= -1.0; } switch (max_idx) { case 0: printf("-DDES_DEFAULT_OPTIONS\n"); break; case 1: printf("-DDES_UNROLL\n"); break; case 2: printf("-DDES_RISC1\n"); break; case 3: printf("-DDES_UNROLL -DDES_RISC1\n"); break; case 4: printf("-DDES_RISC2\n"); break; case 5: printf("-DDES_UNROLL -DDES_RISC2\n"); break; case 6: printf("-DDES_PTR\n"); break; case 7: printf("-DDES_UNROLL -DDES_PTR\n"); break; case 8: printf("-DDES_RISC1 -DDES_PTR\n"); break; case 9: printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n"); break; case 10: printf("-DDES_RISC2 -DDES_PTR\n"); break; case 11: printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n"); break; } exit(0); #if defined(LINT) || defined(MSDOS) return(0); #endif } cyrus-sasl-2.1.25/mac/libdes/src/DES.pod0000777000076400007640000000112207403027642014556 00000000000000crypt <= crypt(buf,salt) key <= set_odd_parity(key) int <= is_weak_key(key) keysched<= set_key(key) key <= ecb_encrypt(string8,ks,enc) key <= ecb3_encrypt(input,ks1,ks2,enc) string <= cbc_encrypt(input,ks,ivec,enc) => ivec string <= cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc) => ivec1&ivec2 ck1,ck2 <= cbc_cksum(input,ks,ivec) => ivec string <= pcbc_encrypt(input,ks,ivec,enc) => ivec string <= ofb_encrypt(input,numbits,ks,ivec) => ivec string <= cfb_encrypt(input,numbits,ks,ivec,enc) => ivec key <= random_key() key <= string_to_key(string) key1,key2<= string_to_2keys(string) cyrus-sasl-2.1.25/mac/libdes/src/des_locl.h0000777000076400007640000003730507403027644015412 00000000000000#ifdef HAVE_CONFIG_H #include "config.h" /* if (we have termios.h) define TERMIOS else if (we have termio.h) define TERMIO */ #ifdef HAVE_TERMIOS_H #define TERMIOS #else /* !HAVE_TERMIOS_H */ #ifdef HAVE_TERMIO_H #define TERMIO #endif #endif /* !HAVE_TERMIOS_H */ #endif /* HAVE_CONFIG_H */ /* crypto/des/des_locl.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * Always modify des_locl.org since des_locl.h is automatically generated from * it during SSLeay configuration. * * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING */ #ifndef HEADER_DES_LOCL_H #define HEADER_DES_LOCL_H #if defined(WIN32) || defined(WIN16) #ifndef MSDOS #define MSDOS #endif #endif #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_IO_H #include #endif #include "des.h" #ifndef DES_DEFAULT_OPTIONS /* the following is tweaked from a config script, that is why it is a * protected undef/define */ #ifndef DES_PTR #undef DES_PTR #endif /* This helps C compiler generate the correct code for multiple functional * units. It reduces register dependancies at the expense of 2 more * registers */ #ifndef DES_RISC1 #undef DES_RISC1 #endif #ifndef DES_RISC2 #undef DES_RISC2 #endif #if defined(DES_RISC1) && defined(DES_RISC2) YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL #undef DES_UNROLL #endif /* These default values were supplied by * Peter Gutman * They are only used if nothing else has been defined */ #if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) /* Special defines which change the way the code is built depending on the CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find even newer MIPS CPU's, but at the moment one size fits all for optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ #if defined( sun ) /* Newer Sparc's */ #define DES_PTR #define DES_RISC1 #define DES_UNROLL #elif defined( __ultrix ) /* Older MIPS */ #define DES_PTR #define DES_RISC2 #define DES_UNROLL #elif defined( __osf1__ ) /* Alpha */ #define DES_PTR #define DES_RISC2 #elif defined ( _AIX ) /* RS6000 */ /* Unknown */ #elif defined( __hpux ) /* HP-PA */ #define DES_UNROLL #elif defined( __aux ) /* 68K */ /* Unknown */ #elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ #define DES_UNROLL #elif defined( __sgi ) /* Newer MIPS */ #define DES_PTR #define DES_RISC2 #define DES_UNROLL #elif defined( i386 ) /* x86 boxes, should be gcc */ #define DES_PTR #define DES_RISC1 #define DES_UNROLL #endif /* Systems-specific speed defines */ #endif #endif /* DES_DEFAULT_OPTIONS */ #ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */ #include #include #include #include #ifndef RAND #define RAND #endif #undef NOPROTO #endif #if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS) || defined(WIN32) #include #endif #ifndef RAND #define RAND #endif #ifdef linux #undef RAND #endif #ifdef MSDOS #define getpid() 2 #define RAND #undef NOPROTO #endif #if defined(NOCONST) #define const #endif #ifdef __STDC__ #undef NOPROTO #endif #ifdef RAND #define srandom(s) srand(s) #define random rand #endif #define ITERATIONS 16 #define HALF_ITERATIONS 8 /* used in des_read and des_write */ #define MAXWRITE (1024*16) #define BSIZE (MAXWRITE+4) #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ l|=((DES_LONG)(*((c)++)))<< 8L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ l|=((DES_LONG)(*((c)++)))<<24L) /* NOTE - c is not incremented as per c2l */ #define c2ln(c,l1,l2,n) { \ c+=n; \ l1=l2=0; \ switch (n) { \ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ case 5: l2|=((DES_LONG)(*(--(c)))); \ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ case 1: l1|=((DES_LONG)(*(--(c)))); \ } \ } #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) /* replacements for htonl and ntohl since I have no idea what to do * when faced with machines with 8 byte longs. */ #define HDRSIZE 4 #define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ l|=((DES_LONG)(*((c)++)))<< 8L, \ l|=((DES_LONG)(*((c)++)))) #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) /* NOTE - c is not incremented as per l2c */ #define l2cn(l1,l2,c,n) { \ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ } \ } #if defined(WIN32) #define ROTATE(a,n) (_lrotr(a,n)) #else #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) #endif /* Don't worry about the LOAD_DATA() stuff, that is used by * fcrypt() to add it's little bit to the front */ #ifdef DES_FCRYPT #define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ t=R^(R>>16L); \ u=t&E0; t&=E1; \ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ tmp=(t<<16); t^=R^s[S+1]; t^=tmp #else #define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ u=R^s[S ]; \ t=R^s[S+1] #endif /* The changes to this macro may help or hinder, depending on the * compiler and the achitecture. gcc2 always seems to do well :-). * Inspired by Dana How * DO NOT use the alternative version on machines with 8 byte longs. * It does not seem to work on the Alpha, even when DES_LONG is 4 * bytes, probably an issue of accessing non-word aligned objects :-( */ #ifdef DES_PTR /* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there * is no reason to not xor all the sub items together. This potentially * saves a register since things can be xored directly into L */ #if defined(DES_RISC1) || defined(DES_RISC2) #ifdef DES_RISC1 #define D_ENCRYPT(LL,R,S) { \ unsigned int u1,u2,u3; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u2=(int)u>>8L; \ u1=(int)u&0xfc; \ u2&=0xfc; \ t=ROTATE(t,4); \ u>>=16L; \ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ u3=(int)(u>>8L); \ u1=(int)u&0xfc; \ u3&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \ u2=(int)t>>8L; \ u1=(int)t&0xfc; \ u2&=0xfc; \ t>>=16L; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ u3=(int)t>>8L; \ u1=(int)t&0xfc; \ u3&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); } #endif #ifdef DES_RISC2 #define D_ENCRYPT(LL,R,S) { \ unsigned int u1,u2,s1,s2; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u2=(int)u>>8L; \ u1=(int)u&0xfc; \ u2&=0xfc; \ t=ROTATE(t,4); \ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ s1=(int)(u>>16L); \ s2=(int)(u>>24L); \ s1&=0xfc; \ s2&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \ u2=(int)t>>8L; \ u1=(int)t&0xfc; \ u2&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ s1=(int)(t>>16L); \ s2=(int)(t>>24L); \ s1&=0xfc; \ s2&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); } #endif #else #define D_ENCRYPT(LL,R,S) { \ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ t=ROTATE(t,4); \ LL^= \ *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); } #endif #else /* original version */ #if defined(DES_RISC1) || defined(DES_RISC2) #ifdef DES_RISC1 #define D_ENCRYPT(LL,R,S) {\ unsigned int u1,u2,u3; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u>>=2L; \ t=ROTATE(t,6); \ u2=(int)u>>8L; \ u1=(int)u&0x3f; \ u2&=0x3f; \ u>>=16L; \ LL^=des_SPtrans[0][u1]; \ LL^=des_SPtrans[2][u2]; \ u3=(int)u>>8L; \ u1=(int)u&0x3f; \ u3&=0x3f; \ LL^=des_SPtrans[4][u1]; \ LL^=des_SPtrans[6][u3]; \ u2=(int)t>>8L; \ u1=(int)t&0x3f; \ u2&=0x3f; \ t>>=16L; \ LL^=des_SPtrans[1][u1]; \ LL^=des_SPtrans[3][u2]; \ u3=(int)t>>8L; \ u1=(int)t&0x3f; \ u3&=0x3f; \ LL^=des_SPtrans[5][u1]; \ LL^=des_SPtrans[7][u3]; } #endif #ifdef DES_RISC2 #define D_ENCRYPT(LL,R,S) {\ unsigned int u1,u2,s1,s2; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u>>=2L; \ t=ROTATE(t,6); \ u2=(int)u>>8L; \ u1=(int)u&0x3f; \ u2&=0x3f; \ LL^=des_SPtrans[0][u1]; \ LL^=des_SPtrans[2][u2]; \ s1=(int)u>>16L; \ s2=(int)u>>24L; \ s1&=0x3f; \ s2&=0x3f; \ LL^=des_SPtrans[4][s1]; \ LL^=des_SPtrans[6][s2]; \ u2=(int)t>>8L; \ u1=(int)t&0x3f; \ u2&=0x3f; \ LL^=des_SPtrans[1][u1]; \ LL^=des_SPtrans[3][u2]; \ s1=(int)t>>16; \ s2=(int)t>>24L; \ s1&=0x3f; \ s2&=0x3f; \ LL^=des_SPtrans[5][s1]; \ LL^=des_SPtrans[7][s2]; } #endif #else #define D_ENCRYPT(LL,R,S) {\ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ t=ROTATE(t,4); \ LL^=\ des_SPtrans[0][(u>> 2L)&0x3f]^ \ des_SPtrans[2][(u>>10L)&0x3f]^ \ des_SPtrans[4][(u>>18L)&0x3f]^ \ des_SPtrans[6][(u>>26L)&0x3f]^ \ des_SPtrans[1][(t>> 2L)&0x3f]^ \ des_SPtrans[3][(t>>10L)&0x3f]^ \ des_SPtrans[5][(t>>18L)&0x3f]^ \ des_SPtrans[7][(t>>26L)&0x3f]; } #endif #endif /* IP and FP * The problem is more of a geometric problem that random bit fiddling. 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 The output has been subject to swaps of the form 0 1 -> 3 1 but the odd and even bits have been put into 2 3 2 0 different words. The main trick is to remember that t=((l>>size)^r)&(mask); r^=t; l^=(t<>(n))^(b))&(m)),\ (b)^=(t),\ (a)^=((t)<<(n))) #define IP(l,r) \ { \ register DES_LONG tt; \ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ PERM_OP(l,r,tt,16,0x0000ffffL); \ PERM_OP(r,l,tt, 2,0x33333333L); \ PERM_OP(l,r,tt, 8,0x00ff00ffL); \ PERM_OP(r,l,tt, 1,0x55555555L); \ } #define FP(l,r) \ { \ register DES_LONG tt; \ PERM_OP(l,r,tt, 1,0x55555555L); \ PERM_OP(r,l,tt, 8,0x00ff00ffL); \ PERM_OP(l,r,tt, 2,0x33333333L); \ PERM_OP(r,l,tt,16,0x0000ffffL); \ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } extern const DES_LONG des_SPtrans[8][64]; #endif cyrus-sasl-2.1.25/mac/libdes/src/sha.h0000777000076400007640000000455607403027647014406 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: sha.h,v 1.2 2001/12/04 02:06:31 rjs3 Exp $ */ #include #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_BITYPES_H #include #endif #ifdef KRB5 #include #elif defined(KRB4) #include #endif struct sha { unsigned int offset; unsigned int sz; u_int32_t counter[5]; unsigned char save[64]; }; void sha_init (struct sha *m); void sha_update (struct sha *m, const void *v, size_t len); void sha_finito (struct sha *m, void *res); cyrus-sasl-2.1.25/mac/libdes/src/des.def0000777000076400007640000000127707403027643014706 00000000000000LIBRARY des BASE=0x06000000 EXPORTS des_ecb3_encrypt des_cbc_cksum des_cbc_encrypt des_ncbc_encrypt des_3cbc_encrypt des_cfb_encrypt des_ede3_cfb64_encrypt des_ede3_ofb64_encrypt des_ecb_encrypt des_encrypt des_encrypt2 des_ede3_cbc_encrypt des_enc_read des_enc_write crypt des_ofb_encrypt des_pcbc_encrypt des_quad_cksum des_read_password des_read_2passwords des_read_pw_string des_set_odd_parity des_is_weak_key des_set_key des_key_sched des_string_to_key des_string_to_2keys des_cfb64_encrypt des_ofb64_encrypt des_cblock_print_file des_new_random_key des_init_random_number_generator des_set_random_generator_seed des_set_sequence_number des_generate_random_block cyrus-sasl-2.1.25/mac/libdes/src/str2key.c0000777000076400007640000001253207403027650015214 00000000000000/* crypto/des/str2key.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "des_locl.h" extern int des_check_key; void des_string_to_key(str, key) char *str; des_cblock (*key); { des_key_schedule ks; int i,length; register unsigned char j; memset(key,0,8); length=strlen(str); #ifdef OLD_STR_TO_KEY for (i=0; i>4)&0x0f); j=((j<<2)&0xcc)|((j>>2)&0x33); j=((j<<1)&0xaa)|((j>>1)&0x55); (*key)[7-(i%8)]^=j; } } #endif des_set_odd_parity((des_cblock *)key); i=des_check_key; des_check_key=0; des_set_key((des_cblock *)key,ks); des_check_key=i; des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks, (des_cblock *)key); memset(ks,0,sizeof(ks)); des_set_odd_parity((des_cblock *)key); } void des_string_to_2keys(str, key1, key2) char *str; des_cblock (*key1); des_cblock (*key2); { des_key_schedule ks; int i,length; register unsigned char j; memset(key1,0,8); memset(key2,0,8); length=strlen(str); #ifdef OLD_STR_TO_KEY if (length <= 8) { for (i=0; i>4)&0x0f); j=((j<<2)&0xcc)|((j>>2)&0x33); j=((j<<1)&0xaa)|((j>>1)&0x55); if ((i%16) < 8) (*key1)[7-(i%8)]^=j; else (*key2)[7-(i%8)]^=j; } } if (length <= 8) memcpy(key2,key1,8); #endif des_set_odd_parity((des_cblock *)key1); des_set_odd_parity((des_cblock *)key2); i=des_check_key; des_check_key=0; des_set_key((des_cblock *)key1,ks); des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks, (des_cblock *)key1); des_set_key((des_cblock *)key2,ks); des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks, (des_cblock *)key2); des_check_key=i; memset(ks,0,sizeof(ks)); des_set_odd_parity(key1); des_set_odd_parity(key2); } cyrus-sasl-2.1.25/mac/libdes/src/des_crypt.man0000777000076400007640000003106407403027644016142 00000000000000.TH DES_CRYPT 3 .SH NAME des_read_password, des_read_2password, des_string_to_key, des_string_to_2key, des_read_pw_string, des_random_key, des_set_key, des_key_sched, des_ecb_encrypt, des_3ecb_encrypt, des_cbc_encrypt, des_3cbc_encrypt, des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt, des_cbc_cksum, des_quad_cksum, des_enc_read, des_enc_write, des_set_odd_parity, des_is_weak_key, crypt \- (non USA) DES encryption .SH SYNOPSIS .nf .nj .ft B #include .PP .B int des_read_password(key,prompt,verify) des_cblock *key; char *prompt; int verify; .PP .B int des_read_2password(key1,key2,prompt,verify) des_cblock *key1,*key2; char *prompt; int verify; .PP .B int des_string_to_key(str,key) char *str; des_cblock *key; .PP .B int des_string_to_2keys(str,key1,key2) char *str; des_cblock *key1,*key2; .PP .B int des_read_pw_string(buf,length,prompt,verify) char *buf; int length; char *prompt; int verify; .PP .B int des_random_key(key) des_cblock *key; .PP .B int des_set_key(key,schedule) des_cblock *key; des_key_schedule schedule; .PP .B int des_key_sched(key,schedule) des_cblock *key; des_key_schedule schedule; .PP .B int des_ecb_encrypt(input,output,schedule,encrypt) des_cblock *input; des_cblock *output; des_key_schedule schedule; int encrypt; .PP .B int des_3ecb_encrypt(input,output,ks1,ks2,encrypt) des_cblock *input; des_cblock *output; des_key_schedule ks1,ks2; int encrypt; .PP .B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt) des_cblock *input; des_cblock *output; long length; des_key_schedule schedule; des_cblock *ivec; int encrypt; .PP .B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt) des_cblock *input; des_cblock *output; long length; des_key_schedule sk1; des_key_schedule sk2; des_cblock *ivec1; des_cblock *ivec2; int encrypt; .PP .B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt) des_cblock *input; des_cblock *output; long length; des_key_schedule schedule; des_cblock *ivec; int encrypt; .PP .B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt) unsigned char *input; unsigned char *output; int numbits; long length; des_key_schedule schedule; des_cblock *ivec; int encrypt; .PP .B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec) unsigned char *input,*output; int numbits; long length; des_key_schedule schedule; des_cblock *ivec; .PP .B unsigned long des_cbc_cksum(input,output,length,schedule,ivec) des_cblock *input; des_cblock *output; long length; des_key_schedule schedule; des_cblock *ivec; .PP .B unsigned long des_quad_cksum(input,output,length,out_count,seed) des_cblock *input; des_cblock *output; long length; int out_count; des_cblock *seed; .PP .B int des_check_key; .PP .B int des_enc_read(fd,buf,len,sched,iv) int fd; char *buf; int len; des_key_schedule sched; des_cblock *iv; .PP .B int des_enc_write(fd,buf,len,sched,iv) int fd; char *buf; int len; des_key_schedule sched; des_cblock *iv; .PP .B extern int des_rw_mode; .PP .B void des_set_odd_parity(key) des_cblock *key; .PP .B int des_is_weak_key(key) des_cblock *key; .PP .B char *crypt(passwd,salt) char *passwd; char *salt; .PP .fi .SH DESCRIPTION This library contains a fast implementation of the DES encryption algorithm. .PP There are two phases to the use of DES encryption. The first is the generation of a .I des_key_schedule from a key, the second is the actual encryption. A des key is of type .I des_cblock. This type is made from 8 characters with odd parity. The least significant bit in the character is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP .I des_read_password writes the string specified by prompt to the standard output, turns off echo and reads an input string from standard input until terminated with a newline. If verify is non-zero, it prompts and reads the input again and verifies that both entered passwords are the same. The entered string is converted into a des key by using the .I des_string_to_key routine. The new key is placed in the .I des_cblock that was passed (by reference) to the routine. If there were no errors, .I des_read_password returns 0, -1 is returned if there was a terminal error and 1 is returned for any other error. .PP .I des_read_2password operates in the same way as .I des_read_password except that it generates 2 keys by using the .I des_string_to_2key function. .PP .I des_read_pw_string is called by .I des_read_password to read and verify a string from a terminal device. The string is returned in .I buf. The size of .I buf is passed to the routine via the .I length parameter. .PP .I des_string_to_key converts a string into a valid des key. .PP .I des_string_to_2key converts a string into 2 valid des keys. This routine is best suited for used to generate keys for use with .I des_3ecb_encrypt. .PP .I des_random_key returns a random key that is made of a combination of process id, time and an increasing counter. .PP Before a des key can be used it is converted into a .I des_key_schedule via the .I des_set_key routine. If the .I des_check_key flag is non-zero, .I des_set_key will check that the key passed is of odd parity and is not a week or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. .PP .I des_key_sched is another name for the .I des_set_key function. .PP The following routines mostly operate on an input and output stream of .I des_cblock's. .PP .I des_ecb_encrypt is the basic DES encryption routine that encrypts or decrypts a single 8-byte .I des_cblock in .I electronic code book mode. It always transforms the input data, pointed to by .I input, into the output data, pointed to by the .I output argument. If the .I encrypt argument is non-zero (DES_ENCRYPT), the .I input (cleartext) is encrypted in to the .I output (ciphertext) using the key_schedule specified by the .I schedule argument, previously set via .I des_set_key. If .I encrypt is zero (DES_DECRYPT), the .I input (now ciphertext) is decrypted into the .I output (now cleartext). Input and output may overlap. No meaningful value is returned. .PP .I des_3ecb_encrypt encrypts/decrypts the .I input block by using triple ecb DES encryption. This involves encrypting the input with .I ks1, decryption with the key schedule .I ks2, and then encryption with the first again. This routine greatly reduces the chances of brute force breaking of DES and has the advantage of if .I ks1 and .I ks2 are the same, it is equivalent to just encryption using ecb mode and .I ks1 as the key. .PP .I des_cbc_encrypt encrypts/decrypts using the .I cipher-block-chaining mode of DES. If the .I encrypt argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the .I input argument into the ciphertext pointed to by the .I output argument, using the key schedule provided by the .I schedule argument, and initialisation vector provided by the .I ivec argument. If the .I length argument is not an integral multiple of eight bytes, the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. To make multiple cbc encrypt calls on a large amount of data appear to be one .I des_cbc_encrypt call, the .I ivec of subsequent calls should be the last 8 bytes of the output. .PP .I des_3cbc_encrypt encrypts/decrypts the .I input block by using triple cbc DES encryption. This involves encrypting the input with key schedule .I ks1, decryption with the key schedule .I ks2, and then encryption with the first again. 2 initialisation vectors are required, .I ivec1 and .I ivec2. Unlike .I des_cbc_encrypt, these initialisation vectors are modified by the subroutine. This routine greatly reduces the chances of brute force breaking of DES and has the advantage of if .I ks1 and .I ks2 are the same, it is equivalent to just encryption using cbc mode and .I ks1 as the key. .PP .I des_pcbc_encrypt encrypt/decrypts using a modified block chaining mode. It provides better error propagation characteristics than cbc encryption. .PP .I des_cfb_encrypt encrypt/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the ivec variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ecb encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP .I des_ofb_encrypt encrypt using output feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the ivec variable is changed and the new changed value needs to be passed to the next call to this function. Since this function runs a complete DES ecb encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP .I des_cbc_cksum produces an 8 byte checksum based on the input stream (via cbc encryption). The last 4 bytes of the checksum is returned and the complete 8 bytes is placed in .I output. .PP .I des_quad_cksum returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on .I out_count, 1, 2, 3 or 4 times. If .I output is non-NULL, the 8 bytes generated by each pass are written into .I output. .PP .I des_enc_write is used to write .I len bytes to file descriptor .I fd from buffer .I buf. The data is encrypted via .I pcbc_encrypt (default) using .I sched for the key and .I iv as a starting vector. The actual data send down .I fd consists of 4 bytes (in network byte order) containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. .PP .I des_enc_read is used to read .I len bytes from file descriptor .I fd into buffer .I buf. The data being read from .I fd is assumed to have come from .I des_enc_write and is decrypted using .I sched for the key schedule and .I iv for the initial vector. The .I des_enc_read/des_enc_write pair can be used to read/write to files, pipes and sockets. I have used them in implementing a version of rlogin in which all data is encrypted. .PP .I des_rw_mode is used to specify the encryption mode to use with .I des_enc_read and .I des_end_write. If set to .I DES_PCBC_MODE (the default), des_pcbc_encrypt is used. If set to .I DES_CBC_MODE des_cbc_encrypt is used. These two routines and the variable are not part of the normal MIT library. .PP .I des_set_odd_parity sets the parity of the passed .I key to odd. This routine is not part of the standard MIT library. .PP .I des_is_weak_key returns 1 is the passed key is a weak key (pick again :-), 0 if it is ok. This routine is not part of the standard MIT library. .PP .I crypt is a replacement for the normal system crypt. It is much faster than the system crypt. .PP .SH FILES /usr/include/des.h .br /usr/lib/libdes.a .PP The encryption routines have been tested on 16bit, 32bit and 64bit machines of various endian and even works under VMS. .PP .SH BUGS .PP If you think this manual is sparse, read the des_crypt(3) manual from the MIT kerberos (or bones outside of the USA) distribution. .PP .I des_cfb_encrypt and .I des_ofb_encrypt operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits taken from the 3rd input byte and the top 4 bits taken from the 4th input byte. The same holds for output. This function has been implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP .I des_read_pw_string is the most machine/OS dependent function and normally generates the most problems when porting this code. .PP .I des_string_to_key is probably different from the MIT version since there are lots of fun ways to implement one-way encryption of a text string. .PP The routines are optimised for 32 bit machines and so are not efficient on IBM PCs. .PP NOTE: extensive work has been done on this library since this document was origionally written. Please try to read des.doc from the libdes distribution since it is far more upto date and documents more of the functions. Libdes is now also being shipped as part of SSLeay, a general cryptographic library that amonst other things implements netscapes SSL protocoll. The most recent version can be found in SSLeay distributions. .SH AUTHOR Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au) cyrus-sasl-2.1.25/mac/libdes/src/speed.c0000777000076400007640000002115407403027650014711 00000000000000/* crypto/des/speed.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ #ifdef HAVE_CONFIG_H #include #endif #if !defined(MSDOS) && !defined(WIN32) #define TIMES #endif #include #ifdef HAVE_UNISTD_H #include #endif #include #ifdef HAVE_TIME_H #include #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_TIMES_H #include #endif #ifdef VMS #include struct tms { time_t tms_utime; time_t tms_stime; time_t tms_uchild; /* I dunno... */ time_t tms_uchildsys; /* so these names are a guess :-) */ } #endif #ifdef HAVE_SYS_TIMEB_H #include #endif #include #ifdef HAVE_SYS_PARAM_H #include #endif #include "des.h" /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ #ifndef CLK_TCK #ifndef VMS #define HZ 100.0 #else /* VMS */ #define HZ 100.0 #endif #else /* CLK_TCK */ #define HZ ((double)CLK_TCK) #endif #endif #define BUFSIZE ((long)1024) long run=0; #ifndef NOPROTO double Time_F(int s); #else double Time_F(); #endif #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) #define SIGRETTYPE void #else #define SIGRETTYPE int #endif #ifndef NOPROTO SIGRETTYPE sig_done(int sig); #else SIGRETTYPE sig_done(); #endif SIGRETTYPE sig_done(sig) int sig; { signal(SIGALRM,sig_done); run=0; #ifdef LINT sig=sig; #endif } #endif #define START 0 #define STOP 1 double Time_F(s) int s; { double ret; #ifdef TIMES static struct tms tstart,tend; if (s == START) { times(&tstart); return(0); } else { times(&tend); ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; return((ret == 0.0)?1e-6:ret); } #else /* !times() */ static struct timeb tstart,tend; long i; if (s == START) { ftime(&tstart); return(0); } else { ftime(&tend); i=(long)tend.millitm-(long)tstart.millitm; ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; return((ret == 0.0)?1e-6:ret); } #endif } int main(argc,argv) int argc; char **argv; { long count; static unsigned char buf[BUFSIZE]; static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; des_key_schedule sch,sch2,sch3; double a,b,c,d,e; #ifndef SIGALRM long ca,cb,cc,cd,ce; #endif #ifndef TIMES printf("To get the most acurate results, try to run this\n"); printf("program when this computer is idle.\n"); #endif des_set_key((C_Block *)key2,sch2); des_set_key((C_Block *)key3,sch3); #ifndef SIGALRM printf("First we calculate the approximate speed ...\n"); des_set_key((C_Block *)key,sch); count=10; do { long i; DES_LONG data[2]; count*=2; Time_F(START); for (i=count; i; i--) des_encrypt(data,&(sch[0]),DES_ENCRYPT); d=Time_F(STOP); } while (d < 3.0); ca=count; cb=count*3; cc=count*3*8/BUFSIZE+1; cd=count*8/BUFSIZE+1; ce=count/20+1; printf("Doing set_key %ld times\n",ca); #define COND(d) (count != (d)) #define COUNT(d) (d) #else #define COND(c) (run) #define COUNT(d) (count) signal(SIGALRM,sig_done); printf("Doing set_key for 10 seconds\n"); alarm(10); #endif Time_F(START); for (count=0,run=1; COND(ca); count++) des_set_key((C_Block *)key,sch); d=Time_F(STOP); printf("%ld set_key's in %.2f seconds\n",count,d); a=((double)COUNT(ca))/d; #ifdef SIGALRM printf("Doing des_encrypt's for 10 seconds\n"); alarm(10); #else printf("Doing des_encrypt %ld times\n",cb); #endif Time_F(START); for (count=0,run=1; COND(cb); count++) { DES_LONG data[2]; des_encrypt(data,&(sch[0]),DES_ENCRYPT); } d=Time_F(STOP); printf("%ld des_encrypt's in %.2f second\n",count,d); b=((double)COUNT(cb)*8)/d; #ifdef SIGALRM printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n", BUFSIZE); alarm(10); #else printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc, BUFSIZE); #endif Time_F(START); for (count=0,run=1; COND(cc); count++) des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]), (C_Block *)&(key[0]),DES_ENCRYPT); d=Time_F(STOP); printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n", count,BUFSIZE,d); c=((double)COUNT(cc)*BUFSIZE)/d; #ifdef SIGALRM printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n", BUFSIZE); alarm(10); #else printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd, BUFSIZE); #endif Time_F(START); for (count=0,run=1; COND(cd); count++) des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE, &(sch[0]), &(sch2[0]), &(sch3[0]), (C_Block *)&(key[0]), DES_ENCRYPT); d=Time_F(STOP); printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n", count,BUFSIZE,d); d=((double)COUNT(cd)*BUFSIZE)/d; #ifdef SIGALRM printf("Doing crypt for 10 seconds\n"); alarm(10); #else printf("Doing crypt %ld times\n",ce); #endif Time_F(START); for (count=0,run=1; COND(ce); count++) crypt("testing1","ef"); e=Time_F(STOP); printf("%ld crypts in %.2f second\n",count,e); e=((double)COUNT(ce))/e; printf("set_key per sec = %12.2f (%5.1fuS)\n",a,1.0e6/a); printf("DES raw ecb bytes per sec = %12.2f (%5.1fuS)\n",b,8.0e6/b); printf("DES cbc bytes per sec = %12.2f (%5.1fuS)\n",c,8.0e6/c); printf("DES ede cbc bytes per sec = %12.2f (%5.1fuS)\n",d,8.0e6/d); printf("crypt per sec = %12.2f (%5.1fuS)\n",e,1.0e6/e); exit(0); #if defined(LINT) || defined(MSDOS) return(0); #endif } cyrus-sasl-2.1.25/mac/libdes/src/rpc_enc.c0000777000076400007640000001034107403027647015224 00000000000000/* crypto/des/rpc_enc.c */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include "rpc_des.h" #include "des_locl.h" #include "des_ver.h" #ifndef NOPROTO int _des_crypt(char *buf,int len,struct desparams *desp); #else int _des_crypt(); #endif int _des_crypt(buf, len, desp) char *buf; int len; struct desparams *desp; { des_key_schedule ks; int enc; des_set_key((des_cblock *)desp->des_key,ks); enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT; if (desp->des_mode == CBC) des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf, (des_cblock *)desp->UDES.UDES_buf,ks,enc); else { des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf, (des_cblock *)desp->UDES.UDES_buf, (long)len,ks, (des_cblock *)desp->des_ivec,enc); #ifdef undef /* len will always be %8 if called from common_crypt * in secure_rpc. * Libdes's cbc encrypt does not copy back the iv, * so we have to do it here. */ /* It does now :-) eay 20/09/95 */ a=(char *)&(desp->UDES.UDES_buf[len-8]); b=(char *)&(desp->des_ivec[0]); *(a++)= *(b++); *(a++)= *(b++); *(a++)= *(b++); *(a++)= *(b++); *(a++)= *(b++); *(a++)= *(b++); *(a++)= *(b++); *(a++)= *(b++); #endif } return(1); } cyrus-sasl-2.1.25/mac/libdes/src/KERBEROS0000777000076400007640000000274507403027642014612 00000000000000 [ This is an old file, I don't know if it is true anymore but I will leave the file here - eay 21/11/95 ] To use this library with Bones (kerberos without DES): 1) Get my modified Bones - eBones. It can be found on gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z and nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z 2) Unpack this library in src/lib/des, makeing sure it is version 3.00 or greater (libdes.tar.93-10-07.Z). This versions differences from the version in comp.sources.misc volume 29 patchlevel2. The primarily difference is that it should compile under kerberos :-). It can be found at. ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z Now do a normal kerberos build and things should work. One problem I found when I was build on my local sun. --- For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c *** make_commands.c.orig Fri Jul 3 04:18:35 1987 --- make_commands.c Wed May 20 08:47:42 1992 *************** *** 98,104 **** if (!rename(o_file, z_file)) { if (!vfork()) { chdir("/tmp"); ! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n", z_file+5, 0); perror("/bin/ld"); _exit(1); --- 98,104 ---- if (!rename(o_file, z_file)) { if (!vfork()) { chdir("/tmp"); ! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", z_file+5, 0); perror("/bin/ld"); _exit(1); cyrus-sasl-2.1.25/mac/libdes/src/README0000777000076400007640000000431107403027643014323 00000000000000 libdes, Version 4.01 13-Jan-97 Copyright (c) 1997, Eric Young All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms specified in COPYRIGHT. -- The primary ftp site for this library is ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz libdes is now also shipped with SSLeay. Primary ftp site of ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz The best way to build this library is to build it as part of SSLeay. This kit builds a DES encryption library and a DES encryption program. It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, triple cfb, desx, and MIT's pcbc encryption modes and also has a fast implementation of crypt(3). It contains support routines to read keys from a terminal, generate a random key, generate a key from an arbitrary length string, read/write encrypted data from/to a file descriptor. The implementation was written so as to conform with the manual entry for the des_crypt(3) library routines from MIT's project Athena. destest should be run after compilation to test the des routines. rpw should be run after compilation to test the read password routines. The des program is a replacement for the sun des command. I believe it conforms to the sun version. The Imakefile is setup for use in the kerberos distribution. These routines are best compiled with gcc or any other good optimising compiler. Just turn you optimiser up to the highest settings and run destest after the build to make sure everything works. I believe these routines are close to the fastest and most portable DES routines that use small lookup tables (4.5k) that are publicly available. The fcrypt routine is faster than ufc's fcrypt (when compiling with gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines (on a sun3/260 168 vs 336). It is a function of CPU on chip cache size. [ 10-Jan-97 and a function of an incorrect speed testing program in ufc which gave much better test figures that reality ]. It is worth noting that on sparc and Alpha CPUs, performance of the DES library can vary by upto %10 due to the positioning of files after application linkage. Eric Young (eay@mincom.oz.au) cyrus-sasl-2.1.25/mac/libdes/src/spr.h0000777000076400007640000002346207403027650014426 00000000000000/* crypto/des/spr.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ const DES_LONG des_SPtrans[8][64]={ { /* nibble 0 */ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, },{ /* nibble 1 */ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, },{ /* nibble 2 */ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, },{ /* nibble 3 */ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, },{ /* nibble 4 */ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, },{ /* nibble 5 */ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, },{ /* nibble 6 */ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, },{ /* nibble 7 */ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }}; cyrus-sasl-2.1.25/mac/libdes/src/COPYRIGHT0000777000076400007640000000513007403027642014735 00000000000000Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) All rights reserved. This package is an DES implementation written by Eric Young (eay@mincom.oz.au). The implementation was written so as to conform with MIT's libdes. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution. Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of that the SSL library. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Eric Young (eay@mincom.oz.au) THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distrubution license [including the GNU Public License.] The reason behind this being stated in this direct manner is past experience in code simply being copied and the attribution removed from it and then being distributed as part of other packages. This implementation was a non-trivial and unpaid effort. cyrus-sasl-2.1.25/mac/libdes/src/VERSION0000777000076400007640000003501007403027643014513 00000000000000Version 4.01 14/01/97 Even faster inner loop in the DES assember for x86 and a modification for IP/FP which is faster on x86. Both of these changes are from Svend Olaf Mikkelsen . His changes make the assember run %40 faster on a pentium. This is just a case of getting the instruction sequence 'just right'. All credit to 'Svend' :-) Quite a few special x86 'make' targets. A libdes-l (lite) distribution. Version 4.00 After a bit of a pause, I'll up the major version number since this is mostly a performace release. I've added x86 assember and added more options for performance. A %28 speedup for gcc on a pentium and the assember is a %50 speedup. MIPS CPU's, sparc and Alpha are the main CPU's with speedups. Run des_opts to work out which options should be used. DES_RISC1/DES_RISC2 use alternative inner loops which use more registers but should give speedups on any CPU that does dual issue (pentium). DES_UNROLL unrolls the inner loop, which costs in code size. Version 3.26 I've finally removed one of the shifts in D_ENCRYPT. This meant I've changed the des_SPtrans table (spr.h), the set_key() function and some things in des_enc.c. This has definitly made things faster :-). I've known about this one for some time but I've been too lazy to follow it up :-). Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^.. instead of L^=((..)|(..)|(..).. This should save a register at least. Assember for x86. The file to replace is des_enc.c, which is replaced by one of the assember files found in asm. Look at des/asm/readme for more info. /* Modification to fcrypt so it can be compiled to support HPUX 10.x's long password format, define -DLONGCRYPT to use this. Thanks to Jens Kupferschmidt . */ SIGWINCH case put in des_read_passwd() so the function does not 'exit' if this function is recieved. Version 3.25 17/07/96 Modified read_pwd.c so that stdin can be read if not a tty. Thanks to Jeff Barber for the patches. des_init_random_number_generator() shortened due to VMS linker limits. Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 8 byte quantites xored before and after encryption. des_xcbc_encryption() - the name is funny to preserve the des_ prefix on all functions. Version 3.24 20/04/96 The DES_PTR macro option checked and used by SSLeay configuration Version 3.23 11/04/96 Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, it gives a %20 speedup :-) Fixed the problem with des.pl under perl5. The patches were sent by Ed Kubaitis (ejk@uiuc.edu). if fcrypt.c, changed values to handle illegal salt values the way normal crypt() implementations do. Some programs apparently use them :-(. The patch was sent by Bjorn Gronvall Version 3.22 29/11/95 Bug in des(1), an error with the uuencoding stuff when the 'data' is small, thanks to Geoff Keating for the patch. Version 3.21 22/11/95 After some emailing back and forth with Colin Plumb , I've tweaked a few things and in a future version I will probably put in some of the optimisation he suggested for use with the DES_USE_PTR option. Extra routines from Mark Murray for use in freeBSD. They mostly involve random number generation for use with kerberos. They involve evil machine specific system calls etc so I would normally suggest pushing this stuff into the application and/or using RAND_seed()/RAND_bytes() if you are using this DES library as part of SSLeay. Redone the read_pw() function so that it is cleaner and supports termios, thanks to Sameer Parekh for the initial patches for this. Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been done just to make things more consistent. I have also now added triple DES versions of cfb and ofb. Version 3.20 Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com, my des_random_seed() function was only copying 4 bytes of the passed seed into the init structure. It is now fixed to copy 8. My own suggestion is to used something like MD5 :-) Version 3.19 While looking at my code one day, I though, why do I keep on calling des_encrypt(in,out,ks,enc) when every function that calls it has in and out the same. So I dropped the 'out' parameter, people should not be using this function. Version 3.18 30/08/95 Fixed a few bit with the distribution and the filenames. 3.17 had been munged via a move to DOS and back again. NO CODE CHANGES Version 3.17 14/07/95 Fixed ede3 cbc which I had broken in 3.16. I have also removed some unneeded variables in 7-8 of the routines. Version 3.16 26/06/95 Added des_encrypt2() which does not use IP/FP, used by triple des routines. Tweaked things a bit elsewhere. %13 speedup on sparc and %6 on a R4400 for ede3 cbc mode. Version 3.15 06/06/95 Added des_ncbc_encrypt(), it is des_cbc mode except that it is 'normal' and copies the new iv value back over the top of the passed parameter. CHANGED des_ede3_cbc_encrypt() so that it too now overwrites the iv. THIS WILL BREAK EXISTING CODE, but since this function only new, I feel I can change it, not so with des_cbc_encrypt :-(. I need to update the documentation. Version 3.14 31/05/95 New release upon the world, as part of my SSL implementation. New copyright and usage stuff. Basically free for all to use as long as you say it came from me :-) Version 3.13 31/05/95 A fix in speed.c, if HZ is not defined, I set it to 100.0 which is reasonable for most unixes except SunOS 4.x. I now have a #ifdef sun but timing for SunOS 4.x looked very good :-(. At my last job where I used SunOS 4.x, it was defined to be 60.0 (look at the old INSTALL documentation), at the last release had it changed to 100.0 since I now work with Solaris2 and SVR4 boxes. Thanks to Rory Chisholm for pointing this one out. Version 3.12 08/05/95 As pointed out by The Crypt Keeper , my D_ENCRYPT macro in crypt() had an un-necessary variable. It has been removed. Version 3.11 03/05/95 Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys and one iv. It is a standard and I needed it for my SSL code. It makes more sense to use this for triple DES than 3cbc_encrypt(). I have also added (or should I say tested :-) cfb64_encrypt() which is cfb64 but it will encrypt a partial number of bytes - 3 bytes in 3 bytes out. Again this is for my SSL library, as a form of encryption to use with SSL telnet. Version 3.10 22/03/95 Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls to cbc3_encrypt, the 2 iv values that were being returned to be used in the next call were reversed :-(. Many thanks to Bill Wade for pointing out this error. Version 3.09 01/02/95 Fixed des_random_key to far more random, it was rather feeble with regards to picking the initial seed. The problem was pointed out by Olaf Kirch . Version 3.08 14/12/94 Added Makefile.PL so libdes can be built into perl5. Changed des_locl.h so RAND is always defined. Version 3.07 05/12/94 Added GNUmake and stuff so the library can be build with glibc. Version 3.06 30/08/94 Added rpc_enc.c which contains _des_crypt. This is for use in secure_rpc v 4.0 Finally fixed the cfb_enc problems. Fixed a few parameter parsing bugs in des (-3 and -b), thanks to Rob McMillan Version 3.05 21/04/94 for unsigned long l; gcc does not produce ((l>>34) == 0) This causes bugs in cfb_enc. Thanks to Hadmut Danisch Version 3.04 20/04/94 Added a version number to des.c and libdes.a Version 3.03 12/01/94 Fixed a bug in non zero iv in 3cbc_enc. Version 3.02 29/10/93 I now work in a place where there are 6+ architectures and 14+ OS versions :-). Fixed TERMIO definition so the most sys V boxes will work :-) Release upon comp.sources.misc Version 3.01 08/10/93 Added des_3cbc_encrypt() Version 3.00 07/10/93 Fixed up documentation. quad_cksum definitely compatible with MIT's now. Version 2.30 24/08/93 Triple DES now defaults to triple cbc but can do triple ecb with the -b flag. Fixed some MSDOS uuen/uudecoding problems, thanks to Added prototypes. Version 2.22 29/06/93 Fixed a bug in des_is_weak_key() which stopped it working :-( thanks to engineering@MorningStar.Com. Version 2.21 03/06/93 des(1) with no arguments gives quite a bit of help. Added -c (generate ckecksum) flag to des(1). Added -3 (triple DES) flag to des(1). Added cfb and ofb routines to the library. Version 2.20 11/03/93 Added -u (uuencode) flag to des(1). I have been playing with byte order in quad_cksum to make it compatible with MIT's version. All I can say is avid this function if possible since MIT's output is endian dependent. Version 2.12 14/10/92 Added MSDOS specific macro in ecb_encrypt which gives a %70 speed up when the code is compiled with turbo C. Version 2.11 12/10/92 Speedup in set_key (recoding of PC-1) I now do it in 47 simple operations, down from 60. Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) for motivating me to look for a faster system :-) The speedup is probably less that 1% but it is still 13 instructions less :-). Version 2.10 06/10/92 The code now works on the 64bit ETA10 and CRAY without modifications or #defines. I believe the code should work on any machine that defines long, int or short to be 8 bytes long. Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu) for helping me fix the code to run on 64bit machines (he had access to an ETA10). Thanks also to John Fletcher for testing the routines on a CRAY. read_password.c has been renamed to read_passwd.c string_to_key.c has been renamed to string2key.c Version 2.00 14/09/92 Made mods so that the library should work on 64bit CPU's. Removed all my uchar and ulong defs. To many different versions of unix define them in their header files in too many different combinations :-) IRIX - Sillicon Graphics mods (mostly in read_password.c). Thanks to Andrew Daviel (advax@erich.triumf.ca) Version 1.99 26/08/92 Fixed a bug or 2 in enc_read.c Fixed a bug in enc_write.c Fixed a pseudo bug in fcrypt.c (very obscure). Version 1.98 31/07/92 Support for the ETA10. This is a strange machine that defines longs and ints as 8 bytes and shorts as 4 bytes. Since I do evil things with long * that assume that they are 4 bytes. Look in the Makefile for the option to compile for this machine. quad_cksum appears to have problems but I will don't have the time to fix it right now, and this is not a function that uses DES and so will not effect the main uses of the library. Version 1.97 20/05/92 eay Fixed the Imakefile and made some changes to des.h to fix some problems when building this package with Kerberos v 4. Version 1.96 18/05/92 eay Fixed a small bug in string_to_key() where problems could occur if des_check_key was set to true and the string generated a weak key. Patch2 posted to comp.sources.misc Version 1.95 13/05/92 eay Added an alternative version of the D_ENCRYPT macro in ecb_encrypt and fcrypt. Depending on the compiler, one version or the other will be faster. This was inspired by Dana How , and her pointers about doing the *(ulong *)((uchar *)ptr+(value&0xfc)) vs ptr[value&0x3f] to stop the C compiler doing a <<2 to convert the long array index. Version 1.94 05/05/92 eay Fixed an incompatibility between my string_to_key and the MIT version. When the key is longer than 8 chars, I was wrapping with a different method. To use the old version, define OLD_STR_TO_KEY in the makefile. Thanks to viktor@newsu.shearson.com (Viktor Dukhovni). Version 1.93 28/04/92 eay Fixed the VMS mods so that echo is now turned off in read_password. Thanks again to brennan@coco.cchs.su.oz.AU. MSDOS support added. The routines can be compiled with Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. Patch1 posted to comp.sources.misc Version 1.92 13/04/92 eay Changed D_ENCRYPT so that the rotation of R occurs outside of the loop. This required rotating all the longs in sp.h (now called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM> speed.c has been changed so it will work without SIGALRM. If times(3) is not present it will try to use ftime() instead. Version 1.91 08/04/92 eay Added -E/-D options to des(1) so it can use string_to_key. Added SVR4 mods suggested by witr@rwwa.COM Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If anyone knows how to turn of tty echo in VMS please tell me or implement it yourself :-). Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS does not like IN/OUT being used. Libdes posted to comp.sources.misc Version 1.9 24/03/92 eay Now contains a fast small crypt replacement. Added des(1) command. Added des_rw_mode so people can use cbc encryption with enc_read and enc_write. Version 1.8 15/10/91 eay Bug in cbc_cksum. Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this one out. Version 1.7 24/09/91 eay Fixed set_key :-) set_key is 4 times faster and takes less space. There are a few minor changes that could be made. Version 1.6 19/09/1991 eay Finally go IP and FP finished. Now I need to fix set_key. This version is quite a bit faster that 1.51 Version 1.52 15/06/1991 eay 20% speedup in ecb_encrypt by changing the E bit selection to use 2 32bit words. This also required modification of the sp table. There is still a way to speedup the IP and IP-1 (hints from outer@sq.com) still working on this one :-(. Version 1.51 07/06/1991 eay Faster des_encrypt by loop unrolling Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu) Version 1.50 28/05/1991 eay Optimised the code a bit more for the sparc. I have improved the speed of the inner des_encrypt by speeding up the initial and final permutations. Version 1.40 23/10/1990 eay Fixed des_random_key, it did not produce a random key :-( Version 1.30 2/10/1990 eay Have made des_quad_cksum the same as MIT's, the full package should be compatible with MIT's Have tested on a DECstation 3100 Still need to fix des_set_key (make it faster). Does des_cbc_encrypts at 70.5k/sec on a 3100. Version 1.20 18/09/1990 eay Fixed byte order dependencies. Fixed (I hope) all the word alignment problems. Speedup in des_ecb_encrypt. Version 1.10 11/09/1990 eay Added des_enc_read and des_enc_write. Still need to fix des_quad_cksum. Still need to document des_enc_read and des_enc_write. Version 1.00 27/08/1990 eay cyrus-sasl-2.1.25/mac/libdes/src/dllmain.c0000777000076400007640000000425507403027645015240 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include RCSID("$Id: dllmain.c,v 1.2 2001/12/04 02:06:29 rjs3 Exp $"); #endif #include BOOL WINAPI DllMain (HANDLE hInst, ULONG reason, LPVOID lpReserved) { switch(reason) { case DLL_PROCESS_ATTACH: case DLL_PROCESS_DETACH: default: return TRUE; } } cyrus-sasl-2.1.25/mac/libdes/src/Makefile.in0000777000076400007640000000755011326340506015513 00000000000000# # $Id: Makefile.in,v 1.2 2001/12/04 02:06:26 rjs3 Exp $ # SHELL = /bin/sh srcdir = @srcdir@ VPATH = @srcdir@ CC = @CC@ LINK = @LINK@ AR = ar RANLIB = @RANLIB@ LN_S = @LN_S@ DEFS = @DEFS@ CFLAGS = @CFLAGS@ LD_FLAGS = @LD_FLAGS@ LDSHARED = @LDSHARED@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ libdir = @libdir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ PICFLAGS = @PICFLAGS@ LIB_DEPS = @lib_deps_yes@ -lc build_symlink_command = @build_symlink_command@ install_symlink_command = @install_symlink_command@ PROGS = destest$(EXECSUFFIX) \ mdtest$(EXECSUFFIX) \ des$(EXECSUFFIX) \ rpw$(EXECSUFFIX) \ speed$(EXECSUFFIX) PROGS2INSTALL = des$(EXECSUFFIX) LIBNAME = $(LIBPREFIX)des LIBEXT = @LIBEXT@ LIBPREFIX = @LIBPREFIX@ SHLIBEXT = @SHLIBEXT@ LIB = $(LIBNAME).$(LIBEXT) # Generated with lorder *.o | tsort | xargs echo LIBSRC = xcbc_enc.c sha.c rnd_keys.c read_pwd.c qud_cksm.c pcbc_enc.c \ ofb_enc.c ofb64enc.c ofb64ede.c ncbc_enc.c md4.c key_par.c fcrypt.c \ ede_enc.c ecb3_enc.c cfb_enc.c cfb64enc.c cfb64ede.c cbc3_enc.c \ str2key.c set_key.c md5.c cbc_enc.c cbc_cksm.c ecb_enc.c des_enc.c LIBOBJ = xcbc_enc.o sha.o rnd_keys.o read_pwd.o qud_cksm.o pcbc_enc.o \ ofb_enc.o ofb64enc.o ofb64ede.o ncbc_enc.o md4.o key_par.o fcrypt.o \ ede_enc.o ecb3_enc.o cfb_enc.o cfb64enc.o cfb64ede.o cbc3_enc.o \ str2key.o set_key.o md5.o cbc_enc.o cbc_cksm.o ecb_enc.o des_enc.o all: $(LIB) $(PROGS) Wall: make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" COM = $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(PICFLAGS) .c.o: $(COM) $(CFLAGS) $< # Compile this file without debug if using gcc des_enc.o: des_enc.c @if test "$(CC)" = gcc; then\ echo "$(COM) -fomit-frame-pointer -O3 $(srcdir)/des_enc.c"; \ $(COM) -fomit-frame-pointer -O3 $(srcdir)/des_enc.c; \ else \ echo "$(COM) $(CFLAGS) $(srcdir)/des_enc.c"; \ $(COM) $(CFLAGS) $(srcdir)/des_enc.c; \ fi install: all $(MKINSTALLDIRS) $(DESTDIR)$(libdir) $(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) @install_symlink_command@ $(MKINSTALLDIRS) $(DESTDIR)$(bindir) for x in $(PROGS2INSTALL); do \ $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done uninstall: rm -f $(DESTDIR)$(libdir)/$(LIB) for x in $(PROGS2INSTALL); do \ rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ done TAGS: $(LIBSRC) etags $(LIBSRC) check: destest$(EXECSUFFIX) mdtest$(EXECSUFFIX) ./destest$(EXECSUFFIX) ./mdtest$(EXECSUFFIX) clean: rm -f $(LIB) *.so *.so.* so_locations *.o *.a $(PROGS) mostlyclean: clean distclean: clean rm -f Makefile *.tab.c *~ realclean: distclean rm -f TAGS $(LIBNAME).a: $(LIBOBJ) rm -f $@ $(AR) cr $@ $(LIBOBJ) -$(RANLIB) $@ $(LIBNAME).$(SHLIBEXT): $(LIBOBJ) rm -f $@ $(LDSHARED) -o $@ $(LIBOBJ) $(LIB_DEPS) @build_symlink_command@ # To make psoriaris make happy we have to mention these files in some # rule, so we might as well put them here. mdtest.o: mdtest.c des_opts.o: des_opts.c destest.o: destest.c des.o: des.c rpw.o: rpw.c speed.o: speed.c mdtest$(EXECSUFFIX): mdtest.o $(LIB) $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ mdtest.o -L. -ldes des_opts$(EXECSUFFIX): des_opts.o set_key.o $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ des_opts.o set_key.o destest$(EXECSUFFIX): destest.o $(LIB) $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ destest.o -L. -ldes des$(EXECSUFFIX): des.o $(LIB) $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ des.o -L. -ldes rpw$(EXECSUFFIX): rpw.o $(LIB) $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ rpw.o -L. -ldes speed$(EXECSUFFIX): speed.o $(LIB) $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ speed.o -L. -ldes $(LIBOBJ): ../../include/config.h .PHONY: all Wall install uninstall check clean mostlyclean distclean realclean cyrus-sasl-2.1.25/mac/libdes/src/des_locl.org0000777000076400007640000003651107403027644015750 00000000000000/* crypto/des/des_locl.h */ /* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@mincom.oz.au). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@mincom.oz.au). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@mincom.oz.au)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * Always modify des_locl.org since des_locl.h is automatically generated from * it during SSLeay configuration. * * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING */ #ifndef HEADER_DES_LOCL_H #define HEADER_DES_LOCL_H #if defined(WIN32) || defined(WIN16) #ifndef MSDOS #define MSDOS #endif #endif #include #include #ifndef MSDOS #include #endif #include "des.h" #ifndef DES_DEFAULT_OPTIONS /* the following is tweaked from a config script, that is why it is a * protected undef/define */ #ifndef DES_PTR #undef DES_PTR #endif /* This helps C compiler generate the correct code for multiple functional * units. It reduces register dependancies at the expense of 2 more * registers */ #ifndef DES_RISC1 #undef DES_RISC1 #endif #ifndef DES_RISC2 #undef DES_RISC2 #endif #if defined(DES_RISC1) && defined(DES_RISC2) YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL #undef DES_UNROLL #endif /* These default values were supplied by * Peter Gutman * They are only used if nothing else has been defined */ #if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) /* Special defines which change the way the code is built depending on the CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find even newer MIPS CPU's, but at the moment one size fits all for optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ #if defined( sun ) /* Newer Sparc's */ #define DES_PTR #define DES_RISC1 #define DES_UNROLL #elif defined( __ultrix ) /* Older MIPS */ #define DES_PTR #define DES_RISC2 #define DES_UNROLL #elif defined( __osf1__ ) /* Alpha */ #define DES_PTR #define DES_RISC2 #elif defined ( _AIX ) /* RS6000 */ /* Unknown */ #elif defined( __hpux ) /* HP-PA */ /* Unknown */ #elif defined( __aux ) /* 68K */ /* Unknown */ #elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ #define DES_UNROLL #elif defined( __sgi ) /* Newer MIPS */ #define DES_PTR #define DES_RISC2 #define DES_UNROLL #elif defined( i386 ) /* x86 boxes, should be gcc */ #define DES_PTR #define DES_RISC1 #define DES_UNROLL #endif /* Systems-specific speed defines */ #endif #endif /* DES_DEFAULT_OPTIONS */ #ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */ #include #include #include #include #ifndef RAND #define RAND #endif #undef NOPROTO #endif #if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS) #include #endif #ifndef RAND #define RAND #endif #ifdef linux #undef RAND #endif #ifdef MSDOS #define getpid() 2 #define RAND #undef NOPROTO #endif #if defined(NOCONST) #define const #endif #ifdef __STDC__ #undef NOPROTO #endif #ifdef RAND #define srandom(s) srand(s) #define random rand #endif #define ITERATIONS 16 #define HALF_ITERATIONS 8 /* used in des_read and des_write */ #define MAXWRITE (1024*16) #define BSIZE (MAXWRITE+4) #define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ l|=((DES_LONG)(*((c)++)))<< 8L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ l|=((DES_LONG)(*((c)++)))<<24L) /* NOTE - c is not incremented as per c2l */ #define c2ln(c,l1,l2,n) { \ c+=n; \ l1=l2=0; \ switch (n) { \ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ case 5: l2|=((DES_LONG)(*(--(c)))); \ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ case 1: l1|=((DES_LONG)(*(--(c)))); \ } \ } #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) /* replacements for htonl and ntohl since I have no idea what to do * when faced with machines with 8 byte longs. */ #define HDRSIZE 4 #define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ l|=((DES_LONG)(*((c)++)))<<16L, \ l|=((DES_LONG)(*((c)++)))<< 8L, \ l|=((DES_LONG)(*((c)++)))) #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) /* NOTE - c is not incremented as per l2c */ #define l2cn(l1,l2,c,n) { \ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ } \ } #if defined(WIN32) #define ROTATE(a,n) (_lrotr(a,n)) #else #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) #endif /* Don't worry about the LOAD_DATA() stuff, that is used by * fcrypt() to add it's little bit to the front */ #ifdef DES_FCRYPT #define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ t=R^(R>>16L); \ u=t&E0; t&=E1; \ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ tmp=(t<<16); t^=R^s[S+1]; t^=tmp #else #define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) #define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ u=R^s[S ]; \ t=R^s[S+1] #endif /* The changes to this macro may help or hinder, depending on the * compiler and the achitecture. gcc2 always seems to do well :-). * Inspired by Dana How * DO NOT use the alternative version on machines with 8 byte longs. * It does not seem to work on the Alpha, even when DES_LONG is 4 * bytes, probably an issue of accessing non-word aligned objects :-( */ #ifdef DES_PTR /* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there * is no reason to not xor all the sub items together. This potentially * saves a register since things can be xored directly into L */ #if defined(DES_RISC1) || defined(DES_RISC2) #ifdef DES_RISC1 #define D_ENCRYPT(LL,R,S) { \ unsigned int u1,u2,u3; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u2=(int)u>>8L; \ u1=(int)u&0xfc; \ u2&=0xfc; \ t=ROTATE(t,4); \ u>>=16L; \ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ u3=(int)(u>>8L); \ u1=(int)u&0xfc; \ u3&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \ u2=(int)t>>8L; \ u1=(int)t&0xfc; \ u2&=0xfc; \ t>>=16L; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ u3=(int)t>>8L; \ u1=(int)t&0xfc; \ u3&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); } #endif #ifdef DES_RISC2 #define D_ENCRYPT(LL,R,S) { \ unsigned int u1,u2,s1,s2; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u2=(int)u>>8L; \ u1=(int)u&0xfc; \ u2&=0xfc; \ t=ROTATE(t,4); \ LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ s1=(int)(u>>16L); \ s2=(int)(u>>24L); \ s1&=0xfc; \ s2&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \ u2=(int)t>>8L; \ u1=(int)t&0xfc; \ u2&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ s1=(int)(t>>16L); \ s2=(int)(t>>24L); \ s1&=0xfc; \ s2&=0xfc; \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \ LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); } #endif #else #define D_ENCRYPT(LL,R,S) { \ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ t=ROTATE(t,4); \ LL^= \ *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \ *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); } #endif #else /* original version */ #if defined(DES_RISC1) || defined(DES_RISC2) #ifdef DES_RISC1 #define D_ENCRYPT(LL,R,S) {\ unsigned int u1,u2,u3; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u>>=2L; \ t=ROTATE(t,6); \ u2=(int)u>>8L; \ u1=(int)u&0x3f; \ u2&=0x3f; \ u>>=16L; \ LL^=des_SPtrans[0][u1]; \ LL^=des_SPtrans[2][u2]; \ u3=(int)u>>8L; \ u1=(int)u&0x3f; \ u3&=0x3f; \ LL^=des_SPtrans[4][u1]; \ LL^=des_SPtrans[6][u3]; \ u2=(int)t>>8L; \ u1=(int)t&0x3f; \ u2&=0x3f; \ t>>=16L; \ LL^=des_SPtrans[1][u1]; \ LL^=des_SPtrans[3][u2]; \ u3=(int)t>>8L; \ u1=(int)t&0x3f; \ u3&=0x3f; \ LL^=des_SPtrans[5][u1]; \ LL^=des_SPtrans[7][u3]; } #endif #ifdef DES_RISC2 #define D_ENCRYPT(LL,R,S) {\ unsigned int u1,u2,s1,s2; \ LOAD_DATA(R,S,u,t,E0,E1,u1); \ u>>=2L; \ t=ROTATE(t,6); \ u2=(int)u>>8L; \ u1=(int)u&0x3f; \ u2&=0x3f; \ LL^=des_SPtrans[0][u1]; \ LL^=des_SPtrans[2][u2]; \ s1=(int)u>>16L; \ s2=(int)u>>24L; \ s1&=0x3f; \ s2&=0x3f; \ LL^=des_SPtrans[4][s1]; \ LL^=des_SPtrans[6][s2]; \ u2=(int)t>>8L; \ u1=(int)t&0x3f; \ u2&=0x3f; \ LL^=des_SPtrans[1][u1]; \ LL^=des_SPtrans[3][u2]; \ s1=(int)t>>16; \ s2=(int)t>>24L; \ s1&=0x3f; \ s2&=0x3f; \ LL^=des_SPtrans[5][s1]; \ LL^=des_SPtrans[7][s2]; } #endif #else #define D_ENCRYPT(LL,R,S) {\ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ t=ROTATE(t,4); \ LL^=\ des_SPtrans[0][(u>> 2L)&0x3f]^ \ des_SPtrans[2][(u>>10L)&0x3f]^ \ des_SPtrans[4][(u>>18L)&0x3f]^ \ des_SPtrans[6][(u>>26L)&0x3f]^ \ des_SPtrans[1][(t>> 2L)&0x3f]^ \ des_SPtrans[3][(t>>10L)&0x3f]^ \ des_SPtrans[5][(t>>18L)&0x3f]^ \ des_SPtrans[7][(t>>26L)&0x3f]; } #endif #endif /* IP and FP * The problem is more of a geometric problem that random bit fiddling. 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 The output has been subject to swaps of the form 0 1 -> 3 1 but the odd and even bits have been put into 2 3 2 0 different words. The main trick is to remember that t=((l>>size)^r)&(mask); r^=t; l^=(t<>(n))^(b))&(m)),\ (b)^=(t),\ (a)^=((t)<<(n))) #define IP(l,r) \ { \ register DES_LONG tt; \ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ PERM_OP(l,r,tt,16,0x0000ffffL); \ PERM_OP(r,l,tt, 2,0x33333333L); \ PERM_OP(l,r,tt, 8,0x00ff00ffL); \ PERM_OP(r,l,tt, 1,0x55555555L); \ } #define FP(l,r) \ { \ register DES_LONG tt; \ PERM_OP(l,r,tt, 1,0x55555555L); \ PERM_OP(r,l,tt, 8,0x00ff00ffL); \ PERM_OP(l,r,tt, 2,0x33333333L); \ PERM_OP(r,l,tt,16,0x0000ffffL); \ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } extern const DES_LONG des_SPtrans[8][64]; #endif cyrus-sasl-2.1.25/mac/libdes/src/key_par.c0000777000076400007640000000417507403027645015253 00000000000000/* * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hšgskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Kungliga Tekniska * Hšgskolan and its contributors. * * 4. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "des_locl.h" /* MIT Link and source compatibility */ #ifdef des_fixup_key_parity #undef des_fixup_key_parity #endif /* des_fixup_key_parity */ void des_fixup_key_parity(des_cblock *key); void des_fixup_key_parity(des_cblock *key) { des_set_odd_parity(key); } cyrus-sasl-2.1.25/mac/libdes/src/des.mak0000777000076400007640000003352307403027644014720 00000000000000# Microsoft Developer Studio Generated NMAKE File, Based on des.dsp !IF "$(CFG)" == "" CFG=des - Win32 Release !MESSAGE No configuration specified. Defaulting to des - Win32 Release. !ENDIF !IF "$(CFG)" != "des - Win32 Release" && "$(CFG)" != "des - Win32 Debug" !MESSAGE Invalid configuration "$(CFG)" specified. !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE !MESSAGE NMAKE /f "des.mak" CFG="des - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE !MESSAGE "des - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE "des - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE !ERROR An invalid configuration is specified. !ENDIF !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF !IF "$(CFG)" == "des - Win32 Release" OUTDIR=.\Release INTDIR=.\Release # Begin Custom Macros OutDir=.\.\Release # End Custom Macros !IF "$(RECURSE)" == "0" ALL : "$(OUTDIR)\des.dll" !ELSE ALL : "roken - Win32 Release" "$(OUTDIR)\des.dll" !ENDIF !IF "$(RECURSE)" == "1" CLEAN :"roken - Win32 ReleaseCLEAN" !ELSE CLEAN : !ENDIF -@erase "$(INTDIR)\cbc3_enc.obj" -@erase "$(INTDIR)\cbc_cksm.obj" -@erase "$(INTDIR)\cbc_enc.obj" -@erase "$(INTDIR)\cfb64ede.obj" -@erase "$(INTDIR)\cfb64enc.obj" -@erase "$(INTDIR)\cfb_enc.obj" -@erase "$(INTDIR)\des_enc.obj" -@erase "$(INTDIR)\dllmain.obj" -@erase "$(INTDIR)\ecb3_enc.obj" -@erase "$(INTDIR)\ecb_enc.obj" -@erase "$(INTDIR)\ede_enc.obj" -@erase "$(INTDIR)\enc_read.obj" -@erase "$(INTDIR)\enc_writ.obj" -@erase "$(INTDIR)\fcrypt.obj" -@erase "$(INTDIR)\key_par.obj" -@erase "$(INTDIR)\ncbc_enc.obj" -@erase "$(INTDIR)\ofb64ede.obj" -@erase "$(INTDIR)\ofb64enc.obj" -@erase "$(INTDIR)\ofb_enc.obj" -@erase "$(INTDIR)\passwd_dialog.res" -@erase "$(INTDIR)\passwd_dlg.obj" -@erase "$(INTDIR)\pcbc_enc.obj" -@erase "$(INTDIR)\qud_cksm.obj" -@erase "$(INTDIR)\read_pwd.obj" -@erase "$(INTDIR)\rnd_keys.obj" -@erase "$(INTDIR)\rpc_enc.obj" -@erase "$(INTDIR)\set_key.obj" -@erase "$(INTDIR)\str2key.obj" -@erase "$(INTDIR)\supp.obj" -@erase "$(INTDIR)\vc50.idb" -@erase "$(OUTDIR)\des.dll" -@erase "$(OUTDIR)\des.exp" -@erase "$(OUTDIR)\des.lib" "$(OUTDIR)" : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" CPP=cl.exe CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\roken" /I "." /I "..\..\include" /I\ "..\..\include\win32" /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "HAVE_CONFIG_H"\ /Fp"$(INTDIR)\des.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c CPP_OBJS=.\Release/ CPP_SBRS=. .c{$(CPP_OBJS)}.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cpp{$(CPP_OBJS)}.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cxx{$(CPP_OBJS)}.obj:: $(CPP) @<< $(CPP_PROJ) $< << .c{$(CPP_SBRS)}.sbr:: $(CPP) @<< $(CPP_PROJ) $< << .cpp{$(CPP_SBRS)}.sbr:: $(CPP) @<< $(CPP_PROJ) $< << .cxx{$(CPP_SBRS)}.sbr:: $(CPP) @<< $(CPP_PROJ) $< << MTL=midl.exe MTL_PROJ=/nologo /D "NDEBUG" /mktyplib203 /win32 RSC=rc.exe RSC_PROJ=/l 0x409 /fo"$(INTDIR)\passwd_dialog.res" /d "NDEBUG" BSC32=bscmake.exe BSC32_FLAGS=/nologo /o"$(OUTDIR)\des.bsc" BSC32_SBRS= \ LINK32=link.exe LINK32_FLAGS=..\roken\Release\roken.lib kernel32.lib user32.lib gdi32.lib\ winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib\ uuid.lib /nologo /subsystem:windows /dll /incremental:no\ /pdb:"$(OUTDIR)\des.pdb" /machine:I386 /def:".\des.def"\ /out:"$(OUTDIR)\des.dll" /implib:"$(OUTDIR)\des.lib" DEF_FILE= \ ".\des.def" LINK32_OBJS= \ "$(INTDIR)\cbc3_enc.obj" \ "$(INTDIR)\cbc_cksm.obj" \ "$(INTDIR)\cbc_enc.obj" \ "$(INTDIR)\cfb64ede.obj" \ "$(INTDIR)\cfb64enc.obj" \ "$(INTDIR)\cfb_enc.obj" \ "$(INTDIR)\des_enc.obj" \ "$(INTDIR)\dllmain.obj" \ "$(INTDIR)\ecb3_enc.obj" \ "$(INTDIR)\ecb_enc.obj" \ "$(INTDIR)\ede_enc.obj" \ "$(INTDIR)\enc_read.obj" \ "$(INTDIR)\enc_writ.obj" \ "$(INTDIR)\fcrypt.obj" \ "$(INTDIR)\key_par.obj" \ "$(INTDIR)\ncbc_enc.obj" \ "$(INTDIR)\ofb64ede.obj" \ "$(INTDIR)\ofb64enc.obj" \ "$(INTDIR)\ofb_enc.obj" \ "$(INTDIR)\passwd_dialog.res" \ "$(INTDIR)\passwd_dlg.obj" \ "$(INTDIR)\pcbc_enc.obj" \ "$(INTDIR)\qud_cksm.obj" \ "$(INTDIR)\read_pwd.obj" \ "$(INTDIR)\rnd_keys.obj" \ "$(INTDIR)\rpc_enc.obj" \ "$(INTDIR)\set_key.obj" \ "$(INTDIR)\str2key.obj" \ "$(INTDIR)\supp.obj" \ "..\roken\Release\roken.lib" "$(OUTDIR)\des.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) $(LINK32) @<< $(LINK32_FLAGS) $(LINK32_OBJS) << !ELSEIF "$(CFG)" == "des - Win32 Debug" OUTDIR=.\Debug INTDIR=.\Debug # Begin Custom Macros OutDir=.\.\Debug # End Custom Macros !IF "$(RECURSE)" == "0" ALL : "$(OUTDIR)\des.dll" !ELSE ALL : "roken - Win32 Debug" "$(OUTDIR)\des.dll" !ENDIF !IF "$(RECURSE)" == "1" CLEAN :"roken - Win32 DebugCLEAN" !ELSE CLEAN : !ENDIF -@erase "$(INTDIR)\cbc3_enc.obj" -@erase "$(INTDIR)\cbc_cksm.obj" -@erase "$(INTDIR)\cbc_enc.obj" -@erase "$(INTDIR)\cfb64ede.obj" -@erase "$(INTDIR)\cfb64enc.obj" -@erase "$(INTDIR)\cfb_enc.obj" -@erase "$(INTDIR)\des_enc.obj" -@erase "$(INTDIR)\dllmain.obj" -@erase "$(INTDIR)\ecb3_enc.obj" -@erase "$(INTDIR)\ecb_enc.obj" -@erase "$(INTDIR)\ede_enc.obj" -@erase "$(INTDIR)\enc_read.obj" -@erase "$(INTDIR)\enc_writ.obj" -@erase "$(INTDIR)\fcrypt.obj" -@erase "$(INTDIR)\key_par.obj" -@erase "$(INTDIR)\ncbc_enc.obj" -@erase "$(INTDIR)\ofb64ede.obj" -@erase "$(INTDIR)\ofb64enc.obj" -@erase "$(INTDIR)\ofb_enc.obj" -@erase "$(INTDIR)\passwd_dialog.res" -@erase "$(INTDIR)\passwd_dlg.obj" -@erase "$(INTDIR)\pcbc_enc.obj" -@erase "$(INTDIR)\qud_cksm.obj" -@erase "$(INTDIR)\read_pwd.obj" -@erase "$(INTDIR)\rnd_keys.obj" -@erase "$(INTDIR)\rpc_enc.obj" -@erase "$(INTDIR)\set_key.obj" -@erase "$(INTDIR)\str2key.obj" -@erase "$(INTDIR)\supp.obj" -@erase "$(INTDIR)\vc50.idb" -@erase "$(INTDIR)\vc50.pdb" -@erase "$(OUTDIR)\des.dll" -@erase "$(OUTDIR)\des.exp" -@erase "$(OUTDIR)\des.ilk" -@erase "$(OUTDIR)\des.lib" -@erase "$(OUTDIR)\des.pdb" "$(OUTDIR)" : if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" CPP=cl.exe CPP_PROJ=/nologo /MDd /W3 /Gm /GX /Zi /Od /I "..\roken" /I "." /I\ "..\..\include" /I "..\..\include\win32" /D "WIN32" /D "_DEBUG" /D "_WINDOWS"\ /D "HAVE_CONFIG_H" /Fp"$(INTDIR)\des.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\"\ /FD /c CPP_OBJS=.\Debug/ CPP_SBRS=. .c{$(CPP_OBJS)}.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cpp{$(CPP_OBJS)}.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cxx{$(CPP_OBJS)}.obj:: $(CPP) @<< $(CPP_PROJ) $< << .c{$(CPP_SBRS)}.sbr:: $(CPP) @<< $(CPP_PROJ) $< << .cpp{$(CPP_SBRS)}.sbr:: $(CPP) @<< $(CPP_PROJ) $< << .cxx{$(CPP_SBRS)}.sbr:: $(CPP) @<< $(CPP_PROJ) $< << MTL=midl.exe MTL_PROJ=/nologo /D "_DEBUG" /mktyplib203 /win32 RSC=rc.exe RSC_PROJ=/l 0x409 /fo"$(INTDIR)\passwd_dialog.res" /d "_DEBUG" BSC32=bscmake.exe BSC32_FLAGS=/nologo /o"$(OUTDIR)\des.bsc" BSC32_SBRS= \ LINK32=link.exe LINK32_FLAGS=..\roken\Debug\roken.lib kernel32.lib user32.lib gdi32.lib\ winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib\ uuid.lib /nologo /subsystem:windows /dll /incremental:yes\ /pdb:"$(OUTDIR)\des.pdb" /debug /machine:I386 /def:".\des.def"\ /out:"$(OUTDIR)\des.dll" /implib:"$(OUTDIR)\des.lib" DEF_FILE= \ ".\des.def" LINK32_OBJS= \ "$(INTDIR)\cbc3_enc.obj" \ "$(INTDIR)\cbc_cksm.obj" \ "$(INTDIR)\cbc_enc.obj" \ "$(INTDIR)\cfb64ede.obj" \ "$(INTDIR)\cfb64enc.obj" \ "$(INTDIR)\cfb_enc.obj" \ "$(INTDIR)\des_enc.obj" \ "$(INTDIR)\dllmain.obj" \ "$(INTDIR)\ecb3_enc.obj" \ "$(INTDIR)\ecb_enc.obj" \ "$(INTDIR)\ede_enc.obj" \ "$(INTDIR)\enc_read.obj" \ "$(INTDIR)\enc_writ.obj" \ "$(INTDIR)\fcrypt.obj" \ "$(INTDIR)\key_par.obj" \ "$(INTDIR)\ncbc_enc.obj" \ "$(INTDIR)\ofb64ede.obj" \ "$(INTDIR)\ofb64enc.obj" \ "$(INTDIR)\ofb_enc.obj" \ "$(INTDIR)\passwd_dialog.res" \ "$(INTDIR)\passwd_dlg.obj" \ "$(INTDIR)\pcbc_enc.obj" \ "$(INTDIR)\qud_cksm.obj" \ "$(INTDIR)\read_pwd.obj" \ "$(INTDIR)\rnd_keys.obj" \ "$(INTDIR)\rpc_enc.obj" \ "$(INTDIR)\set_key.obj" \ "$(INTDIR)\str2key.obj" \ "$(INTDIR)\supp.obj" \ "..\roken\Debug\roken.lib" "$(OUTDIR)\des.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) $(LINK32) @<< $(LINK32_FLAGS) $(LINK32_OBJS) << !ENDIF !IF "$(CFG)" == "des - Win32 Release" || "$(CFG)" == "des - Win32 Debug" SOURCE=.\cbc3_enc.c DEP_CPP_CBC3_=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\cbc3_enc.obj" : $(SOURCE) $(DEP_CPP_CBC3_) "$(INTDIR)" SOURCE=.\cbc_cksm.c DEP_CPP_CBC_C=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\cbc_cksm.obj" : $(SOURCE) $(DEP_CPP_CBC_C) "$(INTDIR)" SOURCE=.\cbc_enc.c DEP_CPP_CBC_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\cbc_enc.obj" : $(SOURCE) $(DEP_CPP_CBC_E) "$(INTDIR)" SOURCE=.\cfb64ede.c DEP_CPP_CFB64=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\cfb64ede.obj" : $(SOURCE) $(DEP_CPP_CFB64) "$(INTDIR)" SOURCE=.\cfb64enc.c DEP_CPP_CFB64E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\cfb64enc.obj" : $(SOURCE) $(DEP_CPP_CFB64E) "$(INTDIR)" SOURCE=.\cfb_enc.c DEP_CPP_CFB_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\cfb_enc.obj" : $(SOURCE) $(DEP_CPP_CFB_E) "$(INTDIR)" SOURCE=.\des_enc.c DEP_CPP_DES_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\des_enc.obj" : $(SOURCE) $(DEP_CPP_DES_E) "$(INTDIR)" SOURCE=.\dllmain.c DEP_CPP_DLLMA=\ "..\..\include\win32\config.h"\ "$(INTDIR)\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" SOURCE=.\ecb3_enc.c DEP_CPP_ECB3_=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\ecb3_enc.obj" : $(SOURCE) $(DEP_CPP_ECB3_) "$(INTDIR)" SOURCE=.\ecb_enc.c DEP_CPP_ECB_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ ".\spr.h"\ "$(INTDIR)\ecb_enc.obj" : $(SOURCE) $(DEP_CPP_ECB_E) "$(INTDIR)" SOURCE=.\ede_enc.c DEP_CPP_EDE_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\ede_enc.obj" : $(SOURCE) $(DEP_CPP_EDE_E) "$(INTDIR)" SOURCE=.\enc_read.c DEP_CPP_ENC_R=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\enc_read.obj" : $(SOURCE) $(DEP_CPP_ENC_R) "$(INTDIR)" SOURCE=.\enc_writ.c DEP_CPP_ENC_W=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\enc_writ.obj" : $(SOURCE) $(DEP_CPP_ENC_W) "$(INTDIR)" SOURCE=.\fcrypt.c DEP_CPP_FCRYP=\ "..\..\include\win32\config.h"\ "..\..\include\win32\ktypes.h"\ ".\des.h"\ ".\des_locl.h"\ ".\md5.h"\ {$(INCLUDE)}"sys\types.h"\ "$(INTDIR)\fcrypt.obj" : $(SOURCE) $(DEP_CPP_FCRYP) "$(INTDIR)" SOURCE=.\key_par.c DEP_CPP_KEY_P=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\key_par.obj" : $(SOURCE) $(DEP_CPP_KEY_P) "$(INTDIR)" SOURCE=.\ncbc_enc.c DEP_CPP_NCBC_=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\ncbc_enc.obj" : $(SOURCE) $(DEP_CPP_NCBC_) "$(INTDIR)" SOURCE=.\ofb64ede.c DEP_CPP_OFB64=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\ofb64ede.obj" : $(SOURCE) $(DEP_CPP_OFB64) "$(INTDIR)" SOURCE=.\ofb64enc.c DEP_CPP_OFB64E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\ofb64enc.obj" : $(SOURCE) $(DEP_CPP_OFB64E) "$(INTDIR)" SOURCE=.\ofb_enc.c DEP_CPP_OFB_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\ofb_enc.obj" : $(SOURCE) $(DEP_CPP_OFB_E) "$(INTDIR)" SOURCE=.\passwd_dlg.c DEP_CPP_PASSW=\ "..\..\include\win32\config.h"\ ".\passwd_dlg.h"\ "$(INTDIR)\passwd_dlg.obj" : $(SOURCE) $(DEP_CPP_PASSW) "$(INTDIR)" SOURCE=.\pcbc_enc.c DEP_CPP_PCBC_=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\pcbc_enc.obj" : $(SOURCE) $(DEP_CPP_PCBC_) "$(INTDIR)" SOURCE=.\qud_cksm.c DEP_CPP_QUD_C=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\qud_cksm.obj" : $(SOURCE) $(DEP_CPP_QUD_C) "$(INTDIR)" SOURCE=.\read_pwd.c DEP_CPP_READ_=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\read_pwd.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" SOURCE=.\rnd_keys.c DEP_CPP_RND_K=\ "..\..\include\win32\config.h"\ "..\..\include\win32\ktypes.h"\ ".\des.h"\ ".\des_locl.h"\ {$(INCLUDE)}"sys\types.h"\ "$(INTDIR)\rnd_keys.obj" : $(SOURCE) $(DEP_CPP_RND_K) "$(INTDIR)" SOURCE=.\rpc_enc.c DEP_CPP_RPC_E=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ ".\des_ver.h"\ ".\rpc_des.h"\ "$(INTDIR)\rpc_enc.obj" : $(SOURCE) $(DEP_CPP_RPC_E) "$(INTDIR)" SOURCE=.\set_key.c DEP_CPP_SET_K=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ ".\podd.h"\ ".\sk.h"\ "$(INTDIR)\set_key.obj" : $(SOURCE) $(DEP_CPP_SET_K) "$(INTDIR)" SOURCE=.\str2key.c DEP_CPP_STR2K=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" SOURCE=.\supp.c DEP_CPP_SUPP_=\ "..\..\include\win32\config.h"\ ".\des.h"\ ".\des_locl.h"\ "$(INTDIR)\supp.obj" : $(SOURCE) $(DEP_CPP_SUPP_) "$(INTDIR)" SOURCE=.\passwd_dialog.rc "$(INTDIR)\passwd_dialog.res" : $(SOURCE) "$(INTDIR)" $(RSC) $(RSC_PROJ) $(SOURCE) !IF "$(CFG)" == "des - Win32 Release" "roken - Win32 Release" : cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken" $(MAKE) /$(MAKEFLAGS) /F ".\roken.mak" CFG="roken - Win32 Release" cd "..\des" "roken - Win32 ReleaseCLEAN" : cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken" $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\roken.mak" CFG="roken - Win32 Release"\ RECURSE=1 cd "..\des" !ELSEIF "$(CFG)" == "des - Win32 Debug" "roken - Win32 Debug" : cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken" $(MAKE) /$(MAKEFLAGS) /F ".\roken.mak" CFG="roken - Win32 Debug" cd "..\des" "roken - Win32 DebugCLEAN" : cd "\tmp\wirus-krb\krb4-pre-0.9.9\lib\roken" $(MAKE) /$(MAKEFLAGS) CLEAN /F ".\roken.mak" CFG="roken - Win32 Debug"\ RECURSE=1 cd "..\des" !ENDIF !ENDIF cyrus-sasl-2.1.25/mac/libdes/libdes_ppc/0000777000076400007640000000000011632367343015041 500000000000000cyrus-sasl-2.1.25/mac/libdes/libdes_ppc/libdes_ppc.exp0000777000076400007640000000100207403027626017575 00000000000000des_3cbc_encrypt des_cbc_cksum des_cbc_encrypt des_ede3_cfb64_encrypt des_cfb64_encrypt des_cfb_encrypt des_ecb3_encrypt des_SPtrans libdes_version DES_version des_ecb_encrypt des_options des_ede3_cbc_encrypt des_ncbc_encrypt des_ede3_ofb64_encrypt des_ofb64_encrypt des_ofb_encrypt des_xcbc_encrypt des_xwhite_in2out des_fixup_key_parity des_decrypt3 des_encrypt3 des_encrypt2 des_encrypt des_fcrypt crypt des_pcbc_encrypt des_quad_cksum des_check_key des_key_sched des_set_key des_is_weak_key des_set_odd_parity cyrus-sasl-2.1.25/mac/libdes/libdes_ppc/libdes_ppc.Carbon0000777000076400007640000012214607403027625020221 00000000000000cool(nž–Ð>CodeWarrior Projectlibdes_ppc:Source Treeslibdes_ppc:Custom Keywordslibdes_ppc:Access Pathslibdes_ppc:Target Settingslibdes_ppc:File Mappingslibdes_ppc:Build Extraslibdes_ppc:Debugger Runtimelibdes_ppc:Debugger Targetlibdes_ppc:68K CodeGenlibdes_ppc:68K Disassemblerlibdes_ppc:68K Global Optimizerlibdes_ppc:68K Linkerlibdes_ppc:68K Projectlibdes_ppc:C/C++ Compilerlibdes_ppc:C/C++ Warningslibdes_ppc:CFM68Klibdes_ppc:MacOS Merge Panellibdes_ppc:PPC CodeGenlibdes_ppc:PPC Disassemblerlibdes_ppc:PPC Global Optimizerlibdes_ppc:PPC Linkerlibdes_ppc:PPC PEFlibdes_ppc:PPC Projectlibdes_ppc:PPCAsm Panellibdes_ppc:Rez Compilerlibdes_ppc:WinRC Compilerlibdes_ppc:x86 CodeGenlibdes_ppc:x86 Exceptions Panellibdes_ppc:x86 Global Optimizerlibdes_ppc:x86 Linkerlibdes_ppc:x86 ProjectProject File Listlibdes_ppc:Remote Debuglibdes_ppc:Auto-targetlibdes_ppc:FTP Panellibdes_ppc:Java Command Linelibdes_ppc:Java Languagelibdes_ppc:Java MRJAppBuilderlibdes_ppc:Java Outputlibdes_ppc:Java Projectlibdes_ppc:JavaDoc Projectlibdes_ppc:Output Flagslibdes_ppc:Packager Panellibdes_ppc:x86 Disassembler3Kf—³Î å  ! 7 Nh‚”±Èä-D\tŽ¥Ååû $!<"S#h$…%ž&¼'Ó(ë)*+8,  %ÿÿÿÿWSPC ! "#$%&'()* +libdes_ppcFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68K:libdes.shlbLib Import PPCMW C/C++ PPCPPCAsmXCOFF Import PPCPEF Import PPCMacOS PPC LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger TargetC/C++ CompilerC/C++ WarningsPPC CodeGenPPC DisassemblerPPC Global OptimizerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez Compilercbc3_enc.ccbc_cksm.ccbc_enc.ccfb64ede.ccfb64enc.ccfb_enc.cecb3_enc.cecb_enc.cede_enc.cncbc_enc.cofb64ede.cofb64enc.cofb_enc.cxcbc_enc.ckey_par.cdes_enc.cfcrypt.cpcbc_enc.cqud_cksm.cset_key.cMSL RuntimePPC.LibInterfaceLibMathLibMSL ShLibRuntime.Lib:libdes_ppc.shlbMSL C.PPC.Libconsole.stubs.cMSL SIOUX.PPC.LibOutput FlagsPackager PanelMW_MSL.Carbon.ShlbMSL C.Carbon.LibCarbonLib:libdes_carbon.shlb  />KX\ k x ‡ ” ›¬»ÌÙéö!2BQ`l}’¥ ±!¾"Ë#Ö$á%ë&ö'( )* +*,5-@.K/U0`1j2t3}4ˆ5“67°8½9Å:Ú;ë<ù= >?(@7AJB[CeD C:B"#$%&'<1()*270 8A;69= @+,-.>?3 4!5/ #$%&'()* + , - . /0123456=#B$C%7 7!:  @::src:ÿÿÿÿ ::public:ublic:ÿÿÿÿ:::include:ÿÿÿÿ::::include:ÿÿÿÿ:ÿÿÿÿ:::mac_lib:ÿÿÿÿ:::readme:ÿÿÿÿ:::build_plugins:ÿÿÿÿ:MacOS Support:ÿÿÿÿ@:MSL:ÿÿÿÿ@ MacOS PPC Linkerlibdes_ppc:main a.out????APPL€XÀ????€ Merge Out????APPLDLGXckidProjWSPClibdes_carbon.shlb????shlb????,@T,__start__initializeon_start__terminate NONAME.EXE@®qlibdes.shlb;CarbonP'CODE' 'DATA' 'PICT'D`yD:libdJavaClasses.jarZIP MWZP     #$%NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW JavaD·¦œÿÿ‘ê  ·¢©¨%   ?@ !"ROOTGRUPANSI LibrariesFILEGRUP Mac LibrariesFILE$FILE%FILE#GRUPlibdesFILEFILEFILEFILEFILEFILEFILEFILEFILE FILE FILE FILE FILE FILEFILEFILEFILEFILEFILEFILEÿÿÿpÇÀqu@$| pÇÀmainqu@±ôÐ$| qu@MRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/qºàÐ$| ãy^RzÚQÚqµº_Êr|~ù_[yOR+]ZZ‹Bjs( JSÚZXÖÓßzÙzVØçChÞúzÞÖ RJ‡ XØ BZ9ÒýØX}ËpJs:úHûÿû\FÛXÄÝTÊTTÊZØÒÜRüXþÎÊúrºPzZBhzILRÒúHž|ÚªùtBEþzÞZÚzJ{¹\ÏTo‘(º`[b`‚rZQÜÐßžKÛÞ????APPLqq¿€$| 'RËŽJ;Y؉XYq¹ø}îZ¾˜ÞK_{:>߸ZFËúBÑynXzÌc6žNߌzz[zþÎ~Gù0D{RzÚ{ZNZYz“PZÚHÊ:£Þ\L*zŒRá| CSPFPÂTP[’ R[s^e›]úÚRûF®ZZZHRrFXß[BMBÂBÊRþãÊÓ­»Ú“ÞúÛ³˜ËBÚËÂëØjPÚzJ^›Û~Z=žvÊú[ÞžÚ9’ÒX:éUÊKZn‚ZBzö>Ò|^òÞêöïškYŠ^ø€JVpz|GNøÛòH|,zŸKRšQ×LbPÂJYµRHcZðKV]Ú|ÝJû[l{ÚxÒ{SZH[Š EÚx:rZCX[Rwz~ÙZØQUÊ;øIHj[VRêúo3ÂJêz{=ZÔÝò_jòJJØzXJÐOÆÂû 7ZsØbÜmسÜR8¼ZGPV\Ú÷Z+ƒ Èb ØLJXc~2RjYZùy‘{îzPXIŽÈ hRzz'€3MÛZ-AŸRJzËK*ZySHîXJJRÃHPZPJTXëZVßÿúÛGxR:zûPPx6HoÒóXÂ*Záß›[Zž?Ú¸»º{~Z°ÎZ: X]#UJuS@š@ÞÚX^~\–rÞZ\ÎÛ6ZrP@ÚÒhÙ8ÂÚ ÁxúºìÿRA:UX;æV^NrÚÙ|v@ é\Tz:ÂÃÞÝRz?ZÕ{þ[ZN„^š^fXVpÚJP p îZÊZûÓCwÓ_“ZšÿÊU#ZázJA…òÚMzî/:Ó+’ÖRúÞÝ~Xöu_àPÈIZQSCyˆr•N’Θ/ßÈÛÓx÷Z\^—z@.bhHúŸ”J_Z`z^:svRº}i[ÌëwNRßÚKBK0NJHF û{|:^¾*Þ‹Šàšy€Fø BžKAK~ZvTzZ[8jWn{òúúØÜÑJ ËZÆPrX: P_XZ^P˜^ÏLR~OY\;ëKY›hZ@˜„Â]bR<^R\X[ÚŠ~ÞKû[û\ãy^R{ ZQÚ JBVº_Êr|nùW[iZw*]ZZ‹Bjs( JSÚZXÖWÏzÙZVØçChÞúzÞF RH‡ŠXØ BZ9ÒýØXyËpJq:úHûÿÛ]FÛX„ÝTÊTTÊXZØÒÜRüXþÆÂúbºXzZBhziLRÒúHž|ÊêùtEþzÞX•ÚbJ{¹\Ïto‘(º`[b`†jZQÜÐßžKÛÞ[\R‡¿~Úž8ZJJUQNSPHúpSS~Ý÷ÎÐ0z:ÖjÚZI BsÒ2ÑXnZ HÖ*“::úÀÚvˆÂB kÆRXPκYXk¾ØXò~7xH_~úvSJiJ YV™Cºø EZ^ßÞqþzFWFÒ÷¿ŒðšÝMxX `ZJ(ÿ VS^zZÖ\[~VxV{ÅêZN’k H (@÷Å RÒ@YÒº~]{i¾Z{úÚSñÒùÓXR 8HØrHžZÚË[AËRÙ>Ê^^P™6]ŸÙ0rÚBšCVJÊâþZÚBJœ_ÞXW\^^ÓîÞÛÊ_‹_X [êÈúSV’XZþ*Z~Qß\ŸÞÖöþZÊRBJŠzÀ%JHxræD{]‡}Ÿ;[SÞZ)z~JS|€zZºIR;Jš@fØrš v¿ßÔLi^PY[[IDPÛÐ9XOVFñh€\›¨óO-k\X‹^׊³IèzZhJšQÝ‹PZVÌXSQÚÌhO^wQä*~\YZÒZÈúK*B{pê šsBºïRo(mstr (mstl HmstnHmstrèH€mstlèÈ€mstnèÄmtpl (€mtps ( mtsl ¨mtpiJŠ`mtlo ¸prefÖ´ Àpref‚JÄpref|'2ÄprefšÕJêÐpref×Ý8Øpref£9ßpref %=ï pref, Úpref £ î prefpE ø preff> pref0] Aprefàô H>pref[0 prefs€CeÚpref¥Bbpref£r†prefgš prefi¢¤ pref¬mE?Êpref\Füpref…ÚBw¨prefXëF .prefróH pref[ïF7"prefUΰprefôÛCprefƒFY pref‘fº’pref$OFejpref‹¸Fó motiJ (mstiègLmtglèih,mpsièC=(mstiFçmallk”¤mapll8@PLstO4 mŽpref‘Ê! pref91"p”Žpref~±#v"pref{|${*prefåa%|:Üpref$f&JH2prefcî'Œ€pref“N(”–pref®)—ªØprefs&*˜‚pref¸+FÏpref#ð,cyrus-sasl-2.1.25/mac/libdes/libdes_ppc/libdes_ppc0000777000076400007640000011540007403027625017011 00000000000000cool(”•0Ð>CodeWarrior Projectlibdes_ppc:Source Treeslibdes_ppc:Custom Keywordslibdes_ppc:Access Pathslibdes_ppc:Target Settingslibdes_ppc:File Mappingslibdes_ppc:Build Extraslibdes_ppc:Debugger Runtimelibdes_ppc:Debugger Targetlibdes_ppc:68K CodeGenlibdes_ppc:68K Disassemblerlibdes_ppc:68K Global Optimizerlibdes_ppc:68K Linkerlibdes_ppc:68K Projectlibdes_ppc:C/C++ Compilerlibdes_ppc:C/C++ Warningslibdes_ppc:CFM68Klibdes_ppc:MacOS Merge Panellibdes_ppc:PPC CodeGenlibdes_ppc:PPC Disassemblerlibdes_ppc:PPC Global Optimizerlibdes_ppc:PPC Linkerlibdes_ppc:PPC PEFlibdes_ppc:PPC Projectlibdes_ppc:PPCAsm Panellibdes_ppc:Rez Compilerlibdes_ppc:WinRC Compilerlibdes_ppc:x86 CodeGenlibdes_ppc:x86 Exceptions Panellibdes_ppc:x86 Global Optimizerlibdes_ppc:x86 Linkerlibdes_ppc:x86 ProjectProject File Listlibdes_ppc:Remote Debuglibdes_ppc:Auto-targetlibdes_ppc:FTP Panellibdes_ppc:Java Command Linelibdes_ppc:Java Languagelibdes_ppc:Java MRJAppBuilderlibdes_ppc:Java Outputlibdes_ppc:Java Projectlibdes_ppc:JavaDoc Projectlibdes_ppc:Output Flagslibdes_ppc:Packager Panellibdes_ppc:x86 Disassembler3Kf—³Î å  ! 7 Nh‚”±Èä-D\tŽ¥Ååû $!<"S#h$…%ž&¼'Ó(ë)*+8,  !ÿÿÿÿWSPC ! "#$%&'()* + :"#$%&'<1()*270 8;69= +,-.>?3 4!5/ #$%&'()* + , - . /012345689<= 7!:libdes_ppcFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68K:libdes.shlbLib Import PPCMW C/C++ PPCPPCAsmXCOFF Import PPCPEF Import PPCMacOS PPC LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger TargetC/C++ CompilerC/C++ WarningsPPC CodeGenPPC DisassemblerPPC Global OptimizerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez Compilercbc3_enc.ccbc_cksm.ccbc_enc.ccfb64ede.ccfb64enc.ccfb_enc.cecb3_enc.cecb_enc.cede_enc.cncbc_enc.cofb64ede.cofb64enc.cofb_enc.cxcbc_enc.ckey_par.cdes_enc.cfcrypt.cpcbc_enc.cqud_cksm.cset_key.cMSL RuntimePPC.LibInterfaceLibMathLibMSL ShLibRuntime.Lib:libdes_ppc.shlbMSL C.PPC.Libconsole.stubs.cMSL SIOUX.PPC.LibOutput FlagsPackager Panel  />KX\ k x ‡ ” ›¬»ÌÙéö!2BQ`l}’¥ ±!¾"Ë#Ö$á%ë&ö'( )* +*,5-@.K/U0`1j2t3}4ˆ5“67°8½9Å:Ú;ë<ù= >?(@ @:ÿÿÿÿ::src:ÿÿÿÿ@::public:ÿÿÿÿ:ÿÿÿÿ@ MacOS PPC Linkerlibdes_ppc:scsl sZ°main a.out????APPL€XÀ????€__start Merge Out????APPLDLGXckidProjWSPC__initializeon_start__terminatelibdes_ppc.shlb????shlb????P'CODE' 'DATA' 'PICT' NONAME.EXE@@`7@  ;·Uü¢G  ·¢©žk,@T,   ?@ !"JavaClasses.jarZIP MWZPqºàÐ$| ãy^RzÚQÚqµº_Êr|~ù_[yOR+]ZZ‹Bjs( JSÚZXÖÓßzÙzVØçChÞúzÞÖ RJ‡ XØ BZ9ÒýØX}ËpJs:úHûÿû\FÛXÄÝTÊTTÊZØÒÜRüXþÎÊúrºPzZBhzILRÒúHž|ÚªùtBEþzÞZÚzJ{¹\ÏTo‘(º`[b`‚rZQÜÐßžKÛÞ®q????APPLDLGXckidProjWSPCpÇÀqu@$| pÇÀmainqu@±ôÐ$| qu@????      MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/ROOTGRUPANSI LibrariesFILEFILEGRUP Mac LibrariesFILEFILE FILEGRUPlibdesFILEFILEFILEFILEFILEFILEFILEFILEFILE FILE FILE FILE FILE FILEFILEFILEFILEFILEFILEFILEÛ$« $¾l csFILEGRUP Mac LibrariesFILEFILE FILEGRUPlibdesFILEFILEFILEFILEFILEFILEFILEFILEFILE FILE FILE FILE FILE FILEFILEFILEFILEFILEFILEFILElibdesNoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW JavaMRJApplication WARZ????APPLqq¿€$| 'RËŽJ;Y؉XYq¹ø}îZ¾˜ÞK_{:>߸ZFËúBÑynXzÌc6žNߌzz[zþÎ~Gù0D{RzÚ{ZNZYz“PZÚHÊ:£Þ\L*zŒRá| CSPFPÂTP[’ R[s^e›]úÚRûF®ZZZHRrFXß[BMBÂBÊRþãÊÓ­»Ú“ÞúÛ³˜ËBÚËÂëØjPÚzJ^›Û~Z=žvÊú[ÞžÚ9’ÒX:éUÊKZn‚ZBzö>Ò|^òÞêöïškYŠ^ø€JVpz|GNøÛòH|,zŸKRšQ×LbPÂJYµRHcZðKV]Ú|ÝJû[l{ÚxÒ{SZH[Š EÚx:rZCX[Rwz~ÙZØQUÊ;øIHj[VRêúo3ÂJêz{=ZÔÝò_jòJJØzXJÐOÆÂû 7ZsØbÜmسÜR8¼ZGPV\Ú÷Z+ƒ Èb ØLJXc~2RjYZùy‘{îzPXIŽÈ hRzz'€3MÛZ-AŸRJzËK*ZySHîXJJRÃHPZPJTXëZVßÿúÛGxR:zûPPx6HoÒóXÂ*Záß›[Zž?Ú¸»º{~Z°ÎZ: X]#UJuS@š@ÞÚX^~\–rÞZ\ÎÛ6ZrP@ÚÒhÙ8ÂÚ ÁxúºìÿRA:UX;æV^NrÚÙ|v@ é\Tz:ÂÃÞÝRz?ZÕ{þ[ZN„^š^fXVpÚJP p îZÊZûÓCwÓ_“ZšÿÊU#ZázJA…òÚMzî/:Ó+’ÖRúÞÝ~Xöu_àPÈIZQSCyˆr•N’Θ/ßÈÛÓx÷Z\^—z@.bhHúŸ”J_Z`z^:svRº}i[ÌëwNRßÚKBK0NJHF û{|:^¾*Þ‹Šàšy€Fø BžKAK~ZvTzZ[8jWn{òúúØÜÑJ ËZÆPrX: P_XZ^P˜^ÏLR~OY\;ëKY›hZ@˜„Â]bR<^R\X[ÚŠ~ÞKû[û\ãy^R{ ZQÚ JBVº_Êr|nùW[iZw*]ZZ‹Bjs( JSÚZXÖWÏzÙZVØçChÞúzÞF RH‡ŠXØ BZ9ÒýØXyËpJq:úHûÿÛ]FÛX„ÝTÊTTÊXZØÒÜRüXþÆÂúbºXzZBhziLRÒúHž|ÊêùtEþzÞX•ÚbJ{¹\Ïto‘(º`[b`†jZQÜÐßžKÛÞ[\R‡¿~Úž8ZJJUQNSPHúpSS~Ý÷ÎÐ0z:ÖjÚZI BsÒ2ÑXnZ HÖ*“::úÀÚvˆÂB kÆRXPκYXk¾ØXò~7xH_~úvSJiJ YV™Cºø EZ^ßÞqþzFWFÒ÷¿ŒðšÝMxX `ZJ(ÿ VS^zZÖ\[~VxV{ÅêZN’k H (@÷Å RÒ@YÒº~]{i¾Z{úÚSñÒùÓXR 8HØrHžZÚË[AËRÙ>Ê^^P™6]ŸÙ0rÚBšCVJÊâþZÚBJœ_ÞXW\^^ÓîÞÛÊ_‹_X [êÈúSV’XZþ*Z~Qß\ŸÞÖöþZÊRBJŠzÀ%JHxræD{]‡}Ÿ;[SÞZ)z~JS|€zZºIR;Jš@fØrš v¿ßÔLi^PY[[IDPÛÐ9XOVFñh€\›¨óO-k\X‹^׊³IèzZhJšQÝ‹PZVÌXSQÚÌhO^wQä*~\YZÒZÈúK*B{pê šsBºïRo(mstr (mstl HmstnHmstrèH€mstlèH€mstnèHmtpl (€mtps ( mtsl ¨mtpiJœdmtlo ¸prefÖ´ Àpref‚JÈppref|'&8prefšÕUèÐpref×Ý,Lpref£-Spref %2c pref, Úpref £ î prefpE ø preff> pref0] 5ƒprefàô È>pref[0 prefs€6‰Úpref¥8cbpref£rprefg prefi¢$ pref¬m8ÅÊpref\9pref…Ú:§¨prefXë;O.prefró;} pref[ï=‰"prefUÎ0prefôÛ=«prefƒ=Å pref‘=Ñ’pref$O>cjpref‹¸Fó moti>Í(mstiè>õmtglèA,mpsièC=(mstiFçmallCe¤maplS¢@PLstO4 Füpref‘Ê! pref91"KŽpref~±#q¸pref{|$D prefåa%vÀÜpref$f&E2prefcî'†œ€pref“N(PŽpref®)EKØprefs&*pref¸+F#pref#ð,cyrus-sasl-2.1.25/mac/libdes/libdes_ppc/libdes_ppc.Carbon.exp0000777000076400007640000000100207403027626021000 00000000000000des_3cbc_encrypt des_cbc_cksum des_cbc_encrypt des_ede3_cfb64_encrypt des_cfb64_encrypt des_cfb_encrypt des_ecb3_encrypt des_SPtrans libdes_version DES_version des_ecb_encrypt des_options des_ede3_cbc_encrypt des_ncbc_encrypt des_ede3_ofb64_encrypt des_ofb64_encrypt des_ofb_encrypt des_xcbc_encrypt des_xwhite_in2out des_fixup_key_parity des_decrypt3 des_encrypt3 des_encrypt2 des_encrypt des_fcrypt crypt des_pcbc_encrypt des_quad_cksum des_check_key des_key_sched des_set_key des_is_weak_key des_set_odd_parity cyrus-sasl-2.1.25/mac/libdes/libdes_68K/0000777000076400007640000000000011632367343014627 500000000000000cyrus-sasl-2.1.25/mac/libdes/libdes_68K/libdes_68K.exp0000777000076400007640000000071507403027623017160 00000000000000des_key_sched des_set_key des_is_weak_key des_set_odd_parity des_quad_cksum des_pcbc_encrypt des_fcrypt crypt des_decrypt3 des_encrypt3 des_encrypt2 des_encrypt des_fixup_key_parity des_xcbc_encrypt des_xwhite_in2out des_ofb_encrypt des_ofb64_encrypt des_ede3_ofb64_encrypt des_ncbc_encrypt des_ede3_cbc_encrypt des_ecb_encrypt des_options des_ecb3_encrypt des_cfb_encrypt des_cfb64_encrypt des_ede3_cfb64_encrypt des_cbc_encrypt des_cbc_cksum des_3cbc_encrypt cyrus-sasl-2.1.25/mac/libdes/libdes_68K/libdes_68K0000777000076400007640000011750207403027622016367 00000000000000cool(˜J™rÐ>CodeWarrior Projectlibdes_68K:Source Treeslibdes_68K:Custom Keywordslibdes_68K:Access Pathslibdes_68K:Target Settingslibdes_68K:File Mappingslibdes_68K:Build Extraslibdes_68K:Debugger Runtimelibdes_68K:Debugger Targetlibdes_68K:68K CodeGenlibdes_68K:68K Disassemblerlibdes_68K:68K Global Optimizerlibdes_68K:68K Linkerlibdes_68K:68K Projectlibdes_68K:C/C++ Compilerlibdes_68K:C/C++ Warningslibdes_68K:CFM68Klibdes_68K:MacOS Merge Panellibdes_68K:PPC CodeGenlibdes_68K:PPC Disassemblerlibdes_68K:PPC Global Optimizerlibdes_68K:PPC Linkerlibdes_68K:PPC PEFlibdes_68K:PPC Projectlibdes_68K:PPCAsm Panellibdes_68K:Rez Compilerlibdes_68K:WinRC Compilerlibdes_68K:x86 CodeGenlibdes_68K:x86 Exceptions Panellibdes_68K:x86 Global Optimizerlibdes_68K:x86 Linkerlibdes_68K:x86 ProjectProject File Listlibdes_68K:Remote Debuglibdes_68K:Auto-targetlibdes_68K:FTP Panellibdes_68K:Java Command Linelibdes_68K:Java Languagelibdes_68K:Java MRJAppBuilderlibdes_68K:Java Outputlibdes_68K:Java Projectlibdes_68K:JavaDoc Projectlibdes_68K:Output Flagslibdes_68K:Packager Panellibdes_68K:x86 Disassembler3Kf—³Î å  ! 7 Nh‚”±Èä-D\tŽ¥Ååû $!<"S#h$…%ž&¼'Ó(ë)*+8,  "       ! "#$%&'()* +&'()*/ #+, -5$%":0163982;74<.!ÿÿÿÿ cfm68k_import_off.pch Merge Out????APPLDLGXckidProjWSPC         679: ;"89libdes_68KFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68Kcbc3_enc.ccbc_cksm.ccbc_enc.ccfb64ede.ccfb64enc.ccfb_enc.cecb3_enc.cecb_enc.cede_enc.cncbc_enc.cofb64ede.cofb64enc.cofb_enc.cxcbc_enc.ckey_par.cdes_enc.cfcrypt.cpcbc_enc.cqud_cksm.cset_key.cMacOS 68K LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger Target68K CodeGen68K Disassembler68K Global Optimizer68K Linker68K ProjectC/C++ CompilerC/C++ WarningsCFM68KRez Compiler:libdes_68K.shlbMacOS.libMathLib68K Fa(4i_8d).LibMSL Runtime68K.LibMSL C.68K Fa(4i_8d).LibMSL SIOUX.68K.Libconsole.stubs.cMathLibCFM68K (4i_F_8d).LibMSL ShLibRuntimeCFM68K.LibMSL MWCFM68KRuntime.LibMSL C.CFM68K Fa(4i_8d).LibInterfaceLibMSL ShLibRuntime.LibOutput Flags  />KX\ k v ‹ –¡«¶ÀÊÕàëõ (3=N[ k!x"ˆ#–$£%´&Ä'Ð(á)ö*+ ,-+.2/?0P1Z2s3†4ž5°6À7Ü8÷9:*;7<L= @:ÿÿÿÿ::public:ÿÿÿÿ::src:ÿÿÿÿ@::CodeWarrior MPW:Interfaces&Libraries:Libraries:SharedLibraries:ÿÿÿÿ@:ÿÿÿÿ@ MacOS 68K Linkerlibdes_68K:main libdes_68K.shlb????shlb????__initialize_start__terminate__starta.out????APPL€€@XÀ????P'CODE' 'DATA' 'PICT' NONAME.EXE@=@Y=! " #0·UüÍ €,@T,)*+! %" #$& '()*+ , -.=/JavaClasses.jarZIP MWZP q????APPLDLGXckidProjWSPC  ·Uþ˜5 0qÅÐ$| ‡{Ù׳ç¯þÿÆóÅq¿0ºÿïY¬¿þú»Z_µû?j¿zý÷ýÓ›§ï[æ¬ÿÿû|¿Ë÷ïÿýÿÿúÿÿÿïýëŸ]û·ï­ÝüMzÇ=á‚ÿüïvÿÿìß÷ùÿü¿oÿŸ¿ÿ›[Ÿyå¢Ú-ëà{9ÿßß¼Ëëÿýmµ¶Ýì×ûÿùÿÿÿ~·ðïþöã^ûöqΰßï½gÿòÿßÿ÷þnÏÿ÷ûiøÕÇÏnàû¯ñµþ?¯vŸó÷ïæû¾ípÇÀq`$| pÇÀmainq`±ê°$| q`MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/ROOTGRUPlibdesFILEFILEFILEFILEFILEFILEFILEFILEFILE FILE FILE FILE FILE FILEFILEFILEFILEFILEFILEFILEGRUP Mac LibrariesFILEFILEGRUPANSI LibrariesFILE FILEFILEFILE  NONAME.EXE@<@L<ROOTGRUPlibdesFILEFILEFILEFILEFILEFILEFILEFILEFILE FILE FILE FILE FILE FILEFILEFILEFILEFILEFILEFILEGRUP Mac LibrariesFILEFILEGRUPANSI LibrariesFILE FILEFILE File B4FE352NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW JavaMRJApplication WARZ????APPLqqÉ $| @A@BD6q𮂠P!G€4 ˆˆˆ Xb È`O£ˆ€h„!Š`BD@6HFÂÐ,€“…€ˆ. ! B†2Ì `)"¥H @@€b˜É)à†‰AŒA @@Hp  *A0r*! ÆfŒA@%( ÁƒØ€€&‹D#„€ ƒ,@@ˆbÈ`ÐÖ@(•1P((`J$@>Œ9ƒR„íÁÈ-®CD` EQÐ S@9` P v @P€€ *@ Ü 6 ð€¦‚ 0¤àÀ,@"R&!AB} `80$B €}, CR ìŒq h× `R€P€ \  Å!”€b`DèC0š†Á’ ‘@I 2@€€H€@h$À$cÈIš¡d)ÊP† „ @Ã2€€G@Ä”%£a‚€câÐà”yI˜‚(`dI€„”Ô'½ÞœàHZ @ @ $‚¦€%7RI€ÁI@@ˆ$ ‘0 ‡ ÈFl¨2 €@@„LV^‰(Ñ‚$Ž! A˜€ "`¡ à¨`¡¢¤c4E@‰ƒ€` Ä †cù”(PDb¬Ø@ HD HLÃC À@dÀP ‚ , (€"Ѐ@¢,!%@:†Q$¸`…€8€B@†|à4 €€~*aA•€Â‚€’&S „¬$-HPt”±J,A(€!­À`RßIB É( €‚€  h i0, 0…`:PB¸ I`@I(Á „4 Ð`¸±²"£&@°eÀ Jx$QÀ È@È€QØg† %HŽL"Hi(  ‚T$Œ 4X@* `¢ÄÐX(mstr (mstl HmstnHmstrèHmstlèHmstnèHmtpl (€mtps ( mtsl ¨mtpi ¸dmtloHpref³uHpref0y!X ˆpref™›+àprefïBTœÐpref91ôpref~š2ûpref"†7  prefç,bpref;8  prefQA v prefôÚ ‚prefip :+pref±v >pref$×Îpref v;1ÚprefjPÜbpref"= prefì> prefÐ = prefw=+ÊprefPs=õpref)Q? ¨prefü?µ.prefw?ã pref6;Aï"prefš Bpref½B%prefüB? preflÌBK’pref;YBÝjpref°Fó motiCG(mstièComtglèFü,mpsièE‹(mstiKXmallE³”maplQz@PLst·† K`prefGo!FGprefŸ"plŽpref‡¾#uúpref ü$I(prefÔP%{Üprefî&FK2prefÍ'ŠÞ€pref^~(Nfpreflà)J8Øpref†<*“^pref}Ö+F}pref9!,cyrus-sasl-2.1.25/mac/build_plugins/0000777000076400007640000000000011632367343014333 500000000000000cyrus-sasl-2.1.25/mac/build_plugins/build_plugins.Carbon0000777000076400007640000036772007403027610020252 00000000000000cool(ßØáОCodeWarrior Project9TrŽ©Èæ   B [ u’¯Ääþ@Yo‰¤¿Üö<Uo Š!¨"Ã#á$ý%&7'U(o)Ž*±+Ê,ä-./30S1m2Œ3¯4È5Þ6ø78.9K:e;ˆ<«=Ä>Þ?ð@A!B8CRDjEFœG¶HÌIçJKL1MJNcOtPQ¦RÁSàTõU V W 4X KY dZ z[ ™\ ¸] Í^ ã_ þ` a 7b Uc qd Œe «f Ég ãh i %j >k Xl um ’n §o Çp áq r #s <t Ru lv ‡w ¢x ¿y Ùz ü{ | 8} R~ m ‡€ Ÿ ¿‚ Ûƒ ü„…1†O‡jˆ‡‰¦Š½‹ÓŒçŽ8N‘e’“–”¯•Ê–å—ÿ˜™7šS›tœŽ©žÇŸâ ÿ¡  fghij`–cklm_deb—˜™š›œnžŸopqrstu•v^awx yz{|'()*+!~$,-. %&#€‚ƒ„…/†‡0123456}7"89ˆ:;<=GHIJKAŠDLMN@EFC‹ŒŽ‘O’“PQRSTUV‰W?BXY”Z[\]>>7; L+ =<Q-123*O IM0NJF6 "54/BDK,8.GH!:9P#$%&'()@EC  ?AR`IR-y`:  ÿÿÿÿÿÿÿÿ¡À¡$%&    saslk4.h Merge Out????APPLDLGXckidProjWSPC#build_pluginsFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68Kkerberos4_ppcMacOS 68K LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger Target68K CodeGen68K Disassembler68K Global Optimizer68K Linker68K ProjectC/C++ CompilerC/C++ WarningsCFM68KRez Compiler:kerberos4.shlbLib Import PPCMW C/C++ PPCPPCAsmXCOFF Import PPCPEF Import PPCMacOS PPC LinkerPPC CodeGenPPC DisassemblerPPC Global OptimizerPPC LinkerPPC PEFPPC ProjectPPCAsm Panelkerberos4.cconsole.stubs.cMSL C.PPC.LibInterfaceLibMSL RuntimePPC.LibMathLiblibdes.shlbkcglue_des.ckcglue_krb.cKClient.cmac_krb_lib1.cMacOS.mcpMacOS:MacOS.libMSL DropInRuntime.Libplain_ppcplain.c:plain.shlbdigestmd5_ppcdigestmd5.c:digestmd5.shlbxxx_mac_lib.crd_priv.cyyy_mac_lib.cmk_priv.crw.cmk_safe.crd_safe.clsb_addr_comp.cOutput FlagsPackager PanelKerberosLib.9libdes_ppc.shlbMSL C.Carbon.LibCarbonLibKerberosLib.CBlibdes_carbon.shlbkerberos4_init.cplugin_common.cgetaddrinfo.c#2AN[_ n | š ª·ÇÕâó 5@L[jq~Žª ±!Â"Ñ#â$î%ÿ&'(')3*@+L,\-j.w/Š0’1ž2«3¸4Â5Ñ6Û7á8ì9: ;< =.>:?J@XAbBpCzDE‰F“G£H°I¿JÍKÝLîMøNOP+Q;R ·¬Y”ÿÿÞN:<·¢a5å=?·¢aq‰JavaClasses.jarZIP MWZPA‡ build_plugins:Source Treesbuild_plugins:Custom Keywordsbuild_plugins:Access Pathsbuild_plugins:Target Settingsbuild_plugins:File Mappingsbuild_plugins:Build Extrasbuild_plugins:Debugger Runtimebuild_plugins:Debugger Targetbuild_plugins:68K CodeGenbuild_plugins:68K Disassemblerbuild_plugins:68K Global Optimizerbuild_plugins:68K Linkerbuild_plugins:68K Projectbuild_plugins:C/C++ Compilerbuild_plugins:C/C++ Warningsbuild_plugins:CFM68Kbuild_plugins:MacOS Merge Panelbuild_plugins:PPC CodeGenbuild_plugins:PPC Disassemblerbuild_plugins:PPC Global Optimizerbuild_plugins:PPC Linkerbuild_plugins:PPC PEFbuild_plugins:PPC Projectbuild_plugins:PPCAsm Panelbuild_plugins:Rez Compilerbuild_plugins:WinRC Compilerbuild_plugins:x86 CodeGenbuild_plugins:x86 Exceptions Panelbuild_plugins:x86 Global Optimizerbuild_plugins:x86 Linkerbuild_plugins:x86 Projectkerberos4_ppc:Source Treeskerberos4_ppc:Custom Keywordskerberos4_ppc:Access Pathskerberos4_ppc:Target Settingskerberos4_ppc:File Mappingskerberos4_ppc:Build Extraskerberos4_ppc:Debugger Runtimekerberos4_ppc:Debugger Targetkerberos4_ppc:68K CodeGenkerberos4_ppc:68K Disassemblerkerberos4_ppc:68K Global Optimizerkerberos4_ppc:68K Linkerkerberos4_ppc:68K Projectkerberos4_ppc:C/C++ Compilerkerberos4_ppc:C/C++ Warningskerberos4_ppc:CFM68Kkerberos4_ppc:MacOS Merge Panelkerberos4_ppc:PPC CodeGenkerberos4_ppc:PPC Disassemblerkerberos4_ppc:PPC Global Optimizerkerberos4_ppc:PPC Linkerkerberos4_ppc:PPC PEFkerberos4_ppc:PPC Projectkerberos4_ppc:PPCAsm Panelkerberos4_ppc:Rez Compilerkerberos4_ppc:WinRC Compilerkerberos4_ppc:x86 CodeGenkerberos4_ppc:x86 Exceptions Panelkerberos4_ppc:x86 Global Optimizerkerberos4_ppc:x86 Linkerkerberos4_ppc:x86 ProjectProject File Listplain_ppc:Source Treesplain_ppc:Custom Keywordsplain_ppc:Access Pathsplain_ppc:Target Settingsplain_ppc:File Mappingsplain_ppc:Build Extrasplain_ppc:Debugger Runtimeplain_ppc:Debugger Targetplain_ppc:68K CodeGenplain_ppc:68K Disassemblerplain_ppc:68K Global Optimizerplain_ppc:68K Linkerplain_ppc:68K Projectplain_ppc:C/C++ Compilerplain_ppc:C/C++ Warningsplain_ppc:CFM68Kplain_ppc:MacOS Merge Panelplain_ppc:PPC CodeGenplain_ppc:PPC Disassemblerplain_ppc:PPC Global Optimizerplain_ppc:PPC Linkerplain_ppc:PPC PEFplain_ppc:PPC Projectplain_ppc:PPCAsm Panelplain_ppc:Rez Compilerplain_ppc:WinRC Compilerplain_ppc:x86 CodeGenplain_ppc:x86 Exceptions Panelplain_ppc:x86 Global Optimizerplain_ppc:x86 Linkerplain_ppc:x86 Projectdigestmd5_ppc:Source Treesdigestmd5_ppc:Custom Keywordsdigestmd5_ppc:Access Pathsdigestmd5_ppc:Target Settingsdigestmd5_ppc:File Mappingsdigestmd5_ppc:Build Extrasdigestmd5_ppc:Debugger Runtimedigestmd5_ppc:Debugger Targetdigestmd5_ppc:68K CodeGendigestmd5_ppc:68K Disassemblerdigestmd5_ppc:68K Global Optimizerdigestmd5_ppc:68K Linkerdigestmd5_ppc:68K Projectdigestmd5_ppc:C/C++ Compilerdigestmd5_ppc:C/C++ Warningsdigestmd5_ppc:CFM68Kdigestmd5_ppc:MacOS Merge Paneldigestmd5_ppc:PPC CodeGendigestmd5_ppc:PPC Disassemblerdigestmd5_ppc:PPC Global Optimizerdigestmd5_ppc:PPC Linkerdigestmd5_ppc:PPC PEFdigestmd5_ppc:PPC Projectdigestmd5_ppc:PPCAsm Paneldigestmd5_ppc:Rez Compilerdigestmd5_ppc:WinRC Compilerdigestmd5_ppc:x86 CodeGendigestmd5_ppc:x86 Exceptions Paneldigestmd5_ppc:x86 Global Optimizerdigestmd5_ppc:x86 Linkerdigestmd5_ppc:x86 Projectkerberos4_ppc:Remote Debugkerberos4_ppc:Auto-targetkerberos4_ppc:FTP Panelkerberos4_ppc:Java Command Linekerberos4_ppc:Java Languagekerberos4_ppc:Java MRJAppBuilderkerberos4_ppc:Java Outputkerberos4_ppc:Java Projectkerberos4_ppc:JavaDoc Projectkerberos4_ppc:Output Flagskerberos4_ppc:Packager Panelkerberos4_ppc:x86 Disassemblerplain_ppc:Remote Debugplain_ppc:Auto-targetplain_ppc:FTP Panelplain_ppc:Java Command Lineplain_ppc:Java Languageplain_ppc:Java MRJAppBuilderplain_ppc:Java Outputplain_ppc:Java Projectplain_ppc:JavaDoc Projectplain_ppc:Output Flagsplain_ppc:Packager Panelplain_ppc:x86 Disassemblerdigestmd5_ppc:Remote Debugdigestmd5_ppc:Auto-targetdigestmd5_ppc:FTP Paneldigestmd5_ppc:Java Command Linedigestmd5_ppc:Java Languagedigestmd5_ppc:Java MRJAppBuilderdigestmd5_ppc:Java Outputdigestmd5_ppc:Java Projectdigestmd5_ppc:JavaDoc Projectdigestmd5_ppc:Output Flagsdigestmd5_ppc:Packager Paneldigestmd5_ppc:x86 Disassembler  ·¬Y¼ÿÿ½ž+,/2 3 5 9@ABCDEFGLMNOPQR MacOS PPC Linkerkerberos4_ppc: a.out????APPL€XÀ????€__initialize_start__terminatekerberos4.shlb4????shlb????      HI$%&'()*  @::include:ÿÿÿÿ::kerberos_includes:ÿÿÿÿ::libdes:public:ÿÿÿÿ::CommonKClient:mac_kclient3:ÿÿÿÿ::CommonKClient:mac_kclient3:Headers:ÿÿÿÿ:::include:ÿÿÿÿ::readme:ÿÿÿÿ :ÿÿÿÿ:::plugins:ÿÿÿÿ ::mac_lib:ÿÿÿÿ ::krb4_sources:are_used:ÿÿÿÿKerberos for Macintosh 3.5:Mac OS 9 SDK 3.5:Kerberos:Binaries:ÿÿÿÿ :::lib:ÿÿÿÿ@:MacOS Support:ÿÿÿÿ@:MSL:ÿÿÿÿ@NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW Javamain__startP'CODE' 'DATA' 'PICT' NONAME.EXE@ROOTGRUPSrcFILEFILEFILEFILEFILEFILEFILEGRUPANSI LibrariesFILEFILEGRUP Mac LibrariesFILE FILEFILEFILEFILEGRUPKClient FILEFILE FILE FILEFILEFILEFILEFILEFILEFILE…߆Óðª…ßmain†Óð–C°ª†ÓðMRJApplication WARZÀ‡ ЪA‚|`t,@‡À8a8Hë ` £ÿ88a8Hë¥`8a8Hêí`8cKþi­`;£88Hêñ`€X£ëx|¦8!PƒáÿüƒÁÿøƒ¡ÿôƒÿðN€ “áÿü“Áÿø“¡ÿô|¦”!ÿ°;£;ÄHê…`ˆ;ã|t,_A‚ ,_A‚     T)@‚Lƒ›H<ƒ¼H(€ (@‚ˆ|u@‚ £ëxKÿþƒ½(@‚ÿ؃œ(@‚ÿă{ (@‚ÿ¤ƒ¿A‡ :=MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/????APPL‡‡0ª8 KÿöÍ(‡ @8°HH (@‚<8bu8€8 Kÿö(@‚8b8€8 Kÿö…(A‚ 8° ,A‚ @€,@€(H8, A‚H,ƒãx8‚ŽHæ`HDƒãx8‚žHåý`H08|8™Håé` (@‚8`8œKÿY-`ˆ;@|uA‚8|€8 8ÀKÿó=|zxƒ>:à;€H„€yƒ€:À(A‚ TÿA‚P€(@‚D€c Kÿ©%`T`?A‚0(ƒA‚ “H“€:À“?:à,@‚<ËxÃx(@‚ÿ|,@‚ÿdcÛxKÿ€a`||x€c<(ÿÿ@‚<`À@8€8|8‚•–Kÿ‚5`;Ã8`Kþce`;ã8`(KþcU`€8€8 (H»¹`€8<€À@€8€$€œ<@Tƒ|@@€T€€d@€dÛxHä=`8`8˜ “߀ž(A‚“ä€H “þ“þ98| ¦88|@08à€ÄHL€(@‚<€f(A‚0|+–|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´„ÄHL€(@‚<€f(A‚0|+–|)Ö|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´8„8çBÿH5ÿÿ@€ÿ(Kÿù•(A‚$€z(A‚ˆ|u@‚ H¡`€h8!`ºÁÿØ|¦N€ |¦”!ÿÀ€8 TÿA‚€c88 KÿòÕH@(A‚8€c(A‚,<(ÿÿA‚ €ƒ(A‚€a8€ |8€H€a8|¦8!@N€ ¿aÿì|¦”!ÿ ||xKÿLõ`8˜€|; ƒã;ÀHÄ€Hq`€Ha` Hq`°€Ÿ€|€£;`|¥ˆ(@‚,8¡88ÀKÿò©(A‚4 T{@‚(ƒcH (@‚  €ƒT:8ÿüd.(A‚ˆ|u@‚; 8{Kÿÿ;ÿ ;Þ€|  |A€ÿ4€h£ëx8!`»aÿì|¦N€ ¿aÿì|¦ƒâ¨”!ÿ°ƒH\€T)@‚Lƒ›H<ƒ¼H(€ (@‚ˆ|u@‚ £ëxKÿþƒ½(@‚ÿ؃œ(@‚ÿă{ (@‚ÿ¤ƒ¿FILEFILEGRUPKClient FILEFILE FILE FILEFILEFILEFILEFILEFILEFILEANSI LibrariesFILE ÿÿÿÿ saslk4.hJavaClasses.jarZIP MWZP Merge Out????APPLDLGXckidProjWSPC @::libdes:public:ÿÿÿÿ::keberos_includes:ÿÿÿÿ::include:ÿÿÿÿ::CommonKClient:mac_kclient3:ÿÿÿÿ::CommonKClient:mac_kclient3:Headers:ÿÿÿÿ:::include:ÿÿÿÿ:::lib:ÿÿÿÿ::mac_lib:ÿÿÿÿ ::readme:ÿÿÿÿ :::plugins:ÿÿÿÿ ::k4_files_that_are_used:ÿÿÿÿ :ÿÿÿÿKerberos for Macintosh 3.5:Mac OS 9 SDK 3.5:Kerberos:Binaries:ÿÿÿÿ ::libdes:libdes_ppc:ÿÿÿÿ@:MacOS Support:ÿÿÿÿ@:MSL:ÿÿÿÿ@ MacOS PPC Linkerplain_ppc:NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW Javamain…߆Óðª…ßmain†Óð–C°ª†Óð a.out????APPL€XÀ????€ saslk4.h__startMRJApplicationJavaClasses.jarZIP MWZP WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/ Merge Out????APPLDLGXckidProjWSPCÀ‡ ЪA‚|`t,@‡À8a8Hë ` £ÿ88a8Hë¥`8a8Hêí`8cKþi­`;£88Hêñ`€X£ëx|¦8!PƒáÿüƒÁÿøƒ¡ÿôƒÿðN€ “áÿü“Áÿø“¡ÿô|¦”!ÿ°;£;ÄHê…`ˆ;ã|t,_A‚ ????APPL‡‡0ª8 KÿöÍ(‡ @8°HH (@‚<8bu8€8 Kÿö(@‚8b8€8 Kÿö…(A‚ 8° ,A‚ @€,@€(H8, A‚H,ƒãx8‚ŽHæ`HDƒãx8‚žHåý`H08|8™Håé` (@‚8`8œKÿY-`ˆ;@|uA‚8|€8 8ÀKÿó=|zxƒ>:à;€H„€yƒ€:À(A‚ TÿA‚P€(@‚D€c Kÿ©%`T`?A‚0(ƒA‚ “H“€:À“?:à,@‚<ËxÃx(@‚ÿ|,@‚ÿdcÛxKÿ€a`||x€c<(ÿÿ@‚<`À@8€8|8‚•–Kÿ‚5`;Ã8`Kþce`;ã8`(KþcU`€8€8 (H»¹`€8<€À@€8€$€œ<@Tƒ|@@€T€€d@€dÛxHä=`8`8˜ “߀ž(A‚“ä€H “þ“þ98| ¦88|@08à€ÄHL€(@‚<€f(A‚0|+–|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´„ÄHL€(@‚<€f(A‚0|+–|)Ö|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´8„8çBÿH5ÿÿ@€ÿ(Kÿù•(A‚$€z(A‚ˆ|u@‚ H¡`€h8!`ºÁÿØ|¦N€ |¦”!ÿÀ€8 TÿA‚€c88 KÿòÕH@(A‚8€c(A‚,<(ÿÿA‚ €ƒ(A‚€a8€ |8€H€a8|¦8!@N€ ¿aÿì|¦”!ÿ ||xKÿLõ`8˜€|; ƒã;ÀHÄ€Hq`€Ha` Hq`°€Ÿ€|€£;`|¥ˆ(@‚,8¡88ÀKÿò©(A‚4 T{@‚(ƒcH (@‚  €ƒT:8ÿüd.(A‚ˆ|u@‚; 8{Kÿÿ;ÿ ;Þ€|  |A€ÿ4€h£ëx8!`»aÿì|¦N€ ¿aÿì|¦ƒâ¨”!ÿ°ƒH\€T)@‚Lƒ›H<ƒ¼H(€ (@‚ˆ|u@‚ £ëxKÿþƒ½(@‚ÿ؃œ(@‚ÿă{ (@‚ÿ¤ƒ¿__initialize_start__terminate plain.shlbshlb4????shlb????P'CODE' 'DATA' 'PICT'A‡ NONAME.EXE@ a.out????APPL€XÀ????€A‡,/ 9@LM;QR;;;;;;;;;;; @::libdes:public:ÿÿÿÿ::keberos_includes:ÿÿÿÿ::include:ÿÿÿÿ::CommonKClient:mac_kclient3:ÿÿÿÿ::CommonKClient:mac_kclient3:Headers:ÿÿÿÿ:::include:ÿÿÿÿ:::lib:ÿÿÿÿ::mac_lib:ÿÿÿÿ ::readme:ÿÿÿÿ :::plugins:ÿÿÿÿ ::k4_files_that_are_used:ÿÿÿÿ :ÿÿÿÿKerberos for Macintosh 3.5:Mac OS 9 SDK 3.5:Kerberos:Binaries:ÿÿÿÿ ::libdes:libdes_ppc:ÿÿÿÿ@:MacOS Support:ÿÿÿÿ@:MSL:ÿÿÿÿ@ MacOS PPC Linkerdigestmd5_ppc:NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW Javamain…߆Óðª…ßmain†Óð–C°ª†Óð__startMRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/À‡ ЪA‚|`t,@‡À8a8Hë ` £ÿ88a8Hë¥`8a8Hêí`8cKþi­`;£88Hêñ`€X£ëx|¦8!PƒáÿüƒÁÿøƒ¡ÿôƒÿðN€ “áÿü“Áÿø“¡ÿô|¦”!ÿ°;£;ÄHê…`ˆ;ã|t,_A‚ ????APPL‡‡0ª8 KÿöÍ(‡ @8°HH (@‚<8bu8€8 Kÿö(@‚8b8€8 Kÿö…(A‚ 8° ,A‚ @€,@€(H8, A‚H,ƒãx8‚ŽHæ`HDƒãx8‚žHåý`H08|8™Håé` (@‚8`8œKÿY-`ˆ;@|uA‚8|€8 8ÀKÿó=|zxƒ>:à;€H„€yƒ€:À(A‚ TÿA‚P€(@‚D€c Kÿ©%`T`?A‚0(ƒA‚ “H“€:À“?:à,@‚<ËxÃx(@‚ÿ|,@‚ÿdcÛxKÿ€a`||x€c<(ÿÿ@‚<`À@8€8|8‚•–Kÿ‚5`;Ã8`Kþce`;ã8`(KþcU`€8€8 (H»¹`€8<€À@€8€$€œ<@Tƒ|@@€T€€d@€dÛxHä=`8`8˜ “߀ž(A‚“ä€H “þ“þ98| ¦88|@08à€ÄHL€(@‚<€f(A‚0|+–|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´„ÄHL€(@‚<€f(A‚0|+–|)Ö|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´8„8çBÿH5ÿÿ@€ÿ(Kÿù•(A‚$€z(A‚ˆ|u@‚ H¡`€h8!`ºÁÿØ|¦N€ |¦”!ÿÀ€8 TÿA‚€c88 KÿòÕH@(A‚8€c(A‚,<(ÿÿA‚ €ƒ(A‚€a8€ |8€H€a8|¦8!@N€ ¿aÿì|¦”!ÿ ||xKÿLõ`8˜€|; ƒã;ÀHÄ€Hq`€Ha` Hq`°€Ÿ€|€£;`|¥ˆ(@‚,8¡88ÀKÿò©(A‚4 T{@‚(ƒcH (@‚  €ƒT:8ÿüd.(A‚ˆ|u@‚; 8{Kÿÿ;ÿ ;Þ€|  |A€ÿ4€h£ëx8!`»aÿì|¦N€ ¿aÿì|¦ƒâ¨”!ÿ°ƒH\€T)@‚Lƒ›H<ƒ¼H(€ (@‚ˆ|u@‚ £ëxKÿþƒ½(@‚ÿ؃œ(@‚ÿă{ (@‚ÿ¤ƒ¿__initialize_start__terminatedigestmd5.shlb4????shlb????P'CODE' 'DATA' 'PICT' NONAME.EXE@,/ 9@LM>QR>>>>>>>>>>>&imstr( mstl (mstn>mstrè>€mstlè (€mstn辉moti¨(mstiè¾Lmtglè:i,mpsiè (msti<•mtplþ€mtps mtsl~mtpiHXmtloŽpref£Š –prefl‰!JÕxprefGr"A•pref)h#jMÐpref!¦$% prefÈä%†pref¥b&Š- prefMb'°pref(Ä pref$) pref¶V* prefn/+G©pref_¨,®>pref¢‹-ìpref`.MÚpref†•/úbpref)Ü0\prefïK1p prefÖ[2z pref{3H¯Êprefpâ4'pref¿ 5Iy¨prefLO6®.pref‡7? pref\¢8Ü"pref49†pref"6:þprefµ;š prefF<<’K’pref¸¬=’Ýjpref¬Ó>¦mallJ1¤mapl“G@PLstJô?”‡pref¶è~Îpref¿—Žpref=Þ€prefE¦¢#prefꎂ£3Üpref…`ƒ&2prefÞㄳ€pref“i…¾œpref1܆»Øprefå‡Á°prefH&ˆ&Cpref5ЉÞ mtslTnmtpl¼o€mtps&Umtpi¼ï$mtloÖpref4 @Ë!!preflBì±prefÝ—FðÁpref•LCöÕÐpref|ÒD¥prefx E¬ pref`ÓGÌprefaŠÞprefЋâpref%þAüpref 0HÒ prefðIÜ prefj¦Jèpref‡rKöprefñ­Lü>pref8SM:preffåNHÚpref ~O"ŽprefÌÕŒ"°prefaA'¸pref¾Ž(ÈÜpref\©8¤2prefþÈ8Ö€pref›o‘AVprefLK’Djbpref}ìPDÌØpref§ “E¤prefprefFzlÊkprefH4m§ÚprefœÁn¨òŽprefƒ˜®€pref¿O™Spref+»š³ˆÜprefa^›Êy2prefÄgœÃd€prefˆËäpref: žÊ«bpref oÎøØprefùŸÏÐprefù@ Ë prefÖpT& prefE qT0 pref-rÕäÊprefè£sÖ®pref“ôt×ƨprefßKuØn.prefû,vØœ prefbYwÚ¨"prefó(xÚÊprefýôyT<prefô2¡ÚÞprefGüzÚø pref6x{Û’prefhþ|Û–jprefg¶}cyrus-sasl-2.1.25/mac/build_plugins/build_plugins0000777000076400007640000034762607403027610017052 00000000000000cool(¿žÀÆОCodeWarrior Project9TrŽ©Èæ   B [ u’¯Ääþ@Yo‰¤¿Üö<Uo Š!¨"Ã#á$ý%&7'U(o)Ž*±+Ê,ä-./30S1m2Œ3¯4È5Þ6ø78.9K:e;ˆ<«=Ä>Þ?ð@A!B8CRDjEFœG¶HÌIçJKL1MJNcOtPQ¦RÁSàTõU V W 4X KY dZ z[ ™\ ¸] Í^ ã_ þ` a 7b Uc qd Œe «f Ég ãh i %j >k Xl um ’n §o Çp áq r #s <t Ru lv ‡w ¢x ¿y Ùz ü{ | 8} R~ m ‡€ Ÿ ¿‚ Ûƒ ü„…1†O‡jˆ‡‰¦Š½‹ÓŒçŽ8N‘e’“–”¯•Ê–å—ÿ˜™7šS›tœŽ©žÇŸâ ÿ¡  fghij`–cklm_deb—˜™š›œnžŸopqrstu•v^awx yz{|'()*+!~$,-. %&#€‚ƒ„…/†‡0123456}7"89ˆ:;<=GHIJKAŠDLMN@EFC‹ŒŽ‘O’“PQRSTUV‰W?BXY”Z[\]>>7; + =<K-123*I 0F6 "54/BD,8.GH!:L9J#$%&'()@EC  ?AM`ûM®%¶  ·¬Y{ÿÿ÷  :=ÿÿÿÿ¡À¡$%& &  ROOTGRUP Rescued ItemsGRUPSrcFILEFILEFILEFILEFILEFILEFILEFILEGRUPANSI LibrariesFILEFILEGRUP Mac LibrariesFILEFILE FILEFILEGRUPKClient FILEFILEFILE FILE FILE FILEFILEFILEFILEFILEFILEFILEvŸ@xP  Merge Out????APPLDLGXckidProjWSPC#     A‡PLDLGXckidProjWSPCbuild_pluginsFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KRezPEF Import 68Kkerberos4_ppcMacOS 68K LinkerSource TreesCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger RuntimeDebugger Target68K CodeGen68K Disassembler68K Global Optimizer68K Linker68K ProjectC/C++ CompilerC/C++ WarningsCFM68KRez Compiler:kerberos4.shlbLib Import PPCMW C/C++ PPCPPCAsmXCOFF Import PPCPEF Import PPCMacOS PPC LinkerPPC CodeGenPPC DisassemblerPPC Global OptimizerPPC LinkerPPC PEFPPC ProjectPPCAsm Panelkerberos4.cconsole.stubs.cMSL C.PPC.LibInterfaceLibMSL RuntimePPC.LibMathLiblibdes.shlbkcglue_des.ckcglue_krb.cKClient.cmac_krb_lib1.cMacOS.mcpMacOS:MacOS.libMSL DropInRuntime.Libplain_ppcplain.c:plain.shlbdigestmd5_ppcdigestmd5.c:digestmd5.shlbxxx_mac_lib.crd_priv.cyyy_mac_lib.cmk_priv.crw.cmk_safe.crd_safe.clsb_addr_comp.cOutput FlagsPackager Panelkerberos4_init.cplugin_common.cgetaddrinfo.cplain_init.c a.out????APPL€XÀ????€__initialize_start__terminatekerberos4.shlb4????shlb????JavaClasses.jarZIP MWZP+,-./012 3 4 5 9@ABCDEFGJKL ·¬Y&|r:<·¬N”ÿÿ¨C=?·¬/ÎÿÿƒÌbuild_plugins:Source Treesbuild_plugins:Custom Keywordsbuild_plugins:Access Pathsbuild_plugins:Target Settingsbuild_plugins:File Mappingsbuild_plugins:Build Extrasbuild_plugins:Debugger Runtimebuild_plugins:Debugger Targetbuild_plugins:68K CodeGenbuild_plugins:68K Disassemblerbuild_plugins:68K Global Optimizerbuild_plugins:68K Linkerbuild_plugins:68K Projectbuild_plugins:C/C++ Compilerbuild_plugins:C/C++ Warningsbuild_plugins:CFM68Kbuild_plugins:MacOS Merge Panelbuild_plugins:PPC CodeGenbuild_plugins:PPC Disassemblerbuild_plugins:PPC Global Optimizerbuild_plugins:PPC Linkerbuild_plugins:PPC PEFbuild_plugins:PPC Projectbuild_plugins:PPCAsm Panelbuild_plugins:Rez Compilerbuild_plugins:WinRC Compilerbuild_plugins:x86 CodeGenbuild_plugins:x86 Exceptions Panelbuild_plugins:x86 Global Optimizerbuild_plugins:x86 Linkerbuild_plugins:x86 Projectkerberos4_ppc:Source Treeskerberos4_ppc:Custom Keywordskerberos4_ppc:Access Pathskerberos4_ppc:Target Settingskerberos4_ppc:File Mappingskerberos4_ppc:Build Extraskerberos4_ppc:Debugger Runtimekerberos4_ppc:Debugger Targetkerberos4_ppc:68K CodeGenkerberos4_ppc:68K Disassemblerkerberos4_ppc:68K Global Optimizerkerberos4_ppc:68K Linkerkerberos4_ppc:68K Projectkerberos4_ppc:C/C++ Compilerkerberos4_ppc:C/C++ Warningskerberos4_ppc:CFM68Kkerberos4_ppc:MacOS Merge Panelkerberos4_ppc:PPC CodeGenkerberos4_ppc:PPC Disassemblerkerberos4_ppc:PPC Global Optimizerkerberos4_ppc:PPC Linkerkerberos4_ppc:PPC PEFkerberos4_ppc:PPC Projectkerberos4_ppc:PPCAsm Panelkerberos4_ppc:Rez Compilerkerberos4_ppc:WinRC Compilerkerberos4_ppc:x86 CodeGenkerberos4_ppc:x86 Exceptions Panelkerberos4_ppc:x86 Global Optimizerkerberos4_ppc:x86 Linkerkerberos4_ppc:x86 ProjectProject File Listplain_ppc:Source Treesplain_ppc:Custom Keywordsplain_ppc:Access Pathsplain_ppc:Target Settingsplain_ppc:File Mappingsplain_ppc:Build Extrasplain_ppc:Debugger Runtimeplain_ppc:Debugger Targetplain_ppc:68K CodeGenplain_ppc:68K Disassemblerplain_ppc:68K Global Optimizerplain_ppc:68K Linkerplain_ppc:68K Projectplain_ppc:C/C++ Compilerplain_ppc:C/C++ Warningsplain_ppc:CFM68Kplain_ppc:MacOS Merge Panelplain_ppc:PPC CodeGenplain_ppc:PPC Disassemblerplain_ppc:PPC Global Optimizerplain_ppc:PPC Linkerplain_ppc:PPC PEFplain_ppc:PPC Projectplain_ppc:PPCAsm Panelplain_ppc:Rez Compilerplain_ppc:WinRC Compilerplain_ppc:x86 CodeGenplain_ppc:x86 Exceptions Panelplain_ppc:x86 Global Optimizerplain_ppc:x86 Linkerplain_ppc:x86 Projectdigestmd5_ppc:Source Treesdigestmd5_ppc:Custom Keywordsdigestmd5_ppc:Access Pathsdigestmd5_ppc:Target Settingsdigestmd5_ppc:File Mappingsdigestmd5_ppc:Build Extrasdigestmd5_ppc:Debugger Runtimedigestmd5_ppc:Debugger Targetdigestmd5_ppc:68K CodeGendigestmd5_ppc:68K Disassemblerdigestmd5_ppc:68K Global Optimizerdigestmd5_ppc:68K Linkerdigestmd5_ppc:68K Projectdigestmd5_ppc:C/C++ Compilerdigestmd5_ppc:C/C++ Warningsdigestmd5_ppc:CFM68Kdigestmd5_ppc:MacOS Merge Paneldigestmd5_ppc:PPC CodeGendigestmd5_ppc:PPC Disassemblerdigestmd5_ppc:PPC Global Optimizerdigestmd5_ppc:PPC Linkerdigestmd5_ppc:PPC PEFdigestmd5_ppc:PPC Projectdigestmd5_ppc:PPCAsm Paneldigestmd5_ppc:Rez Compilerdigestmd5_ppc:WinRC Compilerdigestmd5_ppc:x86 CodeGendigestmd5_ppc:x86 Exceptions Paneldigestmd5_ppc:x86 Global Optimizerdigestmd5_ppc:x86 Linkerdigestmd5_ppc:x86 Projectkerberos4_ppc:Remote Debugkerberos4_ppc:Auto-targetkerberos4_ppc:FTP Panelkerberos4_ppc:Java Command Linekerberos4_ppc:Java Languagekerberos4_ppc:Java MRJAppBuilderkerberos4_ppc:Java Outputkerberos4_ppc:Java Projectkerberos4_ppc:JavaDoc Projectkerberos4_ppc:Output Flagskerberos4_ppc:Packager Panelkerberos4_ppc:x86 Disassemblerplain_ppc:Remote Debugplain_ppc:Auto-targetplain_ppc:FTP Panelplain_ppc:Java Command Lineplain_ppc:Java Languageplain_ppc:Java MRJAppBuilderplain_ppc:Java Outputplain_ppc:Java Projectplain_ppc:JavaDoc Projectplain_ppc:Output Flagsplain_ppc:Packager Panelplain_ppc:x86 Disassemblerdigestmd5_ppc:Remote Debugdigestmd5_ppc:Auto-targetdigestmd5_ppc:FTP Paneldigestmd5_ppc:Java Command Linedigestmd5_ppc:Java Languagedigestmd5_ppc:Java MRJAppBuilderdigestmd5_ppc:Java Outputdigestmd5_ppc:Java Projectdigestmd5_ppc:JavaDoc Projectdigestmd5_ppc:Output Flagsdigestmd5_ppc:Packager Paneldigestmd5_ppc:x86 Disassembler   @::include:ÿÿÿÿ::kerberos_includes:ÿÿÿÿ::libdes:public:ÿÿÿÿ::CommonKClient:mac_kclient:ÿÿÿÿ:::include:ÿÿÿÿ:ÿÿÿÿ:::plugins:ÿÿÿÿ@::mac_lib:ÿÿÿÿ@::krb4_sources:are_used:ÿÿÿÿ :::lib:ÿÿÿÿ@:ÿÿÿÿ@ MacOS PPC Linkerkerberos4_ppc:z? zH°z7@main NONAME.EXE@  ÿÿÿÿ     HI$%&'()*NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW JavaÀ‡ ЪA‚|`t,@‡À8a8Hë ` £ÿ88a8Hë¥`8a8Hêí`8cKþi­`;£88Hêñ`€X£ëx|¦8!PƒáÿüƒÁÿøƒ¡ÿôƒÿðN€ “áÿü“Áÿø“¡ÿô|¦”!ÿ°;£;ÄHê…`ˆ;ã|t,_A‚ #2AN[_ n | š ª·ÇÕâó 5@L[jq~Žª ±!Â"Ñ#â$î%ÿ&'(')3*@+L,\-j.w/Š0’1ž2«3¸4Â5Ñ6Û7á8ì9: ;< =.>:?J@XAbBpCzDE‰F“G£H°I¿JÐKàLîM__start FILEFILEGRUPKClient FILEFILEFILE FILE FILE FILEFILEFILEFILEFILEFILEFILE @::include:ÿÿÿÿ::libdes:public:ÿÿÿÿ:::include:ÿÿÿÿ:ÿÿÿÿ:::plugins:ÿÿÿÿ@::mac_lib:ÿÿÿÿ@:::lib:ÿÿÿÿ@:ÿÿÿÿ@ MacOS PPC Linkerplain_ppc:z? zH°z7@main a.out????APPL€XÀ????€ __start Merge Out????APPLDLGXckidProjWSPC__initialize_start__terminate plain.shlbshlb4????shlb????P'CODE' 'DATA' 'PICT' NONAME.EXE@JavaClasses.jarZIP MWZPЇâ Ðª”!ÿÀ;Ã;ä‡ÜÐ`8~8ŸH!`€H|¦8!@ƒáÿüƒÁÿøN€ “áÿü“Áÿø|¦”!ÿ°;Ã;ä8a<88H ù`8~8¿8@KL 92    Merge Out????APPLDLGXckidProjWSPCNoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW Java @::include:ÿÿÿÿ::libdes:public:ÿÿÿÿ:::include:ÿÿÿÿ:ÿÿÿÿ:::plugins:ÿÿÿÿ@::mac_lib:ÿÿÿÿ@:::lib:ÿÿÿÿ@:ÿÿÿÿ@ MacOS PPC Linkerdigestmd5_ppc:NoneMMPr@MacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS MergeAPPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.rRezappe`rsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 LinkerTEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86Java Linker RSRCTEXT.htmlTEXT.mfrsrc.auJAR Importer@.classMW Java.gifJAR Importer@.jarMW Java.javaMW Java.zipMW Javaz? zH°z7@main a.out????APPL€XÀ????€__start__initialize_start__terminatedigestmd5.shlb4????shlb????P'CODE' 'DATA' 'PICT' NONAME.EXE@‡áPˆ‚ª‡áPmainˆ‚”•ªˆ‚JavaClasses.jarZIP MWZPàˆ¹°ÐªƒáÿüƒÁÿøƒ¡ÿôˆ³à|¦(”!ÿÀ@‚ 8`H(LA KÿþYHKÿûÙ€H|¦8!@N€ |¦(”!ÿÀA‚@8ƒÿü€„T€ÿ@‚ €H€ÿøT68ÿø(L|xA KÿþÑHKÿüA€H|¦8!@N€ “áÿü|¦|ˆP'CODE' 'DATA' 'PICT'…߆Óðª…ßmain†Óð–C°ª†ÓðMRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/|uA‚8|€8 8ÀKÿó=|zxƒ>:à;€H„€yƒ€:À(A‚ TÿA‚P€(@‚D€c Kÿ©%`T`?A‚0(ƒA‚ “H“€:À“?:à,@‚<ËxÃx(@‚ÿ|,@‚ÿdcÛxKÿ€a`||x€c<(ÿÿ@‚<`À@8€8|8‚•–Kÿ‚5`;Ã8`Kþce`;ã8`(KþcU`€8€8 (H»¹`€8<€À@€8€$€œ<@Tƒ|@@€T€€d@€dÛxHä=`8`8˜ “߀ž(A‚“ä€H “þ“þ98| ¦88|@08à€ÄHL€(@‚<€f(A‚0|+–|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´„ÄHL€(@‚<€f(A‚0|+–|)Ö|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´8„8çBÿH5ÿÿ@€ÿ(Kÿù•(A‚$€z(A‚ˆ|u@‚ H¡`€h8!`ºÁÿØ|¦N€ |¦”!ÿÀ€8 TÿA‚€c88 KÿòÕH@(A‚8€c(A‚,<(ÿÿA‚ €ƒ(A‚€a8€ |8€H€a8|¦8!@N€ ¿aÿì|¦”!ÿ ||xKÿLõ`8˜€|; ƒã;ÀHÄ€Hq`€Ha` Hq`°€Ÿ€|€£;`|¥ˆ(@‚,8¡88ÀKÿò©(A‚4 T{@‚(ƒcH (@‚  €ƒT:8ÿüd.(A‚ˆ|u@‚; 8{Kÿÿ;ÿ ;Þ€|  |A€ÿ4€h£ëx8!`»aÿì|¦N€ ¿aÿì|¦ƒâ¨”!ÿ°ƒH\€T)@‚Lƒ›H<ƒ¼H(€ (@‚ˆ|u@‚ £ëxKÿþƒ½(@‚ÿ؃œ(@‚ÿă{ (@‚ÿ¤ƒ¿A‡‡ @‡«ª‡ @main‡«•l ª‡«MRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/????APPL‡‡ç@ª8¢–­Hý`‡áP8a<8@HÝ`€aˆ8<8 8ÀÿÿH9`8a<8€ÿÿHÝ`8a@8€ÿÿHÍ`8aD8€ÿÿH½`8aP8€ÿÿH­`€x€aˆ|¦8!pƒáÿüƒÁÿøƒ¡ÿôƒÿðN€ ¿!ÿä|¦;D”!ÿ`;#;eƒÂ‚ø8‚$$;á8z8 HÑ`,@‚;Zˆ,_@‚(8z`8£8y8šHù`Hì;Ÿn8n;¿r8™8º8Ûr8lKÿ’±|`u@‚$CÓxH-`8£8y8šH¥`(A‚Hƒ½(A‚<8ž8}8 8À H¾Õ`£ëxH¿Á`H8PH³I`H(A‚Hƒœ(A‚<8ž8|8 8À H¾‰`ƒãxH¿u`H88H²ý`H€¨€!|¦»!ÿäN€ ¿!ÿä|¦”!ÿ`8nrˆ;á,?ƒ‚‚ø;ßn;r;¤;#;EA‚(£ëxH `8£8y8H•`Hp£ëxH ù`(A€ ˆ,?@‚ˆ,A@‚;½8™8½8Ú8lKÿ•I|`u@‚$£ëxH ­`8£8y8H%`(A‚Hƒ{(A‚œ8{8 8À H½U`cÛxH¾A`H8PH±É`H(A‚Hƒ~(A‚<8œ8{8 8À H½ `cÛxH½õ`H88H±}`H€¨€!|¦»!ÿäN€ “áÿü“Áÿø|¦;å”!ÿ°;Ã8a88 8ÀÿÿH8¿8a88€Hu8ƒ8~8 8ÀÿÿHù8a88€ÿÿH9€X|¦8!PáÿüƒÁÿøN€ “áÿü“Áÿø|¦;å”!ÿ°;Ã8a88 8ÀÿÿH©ãûxH A`8£8Ÿ8a8H 8ƒ8~8 8ÀÿÿHy8a88€ÿÿH¹€X|¦8!PƒáÿüƒÁÿøN€ “áÿü“Áÿø|¦”!ÿ°;Ã;å8a88¡|d®N€ ,ÿÿ@‚ 8`ÿÿN€ 8‚L2T`>|d®N€ ¿!ÿä|¦;$;c;F”!ÿ ;…8z8€HM¹`,@‚8z8€ÿÿHM¡`|á×|xA‚ˆ (@‚ T×@‚ 8`Hø,@‚ Hm`ˆ;àTïÿ88ŸA‚ T×~,A‚8€,@‚ˆTÿ¾(A‚8`,@‚ˆTÿ¾(A‚;àˆTß@‚\ˆzTcï~T`½A‚LT`{A‚(8z8€8 HE`,A‚ 8`H<ˆ8`P`.48z˜Kÿý•`ˆTß~(A‚8˜ 8,8`Hø(;Û;€A‚P€š(€z |@@‚ ,A‚8€c P|P,€,;`<€<|è@@“¡<ˆTÿ¾(@‚4€¡<(A‚(8~8€ H É`|{yA‚8|P<€¡<(A‚@€z(ÄóxH`€<€(Þ"|"(€a<€,œ"|P,¤èP€z,(@‚ T×~,@‚ œêH`(A‚(@‚ˆTÿ¿@‚48z8€Kÿüu`A‚8˜ 8,; H(A‚ ,@‚þà(A‚p,@‚hƒz ƒú$|ê“Ú “º$CÓx(8:à;€H„€yƒ€:À(A‚ TÿA‚P€(@‚D€c Kÿ©%`T`?A‚0(ƒA‚ “H“€:À“?:à,@‚<ËxÃx(@‚ÿ|,@‚ÿdcÛxKÿ€a`||x€c<(ÿÿ@‚<`À@8€8|8‚•–Kÿ‚5`;Ã8`Kþce`;ã8`(KþcU`€8€8 (H»¹`€8<€À@€8€$€œ<@Tƒ|@@€T€€d@€dÛxHä=`8`8˜ “߀ž(A‚“ä€H “þ“þ98| ¦88|@08à€ÄHL€(@‚<€f(A‚0|+–|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´„ÄHL€(@‚<€f(A‚0|+–|)Ö|Q@‚ “怀…#| ‘&€Æ(@‚ÿ´8„8çBÿH5ÿÿ@€ÿ(Kÿù•(A‚$€z(A‚ˆ|u@‚ H¡`€h8!`ºÁÿØ|¦N€ |¦”!ÿÀ€8 TÿA‚€c88 KÿòÕH@(A‚8€c(A‚,<(ÿÿA‚ €ƒ(A‚€a8€ |8€H€a8|¦8!@N€ ¿aÿì|¦”!ÿ ||xKÿLõ`8˜€|; ƒã;ÀHÄ€Hq`€Ha` Hq`°€Ÿ€|€£;`|¥ˆ(@‚,8¡88ÀKÿò©(A‚4 T{@‚(ƒcH (@‚  €ƒT:8ÿüd.(A‚ˆ|u@‚; 8{Kÿÿ;ÿ ;Þ€|  |A€ÿ4€h£ëx8!`»aÿì|¦N€ ¿aÿì|¦ƒâ¨”!ÿ°ƒH\€T)@‚Lƒ›H<ƒ¼H(€ (@‚ˆ|u@‚ £ëxKÿþƒ½(@‚ÿ؃œ(@‚ÿă{ (@‚ÿ¤ƒ¿,-./0 9;@KLM2/7mstr( mstl (mstn¿mstrè‡Ã€mstlè (€mstnè(moti¨(mstiè'‹LmtglèÐ,mpsièc(msti"‹mtpl"€mtpsŸ mtsl«mtpi¢\mtlo pref£Š ;prefl‰!C7prefGr"ZOpref)h#j÷Ðpref!¦$RprefÈä%`cpref¥b&es prefMb'pref(U pref$)» pref¶V*Çprefn/+¿pref_¨,Y>pref¢‹-Õpref`.ŒCÚpref†•/—bpref)Ü0ãprefïK1÷ prefÖ[2ù pref{3 ÅÊprefpâ4-×pref¿ 5!¨prefLO6þ.pref‡7'ñ pref\¢8,"pref49pref"6:Nprefµ;h prefF<<h“’pref¸¬=i%jpref¬Ó>malljS¤maplÒ€PLstJô? mtsl»Æmtpl&€mtpsümtpi¦,mtloj-prefd¸@j5prefO™AŽÃÐpref¥,BŸ“prefä„CÁüÐpref˜*D¥§prefÙSE¦®pref´ÔF«¾ pref¡¯G®Þprefõ{H®ò prefGI®ü pref„’J¯prefsK¯pref^ÁL°>prefÕ)M°ZprefÞN°hÚprefÕ[O²BbprefG¢P²¤prefïÖQ²¸ pref®hR²Â prefCŽS²ÎÊprefBT³˜pref U´°¨pref)IVµX.prefU'Wµ† prefRÁX·’"prefàiY·´prefkZ·Èpref€d[·â pref1Ì\·î’pref4r]¸€jpref0m^‹ mtsl»šmtplÀš€mtpsÁmtpiÁ*(mtlo»pref'‹_»prefŸ9`ÝÌÐprefà_aîœprefüÒbô°Ðpref»c€pref #d‡prefh)e— prefcf»8pref®g»L prefJ`h»V pref’Fi»bprefä<j·prefÇÂkÁR>prefB<?@A"\042E(,* $!%/HJKumqjtDYIG.L-^d fMin]bCe;&:9 k l[gh`NO ZPQWRST8UVapocsX153F_JavaClasses.jarZIP MWZPJavaClasses.zipJavaClasses.zip#CshPf 0‡ Add§PinRÆaPoiêMIte tRes' MenuI tConk Cont… oseC¥illCÄShowäHideÿMove$GetCGetCRjzeCo‰lite­GetCËtCTiætlVainCt%Ctl Elue gl Se†Test¤DragÃTracÕ Draö!€"nded5#istT$ àr%&±'Í(ê)  **+ —B,d$`-}.›/shP´0 0×1 Addø2PinR3aPoi64MIteX5tRest6Menu7tConª8ContÈ9oseCæ:illC;Show#GetC}?etCR›@zeCo¼A€ÛBGetCùCtCTiDtlVa8EinCtTFCtl qGlue ‘Hl Se±ITestÉJDragçKTrac L Dra "M ;N ^O P  Q ½R ßS ûT U 1V OW mXKeys Y ªZImpo Æ[PW I ã\KBa ]lpM "^68K C_l 68 b`F Im €a€ bnded ¿cist ÛdTarg øect D fSett 8g Set PheSaf ni@ ‹j ©k Âl åm në` 'o L DpÒ%sÓ fqg: Ò ‚rë ›sANSI ¸t 68k ÖuKeyw ôvI Cowk:Ac1xhsAMyole jzet S{ANSI­| 68kÐ}ppinñ~ConsBuil0€ANSTr‚‘ƒ³„Յ4ˆW‰zŠ™‹½ŒÛöŽ5U‘x’˜“»”Ü•ü–—?˜]™|šž›ÀœÚúžŸB e¡„¢¨£Ƥᥦ §@¨c©ƒª¦«Ǭç­®*¯H°g±‰²«³Å´åµ ¶-·P¸o¹“º±»̼ë½ ¾+¿JÀjÁ…§ÃÆÄäÅÆ"ÇBÈ]Éʞ˼ÌÛÍúÎÏ5ÐWÑvÒ”Ó³ÔÕÕôÖ×6ØUÙsÚÛ®ÜÑÝîÞ ß-àNágâ†ã¤äÃåÝæç#èEécê†ë£ì½íÛîúïð:ñXòuó“ôµõÔöö÷ø5ùSúpûŽü±ýÎþìÿ .Gf„£½á  % C f ƒ  » Ú ù!!8!U!s!•!´!Ö!ö""3"P"n"‘"®"Ì"í #!#'"#F##d$#ƒ%#&#Á'#ã($)$#*$F+$c,$}-$›.$º/$Ù0$ú1%2%53%S4%z5%ž6%Å7%ê8&9&1:&Y;&{<&ž=&Ä>&ê?'@',A'OB'sC'’D'»E'âF( G(,H(TI(vJ(•K(¸L(ÜM)N)&O)IP)kQ)ŽR)°S)ÏT)ñU*V*0W*NX*qY*ŽZ*¬[*Í\*î]+^+&_+D`+ca+}b+¡c+Ãd+åe,f,&g,Ch,]i,{j,šk,¹l,Úm,øn-o-3p-Uq-tr-–s-¶t-Õu-óv.w.3x.Qy.rz.“{.¬|.Ë}.é~//"€/F/h‚/Šƒ/¨„/Ë…/è†0‡0 ˆ0?‰0^Š0‹0Œ0º0ØŽ0ø116‘1X’1“1¦”1Í•1ì–2—23˜2Y™2vš2›2³œ2Ì2âž2ûŸ3 3(¡3B¢3[£3p¤3Š¥3¨¦3¼§3Ѩ3é©4ª4«4,¬4A­4[®4y¯4°4ž±4³²4ɳ4ß´4÷µ5 ¶5*·5H¸5\¹5qº5‡»5œ¼5¯½5ʾ5á¿5ýÀ6Á6(Â6AÃ6WÄ6oÅ6‰Æ6¥Ç6ÁÈ6áÉ7Ê7Ë79Ì7XÍ7tÎ7Ï7®Ð7ÉÑ7éÒ8 Ó8'Ô8BÕ8`Ö8~×8”Ø8­Ù8ÎÚ8ëÛ9 Ü9(Ý9DÞ9cß9„à9 á9¾â9Ùã9ùä:å:7æ:Nç:iè:…é:¡ê:¿ë:Úì:úí;î;Bï;\ð;wñ;•ò;³ó;Õô;öõ<ö<3÷>'>D>b >ƒ >¦ >Ä >ä ??#?I?e?~?›?¹?×?÷@@6@\@‚@ž!M\ ( J°7OlFS`lin r ’ Ÿ €·ÊþàdãbjdýÑÿÿÿ*objd@O\ÿÿj‡obqpt‚‘¡lace¯=g¼Ä× ÿé!ÿ"#½$$ÿÿôà1%F&ë ['t(¥0ˆ)@›*Jav¯+.zipÂ,Ö-é.ëü/0ut!142F3Y4k5APPL~6GXck7PC§8 ¡¹9 Ë:Þ;½%°ó<ÿÿô¼=>ë*?=@bA‚B´CËDÜEìFùG HI$J4KCLRM\NiOyP‰Q•R¦S±T¹UÅVÒWßXôYZ[\%]2^>_G`\amb}cŠd“eŸf³g½hÊiÙjçk÷lmn'o6pCqRr\s]tnuvdt    JavaClasses.zipMSIEInternet ExplorerIexplore.exe a.out@U {MSIEInternet ExplorerIexplore.exe a.out@U {89:;47<=>36?@ABCDEFGHIJKL5MNOPVWXYRUZ[\QT]^_`abcdefghijSklmn~€z}‚ƒ„y|…¾¿À†‡ˆ‰Š‹ŒŽ{ÁÂÃĬ­®¯¨«°±²§ª³ÌÍ䵶·¸¹º»¼½©ÏÐÑÒ•–—˜‘”™š›“œÅÆÇžŸ ¡¢£¤¥¦’ÈÉÊË$%&' #()*"+,-./012345678!9:;<`abc\_def[^ghijklmnopqrst]uvwx  BCDE>AFGH=@IJKLMNOPQRSTUV?WXYZtu’vwpsxyzo•Žr{–—|}~€˜‚ƒ“„…†‡ˆ”q‰Š‘™‹ŒÏÐÑÒÓÆÍÊÔÕÖÎÇËÉ×ØÙÚÛÜÝÞßàáâãäåæçÌèÅÈéêëìíîïúûüýþñøõÿùòöô     ÷ð󢣤¥¦œºŸ§¨©› ¡ž»¼½¾¿ÀÁªÂ묭®¯°±¹²š³´Äµ¶·¸ÚÛÜÝÔØ×ÞßàÓÖÙáâãäåæçèéêëìíîÕïðñò !"#$%&'()*+,-./012úûüýôø÷þÿóöù     õANSI Console MultiFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KMW Pascal 68KRezPEF Import 68KANSI Console 68kHelloWorld.cMSL C.68K Fa(4i_8d).LibMSL Runtime68K.LibMathLib68K Fa(4i/8d).LibMSL C++.68K Fa(4i_8d).LibMacOS.libMSL SIOUX.68K.LibANSI Console PPC:ANSI Console PPC.outLib Import PPCMW C/C++ PPCMW Pascal PPCPPCAsmXCOFF Import PPCPEF Import PPCMSL C++.PPC.LibMSL C.PPC.LibInterfaceLibMathLibMSL RuntimePPC.LibMSL SIOUX.PPC.Lib:ANSI Console 68k.outANSI Console FAT:Merge Out:ANSI Console FAT.outANSI Console 68k.outANSI Console PPC.outMathLib68K Fa(4i_8d).Lib:ANSI C Console 68kANSI C Console 68k:ANSI C Console PPCANSI C Console PPC:ANSI C Console FATANSI C Console FATGameCode ConverterFlex PreprocessorBison Preprocessor:Std C Console 68KStd C Console 68K:Std C Console PPCStd C Console PPC:Std C Console FATStd C Console FAT68K Standard C Console68K Std C ConsolePPC Std C ConsoleMSL C.68K (2i).LibMSL C++.68K (2i).LibMathLib68K (2i).Lib:HelloWorld.c:Bin:MSL C++.PPC.Lib:Bin:MSL C.PPC.Lib:Libraries:MacOS Common:InterfaceLib:Libraries:MacOS Common:MathLib:Libraries:Runtime:Runtime PPC:MSL RuntimePPC.Lib:Bin:MSL SIOUX.PPC.LibMacOS PPC LinkerCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger TargetC/C++ CompilerC/C++ WarningsFTP PanelIR OptimizerPascal CompilerPascal WarningsPPC CodeGenPPC DisassemblerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez CompilerPPC Global OptimizerSource TreesDebugger RuntimePerl PanelMW Perl:sc_shlb.outlibdes.shlbgetopt.cxxx_client_mac_lib.cparse_cmd_line.csample-client.clibsasl.shlbsc_shlibgetsubopt.cmac_testing_notes.cinstall.cOutput FlagsPackager PanelKerberosLib.9CMU Carbon SASLMSL C.Carbon.LibMSL SIOUX.Carbon.LibCarbonLibKerberosLib.CBsc_shlb.rsrcsc_shlb staticcfmglue.csc_shlib no rsrcCMU Carbon SASL v2Carbon SASL v2  ·¬C Aqd]·¬3óÿÿÜQt]·¬3óhA ROOTFILE GRUP Mac LibrariesGRUPANSI LibrariesFILEFILEFILEFILE FILEGRUP SASL-test-libFILEFILEFILEGRUP SourcesFILEFILEFILE  §` ˜` à  ¡ÿÿÿÿ MacOS PPC Linkersc_shlib Console:main Std C Console 68K????APPL€XÀ????U {€__start__sta__start sc_shlb.outle PPC????APPLhh@XÀ????P'CODE' 'DATA' 'PICT'MSIEInternet ExplorerIexplore.exe a.out@U { sc_shlb_carbon.hJavaClasses.jarZIP MWZP Merge Out????APPLDLGXckidProjWSPC  NONAME.EXE@| MSIEInternet ExplorererIexplore.exeoreruJITfoo barzò {ú@@zò main{ú@¢‰@{ú@|1àÐ@ðX\õ{zžÏÒß|,Á*xIv8z[˜ÔÚŒhJ_ÊnÛRÜšKÎÚM~ÊJ ^{NnŠZR@JXÊLkÞY_`Þ]ÿxÞÚjÙHà*[QbZzz X›iJºKþ{ÓSûX6_ÚŸÑíC0yJLZÚF!)z^„K•ú¿ÿGÒ|y:ÝvRמûèYJ›Yv k Jzx@[Ú:JpÚ›Y\Š~öY{Zy#J^šp+G|__sta__startMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/ Std C Console 68K????APPL€XÀ????U {€ JBoundApp????ÿÿÿÿÿÿWINDnullË ËÀÿÝË Ëàk40ÿÜðË http://java.sun.com/products/jdk/1.1/docs/api/ )Aï"S0<ÄËP3î€ÿÜðaÿ%®0UOË <aÿ%š0UO/ Hx B'aÿ%ˆ0UO/ HxJ/ VÀDIÀ/aÿ&¶0UO/ HxJ/ VÀDIÀ/aÿ&š0UO/ HxJ/VÀDIÀ/aÿ&~0UO/ HxJ/VÀDIÀ/aÿ&b0UO/ HxJ/VÀDIÀ/aÿ&F0UO/ HxJ/VÀDIÀ/aÿ&*0UO/ Hx J/VÀDIÀ/aÿ&0HW//aÿ,|/ HxHoaÿ'b0/ Hx?/NºþVHÀTO/aÿ%Ô0HoHoaÿ+/ Hx   @::include:ÿÿÿÿ:::include:ÿÿÿÿ:::lib:ÿÿÿÿ::mac_lib:ÿÿÿÿ::readme:ÿÿÿÿ:ÿÿÿÿ::libsasl:ÿÿÿÿ::libdes:ÿÿÿÿ :::sample:ÿÿÿÿ Kerberos for Macintosh 3.5:Mac OS 9 SDK 3.5:Kerberos:Binaries:ÿÿÿÿ@:ÿÿÿÿ@NoneMMPr@TEXT.cRunTSScriptTEXT.plMW Perl€Java Linker .auJAR Importer@ .gifJAR Importer@RSRC`TEXT.cRunTSScriptTEXT.htmlTEXT.javaMW JavaTEXT.mfTEXT.plMW Perl€rsrc`.classMW Java.zipMW JavaMacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.plMW Perl€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS Merge APPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.cRunTSScriptTEXT.plMW Perl€TEXT.rRezrsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.plMW Perl€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 Linker????Obj Import x86TEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.plMW Perl€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86MRJApplication sc_shlb.outle PPC????APPLhh@XÀ???? _`abeflmnp vppj(øÿÿÿÿ*0+N,ÿÿÿÿk-@‰. ¢/ÿÿÿÿ0æ12ë$ÿÿÿÿF4b5@{6ÿÿÿÿ˜7¶8Ô9ÿÿÿÿ:k;-< àÿÿÿÿ ¡ëÿÿÿÿ ž@k §`ce NewGDevic àosÿÿÿÿvice SetGDevice GetGDevice Colorndÿÿÿÿndex2Color InvertColor RealColoretÿÿÿÿable UpdatePixMap MakeITable AddarÿÿÿÿddComp SetClientID ProtectEntry seÿÿÿÿntry SetEntriesQDError SetWinCor ÿÿÿÿuxWin SetCtlColo ¡Pë aÔ°ÿÿÿÿetNe à ¢Pë aÈ Qÿÿÿÿ ¢pkÀ §`~ÿ_34 ¡P`ÿÿÿÿ|}ÿa4{|}ÿb34}ÿa4{|}ÿb34   @::include:ÿÿÿÿ:::include:ÿÿÿÿ:::lib:ÿÿÿÿ::mac_lib:ÿÿÿÿ::readme:ÿÿÿÿ:ÿÿÿÿ::libsasl:ÿÿÿÿ::libdes:ÿÿÿÿ :::sample:ÿÿÿÿ Kerberos for Macintosh 3.5:Mac OS 9 SDK 3.5:Kerberos:Binaries:ÿÿÿÿ@:ÿÿÿÿ@ MacOS PPC Linkersc_shlib no rsrc:mainfoo barzò {ú@@zò main{ú@¢‰@{ú@__start|1àÐ@ðX\õ{zžÏÒß|,Á*xIv8z[˜ÔÚŒhJ_ÊnÛRÜšKÎÚM~ÊJ ^{NnŠZR@JXÊLkÞY_`Þ]ÿxÞÚjÙHà*[QbZzz X›iJºKþ{ÓSûX6_ÚŸÑíC0yJLZÚF!)z^„K•ú¿ÿGÒ|y:ÝvRמûèYJ›Yv k Jzx@[Ú:JpÚ›Y\Š~öY{Zy#J^šp+  _`abeflmn vpppj(øÿÿÿÿ*0+N,ÿÿÿÿk-@‰. ¢/ÿÿÿÿ0æ12ë$ÿÿÿÿF4b5@{6ÿÿÿÿ˜7¶8Ô9ÿÿÿÿ:k;-< àÿÿÿÿ ¡ëÿÿÿÿ ž@k §`ce NewGDevic àosÿÿÿÿvice SetGDevice GetGDevice Colorndÿÿÿÿndex2Color InvertColor RealColoretÿÿÿÿable UpdatePixMap MakeITable AddarÿÿÿÿddComp SetClientID ProtectEntry seÿÿÿÿntry SetEntriesQDError SetWinCor ÿÿÿÿuxWin SetCtlColo ¡Pë aÔ°ÿÿÿÿetNe à ¢Pë aÈ Qÿÿÿÿ ¢pkÀ §`~ÿ_34 ¡P`ÿÿÿÿ|}ÿa4{|}ÿb3434 ¡P`ÿÿÿÿ|}ÿa4{|}ÿb34MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/????APPL||6€@Z_BÛÚÞZYoR^|0B8PXZSJJALúXŽS;[Zþ~{Z¶FKÚ_^ê:BjZFÌ@bXÂ[[;²ÿïWZêÚzr]›xVHP‚ZPP;^z~ÓÞÜN¿ÊZßìúšKMRHRÚZ{V/P âZ;CZÚvþ{[ÜÛÚ—[R:ÊRXIX*\zZVV0ÙÚSÚCÿ:˚Μ_ÚºÒZBÐpúZÒ[P]4B pËZÚN>K^vÞ[V[ k>ªAqZzú8XÚZˆXÝ~ßÞ^X’ŸZ:Þ{R[z:Z ybZV ÊJDHaû^0Y«þÚóÂ^þy*~Z^SZ(JTNXzP Z~XÛZ;Z~ÞZ\OZóÓ:[CRyZ š:ûów–z\Fšê~oÊz˜º³ÿ„E¯¬å황¥“çìá·¡5¦õ²‡­³¥þµî]¤Æ¥±%ëí…¼,!‡„¡…(…Åã¤×í‡ï€÷$¤Æîõ‰± …§M„ ¤±Õ…‡­„¼ä¡í¥¯´¿¿õ%¯§÷gõ¼e…Ì$…$  %$¤Ä!§«ç"ëǧ©ª’ª½ç妅G%1¥ ¥$'1•%%…%?ç—;ã°7äæ÷•÷n¥ˆ&,%ãUµ‡8¡$ç±¥D÷#¾¥§¿"é­ïwïµ…uŸ£¥…ä†÷¥…$p­å¨…¥¥§é5µ—䥽¥/$´­x¶‡‡…¡1Éá§,"Æ(µ¥µm¿¤½Û¼£­õ¯5…±“‰á ¡À%¥‡{÷/Á±¬…µý÷®%­¥­í·$¥ å'Ô¥±†”%!¾¡i¯—¯ã¢¹·¥wÖ´¡3¦‡% ¤‡£°6¤¹¥„€ñô-£'ô§©þ}%…Å=ý¤5$„¸m2¥¥¡¥#µ¡¿íçå„·%¥îå´µÅì1ù‘1…%E‰§Éá É”?¥&ù-…·ï·‡Å¬¢ÿ%çõµˆ¨$4í%ä%¯­÷Žµ½µtñµ§åÖè¹·÷宆…À¿e­/ …Ä5…‘Èþ%åì4àÇÉ—åõå…¬§5( (' ‘u¥¯¬ $…õü!·í´w÷§à…ä'ÿ%õ ŠáE¯§¥¨5Ì ¡‡±¬­¥mú–ņŸå±½í¡%¡ ´±£«°¥ÔÙ…,"÷Že¿u¥§…ï…ô ¯í%D÷§¦·$$‡é¡,gãÞmÅ¡·u¿¿ìô·e倥¥µ¡±å<7üУa!½m…¿±“!ï]¦ÿ¥µÅ­%0€1…„Í$ƒ¤¡¡<%¤¥µ»¿õ§‡´¥#ö%Çœùåµâ‘µ¥§¡µå í¬-¥é­í½­¥ôIùµ¡‰…,$!¤­¡ &¥€‚½Å¹vå¥ãí…塧ý¯5$04%¡“©±E cµ…íÅ%ýç½í±…ïE¯Å­e,¯ŒÄ%„ÀˆÅq%¤¥íµúu/¡§¯¿µ¤®å§¡E#„¥å¤$âx­çƒ!m‘!¿µú­ï'Áú´ÿ…”Aác9%íà­e¦·¤¥ëͳõ‰‡Ç­õ÷´„å…¡¤$±¡…á$Ô‡wíEׯ†òu¿ì=ã­à*奤 %4Mµ®­!€§Я³ç¯õý¦Ý5¯%±¯õ¤±ÅÄd¤Ž„IÅ ¬†¨1%¨©­­;‘¬·½µÝ/¨Ç'¤§ä'”°¥Œ´«]…¥$…uõ£¿õÌ`Wm?ãg‡ö4Å¥C%€€…¡áÀ4-ƒõÝå!ôö±¿‡…ÿ­'­¼mô·µ„Ŷ±§5¤Æ%­ì÷åÕU¡}¥½¥¥‡ìç¿\±•% È$åU—… †³ gïô¢§ÿͼ€ñ5¡½çõ猀£Ã…¡)¥µ…¡¡Å´·Û/µÿ§m¿¦…Á¡¿¥¬¥¤«$eµŒ²ˆ%õ5§#Å¿õõ®•µ¡¥õ•—÷'½ý  %ñ­…Œþ¬†5£´Õ¯·å¥ƒ¥¥í¥¥g§¾l$U‰Õ¯·å¥ƒ¥¥í¥¥g§¾l$U‰ANSI Console Multi:Custom KeywordsANSI Console Multi:Access PathsANSI Console Multi:Target SettingsANSI Console Multi:File MappingsANSI Console Multi:Build ExtrasANSI Console Multi:68K CodeGenANSI Console Multi:68K DisassemblerANSI Console Multi:68K LinkerANSI Console Multi:68K ProjectANSI Console Multi:C/C++ CompilerANSI Console Multi:C/C++ WarningsANSI Console Multi:CFM68KANSI Console Multi:IR OptimizerANSI Console Multi:Java OutputANSI Console Multi:Java ProjectANSI Console Multi:Java VMANSI Console Multi:MacOS Merge PanelANSI Console Multi:Pascal CompilerANSI Console Multi:Pascal WarningsANSI Console Multi:PPC CodeGenANSI Console Multi:PPC DisassemblerANSI Console Multi:PPC LinkerANSI Console Multi:PPC PEFANSI Console Multi:PPC ProjectANSI Console Multi:PPCAsm PanelANSI Console Multi:Rez CompilerANSI Console Multi:WinRC CompilerANSI Console Multi:x86 CodeGenANSI Console Multi:x86 LinkerANSI Console Multi:x86 ProjectProject File ListANSI Console 68k:Custom KeywordsANSI Console 68k:Access PathsANSI Console 68k:Target SettingsANSI Console 68k:File MappingsANSI Console 68k:Build ExtrasANSI Console 68k:68K CodeGenANSI Console 68k:68K DisassemblerANSI Console 68k:68K LinkerANSI Console 68k:68K ProjectANSI Console 68k:C/C++ CompilerANSI Console 68k:C/C++ WarningsANSI Console 68k:CFM68KANSI Console 68k:IR OptimizerANSI Console 68k:Java OutputANSI Console 68k:Java ProjectANSI Console 68k:Java VMANSI Console 68k:MacOS Merge PanelANSI Console 68k:Pascal CompilerANSI Console 68k:Pascal WarningsANSI Console 68k:PPC CodeGenANSI Console 68k:PPC DisassemblerANSI Console 68k:PPC LinkerANSI Console 68k:PPC PEFANSI Console 68k:PPC ProjectANSI Console 68k:PPCAsm PanelANSI Console 68k:Rez CompilerANSI Console 68k:WinRC CompilerANSI Console 68k:x86 CodeGenANSI Console 68k:x86 LinkerANSI Console 68k:x86 ProjectANSI Console PPC:Custom KeywordsANSI Console PPC:Access PathsANSI Console PPC:Target SettingsANSI Console PPC:File MappingsANSI Console PPC:Build ExtrasANSI Console PPC:68K CodeGenANSI Console PPC:68K DisassemblerANSI Console PPC:68K LinkerANSI Console PPC:68K ProjectANSI Console PPC:C/C++ CompilerANSI Console PPC:C/C++ WarningsANSI Console PPC:CFM68KANSI Console PPC:IR OptimizerANSI Console PPC:Java OutputANSI Console PPC:Java ProjectANSI Console PPC:Java VMANSI Console PPC:MacOS Merge PanelANSI Console PPC:Pascal CompilerANSI Console PPC:Pascal WarningsANSI Console PPC:PPC CodeGenANSI Console PPC:PPC DisassemblerANSI Console PPC:PPC LinkerANSI Console PPC:PPC PEFANSI Console PPC:PPC ProjectANSI Console PPC:PPCAsm PanelANSI Console PPC:Rez CompilerANSI Console PPC:WinRC CompilerANSI Console PPC:x86 CodeGenANSI Console PPC:x86 LinkerANSI Console PPC:x86 ProjectANSI Console FAT:Custom KeywordsANSI Console FAT:Access PathsANSI Console FAT:Target SettingsANSI Console FAT:File MappingsANSI Console FAT:Build ExtrasANSI Console FAT:68K CodeGenANSI Console FAT:68K DisassemblerANSI Console FAT:68K LinkerANSI Console FAT:68K ProjectANSI Console FAT:C/C++ CompilerANSI Console FAT:C/C++ WarningsANSI Console FAT:CFM68KANSI Console FAT:IR OptimizerANSI Console FAT:Java OutputANSI Console FAT:Java ProjectANSI Console FAT:Java VMANSI Console FAT:MacOS Merge PanelANSI Console FAT:Pascal CompilerANSI Console FAT:Pascal WarningsANSI Console FAT:PPC CodeGenANSI Console FAT:PPC DisassemblerANSI Console FAT:PPC LinkerANSI Console FAT:PPC PEFANSI Console FAT:PPC ProjectANSI Console FAT:PPCAsm PanelANSI Console FAT:Rez CompilerANSI Console FAT:WinRC CompilerANSI Console FAT:x86 CodeGenANSI Console FAT:x86 LinkerANSI Console FAT:x86 ProjectANSI C Console 68k:Custom KeywordsANSI C Console 68k:Access PathsANSI C Console 68k:Target SettingsANSI C Console 68k:File MappingsANSI C Console 68k:Build ExtrasANSI C Console 68k:68K CodeGenANSI C Console 68k:68K DisassemblerANSI C Console 68k:68K LinkerANSI C Console 68k:68K ProjectANSI C Console 68k:C/C++ CompilerANSI C Console 68k:C/C++ WarningsANSI C Console 68k:CFM68KANSI C Console 68k:IR OptimizerANSI C Console 68k:MacOS Merge PanelANSI C Console 68k:Pascal CompilerANSI C Console 68k:Pascal WarningsANSI C Console 68k:PPC CodeGenANSI C Console 68k:PPC DisassemblerANSI C Console 68k:PPC LinkerANSI C Console 68k:PPC PEFANSI C Console 68k:PPC ProjectANSI C Console 68k:PPCAsm PanelANSI C Console 68k:Rez CompilerANSI C Console PPC:Custom KeywordsANSI C Console PPC:Access PathsANSI C Console PPC:Target SettingsANSI C Console PPC:File MappingsANSI C Console PPC:Build ExtrasANSI C Console PPC:68K CodeGenANSI C Console PPC:68K DisassemblerANSI C Console PPC:68K LinkerANSI C Console PPC:68K ProjectANSI C Console PPC:C/C++ CompilerANSI C Console PPC:C/C++ WarningsANSI C Console PPC:CFM68KANSI C Console PPC:IR OptimizerANSI C Console PPC:MacOS Merge PanelANSI C Console PPC:Pascal CompilerANSI C Console PPC:Pascal WarningsANSI C Console PPC:PPC CodeGenANSI C Console PPC:PPC DisassemblerANSI C Console PPC:PPC LinkerANSI C Console PPC:PPC PEFANSI C Console PPC:PPC ProjectANSI C Console PPC:PPCAsm PanelANSI C Console PPC:Rez CompilerANSI C Console FAT:Custom KeywordsANSI C Console FAT:Access PathsANSI C Console FAT:Target SettingsANSI C Console FAT:File MappingsANSI C Console FAT:Build ExtrasANSI C Console FAT:68K CodeGenANSI C Console FAT:68K DisassemblerANSI C Console FAT:68K LinkerANSI C Console FAT:68K ProjectANSI C Console FAT:C/C++ CompilerANSI C Console FAT:C/C++ WarningsANSI C Console FAT:CFM68KANSI C Console FAT:IR OptimizerANSI C Console FAT:MacOS Merge PanelANSI C Console FAT:Pascal CompilerANSI C Console FAT:Pascal WarningsANSI C Console FAT:PPC CodeGenANSI C Console FAT:PPC DisassemblerANSI C Console FAT:PPC LinkerANSI C Console FAT:PPC PEFANSI C Console FAT:PPC ProjectANSI C Console FAT:PPCAsm PanelANSI C Console FAT:Rez CompilerANSI C Console 68k:Java OutputANSI C Console 68k:Java ProjectANSI C Console 68k:Java VMANSI C Console 68k:WinRC CompilerANSI C Console 68k:x86 CodeGenANSI C Console 68k:x86 LinkerANSI C Console 68k:x86 ProjectANSI C Console PPC:Java OutputANSI C Console PPC:Java ProjectANSI C Console PPC:Java VMANSI C Console PPC:WinRC CompilerANSI C Console PPC:x86 CodeGenANSI C Console PPC:x86 LinkerANSI C Console PPC:x86 ProjectANSI C Console FAT:Java OutputANSI C Console FAT:Java ProjectANSI C Console FAT:Java VMANSI C Console FAT:WinRC CompilerANSI C Console FAT:x86 CodeGenANSI C Console FAT:x86 LinkerANSI C Console FAT:x86 ProjectStd C Console 68K:Custom KeywordsStd C Console 68K:Access PathsStd C Console 68K:Target SettingsStd C Console 68K:File MappingsStd C Console 68K:Build ExtrasStd C Console 68K:Bison PanelStd C Console 68K:Flex PanelStd C Console 68K:68K CodeGenStd C Console 68K:68K DisassemblerStd C Console 68K:68K LinkerStd C Console 68K:68K ProjectStd C Console 68K:C/C++ CompilerStd C Console 68K:C/C++ WarningsStd C Console 68K:CFM68KStd C Console 68K:IR OptimizerStd C Console 68K:Java OutputStd C Console 68K:Java ProjectStd C Console 68K:Java VMStd C Console 68K:MacOS Merge PanelStd C Console 68K:Pascal CompilerStd C Console 68K:Pascal WarningsStd C Console 68K:PPC CodeGenStd C Console 68K:PPC DisassemblerStd C Console 68K:PPC LinkerStd C Console 68K:PPC PEFStd C Console 68K:PPC ProjectStd C Console 68K:PPCAsm PanelStd C Console 68K:Rez CompilerStd C Console 68K:WinRC CompilerStd C Console 68K:x86 CodeGenStd C Console 68K:x86 LinkerStd C Console 68K:x86 ProjectStd C Console PPC:Custom KeywordsStd C Console PPC:Access PathsStd C Console PPC:Target SettingsStd C Console PPC:File MappingsStd C Console PPC:Build ExtrasStd C Console PPC:Bison PanelStd C Console PPC:Flex PanelStd C Console PPC:68K CodeGenStd C Console PPC:68K DisassemblerStd C Console PPC:68K LinkerStd C Console PPC:68K ProjectStd C Console PPC:C/C++ CompilerStd C Console PPC:C/C++ WarningsStd C Console PPC:CFM68KStd C Console PPC:IR OptimizerStd C Console PPC:Java OutputStd C Console PPC:Java ProjectStd C Console PPC:Java VMStd C Console PPC:MacOS Merge PanelStd C Console PPC:Pascal CompilerStd C Console PPC:Pascal WarningsStd C Console PPC:PPC CodeGenStd C Console PPC:PPC DisassemblerStd C Console PPC:PPC LinkerStd C Console PPC:PPC PEFStd C Console PPC:PPC ProjectStd C Console PPC:PPCAsm PanelStd C Console PPC:Rez CompilerStd C Console PPC:WinRC CompilerStd C Console PPC:x86 CodeGenStd C Console PPC:x86 LinkerStd C Console PPC:x86 ProjectStd C Console FAT:Custom KeywordsStd C Console FAT:Access PathsStd C Console FAT:Target SettingsStd C Console FAT:File MappingsStd C Console FAT:Build ExtrasStd C Console FAT:Bison PanelStd C Console FAT:Flex PanelStd C Console FAT:68K CodeGenStd C Console FAT:68K DisassemblerStd C Console FAT:68K LinkerStd C Console FAT:68K ProjectStd C Console FAT:C/C++ CompilerStd C Console FAT:C/C++ WarningsStd C Console FAT:CFM68KStd C Console FAT:IR OptimizerStd C Console FAT:Java OutputStd C Console FAT:Java ProjectStd C Console FAT:Java VMStd C Console FAT:MacOS Merge PanelStd C Console FAT:Pascal CompilerStd C Console FAT:Pascal WarningsStd C Console FAT:PPC CodeGenStd C Console FAT:PPC DisassemblerStd C Console FAT:PPC LinkerStd C Console FAT:PPC PEFStd C Console FAT:PPC ProjectStd C Console FAT:PPCAsm PanelStd C Console FAT:Rez CompilerStd C Console FAT:WinRC CompilerStd C Console FAT:x86 CodeGenStd C Console FAT:x86 LinkerStd C Console FAT:x86 Project68K Standard C Console:Custom Keywords68K Standard C Console:Access Paths68K Standard C Console:Target Settings68K Standard C Console:File Mappings68K Standard C Console:Build Extras68K Standard C Console:68K CodeGen68K Standard C Console:68K Disassembler68K Standard C Console:68K Linker68K Standard C Console:68K Project68K Standard C Console:C/C++ Compiler68K Standard C Console:C/C++ Warnings68K Standard C Console:CFM68K68K Standard C Console:IR Optimizer68K Standard C Console:Java Output68K Standard C Console:Java Project68K Standard C Console:Java VM68K Standard C Console:MacOS Merge Panel68K Standard C Console:Pascal Compiler68K Standard C Console:Pascal Warnings68K Standard C Console:PPC CodeGen68K Standard C Console:PPC Disassembler68K Standard C Console:PPC Linker68K Standard C Console:PPC PEF68K Standard C Console:PPC Project68K Standard C Console:PPCAsm Panel68K Standard C Console:Rez Compiler68K Standard C Console:WinRC Compiler68K Standard C Console:x86 CodeGen68K Standard C Console:x86 Linker68K Standard C Console:x86 Project68K Std C Console:Custom Keywords68K Std C Console:Access Paths68K Std C Console:Target Settings68K Std C Console:File Mappings68K Std C Console:Build Extras68K Std C Console:68K CodeGen68K Std C Console:68K Disassembler68K Std C Console:68K Linker68K Std C Console:68K Project68K Std C Console:C/C++ Compiler68K Std C Console:C/C++ Warnings68K Std C Console:CFM68K68K Std C Console:IR Optimizer68K Std C Console:Java Output68K Std C Console:Java Project68K Std C Console:Java VM68K Std C Console:MacOS Merge Panel68K Std C Console:Pascal Compiler68K Std C Console:Pascal Warnings68K Std C Console:PPC CodeGen68K Std C Console:PPC Disassembler68K Std C Console:PPC Linker68K Std C Console:PPC PEF68K Std C Console:PPC Project68K Std C Console:PPCAsm Panel68K Std C Console:Rez Compiler68K Std C Console:WinRC Compiler68K Std C Console:x86 CodeGen68K Std C Console:x86 Linker68K Std C Console:x86 ProjectPPC Std C Console:Custom KeywordsPPC Std C Console:Access PathsPPC Std C Console:Target SettingsPPC Std C Console:File MappingsPPC Std C Console:Build ExtrasPPC Std C Console:68K CodeGenPPC Std C Console:68K DisassemblerPPC Std C Console:68K LinkerPPC Std C Console:68K ProjectPPC Std C Console:C/C++ CompilerPPC Std C Console:C/C++ WarningsPPC Std C Console:CFM68KPPC Std C Console:IR OptimizerPPC Std C Console:Java OutputPPC Std C Console:Java ProjectPPC Std C Console:Java VMPPC Std C Console:MacOS Merge PanelPPC Std C Console:Pascal CompilerPPC Std C Console:Pascal WarningsPPC Std C Console:PPC CodeGenPPC Std C Console:PPC DisassemblerPPC Std C Console:PPC LinkerPPC Std C Console:PPC PEFPPC Std C Console:PPC ProjectPPC Std C Console:PPCAsm PanelPPC Std C Console:Rez CompilerPPC Std C Console:WinRC CompilerPPC Std C Console:x86 CodeGenPPC Std C Console:x86 LinkerPPC Std C Console:x86 ProjectPPC Std C Console:Java LanguagePPC Std C Console:Debugger TargetPPC Std C Console:FTP PanelPPC Std C Console:JavaDoc ProjectPPC Std C Console:x86 Exceptions PanelPPC Std C Console:68K Global OptimizerPPC Std C Console:PPC Global OptimizerPPC Std C Console:Source TreesPPC Std C Console:Debugger RuntimePPC Std C Console:Java Command LinePPC Std C Console:Java MacOS SettingsPPC Std C Console:Perl PanelPPC Std C Console:x86 Global Optimizersc_shlib:Source Treessc_shlib:Custom Keywordssc_shlib:Access Pathssc_shlib:Target Settingssc_shlib:File Mappingssc_shlib:Build Extrassc_shlib:Debugger Runtimesc_shlib:Debugger Targetsc_shlib:68K CodeGensc_shlib:68K Disassemblersc_shlib:68K Global Optimizersc_shlib:68K Linkersc_shlib:68K Projectsc_shlib:C/C++ Compilersc_shlib:C/C++ Warningssc_shlib:CFM68Ksc_shlib:MacOS Merge Panelsc_shlib:PPC CodeGensc_shlib:PPC Disassemblersc_shlib:PPC Global Optimizersc_shlib:PPC Linkersc_shlib:PPC PEFsc_shlib:PPC Projectsc_shlib:PPCAsm Panelsc_shlib:Rez Compilersc_shlib:WinRC Compilersc_shlib:x86 CodeGensc_shlib:x86 Exceptions Panelsc_shlib:x86 Global Optimizersc_shlib:x86 Linkersc_shlib:x86 Projectsc_shlib:Remote Debugsc_shlib:Auto-targetsc_shlib:FTP Panelsc_shlib:Java Command Linesc_shlib:Java Languagesc_shlib:Java MRJAppBuildersc_shlib:Java Outputsc_shlib:Java Projectsc_shlib:JavaDoc Projectsc_shlib:Output Flagssc_shlib:Packager Panelsc_shlib:x86 Disassemblersc_shlb static:Source Treessc_shlb static:Access Pathssc_shlb static:Debugger Runtimesc_shlb static:Target Settingssc_shlb static:File Mappingssc_shlb static:Build Extrassc_shlb static:Debugger Targetsc_shlb static:Remote Debugsc_shlb static:Auto-targetsc_shlb static:Custom Keywordssc_shlb static:68K CodeGensc_shlb static:68K Disassemblersc_shlb static:68K Global Optimizersc_shlb static:68K Linkersc_shlb static:68K Projectsc_shlb static:C/C++ Compilersc_shlb static:C/C++ Warningssc_shlb static:CFM68Ksc_shlb static:FTP Panelsc_shlb static:Java Command Linesc_shlb static:Java Languagesc_shlb static:Java MRJAppBuildersc_shlb static:Java Outputsc_shlb static:Java Projectsc_shlb static:JavaDoc Projectsc_shlb static:MacOS Merge Panelsc_shlb static:Output Flagssc_shlb static:Packager Panelsc_shlb static:PPC CodeGensc_shlb static:PPC Disassemblersc_shlb static:PPC Global Optimizersc_shlb static:PPC Linkersc_shlb static:PPC PEFsc_shlb static:PPC Projectsc_shlb static:PPCAsm Panelsc_shlb static:Rez Compilersc_shlb static:WinRC Compilersc_shlb static:x86 CodeGensc_shlb static:x86 Disassemblersc_shlb static:x86 Exceptions Panelsc_shlb static:x86 Global Optimizersc_shlb static:x86 Linkersc_shlb static:x86 Projectsc_shlib no rsrc:Source Treessc_shlib no rsrc:Access Pathssc_shlib no rsrc:Debugger Runtimesc_shlib no rsrc:Target Settingssc_shlib no rsrc:File Mappingssc_shlib no rsrc:Build Extrassc_shlib no rsrc:Debugger Targetsc_shlib no rsrc:Remote Debugsc_shlib no rsrc:Auto-targetsc_shlib no rsrc:Custom Keywordssc_shlib no rsrc:68K CodeGensc_shlib no rsrc:68K Disassemblersc_shlib no rsrc:68K Global Optimizersc_shlib no rsrc:68K Linkersc_shlib no rsrc:68K Projectsc_shlib no rsrc:C/C++ Compilersc_shlib no rsrc:C/C++ Warningssc_shlib no rsrc:CFM68Ksc_shlib no rsrc:FTP Panelsc_shlib no rsrc:Java Command Linesc_shlib no rsrc:Java Languagesc_shlib no rsrc:Java MRJAppBuildersc_shlib no rsrc:Java Outputsc_shlib no rsrc:Java Projectsc_shlib no rsrc:JavaDoc Projectsc_shlib no rsrc:MacOS Merge Panelsc_shlib no rsrc:Output Flagssc_shlib no rsrc:Packager Panelsc_shlib no rsrc:PPC CodeGensc_shlib no rsrc:PPC Disassemblersc_shlib no rsrc:PPC Global Optimizersc_shlib no rsrc:PPC Linkersc_shlib no rsrc:PPC PEFsc_shlib no rsrc:PPC Projectsc_shlib no rsrc:PPCAsm Panelsc_shlib no rsrc:Rez Compilersc_shlib no rsrc:WinRC Compilersc_shlib no rsrc:x86 CodeGensc_shlib no rsrc:x86 Disassemblersc_shlib no rsrc:x86 Exceptions Panelsc_shlib no rsrc:x86 Global Optimizersc_shlib no rsrc:x86 Linkersc_shlib no rsrc:x86 ProjectNoneMMPr@TEXT.cRunTSScriptTEXT.plMW Perl€Java Linker .auJAR Importer@ .gifJAR Importer@RSRC`TEXT.cRunTSScriptTEXT.htmlTEXT.javaMW JavaTEXT.mfTEXT.plMW Perl€rsrc`.classMW Java.zipMW JavaMacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.plMW Perl€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS Merge APPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.cRunTSScriptTEXT.plMW Perl€TEXT.rRezrsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.plMW Perl€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 Linker????Obj Import x86TEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.plMW Perl€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86MRJApplication WARZ????APPL||6€@Z_BÛÚÞZYoR^|0B8PXZSJJALúXŽS;[Zþ~{Z¶FKÚ_^ê:BjZFÌ@bXÂ[[;²ÿïWZêÚzr]›xVHP‚ZPP;^z~ÓÞÜN¿ÊZßìúšKMRHRÚZ{V/P âZ;CZÚvþ{[ÜÛÚ—[R:ÊRXIX*\zZVV0ÙÚSÚCÿ:˚Μ_ÚºÒZBÐpúZÒ[P]4B pËZÚN>K^vÞ[V[ k>ªAqZzú8XÚZˆXÝ~ßÞ^X’ŸZ:Þ{R[z:Z ybZV ÊJDHaû^0Y«þÚóÂ^þy*~Z^SZ(JTNXzP Z~XÛZ;Z~ÞZ\OZóÓ:[CRyZ š:ûów–z\Fšê~oÊz˜º³ÿ„E¯¬å황¥“çìá·¡5¦õ²‡­³¥þµî]¤Æ¥±%ëí…¼,!‡„¡…(…Åã¤×í‡ï€÷$¤Æîõ‰± …§M„ ¤±Õ…‡­„¼ä¡í¥¯´¿¿õ%¯§÷gõ¼e…Ì$…$  %$¤Ä!§«ç"ëǧ©ª’ª½ç妅G%1¥ ¥$'1•%%…%?ç—;ã°7äæ÷•÷n¥ˆ&,%ãUµ‡8¡$ç±¥D÷#¾¥§¿"é­ïwïµ…uŸ£¥…ä†÷¥…$p­å¨…¥¥§é5µ—䥽¥/$´­x¶‡‡…¡1Éá§,"Æ(µ¥µm¿¤½Û¼£­õ¯5…±“‰á ¡À%¥‡{÷/Á±¬…µý÷®%­¥­í·$¥ å'Ô¥±†”%!¾¡i¯—¯ã¢¹·¥wÖ´¡3¦‡% ¤‡£°6¤¹¥„€ñô-£'ô§©þ}%…Å=ý¤5$„¸m2¥¥¡¥#µ¡¿íçå„·%¥îå´µÅì1ù‘1…%E‰§Éá É”?¥&ù-…·ï·‡Å¬¢ÿ%çõµˆ¨$4í%ä%¯­÷Žµ½µtñµ§åÖè¹·÷宆…À¿e­/ …Ä5…‘Èþ%åì4àÇÉ—åõå…¬§5( (' ‘u¥¯¬ $…õü!·í´w÷§à…ä'ÿ%õ ŠáE¯§¥¨5Ì ¡‡±¬­¥mú–ņŸå±½í¡%¡ ´±£«°¥ÔÙ…,"÷Že¿u¥§…ï…ô ¯í%D÷§¦·$$‡é¡,gãÞmÅ¡·u¿¿ìô·e倥¥µ¡±å<7üУa!½m…¿±“!ï]¦ÿ¥µÅ­%0€1…„Í$ƒ¤¡¡<%¤¥µ»¿õ§‡´¥#ö%Çœùåµâ‘µ¥§¡µå í¬-¥é­í½­¥ôIùµ¡‰…,$!¤­¡ &¥€‚½Å¹vå¥ãí…塧ý¯5$04%¡“©±E cµ…íÅ%ýç½í±…ïE¯Å­e,¯ŒÄ%„ÀˆÅq%¤¥íµúu/¡§¯¿µ¤®å§¡E#„¥å¤$âx­çƒ!m‘!¿µú­ï'Áú´ÿ…”Aác9%íà­e¦·¤¥ëͳõ‰‡Ç­õ÷´„å…¡¤$±¡…á$Ô‡wíEׯ†òu¿ì=ã­à*奤 %4Mµ®­!€§Я³ç¯õý¦Ý5¯%±¯õ¤±ÅÄd¤Ž„IÅ ¬†¨1%¨©­­;‘¬·½µÝ/¨Ç'¤§ä'”°¥Œ´«]…¥$…uõ£¿õÌ`Wm?ãg‡ö4Å¥C%€€…¡áÀ4-ƒõÝå!ôö±¿‡…ÿ­'­¼mô·µ„Ŷ±§5¤Æ%­ì÷åÕU¡}¥½¥¥‡ìç¿\±•% È$åU—… †³ gïô¢§ÿͼ€ñ5¡½çõ猀£Ã…¡)¥µ…¡¡Å´·Û/µÿ§m¿¦…Á¡¿¥¬¥¤«$eµŒ²ˆ%õ5§#Å¿õõ®•µ¡¥õ•—÷'½ý  %ñ­…Œþ¬†5£´Õ¯·å¥ƒ¥¥í¥¥g§¾l$U‰P'CODE' 'DATA' 'PICT' NONAME.EXE@·¥wÖ´¡3¦‡% ¤‡£°6¤¹¥„€ñô-£'ô§©þ}%…Å=ý¤5$„¸m2¥¥¡¥#µ¡¿íçå„·%¥îå´µÅì1ù‘1…%E‰§Éá É”?¥&ù-…·ï·‡Å¬¢ÿ%çõµˆ¨$4í%ä%¯­÷Žµ½µtñµ§åÖè¹·÷宆…À¿e­/ …Ä5…‘Èþ%åì4àÇÉ—åõå…¬§5( (' ‘u¥¯¬ $…õü!·í´w÷§à…ä'ÿ%õ ŠáE¯§¥¨5Ì ¡‡±¬­¥mú–ņŸå±½í¡%¡ ´±£«°¥ÔÙ…,"÷Že¿u¥§…ï…ô ¯í%D÷§¦·$$‡é¡,gãÞmÅ¡·u¿¿ìô·e倥¥µ¡±å<7üУa!½m…¿±“!ï]¦ÿ¥µÅ­%0€1…„Í$ƒ¤¡¡<%¤¥µ»¿õ§‡´¥#ö%Çœùåµâ‘µ¥§¡µå í¬-¥é­í½­¥ôIùµ¡‰…,$!¤­¡ &¥€‚½Å¹vå¥ãí…塧ý¯5$04%¡“©±E cµ…íÅ%ýç½í±…ïE¯Å­e,¯ŒÄ%„ÀˆÅq%¤¥íµúu/¡§¯¿µ¤®å§¡E#„¥å¤$âx­çƒ!m‘!¿µú­ï'Áú´ÿ…”Aác9%íà­e¦·¤¥ëͳõ‰‡Ç­õ÷´„å…¡¤$±¡…á$Ô‡wíEׯ†òu¿ì=ã­à*奤 %4Mµ®­!€§Я³ç¯õý¦Ý5¯%±¯õ¤±ÅÄd¤Ž„IÅ ¬†¨1%¨©­­;‘¬·½µÝ/¨Ç'¤§ä'”°¥Œ´«]…¥$…uõ£¿õÌ`Wm?ãg‡ö4Å¥C%€€…¡áÀ4-ƒõÝå!ôö±¿‡…ÿ­'­¼mô·µ„Ŷ±§5¤Æ%­ì÷åÕU¡}¥½¥¥‡ìç¿\±•% È$åU—… †³ gïô¢§ÿͼ€ñ5¡½çõ猀£Ã…¡)¥µ…¡¡Å´·Û/µÿ§m¿¦…Á¡¿¥¬¥¤«$eµŒ²ˆ%õ5§#Å¿õõ®•µ¡¥õ•—÷'½ý  %ñ­…Œþ¬†5£´Õ¯·å¥ƒ¥¥í¥¥g§¾l$U‰ sc_shlb.outle PPC????APPLhh@XÀ????P'CODE' 'DATA' 'PICT'  NONAME.EXE@ WARZ,´DmstrC€mstl4€mstn((msti<˜mstrè!Ãmstlè…mstnèP(mstièD˜,mpsièFÄ4mtglèJøPLstí¬.pref̹-.ÏIpref»A.ýpref±}/3$prefÿ):/ prefÛO;3<’pref4Ú<3ÎJpref¨z=ø mtslæmtplx€mtpsømtpi0mtlo)J.prefËVK)xIprefnL-Ápref¼ÎM-Å$prefëX-é pref`GY-ó’prefôZ.…JprefT.[Ï.prefƒÑia¶IprefjËpref~Dkeÿ$prefˆUv9 prefVÄwf#’pref%hxfµJpref—cyqprefµ¢ùy prefC’ú·prefMb¿ prefdoRpref,…ÙZ pref¥ûÚâ prefNN/|î2prefM¦U}iPprefMáa~eprefN]— 8prefMfwX prefMÉ”‚usprefŽx]4prefc¼{‘prefs¥‘imall¤mapl‚Õpref:…—‡Ý\pref9ÜÓ˜9pref9h™'Ãmoti¬prefbE›´prefnÀœ‘;pref¹ L¼pref¤ëž¨SprefÑŸ(=prefy RÐprefäH¡Và pref q¢Îpref&£â prefפì pref Ý¥prefßϦZprefZ±§&>prefî]¨dprefÈ©[Úprefô£ªrbprefÑ«ÔprefÕ8¬è pref1­ò prefÌ®\àÄpref×8¯]¤prefqó°^¼¨pref¶b±f.prefÅó²_d pref«Ô³”"prefÀñ´þprefÑ€µ¶prefݶ prefð’·gý’pref»$¸hjprefò³¹pgpref¶GºNpref§ç»ÆcŽprefó}¼Ëñpref@—½smpref/¾ÐùÜprefP;¿…2pref ÏÀ·Ü€prefcÁ~¥pref±ñÂt}ØprefWÃ&pref:QÄÐpref^¾Å'Ñ mtsl'mtplKø€mtps'ñmtpi(,mtlo(-prefžÄuñë³prefžÌ@òàÕprefžkòóËprefž¾0ôp´pref÷cõvƒprefž]ÿöß prefþw÷ ÿprefž 8ø(5prefž ùLxprefž%šúL’prefžˆ’ûL¦ prefžê5üL° prefžKýapprefž³zþ¹prefõ‘ÿfÿ>prefžá¡a~prefíˆÚprefž`ÆߎprefžT mprefž”DäåprefžæmŽÄÜprefòÒg=2prefž|tž €prefžs>"NprefžÎŠ gobprefž™Å uØprefžO § prefž!x aŒprefžÕ a  prefžwpaª prefž$‹wŠÄprefðO%bprefž§Yåõ¨prefž§GM.prefóÏ­4 prefži‰gÑ"prefžy~hùprefžcuUprefžÉC{prefžxug prefžÐi•’prefž€š¯@jprefžãŒcyrus-sasl-2.1.25/mac/sc_shlb/sc_shlb.mono0000777000076400007640000022776107403027661015356 00000000000000cool(%Q&y xeCodeWarrior ProjectÅà6‰8ÅQRXy€™yt‚’_p ROOTFILEFILEGRUP Mac LibrariesGRUPANSI LibrariesFILE FILE FILE FILE FILE FILEGRUP SASL-test-libFILEFILEFILEGRUP SourcesFILEFILEFILE'   à  ¡ 'ÿÿÿÿdYF ZG HIJEK LhiQRXSTUVW      'JavaClasses.jarZIP MWZPD67'+) #=>B<?@A"\042E(,* $!%/HJKwnqsDYIvG.L-u^d fMjkl]bixCtme;&r:9  [gh`NO ZPQWRST8UVapcX153F_o   ·¬>wd*G|G|JavaClasses.zipJavaClasses.zip#CshPf 0‡ Add§PinRÆaPoiêMIte tRes' MenuI tConk Cont… oseC¥illCÄShowäHideÿMove$GetCGetCRjzeCo‰lite­GetCËtCTiætlVainCt%Ctl Elue gl Se†Test¤DragÃTracÕ Draö!€"nded5#istT$ àr%&±'Í(ê)  **+ —B,d$`-}.›/shP´0 0×1 Addø2PinR3aPoi64MIteX5tRest6Menu7tConª8ContÈ9oseCæ:illC;Show#GetC}?etCR›@zeCo¼A€ÛBGetCùCtCTiDtlVa8EinCtTFCtl qGlue ‘Hl Se±ITestÉJDragçKTrac L Dra "M ;N ^O P  Q ½R ßS ûT U 1V OW mXKeys Y ªZImpo Æ[PW I ã\KBa ]lpM "^68K C_l 68 b`F Im €a€ bnded ¿cist ÛdTarg øect D fSett 8g Set PheSaf ni@ ‹j ©k Âl åm në` 'o L DpÒ%sÓ fqg: Ò ‚rë ›sANSI ¸t 68k ÖuKeyw ôvI Cowk:Ac1xhsAMyole jzet S{ANSI­| 68kÐ}ppinñ~ConsBuil0€ANSTr‚‘ƒ³„Յ4ˆW‰zŠ™‹½ŒÛöŽ5U‘x’˜“»”Ü•ü–—?˜]™|šž›ÀœÚúžŸB e¡„¢¨£Ƥᥦ §@¨c©ƒª¦«Ǭç­®*¯H°g±‰²«³Å´åµ ¶-·P¸o¹“º±»̼ë½ ¾+¿JÀjÁ…§ÃÆÄäÅÆ"ÇBÈ]Éʞ˼ÌÛÍúÎÏ5ÐWÑvÒ”Ó³ÔÕÕôÖ×6ØUÙsÚÛ®ÜÑÝîÞ ß-àNágâ†ã¤äÃåÝæç#èEécê†ë£ì½íÛîúïð:ñXòuó“ôµõÔöö÷ø5ùSúpûŽü±ýÎþìÿ .Gf„£½á  % C f ƒ  » Ú ù!!8!U!s!•!´!Ö!ö""3"P"n"‘"®"Ì"í #!#'"#F##d$#ƒ%#&#Á'#ã($)$#*$F+$c,$}-$›.$º/$Ù0$ú1%2%53%S4%z5%ž6%Å7%ê8&9&1:&Y;&{<&ž=&Ä>&ê?'@',A'OB'sC'’D'»E'âF( G(,H(TI(vJ(•K(¸L(ÜM)N)&O)IP)kQ)ŽR)°S)ÏT)ñU*V*0W*NX*qY*ŽZ*¬[*Í\*î]+^+&_+D`+ca+}b+¡c+Ãd+åe,f,&g,Ch,]i,{j,šk,¹l,Úm,øn-o-3p-Uq-tr-–s-¶t-Õu-óv.w.3x.Qy.rz.“{.¬|.Ë}.é~//"€/F/h‚/Šƒ/¨„/Ë…/è†0‡0 ˆ0?‰0^Š0‹0Œ0º0ØŽ0ø116‘1X’1“1¦”1Í•1ì–2—23˜2Y™2vš2›2³œ2Ì2âž2ûŸ3 3(¡3B¢3[£3p¤3Š¥3¨¦3¼§3Ѩ3é©4ª4«4,¬4A­4[®4y¯4°4ž±4³²4ɳ4ß´4÷µ5 ¶5*·5H¸5\¹5qº5‡»5œ¼5¯½5ʾ5á¿5ýÀ6Á6(Â6AÃ6WÄ6oÅ89:;47<=>36?@ABCDEFGHIJKL5MNOPVWXYRUZ[\QT]^_`abcdefghijSklmn~€z}‚ƒ„y|…¾¿À†‡ˆ‰Š‹ŒŽ{ÁÂÃĬ­®¯¨«°±²§ª³ÌÍ䵶·¸¹º»¼½©ÏÐÑÒ•–—˜‘”™š›“œÅÆÇžŸ ¡¢£¤¥¦’ÈÉÊË$%&' #()*"+,-./012345678!9:;<`abc\_def[^ghijklmnopqrst]uvwx  BCDE>AFGH=@IJKLMNOPQRSTUV?WXYZtu’vwpsxyzo•Žr{–—|}~€˜‚ƒ“„…†‡ˆ”q‰Š‘™‹Œ¢£¤¥¦œºŸ§¨©› ¡ž»¼½¾¿ÀÁªÂ묭®¯°±¹²š³´Äµ¶·¸ÚÛÜÝÔØ×ÞßàÓÖÙáâãäåæçèéêëìíîÕïðñò !"#$%&'()*+,-./012úûüýôø÷þÿóöù     õd]·¬;Å jJavaClasses.zipMSIEInternet ExplorerIexplore.exe a.out@U {MSIEInternet ExplorerIexplore.exe a.out@U {ANSI Console MultiFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KMW Pascal 68KRezPEF Import 68KANSI Console 68kHelloWorld.cMSL C.68K Fa(4i_8d).LibMSL Runtime68K.LibMathLib68K Fa(4i/8d).LibMSL C++.68K Fa(4i_8d).LibMacOS.libMSL SIOUX.68K.LibANSI Console PPC:ANSI Console PPC.outLib Import PPCMW C/C++ PPCMW Pascal PPCPPCAsmXCOFF Import PPCPEF Import PPCMSL C++.PPC.LibMSL C.PPC.LibInterfaceLibMathLibMSL RuntimePPC.LibMSL SIOUX.PPC.Lib:ANSI Console 68k.outANSI Console FAT:Merge Out:ANSI Console FAT.outANSI Console 68k.outANSI Console PPC.outMathLib68K Fa(4i_8d).Lib:ANSI C Console 68kANSI C Console 68k:ANSI C Console PPCANSI C Console PPC:ANSI C Console FATANSI C Console FATGameCode ConverterFlex PreprocessorBison Preprocessor:Std C Console 68KStd C Console 68K:Std C Console PPCStd C Console PPC:Std C Console FATStd C Console FAT68K Standard C Console68K Std C ConsolePPC Std C ConsoleMSL C.68K (2i).LibMSL C++.68K (2i).LibMathLib68K (2i).Lib:HelloWorld.c:Bin:MSL C++.PPC.Lib:Bin:MSL C.PPC.Lib:Libraries:MacOS Common:InterfaceLib:Libraries:MacOS Common:MathLib:Libraries:Runtime:Runtime PPC:MSL RuntimePPC.Lib:Bin:MSL SIOUX.PPC.LibMacOS PPC LinkerCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger TargetC/C++ CompilerC/C++ WarningsFTP PanelIR OptimizerPascal CompilerPascal WarningsPPC CodeGenPPC DisassemblerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez CompilerPPC Global OptimizerSource TreesDebugger RuntimePerl PanelMW Perl:sc_shlb.outlibdes.shlbgetopt.cxxx_client_mac_lib.cparse_cmd_line.csample-client.clibsasl.shlbsc_shlibgetsubopt.cmac_testing_notes.cinstall.cOutput FlagsPackager Panellibsasl2.shlbkcglue_des.ckcglue_krb.cKClient.cmac_krb_lib1.cclient.cxxx_mac_lib.csaslutil.ccommon.cmd5.cconfig.cmac_dyn_dlopen.cgetaddrinfo.cexternal.ccanonusr.clibsasl2.static!M\ ( J°7OlFS`lin r ’ Ÿ €·ÊþàdãbjdýÑÿÿÿ*objd@O\ÿÿj‡obqpt‚‘¡lace¯=g¼Ä× ÿé!ÿ"#½$$ÿÿôà1%F&ë ['t(¥0ˆ)@›*Jav¯+.zipÂ,Ö-é.ëü/0ut!142F3Y4k5APPL~6GXck7PC§8 ¡¹9 Ë:Þ;½%°ó<ÿÿô¼=>ë*?=@bA‚B´CËDÜEìFùG HI$J4KCLRM\NiOyP‰Q•R¦S±T¹UÅVÒWßXôYZ[\%]2^>_G`\amb}cŠd“eŸf³g½hÊiÙjçkôlm no#p1q<rEsKtTuevsw~x‰y     ^_`abefg'ylmnopq r!s"t#u$v%w&xctEntry seÿÿÿÿntry SetEntriesQDError SetWinCor ÿÿÿÿuxWin SetCtlColo ¡Pë aÔ°ÿÿÿÿetNe à ¢Pë aÈ Qÿÿÿÿ ¢pkÀ §`~ÿ_34 ¡P`ÿÿÿÿ|}ÿa4{|}ÿb34  @:ÿÿÿÿ@::include:ÿÿÿÿ:::include:ÿÿÿÿ::libdes:public:ÿÿÿÿ@::mac_lib:ÿÿÿÿ@:::sample:ÿÿÿÿ@ ::libsasl:ÿÿÿÿ@ :::lib:ÿÿÿÿ@ ::readme:ÿÿÿÿ@ ::(reference):ÿÿÿÿ@ ::CommonKClient:mac_kclient:ÿÿÿÿ@:MSL:werks Standard Library:MSL Precompiled Header:ÿÿÿÿ@:MacOS Support:ÿÿÿÿ@ Std C Console 68K????APPL€XÀ????U {€ Merge Out????APPLDLGXckidProjWSPCJavaClasses.jarZIP MWZPMSIEInternet ExplorerIexplore.exe a.out@U {ANSI Console Multi:Custom KeywordsANSI Console Multi:Access PathsANSI Console Multi:Target SettingsANSI Console Multi:File MappingsANSI Console Multi:Build ExtrasANSI Console Multi:68K CodeGenANSI Console Multi:68K DisassemblerANSI Console Multi:68K LinkerANSI Console Multi:68K ProjectANSI Console Multi:C/C++ CompilerANSI Console Multi:C/C++ WarningsANSI Console Multi:CFM68KANSI Console Multi:IR OptimizerANSI Console Multi:Java OutputANSI Console Multi:Java ProjectANSI Console Multi:Java VMANSI Console Multi:MacOS Merge PanelANSI Console Multi:Pascal CompilerANSI Console Multi:Pascal WarningsANSI Console Multi:PPC CodeGenANSI Console Multi:PPC DisassemblerANSI Console Multi:PPC LinkerANSI Console Multi:PPC PEFANSI Console Multi:PPC ProjectANSI Console Multi:PPCAsm PanelANSI Console Multi:Rez CompilerANSI Console Multi:WinRC CompilerANSI Console Multi:x86 CodeGenANSI Console Multi:x86 LinkerANSI Console Multi:x86 ProjectProject File ListANSI Console 68k:Custom KeywordsANSI Console 68k:Access PathsANSI Console 68k:Target SettingsANSI Console 68k:File MappingsANSI Console 68k:Build ExtrasANSI Console 68k:68K CodeGenANSI Console 68k:68K DisassemblerANSI Console 68k:68K LinkerANSI Console 68k:68K ProjectANSI Console 68k:C/C++ CompilerANSI Console 68k:C/C++ WarningsANSI Console 68k:CFM68KANSI Console 68k:IR OptimizerANSI Console 68k:Java OutputANSI Console 68k:Java ProjectANSI Console 68k:Java VMANSI Console 68k:MacOS Merge PanelANSI Console 68k:Pascal CompilerANSI Console 68k:Pascal WarningsANSI Console 68k:PPC CodeGenANSI Console 68k:PPC DisassemblerANSI Console 68k:PPC LinkerANSI Console 68k:PPC PEFANSI Console 68k:PPC ProjectANSI Console 68k:PPCAsm PanelANSI Console 68k:Rez CompilerANSI Console 68k:WinRC CompilerANSI Console 68k:x86 CodeGenANSI Console 68k:x86 LinkerANSI Console 68k:x86 ProjectANSI Console PPC:Custom KeywordsANSI Console PPC:Access PathsANSI Console PPC:Target SettingsANSI Console PPC:File MappingsANSI Console PPC:Build ExtrasANSI Console PPC:68K CodeGenANSI Console PPC:68K DisassemblerANSI Console PPC:68K LinkerANSI Console PPC:68K ProjectANSI Console PPC:C/C++ CompilerANSI Console PPC:C/C++ WarningsANSI Console PPC:CFM68KANSI Console PPC:IR OptimizerANSI Console PPC:Java OutputANSI Console PPC:Java ProjectANSI Console PPC:Java VMANSI Console PPC:MacOS Merge PanelANSI Console PPC:Pascal CompilerANSI Console PPC:Pascal WarningsANSI Console PPC:PPC CodeGenANSI Console PPC:PPC DisassemblerANSI Console PPC:PPC LinkerANSI Console PPC:PPC PEFANSI Console PPC:PPC ProjectANSI Console PPC:PPCAsm PanelANSI Console PPC:Rez CompilerANSI Console PPC:WinRC CompilerANSI Console PPC:x86 CodeGenANSI Console PPC:x86 LinkerANSI Console PPC:x86 ProjectANSI Console FAT:Custom KeywordsANSI Console FAT:Access PathsANSI Console FAT:Target SettingsANSI Console FAT:File MappingsANSI Console FAT:Build ExtrasANSI Console FAT:68K CodeGenANSI Console FAT:68K DisassemblerANSI Console FAT:68K LinkerANSI Console FAT:68K ProjectANSI Console FAT:C/C++ CompilerANSI Console FAT:C/C++ WarningsANSI Console FAT:CFM68KANSI Console FAT:IR OptimizerANSI Console FAT:Java OutputANSI Console FAT:Java ProjectANSI Console FAT:Java VMANSI Console FAT:MacOS Merge PanelANSI Console FAT:Pascal CompilerANSI Console FAT:Pascal WarningsANSI Console FAT:PPC CodeGenANSI Console FAT:PPC DisassemblerANSI Console FAT:PPC LinkerANSI Console FAT:PPC PEFANSI Console FAT:PPC ProjectANSI Console FAT:PPCAsm PanelANSI Console FAT:Rez CompilerANSI Console FAT:WinRC CompilerANSI Console FAT:x86 CodeGenANSI Console FAT:x86 LinkerANSI Console FAT:x86 ProjectANSI C Console 68k:Custom KeywordsANSI C Console 68k:Access PathsANSI C Console 68k:Target SettingsANSI C Console 68k:File MappingsANSI C Console 68k:Build ExtrasANSI C Console 68k:68K CodeGenANSI C Console 68k:68K DisassemblerANSI C Console 68k:68K LinkerANSI C Console 68k:68K ProjectANSI C Console 68k:C/C++ CompilerANSI C Console 68k:C/C++ WarningsANSI C Console 68k:CFM68KANSI C Console 68k:IR OptimizerANSI C Console 68k:MacOS Merge PanelANSI C Console 68k:Pascal CompilerANSI C Console 68k:Pascal WarningsANSI C Console 68k:PPC CodeGenANSI C Console 68k:PPC DisassemblerANSI C Console 68k:PPC LinkerANSI C Console 68k:PPC PEFANSI C Console 68k:PPC ProjectANSI C Console 68k:PPCAsm PanelANSI C Console 68k:Rez CompilerANSI C Console PPC:Custom KeywordsANSI C Console PPC:Access PathsANSI C Console PPC:Target SettingsANSI C Console PPC:File MappingsANSI C Console PPC:Build ExtrasANSI C Console PPC:68K CodeGenANSI C Console PPC:68K DisassemblerANSI C Console PPC:68K LinkerANSI C Console PPC:68K ProjectANSI C Console PPC:C/C++ CompilerANSI C Console PPC:C/C++ WarningsANSI C Console PPC:CFM68KANSI C Console PPC:IR OptimizerANSI C Console PPC:MacOS Merge PanelANSI C Console PPC:Pascal CompilerANSI C Console PPC:Pascal WarningsANSI C Console PPC:PPC CodeGenANSI C Console PPC:PPC DisassemblerANSI C Console PPC:PPC LinkerANSI C Console PPC:PPC PEFANSI C Console PPC:PPC ProjectANSI C Console PPC:PPCAsm PanelANSI C Console PPC:Rez CompilerANSI C Console FAT:Custom KeywordsANSI C Console FAT:Access PathsANSI C Console FAT:Target SettingsANSI C Console FAT:File MappingsANSI C Console FAT:Build ExtrasANSI C Console FAT:68K CodeGenANSI C Console FAT:68K DisassemblerANSI C Console FAT:68K LinkerANSI C Console FAT:68K ProjectANSI C Console FAT:C/C++ CompilerANSI C Console FAT:C/C++ WarningsANSI C Console FAT:CFM68KANSI C Console FAT:IR OptimizerANSI C Console FAT:MacOS Merge PanelANSI C Console FAT:Pascal CompilerANSI C Console FAT:Pascal WarningsANSI C Console FAT:PPC CodeGenANSI C Console FAT:PPC DisassemblerANSI C Console FAT:PPC LinkerANSI C Console FAT:PPC PEFANSI C Console FAT:PPC ProjectANSI C Console FAT:PPCAsm PanelANSI C Console FAT:Rez CompilerANSI C Console 68k:Java OutputANSI C Console 68k:Java ProjectANSI C Console 68k:Java VMANSI C Console 68k:WinRC CompilerANSI C Console 68k:x86 CodeGenANSI C Console 68k:x86 LinkerANSI C Console 68k:x86 ProjectANSI C Console PPC:Java OutputANSI C Console PPC:Java ProjectANSI C Console PPC:Java VMANSI C Console PPC:WinRC CompilerANSI C Console PPC:x86 CodeGenANSI C Console PPC:x86 LinkerANSI C Console PPC:x86 ProjectANSI C Console FAT:Java OutputANSI C Console FAT:Java ProjectANSI C Console FAT:Java VMANSI C Console FAT:WinRC CompilerANSI C Console FAT:x86 CodeGenANSI C Console FAT:x86 LinkerANSI C Console FAT:x86 ProjectStd C Console 68K:Custom KeywordsStd C Console 68K:Access PathsStd C Console 68K:Target SettingsStd C Console 68K:File MappingsStd C Console 68K:Build ExtrasStd C Console 68K:Bison PanelStd C Console 68K:Flex PanelStd C Console 68K:68K CodeGenStd C Console 68K:68K DisassemblerStd C Console 68K:68K LinkerStd C Console 68K:68K ProjectStd C Console 68K:C/C++ CompilerStd C Console 68K:C/C++ WarningsStd C Console 68K:CFM68KStd C Console 68K:IR OptimizerStd C Console 68K:Java OutputStd C Console 68K:Java ProjectStd C Console 68K:Java VMStd C Console 68K:MacOS Merge PanelStd C Console 68K:Pascal CompilerStd C Console 68K:Pascal WarningsStd C Console 68K:PPC CodeGenStd C Console 68K:PPC DisassemblerStd C Console 68K:PPC LinkerStd C Console 68K:PPC PEFStd C Console 68K:PPC ProjectStd C Console 68K:PPCAsm PanelStd C Console 68K:Rez CompilerStd C Console 68K:WinRC CompilerStd C Console 68K:x86 CodeGenStd C Console 68K:x86 LinkerStd C Console 68K:x86 ProjectStd C Console PPC:Custom KeywordsStd C Console PPC:Access PathsStd C Console PPC:Target SettingsStd C Console PPC:File MappingsStd C Console PPC:Build ExtrasStd C Console PPC:Bison PanelStd C Console PPC:Flex PanelStd C Console PPC:68K CodeGenStd C Console PPC:68K DisassemblerStd C Console PPC:68K LinkerStd C Console PPC:68K ProjectStd C Console PPC:C/C++ CompilerStd C Console PPC:C/C++ WarningsStd C Console PPC:CFM68KStd C Console PPC:IR OptimizerStd C Console PPC:Java OutputStd C Console PPC:Java ProjectStd C Console PPC:Java VMStd C Console PPC:MacOS Merge PanelStd C Console PPC:Pascal CompilerStd C Console PPC:Pascal WarningsStd C Console PPC:PPC CodeGenStd C Console PPC:PPC DisassemblerStd C Console PPC:PPC LinkerStd C Console PPC:PPC PEFStd C Console PPC:PPC ProjectStd C Console PPC:PPCAsm PanelStd C Console PPC:Rez CompilerStd C Console PPC:WinRC CompilerStd C Console PPC:x86 CodeGenStd C Console PPC:x86 LinkerStd C Console PPC:x86 ProjectStd C Console FAT:Custom KeywordsStd C Console FAT:Access PathsStd C Console FAT:Target SettingsStd C Console FAT:File MappingsStd C Console FAT:Build ExtrasStd C Console FAT:Bison PanelStd C Console FAT:Flex PanelStd C Console FAT:68K CodeGenStd C Console FAT:68K DisassemblerStd C Console FAT:68K LinkerStd C Console FAT:68K ProjectStd C Console FAT:C/C++ CompilerStd C Console FAT:C/C++ WarningsStd C Console FAT:CFM68KStd C Console FAT:IR OptimizerStd C Console FAT:Java OutputStd C Console FAT:Java ProjectStd C Console FAT:Java VMStd C Console FAT:MacOS Merge PanelStd C Console FAT:Pascal CompilerStd C Console FAT:Pascal WarningsStd C Console FAT:PPC CodeGenStd C Console FAT:PPC DisassemblerStd C Console FAT:PPC LinkerStd C Console FAT:PPC PEFStd C Console FAT:PPC ProjectStd C Console FAT:PPCAsm PanelStd C Console FAT:Rez CompilerStd C Console FAT:WinRC CompilerStd C Console FAT:x86 CodeGenStd C Console FAT:x86 LinkerStd C Console FAT:x86 Project68K Standard C Console:Custom Keywords68K Standard C Console:Access Paths68K Standard C Console:Target Settings68K Standard C Console:File Mappings68K Standard C Console:Build Extras68K Standard C Console:68K CodeGen68K Standard C Console:68K Disassembler68K Standard C Console:68K Linker68K Standard C Console:68K Project68K Standard C Console:C/C++ Compiler68K Standard C Console:C/C++ Warnings68K Standard C Console:CFM68K68K Standard C Console:IR Optimizer68K Standard C Console:Java Output68K Standard C Console:Java Project68K Standard C Console:Java VM68K Standard C Console:MacOS Merge Panel68K Standard C Console:Pascal Compiler68K Standard C Console:Pascal Warnings68K Standard C Console:PPC CodeGen68K Standard C Console:PPC Disassembler68K Standard C Console:PPC Linker68K Standard C Console:PPC PEF68K Standard C Console:PPC Project68K Standard C Console:PPCAsm Panel68K Standard C Console:Rez Compiler68K Standard C Console:WinRC Compiler68K Standard C Console:x86 CodeGen68K Standard C Console:x86 Linker68K Standard C Console:x86 Project68K Std C Console:Custom Keywords68K Std C Console:Access Paths68K Std C Console:Target Settings68K Std C Console:File Mappings68K Std C Console:Build Extras68K Std C Console:68K CodeGen68K Std C Console:68K Disassembler68K Std C Console:68K Linker68K Std C Console:68K Project68K Std C Console:C/C++ Compiler68K Std C Console:C/C++ Warnings68K Std C Console:CFM68K68K Std C Console:IR Optimizer68K Std C Console:Java Output68K Std C Console:Java Project68K Std C Console:Java VM68K Std C Console:MacOS Merge Panel68K Std C Console:Pascal Compiler68K Std C Console:Pascal Warnings68K Std C Console:PPC CodeGen68K Std C Console:PPC Disassembler68K Std C Console:PPC Linker68K Std C Console:PPC PEF68K Std C Console:PPC Project68K Std C Console:PPCAsm Panel68K Std C Console:Rez Compiler68K Std C Console:WinRC Compiler68K Std C Console:x86 CodeGen68K Std C Console:x86 Linker68K Std C Console:x86 ProjectPPC Std C Console:Custom KeywordsPPC Std C Console:Access PathsPPC Std C Console:Target SettingsPPC Std C Console:File MappingsPPC Std C Console:Build ExtrasPPC Std C Console:68K CodeGenPPC Std C Console:68K DisassemblerPPC Std C Console:68K LinkerPPC Std C Console:68K ProjectPPC Std C Console:C/C++ CompilerPPC Std C Console:C/C++ WarningsPPC Std C Console:CFM68KPPC Std C Console:IR OptimizerPPC Std C Console:Java OutputPPC Std C Console:Java ProjectPPC Std C Console:Java VMPPC Std C Console:MacOS Merge PanelPPC Std C Console:Pascal CompilerPPC Std C Console:Pascal WarningsPPC Std C Console:PPC CodeGenPPC Std C Console:PPC DisassemblerPPC Std C Console:PPC LinkerPPC Std C Console:PPC PEFPPC Std C Console:PPC ProjectPPC Std C Console:PPCAsm PanelPPC Std C Console:Rez CompilerPPC Std C Console:WinRC CompilerPPC Std C Console:x86 CodeGenPPC Std C Console:x86 LinkerPPC Std C Console:x86 ProjectPPC Std C Console:Java LanguagePPC Std C Console:Debugger TargetPPC Std C Console:FTP PanelPPC Std C Console:JavaDoc ProjectPPC Std C Console:x86 Exceptions PanelPPC Std C Console:68K Global OptimizerPPC Std C Console:PPC Global OptimizerPPC Std C Console:Source TreesPPC Std C Console:Debugger RuntimePPC Std C Console:Java Command LinePPC Std C Console:Java MacOS SettingsPPC Std C Console:Perl PanelPPC Std C Console:x86 Global Optimizersc_shlib:Source Treessc_shlib:Custom Keywordssc_shlib:Access Pathssc_shlib:Target Settingssc_shlib:File Mappingssc_shlib:Build Extrassc_shlib:Debugger Runtimesc_shlib:Debugger Targetsc_shlib:68K CodeGensc_shlib:68K Disassemblersc_shlib:68K Global Optimizersc_shlib:68K Linkersc_shlib:68K Projectsc_shlib:C/C++ Compilersc_shlib:C/C++ Warningssc_shlib:CFM68Ksc_shlib:MacOS Merge Panelsc_shlib:PPC CodeGensc_shlib:PPC Disassemblersc_shlib:PPC Global Optimizersc_shlib:PPC Linkersc_shlib:PPC PEFsc_shlib:PPC Projectsc_shlib:PPCAsm Panelsc_shlib:Rez Compilersc_shlib:WinRC Compilersc_shlib:x86 CodeGensc_shlib:x86 Exceptions Panelsc_shlib:x86 Global Optimizersc_shlib:x86 Linkersc_shlib:x86 Projectsc_shlib:Remote Debugsc_shlib:Auto-targetsc_shlib:FTP Panelsc_shlib:Java Command Linesc_shlib:Java Languagesc_shlib:Java MRJAppBuildersc_shlib:Java Outputsc_shlib:Java Projectsc_shlib:JavaDoc Projectsc_shlib:Output Flagssc_shlib:Packager Panelsc_shlib:x86 Disassembler__sta__start  MSIEInternet ExplorererIexplore.exeoreruJITmain__start NONAME.EXE@ sc_shlb.outle PPC????APPLhh@XÀ????MSIEhttp://java.sun.com/products/jdk/1.1/docs/api/P'CODE' 'DATA' 'PICT'|1àÐ@ðX\õ{zžÏÒß|,Á*xIv8z[˜ÔÚŒhJ_ÊnÛRÜšKÎÚM~ÊJ ^{NnŠZR@JXÊLkÞY_`Þ]ÿxÞÚjÙHà*[QbZzz X›iJºKþ{ÓSûX6_ÚŸÑíC0yJLZÚF!)z^„K•ú¿ÿGÒ|y:ÝvRמûèYJ›Yv k Jzx@[Ú:JpÚ›Y\Š~öY{Zy#J^šp+  à  ¡ JBoundApp????ÿÿÿÿÿÿWINDnullWË ËÀÿÝË Ëàk40ÿÜðË http://java.sun.com/products/jdk/1.1/docs/api/ )Aï"S0<ÄËP3î€ÿÜðaÿ%®0UOË <aÿ%š0UO/ Hx B'aÿ%ˆ0UO/ HxJ/ VÀDIÀ/aÿ&¶0UO/ HxJ/ VÀDIÀ/aÿ&š0UO/ HxJ/VÀDIÀ/aÿ&~0UO/ HxJ/VÀDIÀ/aÿ&b0UO/ HxJ/VÀDIÀ/aÿ&F0UO/ HxJ/VÀDIÀ/aÿ&*0UO/ Hx J/VÀDIÀ/aÿ&0HW//aÿ,|/ HxHoaÿ'b0/ Hx?/NºþVHÀTO/aÿ%Ô0HoHoaÿ+/ Hx MacOS PPC Linkersc_shlib Console:NoneMMPr@TEXT.cRunTSScriptTEXT.plMW Perl€Java Linker .auJAR Importer@ .gifJAR Importer@RSRC`TEXT.cRunTSScriptTEXT.htmlTEXT.javaMW JavaTEXT.mfTEXT.plMW Perl€rsrc`.classMW Java.zipMW JavaMacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.plMW Perl€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS Merge APPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.cRunTSScriptTEXT.plMW Perl€TEXT.rRezrsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.plMW Perl€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 Linker????Obj Import x86TEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.plMW Perl€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86zò {ú@@zò main{ú@¢‰@{ú@MRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/????APPL||6€@Z_BÛÚÞZYoR^|0B8PXZSJJALúXŽS;[Zþ~{Z¶FKÚ_^ê:BjZFÌ@bXÂ[[;²ÿïWZêÚzr]›xVHP‚ZPP;^z~ÓÞÜN¿ÊZßìúšKMRHRÚZ{V/P âZ;CZÚvþ{[ÜÛÚ—[R:ÊRXIX*\zZVV0ÙÚSÚCÿ:˚Μ_ÚºÒZBÐpúZÒ[P]4B pËZÚN>K^vÞ[V[ k>ªAqZzú8XÚZˆXÝ~ßÞ^X’ŸZ:Þ{R[z:Z ybZV ÊJDHaû^0Y«þÚóÂ^þy*~Z^SZ(JTNXzP Z~XÛZ;Z~ÞZ\OZóÓ:[CRyZ š:ûów–z\Fšê~oÊz˜º³ÿ„E¯¬å황¥“çìá·¡5¦õ²‡­³¥þµî]¤Æ¥±%ëí…¼,!‡„¡…(…Åã¤×í‡ï€÷$¤Æîõ‰± …§M„ ¤±Õ…‡­„¼ä¡í¥¯´¿¿õ%¯§÷gõ¼e…Ì$…$  %$¤Ä!§«ç"ëǧ©ª’ª½ç妅G%1¥ ¥$'1•%%…%?ç—;ã°7äæ÷•÷n¥ˆ&,%ãUµ‡8¡$ç±¥D÷#¾¥§¿"é­ïwïµ…uŸ£¥…ä†÷¥…$p­å¨…¥¥§é5µ—䥽¥/$´­x¶‡‡…¡1Éá§,"Æ(µ¥µm¿¤½Û¼£­õ¯5…±“‰á ¡À%¥‡{÷/Á±¬…µý÷®%­¥­í·$¥ å'Ô¥±†”%!¾¡i¯—¯ã¢¹·¥wÖ´¡3¦‡% ¤‡£°6¤¹¥„€ñô-£'ô§©þ}%…Å=ý¤5$„¸m2¥¥¡¥#µ¡¿íçå„·%¥îå´µÅì1ù‘1…%E‰§Éá É”?¥&ù-…·ï·‡Å¬¢ÿ%çõµˆ¨$4í%ä%¯­÷Žµ½µtñµ§åÖè¹·÷宆…À¿e­/ …Ä5…‘Èþ%åì4àÇÉ—åõå…¬§5( (' ‘u¥¯¬ $…õü!·í´w÷§à…ä'ÿ%õ ŠáE¯§¥¨5Ì ¡‡±¬­¥mú–ņŸå±½í¡%¡ ´±£«°¥ÔÙ…,"÷Že¿u¥§…ï…ô ¯í%D÷§¦·$$‡é¡,gãÞmÅ¡·u¿¿ìô·e倥¥µ¡±å<7üУa!½m…¿±“!ï]¦ÿ¥µÅ­%0€1…„Í$ƒ¤¡¡<%¤¥µ»¿õ§‡´¥#ö%Çœùåµâ‘µ¥§¡µå í¬-¥é­í½­¥ôIùµ¡‰…,$!¤­¡ &¥€‚½Å¹vå¥ãí…塧ý¯5$04%¡“©±E cµ…íÅ%ýç½í±…ïE¯Å­e,¯ŒÄ%„ÀˆÅq%¤¥íµúu/¡§¯¿µ¤®å§¡E#„¥å¤$âx­çƒ!m‘!¿µú­ï'Áú´ÿ…”Aác9%íà­e¦·¤¥ëͳõ‰‡Ç­õ÷´„å…¡¤$±¡…á$Ô‡wíEׯ†òu¿ì=ã­à*奤 %4Mµ®­!€§Я³ç¯õý¦Ý5¯%±¯õ¤±ÅÄd¤Ž„IÅ ¬†¨1%¨©­­;‘¬·½µÝ/¨Ç'¤§ä'”°¥Œ´«]…¥$…uõ£¿õÌ`Wm?ãg‡ö4Å¥C%€€…¡áÀ4-ƒõÝå!ôö±¿‡…ÿ­'­¼mô·µ„Ŷ±§5¤Æ%­ì÷åÕU¡}¥½¥¥‡ìç¿\±•% È$åU—… †³ gïô¢§ÿͼ€ñ5¡½çõ猀£Ã…¡)¥µ…¡¡Å´·Û/µÿ§m¿¦…Á¡¿¥¬¥¤«$eµŒ²ˆ%õ5§#Å¿õõ®•µ¡¥õ•—÷'½ý  %ñ­…Œþ¬†5£´Õ¯·å¥ƒ¥¥í¥¥g§¾l$U‰pc8mstr €mstl!“€mstn((msti7mstrè?mstlèÌmstnèP(mstiè,mpsiè)mtglèxPLstí¬ Ñ.pref̹-1ÑIpref»A. Ípref±}/6$prefÿ): ÿ prefÛO;6>’pref4Ú<6ÐJpref¨z=ø mtslEmtplx€mtpsmtpiŒ8mtlo,L.prefËVK,zIprefnL0Ãpref¼ÎM0Ç$prefëX0ë pref`GY0õ’prefôZ1‡JprefT.[ Ÿ.prefƒÑikIprefj ›pref~Dkoc$prefˆUv prefVÄwo‡’pref%hxpJpref—cy¸prefµ¢ùÀ prefC’úprefMb prefdoxpref,…Ù€ pref¥ûÚ prefNN/| 2prefM¦U}©¹PprefMáa~ªprefN]—R8prefMfwŒ prefMÉ”‚¶•prefŽ¹Á4prefc¼¼õprefs¥‘®mall•¤maplÄÇpref:…—ÉÏ\pref9ÜÓ˜Ï3pref9h™T moti(prefbE›0prefnÀœJHpref¹ Ó5pref¤ëžÙIprefÑŸ+/prefy ebprefäH¡±  pref q¢]pref&£J prefפq pref Ý¥}prefßϦirprefZ±§9>prefî]¨ÄprefÈ©´)Úprefô£ªjxbprefÑ«ÒprefÕ8¬‹ pref1­æ prefÌ®¨cÄpref×8¯·¥prefq󰸽¨pref¶b±Ì.prefÅó²À  pref«Ô³ò"prefÀñ´ CprefÑ€µ Wprefݶ™ prefð’·©'’pref»$¸¶jprefò³¹÷Ypref¶Gº¥pref§ç»ú_Žprefó}¼ÿípref@—½Âpref/¾õÜprefP;¿jÚ2pref ÏÀÑ€prefcÁQpref±ñÂÃ%ØprefWà epref:QÄ qpref^¾Åcyrus-sasl-2.1.25/mac/sc_shlb/sc_shlb_carbon.h0000777000076400007640000000004007403027662016135 00000000000000#define TARGET_API_MAC_CARBON 1 cyrus-sasl-2.1.25/mac/sc_shlb/sc_shlb.rsrc.sit.hqx0000666000076400007640000000064407403027661016736 00000000000000(This file must be converted with BinHex 4.0) :%(0MAh0SE')ZFR0bBbjcDA3!8dP8090*9#%!N!3"%`#3"*!!G90dG@CQ5A3J+'- T-6Nj0bda16Ni)%&XB@4ND@iJ8hPcG'9YFb`J5@jM,L`JD(4dF$S[,hH3!bjKE'& NC'PZFhPc,Q0[E5p6G(9QCNPd,`d+'J!&%!!!!4-!N!0b!!%!N!0bX'30TD95CA0 PFRCPC+@P!+@3"!%!!$`!!,H$@B1hJeQ6!*!0$*bL!*!1Ff0IFfKXBLjbFh*M!!( ZbR*cFQ058d9%!*!3J!#3#3%f!*!$-`#3"!m!3X(8q2@S2N23-B('m2KI(pa#6DA +L,R'QSirQM+#,h*hGLHl$"kFM'&fKK1,Gciq4Tk!er-!!!: cyrus-sasl-2.1.25/mac/sc_shlb/sc_shlb0000777000076400007640000022672107403027660014401 00000000000000cool(#1$Y xeCodeWarrior ProjectÅà6‰8ÅQRXj€çjpmEx ROOTFILEFILEFILEGRUP Mac LibrariesGRUPANSI LibrariesFILE FILE FILE FILE FILE FILEGRUP SASL-test-libFILEFILEFILEGRUP SourcesFILEFILE ð §` ˜` à  ¡ ÿÿÿÿd     JEYF ZG HIK LhiQRXSTUVW JavaClasses.jarZIP MWZPD67'+) #=>B<?@A"\042E(,* $!%/HJKDYIG.L-^d fM]biCe;&:9  [gh`NO ZPQWRST8UVacX153F_   ·¬;2ÐG|JavaClasses.zipJavaClasses.zip#CshPf 0‡ Add§PinRÆaPoiêMIte tRes' MenuI tConk Cont… oseC¥illCÄShowäHideÿMove$GetCGetCRjzeCo‰lite­GetCËtCTiætlVainCt%Ctl Elue gl Se†Test¤DragÃTracÕ Draö!€"nded5#istT$ àr%&±'Í(ê)  **+ —B,d$`-}.›/shP´0 0×1 Addø2PinR3aPoi64MIteX5tRest6Menu7tConª8ContÈ9oseCæ:illC;Show#GetC}?etCR›@zeCo¼A€ÛBGetCùCtCTiDtlVa8EinCtTFCtl qGlue ‘Hl Se±ITestÉJDragçKTrac L Dra "M ;N ^O P  Q ½R ßS ûT U 1V OW mXKeys Y ªZImpo Æ[PW I ã\KBa ]lpM "^68K C_l 68 b`F Im €a€ bnded ¿cist ÛdTarg øect D fSett 8g Set PheSaf ni@ ‹j ©k Âl åm në` 'o L DpÒ%sÓ fqg: Ò ‚rë ›sANSI ¸t 68k ÖuKeyw ôvI Cowk:Ac1xhsAMyole jzet S{ANSI­| 68kÐ}ppinñ~ConsBuil0€ANSTr‚‘ƒ³„Յ4ˆW‰zŠ™‹½ŒÛöŽ5U‘x’˜“»”Ü•ü–—?˜]™|šž›ÀœÚúžŸB e¡„¢¨£Ƥᥦ §@¨c©ƒª¦«Ǭç­®*¯H°g±‰²«³Å´åµ ¶-·P¸o¹“º±»̼ë½ ¾+¿JÀjÁ…§ÃÆÄäÅÆ"ÇBÈ]Éʞ˼ÌÛÍúÎÏ5ÐWÑvÒ”Ó³ÔÕÕôÖ×6ØUÙsÚÛ®ÜÑÝîÞ ß-àNágâ†ã¤äÃåÝæç#èEécê†ë£ì½íÛîúïð:ñXòuó“ôµõÔöö÷ø5ùSúpûŽü±ýÎþìÿ .Gf„£½á  % C f ƒ  » Ú ù!!8!U!s!•!´!Ö!ö""3"P"n"‘"®"Ì"í #!#'"#F##d$#ƒ%#&#Á'#ã($)$#*$F+$c,$}-$›.$º/$Ù0$ú1%2%53%S4%z5%ž6%Å7%ê8&9&1:&Y;&{<&ž=&Ä>&ê?'@',A'OB'sC'’D'»E'âF( G(,H(TI(vJ(•K(¸L(ÜM)N)&O)IP)kQ)ŽR)°S)ÏT)ñU*V*0W*NX*qY*ŽZ*¬[*Í\*î]+^+&_+D`+ca+}b+¡c+Ãd+åe,f,&g,Ch,]i,{j,šk,¹l,Úm,øn-o-3p-Uq-tr-–s-¶t-Õu-óv.w.3x.Qy.rz.“{.¬|.Ë}.é~//"€/F/h‚/Šƒ/¨„/Ë…/è†0‡0 ˆ0?‰0^Š0‹0Œ0º0ØŽ0ø116‘1X’1“1¦”1Í•1ì–2—23˜2Y™2vš2›2³œ2Ì2âž2ûŸ3 3(¡3B¢3[£3p¤3Š¥3¨¦3¼§3Ѩ3é©4ª4«4,¬4A­4[®4y¯4°4ž±4³²4ɳ4ß´4÷µ5 ¶5*·5H¸5\¹5qº5‡»5œ¼5¯½5ʾ5á¿5ýÀ6Á6(Â6AÃ6WÄ6oÅ89:;47<=>36?@ABCDEFGHIJKL5MNOPVWXYRUZ[\QT]^_`abcdefghijSklmn~€z}‚ƒ„y|…¾¿À†‡ˆ‰Š‹ŒŽ{ÁÂÃĬ­®¯¨«°±²§ª³ÌÍ䵶·¸¹º»¼½©ÏÐÑÒ•–—˜‘”™š›“œÅÆÇžŸ ¡¢£¤¥¦’ÈÉÊË$%&' #()*"+,-./012345678!9:;<`abc\_def[^ghijklmnopqrst]uvwx  BCDE>AFGH=@IJKLMNOPQRSTUV?WXYZtu’vwpsxyzo•Žr{–—|}~€˜‚ƒ“„…†‡ˆ”q‰Š‘™‹Œ¢£¤¥¦œºŸ§¨©› ¡ž»¼½¾¿ÀÁªÂ묭®¯°±¹²š³´Äµ¶·¸ÚÛÜÝÔØ×ÞßàÓÖÙáâãäåæçèéêëìíîÕïðñò !"#$%&'()*+,-./012úûüýôø÷þÿóöù     õd]·¢«*/ÇJavaClasses.zipMSIEInternet ExplorerIexplore.exe a.out@U {MSIEInternet ExplorerIexplore.exe a.out@U {ANSI Console MultiFirst Segment:a.outLib Import 68KMPW Import 68KBalloon HelpMW C/C++ 68KMW Pascal 68KRezPEF Import 68KANSI Console 68kHelloWorld.cMSL C.68K Fa(4i_8d).LibMSL Runtime68K.LibMathLib68K Fa(4i/8d).LibMSL C++.68K Fa(4i_8d).LibMacOS.libMSL SIOUX.68K.LibANSI Console PPC:ANSI Console PPC.outLib Import PPCMW C/C++ PPCMW Pascal PPCPPCAsmXCOFF Import PPCPEF Import PPCMSL C++.PPC.LibMSL C.PPC.LibInterfaceLibMathLibMSL RuntimePPC.LibMSL SIOUX.PPC.Lib:ANSI Console 68k.outANSI Console FAT:Merge Out:ANSI Console FAT.outANSI Console 68k.outANSI Console PPC.outMathLib68K Fa(4i_8d).Lib:ANSI C Console 68kANSI C Console 68k:ANSI C Console PPCANSI C Console PPC:ANSI C Console FATANSI C Console FATGameCode ConverterFlex PreprocessorBison Preprocessor:Std C Console 68KStd C Console 68K:Std C Console PPCStd C Console PPC:Std C Console FATStd C Console FAT68K Standard C Console68K Std C ConsolePPC Std C ConsoleMSL C.68K (2i).LibMSL C++.68K (2i).LibMathLib68K (2i).Lib:HelloWorld.c:Bin:MSL C++.PPC.Lib:Bin:MSL C.PPC.Lib:Libraries:MacOS Common:InterfaceLib:Libraries:MacOS Common:MathLib:Libraries:Runtime:Runtime PPC:MSL RuntimePPC.Lib:Bin:MSL SIOUX.PPC.LibMacOS PPC LinkerCustom KeywordsAccess PathsTarget SettingsFile MappingsBuild ExtrasDebugger TargetC/C++ CompilerC/C++ WarningsFTP PanelIR OptimizerPascal CompilerPascal WarningsPPC CodeGenPPC DisassemblerPPC LinkerPPC PEFPPC ProjectPPCAsm PanelRez CompilerPPC Global OptimizerSource TreesDebugger RuntimePerl PanelMW Perl:sc_shlb.outlibdes.shlbgetopt.cxxx_client_mac_lib.cparse_cmd_line.csample-client.clibsasl.shlbsc_shlibgetsubopt.cmac_testing_notes.cinstall.cOutput FlagsPackager Panellibsasl2.shlb!M\ ( J°7OlFS`lin r ’ Ÿ €·ÊþàdãbjdýÑÿÿÿ*objd@O\ÿÿj‡obqpt‚‘¡lace¯=g¼Ä× ÿé!ÿ"#½$$ÿÿôà1%F&ë ['t(¥0ˆ)@›*Jav¯+.zipÂ,Ö-é.ëü/0ut!142F3Y4k5APPL~6GXck7PC§8 ¡¹9 Ë:Þ;½%°ó<ÿÿô¼=>ë*?=@bA‚B´CËDÜEìFùG HI$J4KCLRM\NiOyP‰Q•R¦S±T¹UÅVÒWßXôYZ[\%]2^>_G`\amb}cŠd“eŸf³g½hÊiÙj     ^_`abefgj}% ÿÿÿÿ& »'Ø(øÿÿÿÿ*0+N,ÿÿÿÿk-@‰. ¢/ÿÿÿÿ0æ12ë$ÿÿÿÿF4b5@{6ÿÿÿÿ˜7¶8Ô9ÿÿÿÿ:k;-< àÿÿÿÿ ¡ëÿÿÿÿ ž@k §`ce NewGDevic àosÿÿÿÿvice SetGDevice GetGDevice Colorndÿÿÿÿndex2Color InvertColor RealColoretÿÿÿÿable UpdatePixMap MakeITable AddarÿÿÿÿddComp SetClientID ProtectEntry seÿÿÿÿntry SetEntriesQDError SetWinCor ÿÿÿÿuxWin SetCtlColo ¡Pë aÔ°ÿÿÿÿetNe à ¢Pë aÈ Qÿÿÿÿ ¢pkÀ §`~ÿ_34 ¡P`ÿÿÿÿ|}ÿa4{|}ÿb34  @:ÿÿÿÿ@::include:ÿÿÿÿ:::include:ÿÿÿÿ::libdes:public:ÿÿÿÿ@::mac_lib:ÿÿÿÿ@:::sample:ÿÿÿÿ@ ::libsasl:ÿÿÿÿ@ :::lib:ÿÿÿÿ@ ::readme:ÿÿÿÿ@ ::(reference):ÿÿÿÿ@ :MSL:werks Standard Library:MSL Precompiled Header:ÿÿÿÿ@:MacOS Support:ÿÿÿÿ@ MacOS PPC Linkersc_shlib Console: Std C Console 68K????APPL€XÀ????U {€ Merge Out????APPLDLGXckidProjWSPCJavaClasses.jarZIP MWZPMSIEInternet ExplorerIexplore.exe a.out@U {ANSI Console Multi:Custom KeywordsANSI Console Multi:Access PathsANSI Console Multi:Target SettingsANSI Console Multi:File MappingsANSI Console Multi:Build ExtrasANSI Console Multi:68K CodeGenANSI Console Multi:68K DisassemblerANSI Console Multi:68K LinkerANSI Console Multi:68K ProjectANSI Console Multi:C/C++ CompilerANSI Console Multi:C/C++ WarningsANSI Console Multi:CFM68KANSI Console Multi:IR OptimizerANSI Console Multi:Java OutputANSI Console Multi:Java ProjectANSI Console Multi:Java VMANSI Console Multi:MacOS Merge PanelANSI Console Multi:Pascal CompilerANSI Console Multi:Pascal WarningsANSI Console Multi:PPC CodeGenANSI Console Multi:PPC DisassemblerANSI Console Multi:PPC LinkerANSI Console Multi:PPC PEFANSI Console Multi:PPC ProjectANSI Console Multi:PPCAsm PanelANSI Console Multi:Rez CompilerANSI Console Multi:WinRC CompilerANSI Console Multi:x86 CodeGenANSI Console Multi:x86 LinkerANSI Console Multi:x86 ProjectProject File ListANSI Console 68k:Custom KeywordsANSI Console 68k:Access PathsANSI Console 68k:Target SettingsANSI Console 68k:File MappingsANSI Console 68k:Build ExtrasANSI Console 68k:68K CodeGenANSI Console 68k:68K DisassemblerANSI Console 68k:68K LinkerANSI Console 68k:68K ProjectANSI Console 68k:C/C++ CompilerANSI Console 68k:C/C++ WarningsANSI Console 68k:CFM68KANSI Console 68k:IR OptimizerANSI Console 68k:Java OutputANSI Console 68k:Java ProjectANSI Console 68k:Java VMANSI Console 68k:MacOS Merge PanelANSI Console 68k:Pascal CompilerANSI Console 68k:Pascal WarningsANSI Console 68k:PPC CodeGenANSI Console 68k:PPC DisassemblerANSI Console 68k:PPC LinkerANSI Console 68k:PPC PEFANSI Console 68k:PPC ProjectANSI Console 68k:PPCAsm PanelANSI Console 68k:Rez CompilerANSI Console 68k:WinRC CompilerANSI Console 68k:x86 CodeGenANSI Console 68k:x86 LinkerANSI Console 68k:x86 ProjectANSI Console PPC:Custom KeywordsANSI Console PPC:Access PathsANSI Console PPC:Target SettingsANSI Console PPC:File MappingsANSI Console PPC:Build ExtrasANSI Console PPC:68K CodeGenANSI Console PPC:68K DisassemblerANSI Console PPC:68K LinkerANSI Console PPC:68K ProjectANSI Console PPC:C/C++ CompilerANSI Console PPC:C/C++ WarningsANSI Console PPC:CFM68KANSI Console PPC:IR OptimizerANSI Console PPC:Java OutputANSI Console PPC:Java ProjectANSI Console PPC:Java VMANSI Console PPC:MacOS Merge PanelANSI Console PPC:Pascal CompilerANSI Console PPC:Pascal WarningsANSI Console PPC:PPC CodeGenANSI Console PPC:PPC DisassemblerANSI Console PPC:PPC LinkerANSI Console PPC:PPC PEFANSI Console PPC:PPC ProjectANSI Console PPC:PPCAsm PanelANSI Console PPC:Rez CompilerANSI Console PPC:WinRC CompilerANSI Console PPC:x86 CodeGenANSI Console PPC:x86 LinkerANSI Console PPC:x86 ProjectANSI Console FAT:Custom KeywordsANSI Console FAT:Access PathsANSI Console FAT:Target SettingsANSI Console FAT:File MappingsANSI Console FAT:Build ExtrasANSI Console FAT:68K CodeGenANSI Console FAT:68K DisassemblerANSI Console FAT:68K LinkerANSI Console FAT:68K ProjectANSI Console FAT:C/C++ CompilerANSI Console FAT:C/C++ WarningsANSI Console FAT:CFM68KANSI Console FAT:IR OptimizerANSI Console FAT:Java OutputANSI Console FAT:Java ProjectANSI Console FAT:Java VMANSI Console FAT:MacOS Merge PanelANSI Console FAT:Pascal CompilerANSI Console FAT:Pascal WarningsANSI Console FAT:PPC CodeGenANSI Console FAT:PPC DisassemblerANSI Console FAT:PPC LinkerANSI Console FAT:PPC PEFANSI Console FAT:PPC ProjectANSI Console FAT:PPCAsm PanelANSI Console FAT:Rez CompilerANSI Console FAT:WinRC CompilerANSI Console FAT:x86 CodeGenANSI Console FAT:x86 LinkerANSI Console FAT:x86 ProjectANSI C Console 68k:Custom KeywordsANSI C Console 68k:Access PathsANSI C Console 68k:Target SettingsANSI C Console 68k:File MappingsANSI C Console 68k:Build ExtrasANSI C Console 68k:68K CodeGenANSI C Console 68k:68K DisassemblerANSI C Console 68k:68K LinkerANSI C Console 68k:68K ProjectANSI C Console 68k:C/C++ CompilerANSI C Console 68k:C/C++ WarningsANSI C Console 68k:CFM68KANSI C Console 68k:IR OptimizerANSI C Console 68k:MacOS Merge PanelANSI C Console 68k:Pascal CompilerANSI C Console 68k:Pascal WarningsANSI C Console 68k:PPC CodeGenANSI C Console 68k:PPC DisassemblerANSI C Console 68k:PPC LinkerANSI C Console 68k:PPC PEFANSI C Console 68k:PPC ProjectANSI C Console 68k:PPCAsm PanelANSI C Console 68k:Rez CompilerANSI C Console PPC:Custom KeywordsANSI C Console PPC:Access PathsANSI C Console PPC:Target SettingsANSI C Console PPC:File MappingsANSI C Console PPC:Build ExtrasANSI C Console PPC:68K CodeGenANSI C Console PPC:68K DisassemblerANSI C Console PPC:68K LinkerANSI C Console PPC:68K ProjectANSI C Console PPC:C/C++ CompilerANSI C Console PPC:C/C++ WarningsANSI C Console PPC:CFM68KANSI C Console PPC:IR OptimizerANSI C Console PPC:MacOS Merge PanelANSI C Console PPC:Pascal CompilerANSI C Console PPC:Pascal WarningsANSI C Console PPC:PPC CodeGenANSI C Console PPC:PPC DisassemblerANSI C Console PPC:PPC LinkerANSI C Console PPC:PPC PEFANSI C Console PPC:PPC ProjectANSI C Console PPC:PPCAsm PanelANSI C Console PPC:Rez CompilerANSI C Console FAT:Custom KeywordsANSI C Console FAT:Access PathsANSI C Console FAT:Target SettingsANSI C Console FAT:File MappingsANSI C Console FAT:Build ExtrasANSI C Console FAT:68K CodeGenANSI C Console FAT:68K DisassemblerANSI C Console FAT:68K LinkerANSI C Console FAT:68K ProjectANSI C Console FAT:C/C++ CompilerANSI C Console FAT:C/C++ WarningsANSI C Console FAT:CFM68KANSI C Console FAT:IR OptimizerANSI C Console FAT:MacOS Merge PanelANSI C Console FAT:Pascal CompilerANSI C Console FAT:Pascal WarningsANSI C Console FAT:PPC CodeGenANSI C Console FAT:PPC DisassemblerANSI C Console FAT:PPC LinkerANSI C Console FAT:PPC PEFANSI C Console FAT:PPC ProjectANSI C Console FAT:PPCAsm PanelANSI C Console FAT:Rez CompilerANSI C Console 68k:Java OutputANSI C Console 68k:Java ProjectANSI C Console 68k:Java VMANSI C Console 68k:WinRC CompilerANSI C Console 68k:x86 CodeGenANSI C Console 68k:x86 LinkerANSI C Console 68k:x86 ProjectANSI C Console PPC:Java OutputANSI C Console PPC:Java ProjectANSI C Console PPC:Java VMANSI C Console PPC:WinRC CompilerANSI C Console PPC:x86 CodeGenANSI C Console PPC:x86 LinkerANSI C Console PPC:x86 ProjectANSI C Console FAT:Java OutputANSI C Console FAT:Java ProjectANSI C Console FAT:Java VMANSI C Console FAT:WinRC CompilerANSI C Console FAT:x86 CodeGenANSI C Console FAT:x86 LinkerANSI C Console FAT:x86 ProjectStd C Console 68K:Custom KeywordsStd C Console 68K:Access PathsStd C Console 68K:Target SettingsStd C Console 68K:File MappingsStd C Console 68K:Build ExtrasStd C Console 68K:Bison PanelStd C Console 68K:Flex PanelStd C Console 68K:68K CodeGenStd C Console 68K:68K DisassemblerStd C Console 68K:68K LinkerStd C Console 68K:68K ProjectStd C Console 68K:C/C++ CompilerStd C Console 68K:C/C++ WarningsStd C Console 68K:CFM68KStd C Console 68K:IR OptimizerStd C Console 68K:Java OutputStd C Console 68K:Java ProjectStd C Console 68K:Java VMStd C Console 68K:MacOS Merge PanelStd C Console 68K:Pascal CompilerStd C Console 68K:Pascal WarningsStd C Console 68K:PPC CodeGenStd C Console 68K:PPC DisassemblerStd C Console 68K:PPC LinkerStd C Console 68K:PPC PEFStd C Console 68K:PPC ProjectStd C Console 68K:PPCAsm PanelStd C Console 68K:Rez CompilerStd C Console 68K:WinRC CompilerStd C Console 68K:x86 CodeGenStd C Console 68K:x86 LinkerStd C Console 68K:x86 ProjectStd C Console PPC:Custom KeywordsStd C Console PPC:Access PathsStd C Console PPC:Target SettingsStd C Console PPC:File MappingsStd C Console PPC:Build ExtrasStd C Console PPC:Bison PanelStd C Console PPC:Flex PanelStd C Console PPC:68K CodeGenStd C Console PPC:68K DisassemblerStd C Console PPC:68K LinkerStd C Console PPC:68K ProjectStd C Console PPC:C/C++ CompilerStd C Console PPC:C/C++ WarningsStd C Console PPC:CFM68KStd C Console PPC:IR OptimizerStd C Console PPC:Java OutputStd C Console PPC:Java ProjectStd C Console PPC:Java VMStd C Console PPC:MacOS Merge PanelStd C Console PPC:Pascal CompilerStd C Console PPC:Pascal WarningsStd C Console PPC:PPC CodeGenStd C Console PPC:PPC DisassemblerStd C Console PPC:PPC LinkerStd C Console PPC:PPC PEFStd C Console PPC:PPC ProjectStd C Console PPC:PPCAsm PanelStd C Console PPC:Rez CompilerStd C Console PPC:WinRC CompilerStd C Console PPC:x86 CodeGenStd C Console PPC:x86 LinkerStd C Console PPC:x86 ProjectStd C Console FAT:Custom KeywordsStd C Console FAT:Access PathsStd C Console FAT:Target SettingsStd C Console FAT:File MappingsStd C Console FAT:Build ExtrasStd C Console FAT:Bison PanelStd C Console FAT:Flex PanelStd C Console FAT:68K CodeGenStd C Console FAT:68K DisassemblerStd C Console FAT:68K LinkerStd C Console FAT:68K ProjectStd C Console FAT:C/C++ CompilerStd C Console FAT:C/C++ WarningsStd C Console FAT:CFM68KStd C Console FAT:IR OptimizerStd C Console FAT:Java OutputStd C Console FAT:Java ProjectStd C Console FAT:Java VMStd C Console FAT:MacOS Merge PanelStd C Console FAT:Pascal CompilerStd C Console FAT:Pascal WarningsStd C Console FAT:PPC CodeGenStd C Console FAT:PPC DisassemblerStd C Console FAT:PPC LinkerStd C Console FAT:PPC PEFStd C Console FAT:PPC ProjectStd C Console FAT:PPCAsm PanelStd C Console FAT:Rez CompilerStd C Console FAT:WinRC CompilerStd C Console FAT:x86 CodeGenStd C Console FAT:x86 LinkerStd C Console FAT:x86 Project68K Standard C Console:Custom Keywords68K Standard C Console:Access Paths68K Standard C Console:Target Settings68K Standard C Console:File Mappings68K Standard C Console:Build Extras68K Standard C Console:68K CodeGen68K Standard C Console:68K Disassembler68K Standard C Console:68K Linker68K Standard C Console:68K Project68K Standard C Console:C/C++ Compiler68K Standard C Console:C/C++ Warnings68K Standard C Console:CFM68K68K Standard C Console:IR Optimizer68K Standard C Console:Java Output68K Standard C Console:Java Project68K Standard C Console:Java VM68K Standard C Console:MacOS Merge Panel68K Standard C Console:Pascal Compiler68K Standard C Console:Pascal Warnings68K Standard C Console:PPC CodeGen68K Standard C Console:PPC Disassembler68K Standard C Console:PPC Linker68K Standard C Console:PPC PEF68K Standard C Console:PPC Project68K Standard C Console:PPCAsm Panel68K Standard C Console:Rez Compiler68K Standard C Console:WinRC Compiler68K Standard C Console:x86 CodeGen68K Standard C Console:x86 Linker68K Standard C Console:x86 Project68K Std C Console:Custom Keywords68K Std C Console:Access Paths68K Std C Console:Target Settings68K Std C Console:File Mappings68K Std C Console:Build Extras68K Std C Console:68K CodeGen68K Std C Console:68K Disassembler68K Std C Console:68K Linker68K Std C Console:68K Project68K Std C Console:C/C++ Compiler68K Std C Console:C/C++ Warnings68K Std C Console:CFM68K68K Std C Console:IR Optimizer68K Std C Console:Java Output68K Std C Console:Java Project68K Std C Console:Java VM68K Std C Console:MacOS Merge Panel68K Std C Console:Pascal Compiler68K Std C Console:Pascal Warnings68K Std C Console:PPC CodeGen68K Std C Console:PPC Disassembler68K Std C Console:PPC Linker68K Std C Console:PPC PEF68K Std C Console:PPC Project68K Std C Console:PPCAsm Panel68K Std C Console:Rez Compiler68K Std C Console:WinRC Compiler68K Std C Console:x86 CodeGen68K Std C Console:x86 Linker68K Std C Console:x86 ProjectPPC Std C Console:Custom KeywordsPPC Std C Console:Access PathsPPC Std C Console:Target SettingsPPC Std C Console:File MappingsPPC Std C Console:Build ExtrasPPC Std C Console:68K CodeGenPPC Std C Console:68K DisassemblerPPC Std C Console:68K LinkerPPC Std C Console:68K ProjectPPC Std C Console:C/C++ CompilerPPC Std C Console:C/C++ WarningsPPC Std C Console:CFM68KPPC Std C Console:IR OptimizerPPC Std C Console:Java OutputPPC Std C Console:Java ProjectPPC Std C Console:Java VMPPC Std C Console:MacOS Merge PanelPPC Std C Console:Pascal CompilerPPC Std C Console:Pascal WarningsPPC Std C Console:PPC CodeGenPPC Std C Console:PPC DisassemblerPPC Std C Console:PPC LinkerPPC Std C Console:PPC PEFPPC Std C Console:PPC ProjectPPC Std C Console:PPCAsm PanelPPC Std C Console:Rez CompilerPPC Std C Console:WinRC CompilerPPC Std C Console:x86 CodeGenPPC Std C Console:x86 LinkerPPC Std C Console:x86 ProjectPPC Std C Console:Java LanguagePPC Std C Console:Debugger TargetPPC Std C Console:FTP PanelPPC Std C Console:JavaDoc ProjectPPC Std C Console:x86 Exceptions PanelPPC Std C Console:68K Global OptimizerPPC Std C Console:PPC Global OptimizerPPC Std C Console:Source TreesPPC Std C Console:Debugger RuntimePPC Std C Console:Java Command LinePPC Std C Console:Java MacOS SettingsPPC Std C Console:Perl PanelPPC Std C Console:x86 Global Optimizersc_shlib:Source Treessc_shlib:Custom Keywordssc_shlib:Access Pathssc_shlib:Target Settingssc_shlib:File Mappingssc_shlib:Build Extrassc_shlib:Debugger Runtimesc_shlib:Debugger Targetsc_shlib:68K CodeGensc_shlib:68K Disassemblersc_shlib:68K Global Optimizersc_shlib:68K Linkersc_shlib:68K Projectsc_shlib:C/C++ Compilersc_shlib:C/C++ Warningssc_shlib:CFM68Ksc_shlib:MacOS Merge Panelsc_shlib:PPC CodeGensc_shlib:PPC Disassemblersc_shlib:PPC Global Optimizersc_shlib:PPC Linkersc_shlib:PPC PEFsc_shlib:PPC Projectsc_shlib:PPCAsm Panelsc_shlib:Rez Compilersc_shlib:WinRC Compilersc_shlib:x86 CodeGensc_shlib:x86 Exceptions Panelsc_shlib:x86 Global Optimizersc_shlib:x86 Linkersc_shlib:x86 Projectsc_shlib:Remote Debugsc_shlib:Auto-targetsc_shlib:FTP Panelsc_shlib:Java Command Linesc_shlib:Java Languagesc_shlib:Java MRJAppBuildersc_shlib:Java Outputsc_shlib:Java Projectsc_shlib:JavaDoc Projectsc_shlib:Output Flagssc_shlib:Packager Panelsc_shlib:x86 Disassembler__sta__start  MSIEInternet ExplorererIexplore.exeoreruJITONAME.EXE@__startMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/main sc_shlb.outle PPC????APPLhh@XÀ???? NONAME.EXE@ JBoundApp????ÿÿÿÿÿÿWINDnullWË ËÀÿÝË Ëàk40ÿÜðË http://java.sun.com/products/jdk/1.1/docs/api/ )Aï"S0<ÄËP3î€ÿÜðaÿ%®0UOË <aÿ%š0UO/ Hx B'aÿ%ˆ0UO/ HxJ/ VÀDIÀ/aÿ&¶0UO/ HxJ/ VÀDIÀ/aÿ&š0UO/ HxJ/VÀDIÀ/aÿ&~0UO/ HxJ/VÀDIÀ/aÿ&b0UO/ HxJ/VÀDIÀ/aÿ&F0UO/ HxJ/VÀDIÀ/aÿ&*0UO/ Hx J/VÀDIÀ/aÿ&0HW//aÿ,|/ HxHoaÿ'b0/ Hx?/NºþVHÀTO/aÿ%Ô0HoHoaÿ+/ HxNoneMMPr@TEXT.cRunTSScriptTEXT.plMW Perl€Java Linker .auJAR Importer@ .gifJAR Importer@RSRC`TEXT.cRunTSScriptTEXT.htmlTEXT.javaMW JavaTEXT.mfTEXT.plMW Perl€rsrc`.classMW Java.zipMW JavaMacOS 68K LinkerAPPL`Appl`MMLBLib Import 68KMPLFLib Import 68KMWCD`OBJ MPW Import 68KPLob`RSRC`TEXT.bhBalloon HelpTEXT.cMW C/C++ 68KTEXT.c++MW C/C++ 68KTEXT.ccMW C/C++ 68KTEXT.cpMW C/C++ 68KTEXT.cppMW C/C++ 68KTEXT.expTEXT.hMW C/C++ 68KTEXT.pchMW C/C++ 68K€TEXT.pch++MW C/C++ 68K€TEXT.plMW Perl€TEXT.rRezTEXT.segdocu`rsrc`shlbPEF Import 68KstubPEF Import 68K.docP.oMPW Import 68K.ppob`.rsrc`MacOS Merge APPL`Appl`RSRC`TEXT.bhBalloon HelpTEXT.cRunTSScriptTEXT.plMW Perl€TEXT.rRezrsrc`shlbMacOS PPC LinkerAPPL`Appl`MMLBLib Import PPCMPLFLib Import PPCMWCD`RSRC`TEXT.arrTEXT.bhBalloon HelpTEXT.cMW C/C++ PPCTEXT.c++MW C/C++ PPCTEXT.ccMW C/C++ PPCTEXT.cpMW C/C++ PPCTEXT.cppMW C/C++ PPCTEXT.expTEXT.hMW C/C++ PPCTEXT.pchMW C/C++ PPC€TEXT.pch++MW C/C++ PPC€TEXT.plMW Perl€TEXT.rRezTEXT.sPPCAsmXCOFXCOFF Import PPCdocu`rsrc`shlbPEF Import PPCstubPEF Import PPC.docP.oXCOFF Import PPC.ppob`.rsrc`Win32 x86 Linker????Obj Import x86TEXT.cMW C/C++ x86TEXT.c++MW C/C++ x86TEXT.ccMW C/C++ x86TEXT.cpMW C/C++ x86TEXT.cppMW C/C++ x86TEXT.defTEXT.hMW C/C++ x86TEXT.h++MW C/C++ x86TEXT.hppMW C/C++ x86TEXT.ordTEXT.pchMW C/C++ x86€TEXT.pch++MW C/C++ x86€TEXT.plMW Perl€TEXT.rcMW WinRCTEXT.resWinRes ImportiLIBLib Import x86iOBJObj Import x86.aLib Import x86.docP.libLib Import x86.oObj Import x86.objObj Import x86P'CODE' 'DATA' 'PICT'zò {ú@@zò main{ú@¢‰@{ú@MRJApplication WARZMSIEhttp://java.sun.com/products/jdk/1.1/docs/api/|1àÐ@ðX\õ{zžÏÒß|,Á*xIv8z[˜ÔÚŒhJ_ÊnÛRÜšKÎÚM~ÊJ ^{NnŠZR@JXÊLkÞY_`Þ]ÿxÞÚjÙHà*[QbZzz X›iJºKþ{ÓSûX6_ÚŸÑíC0yJLZÚF!)z^„K•ú¿ÿGÒ|y:ÝvRמûèYJ›Yv k Jzx@[Ú:JpÚ›Y\Š~öY{Zy#J^šp+????APPL||6€@Z_BÛÚÞZYoR^|0B8PXZSJJALúXŽS;[Zþ~{Z¶FKÚ_^ê:BjZFÌ@bXÂ[[;²ÿïWZêÚzr]›xVHP‚ZPP;^z~ÓÞÜN¿ÊZßìúšKMRHRÚZ{V/P âZ;CZÚvþ{[ÜÛÚ—[R:ÊRXIX*\zZVV0ÙÚSÚCÿ:˚Μ_ÚºÒZBÐpúZÒ[P]4B pËZÚN>K^vÞ[V[ k>ªAqZzú8XÚZˆXÝ~ßÞ^X’ŸZ:Þ{R[z:Z ybZV ÊJDHaû^0Y«þÚóÂ^þy*~Z^SZ(JTNXzP Z~XÛZ;Z~ÞZ\OZóÓ:[CRyZ š:ûów–z\Fšê~oÊz˜º³ÿ„E¯¬å황¥“çìá·¡5¦õ²‡­³¥þµî]¤Æ¥±%ëí…¼,!‡„¡…(…Åã¤×í‡ï€÷$¤Æîõ‰± …§M„ ¤±Õ…‡­„¼ä¡í¥¯´¿¿õ%¯§÷gõ¼e…Ì$…$  %$¤Ä!§«ç"ëǧ©ª’ª½ç妅G%1¥ ¥$'1•%%…%?ç—;ã°7äæ÷•÷n¥ˆ&,%ãUµ‡8¡$ç±¥D÷#¾¥§¿"é­ïwïµ…uŸ£¥…ä†÷¥…$p­å¨…¥¥§é5µ—䥽¥/$´­x¶‡‡…¡1Éá§,"Æ(µ¥µm¿¤½Û¼£­õ¯5…±“‰á ¡À%¥‡{÷/Á±¬…µý÷®%­¥­í·$¥ å'Ô¥±†”%!¾¡i¯—¯ã¢¹·¥wÖ´¡3¦‡% ¤‡£°6¤¹¥„€ñô-£'ô§©þ}%…Å=ý¤5$„¸m2¥¥¡¥#µ¡¿íçå„·%¥îå´µÅì1ù‘1…%E‰§Éá É”?¥&ù-…·ï·‡Å¬¢ÿ%çõµˆ¨$4í%ä%¯­÷Žµ½µtñµ§åÖè¹·÷宆…À¿e­/ …Ä5…‘Èþ%åì4àÇÉ—åõå…¬§5( (' ‘u¥¯¬ $…õü!·í´w÷§à…ä'ÿ%õ ŠáE¯§¥¨5Ì ¡‡±¬­¥mú–ņŸå±½í¡%¡ ´±£«°¥ÔÙ…,"÷Že¿u¥§…ï…ô ¯í%D÷§¦·$$‡é¡,gãÞmÅ¡·u¿¿ìô·e倥¥µ¡±å<7üУa!½m…¿±“!ï]¦ÿ¥µÅ­%0€1…„Í$ƒ¤¡¡<%¤¥µ»¿õ§‡´¥#ö%Çœùåµâ‘µ¥§¡µå í¬-¥é­í½­¥ôIùµ¡‰…,$!¤­¡ &¥€‚½Å¹vå¥ãí…塧ý¯5$04%¡“©±E cµ…íÅ%ýç½í±…ïE¯Å­e,¯ŒÄ%„ÀˆÅq%¤¥íµúu/¡§¯¿µ¤®å§¡E#„¥å¤$âx­çƒ!m‘!¿µú­ï'Áú´ÿ…”Aác9%íà­e¦·¤¥ëͳõ‰‡Ç­õ÷´„å…¡¤$±¡…á$Ô‡wíEׯ†òu¿ì=ã­à*奤 %4Mµ®­!€§Я³ç¯õý¦Ý5¯%±¯õ¤±ÅÄd¤Ž„IÅ ¬†¨1%¨©­­;‘¬·½µÝ/¨Ç'¤§ä'”°¥Œ´«]…¥$…uõ£¿õÌ`Wm?ãg‡ö4Å¥C%€€…¡áÀ4-ƒõÝå!ôö±¿‡…ÿ­'­¼mô·µ„Ŷ±§5¤Æ%­ì÷åÕU¡}¥½¥¥‡ìç¿\±•% È$åU—… †³ gïô¢§ÿͼ€ñ5¡½çõ猀£Ã…¡)¥µ…¡¡Å´·Û/µÿ§m¿¦…Á¡¿¥¬¥¤«$eµŒ²ˆ%õ5§#Å¿õõ®•µ¡¥õ•—÷'½ý  %ñ­…Œþ¬†5£´Õ¯·å¥ƒ¥¥í¥¥g§¾l$U‰pc8mstr €mstl!“€mstn((msti7mstrè?mstlèÌmstnèP(mstiè,mpsiè)mtglèxPLstí¬ Ñ.pref̹-1ÑIpref»A. Ípref±}/6$prefÿ): ÿ prefÛO;6>’pref4Ú<6ÐJpref¨z=ø mtslEmtplx€mtpsmtpi]8mtlo,L.prefËVK,zIprefnL0Ãpref¼ÎM0Ç$prefëX0ë pref`GY0õ’prefôZ1‡JprefT.[ Ÿ.prefƒÑikIprefj ›pref~Dkoc$prefˆUv prefVÄwo‡’pref%hxpJpref—cy¸prefµ¢ùÀ prefC’úprefMb prefdoxpref,…Ù€ pref¥ûÚ prefNN/| 2prefM¦U}©¹PprefMáa~ªprefN]—R8prefMfwŒ prefMÉ”‚¶•prefŽ¹Á4prefc¼¼õprefs¥‘®mall•¤maplÄÇpref:…—ÉÏ\pref9ÜÓ˜Ï3pref9h™T moti(prefbE›0prefnÀœJ0pref¹ cJpref¤ëžÓ5prefÑŸ+/prefy ± prefäH¡À  pref q¢9pref&£J prefפM pref Ý¥YprefßϦi^prefZ±§Œ>prefî]¨gprefÈ©·¥Úprefô£ªjdbprefÑ«ÊprefÕ8¬Þ pref1­è prefÌ®¨cÄpref×8¯µprefqó°Ã)¨pref¶b±Ì.prefÅó²ñE pref«Ô³ C"prefÀñ´ôprefÑ€µ eprefݶ prefð’·©'’pref»$¸ÃÑjprefò³¹óQpref¶Gº™pref§ç»öWŽprefó}¼ûåpref@—½ípref/¾ýÜprefP;¿jÆ2pref ÏÀÙ€prefcÁYpref±ñÂmØprefWÃEpref:QÄ pref^¾Åcyrus-sasl-2.1.25/lib/0000777000076400007640000000000011632367341011477 500000000000000cyrus-sasl-2.1.25/lib/seterror.c0000646000076400007640000001660211630151331013417 00000000000000/* seterror.c - sasl_seterror split out because glue libraries * can't pass varargs lists * Rob Siemborski * Tim Martin * split from common.c by Rolf Braun * $Id: seterror.c,v 1.10 2011/09/01 14:12:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef HAVE_SYSLOG #include #endif #include #include #include #include #include #include "saslint.h" #ifdef WIN32 /* need to handle the fact that errno has been defined as a function in a dll, not an extern int */ # ifdef errno # undef errno # endif /* errno */ #endif /* WIN32 */ #ifdef HAVE_UNISTD_H #include #endif /* this is apparently no longer a user function */ static int _sasl_seterror_usererr(int saslerr) { /* Hide the difference in a username failure and a password failure */ if (saslerr == SASL_NOUSER) return SASL_BADAUTH; /* otherwise return the error given; no transform necessary */ return saslerr; } /* set the error string which will be returned by sasl_errdetail() using * syslog()-style formatting (e.g. printf-style with %m as the string form * of an errno error) * * primarily for use by server callbacks such as the sasl_authorize_t * callback and internally to plug-ins * * This will also trigger a call to the SASL logging callback (if any) * with a level of SASL_LOG_FAIL unless the SASL_NOLOG flag is set. * * Messages should be sensitive to the current language setting. If there * is no SASL_CB_LANGUAGE callback messages MUST be US-ASCII otherwise UTF-8 * is used and use of RFC 2482 for mixed-language text is encouraged. * * if conn is NULL, function does nothing */ void sasl_seterror(sasl_conn_t *conn, unsigned flags, const char *fmt, ...) { size_t outlen=0; /* current length of output buffer */ size_t pos = 0; /* current position in format string */ size_t formatlen; int result; sasl_log_t *log_cb = NULL; void *log_ctx; int ival; char *cval; va_list ap; /* varargs thing */ char **error_buf; size_t *error_buf_len; if(!conn) { #ifndef SASL_OSX_CFMGLUE if(!(flags & SASL_NOLOG)) { /* See if we have a logging callback... */ result = _sasl_getcallback(NULL, SASL_CB_LOG, (sasl_callback_ft *)&log_cb, &log_ctx); if (result == SASL_OK && ! log_cb) result = SASL_FAIL; if (result != SASL_OK) return; log_cb(log_ctx, SASL_LOG_FAIL, "No sasl_conn_t passed to sasl_seterror"); } #endif /* SASL_OSX_CFMGLUE */ return; } else if(!fmt) return; /* we need to use a back end function to get the buffer because the cfm glue can't be rooting around in the internal structs */ _sasl_get_errorbuf(conn, &error_buf, &error_buf_len); formatlen = strlen(fmt); va_start(ap, fmt); /* start varargs */ while(pos9) done=1; } pos++; if (pos>formatlen) done=1; } } } (*error_buf)[outlen]='\0'; /* put 0 at end */ va_end(ap); #ifndef SASL_OSX_CFMGLUE if(!(flags & SASL_NOLOG)) { /* See if we have a logging callback... */ result = _sasl_getcallback(conn, SASL_CB_LOG, (sasl_callback_ft *)&log_cb, &log_ctx); if (result == SASL_OK && ! log_cb) result = SASL_FAIL; if (result != SASL_OK) return; result = log_cb(log_ctx, SASL_LOG_FAIL, conn->error_buf); } #endif /* SASL_OSX_CFMGLUE */ } cyrus-sasl-2.1.25/lib/checkpw.c0000646000076400007640000006612511306006125013203 00000000000000/* SASL server API implementation * Rob Siemborski * Tim Martin * $Id: checkpw.c,v 1.79 2009/05/08 00:43:44 murch Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include /* checkpw stuff */ #include #include "sasl.h" #include "saslutil.h" #include "saslplug.h" #include "saslint.h" #include #ifdef HAVE_UNISTD_H #include #endif #include #ifdef USE_DOORS #include #include #endif #include #ifndef WIN32 #include #include #include #include #else #include #endif #include #include #include #ifdef HAVE_PWD_H #include #endif /* HAVE_PWD_H */ #ifdef HAVE_SHADOW_H #include #endif /* HAVE_SHADOW_H */ #if defined(HAVE_PWCHECK) || defined(HAVE_SASLAUTHD) || defined(HAVE_AUTHDAEMON) # include # include # include # include # ifdef HAVE_UNISTD_H # include # endif #endif /* we store the following secret to check plaintext passwords: * * \0 * * where = MD5(, "sasldb", ) */ static int _sasl_make_plain_secret(const char *salt, const char *passwd, size_t passlen, sasl_secret_t **secret) { MD5_CTX ctx; unsigned sec_len = 16 + 1 + 16; /* salt + "\0" + hash */ *secret = (sasl_secret_t *) sasl_ALLOC(sizeof(sasl_secret_t) + sec_len * sizeof(char)); if (*secret == NULL) { return SASL_NOMEM; } _sasl_MD5Init(&ctx); _sasl_MD5Update(&ctx, salt, 16); _sasl_MD5Update(&ctx, "sasldb", 6); _sasl_MD5Update(&ctx, passwd, (unsigned int) passlen); memcpy((*secret)->data, salt, 16); (*secret)->data[16] = '\0'; _sasl_MD5Final((*secret)->data + 17, &ctx); (*secret)->len = sec_len; return SASL_OK; } /* verify user password using auxprop plugins */ static int auxprop_verify_password(sasl_conn_t *conn, const char *userstr, const char *passwd, const char *service __attribute__((unused)), const char *user_realm __attribute__((unused))) { int ret = SASL_FAIL; int result = SASL_OK; sasl_server_conn_t *sconn = (sasl_server_conn_t *)conn; const char *password_request[] = { SASL_AUX_PASSWORD, "*cmusaslsecretPLAIN", NULL }; struct propval auxprop_values[3]; if (!conn || !userstr) return SASL_BADPARAM; /* We need to clear any previous results and re-canonify to * ensure correctness */ prop_clear (sconn->sparams->propctx, 0); /* ensure its requested */ result = prop_request(sconn->sparams->propctx, password_request); if(result != SASL_OK) return result; result = _sasl_canon_user_lookup (conn, userstr, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, &(conn->oparams)); if(result != SASL_OK) return result; result = prop_getnames(sconn->sparams->propctx, password_request, auxprop_values); if (result < 0) { return result; } /* Verify that the returned s are correct. But we defer checking for NULL values till after we verify that a passwd is specified. */ if (!auxprop_values[0].name && !auxprop_values[1].name) { return SASL_NOUSER; } /* It is possible for us to get useful information out of just * the lookup, so we won't check that we have a password until now */ if(!passwd) { ret = SASL_BADPARAM; goto done; } if ((!auxprop_values[0].values || !auxprop_values[0].values[0]) && (!auxprop_values[1].values || !auxprop_values[1].values[0])) { return SASL_NOUSER; } /* At the point this has been called, the username has been canonified * and we've done the auxprop lookup. This should be easy. */ if(auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && !strcmp(auxprop_values[0].values[0], passwd)) { /* We have a plaintext version and it matched! */ return SASL_OK; } else if(auxprop_values[1].name && auxprop_values[1].values && auxprop_values[1].values[0]) { const char *db_secret = auxprop_values[1].values[0]; sasl_secret_t *construct; ret = _sasl_make_plain_secret(db_secret, passwd, strlen(passwd), &construct); if (ret != SASL_OK) { goto done; } if (!memcmp(db_secret, construct->data, construct->len)) { /* password verified! */ ret = SASL_OK; } else { /* passwords do not match */ ret = SASL_BADAUTH; } sasl_FREE(construct); } else { /* passwords do not match */ ret = SASL_BADAUTH; } /* erase the plaintext password */ sconn->sparams->utils->prop_erase(sconn->sparams->propctx, password_request[0]); done: /* We're not going to erase the property here because other people * may want it */ return ret; } /* Verify user password using auxprop plugins. Allow verification against a hashed password, * or non-retrievable password. Don't use cmusaslsecretPLAIN attribute. * * This function is similar to auxprop_verify_password(). */ static int auxprop_verify_password_hashed(sasl_conn_t *conn, const char *userstr, const char *passwd, const char *service __attribute__((unused)), const char *user_realm __attribute__((unused))) { int ret = SASL_FAIL; int result = SASL_OK; sasl_server_conn_t *sconn = (sasl_server_conn_t *)conn; const char *password_request[] = { SASL_AUX_PASSWORD, NULL }; struct propval auxprop_values[2]; unsigned extra_cu_flags = 0; if (!conn || !userstr) return SASL_BADPARAM; /* We need to clear any previous results and re-canonify to * ensure correctness */ prop_clear(sconn->sparams->propctx, 0); /* ensure its requested */ result = prop_request(sconn->sparams->propctx, password_request); if (result != SASL_OK) return result; /* We need to pass "password" down to the auxprop_lookup */ /* NB: We don't support binary passwords */ if (passwd != NULL) { prop_set (sconn->sparams->propctx, SASL_AUX_PASSWORD, passwd, -1); extra_cu_flags = SASL_CU_VERIFY_AGAINST_HASH; } result = _sasl_canon_user_lookup (conn, userstr, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID | extra_cu_flags, &(conn->oparams)); if (result != SASL_OK) return result; result = prop_getnames(sconn->sparams->propctx, password_request, auxprop_values); if (result < 0) { return result; } /* Verify that the returned s are correct. But we defer checking for NULL values till after we verify that a passwd is specified. */ if (!auxprop_values[0].name && !auxprop_values[1].name) { return SASL_NOUSER; } /* It is possible for us to get useful information out of just * the lookup, so we won't check that we have a password until now */ if (!passwd) { ret = SASL_BADPARAM; goto done; } if ((!auxprop_values[0].values || !auxprop_values[0].values[0])) { return SASL_NOUSER; } /* At the point this has been called, the username has been canonified * and we've done the auxprop lookup. This should be easy. */ /* NB: Note that if auxprop_lookup failed to verify the password, then the userPassword property value would be NULL */ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && !strcmp(auxprop_values[0].values[0], passwd)) { /* We have a plaintext version and it matched! */ return SASL_OK; } else { /* passwords do not match */ ret = SASL_BADAUTH; } done: /* We're not going to erase the property here because other people * may want it */ return ret; } #ifdef DO_SASL_CHECKAPOP int _sasl_auxprop_verify_apop(sasl_conn_t *conn, const char *userstr, const char *challenge, const char *response, const char *user_realm __attribute__((unused))) { int ret = SASL_BADAUTH; char *userid = NULL; char *realm = NULL; unsigned char digest[16]; char digeststr[33]; const char *password_request[] = { SASL_AUX_PASSWORD, NULL }; struct propval auxprop_values[2]; sasl_server_conn_t *sconn = (sasl_server_conn_t *)conn; MD5_CTX ctx; int i; if (!conn || !userstr || !challenge || !response) PARAMERROR(conn) /* We've done the auxprop lookup already (in our caller) */ /* sadly, APOP has no provision for storing secrets */ ret = prop_getnames(sconn->sparams->propctx, password_request, auxprop_values); if(ret < 0) { sasl_seterror(conn, 0, "could not perform password lookup"); goto done; } if(!auxprop_values[0].name || !auxprop_values[0].values || !auxprop_values[0].values[0]) { sasl_seterror(conn, 0, "could not find password"); ret = SASL_NOUSER; goto done; } _sasl_MD5Init(&ctx); _sasl_MD5Update(&ctx, challenge, strlen(challenge)); _sasl_MD5Update(&ctx, auxprop_values[0].values[0], strlen(auxprop_values[0].values[0])); _sasl_MD5Final(digest, &ctx); /* erase the plaintext password */ sconn->sparams->utils->prop_erase(sconn->sparams->propctx, password_request[0]); /* convert digest from binary to ASCII hex */ for (i = 0; i < 16; i++) sprintf(digeststr + (i*2), "%02x", digest[i]); if (!strncasecmp(digeststr, response, 32)) { /* password verified! */ ret = SASL_OK; } else { /* passwords do not match */ ret = SASL_BADAUTH; } done: if (ret == SASL_BADAUTH) sasl_seterror(conn, SASL_NOLOG, "login incorrect"); if (userid) sasl_FREE(userid); if (realm) sasl_FREE(realm); return ret; } #endif /* DO_SASL_CHECKAPOP */ #if defined(HAVE_PWCHECK) || defined(HAVE_SASLAUTHD) || defined(HAVE_AUTHDAEMON) /* * Wait for file descriptor to be writable. Return with error if timeout. */ static int write_wait(int fd, unsigned delta) { fd_set wfds; fd_set efds; struct timeval tv; /* * Wait for file descriptor fd to be writable. Retry on * interruptions. Return with error upon timeout. */ while (1) { FD_ZERO(&wfds); FD_ZERO(&efds); FD_SET(fd, &wfds); FD_SET(fd, &efds); tv.tv_sec = (long) delta; tv.tv_usec = 0; switch(select(fd + 1, 0, &wfds, &efds, &tv)) { case 0: /* Timeout. */ errno = ETIMEDOUT; return -1; case +1: if (FD_ISSET(fd, &wfds)) { /* Success, file descriptor is writable. */ return 0; } return -1; case -1: if (errno == EINTR || errno == EAGAIN) continue; default: /* Error catch-all. */ return -1; } } /* Not reached. */ return -1; } /* * Keep calling the writev() system call with 'fd', 'iov', and 'iovcnt' * until all the data is written out or an error/timeout occurs. */ static int retry_writev(int fd, struct iovec *iov, int iovcnt, unsigned delta) { int n; int i; int written = 0; static int iov_max = #ifdef MAXIOV MAXIOV #else #ifdef IOV_MAX IOV_MAX #else 8192 #endif #endif ; for (;;) { while (iovcnt && iov[0].iov_len == 0) { iov++; iovcnt--; } if (!iovcnt) return written; if (delta > 0) { if (write_wait(fd, delta)) return -1; } n = writev(fd, iov, iovcnt > iov_max ? iov_max : iovcnt); if (n == -1) { if (errno == EINVAL && iov_max > 10) { iov_max /= 2; continue; } if (errno == EINTR) continue; return -1; } written += n; for (i = 0; i < iovcnt; i++) { if ((int) iov[i].iov_len > n) { iov[i].iov_base = (char *)iov[i].iov_base + n; iov[i].iov_len -= n; break; } n -= iov[i].iov_len; iov[i].iov_len = 0; } if (i == iovcnt) return written; } } #endif #ifdef HAVE_PWCHECK /* pwcheck daemon-authenticated login */ static int pwcheck_verify_password(sasl_conn_t *conn, const char *userid, const char *passwd, const char *service __attribute__((unused)), const char *user_realm __attribute__((unused))) { int s; struct sockaddr_un srvaddr; int r; struct iovec iov[10]; static char response[1024]; unsigned start, n; char pwpath[1024]; if (strlen(PWCHECKDIR)+8+1 > sizeof(pwpath)) return SASL_FAIL; strcpy(pwpath, PWCHECKDIR); strcat(pwpath, "/pwcheck"); s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) return errno; memset((char *)&srvaddr, 0, sizeof(srvaddr)); srvaddr.sun_family = AF_UNIX; strncpy(srvaddr.sun_path, pwpath, sizeof(srvaddr.sun_path)); r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr)); if (r == -1) { sasl_seterror(conn,0,"cannot connect to pwcheck server"); return SASL_FAIL; } iov[0].iov_base = (char *)userid; iov[0].iov_len = strlen(userid)+1; iov[1].iov_base = (char *)passwd; iov[1].iov_len = strlen(passwd)+1; retry_writev(s, iov, 2, 0); start = 0; while (start < sizeof(response) - 1) { n = read(s, response+start, sizeof(response) - 1 - start); if (n < 1) break; start += n; } close(s); if (start > 1 && !strncmp(response, "OK", 2)) { return SASL_OK; } response[start] = '\0'; sasl_seterror(conn,0,response); return SASL_BADAUTH; } #endif #if defined(HAVE_SASLAUTHD) || defined(HAVE_AUTHDAEMON) static int read_wait(int fd, unsigned delta) { fd_set rfds; fd_set efds; struct timeval tv; /* * Wait for file descriptor fd to be readable. Retry on * interruptions. Return with error upon timeout. */ while (1) { FD_ZERO(&rfds); FD_ZERO(&efds); FD_SET(fd, &rfds); FD_SET(fd, &efds); tv.tv_sec = (long) delta; tv.tv_usec = 0; switch(select(fd + 1, &rfds, 0, &efds, &tv)) { case 0: /* Timeout. */ errno = ETIMEDOUT; return -1; case +1: if (FD_ISSET(fd, &rfds)) { /* Success, file descriptor is readable. */ return 0; } return -1; case -1: if (errno == EINTR || errno == EAGAIN) continue; default: /* Error catch-all. */ return -1; } } /* Not reached. */ return -1; } /* * Keep calling the read() system call until all the data is read in, * timeout, EOF, or an error occurs. This function returns the number * of useful bytes, or -1 if timeout/error. */ static int retry_read(int fd, void *buf0, unsigned nbyte, unsigned delta) { int nr; unsigned nleft = nbyte; char *buf = (char*) buf0; while (nleft >= 1) { if (delta > 0) { if (read_wait(fd, delta)) return -1; } nr = read(fd, buf, nleft); if (nr < 0) { if (errno == EINTR || errno == EAGAIN) continue; return -1; } else if (nr == 0) { break; } buf += nr; nleft -= nr; } return nbyte - nleft; } #endif #ifdef HAVE_SASLAUTHD /* saslauthd-authenticated login */ static int saslauthd_verify_password(sasl_conn_t *conn, const char *userid, const char *passwd, const char *service, const char *user_realm) { char response[1024]; char query[8192]; char *query_end = query; int s; struct sockaddr_un srvaddr; sasl_getopt_t *getopt; void *context; char pwpath[sizeof(srvaddr.sun_path)]; const char *p = NULL; char *freeme = NULL; #ifdef USE_DOORS door_arg_t arg; #endif /* check to see if the user configured a rundir */ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { getopt(context, NULL, "saslauthd_path", &p, NULL); } if (p) { strncpy(pwpath, p, sizeof(pwpath)); } else { if (strlen(PATH_SASLAUTHD_RUNDIR) + 4 + 1 > sizeof(pwpath)) return SASL_FAIL; strcpy(pwpath, PATH_SASLAUTHD_RUNDIR); strcat(pwpath, "/mux"); } /* Split out username/realm if necessary */ if(strrchr(userid,'@') != NULL) { char *rtmp; if(_sasl_strdup(userid, &freeme, NULL) != SASL_OK) goto fail; userid = freeme; rtmp = strrchr(userid,'@'); *rtmp = '\0'; user_realm = rtmp + 1; } /* * build request of the form: * * count authid count password count service count realm */ { unsigned short max_len, req_len, u_len, p_len, s_len, r_len; max_len = (unsigned short) sizeof(query); /* prevent buffer overflow */ if ((strlen(userid) > USHRT_MAX) || (strlen(passwd) > USHRT_MAX) || (strlen(service) > USHRT_MAX) || (user_realm && (strlen(user_realm) > USHRT_MAX))) { goto toobig; } u_len = (strlen(userid)); p_len = (strlen(passwd)); s_len = (strlen(service)); r_len = ((user_realm ? strlen(user_realm) : 0)); /* prevent buffer overflow */ req_len = 30; if (max_len - req_len < u_len) goto toobig; req_len += u_len; if (max_len - req_len < p_len) goto toobig; req_len += p_len; if (max_len - req_len < s_len) goto toobig; req_len += s_len; if (max_len - req_len < r_len) goto toobig; u_len = htons(u_len); p_len = htons(p_len); s_len = htons(s_len); r_len = htons(r_len); memcpy(query_end, &u_len, sizeof(unsigned short)); query_end += sizeof(unsigned short); while (*userid) *query_end++ = *userid++; memcpy(query_end, &p_len, sizeof(unsigned short)); query_end += sizeof(unsigned short); while (*passwd) *query_end++ = *passwd++; memcpy(query_end, &s_len, sizeof(unsigned short)); query_end += sizeof(unsigned short); while (*service) *query_end++ = *service++; memcpy(query_end, &r_len, sizeof(unsigned short)); query_end += sizeof(unsigned short); if (user_realm) while (*user_realm) *query_end++ = *user_realm++; } #ifdef USE_DOORS s = open(pwpath, O_RDONLY); if (s < 0) { sasl_seterror(conn, 0, "cannot open door to saslauthd server: %m", errno); goto fail; } arg.data_ptr = query; arg.data_size = query_end - query; arg.desc_ptr = NULL; arg.desc_num = 0; arg.rbuf = response; arg.rsize = sizeof(response); if (door_call(s, &arg) < 0) { /* Parameters are undefined */ close(s); sasl_seterror(conn, 0, "door call to saslauthd server failed: %m", errno); goto fail; } if (arg.data_ptr != response || arg.data_size >= sizeof(response)) { /* oh damn, we got back a really long response */ munmap(arg.rbuf, arg.rsize); close(s); sasl_seterror(conn, 0, "saslauthd sent an overly long response"); goto fail; } response[arg.data_size] = '\0'; close(s); #else /* unix sockets */ s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) { sasl_seterror(conn, 0, "cannot create socket for saslauthd: %m", errno); goto fail; } memset((char *)&srvaddr, 0, sizeof(srvaddr)); srvaddr.sun_family = AF_UNIX; strncpy(srvaddr.sun_path, pwpath, sizeof(srvaddr.sun_path)); { int r = connect(s, (struct sockaddr *) &srvaddr, sizeof(srvaddr)); if (r == -1) { close(s); sasl_seterror(conn, 0, "cannot connect to saslauthd server: %m", errno); goto fail; } } { struct iovec iov[8]; iov[0].iov_len = query_end - query; iov[0].iov_base = query; if (retry_writev(s, iov, 1, 0) == -1) { close(s); sasl_seterror(conn, 0, "write failed"); goto fail; } } { unsigned short count = 0; /* * read response of the form: * * count result */ if (retry_read(s, &count, sizeof(count), 0) < (int) sizeof(count)) { sasl_seterror(conn, 0, "size read failed"); goto fail; } count = ntohs(count); if (count < 2) { /* MUST have at least "OK" or "NO" */ close(s); sasl_seterror(conn, 0, "bad response from saslauthd"); goto fail; } count = (int)sizeof(response) <= count ? sizeof(response) - 1 : count; if (retry_read(s, response, count, 0) < count) { close(s); sasl_seterror(conn, 0, "read failed"); goto fail; } response[count] = '\0'; } close(s); #endif /* USE_DOORS */ if(freeme) free(freeme); if (!strncmp(response, "OK", 2)) { return SASL_OK; } sasl_seterror(conn, SASL_NOLOG, "authentication failed"); return SASL_BADAUTH; toobig: /* request just too damn big */ sasl_seterror(conn, 0, "saslauthd request too large"); fail: if (freeme) free(freeme); return SASL_FAIL; } #endif #ifdef HAVE_AUTHDAEMON /* * Preliminary support for Courier's authdaemond. */ #define AUTHDAEMON_IO_TIMEOUT 30 static int authdaemon_blocking(int fd, int block) { int f, r; /* Get the fd's blocking bit. */ f = fcntl(fd, F_GETFL, 0); if (f == -1) return -1; /* Adjust the bitmap accordingly. */ #ifndef O_NONBLOCK #define NB_BITMASK FNDELAY #else #define NB_BITMASK O_NONBLOCK #endif if (block) f &= ~NB_BITMASK; else f |= NB_BITMASK; #undef NB_BITMASK /* Adjust the fd's blocking bit. */ r = fcntl(fd, F_SETFL, f); if (r) return -1; /* Success. */ return 0; } static int authdaemon_connect(sasl_conn_t *conn, const char *path) { int r, s = -1; struct sockaddr_un srvaddr; if (strlen(path) >= sizeof(srvaddr.sun_path)) { sasl_seterror(conn, 0, "unix socket path too large", errno); goto fail; } s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) { sasl_seterror(conn, 0, "cannot create socket for connection to Courier authdaemond: %m", errno); goto fail; } memset((char *)&srvaddr, 0, sizeof(srvaddr)); srvaddr.sun_family = AF_UNIX; strncpy(srvaddr.sun_path, path, sizeof(srvaddr.sun_path) - 1); /* Use nonblocking unix socket connect(2). */ if (authdaemon_blocking(s, 0)) { sasl_seterror(conn, 0, "cannot set nonblocking bit: %m", errno); goto fail; } r = connect(s, (struct sockaddr *) &srvaddr, sizeof(srvaddr)); if (r == -1) { sasl_seterror(conn, 0, "cannot connect to Courier authdaemond: %m", errno); goto fail; } if (authdaemon_blocking(s, 1)) { sasl_seterror(conn, 0, "cannot clear nonblocking bit: %m", errno); goto fail; } return s; fail: if (s >= 0) close(s); return -1; } static char *authdaemon_build_query(const char *service, const char *authtype, const char *user, const char *passwd) { int sz; int l = strlen(service) + 1 + strlen(authtype) + 1 + strlen(user) + 1 + strlen(passwd) + 1; char *buf, n[5]; if (snprintf(n, sizeof(n), "%d", l) >= (int)sizeof(n)) return NULL; sz = strlen(n) + l + 20; if (!(buf = sasl_ALLOC(sz))) return NULL; snprintf(buf, sz, "AUTH %s\n%s\n%s\n%s\n%s\n\n", n, service, authtype, user, passwd); return buf; } static int authdaemon_read(int fd, void *buf0, unsigned sz) { int nr; char *buf = (char*) buf0; if (sz <= 1) return -1; if ((nr = retry_read(fd, buf0, sz - 1, AUTHDAEMON_IO_TIMEOUT)) < 0) return -1; /* We need a null-terminated buffer. */ buf[nr] = 0; /* Check for overflow condition. */ return nr + 1 < (int)sz ? 0 : -1; } static int authdaemon_write(int fd, void *buf0, unsigned sz) { int nw; struct iovec io; io.iov_len = sz; io.iov_base = buf0; nw = retry_writev(fd, &io, 1, AUTHDAEMON_IO_TIMEOUT); return nw == (int)sz ? 0 : -1; } static int authdaemon_talk(sasl_conn_t *conn, int sock, char *authreq) { char *str; char buf[8192]; if (authdaemon_write(sock, authreq, strlen(authreq))) goto _err_out; if (authdaemon_read(sock, buf, sizeof(buf))) goto _err_out; for (str = buf; *str; ) { char *sub; for (sub = str; *str; ++str) { if (*str == '\n') { *str++ = 0; break; } } if (strcmp(sub, ".") == 0) { /* success */ return SASL_OK; } if (strcmp(sub, "FAIL") == 0) { /* passwords do not match */ sasl_seterror(conn, SASL_NOLOG, "authentication failed"); return SASL_BADAUTH; } } _err_out: /* catchall: authentication error */ sasl_seterror(conn, 0, "could not verify password"); return SASL_FAIL; } static int authdaemon_verify_password(sasl_conn_t *conn, const char *userid, const char *passwd, const char *service, const char *user_realm __attribute__((unused))) { const char *p = NULL; sasl_getopt_t *getopt; void *context; int result = SASL_FAIL; char *query = NULL; int sock = -1; /* check to see if the user configured a rundir */ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) { getopt(context, NULL, "authdaemond_path", &p, NULL); } if (!p) { /* * XXX should we peek at Courier's build-time config ? */ p = PATH_AUTHDAEMON_SOCKET; } if ((sock = authdaemon_connect(conn, p)) < 0) goto out; if (!(query = authdaemon_build_query(service, "login", userid, passwd))) goto out; result = authdaemon_talk(conn, sock, query); out: if (sock >= 0) close(sock), sock = -1; if (query) sasl_FREE(query), query = 0; return result; } #endif #ifdef HAVE_ALWAYSTRUE static int always_true(sasl_conn_t *conn, const char *userstr, const char *passwd __attribute__((unused)), const char *service __attribute__((unused)), const char *user_realm __attribute__((unused))) { _sasl_log(conn, SASL_LOG_WARN, "AlwaysTrue Password Verifier Verified: %s", userstr); return SASL_OK; } #endif struct sasl_verify_password_s _sasl_verify_password[] = { { "auxprop", &auxprop_verify_password }, { "auxprop-hashed", &auxprop_verify_password_hashed }, #ifdef HAVE_PWCHECK { "pwcheck", &pwcheck_verify_password }, #endif #ifdef HAVE_SASLAUTHD { "saslauthd", &saslauthd_verify_password }, #endif #ifdef HAVE_AUTHDAEMON { "authdaemond", &authdaemon_verify_password }, #endif #ifdef HAVE_ALWAYSTRUE { "alwaystrue", &always_true }, #endif { NULL, NULL } }; cyrus-sasl-2.1.25/lib/auxprop.c0000646000076400007640000007472011630151331013255 00000000000000/* auxprop.c - auxilliary property support * Rob Siemborski * $Id: auxprop.c,v 1.21 2011/09/01 14:12:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include "saslint.h" struct proppool { struct proppool *next; size_t size; /* Size of Block */ size_t unused; /* Space unused in this pool between end * of char** area and beginning of char* area */ char data[1]; /* Variable Sized */ }; struct propctx { struct propval *values; struct propval *prev_val; /* Previous value used by set/setvalues */ unsigned used_values, allocated_values; char *data_end; /* Bottom of string area in current pool */ char **list_end; /* Top of list area in current pool */ struct proppool *mem_base; struct proppool *mem_cur; }; typedef struct auxprop_plug_list { struct auxprop_plug_list *next; const sasl_auxprop_plug_t *plug; } auxprop_plug_list_t; static auxprop_plug_list_t *auxprop_head = NULL; static struct proppool *alloc_proppool(size_t size) { struct proppool *ret; /* minus 1 for the one that is already a part of the array * in the struct */ size_t total_size = sizeof(struct proppool) + size - 1; ret = sasl_ALLOC(total_size); if(!ret) return NULL; memset(ret, 0, total_size); ret->size = ret->unused = size; return ret; } /* Resize a proppool. Invalidates the unused value for this pool */ static struct proppool *resize_proppool(struct proppool *pool, size_t size) { struct proppool *ret; if(pool->size >= size) return pool; ret = sasl_REALLOC(pool, sizeof(struct proppool) + size); if(!ret) return NULL; ret->size = size; return ret; } static int prop_init(struct propctx *ctx, unsigned estimate) { const unsigned VALUES_SIZE = PROP_DEFAULT * sizeof(struct propval); ctx->mem_base = alloc_proppool(VALUES_SIZE + estimate); if(!ctx->mem_base) return SASL_NOMEM; ctx->mem_cur = ctx->mem_base; ctx->values = (struct propval *)ctx->mem_base->data; ctx->mem_base->unused = ctx->mem_base->size - VALUES_SIZE; ctx->allocated_values = PROP_DEFAULT; ctx->used_values = 0; ctx->data_end = ctx->mem_base->data + ctx->mem_base->size; ctx->list_end = (char **)(ctx->mem_base->data + VALUES_SIZE); ctx->prev_val = NULL; return SASL_OK; } /* create a property context * estimate -- an estimate of the storage needed for requests & responses * 0 will use module default * returns NULL on error */ struct propctx *prop_new(unsigned estimate) { struct propctx *new_ctx; if(!estimate) estimate = PROP_DEFAULT * 255; new_ctx = sasl_ALLOC(sizeof(struct propctx)); if(!new_ctx) return NULL; if(prop_init(new_ctx, estimate) != SASL_OK) { prop_dispose(&new_ctx); } return new_ctx; } /* create new propctx which duplicates the contents of an existing propctx * returns -1 on error */ int prop_dup(struct propctx *src_ctx, struct propctx **dst_ctx) { struct proppool *pool; struct propctx *retval = NULL; unsigned i; int result; unsigned total_size = 0; size_t values_size; if(!src_ctx || !dst_ctx) return SASL_BADPARAM; /* What is the total allocated size of src_ctx? */ pool = src_ctx->mem_base; while(pool) { total_size += (unsigned) pool->size; pool = pool->next; } /* allocate the new context */ retval = prop_new(total_size); if(!retval) return SASL_NOMEM; retval->used_values = src_ctx->used_values; retval->allocated_values = src_ctx->used_values + 1; values_size = (retval->allocated_values * sizeof(struct propval)); retval->mem_base->unused = retval->mem_base->size - values_size; retval->list_end = (char **)(retval->mem_base->data + values_size); /* data_end should still be OK */ /* Now dup the values */ for(i=0; iused_values; i++) { retval->values[i].name = src_ctx->values[i].name; result = prop_setvals(retval, retval->values[i].name, src_ctx->values[i].values); if(result != SASL_OK) goto fail; } retval->prev_val = src_ctx->prev_val; *dst_ctx = retval; return SASL_OK; fail: if(retval) prop_dispose(&retval); return result; } /* * dispose of property context * ctx -- is disposed and set to NULL; noop if ctx or *ctx is NULL */ void prop_dispose(struct propctx **ctx) { struct proppool *tmp; if(!ctx || !*ctx) return; while((*ctx)->mem_base) { tmp = (*ctx)->mem_base; (*ctx)->mem_base = tmp->next; sasl_FREE(tmp); } sasl_FREE(*ctx); *ctx = NULL; return; } /* Add property names to request * ctx -- context from prop_new() * names -- list of property names; must persist until context freed * or requests cleared * * NOTE: may clear values from context as side-effect * returns -1 on error */ int prop_request(struct propctx *ctx, const char **names) { unsigned i, new_values, total_values; if(!ctx || !names) return SASL_BADPARAM; /* Count how many we need to add */ for(new_values=0; names[new_values]; new_values++); /* Do we need to add ANY? */ if(!new_values) return SASL_OK; /* We always want at least one extra to mark the end of the array */ total_values = new_values + ctx->used_values + 1; /* Do we need to increase the size of our propval table? */ if(total_values > ctx->allocated_values) { unsigned max_in_pool; /* Do we need a larger base pool? */ max_in_pool = (unsigned) (ctx->mem_base->size / sizeof(struct propval)); if(total_values <= max_in_pool) { /* Don't increase the size of the base pool, just use what we need */ ctx->allocated_values = total_values; ctx->mem_base->unused = ctx->mem_base->size - (sizeof(struct propval) * ctx->allocated_values); } else { /* We need to allocate more! */ unsigned new_alloc_length; size_t new_size; new_alloc_length = 2 * ctx->allocated_values; while(total_values > new_alloc_length) { new_alloc_length *= 2; } new_size = new_alloc_length * sizeof(struct propval); ctx->mem_base = resize_proppool(ctx->mem_base, new_size); if(!ctx->mem_base) { ctx->values = NULL; ctx->allocated_values = ctx->used_values = 0; return SASL_NOMEM; } /* It worked! Update the structure! */ ctx->values = (struct propval *)ctx->mem_base->data; ctx->allocated_values = new_alloc_length; ctx->mem_base->unused = ctx->mem_base->size - sizeof(struct propval) * ctx->allocated_values; } /* Clear out new propvals */ memset(&(ctx->values[ctx->used_values]), 0, sizeof(struct propval) * (ctx->allocated_values - ctx->used_values)); /* Finish updating the context -- we've extended the list! */ /* ctx->list_end = (char **)(ctx->values + ctx->allocated_values); */ /* xxx test here */ ctx->list_end = (char **)(ctx->values + total_values); } /* Now do the copy, or referencing rather */ for(i=0;iused_values;j++) { if(!strcmp(ctx->values[j].name, names[i])) { flag = 1; break; } } /* We already have it... skip! */ if(flag) continue; ctx->values[ctx->used_values++].name = names[i]; } prop_clear(ctx, 0); return SASL_OK; } /* return array of struct propval from the context * return value persists until next call to * prop_request, prop_clear or prop_dispose on context */ const struct propval *prop_get(struct propctx *ctx) { if(!ctx) return NULL; return ctx->values; } /* Fill in an array of struct propval based on a list of property names * return value persists until next call to * prop_request, prop_clear or prop_dispose on context * returns -1 on error (no properties ever requested, ctx NULL, etc) * returns number of matching properties which were found (values != NULL) * if a name requested here was never requested by a prop_request, then * the name field of the associated vals entry will be set to NULL */ int prop_getnames(struct propctx *ctx, const char **names, struct propval *vals) { int found_names = 0; struct propval *cur = vals; const char **curname; if(!ctx || !names || !vals) return SASL_BADPARAM; for(curname = names; *curname; curname++) { struct propval *val; for(val = ctx->values; val->name; val++) { if(!strcmp(*curname,val->name)) { found_names++; memcpy(cur, val, sizeof(struct propval)); goto next; } } /* If we are here, we didn't find it */ memset(cur, 0, sizeof(struct propval)); next: cur++; } return found_names; } /* clear values and optionally requests from property context * ctx -- property context * requests -- 0 = don't clear requests, 1 = clear requests */ void prop_clear(struct propctx *ctx, int requests) { struct proppool *new_pool, *tmp; unsigned i; /* We're going to need a new proppool once we reset things */ new_pool = alloc_proppool(ctx->mem_base->size + (ctx->used_values+1) * sizeof(struct propval)); if(requests) { /* We're wiping the whole shebang */ ctx->used_values = 0; } else { /* Need to keep around old requets */ struct propval *new_values = (struct propval *)new_pool->data; for(i=0; iused_values; i++) { new_values[i].name = ctx->values[i].name; } } while(ctx->mem_base) { tmp = ctx->mem_base; ctx->mem_base = tmp->next; sasl_FREE(tmp); } /* Update allocation-related metadata */ ctx->allocated_values = ctx->used_values+1; new_pool->unused = new_pool->size - (ctx->allocated_values * sizeof(struct propval)); /* Setup pointers for the values array */ ctx->values = (struct propval *)new_pool->data; ctx->prev_val = NULL; /* Setup the pools */ ctx->mem_base = ctx->mem_cur = new_pool; /* Reset list_end and data_end for the new memory pool */ ctx->list_end = (char **)((char *)ctx->mem_base->data + ctx->allocated_values * sizeof(struct propval)); ctx->data_end = (char *)ctx->mem_base->data + ctx->mem_base->size; return; } /* * erase the value of a property */ void prop_erase(struct propctx *ctx, const char *name) { struct propval *val; int i; if(!ctx || !name) return; for(val = ctx->values; val->name; val++) { if(!strcmp(name,val->name)) { if(!val->values) break; /* * Yes, this is casting away the const, but * we should be okay because the only place this * memory should be is in the proppool's */ for(i=0;val->values[i];i++) { memset((void *)(val->values[i]),0,strlen(val->values[i])); val->values[i] = NULL; } val->values = NULL; val->nvalues = 0; val->valsize = 0; break; } } return; } /****fetcher interfaces****/ /* format the requested property names into a string * ctx -- context from prop_new()/prop_request() * sep -- separator between property names (unused if none requested) * seplen -- length of separator, if < 0 then strlen(sep) will be used * outbuf -- output buffer * outmax -- maximum length of output buffer including NUL terminator * outlen -- set to length of output string excluding NUL terminator * returns 0 on success and amount of additional space needed on failure */ int prop_format(struct propctx *ctx, const char *sep, int seplen, char *outbuf, unsigned outmax, unsigned *outlen) { unsigned needed, flag = 0; struct propval *val; if (!ctx || !outbuf) return SASL_BADPARAM; if (!sep) seplen = 0; if (seplen < 0) seplen = (int) strlen(sep); /* If seplen is negative now we have overflow. But if you have a string longer than 2Gb, you are an idiot anyway */ if (seplen < 0) return SASL_BADPARAM; needed = seplen * (ctx->used_values - 1); for(val = ctx->values; val->name; val++) { needed += (unsigned) strlen(val->name); } if(!outmax) return (needed + 1); /* Because of unsigned funkiness */ if(needed > (outmax - 1)) return (needed - (outmax - 1)); *outbuf = '\0'; if(outlen) *outlen = needed; if(needed == 0) return SASL_OK; for(val = ctx->values; val->name; val++) { if(seplen && flag) { strncat(outbuf, sep, seplen); } else { flag = 1; } strcat(outbuf, val->name); } return SASL_OK; } /* add a property value to the context * ctx -- context from prop_new()/prop_request() * name -- name of property to which value will be added * if NULL, add to the same name as previous prop_set/setvals call * value -- a value for the property; will be copied into context * if NULL, remove existing values * vallen -- length of value, if <= 0 then strlen(value) will be used */ int prop_set(struct propctx *ctx, const char *name, const char *value, int vallen) { struct propval *cur; if(!ctx) return SASL_BADPARAM; if(!name && !ctx->prev_val) return SASL_BADPARAM; if(name) { struct propval *val; ctx->prev_val = NULL; for(val = ctx->values; val->name; val++) { if(!strcmp(name,val->name)){ ctx->prev_val = val; break; } } /* Couldn't find it! */ if(!ctx->prev_val) return SASL_BADPARAM; } cur = ctx->prev_val; if(name) /* New Entry */ { unsigned nvalues = 1; /* 1 for NULL entry */ const char **old_values = NULL; char **tmp, **tmp2; size_t size; if(cur->values) { if(!value) { /* If we would be adding a null value, then we are done */ return SASL_OK; } old_values = cur->values; tmp = (char **)cur->values; while(*tmp) { nvalues++; tmp++; } } if(value) { nvalues++; /* for the new value */ } size = nvalues * sizeof(char*); if(size > ctx->mem_cur->unused) { size_t needed; for(needed = ctx->mem_cur->size * 2; needed < size; needed *= 2); /* Allocate a new proppool */ ctx->mem_cur->next = alloc_proppool(needed); if(!ctx->mem_cur->next) return SASL_NOMEM; ctx->mem_cur = ctx->mem_cur->next; ctx->list_end = (char **)ctx->mem_cur->data; ctx->data_end = ctx->mem_cur->data + needed; } /* Grab the memory */ ctx->mem_cur->unused -= size; cur->values = (const char **)ctx->list_end; cur->values[nvalues - 1] = NULL; /* Finish updating the context */ ctx->list_end = (char **)(cur->values + nvalues); /* If we don't have an actual value to fill in, we are done */ if(!value) return SASL_OK; tmp2 = (char **)cur->values; if(old_values) { tmp = (char **)old_values; while(*tmp) { *tmp2 = *tmp; tmp++; tmp2++; } } /* Now allocate the last entry */ if(vallen <= 0) size = (size_t)(strlen(value) + 1); else size = (size_t)(vallen + 1); if(size > ctx->mem_cur->unused) { size_t needed; needed = ctx->mem_cur->size * 2; while(needed < size) { needed *= 2; } /* Allocate a new proppool */ ctx->mem_cur->next = alloc_proppool(needed); if(!ctx->mem_cur->next) return SASL_NOMEM; ctx->mem_cur = ctx->mem_cur->next; ctx->list_end = (char **)ctx->mem_cur->data; ctx->data_end = ctx->mem_cur->data + needed; } /* Update the data_end pointer */ ctx->data_end -= size; ctx->mem_cur->unused -= size; /* Copy and setup the new value! */ memcpy(ctx->data_end, value, size-1); ctx->data_end[size - 1] = '\0'; cur->values[nvalues - 2] = ctx->data_end; cur->nvalues++; cur->valsize += ((unsigned) size - 1); } else /* Appending an entry */ { char **tmp; size_t size; /* If we are setting it to be NULL, we are done */ if(!value) return SASL_OK; size = sizeof(char*); /* Is it in the current pool, and will it fit in the unused space? */ if(size > ctx->mem_cur->unused && (void *)cur->values > (void *)(ctx->mem_cur->data) && (void *)cur->values < (void *)(ctx->mem_cur->data + ctx->mem_cur->size)) { /* recursively call the not-fast way */ return prop_set(ctx, cur->name, value, vallen); } /* Note the invariant: the previous value list must be at the top of the CURRENT pool at this point */ /* Grab the memory */ ctx->mem_cur->unused -= size; ctx->list_end++; *(ctx->list_end - 1) = NULL; tmp = (ctx->list_end - 2); /* Now allocate the last entry */ if(vallen <= 0) size = strlen(value) + 1; else size = vallen + 1; if(size > ctx->mem_cur->unused) { size_t needed; needed = ctx->mem_cur->size * 2; while(needed < size) { needed *= 2; } /* Allocate a new proppool */ ctx->mem_cur->next = alloc_proppool(needed); if(!ctx->mem_cur->next) return SASL_NOMEM; ctx->mem_cur = ctx->mem_cur->next; ctx->list_end = (char **)ctx->mem_cur->data; ctx->data_end = ctx->mem_cur->data + needed; } /* Update the data_end pointer */ ctx->data_end -= size; ctx->mem_cur->unused -= size; /* Copy and setup the new value! */ memcpy(ctx->data_end, value, size-1); ctx->data_end[size - 1] = '\0'; *tmp = ctx->data_end; cur->nvalues++; cur->valsize += ((unsigned) size - 1); } return SASL_OK; } /* set the values for a property * ctx -- context from prop_new()/prop_request() * name -- name of property to which value will be added * if NULL, add to the same name as previous prop_set/setvals call * values -- array of values, ending in NULL. Each value is a NUL terminated * string */ int prop_setvals(struct propctx *ctx, const char *name, const char **values) { const char **val = values; int result = SASL_OK; if(!ctx) return SASL_BADPARAM; /* If they want us to add no values, we can do that */ if(!values) return SASL_OK; /* Basically, use prop_set to do all our dirty work for us */ if(name) { result = prop_set(ctx, name, *val, 0); val++; } for(;*val;val++) { if(result != SASL_OK) return result; result = prop_set(ctx, NULL, *val,0); } return result; } /* Request a set of auxiliary properties * conn connection context * propnames list of auxiliary property names to request ending with * NULL. * * Subsequent calls will add items to the request list. Call with NULL * to clear the request list. * * errors * SASL_OK -- success * SASL_BADPARAM -- bad count/conn parameter * SASL_NOMEM -- out of memory */ int sasl_auxprop_request(sasl_conn_t *conn, const char **propnames) { int result; sasl_server_conn_t *sconn; if(!conn) return SASL_BADPARAM; if(conn->type != SASL_CONN_SERVER) PARAMERROR(conn); sconn = (sasl_server_conn_t *)conn; if(!propnames) { prop_clear(sconn->sparams->propctx,1); return SASL_OK; } result = prop_request(sconn->sparams->propctx, propnames); RETURN(conn, result); } /* Returns current auxiliary property context. * Use functions in prop.h to access content * * if authentication hasn't completed, property values may be empty/NULL * * properties not recognized by active plug-ins will be left empty/NULL * * returns NULL if conn is invalid. */ struct propctx *sasl_auxprop_getctx(sasl_conn_t *conn) { sasl_server_conn_t *sconn; if(!conn || conn->type != SASL_CONN_SERVER) return NULL; sconn = (sasl_server_conn_t *)conn; return sconn->sparams->propctx; } /* add an auxiliary property plugin */ int sasl_auxprop_add_plugin(const char *plugname, sasl_auxprop_init_t *auxpropfunc) { int result, out_version; auxprop_plug_list_t *new_item; sasl_auxprop_plug_t *plug; result = auxpropfunc(sasl_global_utils, SASL_AUXPROP_PLUG_VERSION, &out_version, &plug, plugname); /* Check if out_version is too old. We only support the current at the moment */ if (result == SASL_OK && out_version < SASL_AUXPROP_PLUG_VERSION) { result = SASL_BADVERS; } if(result != SASL_OK) { _sasl_log(NULL, SASL_LOG_ERR, "auxpropfunc error %s\n", sasl_errstring(result, NULL, NULL)); return result; } /* We require that this function is implemented */ if(!plug->auxprop_lookup) return SASL_BADPROT; new_item = sasl_ALLOC(sizeof(auxprop_plug_list_t)); if(!new_item) return SASL_NOMEM; /* These will load from least-important to most important */ new_item->plug = plug; new_item->next = auxprop_head; auxprop_head = new_item; return SASL_OK; } void _sasl_auxprop_free() { auxprop_plug_list_t *ptr, *ptr_next; for(ptr = auxprop_head; ptr; ptr = ptr_next) { ptr_next = ptr->next; if(ptr->plug->auxprop_free) ptr->plug->auxprop_free(ptr->plug->glob_context, sasl_global_utils); sasl_FREE(ptr); } auxprop_head = NULL; } /* Return the updated account status based on the current ("so far") and the specific status returned by the latest auxprop call */ static int _sasl_account_status (int current_status, int specific_status) { switch (specific_status) { case SASL_NOVERIFY: specific_status = SASL_OK; /* fall through */ case SASL_OK: if (current_status == SASL_NOMECH || current_status == SASL_NOUSER) { current_status = specific_status; } break; case SASL_NOUSER: if (current_status == SASL_NOMECH) { current_status = specific_status; } break; /* NOTE: The disabled flag sticks, unless we hit an error */ case SASL_DISABLED: if (current_status == SASL_NOMECH || current_status == SASL_NOUSER || current_status == SASL_OK) { current_status = specific_status; } break; case SASL_NOMECH: /* ignore */ break; /* SASL_UNAVAIL overrides everything */ case SASL_UNAVAIL: current_status = specific_status; break; default: current_status = specific_status; break; } return (current_status); } /* Do the callbacks for auxprop lookups */ int _sasl_auxprop_lookup(sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen) { sasl_getopt_t *getopt; int ret, found = 0; void *context; const char *plist = NULL; auxprop_plug_list_t *ptr; int result = SASL_NOMECH; if(_sasl_getcallback(sparams->utils->conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { ret = getopt(context, NULL, "auxprop_plugin", &plist, NULL); if(ret != SASL_OK) plist = NULL; } if(!plist) { /* Do lookup in all plugins */ /* TODO: Ideally, each auxprop plugin should be marked if its failure should be ignored or treated as a fatal error of the whole lookup. */ for(ptr = auxprop_head; ptr; ptr = ptr->next) { found=1; ret = ptr->plug->auxprop_lookup(ptr->plug->glob_context, sparams, flags, user, ulen); result = _sasl_account_status (result, ret); } } else { char *pluginlist = NULL, *freeptr = NULL, *thisplugin = NULL; if(_sasl_strdup(plist, &pluginlist, NULL) != SASL_OK) return SASL_NOMEM; thisplugin = freeptr = pluginlist; /* Do lookup in all *specified* plugins, in order */ while(*thisplugin) { char *p; int last=0; while(*thisplugin && isspace((int)*thisplugin)) thisplugin++; if(!(*thisplugin)) break; for(p = thisplugin;*p != '\0' && !isspace((int)*p); p++); if(*p == '\0') last = 1; else *p='\0'; for(ptr = auxprop_head; ptr; ptr = ptr->next) { /* Skip non-matching plugins */ if(!ptr->plug->name || strcasecmp(ptr->plug->name, thisplugin)) continue; found=1; ret = ptr->plug->auxprop_lookup(ptr->plug->glob_context, sparams, flags, user, ulen); result = _sasl_account_status (result, ret); } if(last) break; thisplugin = p+1; } sasl_FREE(freeptr); } if(!found) { _sasl_log(sparams->utils->conn, SASL_LOG_DEBUG, "could not find auxprop plugin, was searching for '%s'", plist ? plist : "[all]"); } return result; } /* Do the callbacks for auxprop stores */ int sasl_auxprop_store(sasl_conn_t *conn, struct propctx *ctx, const char *user) { sasl_getopt_t *getopt; int ret; void *context; const char *plist = NULL; auxprop_plug_list_t *ptr; sasl_server_params_t *sparams = NULL; unsigned userlen = 0; int num_constraint_violations = 0; int total_plugins = 0; if (ctx) { if (!conn || !user) return SASL_BADPARAM; sparams = ((sasl_server_conn_t *) conn)->sparams; userlen = (unsigned) strlen(user); } /* Pickup getopt callback from the connection, if conn is not NULL */ if(_sasl_getcallback(conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { ret = getopt(context, NULL, "auxprop_plugin", &plist, NULL); if(ret != SASL_OK) plist = NULL; } ret = SASL_OK; if(!plist) { /* Do store in all plugins */ for(ptr = auxprop_head; ptr && ret == SASL_OK; ptr = ptr->next) { total_plugins++; if (ptr->plug->auxprop_store) { ret = ptr->plug->auxprop_store(ptr->plug->glob_context, sparams, ctx, user, userlen); if (ret == SASL_CONSTRAINT_VIOLAT) { ret = SASL_OK; num_constraint_violations++; } } } } else { char *pluginlist = NULL, *freeptr = NULL, *thisplugin = NULL; if(_sasl_strdup(plist, &pluginlist, NULL) != SASL_OK) return SASL_FAIL; thisplugin = freeptr = pluginlist; /* Do store in all *specified* plugins, in order */ while(*thisplugin) { char *p; int last=0; while(*thisplugin && isspace((int)*thisplugin)) thisplugin++; if(!(*thisplugin)) break; for(p = thisplugin;*p != '\0' && !isspace((int)*p); p++); if(*p == '\0') last = 1; else *p='\0'; for(ptr = auxprop_head; ptr && ret == SASL_OK; ptr = ptr->next) { /* Skip non-matching plugins */ if((!ptr->plug->name || strcasecmp(ptr->plug->name, thisplugin))) continue; total_plugins++; if (ptr->plug->auxprop_store) { ret = ptr->plug->auxprop_store(ptr->plug->glob_context, sparams, ctx, user, userlen); if (ret == SASL_CONSTRAINT_VIOLAT) { ret = SASL_OK; num_constraint_violations++; } } } if(last) break; thisplugin = p+1; } sasl_FREE(freeptr); } if(total_plugins == 0) { _sasl_log(NULL, SASL_LOG_ERR, "could not find auxprop plugin, was searching for %s", plist ? plist : "[all]"); return SASL_FAIL; } else if (total_plugins == num_constraint_violations) { ret = SASL_CONSTRAINT_VIOLAT; } return ret; } /* It would be nice if we can show other information like Author, Company, Year, plugin version */ static void _sasl_print_mechanism (sasl_auxprop_plug_t *m, sasl_info_callback_stage_t stage, void *rock __attribute__((unused)) ) { if (stage == SASL_INFO_LIST_START) { printf ("List of auxprop plugins follows\n"); return; } else if (stage == SASL_INFO_LIST_END) { return; } /* Process the mechanism */ printf ("Plugin \"%s\" ", m->name); #ifdef NOT_YET switch (m->condition) { case SASL_OK: printf ("[loaded]"); break; case SASL_CONTINUE: printf ("[delayed]"); break; case SASL_NOUSER: printf ("[no users]"); break; default: printf ("[unknown]"); break; } #endif printf (", \tAPI version: %d\n", /* m->version */ SASL_AUXPROP_PLUG_VERSION); /* TODO - Update for auxprop_export, etc. */ printf ("\tsupports store: %s\n", (m->auxprop_store != NULL) ? "yes" : "no" ); /* No features defined yet */ #ifdef NOT_YET printf ("\n\tfeatures:"); #endif printf ("\n"); } /* Dump information about available auxprop plugins (separate functions are used for canon and server authentication plugins) */ int auxprop_plugin_info ( const char *c_mech_list, /* space separated mechanism list or NULL for ALL */ auxprop_info_callback_t *info_cb, void *info_cb_rock ) { auxprop_plug_list_t *m; sasl_auxprop_plug_t plug_data; char * cur_mech; char *mech_list = NULL; char * p; if (info_cb == NULL) { info_cb = _sasl_print_mechanism; } if (auxprop_head != NULL) { info_cb (NULL, SASL_INFO_LIST_START, info_cb_rock); if (c_mech_list == NULL) { m = auxprop_head; /* m point to beginning of the list */ while (m != NULL) { /* TODO: Need to be careful when dealing with auxprop_export, etc. */ memcpy (&plug_data, m->plug, sizeof(plug_data)); info_cb (&plug_data, SASL_INFO_LIST_MECH, info_cb_rock); m = m->next; } } else { mech_list = strdup(c_mech_list); cur_mech = mech_list; while (cur_mech != NULL) { p = strchr (cur_mech, ' '); if (p != NULL) { *p = '\0'; p++; } m = auxprop_head; /* m point to beginning of the list */ while (m != NULL) { if (strcasecmp (cur_mech, m->plug->name) == 0) { memcpy (&plug_data, m->plug, sizeof(plug_data)); info_cb (&plug_data, SASL_INFO_LIST_MECH, info_cb_rock); } m = m->next; } cur_mech = p; } free (mech_list); } info_cb (NULL, SASL_INFO_LIST_END, info_cb_rock); return (SASL_OK); } return (SASL_NOTINIT); } cyrus-sasl-2.1.25/lib/staticopen.h0000646000076400007640000001400011562561302013725 00000000000000/* staticopen.h * Rob Siemborski * Howard Chu * $Id: staticopen.h,v 1.9 2011/04/05 14:50:07 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ typedef enum { UNKNOWN = 0, SERVER = 1, CLIENT = 2, AUXPROP = 3, CANONUSER = 4 } _sasl_plug_type; typedef struct { _sasl_plug_type type; char *name; sasl_client_plug_init_t *plug; } _sasl_plug_rec; /* For static linking */ #define SPECIFIC_CLIENT_PLUG_INIT_PROTO( x ) \ sasl_client_plug_init_t x##_client_plug_init #define SPECIFIC_SERVER_PLUG_INIT_PROTO( x ) \ sasl_server_plug_init_t x##_server_plug_init #define SPECIFIC_AUXPROP_PLUG_INIT_PROTO( x ) \ sasl_auxprop_init_t x##_auxprop_plug_init #define SPECIFIC_CANONUSER_PLUG_INIT_PROTO( x ) \ sasl_canonuser_init_t x##_canonuser_plug_init /* Static Compillation Foo */ #define SPECIFIC_CLIENT_PLUG_INIT( x, n )\ { CLIENT, n, x##_client_plug_init } #define SPECIFIC_SERVER_PLUG_INIT( x, n )\ { SERVER, n, (sasl_client_plug_init_t *)x##_server_plug_init } #define SPECIFIC_AUXPROP_PLUG_INIT( x, n )\ { AUXPROP, n, (sasl_client_plug_init_t *)x##_auxprop_plug_init } #define SPECIFIC_CANONUSER_PLUG_INIT( x, n )\ { CANONUSER, n, (sasl_client_plug_init_t *)x##_canonuser_plug_init } #ifdef STATIC_ANONYMOUS extern SPECIFIC_SERVER_PLUG_INIT_PROTO( anonymous ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( anonymous ); #endif #ifdef STATIC_CRAMMD5 extern SPECIFIC_SERVER_PLUG_INIT_PROTO( crammd5 ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( crammd5 ); #endif #ifdef STATIC_DIGESTMD5 extern SPECIFIC_SERVER_PLUG_INIT_PROTO( digestmd5 ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( digestmd5 ); #endif #ifdef STATIC_SCRAM extern SPECIFIC_SERVER_PLUG_INIT_PROTO( scram ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( scram ); #endif #ifdef STATIC_GSSAPIV2 extern SPECIFIC_SERVER_PLUG_INIT_PROTO( gssapiv2 ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( gssapiv2 ); #endif #ifdef STATIC_KERBEROS4 extern SPECIFIC_SERVER_PLUG_INIT_PROTO( kerberos4 ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( kerberos4 ); #endif #ifdef STATIC_LOGIN extern SPECIFIC_SERVER_PLUG_INIT_PROTO( login ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( login ); #endif #ifdef STATIC_NTLM extern SPECIFIC_SERVER_PLUG_INIT_PROTO( ntlm ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( ntlm ); #endif #ifdef STATIC_OTP extern SPECIFIC_SERVER_PLUG_INIT_PROTO( otp ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( otp ); #endif #ifdef STATIC_PLAIN extern SPECIFIC_SERVER_PLUG_INIT_PROTO( plain ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( plain ); #endif #ifdef STATIC_SRP extern SPECIFIC_SERVER_PLUG_INIT_PROTO( srp ); extern SPECIFIC_CLIENT_PLUG_INIT_PROTO( srp ); #endif #ifdef STATIC_SASLDB extern SPECIFIC_AUXPROP_PLUG_INIT_PROTO( sasldb ); #endif #ifdef STATIC_SQL extern SPECIFIC_AUXPROP_PLUG_INIT_PROTO( sql ); #endif #ifdef STATIC_LDAPDB extern SPECIFIC_AUXPROP_PLUG_INIT_PROTO( ldapdb ); #endif _sasl_plug_rec _sasl_static_plugins[] = { #ifdef STATIC_ANONYMOUS SPECIFIC_SERVER_PLUG_INIT( anonymous, "ANONYMOUS" ), SPECIFIC_CLIENT_PLUG_INIT( anonymous, "ANONYMOUS" ), #endif #ifdef STATIC_CRAMMD5 SPECIFIC_SERVER_PLUG_INIT( crammd5, "CRAM-MD5" ), SPECIFIC_CLIENT_PLUG_INIT( crammd5, "CRAM-MD5" ), #endif #ifdef STATIC_DIGESTMD5 SPECIFIC_SERVER_PLUG_INIT( digestmd5, "DIGEST-MD5" ), SPECIFIC_CLIENT_PLUG_INIT( digestmd5, "DIGEST-MD5" ), #endif #ifdef STATIC_GSSAPIV2 SPECIFIC_SERVER_PLUG_INIT( gssapiv2, "GSSAPI" ), SPECIFIC_CLIENT_PLUG_INIT( gssapiv2, "GSSAPI" ), #endif #ifdef STATIC_KERBEROS4 SPECIFIC_SERVER_PLUG_INIT( kerberos4, "KERBEROS_V4" ), SPECIFIC_CLIENT_PLUG_INIT( kerberos4, "KERBEROS_V4" ), #endif #ifdef STATIC_LOGIN SPECIFIC_SERVER_PLUG_INIT( login, "LOGIN" ), SPECIFIC_CLIENT_PLUG_INIT( login, "LOGIN" ), #endif #ifdef STATIC_NTLM SPECIFIC_SERVER_PLUG_INIT( ntlm, "NTLM" ), SPECIFIC_CLIENT_PLUG_INIT( ntlm, "NTLM" ), #endif #ifdef STATIC_OTP SPECIFIC_SERVER_PLUG_INIT( otp, "OTP" ), SPECIFIC_CLIENT_PLUG_INIT( otp, "OTP" ), #endif #ifdef STATIC_PLAIN SPECIFIC_SERVER_PLUG_INIT( plain, "PLAIN" ), SPECIFIC_CLIENT_PLUG_INIT( plain, "PLAIN" ), #endif #ifdef STATIC_SRP SPECIFIC_SERVER_PLUG_INIT( srp, "SRP" ), SPECIFIC_CLIENT_PLUG_INIT( srp, "SRP" ), #endif #ifdef STATIC_SASLDB SPECIFIC_AUXPROP_PLUG_INIT( sasldb, "SASLDB" ), #endif #ifdef STATIC_SQL SPECIFIC_AUXPROP_PLUG_INIT( sql, "SQL" ), #endif #ifdef STATIC_LDAPDB SPECIFIC_AUXPROP_PLUG_INIT( ldapdb, "LDAPDB" ), #endif { UNKNOWN, NULL, NULL } }; cyrus-sasl-2.1.25/lib/saslint.h0000646000076400007640000003645111630151331013240 00000000000000/* saslint.h - internal SASL library definitions * Rob Siemborski * Tim Martin * $Id: saslint.h,v 1.73 2011/09/01 14:12:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef SASLINT_H #define SASLINT_H #include #include "sasl.h" #include "saslplug.h" #include "saslutil.h" #include "prop.h" #ifndef INLINE #if defined (WIN32) /* Visual Studio: "inline" keyword is not available in C, only in C++ */ #define INLINE __inline #else #define INLINE inline #endif #endif /* #define'd constants */ #define CANON_BUF_SIZE 1024 /* Error Handling Foo */ /* Helpful Hints: * -Error strings are set as soon as possible (first function in stack trace * with a pointer to the sasl_conn_t. * -Error codes are set as late as possible (only in the sasl api functions), * though "as often as possible" also comes to mind to ensure correctness * -Errors from calls to _buf_alloc, _sasl_strdup, etc are assumed to be * memory errors. * -Only errors (error codes < SASL_OK) should be remembered */ #define RETURN(conn, val) { if(conn && (val) < SASL_OK) \ (conn)->error_code = (val); \ return (val); } #define MEMERROR(conn) {\ if(conn) sasl_seterror( (conn), 0, \ "Out of Memory in " __FILE__ " near line %d", __LINE__ ); \ RETURN(conn, SASL_NOMEM) } #define PARAMERROR(conn) {\ if(conn) sasl_seterror( (conn), SASL_NOLOG, \ "Parameter error in " __FILE__ " near line %d", __LINE__ ); \ RETURN(conn, SASL_BADPARAM) } #define INTERROR(conn, val) {\ if(conn) sasl_seterror( (conn), 0, \ "Internal Error %d in " __FILE__ " near line %d", (val),\ __LINE__ ); \ RETURN(conn, (val)) } #ifndef PATH_MAX # ifdef WIN32 # define PATH_MAX MAX_PATH # else # ifdef _POSIX_PATH_MAX # define PATH_MAX _POSIX_PATH_MAX # else # define PATH_MAX 1024 /* arbitrary; probably big enough. * will probably only be 256+64 on * pre-posix machines */ # endif /* _POSIX_PATH_MAX */ # endif /* WIN32 */ #endif /* : Define directory delimiter in SASL_PATH/SASL_CONF_PATH variables */ #ifdef WIN32 #define PATHS_DELIMITER ';' #else #define PATHS_DELIMITER ':' #endif /* Datatype Definitions */ typedef struct { const sasl_callback_t *callbacks; const char *appname; } sasl_global_callbacks_t; extern sasl_global_callbacks_t global_callbacks; typedef struct _sasl_external_properties { sasl_ssf_t ssf; char *auth_id; } _sasl_external_properties_t; typedef struct sasl_string_list { const char *d; struct sasl_string_list *next; } sasl_string_list_t; typedef struct buffer_info { char *data; size_t curlen; size_t reallen; } buffer_info_t; typedef int add_plugin_t(const char *, void *); typedef struct add_plugin_list { const char *entryname; add_plugin_t *add_plugin; } add_plugin_list_t; enum Sasl_conn_type { SASL_CONN_UNKNOWN = 0, SASL_CONN_SERVER = 1, SASL_CONN_CLIENT = 2 }; struct sasl_conn { enum Sasl_conn_type type; void (*destroy_conn)(sasl_conn_t *); /* destroy function */ char *service; unsigned int flags; /* flags passed to sasl_*_new */ /* IP information. A buffer of size 52 is adequate for this in its longest format (see sasl.h) */ int got_ip_local, got_ip_remote; char iplocalport[NI_MAXHOST + NI_MAXSERV]; char ipremoteport[NI_MAXHOST + NI_MAXSERV]; void *context; sasl_out_params_t oparams; sasl_security_properties_t props; _sasl_external_properties_t external; sasl_secret_t *secret; int (*idle_hook)(sasl_conn_t *conn); const sasl_callback_t *callbacks; const sasl_global_callbacks_t *global_callbacks; /* global callbacks * connection */ char *serverFQDN; /* Pointers to memory that we are responsible for */ buffer_info_t *encode_buf; int error_code; char *error_buf, *errdetail_buf; size_t error_buf_len, errdetail_buf_len; char *mechlist_buf; size_t mechlist_buf_len; char *decode_buf; char user_buf[CANON_BUF_SIZE+1], authid_buf[CANON_BUF_SIZE+1]; /* Allocated by sasl_encodev if the output contains multiple SASL packet. */ buffer_info_t multipacket_encoded_data; }; /* Server Conn Type Information */ typedef struct mechanism { server_sasl_mechanism_t m; struct mechanism *next; } mechanism_t; typedef struct mech_list { const sasl_utils_t *utils; /* gotten from plug_init */ void *mutex; /* mutex for this data */ mechanism_t *mech_list; /* list of loaded mechanisms */ int mech_length; /* number of loaded mechanisms */ } mech_list_t; typedef struct context_list { mechanism_t *mech; void *context; /* if NULL, this mech is disabled for this connection * otherwise, use this context instead of a call * to mech_new */ struct context_list *next; } context_list_t; typedef struct sasl_server_conn { sasl_conn_t base; /* parts common to server + client */ char *appname; /* application name buffer (for sparams) */ char *user_realm; /* domain the user authenticating is in */ int sent_last; /* Have we already done the last send? */ int authenticated; mechanism_t *mech; /* mechanism trying to use */ sasl_server_params_t *sparams; context_list_t *mech_contexts; mechanism_t *mech_list; /* list of available mechanisms */ int mech_length; /* number of available mechanisms */ } sasl_server_conn_t; /* Client Conn Type Information */ typedef struct cmechanism { client_sasl_mechanism_t m; struct cmechanism *next; } cmechanism_t; typedef struct cmech_list { const sasl_utils_t *utils; void *mutex; /* mutex for this data */ cmechanism_t *mech_list; /* list of mechanisms */ int mech_length; /* number of mechanisms */ } cmech_list_t; typedef struct sasl_client_conn { sasl_conn_t base; /* parts common to server + client */ cmechanism_t *mech; sasl_client_params_t *cparams; char *clientFQDN; cmechanism_t *mech_list; /* list of available mechanisms */ int mech_length; /* number of available mechanisms */ } sasl_client_conn_t; typedef struct sasl_allocation_utils { sasl_malloc_t *malloc; sasl_calloc_t *calloc; sasl_realloc_t *realloc; sasl_free_t *free; } sasl_allocation_utils_t; typedef struct sasl_mutex_utils { sasl_mutex_alloc_t *alloc; sasl_mutex_lock_t *lock; sasl_mutex_unlock_t *unlock; sasl_mutex_free_t *free; } sasl_mutex_utils_t; typedef struct sasl_log_utils_s { sasl_log_t *log; } sasl_log_utils_t; typedef int sasl_plaintext_verifier(sasl_conn_t *conn, const char *userid, const char *passwd, const char *service, const char *user_realm); struct sasl_verify_password_s { char *name; sasl_plaintext_verifier *verify; }; /* * globals & constants */ /* * common.c */ LIBSASL_API const sasl_utils_t *sasl_global_utils; extern int (*_sasl_client_idle_hook)(sasl_conn_t *conn); extern int (*_sasl_server_idle_hook)(sasl_conn_t *conn); /* These return SASL_OK if we've actually finished cleanup, * SASL_NOTINIT if that part of the library isn't initialized, and * SASL_CONTINUE if we need to call them again */ extern int (*_sasl_client_cleanup_hook)(void); extern int (*_sasl_server_cleanup_hook)(void); extern sasl_allocation_utils_t _sasl_allocation_utils; extern sasl_mutex_utils_t _sasl_mutex_utils; extern int _sasl_allocation_locked; void sasl_common_done(void); extern int _sasl_is_equal_mech(const char *req_mech, const char *plug_mech, size_t req_mech_len, int *plus); /* * checkpw.c */ extern struct sasl_verify_password_s _sasl_verify_password[]; /* * server.c */ /* (this is a function call to ensure this is read-only to the outside) */ extern int _is_sasl_server_active(void); /* * Allocation and Mutex utility macros */ #define sasl_ALLOC(__size__) (_sasl_allocation_utils.malloc((__size__))) #define sasl_CALLOC(__nelem__, __size__) \ (_sasl_allocation_utils.calloc((__nelem__), (__size__))) #define sasl_REALLOC(__ptr__, __size__) \ (_sasl_allocation_utils.realloc((__ptr__), (__size__))) #define sasl_FREE(__ptr__) (_sasl_allocation_utils.free((__ptr__))) #define sasl_MUTEX_ALLOC() (_sasl_mutex_utils.alloc()) #define sasl_MUTEX_LOCK(__mutex__) (_sasl_mutex_utils.lock((__mutex__))) #define sasl_MUTEX_UNLOCK(__mutex__) (_sasl_mutex_utils.unlock((__mutex__))) #define sasl_MUTEX_FREE(__mutex__) \ (_sasl_mutex_utils.free((__mutex__))) /* function prototypes */ /* * dlopen.c and staticopen.c */ /* * The differences here are: * _sasl_load_plugins loads all plugins from all files * _sasl_get_plugin loads the LIBRARY for an individual file * _sasl_done_with_plugins frees the LIBRARIES loaded by the above 2 * _sasl_locate_entry locates an entrypoint in a given library */ extern int _sasl_load_plugins(const add_plugin_list_t *entrypoints, const sasl_callback_t *getpath_callback, const sasl_callback_t *verifyfile_callback); extern int _sasl_get_plugin(const char *file, const sasl_callback_t *verifyfile_cb, void **libraryptr); extern int _sasl_locate_entry(void *library, const char *entryname, void **entry_point); extern int _sasl_done_with_plugins(); /* * common.c */ extern const sasl_callback_t * _sasl_find_getpath_callback(const sasl_callback_t *callbacks); extern const sasl_callback_t * _sasl_find_getconfpath_callback(const sasl_callback_t *callbacks); extern const sasl_callback_t * _sasl_find_verifyfile_callback(const sasl_callback_t *callbacks); extern int _sasl_common_init(sasl_global_callbacks_t *global_callbacks); extern int _sasl_conn_init(sasl_conn_t *conn, const char *service, unsigned int flags, enum Sasl_conn_type type, int (*idle_hook)(sasl_conn_t *conn), const char *serverFQDN, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *callbacks, const sasl_global_callbacks_t *global_callbacks); extern void _sasl_conn_dispose(sasl_conn_t *conn); extern sasl_utils_t * _sasl_alloc_utils(sasl_conn_t *conn, sasl_global_callbacks_t *global_callbacks); extern int _sasl_free_utils(const sasl_utils_t ** utils); extern int _sasl_getcallback(sasl_conn_t * conn, unsigned long callbackid, sasl_callback_ft * pproc, void **pcontext); extern void _sasl_log(sasl_conn_t *conn, int level, const char *fmt, ...); void _sasl_get_errorbuf(sasl_conn_t *conn, char ***bufhdl, size_t **lenhdl); int _sasl_add_string(char **out, size_t *alloclen, size_t *outlen, const char *add); /* More Generic Utilities in common.c */ extern int _sasl_strdup(const char *in, char **out, size_t *outlen); /* Basically a conditional call to realloc(), if we need more */ int _buf_alloc(char **rwbuf, size_t *curlen, size_t newlen); /* convert an iovec to a single buffer */ int _iovec_to_buf(const struct iovec *vec, unsigned numiov, buffer_info_t **output); /* Convert between string formats and sockaddr formats */ int _sasl_iptostring(const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned outlen); int _sasl_ipfromstring(const char *addr, struct sockaddr *out, socklen_t outlen); /* * external plugin (external.c) */ int external_client_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_client_plug_t **pluglist, int *plugcount); int external_server_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_server_plug_t **pluglist, int *plugcount); /* Mech Listing Functions */ int _sasl_build_mechlist(void); int _sasl_server_listmech(sasl_conn_t *conn, const char *user, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount); int _sasl_client_listmech(sasl_conn_t *conn, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount); /* Just create a straight list of them */ sasl_string_list_t *_sasl_client_mechs(void); sasl_string_list_t *_sasl_server_mechs(void); /* * config file declarations (config.c) */ extern const char *sasl_config_getstring(const char *key,const char *def); /* checkpw.c */ #ifdef DO_SASL_CHECKAPOP extern int _sasl_auxprop_verify_apop(sasl_conn_t *conn, const char *userstr, const char *challenge, const char *response, const char *user_realm); #endif /* DO_SASL_CHECKAPOP */ /* Auxprop Plugin (sasldb.c) */ extern int sasldb_auxprop_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_auxprop_plug_t **plug, const char *plugname); /* * auxprop.c */ extern int _sasl_auxprop_add_plugin(void *p, void *library); extern void _sasl_auxprop_free(void); extern int _sasl_auxprop_lookup(sasl_server_params_t *sparams, unsigned flags, const char *user, unsigned ulen); /* * canonusr.c */ void _sasl_canonuser_free(); extern int internal_canonuser_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_canonuser_plug_t **plug, const char *plugname); extern int _sasl_canon_user(sasl_conn_t *conn, const char *user, unsigned ulen, unsigned flags, sasl_out_params_t *oparams); int _sasl_canon_user_lookup (sasl_conn_t *conn, const char *user, unsigned ulen, unsigned flags, sasl_out_params_t *oparams); /* * saslutil.c */ int get_fqhostname( char *name, int namelen, int abort_if_no_fqdn ); #endif /* SASLINT_H */ cyrus-sasl-2.1.25/lib/client.c0000646000076400007640000010507411630151331013032 00000000000000/* SASL client API implementation * Rob Siemborski * Tim Martin * $Id: client.c,v 1.86 2011/09/01 14:12:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #ifdef HAVE_UNISTD_H #include #endif /* SASL Headers */ #include "sasl.h" #include "saslplug.h" #include "saslutil.h" #include "saslint.h" static cmech_list_t *cmechlist; /* global var which holds the list */ sasl_global_callbacks_t global_callbacks_client; static int _sasl_client_active = 0; static int init_mechlist() { cmechlist->utils=_sasl_alloc_utils(NULL, &global_callbacks_client); if (cmechlist->utils==NULL) return SASL_NOMEM; cmechlist->mech_list=NULL; cmechlist->mech_length=0; return SASL_OK; } int sasl_client_done(void) { int result = SASL_CONTINUE; if (_sasl_server_cleanup_hook == NULL && _sasl_client_cleanup_hook == NULL) { return SASL_NOTINIT; } if (_sasl_client_cleanup_hook) { result = _sasl_client_cleanup_hook(); if (result == SASL_OK) { _sasl_client_idle_hook = NULL; _sasl_client_cleanup_hook = NULL; } else { return result; } } if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { return result; } sasl_common_done(); return SASL_OK; } static int client_done(void) { cmechanism_t *cm; cmechanism_t *cprevm; if (!_sasl_client_active) { return SASL_NOTINIT; } else { _sasl_client_active--; } if(_sasl_client_active) { /* Don't de-init yet! Our refcount is nonzero. */ return SASL_CONTINUE; } cm = cmechlist->mech_list; /* m point to beginning of the list */ while (cm != NULL) { cprevm = cm; cm = cm->next; if (cprevm->m.plug->mech_free) { cprevm->m.plug->mech_free(cprevm->m.plug->glob_context, cmechlist->utils); } sasl_FREE(cprevm->m.plugname); sasl_FREE(cprevm); } _sasl_free_utils(&cmechlist->utils); sasl_FREE(cmechlist); cmechlist = NULL; return SASL_OK; } /* This is nearly identical to the version in server.c. Keep in sync. */ static int mech_compare(const sasl_client_plug_t *a, const sasl_client_plug_t *b) { unsigned sec_diff; unsigned features_diff; /* XXX the following is fairly arbitrary, but its independent of the order in which the plugins are loaded */ sec_diff = a->security_flags ^ b->security_flags; if (sec_diff & a->security_flags & SASL_SEC_NOANONYMOUS) return 1; if (sec_diff & b->security_flags & SASL_SEC_NOANONYMOUS) return -1; if (sec_diff & a->security_flags & SASL_SEC_NOPLAINTEXT) return 1; if (sec_diff & b->security_flags & SASL_SEC_NOPLAINTEXT) return -1; if (sec_diff & a->security_flags & SASL_SEC_MUTUAL_AUTH) return 1; if (sec_diff & b->security_flags & SASL_SEC_MUTUAL_AUTH) return -1; if (sec_diff & a->security_flags & SASL_SEC_NOACTIVE) return 1; if (sec_diff & b->security_flags & SASL_SEC_NOACTIVE) return -1; if (sec_diff & a->security_flags & SASL_SEC_NODICTIONARY) return 1; if (sec_diff & b->security_flags & SASL_SEC_NODICTIONARY) return -1; if (sec_diff & a->security_flags & SASL_SEC_FORWARD_SECRECY) return 1; if (sec_diff & b->security_flags & SASL_SEC_FORWARD_SECRECY) return -1; features_diff = a->features ^ b->features; if (features_diff & a->features & SASL_FEAT_CHANNEL_BINDING) return 1; if (features_diff & b->features & SASL_FEAT_CHANNEL_BINDING) return -1; if (a->max_ssf > b->max_ssf) return 1; if (a->max_ssf < b->max_ssf) return -1; return 0; } int sasl_client_add_plugin(const char *plugname, sasl_client_plug_init_t *entry_point) { int plugcount; sasl_client_plug_t *pluglist; cmechanism_t *mech, *mp; int result; int version; int lupe; if (!plugname || !entry_point) return SASL_BADPARAM; result = entry_point(cmechlist->utils, SASL_CLIENT_PLUG_VERSION, &version, &pluglist, &plugcount); if (result != SASL_OK) { _sasl_log(NULL, SASL_LOG_WARN, "entry_point failed in sasl_client_add_plugin for %s", plugname); return result; } if (version != SASL_CLIENT_PLUG_VERSION) { _sasl_log(NULL, SASL_LOG_WARN, "version conflict in sasl_client_add_plugin for %s", plugname); return SASL_BADVERS; } for (lupe=0; lupe < plugcount; lupe++, pluglist++) { mech = sasl_ALLOC(sizeof(cmechanism_t)); if (!mech) return SASL_NOMEM; mech->m.plug = pluglist; if (_sasl_strdup(plugname, &mech->m.plugname, NULL) != SASL_OK) { sasl_FREE(mech); return SASL_NOMEM; } mech->m.version = version; /* sort mech_list by relative "strength" */ mp = cmechlist->mech_list; if (!mp || mech_compare(pluglist, mp->m.plug) >= 0) { /* add mech to head of list */ mech->next = cmechlist->mech_list; cmechlist->mech_list = mech; } else { /* find where to insert mech into list */ while (mp->next && mech_compare(pluglist, mp->next->m.plug) <= 0) mp = mp->next; mech->next = mp->next; mp->next = mech; } cmechlist->mech_length++; } return SASL_OK; } static int client_idle(sasl_conn_t *conn) { cmechanism_t *m; if (! cmechlist) return 0; for (m = cmechlist->mech_list; m; m = m->next) if (m->m.plug->idle && m->m.plug->idle(m->m.plug->glob_context, conn, conn ? ((sasl_client_conn_t *)conn)->cparams : NULL)) return 1; return 0; } /* initialize the SASL client drivers * callbacks -- base callbacks for all client connections * returns: * SASL_OK -- Success * SASL_NOMEM -- Not enough memory * SASL_BADVERS -- Mechanism version mismatch * SASL_BADPARAM -- error in config file * SASL_NOMECH -- No mechanisms available * ... */ int sasl_client_init(const sasl_callback_t *callbacks) { int ret; const add_plugin_list_t ep_list[] = { { "sasl_client_plug_init", (add_plugin_t *)sasl_client_add_plugin }, { "sasl_canonuser_init", (add_plugin_t *)sasl_canonuser_add_plugin }, { NULL, NULL } }; /* lock allocation type */ _sasl_allocation_locked++; if(_sasl_client_active) { /* We're already active, just increase our refcount */ /* xxx do something with the callback structure? */ _sasl_client_active++; return SASL_OK; } global_callbacks_client.callbacks = callbacks; global_callbacks_client.appname = NULL; cmechlist=sasl_ALLOC(sizeof(cmech_list_t)); if (cmechlist==NULL) return SASL_NOMEM; /* We need to call client_done if we fail now */ _sasl_client_active = 1; /* load plugins */ ret=init_mechlist(); if (ret!=SASL_OK) { client_done(); return ret; } sasl_client_add_plugin("EXTERNAL", &external_client_plug_init); ret = _sasl_common_init(&global_callbacks_client); if (ret == SASL_OK) ret = _sasl_load_plugins(ep_list, _sasl_find_getpath_callback(callbacks), _sasl_find_verifyfile_callback(callbacks)); if (ret == SASL_OK) { _sasl_client_cleanup_hook = &client_done; _sasl_client_idle_hook = &client_idle; ret = _sasl_build_mechlist(); } else { client_done(); } return ret; } static void client_dispose(sasl_conn_t *pconn) { sasl_client_conn_t *c_conn=(sasl_client_conn_t *) pconn; if (c_conn->mech && c_conn->mech->m.plug->mech_dispose) { c_conn->mech->m.plug->mech_dispose(pconn->context, c_conn->cparams->utils); } pconn->context = NULL; if (c_conn->clientFQDN) sasl_FREE(c_conn->clientFQDN); if (c_conn->cparams) { _sasl_free_utils(&(c_conn->cparams->utils)); sasl_FREE(c_conn->cparams); } if (c_conn->mech_list != cmechlist->mech_list) { /* free connection-specific mech_list */ cmechanism_t *m, *prevm; m = c_conn->mech_list; /* m point to beginning of the list */ while (m) { prevm = m; m = m->next; sasl_FREE(prevm); } } _sasl_conn_dispose(pconn); } /* initialize a client exchange based on the specified mechanism * service -- registered name of the service using SASL (e.g. "imap") * serverFQDN -- the fully qualified domain name of the server * iplocalport -- client IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * ipremoteport -- server IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * prompt_supp -- list of client interactions supported * may also include sasl_getopt_t context & call * NULL prompt_supp = user/pass via SASL_INTERACT only * NULL proc = interaction supported via SASL_INTERACT * secflags -- security flags (see above) * in/out: * pconn -- connection negotiation structure * pointer to NULL => allocate new * non-NULL => recycle storage and go for next available mech * * Returns: * SASL_OK -- success * SASL_NOMECH -- no mechanism meets requested properties * SASL_NOMEM -- not enough memory */ int sasl_client_new(const char *service, const char *serverFQDN, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *prompt_supp, unsigned flags, sasl_conn_t **pconn) { int result; char name[MAXHOSTNAMELEN]; sasl_client_conn_t *conn; sasl_utils_t *utils; sasl_getopt_t *getopt; void *context; const char *mlist = NULL; int plus = 0; if (_sasl_client_active == 0) return SASL_NOTINIT; /* Remember, serverFQDN, iplocalport and ipremoteport can be NULL and be valid! */ if (!pconn || !service) return SASL_BADPARAM; *pconn=sasl_ALLOC(sizeof(sasl_client_conn_t)); if (*pconn==NULL) { _sasl_log(NULL, SASL_LOG_ERR, "Out of memory allocating connection context"); return SASL_NOMEM; } memset(*pconn, 0, sizeof(sasl_client_conn_t)); (*pconn)->destroy_conn = &client_dispose; conn = (sasl_client_conn_t *)*pconn; conn->mech = NULL; conn->cparams=sasl_ALLOC(sizeof(sasl_client_params_t)); if (conn->cparams==NULL) MEMERROR(*pconn); memset(conn->cparams,0,sizeof(sasl_client_params_t)); result = _sasl_conn_init(*pconn, service, flags, SASL_CONN_CLIENT, &client_idle, serverFQDN, iplocalport, ipremoteport, prompt_supp, &global_callbacks_client); if (result != SASL_OK) RETURN(*pconn, result); utils = _sasl_alloc_utils(*pconn, &global_callbacks_client); if (utils == NULL) { MEMERROR(*pconn); } utils->conn= *pconn; conn->cparams->utils = utils; if(_sasl_getcallback(*pconn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { getopt(context, NULL, "client_mech_list", &mlist, NULL); } /* if we have a client_mech_list, create ordered list of available mechanisms for this conn */ if (mlist) { const char *cp; cmechanism_t *mptr, *tail = NULL; cmechanism_t *new; while (*mlist) { /* find end of current mech name */ for (cp = mlist; *cp && !isspace((int) *cp); cp++); /* search for mech name in loaded plugins */ for (mptr = cmechlist->mech_list; mptr; mptr = mptr->next) { const sasl_client_plug_t *plug = mptr->m.plug; if (_sasl_is_equal_mech(mlist, plug->mech_name, (size_t) (cp - mlist), &plus)) { /* found a match */ break; } } if (mptr) { new = sasl_ALLOC(sizeof(cmechanism_t)); if (!new) { result = SASL_NOMEM; goto failed_client_new; } memcpy(&new->m, &mptr->m, sizeof(client_sasl_mechanism_t)); new->next = NULL; if (!conn->mech_list) { conn->mech_list = new; tail = conn->mech_list; } else { tail->next = new; tail = new; } conn->mech_length++; } /* find next mech name */ mlist = cp; while (*mlist && isspace((int) *mlist)) mlist++; } } else { conn->mech_list = cmechlist->mech_list; conn->mech_length = cmechlist->mech_length; } if (conn->mech_list == NULL) { sasl_seterror(*pconn, 0, "No worthy mechs found"); result = SASL_NOMECH; goto failed_client_new; } /* Setup the non-lazy parts of cparams, the rest is done in * sasl_client_start */ conn->cparams->canon_user = &_sasl_canon_user_lookup; conn->cparams->flags = flags; conn->cparams->prompt_supp = (*pconn)->callbacks; /* get the clientFQDN (serverFQDN was set in _sasl_conn_init) */ memset(name, 0, sizeof(name)); if (get_fqhostname (name, MAXHOSTNAMELEN, 0) != 0) { return (SASL_FAIL); } result = _sasl_strdup(name, &conn->clientFQDN, NULL); if (result == SASL_OK) return SASL_OK; failed_client_new: /* result isn't SASL_OK */ _sasl_conn_dispose(*pconn); sasl_FREE(*pconn); *pconn = NULL; _sasl_log(NULL, SASL_LOG_ERR, "Out of memory in sasl_client_new"); return result; } static int have_prompts(sasl_conn_t *conn, const sasl_client_plug_t *mech) { static const unsigned long default_prompts[] = { SASL_CB_AUTHNAME, SASL_CB_PASS, SASL_CB_LIST_END }; const unsigned long *prompt; sasl_callback_ft pproc; void *pcontext; int result; for (prompt = (mech->required_prompts ? mech->required_prompts : default_prompts); *prompt != SASL_CB_LIST_END; prompt++) { result = _sasl_getcallback(conn, *prompt, &pproc, &pcontext); if (result != SASL_OK && result != SASL_INTERACT) return 0; /* we don't have this required prompt */ } return 1; /* we have all the prompts */ } static int _mech_plus_p(const char *mech, size_t len) { return (len > 5 && strncasecmp(&mech[len - 5], "-PLUS", 5) == 0); } /* * Order PLUS mechanisms first. Returns NUL separated list of * *count items. */ static int _sasl_client_order_mechs(const sasl_utils_t *utils, const char *mechs, int has_cb_data, char **ordered_mechs, size_t *count, int *server_can_cb) { char *list, *listp; size_t i, mechslen, start; *count = 0; *server_can_cb = 0; if (mechs == NULL || mechs[0] == '\0') return SASL_NOMECH; mechslen = strlen(mechs); listp = list = utils->malloc(mechslen + 1); if (list == NULL) return SASL_NOMEM; /* As per RFC 4422: * SASL mechanism allowable characters are "AZ-_" * separators can be any other characters and of any length * even variable lengths between. * * But for convenience we accept lowercase ASCII. * * Apps should be encouraged to simply use space or comma space * though */ #define ismechchar(c) (isalnum((c)) || (c) == '_' || (c) == '-') do { for (i = start = 0; i <= mechslen; i++) { if (!ismechchar(mechs[i])) { const char *mechp = &mechs[start]; size_t len = i - start; if (len != 0 && _mech_plus_p(mechp, len) == has_cb_data) { memcpy(listp, mechp, len); listp[len] = '\0'; listp += len + 1; (*count)++; if (*server_can_cb == 0 && has_cb_data) *server_can_cb = 1; } start = ++i; } } if (has_cb_data) has_cb_data = 0; else break; } while (1); if (*count == 0) { utils->free(list); return SASL_NOMECH; } *ordered_mechs = list; return SASL_OK; } static INLINE int _sasl_cbinding_disp(sasl_client_params_t *cparams, int mech_nego, int server_can_cb, sasl_cbinding_disp_t *cbindingdisp) { /* * If negotiating mechanisms, then we fail immediately if the * client requires channel binding and the server does not * advertise support. Otherwise we send "y" (which later will * become "p" if we select a supporting mechanism). * * If the client explicitly selected a mechanism, then we only * send channel bindings if they're marked critical. */ *cbindingdisp = SASL_CB_DISP_NONE; if (SASL_CB_PRESENT(cparams)) { if (mech_nego) { if (!server_can_cb && SASL_CB_CRITICAL(cparams)) { return SASL_NOMECH; } else { *cbindingdisp = SASL_CB_DISP_WANT; } } else if (SASL_CB_CRITICAL(cparams)) { *cbindingdisp = SASL_CB_DISP_USED; } } return SASL_OK; } /* select a mechanism for a connection * mechlist -- mechanisms server has available (punctuation ignored) * secret -- optional secret from previous session * output: * prompt_need -- on SASL_INTERACT, list of prompts needed to continue * clientout -- the initial client response to send to the server * mech -- set to mechanism name * * Returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory * SASL_NOMECH -- no mechanism meets requested properties * SASL_INTERACT -- user interaction needed to fill in prompt_need list */ /* * SASL mechanism allowable characters are "AZ-_" * separators can be any other characters and of any length * even variable lengths between. * * But for convenience we accept lowercase ASCII. * * Apps should be encouraged to simply use space or comma space * though */ int sasl_client_start(sasl_conn_t *conn, const char *mechlist, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, const char **mech) { sasl_client_conn_t *c_conn = (sasl_client_conn_t *) conn; char *ordered_mechs = NULL, *name; cmechanism_t *m = NULL, *bestm = NULL; size_t i, list_len, name_len; sasl_ssf_t bestssf = 0, minssf = 0; int result, server_can_cb = 0; sasl_cbinding_disp_t cbindingdisp; sasl_cbinding_disp_t cur_cbindingdisp; sasl_cbinding_disp_t best_cbindingdisp = SASL_CB_DISP_NONE; if (_sasl_client_active == 0) return SASL_NOTINIT; if (!conn) return SASL_BADPARAM; /* verify parameters */ if (mechlist == NULL) { PARAMERROR(conn); } /* if prompt_need != NULL we've already been here and just need to do the continue step again */ /* do a step */ /* FIXME: Hopefully they only give us our own prompt_need back */ if (prompt_need && *prompt_need != NULL) { goto dostep; } if (conn->props.min_ssf < conn->external.ssf) { minssf = 0; } else { minssf = conn->props.min_ssf - conn->external.ssf; } /* Order mechanisms so -PLUS are preferred */ result = _sasl_client_order_mechs(c_conn->cparams->utils, mechlist, SASL_CB_PRESENT(c_conn->cparams), &ordered_mechs, &list_len, &server_can_cb); if (result != 0) goto done; /* * Determine channel binding disposition based on whether we * are doing mechanism negotiation and whether server supports * channel bindings. */ result = _sasl_cbinding_disp(c_conn->cparams, (list_len > 1), server_can_cb, &cbindingdisp); if (result != 0) goto done; for (i = 0, name = ordered_mechs; i < list_len; i++) { name_len = strlen(name); /* for each mechanism in client's list */ for (m = c_conn->mech_list; m != NULL; m = m->next) { int myflags, plus; if (!_sasl_is_equal_mech(name, m->m.plug->mech_name, name_len, &plus)) { continue; } /* Do we have the prompts for it? */ if (!have_prompts(conn, m->m.plug)) break; /* Is it strong enough? */ if (minssf > m->m.plug->max_ssf) break; /* Does it meet our security properties? */ myflags = conn->props.security_flags; /* if there's an external layer this is no longer plaintext */ if ((conn->props.min_ssf <= conn->external.ssf) && (conn->external.ssf > 1)) { myflags &= ~SASL_SEC_NOPLAINTEXT; } if (((myflags ^ m->m.plug->security_flags) & myflags) != 0) { break; } /* Can we meet it's features? */ if (cbindingdisp == SASL_CB_DISP_USED && !(m->m.plug->features & SASL_FEAT_CHANNEL_BINDING)) { break; } if ((m->m.plug->features & SASL_FEAT_NEEDSERVERFQDN) && !conn->serverFQDN) { break; } /* Can it meet our features? */ if ((conn->flags & SASL_NEED_PROXY) && !(m->m.plug->features & SASL_FEAT_ALLOWS_PROXY)) { break; } if ((conn->flags & SASL_NEED_HTTP) && !(m->m.plug->features & SASL_FEAT_SUPPORTS_HTTP)) { break; } /* compare security flags, only take new mechanism if it has * all the security flags of the previous one. * * From the mechanisms we ship with, this yields the order: * * SRP * GSSAPI + KERBEROS_V4 * DIGEST + OTP * CRAM + EXTERNAL * PLAIN + LOGIN + ANONYMOUS * * This might be improved on by comparing the numeric value of * the bitwise-or'd security flags, which splits DIGEST/OTP, * CRAM/EXTERNAL, and PLAIN/LOGIN from ANONYMOUS, but then we * are depending on the numeric values of the flags (which may * change, and their ordering could be considered dumb luck. */ if (bestm && ((m->m.plug->security_flags ^ bestm->m.plug->security_flags) & bestm->m.plug->security_flags)) { break; } if (SASL_CB_PRESENT(c_conn->cparams) && plus) { cur_cbindingdisp = SASL_CB_DISP_USED; } else { cur_cbindingdisp = cbindingdisp; } if (bestm && (best_cbindingdisp > cur_cbindingdisp)) { break; } #ifdef PREFER_MECH if (strcasecmp(m->m.plug->mech_name, PREFER_MECH) && bestm && m->m.plug->max_ssf <= bestssf) { /* this mechanism isn't our favorite, and it's no better than what we already have! */ break; } #else if (bestm && m->m.plug->max_ssf <= bestssf) { /* this mechanism is no better than what we already have! */ break; } #endif if (mech) { *mech = m->m.plug->mech_name; } best_cbindingdisp = cur_cbindingdisp; bestssf = m->m.plug->max_ssf; bestm = m; break; } name += strlen(name) + 1; } if (bestm == NULL) { sasl_seterror(conn, 0, "No worthy mechs found"); result = SASL_NOMECH; goto done; } /* make (the rest of) cparams */ c_conn->cparams->service = conn->service; c_conn->cparams->servicelen = (unsigned) strlen(conn->service); if (conn->serverFQDN) { c_conn->cparams->serverFQDN = conn->serverFQDN; c_conn->cparams->slen = (unsigned) strlen(conn->serverFQDN); } c_conn->cparams->clientFQDN = c_conn->clientFQDN; c_conn->cparams->clen = (unsigned) strlen(c_conn->clientFQDN); c_conn->cparams->external_ssf = conn->external.ssf; c_conn->cparams->props = conn->props; c_conn->cparams->cbindingdisp = best_cbindingdisp; c_conn->mech = bestm; /* init that plugin */ result = c_conn->mech->m.plug->mech_new(c_conn->mech->m.plug->glob_context, c_conn->cparams, &(conn->context)); if (result != SASL_OK) goto done; /* do a step -- but only if we can do a client-send-first */ dostep: if(clientout) { if(c_conn->mech->m.plug->features & SASL_FEAT_SERVER_FIRST) { *clientout = NULL; *clientoutlen = 0; result = SASL_CONTINUE; } else { result = sasl_client_step(conn, NULL, 0, prompt_need, clientout, clientoutlen); } } else result = SASL_CONTINUE; done: if (ordered_mechs != NULL) c_conn->cparams->utils->free(ordered_mechs); RETURN(conn, result); } /* do a single authentication step. * serverin -- the server message received by the client, MUST have a NUL * sentinel, not counted by serverinlen * output: * prompt_need -- on SASL_INTERACT, list of prompts needed to continue * clientout -- the client response to send to the server * * returns: * SASL_OK -- success * SASL_INTERACT -- user interaction needed to fill in prompt_need list * SASL_BADPROT -- server protocol incorrect/cancelled * SASL_BADSERV -- server failed mutual auth */ int sasl_client_step(sasl_conn_t *conn, const char *serverin, unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen) { sasl_client_conn_t *c_conn= (sasl_client_conn_t *) conn; int result; if (_sasl_client_active == 0) return SASL_NOTINIT; if (!conn) return SASL_BADPARAM; /* check parameters */ if ((serverin==NULL) && (serverinlen>0)) PARAMERROR(conn); /* Don't do another step if the plugin told us that we're done */ if (conn->oparams.doneflag) { _sasl_log(conn, SASL_LOG_ERR, "attempting client step after doneflag"); return SASL_FAIL; } if(clientout) *clientout = NULL; if(clientoutlen) *clientoutlen = 0; /* do a step */ result = c_conn->mech->m.plug->mech_step(conn->context, c_conn->cparams, serverin, serverinlen, prompt_need, clientout, clientoutlen, &conn->oparams); if (result == SASL_OK) { /* So we're done on this end, but if both * 1. the mech does server-send-last * 2. the protocol does not * we need to return no data */ if(!*clientout && !(conn->flags & SASL_SUCCESS_DATA)) { *clientout = ""; *clientoutlen = 0; } if(!conn->oparams.maxoutbuf) { conn->oparams.maxoutbuf = conn->props.maxbufsize; } if(conn->oparams.user == NULL || conn->oparams.authid == NULL) { sasl_seterror(conn, 0, "mech did not call canon_user for both authzid and authid"); result = SASL_BADPROT; } } RETURN(conn,result); } /* returns the length of all the mechanisms * added up */ static unsigned mech_names_len(cmechanism_t *mech_list) { cmechanism_t *listptr; unsigned result = 0; for (listptr = mech_list; listptr; listptr = listptr->next) result += (unsigned) strlen(listptr->m.plug->mech_name); return result; } int _sasl_client_listmech(sasl_conn_t *conn, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount) { sasl_client_conn_t *c_conn = (sasl_client_conn_t *)conn; cmechanism_t *m = NULL; sasl_ssf_t minssf = 0; int ret; size_t resultlen; int flag; const char *mysep; if (_sasl_client_active == 0) return SASL_NOTINIT; if (!conn) return SASL_BADPARAM; if (conn->type != SASL_CONN_CLIENT) PARAMERROR(conn); if (! result) PARAMERROR(conn); if (plen != NULL) *plen = 0; if (pcount != NULL) *pcount = 0; if (sep) { mysep = sep; } else { mysep = " "; } if (conn->props.min_ssf < conn->external.ssf) { minssf = 0; } else { minssf = conn->props.min_ssf - conn->external.ssf; } if (!c_conn->mech_list || c_conn->mech_length <= 0) { INTERROR(conn, SASL_NOMECH); } resultlen = (prefix ? strlen(prefix) : 0) + (strlen(mysep) * (c_conn->mech_length - 1)) + mech_names_len(c_conn->mech_list) + (suffix ? strlen(suffix) : 0) + 1; ret = _buf_alloc(&conn->mechlist_buf, &conn->mechlist_buf_len, resultlen); if (ret != SASL_OK) MEMERROR(conn); if (prefix) { strcpy (conn->mechlist_buf,prefix); } else { *(conn->mechlist_buf) = '\0'; } flag = 0; for (m = c_conn->mech_list; m != NULL; m = m->next) { /* do we have the prompts for it? */ if (!have_prompts(conn, m->m.plug)) { continue; } /* is it strong enough? */ if (minssf > m->m.plug->max_ssf) { continue; } /* does it meet our security properties? */ if (((conn->props.security_flags ^ m->m.plug->security_flags) & conn->props.security_flags) != 0) { continue; } /* Can we meet it's features? */ if ((m->m.plug->features & SASL_FEAT_NEEDSERVERFQDN) && !conn->serverFQDN) { continue; } /* Can it meet our features? */ if ((conn->flags & SASL_NEED_PROXY) && !(m->m.plug->features & SASL_FEAT_ALLOWS_PROXY)) { continue; } /* Okay, we like it, add it to the list! */ if (pcount != NULL) (*pcount)++; /* print seperator */ if (flag) { strcat(conn->mechlist_buf, mysep); } else { flag = 1; } /* now print the mechanism name */ strcat(conn->mechlist_buf, m->m.plug->mech_name); } if (suffix) strcat(conn->mechlist_buf,suffix); if (plen!=NULL) *plen = (unsigned) strlen(conn->mechlist_buf); *result = conn->mechlist_buf; return SASL_OK; } sasl_string_list_t *_sasl_client_mechs(void) { cmechanism_t *listptr; sasl_string_list_t *retval = NULL, *next=NULL; if(!_sasl_client_active) return NULL; /* make list */ for (listptr = cmechlist->mech_list; listptr; listptr = listptr->next) { next = sasl_ALLOC(sizeof(sasl_string_list_t)); if(!next && !retval) return NULL; else if(!next) { next = retval->next; do { sasl_FREE(retval); retval = next; next = retval->next; } while(next); return NULL; } next->d = listptr->m.plug->mech_name; if(!retval) { next->next = NULL; retval = next; } else { next->next = retval; retval = next; } } return retval; } /* It would be nice if we can show other information like Author, Company, Year, plugin version */ static void _sasl_print_mechanism ( client_sasl_mechanism_t *m, sasl_info_callback_stage_t stage, void *rock __attribute__((unused)) ) { char delimiter; if (stage == SASL_INFO_LIST_START) { printf ("List of client plugins follows\n"); return; } else if (stage == SASL_INFO_LIST_END) { return; } /* Process the mechanism */ printf ("Plugin \"%s\" ", m->plugname); /* There is no delay loading for client side plugins */ printf ("[loaded]"); printf (", \tAPI version: %d\n", m->version); if (m->plug != NULL) { printf ("\tSASL mechanism: %s, best SSF: %d\n", m->plug->mech_name, m->plug->max_ssf); printf ("\tsecurity flags:"); delimiter = ' '; if (m->plug->security_flags & SASL_SEC_NOANONYMOUS) { printf ("%cNO_ANONYMOUS", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_NOPLAINTEXT) { printf ("%cNO_PLAINTEXT", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_NOACTIVE) { printf ("%cNO_ACTIVE", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_NODICTIONARY) { printf ("%cNO_DICTIONARY", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_FORWARD_SECRECY) { printf ("%cFORWARD_SECRECY", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_PASS_CREDENTIALS) { printf ("%cPASS_CREDENTIALS", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_MUTUAL_AUTH) { printf ("%cMUTUAL_AUTH", delimiter); delimiter = '|'; } printf ("\n\tfeatures:"); delimiter = ' '; if (m->plug->features & SASL_FEAT_WANT_CLIENT_FIRST) { printf ("%cWANT_CLIENT_FIRST", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_SERVER_FIRST) { printf ("%cSERVER_FIRST", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_ALLOWS_PROXY) { printf ("%cPROXY_AUTHENTICATION", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_NEEDSERVERFQDN) { printf ("%cNEED_SERVER_FQDN", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_GSS_FRAMING) { printf ("%cGSS_FRAMING", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_CHANNEL_BINDING) { printf ("%cCHANNEL_BINDING", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_SUPPORTS_HTTP) { printf ("%cSUPPORTS_HTTP", delimiter); delimiter = '|'; } } /* Delay loading is not supported for the client side plugins: if (m->f) { printf ("\n\twill be loaded from \"%s\"", m->f); } */ printf ("\n"); } /* Dump information about available client plugins */ int sasl_client_plugin_info ( const char *c_mech_list, /* space separated mechanism list or NULL for ALL */ sasl_client_info_callback_t *info_cb, void *info_cb_rock ) { cmechanism_t *m; client_sasl_mechanism_t plug_data; char * cur_mech; char * mech_list = NULL; char * p; if (info_cb == NULL) { info_cb = _sasl_print_mechanism; } if (cmechlist != NULL) { info_cb (NULL, SASL_INFO_LIST_START, info_cb_rock); if (c_mech_list == NULL) { m = cmechlist->mech_list; /* m point to beginning of the list */ while (m != NULL) { memcpy (&plug_data, &m->m, sizeof(plug_data)); info_cb (&plug_data, SASL_INFO_LIST_MECH, info_cb_rock); m = m->next; } } else { mech_list = strdup (c_mech_list); cur_mech = mech_list; while (cur_mech != NULL) { p = strchr (cur_mech, ' '); if (p != NULL) { *p = '\0'; p++; } m = cmechlist->mech_list; /* m point to beginning of the list */ while (m != NULL) { if (strcasecmp (cur_mech, m->m.plug->mech_name) == 0) { memcpy (&plug_data, &m->m, sizeof(plug_data)); info_cb (&plug_data, SASL_INFO_LIST_MECH, info_cb_rock); } m = m->next; } cur_mech = p; } free (mech_list); } info_cb (NULL, SASL_INFO_LIST_END, info_cb_rock); return (SASL_OK); } return (SASL_NOTINIT); } cyrus-sasl-2.1.25/lib/external.c0000646000076400007640000002622411306006125013375 00000000000000/* SASL server API implementation * Rob Siemborski * Tim Martin * $Id: external.c,v 1.24 2009/03/10 16:27:52 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include "saslint.h" #include "../plugins/plugin_common.h" /***************************** Common Section *****************************/ static const char plugin_id[] = "$Id: external.c,v 1.24 2009/03/10 16:27:52 mel Exp $"; /***************************** Server Section *****************************/ static int external_server_mech_new(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), void **conn_context) { if (!conn_context || !sparams || !sparams->utils || !sparams->utils->conn) return SASL_BADPARAM; if (!sparams->utils->conn->external.auth_id) return SASL_NOMECH; *conn_context = NULL; return SASL_OK; } static int external_server_mech_step(void *conn_context __attribute__((unused)), sasl_server_params_t *sparams, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen, sasl_out_params_t *oparams) { int result; if (!sparams || !sparams->utils || !sparams->utils->conn || !sparams->utils->getcallback || !serverout || !serveroutlen || !oparams) return SASL_BADPARAM; if (!sparams->utils->conn->external.auth_id) return SASL_BADPROT; /* xxx arbitrary limit here */ if (clientinlen > 16384) return SASL_BADPROT; if ((sparams->props.security_flags & SASL_SEC_NOANONYMOUS) && (!strcmp(sparams->utils->conn->external.auth_id, "anonymous"))) { sasl_seterror(sparams->utils->conn,0,"anonymous login not allowed"); return SASL_NOAUTHZ; } *serverout = NULL; *serveroutlen = 0; if (!clientin) { /* No initial data; we're in a protocol which doesn't support it. * So we let the server app know that we need some... */ return SASL_CONTINUE; } if (clientinlen) { /* if we have a non-zero authorization id */ /* The user's trying to authorize as someone they didn't * authenticate as */ result = sparams->canon_user(sparams->utils->conn, clientin, 0, SASL_CU_AUTHZID, oparams); if(result != SASL_OK) return result; result = sparams->canon_user(sparams->utils->conn, sparams->utils->conn->external.auth_id, 0, SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED, oparams); } else { result = sparams->canon_user(sparams->utils->conn, sparams->utils->conn->external.auth_id, 0, SASL_CU_AUTHID | SASL_CU_EXTERNALLY_VERIFIED | SASL_CU_AUTHZID, oparams); } if (result != SASL_OK) return result; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } static int external_server_mech_avail(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, void **conn_context __attribute__((unused))) { if (!sparams->utils->conn->external.auth_id) { /* Return Temporary Failure */ return SASL_NOTDONE; } return SASL_OK; } static sasl_server_plug_t external_server_plugins[] = { { "EXTERNAL", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NODICTIONARY, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ NULL, /* glob_context */ &external_server_mech_new, /* mech_new */ &external_server_mech_step, /* mech_step */ NULL, /* mech_dispose */ NULL, /* mech_free */ NULL, /* setpass */ NULL, /* user_query */ NULL, /* idle */ &external_server_mech_avail, /* mech_avail */ NULL /* spare */ } }; int external_server_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_server_plug_t **pluglist, int *plugcount) { if (!out_version || !pluglist || !plugcount) return SASL_BADPARAM; if (max_version != SASL_SERVER_PLUG_VERSION) { SETERROR( utils, "EXTERNAL version mismatch" ); return SASL_BADVERS; } *out_version = SASL_SERVER_PLUG_VERSION; *pluglist = external_server_plugins; *plugcount = 1; return SASL_OK; } /***************************** Client Section *****************************/ typedef struct client_context { char *out_buf; size_t out_buf_len; } client_context_t; static int external_client_mech_new(void *glob_context __attribute__((unused)), sasl_client_params_t *params, void **conn_context) { client_context_t *text; if (!params || !params->utils || !params->utils->conn || !conn_context) return SASL_BADPARAM; if (!params->utils->conn->external.auth_id) return SASL_NOMECH; text = sasl_ALLOC(sizeof(client_context_t)); if(!text) return SASL_NOMEM; memset(text, 0, sizeof(client_context_t)); *conn_context = text; return SASL_OK; } static int external_client_mech_step(void *conn_context, sasl_client_params_t *params, const char *serverin __attribute__((unused)), unsigned serverinlen, sasl_interact_t **prompt_need, const char **clientout, unsigned *clientoutlen, sasl_out_params_t *oparams) { client_context_t *text = (client_context_t *)conn_context; const char *user = NULL; int user_result = SASL_OK; int result; if (!params || !params->utils || !params->utils->conn || !params->utils->getcallback || !clientout || !clientoutlen || !oparams) return SASL_BADPARAM; if (!params->utils->conn->external.auth_id) return SASL_BADPROT; if (serverinlen != 0) return SASL_BADPROT; *clientout = NULL; *clientoutlen = 0; /* try to get the userid */ if (user == NULL) { user_result = _plug_get_userid(params->utils, &user, prompt_need); if ((user_result != SASL_OK) && (user_result != SASL_INTERACT)) return user_result; } /* free prompts we got */ if (prompt_need && *prompt_need) { params->utils->free(*prompt_need); *prompt_need = NULL; } /* if there are prompts not filled in */ if (user_result == SASL_INTERACT) { /* make the prompt list */ int result = _plug_make_prompts(params->utils, prompt_need, user_result == SASL_INTERACT ? "Please enter your authorization name" : NULL, "", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); if (result != SASL_OK) return result; return SASL_INTERACT; } *clientoutlen = user ? (unsigned) strlen(user) : 0; result = _buf_alloc(&text->out_buf, &text->out_buf_len, *clientoutlen + 1); if (result != SASL_OK) return result; if (user && *user) { result = params->canon_user(params->utils->conn, user, 0, SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; result = params->canon_user(params->utils->conn, params->utils->conn->external.auth_id, 0, SASL_CU_AUTHID, oparams); if (result != SASL_OK) return result; memcpy(text->out_buf, user, *clientoutlen); } else { result = params->canon_user(params->utils->conn, params->utils->conn->external.auth_id, 0, SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams); if (result != SASL_OK) return result; } text->out_buf[*clientoutlen] = '\0'; *clientout = text->out_buf; /* set oparams */ oparams->doneflag = 1; oparams->mech_ssf = 0; oparams->maxoutbuf = 0; oparams->encode_context = NULL; oparams->encode = NULL; oparams->decode_context = NULL; oparams->decode = NULL; oparams->param_version = 0; return SASL_OK; } static void external_client_mech_dispose(void *conn_context, const sasl_utils_t *utils __attribute__((unused))) { client_context_t *text = (client_context_t *) conn_context; if (!text) return; if(text->out_buf) sasl_FREE(text->out_buf); sasl_FREE(text); } static const unsigned long external_required_prompts[] = { SASL_CB_LIST_END }; static sasl_client_plug_t external_client_plugins[] = { { "EXTERNAL", /* mech_name */ 0, /* max_ssf */ SASL_SEC_NOPLAINTEXT | SASL_SEC_NOANONYMOUS | SASL_SEC_NODICTIONARY, /* security_flags */ SASL_FEAT_WANT_CLIENT_FIRST | SASL_FEAT_ALLOWS_PROXY, /* features */ external_required_prompts, /* required_prompts */ NULL, /* glob_context */ &external_client_mech_new, /* mech_new */ &external_client_mech_step, /* mech_step */ &external_client_mech_dispose, /* mech_dispose */ NULL, /* mech_free */ NULL, /* idle */ NULL, /* spare */ NULL /* spare */ } }; int external_client_plug_init(const sasl_utils_t *utils, int max_version, int *out_version, sasl_client_plug_t **pluglist, int *plugcount) { if (!utils || !out_version || !pluglist || !plugcount) return SASL_BADPARAM; if (max_version != SASL_CLIENT_PLUG_VERSION) { SETERROR( utils, "EXTERNAL version mismatch" ); return SASL_BADVERS; } *out_version = SASL_CLIENT_PLUG_VERSION; *pluglist = external_client_plugins; *plugcount = 1; return SASL_OK; } cyrus-sasl-2.1.25/lib/config.c0000646000076400007640000000747211306006125013024 00000000000000/* SASL Config file API * Rob Siemborski * Tim Martin (originally in Cyrus distribution) * $Id: config.c,v 1.18 2009/02/14 14:01:24 mel Exp $ */ /* * Copyright (c) 1998-2009 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "sasl.h" #include "saslint.h" struct configlist { char *key; char *value; }; static struct configlist *configlist; static int nconfiglist; #define CONFIGLISTGROWSIZE 100 int sasl_config_init(const char *filename) { FILE *infile; int lineno = 0; int alloced = 0; char buf[4096]; char *p, *key; char *tail; int result; nconfiglist=0; infile = fopen(filename, "r"); if (!infile) { return SASL_CONTINUE; } while (fgets(buf, sizeof(buf), infile)) { lineno++; if (buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0'; for (p = buf; *p && isspace((int) *p); p++); if (!*p || *p == '#') continue; key = p; while (*p && (isalnum((int) *p) || *p == '-' || *p == '_')) { if (isupper((int) *p)) *p = (char) tolower(*p); p++; } if (*p != ':') { return SASL_FAIL; } *p++ = '\0'; while (*p && isspace((int) *p)) p++; if (!*p) { return SASL_FAIL; } /* Now strip trailing spaces, if any */ tail = p + strlen(p) - 1; while (tail > p && isspace((int) *tail)) { *tail = '\0'; tail--; } if (nconfiglist == alloced) { alloced += CONFIGLISTGROWSIZE; configlist=sasl_REALLOC((char *)configlist, alloced * sizeof(struct configlist)); if (configlist==NULL) return SASL_NOMEM; } result = _sasl_strdup(key, &(configlist[nconfiglist].key), NULL); if (result!=SASL_OK) return result; result = _sasl_strdup(p, &(configlist[nconfiglist].value), NULL); if (result!=SASL_OK) return result; nconfiglist++; } fclose(infile); return SASL_OK; } const char *sasl_config_getstring(const char *key,const char *def) { int opt; for (opt = 0; opt < nconfiglist; opt++) { if (*key == configlist[opt].key[0] && !strcmp(key, configlist[opt].key)) return configlist[opt].value; } return def; } cyrus-sasl-2.1.25/lib/dlopen.c0000646000076400007640000003224111306006125013030 00000000000000/* dlopen.c--Unix dlopen() dynamic loader interface * Rob Siemborski * Rob Earhart * $Id: dlopen.c,v 1.52 2009/04/11 10:21:43 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #ifdef HAVE_DLFCN_H #include #endif #include #include #include #include #include #include "saslint.h" #ifndef PIC #include #include "staticopen.h" #endif #ifdef DO_DLOPEN #if HAVE_DIRENT_H # include # define NAMLEN(dirent) strlen((dirent)->d_name) #else /* HAVE_DIRENT_H */ # define dirent direct # define NAMLEN(dirent) (dirent)->d_namlen # if HAVE_SYS_NDIR_H # include # endif # if HAVE_SYS_DIR_H # include # endif # if HAVE_NDIR_H # include # endif #endif /* ! HAVE_DIRENT_H */ #ifndef NAME_MAX # ifdef _POSIX_NAME_MAX # define NAME_MAX _POSIX_NAME_MAX # else # define NAME_MAX 16 # endif #endif #if NAME_MAX < 8 # define NAME_MAX 8 #endif #ifdef __hpux #ifndef HAVE_DLFCN_H #include typedef shl_t * dll_handle; typedef void * dll_func; dll_handle dlopen(char *fname, int mode) { shl_t h = shl_load(fname, BIND_DEFERRED, 0L); shl_t *hp = NULL; if (h) { hp = (shl_t *)malloc(sizeof (shl_t)); if (!hp) { shl_unload(h); } else { *hp = h; } } return (dll_handle)hp; } int dlclose(dll_handle hp) { shl_t h; if (hp != NULL) { h = *((shl_t *)hp); free(hp); return shl_unload(h); } else { /* Return error */ return -1; } } dll_func dlsym(dll_handle h, char *n) { dll_func handle; if (shl_findsym ((shl_t *)h, n, TYPE_PROCEDURE, &handle)) return NULL; return (dll_func)handle; } char *dlerror() { if (errno != 0) { return strerror(errno); } return "Generic shared library error"; } #endif /* HAVE_DLFCN_H */ #ifdef __ia64 #define SO_SUFFIX ".so" #else #define SO_SUFFIX ".sl" #endif /* __ia64 */ #elif defined(__APPLE__) #define SO_SUFFIX ".plugin" #else /* __APPLE__ */ #define SO_SUFFIX ".so" #endif #define LA_SUFFIX ".la" typedef struct lib_list { struct lib_list *next; void *library; } lib_list_t; static lib_list_t *lib_list_head = NULL; #endif /* DO_DLOPEN */ int _sasl_locate_entry(void *library, const char *entryname, void **entry_point) { #ifdef DO_DLOPEN /* note that we still check for known problem systems in * case we are cross-compiling */ #if defined(DLSYM_NEEDS_UNDERSCORE) || (defined(__OpenBSD__) && !defined(__ELF__)) char adj_entryname[1024]; #else #define adj_entryname entryname #endif if(!entryname) { _sasl_log(NULL, SASL_LOG_ERR, "no entryname in _sasl_locate_entry"); return SASL_BADPARAM; } if(!library) { _sasl_log(NULL, SASL_LOG_ERR, "no library in _sasl_locate_entry"); return SASL_BADPARAM; } if(!entry_point) { _sasl_log(NULL, SASL_LOG_ERR, "no entrypoint output pointer in _sasl_locate_entry"); return SASL_BADPARAM; } #if defined(DLSYM_NEEDS_UNDERSCORE) || (defined(__OpenBSD__) && !defined(__ELF__)) snprintf(adj_entryname, sizeof adj_entryname, "_%s", entryname); #endif *entry_point = NULL; *entry_point = dlsym(library, adj_entryname); if (*entry_point == NULL) { #if 0 /* This message appears to confuse people */ _sasl_log(NULL, SASL_LOG_DEBUG, "unable to get entry point %s: %s", adj_entryname, dlerror()); #endif return SASL_FAIL; } return SASL_OK; #else return SASL_FAIL; #endif /* DO_DLOPEN */ } #ifdef DO_DLOPEN static int _sasl_plugin_load(char *plugin, void *library, const char *entryname, int (*add_plugin)(const char *, void *)) { void *entry_point; int result; result = _sasl_locate_entry(library, entryname, &entry_point); if(result == SASL_OK) { result = add_plugin(plugin, entry_point); if(result != SASL_OK) _sasl_log(NULL, SASL_LOG_DEBUG, "_sasl_plugin_load failed on %s for plugin: %s\n", entryname, plugin); } return result; } /* this returns the file to actually open. * out should be a buffer of size PATH_MAX * and may be the same as in. */ /* We'll use a static buffer for speed unless someone complains */ #define MAX_LINE 2048 static int _parse_la(const char *prefix, const char *in, char *out) { FILE *file; size_t length; char line[MAX_LINE]; char *ntmp = NULL; if(!in || !out || !prefix || out == in) return SASL_BADPARAM; /* Set this so we can detect failure */ *out = '\0'; length = strlen(in); if (strcmp(in + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) { if(!strcmp(in + (length - strlen(SO_SUFFIX)),SO_SUFFIX)) { /* check for a .la file */ strcpy(line, prefix); strcat(line, in); length = strlen(line); *(line + (length - strlen(SO_SUFFIX))) = '\0'; strcat(line, LA_SUFFIX); file = fopen(line, "r"); if(file) { /* We'll get it on the .la open */ fclose(file); return SASL_FAIL; } } strcpy(out, prefix); strcat(out, in); return SASL_OK; } strcpy(line, prefix); strcat(line, in); file = fopen(line, "r"); if(!file) { _sasl_log(NULL, SASL_LOG_WARN, "unable to open LA file: %s", line); return SASL_FAIL; } while(!feof(file)) { if(!fgets(line, MAX_LINE, file)) break; if(line[strlen(line) - 1] != '\n') { _sasl_log(NULL, SASL_LOG_WARN, "LA file has too long of a line: %s", in); return SASL_BUFOVER; } if(line[0] == '\n' || line[0] == '#') continue; if(!strncmp(line, "dlname=", sizeof("dlname=") - 1)) { /* We found the line with the name in it */ char *end; char *start; size_t len; end = strrchr(line, '\''); if(!end) continue; start = &line[sizeof("dlname=")-1]; len = strlen(start); if(len > 3 && start[0] == '\'') { ntmp=&start[1]; *end='\0'; /* Do we have dlname="" ? */ if(ntmp == end) { _sasl_log(NULL, SASL_LOG_DEBUG, "dlname is empty in .la file: %s", in); return SASL_FAIL; } strcpy(out, prefix); strcat(out, ntmp); } break; } } if(ferror(file) || feof(file)) { _sasl_log(NULL, SASL_LOG_WARN, "Error reading .la: %s\n", in); fclose(file); return SASL_FAIL; } fclose(file); if(!(*out)) { _sasl_log(NULL, SASL_LOG_WARN, "Could not find a dlname line in .la file: %s", in); return SASL_FAIL; } return SASL_OK; } #endif /* DO_DLOPEN */ /* loads a plugin library */ int _sasl_get_plugin(const char *file, const sasl_callback_t *verifyfile_cb, void **libraryptr) { #ifdef DO_DLOPEN int r = 0; int flag; void *library; lib_list_t *newhead; r = ((sasl_verifyfile_t *)(verifyfile_cb->proc)) (verifyfile_cb->context, file, SASL_VRFY_PLUGIN); if (r != SASL_OK) return r; #ifdef RTLD_NOW flag = RTLD_NOW; #else flag = 0; #endif newhead = sasl_ALLOC(sizeof(lib_list_t)); if(!newhead) return SASL_NOMEM; if (!(library = dlopen(file, flag))) { _sasl_log(NULL, SASL_LOG_ERR, "unable to dlopen %s: %s", file, dlerror()); sasl_FREE(newhead); return SASL_FAIL; } newhead->library = library; newhead->next = lib_list_head; lib_list_head = newhead; *libraryptr = library; return SASL_OK; #else return SASL_FAIL; #endif /* DO_DLOPEN */ } /* gets the list of mechanisms */ int _sasl_load_plugins(const add_plugin_list_t *entrypoints, const sasl_callback_t *getpath_cb, const sasl_callback_t *verifyfile_cb) { int result; const add_plugin_list_t *cur_ep; #ifdef DO_DLOPEN char str[PATH_MAX], tmp[PATH_MAX+2], prefix[PATH_MAX+2]; /* 1 for '/' 1 for trailing '\0' */ char c; int pos; const char *path=NULL; int position; DIR *dp; struct dirent *dir; #endif #ifndef PIC add_plugin_t *add_plugin; _sasl_plug_type type; _sasl_plug_rec *p; #endif if (! entrypoints || ! getpath_cb || getpath_cb->id != SASL_CB_GETPATH || ! getpath_cb->proc || ! verifyfile_cb || verifyfile_cb->id != SASL_CB_VERIFYFILE || ! verifyfile_cb->proc) return SASL_BADPARAM; #ifndef PIC /* do all the static plugins first */ for(cur_ep = entrypoints; cur_ep->entryname; cur_ep++) { /* What type of plugin are we looking for? */ if(!strcmp(cur_ep->entryname, "sasl_server_plug_init")) { type = SERVER; add_plugin = (add_plugin_t *)sasl_server_add_plugin; } else if (!strcmp(cur_ep->entryname, "sasl_client_plug_init")) { type = CLIENT; add_plugin = (add_plugin_t *)sasl_client_add_plugin; } else if (!strcmp(cur_ep->entryname, "sasl_auxprop_plug_init")) { type = AUXPROP; add_plugin = (add_plugin_t *)sasl_auxprop_add_plugin; } else if (!strcmp(cur_ep->entryname, "sasl_canonuser_init")) { type = CANONUSER; add_plugin = (add_plugin_t *)sasl_canonuser_add_plugin; } else { /* What are we looking for then? */ return SASL_FAIL; } for (p=_sasl_static_plugins; p->type; p++) { if(type == p->type) result = add_plugin(p->name, p->plug); } } #endif /* !PIC */ /* only do the following if: * * we support dlopen() * AND we are not staticly compiled * OR we are staticly compiled and TRY_DLOPEN_WHEN_STATIC is defined */ #if defined(DO_DLOPEN) && (defined(PIC) || (!defined(PIC) && defined(TRY_DLOPEN_WHEN_STATIC))) /* get the path to the plugins */ result = ((sasl_getpath_t *)(getpath_cb->proc))(getpath_cb->context, &path); if (result != SASL_OK) return result; if (! path) return SASL_FAIL; if (strlen(path) >= PATH_MAX) { /* no you can't buffer overrun */ return SASL_FAIL; } position=0; do { pos=0; do { c=path[position]; position++; str[pos]=c; pos++; } while ((c!=':') && (c!='=') && (c!=0)); str[pos-1]='\0'; strcpy(prefix,str); strcat(prefix,"/"); if ((dp=opendir(str)) !=NULL) /* ignore errors */ { while ((dir=readdir(dp)) != NULL) { size_t length; void *library; char *c; char plugname[PATH_MAX]; char name[PATH_MAX]; length = NAMLEN(dir); if (length < 4) continue; /* can not possibly be what we're looking for */ if (length + pos>=PATH_MAX) continue; /* too big */ if (strcmp(dir->d_name + (length - strlen(SO_SUFFIX)), SO_SUFFIX) && strcmp(dir->d_name + (length - strlen(LA_SUFFIX)), LA_SUFFIX)) continue; memcpy(name,dir->d_name,length); name[length]='\0'; result = _parse_la(prefix, name, tmp); if(result != SASL_OK) continue; /* skip "lib" and cut off suffix -- this only need be approximate */ strcpy(plugname, name + 3); c = strchr(plugname, (int)'.'); if(c) *c = '\0'; result = _sasl_get_plugin(tmp, verifyfile_cb, &library); if(result != SASL_OK) continue; for(cur_ep = entrypoints; cur_ep->entryname; cur_ep++) { _sasl_plugin_load(plugname, library, cur_ep->entryname, cur_ep->add_plugin); /* If this fails, it's not the end of the world */ } } closedir(dp); } else { _sasl_log(NULL, SASL_LOG_DEBUG, "looking for plugins in '%s', failed to open directory, error: %s", str, strerror(errno)); } } while ((c!='=') && (c!=0)); #endif /* defined(DO_DLOPEN) && (!defined(PIC) || (defined(PIC) && defined(TRY_DLOPEN_WHEN_STATIC))) */ return SASL_OK; } int _sasl_done_with_plugins(void) { #ifdef DO_DLOPEN lib_list_t *libptr, *libptr_next; for(libptr = lib_list_head; libptr; libptr = libptr_next) { libptr_next = libptr->next; if(libptr->library) dlclose(libptr->library); sasl_FREE(libptr); } lib_list_head = NULL; #endif /* DO_DLOPEN */ return SASL_OK; } cyrus-sasl-2.1.25/lib/saslutil.c0000646000076400007640000005713711475460505013437 00000000000000/* saslutil.c * Rob Siemborski * Tim Martin * $Id: saslutil.c,v 1.51 2010/12/01 14:25:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #if defined(WIN32) #define _CRT_RAND_S #endif #include #include #include #include #include #include #include #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_TIME_H #include #endif #include "saslint.h" #include /* Contains: * * sasl_decode64 * sasl_encode64 * sasl_mkchal * sasl_utf8verify * sasl_randcreate * sasl_randfree * sasl_randseed * sasl_rand * sasl_churn * sasl_erasebuffer */ #ifdef sun /* gotta define gethostname ourselves on suns */ extern int gethostname(char *, int); #endif char *encode_table; char *decode_table; #define RPOOL_SIZE 3 struct sasl_rand_s { unsigned short pool[RPOOL_SIZE]; /* since the init time might be really bad let's make this lazy */ int initialized; }; #define CHAR64(c) (((c) < 0 || (c) > 127) ? -1 : index_64[(c)]) static char basis_64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????"; static char index_64[128] = { -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,-1, -1,-1,-1,62, -1,-1,-1,63, 52,53,54,55, 56,57,58,59, 60,61,-1,-1, -1,-1,-1,-1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10, 11,12,13,14, 15,16,17,18, 19,20,21,22, 23,24,25,-1, -1,-1,-1,-1, -1,26,27,28, 29,30,31,32, 33,34,35,36, 37,38,39,40, 41,42,43,44, 45,46,47,48, 49,50,51,-1, -1,-1,-1,-1 }; /* base64 encode * in -- input data * inlen -- input data length * out -- output buffer (will be NUL terminated) * outmax -- max size of output buffer * result: * outlen -- gets actual length of output buffer (optional) * * Returns SASL_OK on success, SASL_BUFOVER if result won't fit */ int sasl_encode64(const char *_in, unsigned inlen, char *_out, unsigned outmax, unsigned *outlen) { const unsigned char *in = (const unsigned char *)_in; unsigned char *out = (unsigned char *)_out; unsigned char oval; char *blah; unsigned olen; /* check params */ if ((inlen > 0) && (in == NULL)) return SASL_BADPARAM; /* Will it fit? */ olen = (inlen + 2) / 3 * 4; if (outlen) { *outlen = olen; } if (outmax <= olen) { return SASL_BUFOVER; } /* Do the work... */ blah = (char *) out; while (inlen >= 3) { /* user provided max buffer size; make sure we don't go over it */ *out++ = basis_64[in[0] >> 2]; *out++ = basis_64[((in[0] << 4) & 0x30) | (in[1] >> 4)]; *out++ = basis_64[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; *out++ = basis_64[in[2] & 0x3f]; in += 3; inlen -= 3; } if (inlen > 0) { /* user provided max buffer size; make sure we don't go over it */ *out++ = basis_64[in[0] >> 2]; oval = (in[0] << 4) & 0x30; if (inlen > 1) oval |= in[1] >> 4; *out++ = basis_64[oval]; *out++ = (inlen < 2) ? '=' : basis_64[(in[1] << 2) & 0x3c]; *out++ = '='; } *out = '\0'; return SASL_OK; } /* base64 decode * in -- input data * inlen -- length of input data * out -- output data (may be same as in, must have enough space) * outmax -- max size of output buffer * result: * outlen -- actual output length * * returns: * SASL_BADPROT on bad base64, * SASL_BUFOVER if result won't fit, * SASL_CONTINUE on a partial block, * SASL_OK on success */ int sasl_decode64(const char *in, unsigned inlen, char *out, unsigned outmax, /* size of the buffer, not counting the NUL */ unsigned *outlen) { unsigned len = 0; unsigned j; int c[4]; int saw_equal = 0; /* check parameters */ if (out == NULL) return SASL_FAIL; if (inlen > 0 && *in == '\r') return SASL_FAIL; while (inlen > 3) { /* No data is valid after an '=' character */ if (saw_equal) { return SASL_BADPROT; } for (j = 0; j < 4; j++) { c[j] = in[0]; in++; inlen--; } if (CHAR64(c[0]) == -1 || CHAR64(c[1]) == -1) return SASL_BADPROT; if (c[2] != '=' && CHAR64(c[2]) == -1) return SASL_BADPROT; if (c[3] != '=' && CHAR64(c[3]) == -1) return SASL_BADPROT; /* No data is valid after a '=' character, unless it is another '=' */ if (c[2] == '=' && c[3] != '=') return SASL_BADPROT; if (c[2] == '=' || c[3] == '=') { saw_equal = 1; } *out++ = (CHAR64(c[0]) << 2) | (CHAR64(c[1]) >> 4); if (++len >= outmax) return SASL_BUFOVER; if (c[2] != '=') { *out++ = ((CHAR64(c[1]) << 4) & 0xf0) | (CHAR64(c[2]) >> 2); if (++len >= outmax) return SASL_BUFOVER; if (c[3] != '=') { *out++ = ((CHAR64(c[2]) << 6) & 0xc0) | CHAR64(c[3]); if (++len >= outmax) return SASL_BUFOVER; } } } *out = '\0'; /* NUL terminate the output string */ if (outlen) *outlen = len; if (inlen != 0) { if (saw_equal) { /* Unless there is CRLF at the end? */ return SASL_BADPROT; } else { return (SASL_CONTINUE); } } return SASL_OK; } /* make a challenge string (NUL terminated) * buf -- buffer for result * maxlen -- max length of result * hostflag -- 0 = don't include hostname, 1 = include hostname * returns final length or 0 if not enough space */ int sasl_mkchal(sasl_conn_t *conn, char *buf, unsigned maxlen, unsigned hostflag) { sasl_rand_t *pool = NULL; unsigned long randnum; int ret; time_t now; unsigned len; len = 4 /* <.>\0 */ + (2 * 20); /* 2 numbers, 20 => max size of 64bit * ulong in base 10 */ if (hostflag && conn->serverFQDN) len += (unsigned) strlen(conn->serverFQDN) + 1 /* for the @ */; if (maxlen < len) return 0; ret = sasl_randcreate(&pool); if(ret != SASL_OK) return 0; /* xxx sasl return code? */ sasl_rand(pool, (char *)&randnum, sizeof(randnum)); sasl_randfree(&pool); time(&now); if (hostflag && conn->serverFQDN) snprintf(buf,maxlen, "<%lu.%lu@%s>", randnum, now, conn->serverFQDN); else snprintf(buf,maxlen, "<%lu.%lu>", randnum, now); return (int) strlen(buf); } /* borrowed from larry. probably works :) * probably is also in acap server somewhere */ int sasl_utf8verify(const char *str, unsigned len) { unsigned i; for (i = 0; i < len; i++) { /* how many octets? */ int seqlen = 0; while (str[i] & (0x80 >> seqlen)) ++seqlen; if (seqlen == 0) continue; /* this is a valid US-ASCII char */ if (seqlen == 1) return SASL_BADPROT; /* this shouldn't happen here */ if (seqlen > 6) return SASL_BADPROT; /* illegal */ while (--seqlen) if ((str[++i] & 0xC0) != 0xF0) return SASL_BADPROT; /* needed a 10 octet */ } return SASL_OK; } /* * To see why this is really bad see RFC 1750 * * unfortunatly there currently is no way to make * cryptographically secure pseudo random numbers * without specialized hardware etc... * thus, this is for nonce use only */ void getranddata(unsigned short ret[RPOOL_SIZE]) { long curtime; memset(ret, 0, RPOOL_SIZE*sizeof(unsigned short)); #ifdef DEV_RANDOM { int fd; fd = open(DEV_RANDOM, O_RDONLY); if(fd != -1) { unsigned char *buf = (unsigned char *)ret; ssize_t bytesread = 0; size_t bytesleft = RPOOL_SIZE*sizeof(unsigned short); do { bytesread = read(fd, buf, bytesleft); if(bytesread == -1 && errno == EINTR) continue; else if(bytesread <= 0) break; bytesleft -= bytesread; buf += bytesread; } while(bytesleft != 0); close(fd); } } #endif #ifdef HAVE_GETPID ret[0] ^= (unsigned short) getpid(); #endif #ifdef HAVE_GETTIMEOFDAY { struct timeval tv; /* xxx autoconf macro */ #ifdef _SVID_GETTOD if (!gettimeofday(&tv)) #else if (!gettimeofday(&tv, NULL)) #endif { /* longs are guaranteed to be at least 32 bits; we need 16 bits in each short */ ret[0] ^= (unsigned short) (tv.tv_sec & 0xFFFF); ret[1] ^= (unsigned short) (clock() & 0xFFFF); ret[1] ^= (unsigned short) (tv.tv_usec >> 16); ret[2] ^= (unsigned short) (tv.tv_usec & 0xFFFF); return; } } #endif /* HAVE_GETTIMEOFDAY */ /* if all else fails just use time() */ curtime = (long) time(NULL); /* better be at least 32 bits */ ret[0] ^= (unsigned short) (curtime >> 16); ret[1] ^= (unsigned short) (curtime & 0xFFFF); ret[2] ^= (unsigned short) (clock() & 0xFFFF); return; } int sasl_randcreate(sasl_rand_t **rpool) { (*rpool)=sasl_ALLOC(sizeof(sasl_rand_t)); if ((*rpool) == NULL) return SASL_NOMEM; /* init is lazy */ (*rpool)->initialized = 0; return SASL_OK; } void sasl_randfree(sasl_rand_t **rpool) { sasl_FREE(*rpool); } void sasl_randseed (sasl_rand_t *rpool, const char *seed, unsigned len) { /* is it acceptable to just use the 1st 3 char's given??? */ unsigned int lup; /* check params */ if (seed == NULL) return; if (rpool == NULL) return; rpool->initialized = 1; if (len > sizeof(unsigned short)*RPOOL_SIZE) len = sizeof(unsigned short)*RPOOL_SIZE; for (lup = 0; lup < len; lup += 2) rpool->pool[lup/2] = (seed[lup] << 8) + seed[lup + 1]; } static void randinit(sasl_rand_t *rpool) { if (!rpool) return; if (!rpool->initialized) { getranddata(rpool->pool); rpool->initialized = 1; #if !(defined(WIN32)||defined(macintosh)) #ifndef HAVE_JRAND48 { /* xxx varies by platform */ unsigned int *foo = (unsigned int *)rpool->pool; srandom(*foo); } #endif /* HAVE_JRAND48 */ #else if defined(WIN32) { unsigned int *foo = (unsigned int *)rpool->pool; srand(*foo); } #endif /* WIN32 */ } } void sasl_rand (sasl_rand_t *rpool, char *buf, unsigned len) { unsigned int lup; #if defined(WIN32) unsigned int randomValue; #endif /* check params */ if (!rpool || !buf) return; /* init if necessary */ randinit(rpool); for (lup = 0; lup < len; lup++) { #if defined(WIN32) if (rand_s(&randomValue) != 0) { randomValue = rand(); } buf[lup] = (char) (randomValue >> 8); #elif defined(macintosh) buf[lup] = (char) (rand() >> 8); #else /* !WIN32 && !macintosh */ #ifdef HAVE_JRAND48 buf[lup] = (char) (jrand48(rpool->pool) >> 8); #else buf[lup] = (char) (random() >> 8); #endif /* HAVE_JRAND48 */ #endif /* WIN32 */ } } /* this function is just a bad idea all around, since we're not trying to implement a true random number generator */ void sasl_churn (sasl_rand_t *rpool, const char *data, unsigned len) { unsigned int lup; /* check params */ if (!rpool || !data) return; /* init if necessary */ randinit(rpool); for (lup=0; luppool[lup % RPOOL_SIZE] ^= data[lup]; } void sasl_erasebuffer(char *buf, unsigned len) { memset(buf, 0, len); } /* Lowercase string in place */ char *sasl_strlower ( char *val ) { int i; if (val == NULL) { return (NULL); } /* don't use tolower(), as it is locale dependent */ for (i = 0; val[i] != '\0'; i++) { if (val[i] >= 'A' && val[i] <= 'Z') { val[i] = val[i] - 'A' + 'a'; } } return (val); } /* A version of gethostname that tries hard to return a FQDN */ int get_fqhostname( char *name, int namelen, int abort_if_no_fqdn ) { int return_value; struct addrinfo hints; struct addrinfo *result; return_value = gethostname (name, namelen); if (return_value != 0) { return (return_value); } if (strchr (name, '.') != NULL) { goto LOWERCASE; } /* gethostname hasn't returned a FQDN, we have to canonify it ourselves */ hints.ai_family = PF_UNSPEC; hints.ai_flags = AI_CANONNAME; hints.ai_socktype = SOCK_STREAM; /* TCP only */ /* A value of zero for ai_protocol indicates the caller will accept any protocol. or IPPROTO_TCP? */ hints.ai_protocol = 0; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ hints.ai_addrlen = 0; hints.ai_canonname = NULL; hints.ai_addr = NULL; hints.ai_next = NULL; if (getaddrinfo(name, NULL, /* don't care abour service/port */ &hints, &result) != 0) { /* errno on Unix, WSASetLastError on Windows are already done by the function */ return (-1); } if (abort_if_no_fqdn && (result == NULL || result->ai_canonname == NULL)) { freeaddrinfo (result); #ifdef WIN32 WSASetLastError (WSANO_DATA); #elif defined(ENODATA) errno = ENODATA; #elif defined(EADDRNOTAVAIL) errno = EADDRNOTAVAIL; #endif return (-1); } if (abort_if_no_fqdn && strchr (result->ai_canonname, '.') == NULL) { freeaddrinfo (result); #ifdef WIN32 WSASetLastError (WSANO_DATA); #elif defined(ENODATA) errno = ENODATA; #elif defined(EADDRNOTAVAIL) errno = EADDRNOTAVAIL; #endif return (-1); } /* Do we need to check for buffer overflow and set errno? */ strncpy (name, result->ai_canonname, namelen); freeaddrinfo (result); LOWERCASE: sasl_strlower (name); return (0); } #ifdef WIN32 /***************************************************************************** * * MODULE NAME : GETOPT.C * * COPYRIGHTS: * This module contains code made available by IBM * Corporation on an AS IS basis. Any one receiving the * module is considered to be licensed under IBM copyrights * to use the IBM-provided source code in any way he or she * deems fit, including copying it, compiling it, modifying * it, and redistributing it, with or without * modifications. No license under any IBM patents or * patent applications is to be implied from this copyright * license. * * A user of the module should understand that IBM cannot * provide technical support for the module and will not be * responsible for any consequences of use of the program. * * Any notices, including this one, are not to be removed * from the module without the prior written consent of * IBM. * * AUTHOR: Original author: * G. R. Blair (BOBBLAIR at AUSVM1) * Internet: bobblair@bobblair.austin.ibm.com * * Extensively revised by: * John Q. Walker II, Ph.D. (JOHHQ at RALVM6) * Internet: johnq@ralvm6.vnet.ibm.com * *****************************************************************************/ /****************************************************************************** * getopt() * * The getopt() function is a command line parser. It returns the next * option character in argv that matches an option character in opstring. * * The argv argument points to an array of argc+1 elements containing argc * pointers to character strings followed by a null pointer. * * The opstring argument points to a string of option characters; if an * option character is followed by a colon, the option is expected to have * an argument that may or may not be separated from it by white space. * The external variable optarg is set to point to the start of the option * argument on return from getopt(). * * The getopt() function places in optind the argv index of the next argument * to be processed. The system initializes the external variable optind to * 1 before the first call to getopt(). * * When all options have been processed (that is, up to the first nonoption * argument), getopt() returns EOF. The special option "--" may be used to * delimit the end of the options; EOF will be returned, and "--" will be * skipped. * * The getopt() function returns a question mark (?) when it encounters an * option character not included in opstring. This error message can be * disabled by setting opterr to zero. Otherwise, it returns the option * character that was detected. * * If the special option "--" is detected, or all options have been * processed, EOF is returned. * * Options are marked by either a minus sign (-) or a slash (/). * * No errors are defined. *****************************************************************************/ #include /* for strchr() */ /* static (global) variables that are specified as exported by getopt() */ __declspec(dllexport) char *optarg = NULL; /* pointer to the start of the option argument */ __declspec(dllexport) int optind = 1; /* number of the next argv[] to be evaluated */ __declspec(dllexport) int opterr = 1; /* non-zero if a question mark should be returned */ /* handle possible future character set concerns by putting this in a macro */ #define _next_char(string) (char)(*(string+1)) int getopt(int argc, char *argv[], char *opstring) { static char *pIndexPosition = NULL; /* place inside current argv string */ char *pArgString = NULL; /* where to start from next */ char *pOptString; /* the string in our program */ if (pIndexPosition != NULL) { /* we last left off inside an argv string */ if (*(++pIndexPosition)) { /* there is more to come in the most recent argv */ pArgString = pIndexPosition; } } if (pArgString == NULL) { /* we didn't leave off in the middle of an argv string */ if (optind >= argc) { /* more command-line arguments than the argument count */ pIndexPosition = NULL; /* not in the middle of anything */ return EOF; /* used up all command-line arguments */ } /*--------------------------------------------------------------------- * If the next argv[] is not an option, there can be no more options. *-------------------------------------------------------------------*/ pArgString = argv[optind++]; /* set this to the next argument ptr */ if (('/' != *pArgString) && /* doesn't start with a slash or a dash? */ ('-' != *pArgString)) { --optind; /* point to current arg once we're done */ optarg = NULL; /* no argument follows the option */ pIndexPosition = NULL; /* not in the middle of anything */ return EOF; /* used up all the command-line flags */ } /* check for special end-of-flags markers */ if ((strcmp(pArgString, "-") == 0) || (strcmp(pArgString, "--") == 0)) { optarg = NULL; /* no argument follows the option */ pIndexPosition = NULL; /* not in the middle of anything */ return EOF; /* encountered the special flag */ } pArgString++; /* look past the / or - */ } if (':' == *pArgString) { /* is it a colon? */ /*--------------------------------------------------------------------- * Rare case: if opterr is non-zero, return a question mark; * otherwise, just return the colon we're on. *-------------------------------------------------------------------*/ return (opterr ? (int)'?' : (int)':'); } else if ((pOptString = strchr(opstring, *pArgString)) == 0) { /*--------------------------------------------------------------------- * The letter on the command-line wasn't any good. *-------------------------------------------------------------------*/ optarg = NULL; /* no argument follows the option */ pIndexPosition = NULL; /* not in the middle of anything */ return (opterr ? (int)'?' : (int)*pArgString); } else { /*--------------------------------------------------------------------- * The letter on the command-line matches one we expect to see *-------------------------------------------------------------------*/ if (':' == _next_char(pOptString)) { /* is the next letter a colon? */ /* It is a colon. Look for an argument string. */ if ('\0' != _next_char(pArgString)) { /* argument in this argv? */ optarg = &pArgString[1]; /* Yes, it is */ } else { /*------------------------------------------------------------- * The argument string must be in the next argv. * But, what if there is none (bad input from the user)? * In that case, return the letter, and optarg as NULL. *-----------------------------------------------------------*/ if (optind < argc) optarg = argv[optind++]; else { optarg = NULL; return (opterr ? (int)'?' : (int)*pArgString); } } pIndexPosition = NULL; /* not in the middle of anything */ } else { /* it's not a colon, so just return the letter */ optarg = NULL; /* no argument follows the option */ pIndexPosition = pArgString; /* point to the letter we're on */ } return (int)*pArgString; /* return the letter that matched */ } } #ifndef PASSWORD_MAX # define PASSWORD_MAX 255 #endif #include char * getpass(prompt) const char *prompt; { register char *p; register int c; static char pbuf[PASSWORD_MAX]; fprintf(stderr, "%s", prompt); (void) fflush(stderr); for (p=pbuf; (c = _getch())!=13 && c!=EOF;) { if (p < &pbuf[sizeof(pbuf)-1]) *p++ = (char) c; } *p = '\0'; fprintf(stderr, "\n"); (void) fflush(stderr); return(pbuf); } #endif /* WIN32 */ cyrus-sasl-2.1.25/lib/getsubopt.c0000666000076400007640000000741307314106106013574 00000000000000/* $NetBSD: getsubopt.c,v 1.4 1998/02/03 18:44:15 perry Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if ((!defined(WIN32))&&(!defined(macintosh))) #include #endif /* WIN32 */ #if defined(LIBC_SCCS) && !defined(lint) #if 0 static char sccsid[] = "@(#)getsubopt.c 8.1 (Berkeley) 6/4/93"; #else __RCSID("$NetBSD: getsubopt.c,v 1.4 1998/02/03 18:44:15 perry Exp $"); #endif #endif /* LIBC_SCCS and not lint */ #include #include #ifdef HAVE_UNISTD_H #include #endif /* HAVE_UNISTD_H */ #if (defined(WIN32)||(defined(macintosh))) #include "sasl.h" LIBSASL_API int getsubopt(char **optionp, char * const *tokens, char **valuep); #endif /* WIN32 */ /* * The SVID interface to getsubopt provides no way of figuring out which * part of the suboptions list wasn't matched. This makes error messages * tricky... The extern variable suboptarg is a pointer to the token * which didn't match. */ char *suboptarg; int getsubopt(optionp, tokens, valuep) char **optionp, **valuep; char * const *tokens; { int cnt; char *p; suboptarg = *valuep = NULL; if (!optionp || !*optionp) return(-1); /* skip leading white-space, commas */ for (p = *optionp; *p && (*p == ',' || *p == ' ' || *p == '\t'); ++p); if (!*p) { *optionp = p; return(-1); } /* save the start of the token, and skip the rest of the token. */ for (suboptarg = p; *++p && *p != ',' && *p != '=' && *p != ' ' && *p != '\t';); if (*p) { /* * If there's an equals sign, set the value pointer, and * skip over the value part of the token. Terminate the * token. */ if (*p == '=') { *p = '\0'; for (*valuep = ++p; *p && *p != ',' && *p != ' ' && *p != '\t'; ++p); if (*p) *p++ = '\0'; } else *p++ = '\0'; /* Skip any whitespace or commas after this token. */ for (; *p && (*p == ',' || *p == ' ' || *p == '\t'); ++p); } /* set optionp for next round. */ *optionp = p; for (cnt = 0; *tokens; ++tokens, ++cnt) if (!strcmp(suboptarg, *tokens)) return(cnt); return(-1); } cyrus-sasl-2.1.25/lib/getnameinfo.c0000666000076400007640000000671007622774112014065 00000000000000/* * Mar 8, 2000 by Hajimu UMEMOTO * $Id: getnameinfo.c,v 1.5 2003/02/13 19:55:54 rjs3 Exp $ * * This module is besed on ssh-1.2.27-IPv6-1.5 written by * KIKUCHI Takahiro */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * fake library for ssh * * This file includes getnameinfo(). * These funtions are defined in rfc2133. * * But these functions are not implemented correctly. The minimum subset * is implemented for ssh use only. For exapmle, this routine assumes * that ai_family is AF_INET. Don't use it for another purpose. * * In the case not using 'configure --enable-ipv6', this getnameinfo.c * will be used if you have broken getnameinfo or no getnameinfo. */ #include "config.h" #ifndef WIN32 # include #endif /* WIN32 */ #include #include int getnameinfo(const struct sockaddr *sa, socklen_t salen __attribute__((unused)), char *host, size_t hostlen, char *serv, size_t servlen, int flags) { struct sockaddr_in *sin = (struct sockaddr_in *)sa; struct hostent *hp; char tmpserv[16]; if (serv) { sprintf(tmpserv, "%d", ntohs(sin->sin_port)); if (strlen(tmpserv) > servlen) return EAI_MEMORY; else strcpy(serv, tmpserv); } if (host) { if (flags & NI_NUMERICHOST) { if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen) return EAI_MEMORY; else { strcpy(host, inet_ntoa(sin->sin_addr)); return 0; } } else { hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), AF_INET); if (hp) { if (strlen(hp->h_name) >= hostlen) return EAI_MEMORY; else { strcpy(host, hp->h_name); return 0; } } else return EAI_NODATA; } } return 0; } cyrus-sasl-2.1.25/lib/server.c0000646000076400007640000020133411630151331013056 00000000000000/* SASL server API implementation * Rob Siemborski * Tim Martin * $Id: server.c,v 1.176 2011/09/01 16:33:10 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* local functions/structs don't start with sasl */ #include #include #include #include #include #ifndef macintosh #include #include #endif #include #include #include #include "sasl.h" #include "saslint.h" #include "saslplug.h" #include "saslutil.h" #define DEFAULT_CHECKPASS_MECH "auxprop" /* Contains functions: * * sasl_server_init * sasl_server_new * sasl_listmech * sasl_server_start * sasl_server_step * sasl_checkpass * sasl_checkapop * sasl_user_exists * sasl_setpass */ /* if we've initialized the server sucessfully */ static int _sasl_server_active = 0; /* For access by other modules */ int _is_sasl_server_active(void) { return _sasl_server_active; } static int _sasl_checkpass(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen); static mech_list_t *mechlist = NULL; /* global var which holds the list */ sasl_global_callbacks_t global_callbacks; /* set the password for a user * conn -- SASL connection * user -- user name * pass -- plaintext password, may be NULL to remove user * passlen -- length of password, 0 = strlen(pass) * oldpass -- NULL will sometimes work * oldpasslen -- length of password, 0 = strlen(oldpass) * flags -- see flags below * * returns: * SASL_NOCHANGE -- proper entry already exists * SASL_NOMECH -- no authdb supports password setting as configured * SASL_NOVERIFY -- user exists, but no settable password present * SASL_DISABLED -- account disabled * SASL_PWLOCK -- password locked * SASL_WEAKPASS -- password too weak for security policy * SASL_NOUSERPASS -- user-supplied passwords not permitted * SASL_FAIL -- OS error * SASL_BADPARAM -- password too long * SASL_OK -- successful */ int sasl_setpass(sasl_conn_t *conn, const char *user, const char *pass, unsigned passlen, const char *oldpass, unsigned oldpasslen, unsigned flags) { int result = SASL_OK, tmpresult; sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; const char *password_request[] = { SASL_AUX_PASSWORD_PROP, NULL }; const char *user_delete_request[] = { SASL_AUX_PASSWORD_PROP, SASL_AUX_ALL, NULL }; sasl_server_userdb_setpass_t *setpass_cb = NULL; void *context = NULL; int tried_setpass = 0; int failed = 0; mechanism_t *sm; server_sasl_mechanism_t *m; char *current_mech; if (!_sasl_server_active || !mechlist) return SASL_NOTINIT; /* check params */ if (!conn) return SASL_BADPARAM; if (conn->type != SASL_CONN_SERVER) PARAMERROR(conn); if ((!(flags & SASL_SET_DISABLE) && passlen == 0) || ((flags & SASL_SET_CREATE) && (flags & SASL_SET_DISABLE))) PARAMERROR(conn); /* Check that we have an active SASL mechanism */ if (sasl_getprop (conn, SASL_MECHNAME, (const void **) ¤t_mech) != SASL_OK) { current_mech = NULL; } if ( (flags & SASL_SET_CURMECH_ONLY) && (current_mech == NULL) ) { sasl_seterror( conn, SASL_NOLOG, "No current SASL mechanism available"); RETURN(conn, SASL_BADPARAM); } /* Do we want to store SASL_AUX_PASSWORD_PROP (plain text)? and * Do we have an auxprop backend that can store properties? */ if ((flags & SASL_SET_DISABLE || !(flags & SASL_SET_NOPLAIN)) && sasl_auxprop_store(NULL, NULL, NULL) == SASL_OK) { tried_setpass++; if (flags & SASL_SET_DISABLE) { pass = NULL; passlen = 0; result = prop_request(s_conn->sparams->propctx, user_delete_request); } else { result = prop_request(s_conn->sparams->propctx, password_request); } if (result == SASL_OK) { /* NOTE: When deleting users, this will work in a backward compatible way */ result = prop_set(s_conn->sparams->propctx, SASL_AUX_PASSWORD_PROP, pass, passlen); } if (result == SASL_OK && flags & SASL_SET_DISABLE) { result = prop_set(s_conn->sparams->propctx, SASL_AUX_ALL, NULL, 0); } if (result == SASL_OK) { result = sasl_auxprop_store(conn, s_conn->sparams->propctx, user); } if (result != SASL_OK) { _sasl_log(conn, SASL_LOG_ERR, "setpass failed for %s: %z", user, result); failed++; } else { _sasl_log(conn, SASL_LOG_NOTE, "setpass succeeded for %s", user); } } /* We want to preserve the current value of result, so we use tmpresult below */ /* call userdb callback function */ tmpresult = _sasl_getcallback(conn, SASL_CB_SERVER_USERDB_SETPASS, (sasl_callback_ft *)&setpass_cb, &context); if (tmpresult == SASL_OK && setpass_cb) { tried_setpass++; tmpresult = setpass_cb(conn, context, user, pass, passlen, s_conn->sparams->propctx, flags); if(tmpresult != SASL_OK) { if (tmpresult == SASL_CONSTRAINT_VIOLAT) { if (result == SASL_OK) { result = tmpresult; } } else { result = tmpresult; } _sasl_log(conn, SASL_LOG_ERR, "setpass callback failed for %s: %z", user, tmpresult); failed++; } else { _sasl_log(conn, SASL_LOG_NOTE, "setpass callback succeeded for %s", user); } } /* now we let the mechanisms set their secrets */ for (sm = s_conn->mech_list; sm; sm = sm->next) { m = &sm->m; if (!m->plug->setpass) { /* can't set pass for this mech */ continue; } /* Invoke only one setpass for the currently selected mechanism, if SASL_SET_CURMECH_ONLY is specified */ if ((flags & SASL_SET_CURMECH_ONLY) && (strcmp(current_mech, m->plug->mech_name) != 0)) { continue; } tried_setpass++; tmpresult = m->plug->setpass(m->plug->glob_context, ((sasl_server_conn_t *)conn)->sparams, user, pass, passlen, oldpass, oldpasslen, flags); if (tmpresult == SASL_OK) { _sasl_log(conn, SASL_LOG_NOTE, "%s: set secret for %s", m->plug->mech_name, user); m->condition = SASL_OK; /* if we previously thought the mechanism didn't have any user secrets we now think it does */ } else if (tmpresult == SASL_NOCHANGE) { _sasl_log(conn, SASL_LOG_NOTE, "%s: secret not changed for %s", m->plug->mech_name, user); } else if (tmpresult == SASL_CONSTRAINT_VIOLAT) { _sasl_log(conn, SASL_LOG_ERR, "%s: failed to set secret for %s: constrain violation", m->plug->mech_name, user); if (result == SASL_OK) { result = tmpresult; } failed++; } else { result = tmpresult; _sasl_log(conn, SASL_LOG_ERR, "%s: failed to set secret for %s: %z (%m)", m->plug->mech_name, user, tmpresult, #ifndef WIN32 errno #else GetLastError() #endif ); failed++; } } if (!tried_setpass) { _sasl_log(conn, SASL_LOG_WARN, "secret not changed for %s: " "no writable auxprop plugin or setpass callback found", user); } else if (result == SASL_CONSTRAINT_VIOLAT) { /* If not all setpass failed with SASL_CONSTRAINT_VIOLAT - ignore SASL_CONSTRAINT_VIOLAT */ if (failed < tried_setpass) { result = SASL_OK; } } RETURN(conn, result); } /* local mechanism which disposes of server */ static void server_dispose(sasl_conn_t *pconn) { sasl_server_conn_t *s_conn= (sasl_server_conn_t *) pconn; context_list_t *cur, *cur_next; /* Just sanity check that sasl_server_done wasn't called yet */ if (_sasl_server_active != 0) { if (s_conn->mech) { void (*mech_dispose)(void *conn_context, const sasl_utils_t *utils); mech_dispose = s_conn->mech->m.plug->mech_dispose; if (mech_dispose) { mech_dispose(pconn->context, s_conn->sparams->utils); } } pconn->context = NULL; for(cur = s_conn->mech_contexts; cur; cur=cur_next) { cur_next = cur->next; if (cur->context) { cur->mech->m.plug->mech_dispose(cur->context, s_conn->sparams->utils); } sasl_FREE(cur); } s_conn->mech_contexts = NULL; } _sasl_free_utils(&s_conn->sparams->utils); if (s_conn->sparams->propctx) { prop_dispose(&s_conn->sparams->propctx); } if (s_conn->appname) { sasl_FREE(s_conn->appname); } if (s_conn->user_realm) { sasl_FREE(s_conn->user_realm); } if (s_conn->sparams) { sasl_FREE(s_conn->sparams); } if (s_conn->mech_list != mechlist->mech_list) { /* free connection-specific mech_list */ mechanism_t *m, *prevm; m = s_conn->mech_list; /* m point to beginning of the list */ while (m) { prevm = m; m = m->next; sasl_FREE(prevm); } } _sasl_conn_dispose(pconn); } static int init_mechlist(void) { sasl_utils_t *newutils = NULL; /* set util functions - need to do rest */ newutils = _sasl_alloc_utils(NULL, &global_callbacks); if (newutils == NULL) return SASL_NOMEM; newutils->checkpass = &_sasl_checkpass; mechlist->utils = newutils; mechlist->mech_list = NULL; mechlist->mech_length = 0; return SASL_OK; } static int mech_compare(const sasl_server_plug_t *a, const sasl_server_plug_t *b) { unsigned sec_diff; unsigned features_diff; /* XXX the following is fairly arbitrary, but its independent of the order in which the plugins are loaded */ sec_diff = a->security_flags ^ b->security_flags; if (sec_diff & a->security_flags & SASL_SEC_NOANONYMOUS) return 1; if (sec_diff & b->security_flags & SASL_SEC_NOANONYMOUS) return -1; if (sec_diff & a->security_flags & SASL_SEC_NOPLAINTEXT) return 1; if (sec_diff & b->security_flags & SASL_SEC_NOPLAINTEXT) return -1; if (sec_diff & a->security_flags & SASL_SEC_MUTUAL_AUTH) return 1; if (sec_diff & b->security_flags & SASL_SEC_MUTUAL_AUTH) return -1; if (sec_diff & a->security_flags & SASL_SEC_NOACTIVE) return 1; if (sec_diff & b->security_flags & SASL_SEC_NOACTIVE) return -1; if (sec_diff & a->security_flags & SASL_SEC_NODICTIONARY) return 1; if (sec_diff & b->security_flags & SASL_SEC_NODICTIONARY) return -1; if (sec_diff & a->security_flags & SASL_SEC_FORWARD_SECRECY) return 1; if (sec_diff & b->security_flags & SASL_SEC_FORWARD_SECRECY) return -1; features_diff = a->features ^ b->features; if (features_diff & a->features & SASL_FEAT_CHANNEL_BINDING) return 1; if (features_diff & b->features & SASL_FEAT_CHANNEL_BINDING) return -1; if (a->max_ssf > b->max_ssf) return 1; if (a->max_ssf < b->max_ssf) return -1; return 0; } /* * parameters: * p - entry point */ int sasl_server_add_plugin(const char *plugname, sasl_server_plug_init_t *p) { int plugcount; sasl_server_plug_t *pluglist; sasl_server_plug_init_t *entry_point; int result; int version; int lupe; if(!plugname || !p) return SASL_BADPARAM; entry_point = (sasl_server_plug_init_t *)p; /* call into the shared library asking for information about it */ /* version is filled in with the version of the plugin */ result = entry_point(mechlist->utils, SASL_SERVER_PLUG_VERSION, &version, &pluglist, &plugcount); if ((result != SASL_OK) && (result != SASL_NOUSER) && (result != SASL_CONTINUE)) { _sasl_log(NULL, SASL_LOG_DEBUG, "server add_plugin entry_point error %z\n", result); return result; } /* Make sure plugin is using the same SASL version as us */ if (version != SASL_SERVER_PLUG_VERSION) { _sasl_log(NULL, SASL_LOG_ERR, "version mismatch on plugin: %d expected, but %d reported", SASL_SERVER_PLUG_VERSION, version); return SASL_BADVERS; } for (lupe=0;lupe < plugcount ;lupe++, pluglist++) { mechanism_t *mech, *mp; mech = sasl_ALLOC(sizeof(mechanism_t)); if (! mech) return SASL_NOMEM; memset (mech, 0, sizeof(mechanism_t)); mech->m.plug = pluglist; if(_sasl_strdup(plugname, &mech->m.plugname, NULL) != SASL_OK) { sasl_FREE(mech); return SASL_NOMEM; } mech->m.version = version; /* whether this mech actually has any users in it's db */ mech->m.condition = result; /* SASL_OK, SASL_CONTINUE or SASL_NOUSER */ /* mech->m.f = NULL; */ /* sort mech_list by relative "strength" */ mp = mechlist->mech_list; if (!mp || mech_compare(pluglist, mp->m.plug) >= 0) { /* add mech to head of list */ mech->next = mechlist->mech_list; mechlist->mech_list = mech; } else { /* find where to insert mech into list */ while (mp->next && mech_compare(pluglist, mp->next->m.plug) <= 0) mp = mp->next; mech->next = mp->next; mp->next = mech; } mechlist->mech_length++; } return SASL_OK; } int sasl_server_done(void) { int result = SASL_CONTINUE; if (_sasl_server_cleanup_hook == NULL && _sasl_client_cleanup_hook == NULL) { return SASL_NOTINIT; } if (_sasl_server_cleanup_hook) { result = _sasl_server_cleanup_hook(); if (result == SASL_OK) { _sasl_server_idle_hook = NULL; _sasl_server_cleanup_hook = NULL; } else { return result; } } if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { return result; } sasl_common_done(); return SASL_OK; } static int server_done(void) { mechanism_t *m; mechanism_t *prevm; if(_sasl_server_active == 0) return SASL_NOTINIT; else _sasl_server_active--; if(_sasl_server_active) { /* Don't de-init yet! Our refcount is nonzero. */ return SASL_CONTINUE; } if (mechlist != NULL) { m=mechlist->mech_list; /* m point to beginning of the list */ while (m!=NULL) { prevm=m; m=m->next; if (prevm->m.plug->mech_free) { prevm->m.plug->mech_free(prevm->m.plug->glob_context, mechlist->utils); } sasl_FREE(prevm->m.plugname); sasl_FREE(prevm); } _sasl_free_utils(&mechlist->utils); sasl_FREE(mechlist); mechlist = NULL; } /* Free the auxprop plugins */ _sasl_auxprop_free(); global_callbacks.callbacks = NULL; global_callbacks.appname = NULL; return SASL_OK; } static int server_idle(sasl_conn_t *conn) { sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; mechanism_t *m; if (! mechlist) { return 0; } for (m = s_conn->mech_list; m != NULL; m = m->next) { if (m->m.plug->idle && m->m.plug->idle(m->m.plug->glob_context, conn, conn ? ((sasl_server_conn_t *)conn)->sparams : NULL)) { return 1; } } return 0; } static int load_config(const sasl_callback_t *verifyfile_cb) { int result; const char *path_to_config = NULL; size_t path_len; char *config_filename = NULL; size_t len; const sasl_callback_t *getconfpath_cb = NULL; const char * next; /* If appname was not provided, behave as if there is no config file (see also sasl_config_init() */ if (global_callbacks.appname == NULL) { return SASL_CONTINUE; } /* get the path to the config file */ getconfpath_cb = _sasl_find_getconfpath_callback( global_callbacks.callbacks ); if (getconfpath_cb == NULL) return SASL_BADPARAM; /* getconfpath_cb->proc MUST be a sasl_getconfpath_t; if only C had a type system */ result = ((sasl_getconfpath_t *)(getconfpath_cb->proc))(getconfpath_cb->context, (char **) &path_to_config); if (result != SASL_OK) goto done; if (path_to_config == NULL) path_to_config = ""; next = path_to_config; while (next != NULL) { next = strchr(path_to_config, PATHS_DELIMITER); /* length = length of path + '/' + length of appname + ".conf" + 1 for '\0' */ if (next != NULL) { path_len = next - path_to_config; next++; /* Skip to the next path */ } else { path_len = strlen(path_to_config); } len = path_len + 2 + strlen(global_callbacks.appname) + 5 + 1; if (len > PATH_MAX ) { result = SASL_FAIL; goto done; } /* construct the filename for the config file */ config_filename = sasl_ALLOC((unsigned)len); if (! config_filename) { result = SASL_NOMEM; goto done; } snprintf(config_filename, len, "%.*s%c%s.conf", path_len, path_to_config, HIER_DELIMITER, global_callbacks.appname); /* Ask the application if it's safe to use this file */ result = ((sasl_verifyfile_t *)(verifyfile_cb->proc))(verifyfile_cb->context, config_filename, SASL_VRFY_CONF); /* returns SASL_CONTINUE if the config file doesn't exist */ if (result == SASL_OK) { result = sasl_config_init(config_filename); if (result != SASL_CONTINUE) { /* We are done */ break; } } if (config_filename) { sasl_FREE(config_filename); config_filename = NULL; } path_to_config = next; } done: if (config_filename) sasl_FREE(config_filename); return result; } /* * Verify that all the callbacks are valid */ static int verify_server_callbacks(const sasl_callback_t *callbacks) { if (callbacks == NULL) return SASL_OK; while (callbacks->id != SASL_CB_LIST_END) { if (callbacks->proc==NULL) return SASL_FAIL; callbacks++; } return SASL_OK; } static char *grab_field(char *line, char **eofield) { int d = 0; char *field; while (isspace((int) *line)) line++; /* find end of field */ while (line[d] && !isspace(((int) line[d]))) d++; field = sasl_ALLOC(d + 1); if (!field) { return NULL; } memcpy(field, line, d); field[d] = '\0'; *eofield = line + d; return field; } struct secflag_map_s { char *name; int value; }; struct secflag_map_s secflag_map[] = { { "noplaintext", SASL_SEC_NOPLAINTEXT }, { "noactive", SASL_SEC_NOACTIVE }, { "nodictionary", SASL_SEC_NODICTIONARY }, { "forward_secrecy", SASL_SEC_FORWARD_SECRECY }, { "noanonymous", SASL_SEC_NOANONYMOUS }, { "pass_credentials", SASL_SEC_PASS_CREDENTIALS }, { "mutual_auth", SASL_SEC_MUTUAL_AUTH }, { NULL, 0x0 } }; static int parse_mechlist_file(const char *mechlistfile) { FILE *f; char buf[1024]; char *t, *ptr; int r = 0; f = fopen(mechlistfile, "r"); if (!f) return SASL_FAIL; r = SASL_OK; while (fgets(buf, sizeof(buf), f) != NULL) { mechanism_t *n = sasl_ALLOC(sizeof(mechanism_t)); sasl_server_plug_t *nplug; if (n == NULL) { r = SASL_NOMEM; break; } n->m.version = SASL_SERVER_PLUG_VERSION; n->m.condition = SASL_CONTINUE; nplug = sasl_ALLOC(sizeof(sasl_server_plug_t)); if (nplug == NULL) { r = SASL_NOMEM; break; } memset(nplug, 0, sizeof(sasl_server_plug_t)); /* each line is: plugin-file WS mech_name WS max_ssf *(WS security_flag) RET */ /* grab file */ n->m.f = grab_field(buf, &ptr); /* grab mech_name */ nplug->mech_name = grab_field(ptr, &ptr); /* grab max_ssf */ nplug->max_ssf = strtol(ptr, &ptr, 10); /* grab security flags */ while (*ptr != '\n') { struct secflag_map_s *map; /* read security flag */ t = grab_field(ptr, &ptr); map = secflag_map; while (map->name) { if (!strcasecmp(t, map->name)) { nplug->security_flags |= map->value; break; } map++; } if (!map->name) { _sasl_log(NULL, SASL_LOG_ERR, "%s: couldn't identify flag '%s'", nplug->mech_name, t); } free(t); } /* insert mechanism into mechlist */ n->m.plug = nplug; n->next = mechlist->mech_list; mechlist->mech_list = n; mechlist->mech_length++; } fclose(f); return r; } /* initialize server drivers, done once per process * callbacks -- callbacks for all server connections; must include * getopt callback * appname -- name of calling application * (for lower level logging and reading of the configuration file) * results: * state -- server state * returns: * SASL_OK -- success * SASL_BADPARAM -- error in config file * SASL_NOMEM -- memory failure * SASL_BADVERS -- Mechanism version mismatch */ int sasl_server_init(const sasl_callback_t *callbacks, const char *appname) { int ret; const sasl_callback_t *vf; const char *pluginfile = NULL; #ifdef PIC sasl_getopt_t *getopt; void *context; #endif const add_plugin_list_t ep_list[] = { { "sasl_server_plug_init", (add_plugin_t *)sasl_server_add_plugin }, { "sasl_auxprop_plug_init", (add_plugin_t *)sasl_auxprop_add_plugin }, { "sasl_canonuser_init", (add_plugin_t *)sasl_canonuser_add_plugin }, { NULL, NULL } }; /* lock allocation type */ _sasl_allocation_locked++; /* we require the appname (if present) to be short enough to be a path */ if (appname != NULL && strlen(appname) >= PATH_MAX) return SASL_BADPARAM; if (_sasl_server_active) { /* We're already active, just increase our refcount */ /* xxx do something with the callback structure? */ _sasl_server_active++; return SASL_OK; } ret = _sasl_common_init(&global_callbacks); if (ret != SASL_OK) return ret; /* verify that the callbacks look ok */ ret = verify_server_callbacks(callbacks); if (ret != SASL_OK) return ret; global_callbacks.callbacks = callbacks; /* A shared library calling sasl_server_init will pass NULL as appname. This should retain the original appname. */ if (appname != NULL) { global_callbacks.appname = appname; } /* If we fail now, we have to call server_done */ _sasl_server_active = 1; /* allocate mechlist and set it to empty */ mechlist = sasl_ALLOC(sizeof(mech_list_t)); if (mechlist == NULL) { server_done(); return SASL_NOMEM; } ret = init_mechlist(); if (ret != SASL_OK) { server_done(); return ret; } vf = _sasl_find_verifyfile_callback(callbacks); /* load config file if applicable */ ret = load_config(vf); if ((ret != SASL_OK) && (ret != SASL_CONTINUE)) { server_done(); return ret; } /* load internal plugins */ sasl_server_add_plugin("EXTERNAL", &external_server_plug_init); #ifdef PIC /* delayed loading of plugins? (DSO only, as it doesn't * make much [any] sense to delay in the static library case) */ if (_sasl_getcallback(NULL, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { /* No sasl_conn_t was given to getcallback, so we provide the * global callbacks structure */ ret = getopt(&global_callbacks, NULL, "plugin_list", &pluginfile, NULL); } #endif if (pluginfile != NULL) { /* this file should contain a list of plugins available. we'll load on demand. */ /* Ask the application if it's safe to use this file */ ret = ((sasl_verifyfile_t *)(vf->proc))(vf->context, pluginfile, SASL_VRFY_CONF); if (ret != SASL_OK) { _sasl_log(NULL, SASL_LOG_ERR, "unable to load plugin list %s: %z", pluginfile, ret); } if (ret == SASL_OK) { ret = parse_mechlist_file(pluginfile); } } else { /* load all plugins now */ ret = _sasl_load_plugins(ep_list, _sasl_find_getpath_callback(callbacks), _sasl_find_verifyfile_callback(callbacks)); } if (ret == SASL_OK) { _sasl_server_cleanup_hook = &server_done; _sasl_server_idle_hook = &server_idle; ret = _sasl_build_mechlist(); } else { server_done(); } return ret; } /* * Once we have the users plaintext password we * may want to transition them. That is put entries * for them in the passwd database for other * stronger mechanism * * for example PLAIN -> CRAM-MD5 */ static int _sasl_transition(sasl_conn_t * conn, const char * pass, unsigned passlen) { const char *dotrans = "n"; sasl_getopt_t *getopt; int result = SASL_OK; void *context; unsigned flags = 0; if (! conn) return SASL_BADPARAM; if (! conn->oparams.authid) PARAMERROR(conn); /* check if this is enabled: default to false */ if (_sasl_getcallback(conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { getopt(context, NULL, "auto_transition", &dotrans, NULL); if (dotrans == NULL) dotrans = "n"; } if (!strcmp(dotrans, "noplain")) flags |= SASL_SET_NOPLAIN; if (flags || *dotrans == '1' || *dotrans == 'y' || (*dotrans == 'o' && dotrans[1] == 'n') || *dotrans == 't') { /* ok, it's on! */ _sasl_log(conn, SASL_LOG_NOTE, "transitioning user %s to auxprop database", conn->oparams.authid); result = sasl_setpass(conn, conn->oparams.authid, pass, passlen, NULL, 0, SASL_SET_CREATE | flags); } RETURN(conn,result); } /* create context for a single SASL connection * service -- registered name of the service using SASL (e.g. "imap") * serverFQDN -- Fully qualified domain name of server. NULL means use * gethostname() or equivalent. * Useful for multi-homed servers. * user_realm -- permits multiple user realms on server, NULL = default * iplocalport -- server IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * ipremoteport -- client IPv4/IPv6 domain literal string with port * (if NULL, then mechanisms requiring IPaddr are disabled) * callbacks -- callbacks (e.g., authorization, lang, new getopt context) * flags -- usage flags (see above) * returns: * pconn -- new connection context * * returns: * SASL_OK -- success * SASL_NOMEM -- not enough memory */ int sasl_server_new(const char *service, const char *serverFQDN, const char *user_realm, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *callbacks, unsigned flags, sasl_conn_t **pconn) { int result; sasl_server_conn_t *serverconn; sasl_utils_t *utils; sasl_getopt_t *getopt; void *context; const char *log_level, *auto_trans; const char *mlist = NULL; int plus = 0; if (_sasl_server_active==0) return SASL_NOTINIT; if (! pconn) return SASL_FAIL; if (! service) return SASL_FAIL; *pconn=sasl_ALLOC(sizeof(sasl_server_conn_t)); if (*pconn==NULL) return SASL_NOMEM; memset(*pconn, 0, sizeof(sasl_server_conn_t)); serverconn = (sasl_server_conn_t *)*pconn; /* make sparams */ serverconn->sparams=sasl_ALLOC(sizeof(sasl_server_params_t)); if (serverconn->sparams==NULL) MEMERROR(*pconn); memset(serverconn->sparams, 0, sizeof(sasl_server_params_t)); (*pconn)->destroy_conn = &server_dispose; result = _sasl_conn_init(*pconn, service, flags, SASL_CONN_SERVER, &server_idle, serverFQDN, iplocalport, ipremoteport, callbacks, &global_callbacks); if (result != SASL_OK) goto done_error; /* set util functions - need to do rest */ utils=_sasl_alloc_utils(*pconn, &global_callbacks); if (!utils) { result = SASL_NOMEM; goto done_error; } utils->checkpass = &_sasl_checkpass; /* Setup the propctx -> We'll assume the default size */ serverconn->sparams->propctx=prop_new(0); if(!serverconn->sparams->propctx) { result = SASL_NOMEM; goto done_error; } serverconn->sparams->service = (*pconn)->service; serverconn->sparams->servicelen = (unsigned) strlen((*pconn)->service); if (global_callbacks.appname && global_callbacks.appname[0] != '\0') { result = _sasl_strdup (global_callbacks.appname, &serverconn->appname, NULL); if (result != SASL_OK) { result = SASL_NOMEM; goto done_error; } serverconn->sparams->appname = serverconn->appname; serverconn->sparams->applen = (unsigned) strlen(serverconn->sparams->appname); } else { serverconn->appname = NULL; serverconn->sparams->appname = NULL; serverconn->sparams->applen = 0; } serverconn->sparams->serverFQDN = (*pconn)->serverFQDN; serverconn->sparams->slen = (unsigned) strlen((*pconn)->serverFQDN); if (user_realm) { result = _sasl_strdup(user_realm, &serverconn->user_realm, NULL); serverconn->sparams->urlen = (unsigned) strlen(user_realm); serverconn->sparams->user_realm = serverconn->user_realm; } else { serverconn->user_realm = NULL; /* the sparams is already zeroed */ } serverconn->sparams->callbacks = callbacks; log_level = auto_trans = NULL; if(_sasl_getcallback(*pconn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { getopt(context, NULL, "log_level", &log_level, NULL); getopt(context, NULL, "auto_transition", &auto_trans, NULL); getopt(context, NULL, "mech_list", &mlist, NULL); } serverconn->sparams->log_level = log_level ? atoi(log_level) : SASL_LOG_ERR; serverconn->sparams->utils = utils; if (auto_trans && (*auto_trans == '1' || *auto_trans == 'y' || *auto_trans == 't' || (*auto_trans == 'o' && auto_trans[1] == 'n') || !strcmp(auto_trans, "noplain")) && sasl_auxprop_store(NULL, NULL, NULL) == SASL_OK) { serverconn->sparams->transition = &_sasl_transition; } /* if we have a mech_list, create ordered list of avail mechs for this conn */ if (mlist) { const char *cp; mechanism_t *mptr, *tail = NULL; while (*mlist) { /* find end of current mech name */ for (cp = mlist; *cp && !isspace((int) *cp); cp++); /* search for mech name in loaded plugins */ for (mptr = mechlist->mech_list; mptr; mptr = mptr->next) { const sasl_server_plug_t *plug = mptr->m.plug; if (_sasl_is_equal_mech(mlist, plug->mech_name, (size_t) (cp - mlist), &plus)) { /* found a match */ break; } } if (mptr) { mechanism_t *new = sasl_ALLOC(sizeof(mechanism_t)); if (!new) return SASL_NOMEM; memcpy(&new->m, &mptr->m, sizeof(server_sasl_mechanism_t)); new->next = NULL; if (!serverconn->mech_list) { serverconn->mech_list = new; tail = serverconn->mech_list; } else { tail->next = new; tail = new; } serverconn->mech_length++; } /* find next mech name */ mlist = cp; while (*mlist && isspace((int) *mlist)) mlist++; } } else { serverconn->mech_list = mechlist->mech_list; serverconn->mech_length = mechlist->mech_length; } serverconn->sparams->canon_user = &_sasl_canon_user_lookup; serverconn->sparams->props = serverconn->base.props; serverconn->sparams->flags = flags; if(result == SASL_OK) return SASL_OK; done_error: _sasl_conn_dispose(*pconn); sasl_FREE(*pconn); *pconn = NULL; return result; } /* * The rule is: * IF mech strength + external strength < min ssf THEN FAIL. * We also have to look at the security properties and make sure * that this mechanism has everything we want. */ static int mech_permitted(sasl_conn_t *conn, mechanism_t *mech) { sasl_server_conn_t *s_conn = (sasl_server_conn_t *)conn; const sasl_server_plug_t *plug; int ret; int myflags; context_list_t *cur; context_list_t *mech_context_list_entry = NULL; void *context = NULL; sasl_ssf_t minssf = 0; if(!conn) return SASL_NOMECH; if(! mech || ! mech->m.plug) { PARAMERROR(conn); return SASL_NOMECH; } plug = mech->m.plug; /* setup parameters for the call to mech_avail */ s_conn->sparams->serverFQDN=conn->serverFQDN; s_conn->sparams->service=conn->service; s_conn->sparams->user_realm=s_conn->user_realm; s_conn->sparams->props=conn->props; s_conn->sparams->external_ssf=conn->external.ssf; /* Check if we have banished this one already */ for (cur = s_conn->mech_contexts; cur; cur=cur->next) { if (cur->mech == mech) { /* If it's not mech_avail'd, then stop now */ if (!cur->context) { return SASL_NOMECH; } else { context = cur->context; mech_context_list_entry = cur; } break; } } if (conn->props.min_ssf < conn->external.ssf) { minssf = 0; } else { minssf = conn->props.min_ssf - conn->external.ssf; } /* Generic mechanism */ if (plug->max_ssf < minssf) { sasl_seterror(conn, SASL_NOLOG, "mech %s is too weak", plug->mech_name); return SASL_TOOWEAK; /* too weak */ } if (plug->mech_avail && (ret = plug->mech_avail(plug->glob_context, s_conn->sparams, (void **)&context)) != SASL_OK ) { if (ret == SASL_NOMECH) { /* Mark this mech as no good for this connection */ cur = sasl_ALLOC(sizeof(context_list_t)); if (!cur) { MEMERROR(conn); return SASL_NOMECH; } cur->context = NULL; cur->mech = mech; cur->next = s_conn->mech_contexts; s_conn->mech_contexts = cur; } /* SASL_NOTDONE might also get us here */ /* Error should be set by mech_avail call */ return SASL_NOMECH; } else if (context) { if (mech_context_list_entry != NULL) { /* Update the context. It shouldn't have changed, but who knows */ mech_context_list_entry->context = context; } else { /* Save this context */ cur = sasl_ALLOC(sizeof(context_list_t)); if (!cur) { MEMERROR(conn); return SASL_NOMECH; } cur->context = context; cur->mech = mech; cur->next = s_conn->mech_contexts; s_conn->mech_contexts = cur; } } /* Generic mechanism */ if (plug->max_ssf < minssf) { sasl_seterror(conn, SASL_NOLOG, "too weak"); return SASL_TOOWEAK; /* too weak */ } /* if there are no users in the secrets database we can't use this mechanism */ if (mech->m.condition == SASL_NOUSER) { sasl_seterror(conn, 0, "no users in secrets db"); return SASL_NOMECH; } /* Can it meet our features? */ if ((conn->flags & SASL_NEED_PROXY) && !(plug->features & SASL_FEAT_ALLOWS_PROXY)) { return SASL_NOMECH; } if ((conn->flags & SASL_NEED_HTTP) && !(plug->features & SASL_FEAT_SUPPORTS_HTTP)) { return SASL_NOMECH; } /* security properties---if there are any flags that differ and are in what the connection are requesting, then fail */ /* special case plaintext */ myflags = conn->props.security_flags; /* if there's an external layer this is no longer plaintext */ if ((conn->props.min_ssf <= conn->external.ssf) && (conn->external.ssf > 1)) { myflags &= ~SASL_SEC_NOPLAINTEXT; } /* do we want to special case SASL_SEC_PASS_CREDENTIALS? nah.. */ if ((myflags &= (myflags ^ plug->security_flags)) != 0) { sasl_seterror(conn, SASL_NOLOG, "security flags do not match required"); return (myflags & SASL_SEC_NOPLAINTEXT) ? SASL_ENCRYPT : SASL_NOMECH; } /* Check Features */ if (plug->features & SASL_FEAT_GETSECRET) { /* We no longer support sasl_server_{get,put}secret */ sasl_seterror(conn, 0, "mech %s requires unprovided secret facility", plug->mech_name); return SASL_NOMECH; } return SASL_OK; } /* * make the authorization * */ static int do_authorization(sasl_server_conn_t *s_conn) { int ret; sasl_authorize_t *authproc; void *auth_context; /* now let's see if authname is allowed to proxy for username! */ /* check the proxy callback */ if (_sasl_getcallback(&s_conn->base, SASL_CB_PROXY_POLICY, (sasl_callback_ft *)&authproc, &auth_context) != SASL_OK) { INTERROR(&s_conn->base, SASL_NOAUTHZ); } ret = authproc(&(s_conn->base), auth_context, s_conn->base.oparams.user, s_conn->base.oparams.ulen, s_conn->base.oparams.authid, s_conn->base.oparams.alen, s_conn->user_realm, (s_conn->user_realm ? (unsigned) strlen(s_conn->user_realm) : 0), s_conn->sparams->propctx); RETURN(&s_conn->base, ret); } /* start a mechanism exchange within a connection context * mech -- the mechanism name client requested * clientin -- client initial response (NUL terminated), NULL if empty * clientinlen -- length of initial response * serverout -- initial server challenge, NULL if done * (library handles freeing this string) * serveroutlen -- length of initial server challenge * output: * pconn -- the connection negotiation state on success * * Same returns as sasl_server_step() or * SASL_NOMECH if mechanism not available. */ int sasl_server_start(sasl_conn_t *conn, const char *mech, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen) { sasl_server_conn_t *s_conn=(sasl_server_conn_t *) conn; int result; context_list_t *cur, **prev; mechanism_t *m; size_t mech_len; int plus = 0; if (_sasl_server_active==0) return SASL_NOTINIT; /* check parameters */ if(!conn) return SASL_BADPARAM; if (!mech || ((clientin == NULL) && (clientinlen > 0))) PARAMERROR(conn); if (serverout) *serverout = NULL; if (serveroutlen) *serveroutlen = 0; /* make sure mech is valid mechanism if not return appropriate error */ m = s_conn->mech_list; mech_len = strlen(mech); while (m != NULL) { if (_sasl_is_equal_mech(mech, m->m.plug->mech_name, mech_len, &plus)) { break; } m = m->next; } if (m == NULL) { sasl_seterror(conn, 0, "Couldn't find mech %s", mech); result = SASL_NOMECH; goto done; } /* Make sure that we're willing to use this mech */ if ((result = mech_permitted(conn, m)) != SASL_OK) { goto done; } if (m->m.condition == SASL_CONTINUE) { sasl_server_plug_init_t *entry_point; void *library = NULL; sasl_server_plug_t *pluglist; int version, plugcount; int l = 0; /* need to load this plugin */ result = _sasl_get_plugin(m->m.f, _sasl_find_verifyfile_callback(global_callbacks.callbacks), &library); if (result == SASL_OK) { result = _sasl_locate_entry(library, "sasl_server_plug_init", (void **)&entry_point); } if (result == SASL_OK) { result = entry_point(mechlist->utils, SASL_SERVER_PLUG_VERSION, &version, &pluglist, &plugcount); } if (result == SASL_OK) { /* find the correct mechanism in this plugin */ for (l = 0; l < plugcount; l++) { if (!strcasecmp(pluglist[l].mech_name, m->m.plug->mech_name)) break; } if (l == plugcount) { result = SASL_NOMECH; } } if (result == SASL_OK) { /* check that the parameters are the same */ if ((pluglist[l].max_ssf != m->m.plug->max_ssf) || (pluglist[l].security_flags != m->m.plug->security_flags)) { _sasl_log(conn, SASL_LOG_ERR, "%s: security parameters don't match mechlist file", pluglist[l].mech_name); result = SASL_NOMECH; } } if (result == SASL_OK) { /* copy mechlist over */ sasl_FREE((sasl_server_plug_t *) m->m.plug); m->m.plug = &pluglist[l]; m->m.condition = SASL_OK; } if (result != SASL_OK) { /* The library will eventually be freed, don't sweat it */ RETURN(conn, result); } } if (conn->context) { s_conn->mech->m.plug->mech_dispose(conn->context, s_conn->sparams->utils); conn->context = NULL; } /* We used to setup sparams HERE, but now it's done inside of mech_permitted (which is called above) */ prev = &s_conn->mech_contexts; for (cur = *prev; cur; prev=&cur->next,cur=cur->next) { if (cur->mech == m) { if (!cur->context) { sasl_seterror(conn, 0, "Got past mech_permitted with a disallowed mech!"); return SASL_NOMECH; } /* If we find it, we need to pull cur out of the list so it won't be freed later! */ *prev = cur->next; conn->context = cur->context; sasl_FREE(cur); break; } } s_conn->mech = m; if (!conn->context) { /* Note that we don't hand over a new challenge */ result = s_conn->mech->m.plug->mech_new(s_conn->mech->m.plug->glob_context, s_conn->sparams, NULL, 0, &(conn->context)); } else { /* the work was already done by mech_avail! */ result = SASL_OK; } if (result == SASL_OK) { if (clientin) { if (s_conn->mech->m.plug->features & SASL_FEAT_SERVER_FIRST) { /* Remote sent first, but mechanism does not support it. * RFC 2222 says we fail at this point. */ sasl_seterror(conn, 0, "Remote sent first but mech does not allow it."); result = SASL_BADPROT; } else { /* Mech wants client-first, so let them have it */ result = sasl_server_step(conn, clientin, clientinlen, serverout, serveroutlen); } } else { if (s_conn->mech->m.plug->features & SASL_FEAT_WANT_CLIENT_FIRST) { /* Mech wants client first anyway, so we should do that */ if (serverout) *serverout = ""; if (serveroutlen) *serveroutlen = 0; result = SASL_CONTINUE; } else { /* Mech wants server-first, so let them have it */ result = sasl_server_step(conn, clientin, clientinlen, serverout, serveroutlen); } } } done: if ( result != SASL_OK && result != SASL_CONTINUE && result != SASL_INTERACT) { if (conn->context) { s_conn->mech->m.plug->mech_dispose(conn->context, s_conn->sparams->utils); conn->context = NULL; } conn->oparams.doneflag = 0; } RETURN(conn,result); } /* perform one step of the SASL exchange * clientinlen & clientin -- client data * NULL on first step if no optional client step * serveroutlen & serverout -- set to the server data to transmit * to the client in the next step * (library handles freeing this) * * returns: * SASL_OK -- exchange is complete. * SASL_CONTINUE -- indicates another step is necessary. * SASL_TRANS -- entry for user exists, but not for mechanism * and transition is possible * SASL_BADPARAM -- service name needed * SASL_BADPROT -- invalid input from client * ... */ int sasl_server_step(sasl_conn_t *conn, const char *clientin, unsigned clientinlen, const char **serverout, unsigned *serveroutlen) { int ret; sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; /* cast */ /* check parameters */ if (_sasl_server_active==0) return SASL_NOTINIT; if (!conn) return SASL_BADPARAM; if ((clientin==NULL) && (clientinlen>0)) PARAMERROR(conn); /* If we've already done the last send, return! */ if (s_conn->sent_last == 1) { return SASL_OK; } /* Don't do another step if the plugin told us that we're done */ if (conn->oparams.doneflag) { _sasl_log(conn, SASL_LOG_ERR, "attempting server step after doneflag"); return SASL_FAIL; } if (serverout) *serverout = NULL; if (serveroutlen) *serveroutlen = 0; ret = s_conn->mech->m.plug->mech_step(conn->context, s_conn->sparams, clientin, clientinlen, serverout, serveroutlen, &conn->oparams); if (ret == SASL_OK) { ret = do_authorization(s_conn); } if (ret == SASL_OK) { /* if we're done, we need to watch out for the following: * 1. the mech does server-send-last * 2. the protocol does not * * in this case, return SASL_CONTINUE and remember we are done. */ if(*serverout && !(conn->flags & SASL_SUCCESS_DATA)) { s_conn->sent_last = 1; ret = SASL_CONTINUE; } if(!conn->oparams.maxoutbuf) { conn->oparams.maxoutbuf = conn->props.maxbufsize; } /* Validate channel bindings */ switch (conn->oparams.cbindingdisp) { case SASL_CB_DISP_NONE: if (SASL_CB_CRITICAL(s_conn->sparams)) { sasl_seterror(conn, 0, "server requires channel binding but client provided none"); ret = SASL_BADBINDING; } break; case SASL_CB_DISP_WANT: if (SASL_CB_PRESENT(s_conn->sparams)) { sasl_seterror(conn, 0, "client incorrectly assumed server had no channel binding"); ret = SASL_BADAUTH; } break; case SASL_CB_DISP_USED: if (!SASL_CB_PRESENT(s_conn->sparams)) { sasl_seterror(conn, 0, "client provided channel binding but server had none"); ret = SASL_BADBINDING; } else if (strcmp(conn->oparams.cbindingname, s_conn->sparams->cbinding->name) != 0) { sasl_seterror(conn, 0, "client channel binding %s does not match server %s", conn->oparams.cbindingname, s_conn->sparams->cbinding->name); ret = SASL_BADBINDING; } break; } if (ret == SASL_OK && (conn->oparams.user == NULL || conn->oparams.authid == NULL)) { sasl_seterror(conn, 0, "mech did not call canon_user for both authzid " \ "and authid"); ret = SASL_BADPROT; } } if ( ret != SASL_OK && ret != SASL_CONTINUE && ret != SASL_INTERACT) { if (conn->context) { s_conn->mech->m.plug->mech_dispose(conn->context, s_conn->sparams->utils); conn->context = NULL; } conn->oparams.doneflag = 0; } RETURN(conn, ret); } /* returns the length of all the mechanisms * added up */ static unsigned mech_names_len(mechanism_t *mech_list) { mechanism_t *listptr; unsigned result = 0; for (listptr = mech_list; listptr; listptr = listptr->next) result += (unsigned) strlen(listptr->m.plug->mech_name); return result; } /* This returns a list of mechanisms in a NUL-terminated string * * The default behavior is to separate with spaces if sep == NULL */ int _sasl_server_listmech(sasl_conn_t *conn, const char *user __attribute__((unused)), const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount) { sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; /* cast */ int lup; mechanism_t *listptr; int ret; size_t resultlen; int flag; const char *mysep; /* if there hasn't been a sasl_sever_init() fail */ if (_sasl_server_active==0) return SASL_NOTINIT; if (!conn) return SASL_BADPARAM; if (conn->type != SASL_CONN_SERVER) PARAMERROR(conn); if (! result) PARAMERROR(conn); if (plen != NULL) *plen = 0; if (pcount != NULL) *pcount = 0; if (sep) { mysep = sep; } else { mysep = " "; } if (!s_conn->mech_list || s_conn->mech_length <= 0) INTERROR(conn, SASL_NOMECH); resultlen = (prefix ? strlen(prefix) : 0) + (strlen(mysep) * (s_conn->mech_length - 1) * 2) + (mech_names_len(s_conn->mech_list) * 2) /* including -PLUS variant */ + (s_conn->mech_length * (sizeof("-PLUS") - 1)) + (suffix ? strlen(suffix) : 0) + 1; ret = _buf_alloc(&conn->mechlist_buf, &conn->mechlist_buf_len, resultlen); if(ret != SASL_OK) MEMERROR(conn); if (prefix) strcpy (conn->mechlist_buf,prefix); else *(conn->mechlist_buf) = '\0'; listptr = s_conn->mech_list; flag = 0; /* make list */ for (lup = 0; lup < s_conn->mech_length; lup++) { /* currently, we don't use the "user" parameter for anything */ if (mech_permitted(conn, listptr) == SASL_OK) { /* * If the server would never succeed in the authentication of * the non-PLUS-variant due to policy reasons, it MUST advertise * only the PLUS-variant. */ if ((listptr->m.plug->features & SASL_FEAT_CHANNEL_BINDING) && SASL_CB_PRESENT(s_conn->sparams)) { if (pcount != NULL) { (*pcount)++; } if (flag) { strcat(conn->mechlist_buf, mysep); } else { flag = 1; } strcat(conn->mechlist_buf, listptr->m.plug->mech_name); strcat(conn->mechlist_buf, "-PLUS"); } /* * If the server cannot support channel binding, it SHOULD * advertise only the non-PLUS-variant. Here, supporting channel * binding means the underlying SASL mechanism supports it and * the application has set some channel binding data. */ if (!SASL_CB_PRESENT(s_conn->sparams) || !SASL_CB_CRITICAL(s_conn->sparams)) { if (pcount != NULL) { (*pcount)++; } if (flag) { strcat(conn->mechlist_buf, mysep); } else { flag = 1; } strcat(conn->mechlist_buf, listptr->m.plug->mech_name); } } listptr = listptr->next; } if (suffix) strcat(conn->mechlist_buf,suffix); if (plen!=NULL) *plen = (unsigned) strlen(conn->mechlist_buf); *result = conn->mechlist_buf; return SASL_OK; } sasl_string_list_t *_sasl_server_mechs(void) { mechanism_t *listptr; sasl_string_list_t *retval = NULL, *next=NULL; if(!_sasl_server_active) return NULL; /* make list */ for (listptr = mechlist->mech_list; listptr; listptr = listptr->next) { next = sasl_ALLOC(sizeof(sasl_string_list_t)); if(!next && !retval) return NULL; else if(!next) { next = retval->next; do { sasl_FREE(retval); retval = next; next = retval->next; } while(next); return NULL; } next->d = listptr->m.plug->mech_name; if(!retval) { next->next = NULL; retval = next; } else { next->next = retval; retval = next; } } return retval; } #define EOSTR(s,n) (((s)[n] == '\0') || ((s)[n] == ' ') || ((s)[n] == '\t')) static int is_mech(const char *t, const char *m) { size_t sl = strlen(m); return ((!strncasecmp(m, t, sl)) && EOSTR(t, sl)); } /* returns OK if it's valid */ static int _sasl_checkpass(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen) { sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; int result; sasl_getopt_t *getopt; sasl_server_userdb_checkpass_t *checkpass_cb; void *context; const char *mlist = NULL, *mech = NULL; struct sasl_verify_password_s *v; const char *service = conn->service; if (!userlen) userlen = (unsigned) strlen(user); if (!passlen) passlen = (unsigned) strlen(pass); /* call userdb callback function, if available */ result = _sasl_getcallback(conn, SASL_CB_SERVER_USERDB_CHECKPASS, (sasl_callback_ft *)&checkpass_cb, &context); if(result == SASL_OK && checkpass_cb) { result = checkpass_cb(conn, context, user, pass, passlen, s_conn->sparams->propctx); if(result == SASL_OK) return SASL_OK; } /* figure out how to check (i.e. auxprop or saslauthd or pwcheck) */ if (_sasl_getcallback(conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { getopt(context, NULL, "pwcheck_method", &mlist, NULL); } if(!mlist) mlist = DEFAULT_CHECKPASS_MECH; result = SASL_NOMECH; mech = mlist; while (*mech && result != SASL_OK) { for (v = _sasl_verify_password; v->name; v++) { if(is_mech(mech, v->name)) { result = v->verify(conn, user, pass, service, s_conn->user_realm); break; } } if (result != SASL_OK) { /* skip to next mech in list */ while (*mech && !isspace((int) *mech)) mech++; while (*mech && isspace((int) *mech)) mech++; } else if (!is_mech(mech, "auxprop") && s_conn->sparams->transition) { s_conn->sparams->transition(conn, pass, passlen); } } if (result == SASL_NOMECH) { /* no mechanism available ?!? */ _sasl_log(conn, SASL_LOG_ERR, "unknown password verifier(s) %s", mlist); } if (result != SASL_OK) sasl_seterror(conn, SASL_NOLOG, "checkpass failed"); RETURN(conn, result); } /* check if a plaintext password is valid * if user is NULL, check if plaintext passwords are enabled * inputs: * user -- user to query in current user_domain * userlen -- length of username, 0 = strlen(user) * pass -- plaintext password to check * passlen -- length of password, 0 = strlen(pass) * returns * SASL_OK -- success * SASL_NOMECH -- mechanism not supported * SASL_NOVERIFY -- user found, but no verifier * SASL_NOUSER -- user not found */ int sasl_checkpass(sasl_conn_t *conn, const char *user, unsigned userlen, const char *pass, unsigned passlen) { int result; if (_sasl_server_active==0) return SASL_NOTINIT; /* check if it's just a query if we are enabled */ if (!user) return SASL_OK; if (!conn) return SASL_BADPARAM; /* check params */ if (pass == NULL) PARAMERROR(conn); /* canonicalize the username */ result = _sasl_canon_user(conn, user, userlen, SASL_CU_AUTHID | SASL_CU_AUTHZID, &(conn->oparams)); if(result != SASL_OK) RETURN(conn, result); user = conn->oparams.user; /* Check the password and lookup additional properties */ result = _sasl_checkpass(conn, user, userlen, pass, passlen); /* Do authorization */ if(result == SASL_OK) { result = do_authorization((sasl_server_conn_t *)conn); } RETURN(conn,result); } /* check if a user exists on server * conn -- connection context (may be NULL, used to hold last error) * service -- registered name of the service using SASL (e.g. "imap") * user_realm -- permits multiple user realms on server, NULL = default * user -- NUL terminated user name * * returns: * SASL_OK -- success * SASL_DISABLED -- account disabled [FIXME: currently not detected] * SASL_NOUSER -- user not found * SASL_NOVERIFY -- user found, but no usable mechanism [FIXME: not supported] * SASL_NOMECH -- no mechanisms enabled * SASL_UNAVAIL -- remote authentication server unavailable, try again later */ int sasl_user_exists(sasl_conn_t *conn, const char *service, const char *user_realm, const char *user) { int result=SASL_NOMECH; const char *mlist = NULL, *mech = NULL; void *context; sasl_getopt_t *getopt; struct sasl_verify_password_s *v; /* check params */ if (_sasl_server_active==0) return SASL_NOTINIT; if (!conn) return SASL_BADPARAM; if (!user || conn->type != SASL_CONN_SERVER) PARAMERROR(conn); if(!service) service = conn->service; /* figure out how to check (i.e. auxprop or saslauthd or pwcheck) */ if (_sasl_getcallback(conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) { getopt(context, NULL, "pwcheck_method", &mlist, NULL); } if(!mlist) mlist = DEFAULT_CHECKPASS_MECH; result = SASL_NOMECH; mech = mlist; while (*mech && result != SASL_OK) { for (v = _sasl_verify_password; v->name; v++) { if(is_mech(mech, v->name)) { result = v->verify(conn, user, NULL, service, user_realm); break; } } if (result != SASL_OK) { /* skip to next mech in list */ while (*mech && !isspace((int) *mech)) mech++; while (*mech && isspace((int) *mech)) mech++; } } /* Screen out the SASL_BADPARAM response * we'll get from not giving a password */ if (result == SASL_BADPARAM) { result = SASL_OK; } if (result == SASL_NOMECH) { /* no mechanism available ?!? */ _sasl_log(conn, SASL_LOG_ERR, "no plaintext password verifier?"); sasl_seterror(conn, SASL_NOLOG, "no plaintext password verifier?"); } RETURN(conn, result); } /* check if an apop exchange is valid * (note this is an optional part of the SASL API) * if challenge is NULL, just check if APOP is enabled * inputs: * challenge -- challenge which was sent to client * challen -- length of challenge, 0 = strlen(challenge) * response -- client response, " " (RFC 1939) * resplen -- length of response, 0 = strlen(response) * returns * SASL_OK -- success * SASL_BADAUTH -- authentication failed * SASL_BADPARAM -- missing challenge * SASL_BADPROT -- protocol error (e.g., response in wrong format) * SASL_NOVERIFY -- user found, but no verifier * SASL_NOMECH -- mechanism not supported * SASL_NOUSER -- user not found */ int sasl_checkapop(sasl_conn_t *conn, #ifdef DO_SASL_CHECKAPOP const char *challenge, unsigned challen __attribute__((unused)), const char *response, unsigned resplen __attribute__((unused))) #else const char *challenge __attribute__((unused)), unsigned challen __attribute__((unused)), const char *response __attribute__((unused)), unsigned resplen __attribute__((unused))) #endif { #ifdef DO_SASL_CHECKAPOP sasl_server_conn_t *s_conn = (sasl_server_conn_t *) conn; char *user, *user_end; const char *password_request[] = { SASL_AUX_PASSWORD, NULL }; size_t user_len; int result; if (_sasl_server_active==0) return SASL_NOTINIT; /* check if it's just a query if we are enabled */ if(!challenge) return SASL_OK; /* check params */ if (!conn) return SASL_BADPARAM; if (!response) PARAMERROR(conn); /* Parse out username and digest. * * Per RFC 1939, response must be " ", where * is a 16-octet value which is sent in hexadecimal * format, using lower-case ASCII characters. */ user_end = strrchr(response, ' '); if (!user_end || strspn(user_end + 1, "0123456789abcdef") != 32) { sasl_seterror(conn, 0, "Bad Digest"); RETURN(conn,SASL_BADPROT); } user_len = (size_t)(user_end - response); user = sasl_ALLOC(user_len + 1); memcpy(user, response, user_len); user[user_len] = '\0'; result = prop_request(s_conn->sparams->propctx, password_request); if(result != SASL_OK) { sasl_FREE(user); RETURN(conn, result); } /* erase the plaintext password */ s_conn->sparams->utils->prop_erase(s_conn->sparams->propctx, password_request[0]); /* canonicalize the username and lookup any associated properties */ result = _sasl_canon_user_lookup (conn, user, user_len, SASL_CU_AUTHID | SASL_CU_AUTHZID, &(conn->oparams)); sasl_FREE(user); if(result != SASL_OK) RETURN(conn, result); /* Do APOP verification */ result = _sasl_auxprop_verify_apop(conn, conn->oparams.authid, challenge, user_end + 1, s_conn->user_realm); /* Do authorization */ if(result == SASL_OK) { result = do_authorization((sasl_server_conn_t *)conn); } else { /* If verification failed, we don't want to encourage getprop to work */ conn->oparams.user = NULL; conn->oparams.authid = NULL; } RETURN(conn, result); #else /* sasl_checkapop was disabled at compile time */ sasl_seterror(conn, SASL_NOLOG, "sasl_checkapop called, but was disabled at compile time"); RETURN(conn, SASL_NOMECH); #endif /* DO_SASL_CHECKAPOP */ } /* It would be nice if we can show other information like Author, Company, Year, plugin version */ static void _sasl_print_mechanism ( server_sasl_mechanism_t *m, sasl_info_callback_stage_t stage, void *rock __attribute__((unused)) ) { char delimiter; if (stage == SASL_INFO_LIST_START) { printf ("List of server plugins follows\n"); return; } else if (stage == SASL_INFO_LIST_END) { return; } /* Process the mechanism */ printf ("Plugin \"%s\" ", m->plugname); switch (m->condition) { case SASL_OK: printf ("[loaded]"); break; case SASL_CONTINUE: printf ("[delayed]"); break; case SASL_NOUSER: printf ("[no users]"); break; default: printf ("[unknown]"); break; } printf (", \tAPI version: %d\n", m->version); if (m->plug != NULL) { printf ("\tSASL mechanism: %s, best SSF: %d, supports setpass: %s\n", m->plug->mech_name, m->plug->max_ssf, (m->plug->setpass != NULL) ? "yes" : "no" ); printf ("\tsecurity flags:"); delimiter = ' '; if (m->plug->security_flags & SASL_SEC_NOANONYMOUS) { printf ("%cNO_ANONYMOUS", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_NOPLAINTEXT) { printf ("%cNO_PLAINTEXT", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_NOACTIVE) { printf ("%cNO_ACTIVE", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_NODICTIONARY) { printf ("%cNO_DICTIONARY", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_FORWARD_SECRECY) { printf ("%cFORWARD_SECRECY", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_PASS_CREDENTIALS) { printf ("%cPASS_CREDENTIALS", delimiter); delimiter = '|'; } if (m->plug->security_flags & SASL_SEC_MUTUAL_AUTH) { printf ("%cMUTUAL_AUTH", delimiter); delimiter = '|'; } printf ("\n\tfeatures:"); delimiter = ' '; if (m->plug->features & SASL_FEAT_WANT_CLIENT_FIRST) { printf ("%cWANT_CLIENT_FIRST", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_SERVER_FIRST) { printf ("%cSERVER_FIRST", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_ALLOWS_PROXY) { printf ("%cPROXY_AUTHENTICATION", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_DONTUSE_USERPASSWD) { printf ("%cDONTUSE_USERPASSWD", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_NEEDSERVERFQDN) { printf ("%cNEED_SERVER_FQDN", delimiter); delimiter = '|'; } /* Is this one used? */ if (m->plug->features & SASL_FEAT_SERVICE) { printf ("%cSERVICE", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_GETSECRET) { printf ("%cNEED_GETSECRET", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_GSS_FRAMING) { printf ("%cGSS_FRAMING", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_CHANNEL_BINDING) { printf ("%cCHANNEL_BINDING", delimiter); delimiter = '|'; } if (m->plug->features & SASL_FEAT_SUPPORTS_HTTP) { printf ("%cSUPPORTS_HTTP", delimiter); delimiter = '|'; } } if (m->f) { printf ("\n\twill be loaded from \"%s\"", m->f); } printf ("\n"); } /* Dump information about available server plugins (separate functions should be used for canon and auxprop plugins */ int sasl_server_plugin_info ( const char *c_mech_list, /* space separated mechanism list or NULL for ALL */ sasl_server_info_callback_t *info_cb, void *info_cb_rock ) { mechanism_t *m; server_sasl_mechanism_t plug_data; char * cur_mech; char *mech_list = NULL; char * p; if (info_cb == NULL) { info_cb = _sasl_print_mechanism; } if (mechlist != NULL) { info_cb (NULL, SASL_INFO_LIST_START, info_cb_rock); if (c_mech_list == NULL) { m = mechlist->mech_list; /* m point to beginning of the list */ while (m != NULL) { memcpy (&plug_data, &m->m, sizeof(plug_data)); info_cb (&plug_data, SASL_INFO_LIST_MECH, info_cb_rock); m = m->next; } } else { mech_list = strdup(c_mech_list); cur_mech = mech_list; while (cur_mech != NULL) { p = strchr (cur_mech, ' '); if (p != NULL) { *p = '\0'; p++; } m = mechlist->mech_list; /* m point to beginning of the list */ while (m != NULL) { if (strcasecmp (cur_mech, m->m.plug->mech_name) == 0) { memcpy (&plug_data, &m->m, sizeof(plug_data)); info_cb (&plug_data, SASL_INFO_LIST_MECH, info_cb_rock); } m = m->next; } cur_mech = p; } free (mech_list); } info_cb (NULL, SASL_INFO_LIST_END, info_cb_rock); return (SASL_OK); } return (SASL_NOTINIT); } cyrus-sasl-2.1.25/lib/getaddrinfo.c0000666000076400007640000001560307636133030014051 00000000000000/* * Mar 8, 2000 by Hajimu UMEMOTO * $Id: getaddrinfo.c,v 1.8 2003/03/19 18:25:28 rjs3 Exp $ * * This module is based on ssh-1.2.27-IPv6-1.5 written by * KIKUCHI Takahiro */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * fake library for ssh * * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). * These funtions are defined in rfc2133. * * But these functions are not implemented correctly. The minimum subset * is implemented for ssh use only. For exapmle, this routine assumes * that ai_family is AF_INET. Don't use it for another purpose. * * In the case not using 'configure --enable-ipv6', this getaddrinfo.c * will be used if you have broken getaddrinfo or no getaddrinfo. */ #include "config.h" #ifndef WIN32 #include # ifndef macintosh # include # endif /* macintosh */ #endif /* WIN32 */ #include #ifdef WIN32 /* : Windows socket library is missing inet_aton, emulate it with : inet_addr. inet_aton return 0 if the address is uncorrect, a non zero : value otherwise */ int inet_aton (const char *cp, struct in_addr *inp) { if (cp == NULL || inp == NULL) { return (0); } /* : handle special case */ if (strcmp (cp, "255.255.255.255") == 0) { inp->s_addr = (unsigned int) 0xFFFFFFFF; return (1); } inp->s_addr = inet_addr (cp); return (1); } #endif /* WIN32 */ static struct addrinfo * malloc_ai(int port, unsigned long addr, int socktype, int proto) { struct addrinfo *ai; ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); if (ai) { memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); ai->ai_addr = (struct sockaddr *)(ai + 1); /* XXX -- ssh doesn't use sa_len */ ai->ai_addrlen = sizeof(struct sockaddr_in); #ifdef HAVE_SOCKADDR_SA_LEN ai->ai_addr->sa_len = sizeof(struct sockaddr_in); #endif ai->ai_addr->sa_family = ai->ai_family = AF_INET; ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; ai->ai_socktype = socktype; ai->ai_protocol = proto; return ai; } else { return NULL; } } char * gai_strerror(int ecode) { switch (ecode) { case EAI_NODATA: return "no address associated with hostname."; case EAI_MEMORY: return "memory allocation failure."; case EAI_FAMILY: return "ai_family not supported."; case EAI_SERVICE: return "servname not supported for ai_socktype."; default: return "unknown error."; } } void freeaddrinfo(struct addrinfo *ai) { struct addrinfo *next; if (ai->ai_canonname) free(ai->ai_canonname); do { next = ai->ai_next; free(ai); } while ((ai = next) != NULL); } int getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res) { struct addrinfo *cur, *prev = NULL; struct hostent *hp; struct in_addr in; int i, port = 0, socktype, proto; if (hints && hints->ai_family != PF_INET && hints->ai_family != PF_UNSPEC) return EAI_FAMILY; socktype = (hints && hints->ai_socktype) ? hints->ai_socktype : SOCK_STREAM; if (hints && hints->ai_protocol) proto = hints->ai_protocol; else { switch (socktype) { case SOCK_DGRAM: proto = IPPROTO_UDP; break; case SOCK_STREAM: proto = IPPROTO_TCP; break; default: proto = 0; break; } } if (servname) { if (isdigit((int)*servname)) port = htons((short) atoi(servname)); else { struct servent *se; char *pe_proto; switch (socktype) { case SOCK_DGRAM: pe_proto = "udp"; break; case SOCK_STREAM: pe_proto = "tcp"; break; default: pe_proto = NULL; break; } /* xxx thread safety ? */ if ((se = getservbyname(servname, pe_proto)) == NULL) return EAI_SERVICE; port = se->s_port; } } if (!hostname) { if (hints && hints->ai_flags & AI_PASSIVE) *res = malloc_ai(port, htonl(0x00000000), socktype, proto); else *res = malloc_ai(port, htonl(0x7f000001), socktype, proto); if (*res) return 0; else return EAI_MEMORY; } #if HAVE_INET_ATON if (inet_aton(hostname, &in)) #else if ((in.s_addr = inet_addr(hostname)) != -1) #endif { *res = malloc_ai(port, in.s_addr, socktype, proto); if (*res) return 0; else return EAI_MEMORY; } if (hints && hints->ai_flags & AI_NUMERICHOST) return EAI_NODATA; #ifndef macintosh /* xxx thread safety? / gethostbyname_r */ if ((hp = gethostbyname(hostname)) && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { for (i = 0; hp->h_addr_list[i]; i++) { if ((cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr, socktype, proto)) == NULL) { if (*res) freeaddrinfo(*res); return EAI_MEMORY; } if (prev) prev->ai_next = cur; else *res = cur; prev = cur; } if (hints && hints->ai_flags & AI_CANONNAME && *res) { /* NOT sasl_strdup for compatibility */ if (((*res)->ai_canonname = strdup(hp->h_name)) == NULL) { freeaddrinfo(*res); return EAI_MEMORY; } } return 0; } #endif return EAI_NODATA; } cyrus-sasl-2.1.25/lib/NTMakefile0000757000076400007640000001030111632365035013313 00000000000000!INCLUDE ..\win32\common.mak # WS2tcpip.h included in Visual Studio 7 provides getaddrinfo, ... # emulation on Windows, so there is no need to build getaddrinfo.c !IF "$(VCVER)" == "6" compat_sources = getaddrinfo.c getnameinfo.c compat_objs = getaddrinfo.obj getnameinfo.obj !ENDIF libsasl_sources = auxprop.c canonusr.c checkpw.c client.c common.c config.c external.c md5.c saslutil.c server.c seterror.c windlopen.c getsubopt.c plugin_common.c plugin_common.h $(compat_sources) libsasl_objs = auxprop.obj canonusr.obj checkpw.obj client.obj common.obj config.obj external.obj md5.obj saslutil.obj server.obj seterror.obj windlopen.obj getsubopt.obj plugin_common.obj $(compat_objs) libsasl_res = libsasl.res libsasl_out = libsasl.dll libsasl.exp libsasl.lib $(libsasl_res) CPPFLAGS = /wd4996 /Wp64 /D NEED_GETOPT /I "..\win32\include" /I "." /I "..\include" /D "WIN32" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "LIBSASL_EXPORTS" !IF $(TARGET_WIN_SYSTEM) >= 51 CPPFLAGS = /D TARGET_WIN_SYSTEM=$(TARGET_WIN_SYSTEM) $(CPPFLAGS) !ENDIF all_objs = $(libsasl_objs) all_out = $(libsasl_out) libdir = $(prefix)\lib bindir = $(prefix)\bin exclude_list = binexclude.lst all: all-recursive # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # # In order to force xcopy not to confirm if the second parameter is file or directory, # the first parameter has to contain a wildcard character. For example, we use libsasl.l*, # instead of libsasl.lib. Ugly, but works! # install: libsasl.dll @echo libsasl.exp > $(exclude_list) @echo libsasl.res >> $(exclude_list) @echo libsasl.dll.manifest >> $(exclude_list) # .lib is excluded only because it is copied separately below @echo libsasl.lib >> $(exclude_list) @xcopy libsasl.* $(bindir) /I /F /Y /EXCLUDE:$(exclude_list) @xcopy libsasl.l* $(libdir) /I /F /Y all-recursive: libsasl.dll libsasl.dll: $(libsasl_objs) $(libsasl_res) $(LINK32DLL) @<< $(LINK32DLL_FLAGS) /out:"libsasl.dll" /implib:"libsasl.lib" /pdb:"libsasl.pdb" $(libsasl_objs) $(libsasl_res) << IF EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;2 plugin_common.c: ..\plugins\plugin_common.c plugin_common.h copy ..\plugins\plugin_common.c . plugin_common.h: ..\plugins\plugin_common.h copy ..\plugins\plugin_common.h . auxprop.obj checkpw.obj client.obj common.obj external.obj plugin_common.obj server.obj seterror.obj: ..\include\saslplug.h auxprop.obj canonusr.obj checkpw.obj client.obj common.obj config.obj external.obj getsubopt.obj md5.obj plugin_common.obj server.obj seterror.obj windlopen.obj: ..\include\sasl.h ..\include\prop.h auxprop.obj canonusr.obj checkpw.obj client.obj common.obj config.obj dlopen.obj external.obj saslutil.obj server.obj seterror.obj windlopen.obj: saslint.h CLEAN : -@erase $(all_objs) -@erase "*.idb" -@erase "*.pdb" -@erase "*.manifest" -@erase $(all_out) -@erase plugin_common.h -@erase plugin_common.c -@erase $(exclude_list) $(libsasl_res): NTMakefile rc /fo"$(libsasl_res)" << #include "afxres.h" VS_VERSION_INFO VERSIONINFO FILEVERSION $(SASL_VERSION_MAJOR),$(SASL_VERSION_MINOR),$(SASL_VERSION_STEP),0 PRODUCTVERSION $(SASL_VERSION_MAJOR),$(SASL_VERSION_MINOR),$(SASL_VERSION_STEP),0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L #else FILEFLAGS 0x0L #endif FILEOS 0x40004L FILETYPE 0x1L FILESUBTYPE 0x0L BEGIN BLOCK "StringFileInfo" BEGIN BLOCK "040904b0" BEGIN VALUE "CompanyName", "Carnegie Mellon University\0" VALUE "FileDescription", "CMU SASL API v2\0" VALUE "FileVersion", "$(SASL_VERSION_MAJOR).$(SASL_VERSION_MINOR).$(SASL_VERSION_STEP).0\0" VALUE "InternalName", "libsasl\0" VALUE "LegalCopyright", "Copyright (c) Carnegie Mellon University 2002-2011\0" VALUE "OriginalFilename", "libsasl.dll\0" VALUE "ProductName", "Carnegie Mellon University SASL\0" VALUE "ProductVersion", "$(SASL_VERSION_MAJOR).$(SASL_VERSION_MINOR).$(SASL_VERSION_STEP)-0" END END BLOCK "VarFileInfo" BEGIN VALUE "Translation", 0x409, 1200 END END << .c.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cpp.obj:: $(CPP) @<< $(CPP_PROJ) $< << .cxx.obj:: $(CPP) @<< $(CPP_PROJ) $< << cyrus-sasl-2.1.25/lib/md5.c0000666000076400007640000004122507723672414012262 00000000000000/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm */ /* Function names changed to avoid namespace collisions: Rob Siemborski */ /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ #include #include "md5global.h" #include "md5.h" #include "hmac-md5.h" #ifndef WIN32 # include #endif /* Constants for MD5Transform routine. */ #define S11 7 #define S12 12 #define S13 17 #define S14 22 #define S21 5 #define S22 9 #define S23 14 #define S24 20 #define S31 4 #define S32 11 #define S33 16 #define S34 23 #define S41 6 #define S42 10 #define S43 15 #define S44 21 static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); static void Encode PROTO_LIST ((unsigned char *, UINT4 *, unsigned int)); static void Decode PROTO_LIST ((UINT4 *, const unsigned char *, unsigned int)); static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); static unsigned char PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* F, G, H and I are basic MD5 functions. */ #ifdef I /* This might be defined via NANA */ #undef I #endif #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) #define H(x, y, z) ((x) ^ (y) ^ (z)) #define I(x, y, z) ((y) ^ ((x) | (~z))) /* ROTATE_LEFT rotates x left n bits. */ #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. Rotation is separate from addition to prevent recomputation. */ #define FF(a, b, c, d, x, s, ac) { (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } #define GG(a, b, c, d, x, s, ac) { (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } #define HH(a, b, c, d, x, s, ac) { (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } #define II(a, b, c, d, x, s, ac) { (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); (a) = ROTATE_LEFT ((a), (s)); (a) += (b); } /* MD5 initialization. Begins an MD5 operation, writing a new context. */ void _sasl_MD5Init (context) MD5_CTX *context; /* context */ { context->count[0] = context->count[1] = 0; /* Load magic initialization constants. */ context->state[0] = 0x67452301; context->state[1] = 0xefcdab89; context->state[2] = 0x98badcfe; context->state[3] = 0x10325476; } /* MD5 block update operation. Continues an MD5 message-digest operation, processing another message block, and updating the context. */ void _sasl_MD5Update (context, input, inputLen) MD5_CTX *context; /* context */ const unsigned char *input; /* input block */ unsigned int inputLen; /* length of input block */ { unsigned int i, index, partLen; /* Compute number of bytes mod 64 */ index = (unsigned int)((context->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((context->count[0] += ((UINT4)inputLen << 3)) < ((UINT4)inputLen << 3)) context->count[1]++; context->count[1] += ((UINT4)inputLen >> 29); partLen = 64 - index; /* Transform as many times as possible. */ if (inputLen >= partLen) { MD5_memcpy ((POINTER)&context->buffer[index], (POINTER)input, partLen); MD5Transform (context->state, context->buffer); for (i = partLen; i + 63 < inputLen; i += 64) MD5Transform (context->state, &input[i]); index = 0; } else i = 0; /* Buffer remaining input */ MD5_memcpy ((POINTER)&context->buffer[index], (POINTER)&input[i], inputLen-i); } /* MD5 finalization. Ends an MD5 message-digest operation, writing the the message digest and zeroizing the context. */ void _sasl_MD5Final (digest, context) unsigned char digest[16]; /* message digest */ MD5_CTX *context; /* context */ { unsigned char bits[8]; unsigned int index, padLen; /* Save number of bits */ Encode (bits, context->count, 8); /* Pad out to 56 mod 64. */ index = (unsigned int)((context->count[0] >> 3) & 0x3f); padLen = (index < 56) ? (56 - index) : (120 - index); _sasl_MD5Update (context, PADDING, padLen); /* Append length (before padding) */ _sasl_MD5Update (context, bits, 8); /* Store state in digest */ Encode (digest, context->state, 16); /* Zeroize sensitive information. */ MD5_memset ((POINTER)context, 0, sizeof (*context)); } /* MD5 basic transformation. Transforms state based on block. */ static void MD5Transform (state, block) UINT4 state[4]; const unsigned char block[64]; { UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode (x, block, 64); /* Round 1 */ FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ /* Round 2 */ GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ /* Round 3 */ HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ /* Round 4 */ II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ state[0] += a; state[1] += b; state[2] += c; state[3] += d; /* Zeroize sensitive information. */ MD5_memset ((POINTER)x, 0, sizeof (x)); } /* Encodes input (UINT4) into output (unsigned char). Assumes len is a multiple of 4. */ static void Encode (output, input, len) unsigned char *output; UINT4 *input; unsigned int len; { unsigned int i, j; for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (unsigned char)(input[i] & 0xff); output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); } } /* Decodes input (unsigned char) into output (UINT4). Assumes len is a multiple of 4. */ static void Decode (output, input, len) UINT4 *output; const unsigned char *input; unsigned int len; { unsigned int i, j; for (i = 0, j = 0; j < len; i++, j += 4) output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); } /* Note: Replace "for loop" with standard memcpy if possible. */ static void MD5_memcpy (output, input, len) POINTER output; POINTER input; unsigned int len; { unsigned int i; for (i = 0; i < len; i++) output[i] = input[i]; } /* Note: Replace "for loop" with standard memset if possible. */ static void MD5_memset (output, value, len) POINTER output; int value; unsigned int len; { unsigned int i; for (i = 0; i < len; i++) ((char *)output)[i] = (char)value; } void _sasl_hmac_md5_init(HMAC_MD5_CTX *hmac, const unsigned char *key, int key_len) { unsigned char k_ipad[65]; /* inner padding - * key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - * key XORd with opad */ unsigned char tk[16]; int i; /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { MD5_CTX tctx; _sasl_MD5Init(&tctx); _sasl_MD5Update(&tctx, key, key_len); _sasl_MD5Final(tk, &tctx); key = tk; key_len = 16; } /* * the HMAC_MD5 transform looks like: * * MD5(K XOR opad, MD5(K XOR ipad, text)) * * where K is an n byte key * ipad is the byte 0x36 repeated 64 times * opad is the byte 0x5c repeated 64 times * and text is the data being protected */ /* start out by storing key in pads */ MD5_memset((POINTER)k_ipad, '\0', sizeof k_ipad); MD5_memset((POINTER)k_opad, '\0', sizeof k_opad); MD5_memcpy( k_ipad, (POINTER)key, key_len); MD5_memcpy( k_opad, (POINTER)key, key_len); /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; k_opad[i] ^= 0x5c; } _sasl_MD5Init(&hmac->ictx); /* init inner context */ _sasl_MD5Update(&hmac->ictx, k_ipad, 64); /* apply inner pad */ _sasl_MD5Init(&hmac->octx); /* init outer context */ _sasl_MD5Update(&hmac->octx, k_opad, 64); /* apply outer pad */ /* scrub the pads and key context (if used) */ MD5_memset((POINTER)&k_ipad, 0, sizeof(k_ipad)); MD5_memset((POINTER)&k_opad, 0, sizeof(k_opad)); MD5_memset((POINTER)&tk, 0, sizeof(tk)); /* and we're done. */ } /* The precalc and import routines here rely on the fact that we pad * the key out to 64 bytes and use that to initialize the md5 * contexts, and that updating an md5 context with 64 bytes of data * leaves nothing left over; all of the interesting state is contained * in the state field, and none of it is left over in the count and * buffer fields. So all we have to do is save the state field; we * can zero the others when we reload it. Which is why the decision * was made to pad the key out to 64 bytes in the first place. */ void _sasl_hmac_md5_precalc(HMAC_MD5_STATE *state, const unsigned char *key, int key_len) { HMAC_MD5_CTX hmac; unsigned lupe; _sasl_hmac_md5_init(&hmac, key, key_len); for (lupe = 0; lupe < 4; lupe++) { state->istate[lupe] = htonl(hmac.ictx.state[lupe]); state->ostate[lupe] = htonl(hmac.octx.state[lupe]); } MD5_memset((POINTER)&hmac, 0, sizeof(hmac)); } void _sasl_hmac_md5_import(HMAC_MD5_CTX *hmac, HMAC_MD5_STATE *state) { unsigned lupe; MD5_memset((POINTER)hmac, 0, sizeof(HMAC_MD5_CTX)); for (lupe = 0; lupe < 4; lupe++) { hmac->ictx.state[lupe] = ntohl(state->istate[lupe]); hmac->octx.state[lupe] = ntohl(state->ostate[lupe]); } /* Init the counts to account for our having applied * 64 bytes of key; this works out to 0x200 (64 << 3; see * MD5Update above...) */ hmac->ictx.count[0] = hmac->octx.count[0] = 0x200; } void _sasl_hmac_md5_final(unsigned char digest[HMAC_MD5_SIZE], HMAC_MD5_CTX *hmac) { _sasl_MD5Final(digest, &hmac->ictx); /* Finalize inner md5 */ _sasl_MD5Update(&hmac->octx, digest, 16); /* Update outer ctx */ _sasl_MD5Final(digest, &hmac->octx); /* Finalize outer md5 */ } void _sasl_hmac_md5(text, text_len, key, key_len, digest) const unsigned char* text; /* pointer to data stream */ int text_len; /* length of data stream */ const unsigned char* key; /* pointer to authentication key */ int key_len; /* length of authentication key */ unsigned char *digest; /* caller digest to be filled in */ { MD5_CTX context; unsigned char k_ipad[65]; /* inner padding - * key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - * key XORd with opad */ unsigned char tk[16]; int i; /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { MD5_CTX tctx; _sasl_MD5Init(&tctx); _sasl_MD5Update(&tctx, key, key_len); _sasl_MD5Final(tk, &tctx); key = tk; key_len = 16; } /* * the HMAC_MD5 transform looks like: * * MD5(K XOR opad, MD5(K XOR ipad, text)) * * where K is an n byte key * ipad is the byte 0x36 repeated 64 times * opad is the byte 0x5c repeated 64 times * and text is the data being protected */ /* start out by storing key in pads */ MD5_memset(k_ipad, '\0', sizeof k_ipad); MD5_memset(k_opad, '\0', sizeof k_opad); MD5_memcpy( k_ipad, (POINTER)key, key_len); MD5_memcpy( k_opad, (POINTER)key, key_len); /* XOR key with ipad and opad values */ for (i=0; i<64; i++) { k_ipad[i] ^= 0x36; k_opad[i] ^= 0x5c; } /* * perform inner MD5 */ _sasl_MD5Init(&context); /* init context for 1st * pass */ _sasl_MD5Update(&context, k_ipad, 64); /* start with inner pad */ _sasl_MD5Update(&context, text, text_len); /* then text of datagram */ _sasl_MD5Final(digest, &context); /* finish up 1st pass */ /* * perform outer MD5 */ _sasl_MD5Init(&context); /* init context for 2nd * pass */ _sasl_MD5Update(&context, k_opad, 64); /* start with outer pad */ _sasl_MD5Update(&context, digest, 16); /* then results of 1st * hash */ _sasl_MD5Final(digest, &context); /* finish up 2nd pass */ } cyrus-sasl-2.1.25/lib/snprintf.c0000666000076400007640000004327107535727253013446 00000000000000/************************************************************** * Original: * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 * A bombproof version of doprnt (dopr) included. * Sigh. This sort of thing is always nasty do deal with. Note that * the version here does not include floating point... * * snprintf() is used instead of sprintf() as it does limit checks * for string length. This covers a nasty loophole. * * The other functions are there to prevent NULL pointers from * causing nast effects. * * More Recently: * Brandon Long 9/15/96 for mutt 0.43 * This was ugly. It is still ugly. I opted out of floating point * numbers, but the formatter understands just about everything * from the normal C string format, at least as far as I can tell from * the Solaris 2.5 printf(3S) man page. * * Brandon Long 10/22/97 for mutt 0.87.1 * Ok, added some minimal floating point support, which means this * probably requires libm on most operating systems. Don't yet * support the exponent (e,E) and sigfig (g,G). Also, fmtint() * was pretty badly broken, it just wasn't being exercised in ways * which showed it, so that's been fixed. Also, formated the code * to mutt conventions, and removed dead code left over from the * original. Also, there is now a builtin-test, just compile with: * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm * and run snprintf for results. * * Thomas Roessler 01/27/98 for mutt 0.89i * The PGP code was using unsigned hexadecimal formats. * Unfortunately, unsigned formats simply didn't work. * * Michael Elkins 03/05/98 for mutt 0.90.8 * The original code assumed that both snprintf() and vsnprintf() were * missing. Some systems only have snprintf() but not vsnprintf(), so * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. * **************************************************************/ #include #if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) #include # include #include /* varargs declarations: */ #if defined(HAVE_STDARG_H) # include # define HAVE_STDARGS /* let's hope that works everywhere (mj) */ # define VA_LOCAL_DECL va_list ap # define VA_START(f) va_start(ap, f) # define VA_SHIFT(v,t) ; /* no-op for ANSI */ # define VA_END va_end(ap) #else # if defined(HAVE_VARARGS_H) # include # undef HAVE_STDARGS # define VA_LOCAL_DECL va_list ap # define VA_START(f) va_start(ap) /* f is ignored! */ # define VA_SHIFT(v,t) v = va_arg(ap,t) # define VA_END va_end(ap) # else /*XX ** NO VARARGS ** XX*/ # endif #endif /*int snprintf (char *str, size_t count, const char *fmt, ...);*/ /*int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);*/ static void dopr (char *buffer, size_t maxlen, const char *format, va_list args); static void fmtstr (char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); static void fmtint (char *buffer, size_t *currlen, size_t maxlen, long value, int base, int min, int max, int flags); static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, long double fvalue, int min, int max, int flags); static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c ); /* * dopr(): poor man's version of doprintf */ /* format read states */ #define DP_S_DEFAULT 0 #define DP_S_FLAGS 1 #define DP_S_MIN 2 #define DP_S_DOT 3 #define DP_S_MAX 4 #define DP_S_MOD 5 #define DP_S_CONV 6 #define DP_S_DONE 7 /* format flags - Bits */ #define DP_F_MINUS (1 << 0) #define DP_F_PLUS (1 << 1) #define DP_F_SPACE (1 << 2) #define DP_F_NUM (1 << 3) #define DP_F_ZERO (1 << 4) #define DP_F_UP (1 << 5) #define DP_F_UNSIGNED (1 << 6) /* Conversion Flags */ #define DP_C_SHORT 1 #define DP_C_LONG 2 #define DP_C_LDOUBLE 3 #define char_to_int(p) (p - '0') #define MAX(p,q) ((p >= q) ? p : q) static void dopr (char *buffer, size_t maxlen, const char *format, va_list args) { char ch; long value; long double fvalue; char *strvalue; int min; int max; int state; int flags; int cflags; size_t currlen; state = DP_S_DEFAULT; currlen = flags = cflags = min = 0; max = -1; ch = *format++; while (state != DP_S_DONE) { if ((ch == '\0') || (currlen >= maxlen)) state = DP_S_DONE; switch(state) { case DP_S_DEFAULT: if (ch == '%') state = DP_S_FLAGS; else dopr_outch (buffer, &currlen, maxlen, ch); ch = *format++; break; case DP_S_FLAGS: switch (ch) { case '-': flags |= DP_F_MINUS; ch = *format++; break; case '+': flags |= DP_F_PLUS; ch = *format++; break; case ' ': flags |= DP_F_SPACE; ch = *format++; break; case '#': flags |= DP_F_NUM; ch = *format++; break; case '0': flags |= DP_F_ZERO; ch = *format++; break; default: state = DP_S_MIN; break; } break; case DP_S_MIN: if (isdigit((unsigned char)ch)) { min = 10*min + char_to_int (ch); ch = *format++; } else if (ch == '*') { min = va_arg (args, int); ch = *format++; state = DP_S_DOT; } else state = DP_S_DOT; break; case DP_S_DOT: if (ch == '.') { state = DP_S_MAX; ch = *format++; } else state = DP_S_MOD; break; case DP_S_MAX: if (isdigit((unsigned char)ch)) { if (max < 0) max = 0; max = 10*max + char_to_int (ch); ch = *format++; } else if (ch == '*') { max = va_arg (args, int); ch = *format++; state = DP_S_MOD; } else state = DP_S_MOD; break; case DP_S_MOD: /* Currently, we don't support Long Long, bummer */ switch (ch) { case 'h': cflags = DP_C_SHORT; ch = *format++; break; case 'l': cflags = DP_C_LONG; ch = *format++; break; case 'L': cflags = DP_C_LDOUBLE; ch = *format++; break; default: break; } state = DP_S_CONV; break; case DP_S_CONV: switch (ch) { case 'd': case 'i': if (cflags == DP_C_SHORT) value = va_arg (args, short int); else if (cflags == DP_C_LONG) value = va_arg (args, long int); else value = va_arg (args, int); fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); break; case 'o': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) value = va_arg (args, unsigned short int); else if (cflags == DP_C_LONG) value = va_arg (args, unsigned long int); else value = va_arg (args, unsigned int); fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags); break; case 'u': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) value = va_arg (args, unsigned short int); else if (cflags == DP_C_LONG) value = va_arg (args, unsigned long int); else value = va_arg (args, unsigned int); fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); break; case 'X': flags |= DP_F_UP; case 'x': flags |= DP_F_UNSIGNED; if (cflags == DP_C_SHORT) value = va_arg (args, unsigned short int); else if (cflags == DP_C_LONG) value = va_arg (args, unsigned long int); else value = va_arg (args, unsigned int); fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags); break; case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, long double); else fvalue = va_arg (args, double); /* um, floating point? */ fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); break; case 'E': flags |= DP_F_UP; case 'e': if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, long double); else fvalue = va_arg (args, double); break; case 'G': flags |= DP_F_UP; case 'g': if (cflags == DP_C_LDOUBLE) fvalue = va_arg (args, long double); else fvalue = va_arg (args, double); break; case 'c': dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); break; case 's': strvalue = va_arg (args, char *); if (max < 0) max = maxlen; /* ie, no max */ fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max); break; case 'p': strvalue = va_arg (args, void *); fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); break; case 'n': if (cflags == DP_C_SHORT) { short int *num; num = va_arg (args, short int *); *num = currlen; } else if (cflags == DP_C_LONG) { long int *num; num = va_arg (args, long int *); *num = currlen; } else { int *num; num = va_arg (args, int *); *num = currlen; } break; case '%': dopr_outch (buffer, &currlen, maxlen, ch); break; case 'w': /* not supported yet, treat as next char */ ch = *format++; break; default: /* Unknown, skip */ break; } ch = *format++; state = DP_S_DEFAULT; flags = cflags = min = 0; max = -1; break; case DP_S_DONE: break; default: /* hmm? */ break; /* some picky compilers need this */ } } if (currlen < maxlen - 1) buffer[currlen] = '\0'; else buffer[maxlen - 1] = '\0'; } static void fmtstr (char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max) { int padlen, strln; /* amount to pad */ int cnt = 0; if (value == 0) { value = ""; } for (strln = 0; value[strln]; ++strln); /* strlen */ padlen = min - strln; if (padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justify */ while ((padlen > 0) && (cnt < max)) { dopr_outch (buffer, currlen, maxlen, ' '); --padlen; ++cnt; } while (*value && (cnt < max)) { dopr_outch (buffer, currlen, maxlen, *value++); ++cnt; } while ((padlen < 0) && (cnt < max)) { dopr_outch (buffer, currlen, maxlen, ' '); ++padlen; ++cnt; } } /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ static void fmtint (char *buffer, size_t *currlen, size_t maxlen, long value, int base, int min, int max, int flags) { int signvalue = 0; unsigned long uvalue; char convert[20]; int place = 0; int spadlen = 0; /* amount to space pad */ int zpadlen = 0; /* amount to zero pad */ int caps = 0; if (max < 0) max = 0; uvalue = value; if(!(flags & DP_F_UNSIGNED)) { if( value < 0 ) { signvalue = '-'; uvalue = -value; } else if (flags & DP_F_PLUS) /* Do a sign (+/i) */ signvalue = '+'; else if (flags & DP_F_SPACE) signvalue = ' '; } if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ do { convert[place++] = (caps? "0123456789ABCDEF":"0123456789abcdef") [uvalue % (unsigned)base ]; uvalue = (uvalue / (unsigned)base ); } while(uvalue && (place < 20)); if (place == 20) place--; convert[place] = 0; zpadlen = max - place; spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) spadlen = 0; if (flags & DP_F_ZERO) { zpadlen = MAX(zpadlen, spadlen); spadlen = 0; } if (flags & DP_F_MINUS) spadlen = -spadlen; /* Left Justifty */ #ifdef DEBUG_SNPRINTF dprint (1, (debugfile, "zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", zpadlen, spadlen, min, max, place)); #endif /* Spaces */ while (spadlen > 0) { dopr_outch (buffer, currlen, maxlen, ' '); --spadlen; } /* Sign */ if (signvalue) dopr_outch (buffer, currlen, maxlen, signvalue); /* Zeros */ if (zpadlen > 0) { while (zpadlen > 0) { dopr_outch (buffer, currlen, maxlen, '0'); --zpadlen; } } /* Digits */ while (place > 0) dopr_outch (buffer, currlen, maxlen, convert[--place]); /* Left Justified spaces */ while (spadlen < 0) { dopr_outch (buffer, currlen, maxlen, ' '); ++spadlen; } } static long double abs_val (long double value) { long double result = value; if (value < 0) result = -value; return result; } static long double pow10 (int exp) { long double result = 1; while (exp) { result *= 10; exp--; } return result; } static long round (long double value) { long intpart; intpart = value; value = value - intpart; if (value >= 0.5) intpart++; return intpart; } static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, long double fvalue, int min, int max, int flags) { int signvalue = 0; long double ufvalue; char iconvert[20]; char fconvert[20]; int iplace = 0; int fplace = 0; int padlen = 0; /* amount to pad */ int zpadlen = 0; int caps = 0; long intpart; long fracpart; /* * AIX manpage says the default is 0, but Solaris says the default * is 6, and sprintf on AIX defaults to 6 */ if (max < 0) max = 6; ufvalue = abs_val (fvalue); if (fvalue < 0) signvalue = '-'; else if (flags & DP_F_PLUS) /* Do a sign (+/i) */ signvalue = '+'; else if (flags & DP_F_SPACE) signvalue = ' '; #if 0 if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ #endif intpart = ufvalue; /* * Sorry, we only support 9 digits past the decimal because of our * conversion method */ if (max > 9) max = 9; /* We "cheat" by converting the fractional part to integer by * multiplying by a factor of 10 */ fracpart = round ((pow10 (max)) * (ufvalue - intpart)); if (fracpart >= pow10 (max)) { intpart++; fracpart -= pow10 (max); } #ifdef DEBUG_SNPRINTF dprint (1, (debugfile, "fmtfp: %f =? %d.%d\n", fvalue, intpart, fracpart)); #endif /* Convert integer part */ do { iconvert[iplace++] = (caps? "0123456789ABCDEF":"0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); } while(intpart && (iplace < 20)); if (iplace == 20) iplace--; iconvert[iplace] = 0; /* Convert fractional part */ do { fconvert[fplace++] = (caps? "0123456789ABCDEF":"0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); } while(fracpart && (fplace < 20)); if (fplace == 20) fplace--; fconvert[fplace] = 0; /* -1 for decimal point, another -1 if we are printing a sign */ padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); zpadlen = max - fplace; if (zpadlen < 0) zpadlen = 0; if (padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justifty */ if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { dopr_outch (buffer, currlen, maxlen, signvalue); --padlen; signvalue = 0; } while (padlen > 0) { dopr_outch (buffer, currlen, maxlen, '0'); --padlen; } } while (padlen > 0) { dopr_outch (buffer, currlen, maxlen, ' '); --padlen; } if (signvalue) dopr_outch (buffer, currlen, maxlen, signvalue); while (iplace > 0) dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]); /* * Decimal point. This should probably use locale to find the correct * char to print out. */ dopr_outch (buffer, currlen, maxlen, '.'); while (fplace > 0) dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); while (zpadlen > 0) { dopr_outch (buffer, currlen, maxlen, '0'); --zpadlen; } while (padlen < 0) { dopr_outch (buffer, currlen, maxlen, ' '); ++padlen; } } static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c) { if (*currlen < maxlen) buffer[(*currlen)++] = c; } #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ #ifndef HAVE_VSNPRINTF int vsnprintf (char *str, size_t count, const char *fmt, va_list args) { str[0] = 0; dopr(str, count, fmt, args); return(strlen(str)); } #endif /* !HAVE_VSNPRINTF */ #ifndef HAVE_SNPRINTF /* VARARGS3 */ #ifdef HAVE_STDARGS int snprintf (char *str,size_t count,const char *fmt,...) #else int snprintf (va_alist) va_dcl #endif { #ifndef HAVE_STDARGS char *str; size_t count; char *fmt; #endif VA_LOCAL_DECL; VA_START (fmt); VA_SHIFT (str, char *); VA_SHIFT (count, size_t ); VA_SHIFT (fmt, char *); (void) vsnprintf(str, count, fmt, ap); VA_END; return(strlen(str)); } #ifdef TEST_SNPRINTF #ifndef LONG_STRING #define LONG_STRING 1024 #endif int main (void) { char buf1[LONG_STRING]; char buf2[LONG_STRING]; char *fp_fmt[] = { "%-1.5f", "%1.5f", "%123.9f", "%10.5f", "% 10.5f", "%+22.9f", "%+4.9f", "%01.3f", "%4f", "%3.1f", "%3.2f", NULL }; double fp_nums[] = { -1.5, 134.21, 91340.2, 341.1234, 0203.9, 0.96, 0.996, 0.9996, 1.996, 4.136, 0}; char *int_fmt[] = { "%-1.5d", "%1.5d", "%123.9d", "%5.5d", "%10.5d", "% 10.5d", "%+22.33d", "%01.3d", "%4d", NULL }; long int_nums[] = { -1, 134, 91340, 341, 0203, 0}; int x, y; int fail = 0; int num = 0; printf ("Testing snprintf format codes against system sprintf...\n"); for (x = 0; fp_fmt[x] != NULL ; x++) for (y = 0; fp_nums[y] != 0 ; y++) { snprintf (buf1, sizeof (buf1), fp_fmt[x], fp_nums[y]); sprintf (buf2, fp_fmt[x], fp_nums[y]); if (strcmp (buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", fp_fmt[x], buf1, buf2); fail++; } num++; } for (x = 0; int_fmt[x] != NULL ; x++) for (y = 0; int_nums[y] != 0 ; y++) { snprintf (buf1, sizeof (buf1), int_fmt[x], int_nums[y]); sprintf (buf2, int_fmt[x], int_nums[y]); if (strcmp (buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", int_fmt[x], buf1, buf2); fail++; } num++; } printf ("%d tests failed out of %d.\n", fail, num); } #endif /* SNPRINTF_TEST */ #endif /* !HAVE_SNPRINTF */ cyrus-sasl-2.1.25/lib/Makefile.am0000646000076400007640000000736211631155042013451 00000000000000# Makefile.am for the SASL library # Rob Earhart # $Id: Makefile.am,v 1.88 2011/09/05 14:18:10 murch Exp $ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Library version info - here at the top, for sanity sasl_version = 2:25:0 INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb EXTRA_DIST = windlopen.c staticopen.h NTMakefile EXTRA_LIBRARIES = libsasl2.a noinst_LIBRARIES = @SASL_STATIC_LIBS@ libsasl2_a_SOURCES= BUILT_SOURCES = $(SASL_STATIC_SRCS) common_headers = saslint.h common_sources = auxprop.c canonusr.c checkpw.c client.c common.c config.c external.c md5.c saslutil.c server.c seterror.c dlopen.c ../plugins/plugin_common.c LTLIBOBJS = @LTLIBOBJS@ LIBOBJS = @LIBOBJS@ LIB_DOOR= @LIB_DOOR@ lib_LTLIBRARIES = libsasl2.la libsasl2_la_SOURCES = $(common_sources) $(common_headers) libsasl2_la_LDFLAGS = -version-info $(sasl_version) libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) if MACOSX framedir = /Library/Frameworks/SASL2.framework install-exec-hook: $(mkinstalldirs) $(framedir)/Versions/A ln -fs $(libdir)/libsasl2.dylib $(framedir)/Versions/A/SASL2 cd $(framedir) ; ln -fs Versions/A/SASL2 . else install-exec-hook: endif libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) @echo adding static plugins and dependencies $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ if test ! -f $$i; then continue; fi; . $$i; \ for j in $$dependency_libs foo; do \ case $$j in foo) ;; \ -L*) for k in $$depdirs foo; do \ if test $$k = $$j; then break; fi; done; \ if test $$k = foo; then depdirs="$$depdirs $$j"; fi ;; \ -l*) for k in $$deplibs foo; do \ if test $$k = $$j; then break; fi; done; \ if test $$k = foo; then deplibs="$$deplibs $$j"; fi ;; \ esac; done; dependency_libs=""; done; \ sed -e "/^dependency_libs=/s%=.*%='$${depdirs}$${deplibs}'%" \ libsasl2.la >TMP.$$ && mv TMP.$$ libsasl2.la rm -f $@ ln -s .libs/$@ $@ $(SASL_STATIC_SRCS): linksrcs linksrcs: -ln -s $(SASL_STATIC_SRCS) . cyrus-sasl-2.1.25/lib/common.c0000646000076400007640000021715611630151331013051 00000000000000/* common.c - Functions that are common to server and clinet * Rob Siemborski * Tim Martin * $Id: common.c,v 1.133 2011/09/01 14:12:53 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #ifdef HAVE_SYSLOG #include #endif #include #include #include #include #include #include #include "saslint.h" #ifdef HAVE_UNISTD_H #include #endif static const char *implementation_string = "Cyrus SASL"; #define VSTR0(maj, min, step) #maj "." #min "." #step #define VSTR(maj, min, step) VSTR0(maj, min, step) #define SASL_VERSION_STRING VSTR(SASL_VERSION_MAJOR, SASL_VERSION_MINOR, \ SASL_VERSION_STEP) static int _sasl_getpath(void *context __attribute__((unused)), const char **path); static int _sasl_getpath_simple(void *context __attribute__((unused)), const char **path); static int _sasl_getconfpath(void *context __attribute__((unused)), char ** path); static int _sasl_getconfpath_simple(void *context __attribute__((unused)), const char **path); #if !defined(WIN32) static char * _sasl_get_default_unix_path(void *context __attribute__((unused)), char * env_var_name, char * default_value); #else /* NB: Always returned allocated value */ static char * _sasl_get_default_win_path(void *context __attribute__((unused)), char * reg_attr_name, char * default_value); #endif static const char build_ident[] = "$Build: libsasl " PACKAGE "-" VERSION " $"; /* It turns out to be convenient to have a shared sasl_utils_t */ LIBSASL_VAR const sasl_utils_t *sasl_global_utils = NULL; /* Should be a null-terminated array that lists the available mechanisms */ static char **global_mech_list = NULL; void *free_mutex = NULL; int (*_sasl_client_cleanup_hook)(void) = NULL; int (*_sasl_server_cleanup_hook)(void) = NULL; int (*_sasl_client_idle_hook)(sasl_conn_t *conn) = NULL; int (*_sasl_server_idle_hook)(sasl_conn_t *conn) = NULL; sasl_allocation_utils_t _sasl_allocation_utils={ (sasl_malloc_t *) &malloc, (sasl_calloc_t *) &calloc, (sasl_realloc_t *) &realloc, (sasl_free_t *) &free }; int _sasl_allocation_locked = 0; #define SASL_ENCODEV_EXTRA 4096 /* Default getpath/getconfpath callbacks. These can be edited by sasl_set_path(). */ static sasl_callback_t default_getpath_cb = { SASL_CB_GETPATH, (sasl_callback_ft)&_sasl_getpath, NULL }; static sasl_callback_t default_getconfpath_cb = { SASL_CB_GETCONFPATH, (sasl_callback_ft)&_sasl_getconfpath, NULL }; static char * default_plugin_path = NULL; static char * default_conf_path = NULL; static int _sasl_global_getopt(void *context, const char *plugin_name, const char *option, const char ** result, unsigned *len); /* Intenal mutex functions do as little as possible (no thread protection) */ static void *sasl_mutex_alloc(void) { return (void *)0x1; } static int sasl_mutex_lock(void *mutex __attribute__((unused))) { return SASL_OK; } static int sasl_mutex_unlock(void *mutex __attribute__((unused))) { return SASL_OK; } static void sasl_mutex_free(void *mutex __attribute__((unused))) { return; } sasl_mutex_utils_t _sasl_mutex_utils={ &sasl_mutex_alloc, &sasl_mutex_lock, &sasl_mutex_unlock, &sasl_mutex_free }; void sasl_set_mutex(sasl_mutex_alloc_t *n, sasl_mutex_lock_t *l, sasl_mutex_unlock_t *u, sasl_mutex_free_t *d) { /* Disallow mutex function changes once sasl_client_init and/or sasl_server_init is called */ if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { return; } _sasl_mutex_utils.alloc=n; _sasl_mutex_utils.lock=l; _sasl_mutex_utils.unlock=u; _sasl_mutex_utils.free=d; } /* copy a string to malloced memory */ int _sasl_strdup(const char *in, char **out, size_t *outlen) { size_t len = strlen(in); if (outlen) *outlen = len; *out=sasl_ALLOC((unsigned) len + 1); if (! *out) return SASL_NOMEM; strcpy((char *) *out, in); return SASL_OK; } /* adds a string to the buffer; reallocing if need be */ int _sasl_add_string(char **out, size_t *alloclen, size_t *outlen, const char *add) { size_t addlen; if (add==NULL) add = "(null)"; addlen=strlen(add); /* only compute once */ if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK) return SASL_NOMEM; strncpy(*out + *outlen, add, addlen); *outlen += addlen; return SASL_OK; } /* a simpler way to set plugin path or configuration file path * without the need to set sasl_getpath_t callback. * * This function can be called before sasl_server_init/sasl_client_init. * * Don't call this function without locking in a multithreaded application. */ int sasl_set_path (int path_type, char * path) { int result; if (path == NULL) { return (SASL_FAIL); } switch (path_type) { case SASL_PATH_TYPE_PLUGIN: if (default_plugin_path != NULL) { sasl_FREE (default_plugin_path); default_plugin_path = NULL; } result = _sasl_strdup (path, &default_plugin_path, NULL); if (result != SASL_OK) { return (result); } /* Update the default getpath_t callback */ default_getpath_cb.proc = (sasl_callback_ft)&_sasl_getpath_simple; break; case SASL_PATH_TYPE_CONFIG: if (default_conf_path != NULL) { sasl_FREE (default_conf_path); default_conf_path = NULL; } result = _sasl_strdup (path, &default_conf_path, NULL); if (result != SASL_OK) { return (result); } /* Update the default getpath_t callback */ default_getconfpath_cb.proc = (sasl_callback_ft)&_sasl_getconfpath_simple; break; default: return (SASL_FAIL); } return (SASL_OK); } /* return the version of the cyrus sasl library as compiled, * using 32 bits: high byte is major version, second byte is minor version, * low 16 bits are step #. * Patch version is not available using this function, * use sasl_version_info() instead. */ void sasl_version(const char **implementation, int *version) { if(implementation) *implementation = implementation_string; /* NB: the format is not the same as in SASL_VERSION_FULL */ if(version) *version = (SASL_VERSION_MAJOR << 24) | (SASL_VERSION_MINOR << 16) | (SASL_VERSION_STEP); } /* Extended version of sasl_version above */ void sasl_version_info (const char **implementation, const char **version_string, int *version_major, int *version_minor, int *version_step, int *version_patch) { if (implementation) *implementation = implementation_string; if (version_string) *version_string = SASL_VERSION_STRING; if (version_major) *version_major = SASL_VERSION_MAJOR; if (version_minor) *version_minor = SASL_VERSION_MINOR; if (version_step) *version_step = SASL_VERSION_STEP; /* Version patch is always 0 for CMU SASL */ if (version_patch) *version_patch = 0; } /* security-encode a regular string. Mostly a wrapper for sasl_encodev */ /* output is only valid until next call to sasl_encode or sasl_encodev */ int sasl_encode(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { int result; struct iovec tmp; if(!conn) return SASL_BADPARAM; if(!input || !inputlen || !output || !outputlen) PARAMERROR(conn); /* maxoutbuf checking is done in sasl_encodev */ /* Note: We are casting a const pointer here, but it's okay * because we believe people downstream of us are well-behaved, and the * alternative is an absolute mess, performance-wise. */ tmp.iov_base = (void *)input; tmp.iov_len = inputlen; result = sasl_encodev(conn, &tmp, 1, output, outputlen); RETURN(conn, result); } /* Internal function that doesn't do any verification */ static int _sasl_encodev (sasl_conn_t *conn, const struct iovec *invec, unsigned numiov, int * p_num_packets, /* number of packets generated so far */ const char **output, /* previous output, if *p_num_packets > 0 */ unsigned *outputlen) { int result; char * new_buf; assert (conn->oparams.encode != NULL); if (*p_num_packets == 1) { /* This is the second call to this function, so we need to allocate a new output buffer and copy existing data there. */ conn->multipacket_encoded_data.curlen = *outputlen; if (conn->multipacket_encoded_data.data == NULL) { conn->multipacket_encoded_data.reallen = conn->multipacket_encoded_data.curlen + SASL_ENCODEV_EXTRA; conn->multipacket_encoded_data.data = sasl_ALLOC(conn->multipacket_encoded_data.reallen + 1); if (conn->multipacket_encoded_data.data == NULL) { MEMERROR(conn); } } else { /* A buffer left from a previous sasl_encodev call. Make sure it is big enough. */ if (conn->multipacket_encoded_data.curlen > conn->multipacket_encoded_data.reallen) { conn->multipacket_encoded_data.reallen = conn->multipacket_encoded_data.curlen + SASL_ENCODEV_EXTRA; new_buf = sasl_REALLOC(conn->multipacket_encoded_data.data, conn->multipacket_encoded_data.reallen + 1); if (new_buf == NULL) { MEMERROR(conn); } conn->multipacket_encoded_data.data = new_buf; } } memcpy (conn->multipacket_encoded_data.data, *output, *outputlen); } result = conn->oparams.encode(conn->context, invec, numiov, output, outputlen); if (*p_num_packets > 0 && result == SASL_OK) { /* Is the allocated buffer big enough? If not, grow it. */ if ((conn->multipacket_encoded_data.curlen + *outputlen) > conn->multipacket_encoded_data.reallen) { conn->multipacket_encoded_data.reallen = conn->multipacket_encoded_data.curlen + *outputlen; new_buf = sasl_REALLOC(conn->multipacket_encoded_data.data, conn->multipacket_encoded_data.reallen + 1); if (new_buf == NULL) { MEMERROR(conn); } conn->multipacket_encoded_data.data = new_buf; } /* Append new data to the end of the buffer */ memcpy (conn->multipacket_encoded_data.data + conn->multipacket_encoded_data.curlen, *output, *outputlen); conn->multipacket_encoded_data.curlen += *outputlen; *output = conn->multipacket_encoded_data.data; *outputlen = (unsigned)conn->multipacket_encoded_data.curlen; } (*p_num_packets)++; RETURN(conn, result); } /* security-encode an iovec */ /* output is only valid until the next call to sasl_encode or sasl_encodev */ int sasl_encodev(sasl_conn_t *conn, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { int result = SASL_OK; unsigned i; unsigned j; size_t total_size = 0; struct iovec *cur_invec = NULL; struct iovec last_invec; unsigned cur_numiov; char * next_buf = NULL; size_t remainder_len; unsigned index_offset; unsigned allocated = 0; /* Number of generated SASL packets */ int num_packets = 0; if (!conn) return SASL_BADPARAM; if (! invec || ! output || ! outputlen || numiov < 1) { PARAMERROR(conn); } if (!conn->props.maxbufsize) { sasl_seterror(conn, 0, "called sasl_encode[v] with application that does not support security layers"); return SASL_TOOWEAK; } /* If oparams.encode is NULL, this means there is no SASL security layer in effect, so no SASL framing is needed. */ if (conn->oparams.encode == NULL) { result = _iovec_to_buf(invec, numiov, &conn->encode_buf); if (result != SASL_OK) INTERROR(conn, result); *output = conn->encode_buf->data; *outputlen = (unsigned) conn->encode_buf->curlen; RETURN(conn, result); } /* This might be better to check on a per-plugin basis, but I think * it's cleaner and more effective here. It also encourages plugins * to be honest about what they accept */ last_invec.iov_base = NULL; remainder_len = 0; next_buf = NULL; i = 0; while (i < numiov) { if ((total_size + invec[i].iov_len) > conn->oparams.maxoutbuf) { /* CLAIM: total_size < conn->oparams.maxoutbuf */ /* Fit as many bytes in last_invec, so that we have conn->oparams.maxoutbuf bytes in total. */ last_invec.iov_len = conn->oparams.maxoutbuf - total_size; /* Point to the first byte of the current record. */ last_invec.iov_base = invec[i].iov_base; /* Note that total_size < conn->oparams.maxoutbuf */ /* The total size of the iov is bigger then the other end can accept. So we allocate a new iov that contains just enough. */ /* +1 --- for the tail record */ cur_numiov = i + 1; /* +1 --- just in case we need the head record */ if ((cur_numiov + 1) > allocated) { struct iovec *new_invec; allocated = cur_numiov + 1; new_invec = sasl_REALLOC (cur_invec, sizeof(struct iovec) * allocated); if (new_invec == NULL) { if (cur_invec != NULL) { sasl_FREE(cur_invec); } MEMERROR(conn); } cur_invec = new_invec; } if (next_buf != NULL) { cur_invec[0].iov_base = next_buf; cur_invec[0].iov_len = (long)remainder_len; cur_numiov++; index_offset = 1; } else { index_offset = 0; } if (i > 0) { /* Copy all previous chunks */ /* NOTE - The starting index in invec is always 0 */ for (j = 0; j < i; j++) { cur_invec[j + index_offset] = invec[j]; } } /* Initialize the last record */ cur_invec[i + index_offset] = last_invec; result = _sasl_encodev (conn, cur_invec, cur_numiov, &num_packets, output, outputlen); if (result != SASL_OK) { goto cleanup; } /* Point to the first byte that wouldn't fit into the conn->oparams.maxoutbuf buffer. */ /* Note, if next_buf points to the very end of the IOV record, it will be reset to NULL below */ /* Note, that some platforms define iov_base as "void *", thus the typecase below */ next_buf = (char *) last_invec.iov_base + last_invec.iov_len; /* Note - remainder_len is how many bytes left to be encoded in the current IOV slot. */ remainder_len = (total_size + invec[i].iov_len) - conn->oparams.maxoutbuf; /* Skip all consumed IOV records */ invec += i + 1; numiov = numiov - (i + 1); i = 0; while (remainder_len > conn->oparams.maxoutbuf) { last_invec.iov_base = next_buf; last_invec.iov_len = conn->oparams.maxoutbuf; /* Note, if next_buf points to the very end of the IOV record, it will be reset to NULL below */ /* Note, that some platforms define iov_base as "void *", thus the typecase below */ next_buf = (char *) last_invec.iov_base + last_invec.iov_len; remainder_len = remainder_len - conn->oparams.maxoutbuf; result = _sasl_encodev (conn, &last_invec, 1, &num_packets, output, outputlen); if (result != SASL_OK) { goto cleanup; } } total_size = remainder_len; if (remainder_len == 0) { /* Just clear next_buf */ next_buf = NULL; } } else { total_size += invec[i].iov_len; i++; } } /* CLAIM - The remaining data is shorter then conn->oparams.maxoutbuf. */ /* Force encoding of any partial buffer. Might not be optimal on the wire. */ if (next_buf != NULL) { last_invec.iov_base = next_buf; last_invec.iov_len = (long)remainder_len; result = _sasl_encodev (conn, &last_invec, 1, &num_packets, output, outputlen); if (result != SASL_OK) { goto cleanup; } } if (numiov > 0) { result = _sasl_encodev (conn, invec, numiov, &num_packets, output, outputlen); } cleanup: if (cur_invec != NULL) { sasl_FREE(cur_invec); } RETURN(conn, result); } /* output is only valid until next call to sasl_decode */ int sasl_decode(sasl_conn_t *conn, const char *input, unsigned inputlen, const char **output, unsigned *outputlen) { int result; if(!conn) return SASL_BADPARAM; if(!input || !output || !outputlen) PARAMERROR(conn); if(!conn->props.maxbufsize) { sasl_seterror(conn, 0, "called sasl_decode with application that does not support security layers"); RETURN(conn, SASL_TOOWEAK); } if(conn->oparams.decode == NULL) { /* Since we know how long the output is maximally, we can * just allocate it to begin with, and never need another * allocation! */ /* However, if they pass us more than they actually can take, * we cannot help them... */ if(inputlen > conn->props.maxbufsize) { sasl_seterror(conn, 0, "input too large for default sasl_decode"); RETURN(conn,SASL_BUFOVER); } if(!conn->decode_buf) conn->decode_buf = sasl_ALLOC(conn->props.maxbufsize + 1); if(!conn->decode_buf) MEMERROR(conn); memcpy(conn->decode_buf, input, inputlen); conn->decode_buf[inputlen] = '\0'; *output = conn->decode_buf; *outputlen = inputlen; return SASL_OK; } else { result = conn->oparams.decode(conn->context, input, inputlen, output, outputlen); /* NULL an empty buffer (for misbehaved applications) */ if (*outputlen == 0) *output = NULL; RETURN(conn, result); } INTERROR(conn, SASL_FAIL); } void sasl_set_alloc(sasl_malloc_t *m, sasl_calloc_t *c, sasl_realloc_t *r, sasl_free_t *f) { if (_sasl_allocation_locked++) return; _sasl_allocation_utils.malloc=m; _sasl_allocation_utils.calloc=c; _sasl_allocation_utils.realloc=r; _sasl_allocation_utils.free=f; } void sasl_common_done(void) { /* NOTE - the caller will need to reinitialize the values, if it is going to call sasl_client_init/sasl_server_init again. */ if (default_plugin_path != NULL) { sasl_FREE (default_plugin_path); default_plugin_path = NULL; } if (default_conf_path != NULL) { sasl_FREE (default_conf_path); default_conf_path = NULL; } _sasl_canonuser_free(); _sasl_done_with_plugins(); sasl_MUTEX_FREE(free_mutex); free_mutex = NULL; _sasl_free_utils(&sasl_global_utils); if (global_mech_list) { sasl_FREE(global_mech_list); global_mech_list = NULL; } } /* This function is for backward compatibility */ void sasl_done(void) { if (_sasl_server_cleanup_hook && _sasl_server_cleanup_hook() == SASL_OK) { _sasl_server_idle_hook = NULL; _sasl_server_cleanup_hook = NULL; } if (_sasl_client_cleanup_hook && _sasl_client_cleanup_hook() == SASL_OK) { _sasl_client_idle_hook = NULL; _sasl_client_cleanup_hook = NULL; } if (_sasl_server_cleanup_hook || _sasl_client_cleanup_hook) { return; } sasl_common_done(); } /* fills in the base sasl_conn_t info */ int _sasl_conn_init(sasl_conn_t *conn, const char *service, unsigned int flags, enum Sasl_conn_type type, int (*idle_hook)(sasl_conn_t *conn), const char *serverFQDN, const char *iplocalport, const char *ipremoteport, const sasl_callback_t *callbacks, const sasl_global_callbacks_t *global_callbacks) { int result = SASL_OK; conn->type = type; result = _sasl_strdup(service, &conn->service, NULL); if (result != SASL_OK) MEMERROR(conn); memset(&conn->oparams, 0, sizeof(sasl_out_params_t)); memset(&conn->external, 0, sizeof(_sasl_external_properties_t)); conn->flags = flags; result = sasl_setprop(conn, SASL_IPLOCALPORT, iplocalport); if(result != SASL_OK) RETURN(conn, result); result = sasl_setprop(conn, SASL_IPREMOTEPORT, ipremoteport); if(result != SASL_OK) RETURN(conn, result); conn->encode_buf = NULL; conn->context = NULL; conn->secret = NULL; conn->idle_hook = idle_hook; conn->callbacks = callbacks; conn->global_callbacks = global_callbacks; memset(&conn->props, 0, sizeof(conn->props)); /* Start this buffer out as an empty string */ conn->error_code = SASL_OK; conn->errdetail_buf = conn->error_buf = NULL; conn->errdetail_buf_len = conn->error_buf_len = 150; result = _buf_alloc(&conn->error_buf, &conn->error_buf_len, 150); if(result != SASL_OK) MEMERROR(conn); result = _buf_alloc(&conn->errdetail_buf, &conn->errdetail_buf_len, 150); if(result != SASL_OK) MEMERROR(conn); conn->error_buf[0] = '\0'; conn->errdetail_buf[0] = '\0'; conn->decode_buf = NULL; if(serverFQDN) { result = _sasl_strdup(serverFQDN, &conn->serverFQDN, NULL); sasl_strlower (conn->serverFQDN); } else if (conn->type == SASL_CONN_SERVER) { /* We can fake it because we *are* the server */ char name[MAXHOSTNAMELEN]; memset(name, 0, sizeof(name)); if (get_fqhostname (name, MAXHOSTNAMELEN, 0) != 0) { return (SASL_FAIL); } result = _sasl_strdup(name, &conn->serverFQDN, NULL); } else { conn->serverFQDN = NULL; } if(result != SASL_OK) MEMERROR( conn ); RETURN(conn, SASL_OK); } int _sasl_common_init(sasl_global_callbacks_t *global_callbacks) { int result; /* The last specified global callback always wins */ if (sasl_global_utils != NULL) { sasl_utils_t * global_utils = (sasl_utils_t *)sasl_global_utils; global_utils->getopt = &_sasl_global_getopt; global_utils->getopt_context = global_callbacks; } /* Do nothing if we are already initialized */ if (free_mutex) { return SASL_OK; } /* Setup the global utilities */ if(!sasl_global_utils) { sasl_global_utils = _sasl_alloc_utils(NULL, global_callbacks); if(sasl_global_utils == NULL) return SASL_NOMEM; } /* Init the canon_user plugin */ result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init); if(result != SASL_OK) return result; if (!free_mutex) { free_mutex = sasl_MUTEX_ALLOC(); } if (!free_mutex) return SASL_FAIL; return SASL_OK; } /* dispose connection state, sets it to NULL * checks for pointer to NULL */ void sasl_dispose(sasl_conn_t **pconn) { int result; if (! pconn) return; if (! *pconn) return; /* serialize disposes. this is necessary because we can't dispose of conn->mutex if someone else is locked on it */ result = sasl_MUTEX_LOCK(free_mutex); if (result!=SASL_OK) return; /* *pconn might have become NULL by now */ if (! (*pconn)) return; (*pconn)->destroy_conn(*pconn); sasl_FREE(*pconn); *pconn=NULL; sasl_MUTEX_UNLOCK(free_mutex); } void _sasl_conn_dispose(sasl_conn_t *conn) { if (conn->serverFQDN) sasl_FREE(conn->serverFQDN); if (conn->external.auth_id) sasl_FREE(conn->external.auth_id); if(conn->encode_buf) { if(conn->encode_buf->data) sasl_FREE(conn->encode_buf->data); sasl_FREE(conn->encode_buf); } if(conn->error_buf) sasl_FREE(conn->error_buf); if(conn->errdetail_buf) sasl_FREE(conn->errdetail_buf); if(conn->decode_buf) sasl_FREE(conn->decode_buf); if(conn->mechlist_buf) sasl_FREE(conn->mechlist_buf); if(conn->service) sasl_FREE(conn->service); if (conn->multipacket_encoded_data.data) { sasl_FREE(conn->multipacket_encoded_data.data); } /* oparams sub-members should be freed by the plugin, in so much * as they were allocated by the plugin */ } /* get property from SASL connection state * propnum -- property number * pvalue -- pointer to value * returns: * SASL_OK -- no error * SASL_NOTDONE -- property not available yet * SASL_BADPARAM -- bad property number or SASL context is NULL */ int sasl_getprop(sasl_conn_t *conn, int propnum, const void **pvalue) { int result = SASL_OK; sasl_getopt_t *getopt; void *context; if (! conn) return SASL_BADPARAM; if (! pvalue) PARAMERROR(conn); switch(propnum) { case SASL_SSF: *(sasl_ssf_t **)pvalue= &conn->oparams.mech_ssf; break; case SASL_MAXOUTBUF: *(unsigned **)pvalue = &conn->oparams.maxoutbuf; break; case SASL_GETOPTCTX: result = _sasl_getcallback(conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context); if(result != SASL_OK) break; *(void **)pvalue = context; break; case SASL_CALLBACK: *(const sasl_callback_t **)pvalue = conn->callbacks; break; case SASL_IPLOCALPORT: if(conn->got_ip_local) *(const char **)pvalue = conn->iplocalport; else { *(const char **)pvalue = NULL; result = SASL_NOTDONE; } break; case SASL_IPREMOTEPORT: if(conn->got_ip_remote) *(const char **)pvalue = conn->ipremoteport; else { *(const char **)pvalue = NULL; result = SASL_NOTDONE; } break; case SASL_USERNAME: if(! conn->oparams.user) result = SASL_NOTDONE; else *((const char **)pvalue) = conn->oparams.user; break; case SASL_AUTHUSER: if(! conn->oparams.authid) result = SASL_NOTDONE; else *((const char **)pvalue) = conn->oparams.authid; break; case SASL_APPNAME: /* Currently we only support server side contexts, but we should be able to extend this to support client side contexts as well */ if(conn->type != SASL_CONN_SERVER) result = SASL_BADPROT; else *((const char **)pvalue) = ((sasl_server_conn_t *)conn)->sparams->appname; break; case SASL_SERVERFQDN: *((const char **)pvalue) = conn->serverFQDN; break; case SASL_DEFUSERREALM: if(conn->type != SASL_CONN_SERVER) result = SASL_BADPROT; else *((const char **)pvalue) = ((sasl_server_conn_t *)conn)->user_realm; break; case SASL_SERVICE: *((const char **)pvalue) = conn->service; break; case SASL_AUTHSOURCE: /* name of plugin (not name of mech) */ if(conn->type == SASL_CONN_CLIENT) { if(!((sasl_client_conn_t *)conn)->mech) { result = SASL_NOTDONE; break; } *((const char **)pvalue) = ((sasl_client_conn_t *)conn)->mech->m.plugname; } else if (conn->type == SASL_CONN_SERVER) { if(!((sasl_server_conn_t *)conn)->mech) { result = SASL_NOTDONE; break; } *((const char **)pvalue) = ((sasl_server_conn_t *)conn)->mech->m.plugname; } else { result = SASL_BADPARAM; } break; case SASL_MECHNAME: /* name of mech */ if(conn->type == SASL_CONN_CLIENT) { if(!((sasl_client_conn_t *)conn)->mech) { result = SASL_NOTDONE; break; } *((const char **)pvalue) = ((sasl_client_conn_t *)conn)->mech->m.plug->mech_name; } else if (conn->type == SASL_CONN_SERVER) { if(!((sasl_server_conn_t *)conn)->mech) { result = SASL_NOTDONE; break; } *((const char **)pvalue) = ((sasl_server_conn_t *)conn)->mech->m.plug->mech_name; } else { result = SASL_BADPARAM; } if(!(*pvalue) && result == SASL_OK) result = SASL_NOTDONE; break; case SASL_PLUGERR: *((const char **)pvalue) = conn->error_buf; break; case SASL_DELEGATEDCREDS: /* We can't really distinguish between "no delegated credentials" and "authentication not finished" */ if(! conn->oparams.client_creds) result = SASL_NOTDONE; else *((const char **)pvalue) = conn->oparams.client_creds; break; case SASL_GSS_PEER_NAME: if(! conn->oparams.gss_peer_name) result = SASL_NOTDONE; else *((const char **)pvalue) = conn->oparams.gss_peer_name; break; case SASL_GSS_LOCAL_NAME: if(! conn->oparams.gss_peer_name) result = SASL_NOTDONE; else *((const char **)pvalue) = conn->oparams.gss_local_name; break; case SASL_SSF_EXTERNAL: *((const sasl_ssf_t **)pvalue) = &conn->external.ssf; break; case SASL_AUTH_EXTERNAL: *((const char **)pvalue) = conn->external.auth_id; break; case SASL_SEC_PROPS: *((const sasl_security_properties_t **)pvalue) = &conn->props; break; case SASL_GSS_CREDS: if(conn->type == SASL_CONN_CLIENT) *(void **)pvalue = ((sasl_client_conn_t *)conn)->cparams->gss_creds; else *(void **)pvalue = ((sasl_server_conn_t *)conn)->sparams->gss_creds; break; case SASL_HTTP_REQUEST: { if (conn->type == SASL_CONN_SERVER) *(const sasl_http_request_t **)pvalue = ((sasl_server_conn_t *)conn)->sparams->http_request; else *(const sasl_http_request_t **)pvalue = ((sasl_client_conn_t *)conn)->cparams->http_request; break; } default: result = SASL_BADPARAM; } if(result == SASL_BADPARAM) { PARAMERROR(conn); } else if(result == SASL_NOTDONE) { sasl_seterror(conn, SASL_NOLOG, "Information that was requested is not yet available."); RETURN(conn, result); } else if(result != SASL_OK) { INTERROR(conn, result); } else RETURN(conn, result); } /* set property in SASL connection state * returns: * SASL_OK -- value set * SASL_BADPARAM -- invalid property or value */ int sasl_setprop(sasl_conn_t *conn, int propnum, const void *value) { int result = SASL_OK; char *str; /* make sure the sasl context is valid */ if (!conn) return SASL_BADPARAM; switch(propnum) { case SASL_SSF_EXTERNAL: conn->external.ssf = *((sasl_ssf_t *)value); if(conn->type == SASL_CONN_SERVER) { ((sasl_server_conn_t*)conn)->sparams->external_ssf = conn->external.ssf; } else { ((sasl_client_conn_t*)conn)->cparams->external_ssf = conn->external.ssf; } break; case SASL_AUTH_EXTERNAL: if(value && strlen(value)) { result = _sasl_strdup(value, &str, NULL); if(result != SASL_OK) MEMERROR(conn); } else { str = NULL; } if(conn->external.auth_id) sasl_FREE(conn->external.auth_id); conn->external.auth_id = str; break; case SASL_DEFUSERREALM: if(conn->type != SASL_CONN_SERVER) { sasl_seterror(conn, 0, "Tried to set realm on non-server connection"); result = SASL_BADPROT; break; } if(value && strlen(value)) { result = _sasl_strdup(value, &str, NULL); if(result != SASL_OK) MEMERROR(conn); } else { PARAMERROR(conn); } if(((sasl_server_conn_t *)conn)->user_realm) sasl_FREE(((sasl_server_conn_t *)conn)->user_realm); ((sasl_server_conn_t *)conn)->user_realm = str; ((sasl_server_conn_t *)conn)->sparams->user_realm = str; break; case SASL_SEC_PROPS: { sasl_security_properties_t *props = (sasl_security_properties_t *)value; if(props->maxbufsize == 0 && props->min_ssf != 0) { sasl_seterror(conn, 0, "Attempt to disable security layers (maxoutbuf == 0) with min_ssf > 0"); RETURN(conn, SASL_TOOWEAK); } conn->props = *props; if(conn->type == SASL_CONN_SERVER) { ((sasl_server_conn_t*)conn)->sparams->props = *props; } else { ((sasl_client_conn_t*)conn)->cparams->props = *props; } break; } case SASL_IPREMOTEPORT: { const char *ipremoteport = (const char *)value; if(!value) { conn->got_ip_remote = 0; } else if (_sasl_ipfromstring(ipremoteport, NULL, 0) != SASL_OK) { sasl_seterror(conn, 0, "Bad IPREMOTEPORT value"); RETURN(conn, SASL_BADPARAM); } else { strcpy(conn->ipremoteport, ipremoteport); conn->got_ip_remote = 1; } if(conn->got_ip_remote) { if(conn->type == SASL_CONN_CLIENT) { ((sasl_client_conn_t *)conn)->cparams->ipremoteport = conn->ipremoteport; ((sasl_client_conn_t *)conn)->cparams->ipremlen = (unsigned) strlen(conn->ipremoteport); } else if (conn->type == SASL_CONN_SERVER) { ((sasl_server_conn_t *)conn)->sparams->ipremoteport = conn->ipremoteport; ((sasl_server_conn_t *)conn)->sparams->ipremlen = (unsigned) strlen(conn->ipremoteport); } } else { if(conn->type == SASL_CONN_CLIENT) { ((sasl_client_conn_t *)conn)->cparams->ipremoteport = NULL; ((sasl_client_conn_t *)conn)->cparams->ipremlen = 0; } else if (conn->type == SASL_CONN_SERVER) { ((sasl_server_conn_t *)conn)->sparams->ipremoteport = NULL; ((sasl_server_conn_t *)conn)->sparams->ipremlen = 0; } } break; } case SASL_IPLOCALPORT: { const char *iplocalport = (const char *)value; if(!value) { conn->got_ip_local = 0; } else if (_sasl_ipfromstring(iplocalport, NULL, 0) != SASL_OK) { sasl_seterror(conn, 0, "Bad IPLOCALPORT value"); RETURN(conn, SASL_BADPARAM); } else { strcpy(conn->iplocalport, iplocalport); conn->got_ip_local = 1; } if(conn->got_ip_local) { if(conn->type == SASL_CONN_CLIENT) { ((sasl_client_conn_t *)conn)->cparams->iplocalport = conn->iplocalport; ((sasl_client_conn_t *)conn)->cparams->iploclen = (unsigned) strlen(conn->iplocalport); } else if (conn->type == SASL_CONN_SERVER) { ((sasl_server_conn_t *)conn)->sparams->iplocalport = conn->iplocalport; ((sasl_server_conn_t *)conn)->sparams->iploclen = (unsigned) strlen(conn->iplocalport); } } else { if(conn->type == SASL_CONN_CLIENT) { ((sasl_client_conn_t *)conn)->cparams->iplocalport = NULL; ((sasl_client_conn_t *)conn)->cparams->iploclen = 0; } else if (conn->type == SASL_CONN_SERVER) { ((sasl_server_conn_t *)conn)->sparams->iplocalport = NULL; ((sasl_server_conn_t *)conn)->sparams->iploclen = 0; } } break; } case SASL_APPNAME: /* Currently we only support server side contexts, but we should be able to extend this to support client side contexts as well */ if(conn->type != SASL_CONN_SERVER) { sasl_seterror(conn, 0, "Tried to set application name on non-server connection"); result = SASL_BADPROT; break; } if(((sasl_server_conn_t *)conn)->appname) { sasl_FREE(((sasl_server_conn_t *)conn)->appname); ((sasl_server_conn_t *)conn)->appname = NULL; } if(value && strlen(value)) { result = _sasl_strdup(value, &(((sasl_server_conn_t *)conn)->appname), NULL); if(result != SASL_OK) MEMERROR(conn); ((sasl_server_conn_t *)conn)->sparams->appname = ((sasl_server_conn_t *)conn)->appname; ((sasl_server_conn_t *)conn)->sparams->applen = (unsigned) strlen(((sasl_server_conn_t *)conn)->appname); } else { ((sasl_server_conn_t *)conn)->sparams->appname = NULL; ((sasl_server_conn_t *)conn)->sparams->applen = 0; } break; case SASL_GSS_CREDS: if(conn->type == SASL_CONN_CLIENT) ((sasl_client_conn_t *)conn)->cparams->gss_creds = value; else ((sasl_server_conn_t *)conn)->sparams->gss_creds = value; break; case SASL_CHANNEL_BINDING: { const struct sasl_channel_binding *cb = (const struct sasl_channel_binding *)value; if (conn->type == SASL_CONN_SERVER) ((sasl_server_conn_t *)conn)->sparams->cbinding = cb; else ((sasl_client_conn_t *)conn)->cparams->cbinding = cb; break; } case SASL_HTTP_REQUEST: { const sasl_http_request_t *req = (const sasl_http_request_t *)value; if (conn->type == SASL_CONN_SERVER) ((sasl_server_conn_t *)conn)->sparams->http_request = req; else ((sasl_client_conn_t *)conn)->cparams->http_request = req; break; } default: sasl_seterror(conn, 0, "Unknown parameter type"); result = SASL_BADPARAM; } RETURN(conn, result); } /* this is apparently no longer a user function */ static int sasl_usererr(int saslerr) { /* Hide the difference in a username failure and a password failure */ if (saslerr == SASL_NOUSER) return SASL_BADAUTH; /* otherwise return the error given; no transform necessary */ return saslerr; } const char *sasl_errstring(int saslerr, const char *langlist __attribute__((unused)), const char **outlang) { if (outlang) *outlang="en-us"; switch(saslerr) { case SASL_CONTINUE: return "another step is needed in authentication"; case SASL_OK: return "successful result"; case SASL_FAIL: return "generic failure"; case SASL_NOMEM: return "no memory available"; case SASL_BUFOVER: return "overflowed buffer"; case SASL_NOMECH: return "no mechanism available"; case SASL_BADPROT: return "bad protocol / cancel"; case SASL_NOTDONE: return "can't request information until later in exchange"; case SASL_BADPARAM: return "invalid parameter supplied"; case SASL_TRYAGAIN: return "transient failure (e.g., weak key)"; case SASL_BADMAC: return "integrity check failed"; case SASL_NOTINIT: return "SASL library is not initialized"; /* -- client only codes -- */ case SASL_INTERACT: return "needs user interaction"; case SASL_BADSERV: return "server failed mutual authentication step"; case SASL_WRONGMECH: return "mechanism doesn't support requested feature"; /* -- server only codes -- */ case SASL_BADAUTH: return "authentication failure"; case SASL_NOAUTHZ: return "authorization failure"; case SASL_TOOWEAK: return "mechanism too weak for this user"; case SASL_ENCRYPT: return "encryption needed to use mechanism"; case SASL_TRANS: return "One time use of a plaintext password will enable requested mechanism for user"; case SASL_EXPIRED: return "passphrase expired, has to be reset"; case SASL_DISABLED: return "account disabled"; case SASL_NOUSER: return "user not found"; case SASL_BADVERS: return "version mismatch with plug-in"; case SASL_UNAVAIL: return "remote authentication server unavailable"; case SASL_NOVERIFY: return "user exists, but no verifier for user"; case SASL_PWLOCK: return "passphrase locked"; case SASL_NOCHANGE: return "requested change was not needed"; case SASL_WEAKPASS: return "passphrase is too weak for security policy"; case SASL_NOUSERPASS: return "user supplied passwords are not permitted"; case SASL_NEED_OLD_PASSWD: return "sasl_setpass needs old password in order " "to perform password change"; case SASL_CONSTRAINT_VIOLAT: return "sasl_setpass can't store a property because " "of a constraint violation"; case SASL_BADBINDING: return "channel binding failure"; default: return "undefined error!"; } } /* Return the sanitized error detail about the last error that occured for * a connection */ const char *sasl_errdetail(sasl_conn_t *conn) { unsigned need_len; const char *errstr; char leader[128]; if(!conn) return NULL; errstr = sasl_errstring(conn->error_code, NULL, NULL); snprintf(leader,128,"SASL(%d): %s: ", sasl_usererr(conn->error_code), errstr); need_len = (unsigned) (strlen(leader) + strlen(conn->error_buf) + 12); _buf_alloc(&conn->errdetail_buf, &conn->errdetail_buf_len, need_len); snprintf(conn->errdetail_buf, need_len, "%s%s", leader, conn->error_buf); return conn->errdetail_buf; } /* Note that this needs the global callbacks, so if you don't give getcallbacks * a sasl_conn_t, you're going to need to pass it yourself (or else we couldn't * have client and server at the same time */ static int _sasl_global_getopt(void *context, const char *plugin_name, const char *option, const char ** result, unsigned *len) { const sasl_global_callbacks_t * global_callbacks; const sasl_callback_t *callback; global_callbacks = (const sasl_global_callbacks_t *) context; if (global_callbacks && global_callbacks->callbacks) { for (callback = global_callbacks->callbacks; callback->id != SASL_CB_LIST_END; callback++) { if (callback->id == SASL_CB_GETOPT) { if (!callback->proc) return SASL_FAIL; if (((sasl_getopt_t *)(callback->proc))(callback->context, plugin_name, option, result, len) == SASL_OK) return SASL_OK; } } } /* look it up in our configuration file */ *result = sasl_config_getstring(option, NULL); if (*result != NULL) { if (len) { *len = (unsigned) strlen(*result); } return SASL_OK; } return SASL_FAIL; } static int _sasl_conn_getopt(void *context, const char *plugin_name, const char *option, const char ** result, unsigned *len) { sasl_conn_t * conn; const sasl_callback_t *callback; if (! context) return SASL_BADPARAM; conn = (sasl_conn_t *) context; if (conn->callbacks) for (callback = conn->callbacks; callback->id != SASL_CB_LIST_END; callback++) if (callback->id == SASL_CB_GETOPT && (((sasl_getopt_t *)(callback->proc))(callback->context, plugin_name, option, result, len) == SASL_OK)) return SASL_OK; /* If we made it here, we didn't find an appropriate callback * in the connection's callback list, or the callback we did * find didn't return SASL_OK. So we attempt to use the * global callback for this connection... */ return _sasl_global_getopt((void *)conn->global_callbacks, plugin_name, option, result, len); } #ifdef HAVE_SYSLOG /* this is the default logging */ static int _sasl_syslog(void *context, int priority, const char *message) { int syslog_priority; sasl_server_conn_t *sconn; if (context) { if (((sasl_conn_t *)context)->type == SASL_CONN_SERVER) { sconn = (sasl_server_conn_t *)context; if (sconn->sparams->log_level < priority) return SASL_OK; } } /* set syslog priority */ switch(priority) { case SASL_LOG_NONE: return SASL_OK; break; case SASL_LOG_ERR: syslog_priority = LOG_ERR; break; case SASL_LOG_WARN: syslog_priority = LOG_WARNING; break; case SASL_LOG_NOTE: case SASL_LOG_FAIL: syslog_priority = LOG_NOTICE; break; case SASL_LOG_PASS: case SASL_LOG_TRACE: case SASL_LOG_DEBUG: default: syslog_priority = LOG_DEBUG; break; } /* do the syslog call. Do not need to call openlog? */ syslog(syslog_priority | LOG_AUTH, "%s", message); return SASL_OK; } #endif /* HAVE_SYSLOG */ static int _sasl_getsimple(void *context, int id, const char ** result, size_t *len) { const char *userid; sasl_conn_t *conn; if (! context || ! result) return SASL_BADPARAM; conn = (sasl_conn_t *)context; switch(id) { case SASL_CB_AUTHNAME: userid = getenv("USER"); if (userid != NULL) { *result = userid; if (len) *len = strlen(userid); return SASL_OK; } userid = getenv("USERNAME"); if (userid != NULL) { *result = userid; if (len) *len = strlen(userid); return SASL_OK; } #ifdef WIN32 /* for win32, try using the GetUserName standard call */ { DWORD i; BOOL rval; static char sender[128]; i = sizeof(sender); rval = GetUserName(sender, &i); if ( rval) { /* got a userid */ *result = sender; if (len) *len = strlen(sender); return SASL_OK; } } #endif /* WIN32 */ return SASL_FAIL; default: return SASL_BADPARAM; } } static int _sasl_getpath(void *context __attribute__((unused)), const char ** path_dest) { #if !defined(WIN32) char *path; #endif int res = SASL_OK; if (! path_dest) { return SASL_BADPARAM; } /* Only calculate the path once. */ if (default_plugin_path == NULL) { #if defined(WIN32) /* NB: On Windows platforms this value is always allocated */ default_plugin_path = _sasl_get_default_win_path(context, SASL_PLUGIN_PATH_ATTR, PLUGINDIR); #else /* NB: On Unix platforms this value is never allocated */ path = _sasl_get_default_unix_path(context, SASL_PATH_ENV_VAR, PLUGINDIR); res = _sasl_strdup(path, &default_plugin_path, NULL); #endif } if (res == SASL_OK) { *path_dest = default_plugin_path; } return res; } static int _sasl_getpath_simple(void *context __attribute__((unused)), const char **path) { if (! path) { return SASL_BADPARAM; } if (default_plugin_path == NULL) { return SASL_FAIL; } *path = default_plugin_path; return SASL_OK; } static int _sasl_getconfpath(void *context __attribute__((unused)), char ** path_dest) { #if !defined(WIN32) char *path; #endif int res = SASL_OK; if (! path_dest) { return SASL_BADPARAM; } /* Only calculate the path once. */ if (default_conf_path == NULL) { #if defined(WIN32) /* NB: On Windows platforms this value is always allocated */ default_conf_path = _sasl_get_default_win_path(context, SASL_CONF_PATH_ATTR, CONFIGDIR); #else /* NB: On Unix platforms this value is never allocated */ path = _sasl_get_default_unix_path(context, SASL_CONF_PATH_ENV_VAR, CONFIGDIR); res = _sasl_strdup(path, &default_conf_path, NULL); #endif } if (res == SASL_OK) { *path_dest = default_conf_path; } return res; } static int _sasl_getconfpath_simple(void *context __attribute__((unused)), const char **path) { if (! path) { return SASL_BADPARAM; } if (default_conf_path == NULL) { return SASL_FAIL; } *path = default_conf_path; return SASL_OK; } static int _sasl_verifyfile(void *context __attribute__((unused)), char *file __attribute__((unused)), int type __attribute__((unused))) { /* always say ok */ return SASL_OK; } static int _sasl_proxy_policy(sasl_conn_t *conn, void *context __attribute__((unused)), const char *requested_user, unsigned rlen, const char *auth_identity, unsigned alen, const char *def_realm __attribute__((unused)), unsigned urlen __attribute__((unused)), struct propctx *propctx __attribute__((unused))) { if (!conn) return SASL_BADPARAM; if (!requested_user || *requested_user == '\0') return SASL_OK; if (!auth_identity || !requested_user || rlen != alen || (memcmp(auth_identity, requested_user, rlen) != 0)) { sasl_seterror(conn, 0, "Requested identity not authenticated identity"); RETURN(conn, SASL_BADAUTH); } return SASL_OK; } int _sasl_getcallback(sasl_conn_t * conn, unsigned long callbackid, sasl_callback_ft *pproc, void **pcontext) { const sasl_callback_t *callback; if (!pproc || !pcontext) PARAMERROR(conn); /* Some callbacks are always provided by the library */ switch (callbackid) { case SASL_CB_LIST_END: /* Nothing ever gets to provide this */ INTERROR(conn, SASL_FAIL); case SASL_CB_GETOPT: if (conn) { *pproc = (sasl_callback_ft)&_sasl_conn_getopt; *pcontext = conn; } else { *pproc = (sasl_callback_ft)&_sasl_global_getopt; *pcontext = NULL; } return SASL_OK; } /* If it's not always provided by the library, see if there's * a version provided by the application for this connection... */ if (conn && conn->callbacks) { for (callback = conn->callbacks; callback->id != SASL_CB_LIST_END; callback++) { if (callback->id == callbackid) { *pproc = callback->proc; *pcontext = callback->context; if (callback->proc) { return SASL_OK; } else { return SASL_INTERACT; } } } } /* And, if not for this connection, see if there's one * for all {server,client} connections... */ if (conn && conn->global_callbacks && conn->global_callbacks->callbacks) { for (callback = conn->global_callbacks->callbacks; callback->id != SASL_CB_LIST_END; callback++) { if (callback->id == callbackid) { *pproc = callback->proc; *pcontext = callback->context; if (callback->proc) { return SASL_OK; } else { return SASL_INTERACT; } } } } /* Otherwise, see if the library provides a default callback. */ switch (callbackid) { #ifdef HAVE_SYSLOG case SASL_CB_LOG: *pproc = (sasl_callback_ft)&_sasl_syslog; *pcontext = conn; return SASL_OK; #endif /* HAVE_SYSLOG */ case SASL_CB_GETPATH: *pproc = default_getpath_cb.proc; *pcontext = default_getpath_cb.context; return SASL_OK; case SASL_CB_GETCONFPATH: *pproc = default_getconfpath_cb.proc; *pcontext = default_getconfpath_cb.context; return SASL_OK; case SASL_CB_AUTHNAME: *pproc = (sasl_callback_ft)&_sasl_getsimple; *pcontext = conn; return SASL_OK; case SASL_CB_VERIFYFILE: *pproc = (sasl_callback_ft)&_sasl_verifyfile; *pcontext = NULL; return SASL_OK; case SASL_CB_PROXY_POLICY: *pproc = (sasl_callback_ft)&_sasl_proxy_policy; *pcontext = NULL; return SASL_OK; } /* Unable to find a callback... */ *pproc = NULL; *pcontext = NULL; sasl_seterror(conn, SASL_NOLOG, "Unable to find a callback: %d", callbackid); RETURN(conn,SASL_FAIL); } /* * This function is typically called from a plugin. * It creates a string from the formatting and varargs given * and calls the logging callback (syslog by default) * * %m will parse the value in the next argument as an errno string * %z will parse the next argument as a SASL error code. */ void _sasl_log (sasl_conn_t *conn, int level, const char *fmt, ...) { char *out=(char *) sasl_ALLOC(250); size_t alloclen=100; /* current allocated length */ size_t outlen=0; /* current length of output buffer */ size_t formatlen; size_t pos=0; /* current position in format string */ int result; sasl_log_t *log_cb; void *log_ctx; int ival; unsigned int uval; char *cval; va_list ap; /* varargs thing */ if(!fmt) goto done; if(!out) return; formatlen = strlen(fmt); /* See if we have a logging callback... */ result = _sasl_getcallback(conn, SASL_CB_LOG, (sasl_callback_ft *)&log_cb, &log_ctx); if (result == SASL_OK && ! log_cb) result = SASL_FAIL; if (result != SASL_OK) goto done; va_start(ap, fmt); /* start varargs */ while(pos9) done=1; } pos++; if (pos>formatlen) done=1; } } } /* put 0 at end */ result = _buf_alloc(&out, &alloclen, outlen+1); if (result != SASL_OK) goto done; out[outlen]=0; va_end(ap); /* send log message */ result = log_cb(log_ctx, level, out); done: if(out) sasl_FREE(out); } /* Allocate and Init a sasl_utils_t structure */ sasl_utils_t * _sasl_alloc_utils(sasl_conn_t *conn, sasl_global_callbacks_t *global_callbacks) { sasl_utils_t *utils; /* set util functions - need to do rest*/ utils=sasl_ALLOC(sizeof(sasl_utils_t)); if (utils==NULL) return NULL; utils->conn = conn; sasl_randcreate(&utils->rpool); if (conn) { utils->getopt = &_sasl_conn_getopt; utils->getopt_context = conn; } else { utils->getopt = &_sasl_global_getopt; utils->getopt_context = global_callbacks; } utils->malloc=_sasl_allocation_utils.malloc; utils->calloc=_sasl_allocation_utils.calloc; utils->realloc=_sasl_allocation_utils.realloc; utils->free=_sasl_allocation_utils.free; utils->mutex_alloc = _sasl_mutex_utils.alloc; utils->mutex_lock = _sasl_mutex_utils.lock; utils->mutex_unlock = _sasl_mutex_utils.unlock; utils->mutex_free = _sasl_mutex_utils.free; utils->MD5Init = &_sasl_MD5Init; utils->MD5Update= &_sasl_MD5Update; utils->MD5Final = &_sasl_MD5Final; utils->hmac_md5 = &_sasl_hmac_md5; utils->hmac_md5_init = &_sasl_hmac_md5_init; utils->hmac_md5_final = &_sasl_hmac_md5_final; utils->hmac_md5_precalc = &_sasl_hmac_md5_precalc; utils->hmac_md5_import = &_sasl_hmac_md5_import; utils->mkchal = &sasl_mkchal; utils->utf8verify = &sasl_utf8verify; utils->rand=&sasl_rand; utils->churn=&sasl_churn; utils->checkpass=NULL; utils->encode64=&sasl_encode64; utils->decode64=&sasl_decode64; utils->erasebuffer=&sasl_erasebuffer; utils->getprop=&sasl_getprop; utils->setprop=&sasl_setprop; utils->getcallback=&_sasl_getcallback; utils->log=&_sasl_log; utils->seterror=&sasl_seterror; #ifndef macintosh /* Aux Property Utilities */ utils->prop_new=&prop_new; utils->prop_dup=&prop_dup; utils->prop_request=&prop_request; utils->prop_get=&prop_get; utils->prop_getnames=&prop_getnames; utils->prop_clear=&prop_clear; utils->prop_dispose=&prop_dispose; utils->prop_format=&prop_format; utils->prop_set=&prop_set; utils->prop_setvals=&prop_setvals; utils->prop_erase=&prop_erase; utils->auxprop_store=&sasl_auxprop_store; #endif /* Spares */ utils->spare_fptr = NULL; utils->spare_fptr1 = utils->spare_fptr2 = NULL; return utils; } int _sasl_free_utils(const sasl_utils_t ** utils) { sasl_utils_t *nonconst; if(!utils) return SASL_BADPARAM; if(!*utils) return SASL_OK; /* I wish we could avoid this cast, it's pretty gratuitous but it * does make life easier to have it const everywhere else. */ nonconst = (sasl_utils_t *)(*utils); sasl_randfree(&(nonconst->rpool)); sasl_FREE(nonconst); *utils = NULL; return SASL_OK; } int sasl_idle(sasl_conn_t *conn) { if (! conn) { if (_sasl_server_idle_hook && _sasl_server_idle_hook(NULL)) return 1; if (_sasl_client_idle_hook && _sasl_client_idle_hook(NULL)) return 1; return 0; } if (conn->idle_hook) return conn->idle_hook(conn); return 0; } static const sasl_callback_t * _sasl_find_callback_by_type (const sasl_callback_t *callbacks, unsigned long id) { if (callbacks) { while (callbacks->id != SASL_CB_LIST_END) { if (callbacks->id == id) { return callbacks; } else { ++callbacks; } } } return NULL; } const sasl_callback_t * _sasl_find_getpath_callback(const sasl_callback_t *callbacks) { callbacks = _sasl_find_callback_by_type (callbacks, SASL_CB_GETPATH); if (callbacks != NULL) { return callbacks; } else { return &default_getpath_cb; } } const sasl_callback_t * _sasl_find_getconfpath_callback(const sasl_callback_t *callbacks) { callbacks = _sasl_find_callback_by_type (callbacks, SASL_CB_GETCONFPATH); if (callbacks != NULL) { return callbacks; } else { return &default_getconfpath_cb; } } const sasl_callback_t * _sasl_find_verifyfile_callback(const sasl_callback_t *callbacks) { static const sasl_callback_t default_verifyfile_cb = { SASL_CB_VERIFYFILE, (sasl_callback_ft)&_sasl_verifyfile, NULL }; callbacks = _sasl_find_callback_by_type (callbacks, SASL_CB_VERIFYFILE); if (callbacks != NULL) { return callbacks; } else { return &default_verifyfile_cb; } } /* Basically a conditional call to realloc(), if we need more */ int _buf_alloc(char **rwbuf, size_t *curlen, size_t newlen) { if(!(*rwbuf)) { *rwbuf = sasl_ALLOC((unsigned)newlen); if (*rwbuf == NULL) { *curlen = 0; return SASL_NOMEM; } *curlen = newlen; } else if(*rwbuf && *curlen < newlen) { size_t needed = 2*(*curlen); while(needed < newlen) needed *= 2; /* WARN - We will leak the old buffer on failure */ *rwbuf = sasl_REALLOC(*rwbuf, (unsigned)needed); if (*rwbuf == NULL) { *curlen = 0; return SASL_NOMEM; } *curlen = needed; } return SASL_OK; } /* for the mac os x cfm glue: this lets the calling function get pointers to the error buffer without having to touch the sasl_conn_t struct */ void _sasl_get_errorbuf(sasl_conn_t *conn, char ***bufhdl, size_t **lenhdl) { *bufhdl = &conn->error_buf; *lenhdl = &conn->error_buf_len; } /* convert an iovec to a single buffer */ int _iovec_to_buf(const struct iovec *vec, unsigned numiov, buffer_info_t **output) { unsigned i; int ret; buffer_info_t *out; char *pos; if (!vec || !output) return SASL_BADPARAM; if (!(*output)) { *output = sasl_ALLOC(sizeof(buffer_info_t)); if (!*output) return SASL_NOMEM; memset(*output,0,sizeof(buffer_info_t)); } out = *output; out->curlen = 0; for (i = 0; i < numiov; i++) { out->curlen += vec[i].iov_len; } ret = _buf_alloc(&out->data, &out->reallen, out->curlen); if (ret != SASL_OK) return SASL_NOMEM; memset(out->data, 0, out->reallen); pos = out->data; for (i = 0; i < numiov; i++) { memcpy(pos, vec[i].iov_base, vec[i].iov_len); pos += vec[i].iov_len; } return SASL_OK; } /* This code might be useful in the future, but it isn't now, so.... */ #if 0 int _sasl_iptostring(const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned outlen) { char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; int niflags; if(!addr || !out) return SASL_BADPARAM; niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (addr->sa_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif if (getnameinfo(addr, addrlen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags) != 0) return SASL_BADPARAM; if(outlen < strlen(hbuf) + strlen(pbuf) + 2) return SASL_BUFOVER; snprintf(out, outlen, "%s;%s", hbuf, pbuf); return SASL_OK; } #endif int _sasl_ipfromstring(const char *addr, struct sockaddr *out, socklen_t outlen) { int i, j; struct addrinfo hints, *ai = NULL; char hbuf[NI_MAXHOST]; /* A NULL out pointer just implies we don't do a copy, just verify it */ if(!addr) return SASL_BADPARAM; /* Parse the address */ for (i = 0; addr[i] != '\0' && addr[i] != ';'; i++) { if (i >= NI_MAXHOST) return SASL_BADPARAM; hbuf[i] = addr[i]; } hbuf[i] = '\0'; if (addr[i] == ';') i++; /* XXX: Do we need this check? */ for (j = i; addr[j] != '\0'; j++) if (!isdigit((int)(addr[j]))) return SASL_BADPARAM; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; if (getaddrinfo(hbuf, &addr[i], &hints, &ai) != 0) return SASL_BADPARAM; if (out) { if (outlen < (socklen_t)ai->ai_addrlen) { freeaddrinfo(ai); return SASL_BUFOVER; } memcpy(out, ai->ai_addr, ai->ai_addrlen); } freeaddrinfo(ai); return SASL_OK; } int _sasl_build_mechlist(void) { int count = 0; sasl_string_list_t *clist = NULL, *slist = NULL, *olist = NULL; sasl_string_list_t *p, *q, **last, *p_next; clist = _sasl_client_mechs(); slist = _sasl_server_mechs(); if(!clist) { olist = slist; } else { int flag; /* append slist to clist, and set olist to clist */ for(p = slist; p; p = p_next) { flag = 0; p_next = p->next; last = &clist; for(q = clist; q; q = q->next) { if(!strcmp(q->d, p->d)) { /* They match, set the flag */ flag = 1; break; } last = &(q->next); } if(!flag) { *last = p; p->next = NULL; } else { sasl_FREE(p); } } olist = clist; } if(!olist) { /* This is not going to be very useful */ printf ("no olist"); return SASL_FAIL; } for (p = olist; p; p = p->next) count++; if(global_mech_list) { sasl_FREE(global_mech_list); global_mech_list = NULL; } global_mech_list = sasl_ALLOC((count + 1) * sizeof(char *)); if(!global_mech_list) return SASL_NOMEM; memset(global_mech_list, 0, (count + 1) * sizeof(char *)); count = 0; for (p = olist; p; p = p_next) { p_next = p->next; global_mech_list[count++] = (char *) p->d; sasl_FREE(p); } return SASL_OK; } const char ** sasl_global_listmech(void) { return (const char **)global_mech_list; } int sasl_listmech(sasl_conn_t *conn, const char *user, const char *prefix, const char *sep, const char *suffix, const char **result, unsigned *plen, int *pcount) { if(!conn) { return SASL_BADPARAM; } else if(conn->type == SASL_CONN_SERVER) { RETURN(conn, _sasl_server_listmech(conn, user, prefix, sep, suffix, result, plen, pcount)); } else if (conn->type == SASL_CONN_CLIENT) { RETURN(conn, _sasl_client_listmech(conn, prefix, sep, suffix, result, plen, pcount)); } PARAMERROR(conn); } int _sasl_is_equal_mech(const char *req_mech, const char *plug_mech, size_t req_mech_len, int *plus) { size_t n; if (req_mech_len > 5 && strcasecmp(&req_mech[req_mech_len - 5], "-PLUS") == 0) { n = req_mech_len - 5; *plus = 1; } else { n = req_mech_len; *plus = 0; } return (strncasecmp(req_mech, plug_mech, n) == 0); } #ifndef WIN32 static char * _sasl_get_default_unix_path(void *context __attribute__((unused)), char * env_var_name, char * default_value) { char *path = NULL; /* Honor external variable only in a safe environment */ if (getuid() == geteuid() && getgid() == getegid()) { path = getenv(env_var_name); } if (! path) { path = default_value; } return path; } #else /* Return NULL on failure */ static char * _sasl_get_default_win_path(void *context __attribute__((unused)), char * reg_attr_name, char * default_value) { /* Open registry entry, and find all registered SASL libraries. * * Registry location: * * SOFTWARE\\Carnegie Mellon\\Project Cyrus\\SASL Library * * Key - value: * * "SearchPath" - value: PATH like (';' delimited) list * of directories where to search for plugins * The list may contain references to environment * variables (e.g. %PATH%). * */ HKEY hKey; DWORD ret; DWORD ValueType; /* value type */ DWORD cbData; /* value size */ BYTE * ValueData; /* value */ DWORD cbExpandedData; /* "expanded" value size */ BYTE * ExpandedValueData; /* "expanded" value */ char * return_value; /* function return value */ char * tmp; /* Initialization */ ExpandedValueData = NULL; ValueData = NULL; return_value = NULL; /* Open the registry */ ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, SASL_ROOT_KEY, 0, KEY_READ, &hKey); if (ret != ERROR_SUCCESS) { /* no registry entry */ (void) _sasl_strdup (default_value, &return_value, NULL); return return_value; } /* figure out value type and required buffer size */ /* the size will include space for terminating NUL if required */ RegQueryValueEx (hKey, reg_attr_name, NULL, /* reserved */ &ValueType, NULL, &cbData); /* Only accept string related types */ if (ValueType != REG_EXPAND_SZ && ValueType != REG_MULTI_SZ && ValueType != REG_SZ) { return_value = NULL; goto CLEANUP; } /* Any high water mark? */ ValueData = sasl_ALLOC(cbData); if (ValueData == NULL) { return_value = NULL; goto CLEANUP; }; RegQueryValueEx (hKey, reg_attr_name, NULL, /* reserved */ &ValueType, ValueData, &cbData); switch (ValueType) { case REG_EXPAND_SZ: /* : A random starting guess */ cbExpandedData = cbData + 1024; ExpandedValueData = sasl_ALLOC(cbExpandedData); if (ExpandedValueData == NULL) { return_value = NULL; goto CLEANUP; }; cbExpandedData = ExpandEnvironmentStrings( ValueData, ExpandedValueData, cbExpandedData); if (cbExpandedData == 0) { /* : GetLastError() contains the reason for failure */ return_value = NULL; goto CLEANUP; } /* : Must retry expansion with the bigger buffer */ if (cbExpandedData > cbData + 1024) { /* : Memory leak here if can't realloc */ ExpandedValueData = sasl_REALLOC(ExpandedValueData, cbExpandedData); if (ExpandedValueData == NULL) { return_value = NULL; goto CLEANUP; }; cbExpandedData = ExpandEnvironmentStrings( ValueData, ExpandedValueData, cbExpandedData); /* : This should not happen */ if (cbExpandedData == 0) { /* : GetLastError() contains the reason for failure */ return_value = NULL; goto CLEANUP; } } sasl_FREE(ValueData); ValueData = ExpandedValueData; /* : This is to prevent automatical freeing of this block on cleanup */ ExpandedValueData = NULL; break; case REG_MULTI_SZ: tmp = ValueData; /* : We shouldn't overflow here, as the buffer is guarantied : to contain at least two consequent NULs */ while (1) { if (tmp[0] == '\0') { /* : Stop the process if we found the end of the string (two consequent NULs) */ if (tmp[1] == '\0') { break; } /* : Replace delimiting NUL with our delimiter characted */ tmp[0] = PATHS_DELIMITER; } tmp += strlen(tmp); } break; case REG_SZ: /* Do nothing, it is good as is */ break; default: return_value = NULL; goto CLEANUP; } return_value = ValueData; CLEANUP: RegCloseKey(hKey); if (ExpandedValueData != NULL) sasl_FREE(ExpandedValueData); if (return_value == NULL) { if (ValueData != NULL) sasl_FREE(ValueData); } return (return_value); } #endif cyrus-sasl-2.1.25/lib/windlopen.c0000646000076400007640000002075111306006125013551 00000000000000/* windlopen.c--Windows dynamic loader interface * Ryan Troll * $Id: windlopen.c,v 1.17 2009/01/25 20:20:57 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include "saslint.h" #define DLL_SUFFIX ".dll" #define DLL_MASK "*" DLL_SUFFIX #define DLL_MASK_LEN 5 const int _is_sasl_server_static = 0; /* : inefficient representation, but works */ typedef struct lib_list { struct lib_list *next; HMODULE library; } lib_list_t; static lib_list_t *lib_list_head = NULL; int _sasl_locate_entry(void *library, const char *entryname, void **entry_point) { if(entryname == NULL) { _sasl_log(NULL, SASL_LOG_ERR, "no entryname in _sasl_locate_entry"); return SASL_BADPARAM; } if(library == NULL) { _sasl_log(NULL, SASL_LOG_ERR, "no library in _sasl_locate_entry"); return SASL_BADPARAM; } if(entry_point == NULL) { _sasl_log(NULL, SASL_LOG_ERR, "no entrypoint output pointer in _sasl_locate_entry"); return SASL_BADPARAM; } *entry_point = GetProcAddress(library, entryname); if (*entry_point == NULL) { #if 0 /* This message appears to confuse people */ _sasl_log(NULL, SASL_LOG_DEBUG, "unable to get entry point %s: %s", entryname, GetLastError()); #endif return SASL_FAIL; } return SASL_OK; } static int _sasl_plugin_load(char *plugin, void *library, const char *entryname, int (*add_plugin)(const char *, void *)) { void *entry_point; int result; result = _sasl_locate_entry(library, entryname, &entry_point); if(result == SASL_OK) { result = add_plugin(plugin, entry_point); if(result != SASL_OK) _sasl_log(NULL, SASL_LOG_DEBUG, "_sasl_plugin_load failed on %s for plugin: %s\n", entryname, plugin); } return result; } /* loads a plugin library */ int _sasl_get_plugin(const char *file, const sasl_callback_t *verifyfile_cb, void **libraryptr) { int r = 0; HINSTANCE library; lib_list_t *newhead; r = ((sasl_verifyfile_t *)(verifyfile_cb->proc)) (verifyfile_cb->context, file, SASL_VRFY_PLUGIN); if (r != SASL_OK) return r; newhead = sasl_ALLOC(sizeof(lib_list_t)); if (!newhead) return SASL_NOMEM; if (!(library = LoadLibrary (file))) { _sasl_log(NULL, SASL_LOG_ERR, "unable to LoadLibrary %s: %s", file, GetLastError()); sasl_FREE(newhead); return SASL_FAIL; } newhead->library = library; newhead->next = lib_list_head; lib_list_head = newhead; *libraryptr = library; return SASL_OK; } /* undoes actions done by _sasl_get_plugin */ void _sasl_remove_last_plugin() { lib_list_t *last_plugin = lib_list_head; lib_list_head = lib_list_head->next; if (last_plugin->library) { FreeLibrary(last_plugin->library); } sasl_FREE(last_plugin); } /* gets the list of mechanisms */ int _sasl_load_plugins(const add_plugin_list_t *entrypoints, const sasl_callback_t *getpath_cb, const sasl_callback_t *verifyfile_cb) { int result; char cur_dir[PATH_MAX], full_name[PATH_MAX+2], prefix[PATH_MAX+2]; /* 1 for '\\' 1 for trailing '\0' */ char * pattern; char c; int pos; const char *path=NULL; int position; const add_plugin_list_t *cur_ep; struct stat statbuf; /* filesystem entry information */ intptr_t fhandle; /* file handle for _findnext function */ struct _finddata_t finddata; /* data returned by _findnext() */ size_t prefix_len; if (! entrypoints || ! getpath_cb || getpath_cb->id != SASL_CB_GETPATH || ! getpath_cb->proc || ! verifyfile_cb || verifyfile_cb->id != SASL_CB_VERIFYFILE || ! verifyfile_cb->proc) return SASL_BADPARAM; /* get the path to the plugins */ result = ((sasl_getpath_t *)(getpath_cb->proc))(getpath_cb->context, &path); if (result != SASL_OK) return result; if (! path) return SASL_FAIL; if (strlen(path) >= PATH_MAX) { /* no you can't buffer overrun */ return SASL_FAIL; } position=0; do { pos=0; do { c=path[position]; position++; cur_dir[pos]=c; pos++; } while ((c!=PATHS_DELIMITER) && (c!=0)); cur_dir[pos-1]='\0'; /* : check to make sure that a valid directory name was passed in */ if (stat (cur_dir, &statbuf) < 0) { continue; } if ((statbuf.st_mode & S_IFDIR) == 0) { continue; } strcpy (prefix, cur_dir); prefix_len = strlen (prefix); /* : Don't append trailing \ unless required */ if (prefix[prefix_len-1] != '\\') { strcat (prefix,"\\"); prefix_len++; } pattern = prefix; /* : Check that we have enough space for "*.dll" */ if ((prefix_len + DLL_MASK_LEN) > (sizeof(prefix) - 1)) { _sasl_log(NULL, SASL_LOG_WARN, "plugin search mask is too big"); continue; } strcat (prefix + prefix_len, "*" DLL_SUFFIX); fhandle = _findfirst (pattern, &finddata); if (fhandle == -1) { /* no matching files */ continue; } /* : Truncate "*.dll" */ prefix[prefix_len] = '\0'; do { size_t length; void *library; char *c; char plugname[PATH_MAX]; int entries; length = strlen(finddata.name); if (length < 5) { /* At least .dll */ continue; /* can not possibly be what we're looking for */ } /* : Check for overflow */ if (length + prefix_len >= PATH_MAX) continue; /* too big */ if (stricmp(finddata.name + (length - strlen(DLL_SUFFIX)), DLL_SUFFIX) != 0) { continue; } /* : Check that it is not a directory */ if ((finddata.attrib & _A_SUBDIR) == _A_SUBDIR) { continue; } /* : Construct full name from prefix and name */ strcpy (full_name, prefix); strcat (full_name, finddata.name); /* cut off .dll suffix -- this only need be approximate */ strcpy (plugname, finddata.name); c = strrchr(plugname, '.'); if (c != NULL) *c = '\0'; result = _sasl_get_plugin (full_name, verifyfile_cb, &library); if (result != SASL_OK) { continue; } entries = 0; for (cur_ep = entrypoints; cur_ep->entryname; cur_ep++) { result = _sasl_plugin_load(plugname, library, cur_ep->entryname, cur_ep->add_plugin); if (result == SASL_OK) { ++entries; } /* If this fails, it's not the end of the world */ } if (entries == 0) { _sasl_remove_last_plugin(); } } while (_findnext (fhandle, &finddata) == 0); _findclose (fhandle); } while ((c!='=') && (c!=0)); return SASL_OK; } int _sasl_done_with_plugins(void) { lib_list_t *libptr, *libptr_next; for(libptr = lib_list_head; libptr; libptr = libptr_next) { libptr_next = libptr->next; if (libptr->library != NULL) { FreeLibrary(libptr->library); } sasl_FREE(libptr); } lib_list_head = NULL; return SASL_OK; } cyrus-sasl-2.1.25/lib/Makefile.in0000666000076400007640000006063211631670663013476 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the SASL library # Rob Earhart # $Id: Makefile.am,v 1.88 2011/09/05 14:18:10 murch Exp $ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = lib DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ getaddrinfo.c getnameinfo.c getsubopt.c snprintf.c ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) AR = ar ARFLAGS = cru libsasl2_a_AR = $(AR) $(ARFLAGS) libsasl2_a_LIBADD = am_libsasl2_a_OBJECTS = libsasl2_a_OBJECTS = $(am_libsasl2_a_OBJECTS) am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = am__objects_1 = auxprop.lo canonusr.lo checkpw.lo client.lo common.lo \ config.lo external.lo md5.lo saslutil.lo server.lo seterror.lo \ dlopen.lo plugin_common.lo am__objects_2 = am_libsasl2_la_OBJECTS = $(am__objects_1) $(am__objects_2) libsasl2_la_OBJECTS = $(am_libsasl2_la_OBJECTS) libsasl2_la_LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libsasl2_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libsasl2_a_SOURCES) $(libsasl2_la_SOURCES) DIST_SOURCES = $(libsasl2_a_SOURCES) $(libsasl2_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ # Library version info - here at the top, for sanity sasl_version = 2:25:0 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb EXTRA_DIST = windlopen.c staticopen.h NTMakefile EXTRA_LIBRARIES = libsasl2.a noinst_LIBRARIES = @SASL_STATIC_LIBS@ libsasl2_a_SOURCES = BUILT_SOURCES = $(SASL_STATIC_SRCS) common_headers = saslint.h common_sources = auxprop.c canonusr.c checkpw.c client.c common.c config.c external.c md5.c saslutil.c server.c seterror.c dlopen.c ../plugins/plugin_common.c lib_LTLIBRARIES = libsasl2.la libsasl2_la_SOURCES = $(common_sources) $(common_headers) libsasl2_la_LDFLAGS = -version-info $(sasl_version) libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) @MACOSX_TRUE@framedir = /Library/Frameworks/SASL2.framework all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu lib/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu lib/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libsasl2.la: $(libsasl2_la_OBJECTS) $(libsasl2_la_DEPENDENCIES) $(libsasl2_la_LINK) -rpath $(libdir) $(libsasl2_la_OBJECTS) $(libsasl2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getaddrinfo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getnameinfo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/getsubopt.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/snprintf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auxprop.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/canonusr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/checkpw.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dlopen.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/external.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/saslutil.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seterror.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< plugin_common.lo: ../plugins/plugin_common.c @am__fastdepCC_TRUE@ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_common.lo -MD -MP -MF $(DEPDIR)/plugin_common.Tpo -c -o plugin_common.lo `test -f '../plugins/plugin_common.c' || echo '$(srcdir)/'`../plugins/plugin_common.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/plugin_common.Tpo $(DEPDIR)/plugin_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../plugins/plugin_common.c' object='plugin_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_common.lo `test -f '../plugins/plugin_common.c' || echo '$(srcdir)/'`../plugins/plugin_common.c mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(LIBRARIES) $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ clean-noinstLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf $(DEPDIR) ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf $(DEPDIR) ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-libLTLIBRARIES .MAKE: all check install install-am install-exec-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool clean-noinstLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-exec-hook install-html install-html-am \ install-info install-info-am install-libLTLIBRARIES \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ uninstall-am uninstall-libLTLIBRARIES @MACOSX_TRUE@install-exec-hook: @MACOSX_TRUE@ $(mkinstalldirs) $(framedir)/Versions/A @MACOSX_TRUE@ ln -fs $(libdir)/libsasl2.dylib $(framedir)/Versions/A/SASL2 @MACOSX_TRUE@ cd $(framedir) ; ln -fs Versions/A/SASL2 . @MACOSX_FALSE@install-exec-hook: libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS) @echo adding static plugins and dependencies $(AR) cru .libs/$@ $(SASL_STATIC_OBJS) @for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \ if test ! -f $$i; then continue; fi; . $$i; \ for j in $$dependency_libs foo; do \ case $$j in foo) ;; \ -L*) for k in $$depdirs foo; do \ if test $$k = $$j; then break; fi; done; \ if test $$k = foo; then depdirs="$$depdirs $$j"; fi ;; \ -l*) for k in $$deplibs foo; do \ if test $$k = $$j; then break; fi; done; \ if test $$k = foo; then deplibs="$$deplibs $$j"; fi ;; \ esac; done; dependency_libs=""; done; \ sed -e "/^dependency_libs=/s%=.*%='$${depdirs}$${deplibs}'%" \ libsasl2.la >TMP.$$ && mv TMP.$$ libsasl2.la rm -f $@ ln -s .libs/$@ $@ $(SASL_STATIC_SRCS): linksrcs linksrcs: -ln -s $(SASL_STATIC_SRCS) . # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/lib/canonusr.c0000646000076400007640000003206511630151331013403 00000000000000/* canonusr.c - user canonicalization support * Rob Siemborski * $Id: canonusr.c,v 1.22 2011/09/01 16:33:42 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include "saslint.h" typedef struct canonuser_plug_list { struct canonuser_plug_list *next; char name[PATH_MAX]; const sasl_canonuser_plug_t *plug; } canonuser_plug_list_t; static canonuser_plug_list_t *canonuser_head = NULL; /* default behavior: * eliminate leading & trailing whitespace, * null-terminate, and get into the outparams * (handled by INTERNAL plugin) */ /* a zero ulen or alen indicates that it is strlen(value) */ int _sasl_canon_user(sasl_conn_t *conn, const char *user, unsigned ulen, unsigned flags, sasl_out_params_t *oparams) { canonuser_plug_list_t *ptr; sasl_server_conn_t *sconn = NULL; sasl_client_conn_t *cconn = NULL; sasl_canon_user_t *cuser_cb; sasl_getopt_t *getopt; void *context; int result; const char *plugin_name = NULL; char *user_buf; unsigned *lenp; if(!conn) return SASL_BADPARAM; if(!user || !oparams) return SASL_BADPARAM; if(flags & SASL_CU_AUTHID) { user_buf = conn->authid_buf; lenp = &(oparams->alen); } else if (flags & SASL_CU_AUTHZID) { user_buf = conn->user_buf; lenp = &(oparams->ulen); } else { return SASL_BADPARAM; } if(conn->type == SASL_CONN_SERVER) sconn = (sasl_server_conn_t *)conn; else if(conn->type == SASL_CONN_CLIENT) cconn = (sasl_client_conn_t *)conn; else return SASL_FAIL; if(!ulen) ulen = (unsigned int)strlen(user); /* check to see if we have a callback to make*/ result = _sasl_getcallback(conn, SASL_CB_CANON_USER, (sasl_callback_ft *)&cuser_cb, &context); if(result == SASL_OK && cuser_cb) { result = cuser_cb(conn, context, user, ulen, flags, (conn->type == SASL_CONN_SERVER ? sconn->user_realm : NULL), user_buf, CANON_BUF_SIZE, lenp); if (result != SASL_OK) return result; /* Point the input copy at the stored buffer */ user = user_buf; ulen = *lenp; } /* which plugin are we supposed to use? */ result = _sasl_getcallback(conn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context); if (result == SASL_OK && getopt) { getopt(context, NULL, "canon_user_plugin", &plugin_name, NULL); } if (!plugin_name) { /* Use Default */ plugin_name = "INTERNAL"; } for (ptr = canonuser_head; ptr; ptr = ptr->next) { /* A match is if we match the internal name of the plugin, or if * we match the filename (old-style) */ if ((ptr->plug->name && !strcmp(plugin_name, ptr->plug->name)) || !strcmp(plugin_name, ptr->name)) break; } /* We clearly don't have this one! */ if (!ptr) { sasl_seterror(conn, 0, "desired canon_user plugin %s not found", plugin_name); return SASL_NOMECH; } if (sconn) { /* we're a server */ result = ptr->plug->canon_user_server(ptr->plug->glob_context, sconn->sparams, user, ulen, flags, user_buf, CANON_BUF_SIZE, lenp); } else { /* we're a client */ result = ptr->plug->canon_user_client(ptr->plug->glob_context, cconn->cparams, user, ulen, flags, user_buf, CANON_BUF_SIZE, lenp); } if (result != SASL_OK) return result; if ((flags & SASL_CU_AUTHID) && (flags & SASL_CU_AUTHZID)) { /* We did both, so we need to copy the result into * the buffer for the authzid from the buffer for the authid */ memcpy(conn->user_buf, conn->authid_buf, CANON_BUF_SIZE); oparams->ulen = oparams->alen; } /* Set the appropriate oparams (lengths have already been set by lenp) */ if (flags & SASL_CU_AUTHID) { oparams->authid = conn->authid_buf; } if (flags & SASL_CU_AUTHZID) { oparams->user = conn->user_buf; } RETURN(conn, result); } /* Lookup all properties for authentication and/or authorization identity. */ static int _sasl_auxprop_lookup_user_props (sasl_conn_t *conn, unsigned flags, sasl_out_params_t *oparams) { sasl_server_conn_t *sconn = NULL; int result = SASL_OK; if (!conn) return SASL_BADPARAM; if (!oparams) return SASL_BADPARAM; #ifndef macintosh if (conn->type == SASL_CONN_SERVER) sconn = (sasl_server_conn_t *)conn; /* do auxprop lookups (server only) */ if (sconn) { int authz_result; unsigned auxprop_lookup_flags = flags & SASL_CU_ASIS_MASK; if (flags & SASL_CU_OVERRIDE) { auxprop_lookup_flags |= SASL_AUXPROP_OVERRIDE; } if (flags & SASL_CU_AUTHID) { result = _sasl_auxprop_lookup(sconn->sparams, auxprop_lookup_flags, oparams->authid, oparams->alen); } else { result = SASL_CONTINUE; } if (flags & SASL_CU_AUTHZID) { authz_result = _sasl_auxprop_lookup(sconn->sparams, auxprop_lookup_flags | SASL_AUXPROP_AUTHZID, oparams->user, oparams->ulen); if (result == SASL_CONTINUE) { /* Only SASL_CU_AUTHZID was requested. The authz_result value is authoritative. */ result = authz_result; } else if (result == SASL_OK && authz_result != SASL_NOUSER) { /* Use the authz_result value, unless "result" already contains an error */ result = authz_result; } } if (result == SASL_NOUSER && (flags & SASL_CU_EXTERNALLY_VERIFIED)) { /* The called has explicitly told us that the authentication identity was already verified. So a failure to retrieve any associated properties is not an error. For example the caller is using Kerberos to verify user, but the LDAPDB/SASLDB auxprop plugin doesn't contain any auxprops for the user. */ result = SASL_OK; } } #endif RETURN(conn, result); } /* default behavior: * Eliminate leading & trailing whitespace, * null-terminate, and get into the outparams * (handled by INTERNAL plugin). * * Server only: Also does auxprop lookups once username * is canonicalized. */ int _sasl_canon_user_lookup (sasl_conn_t *conn, const char *user, unsigned ulen, unsigned flags, sasl_out_params_t *oparams) { int result; result = _sasl_canon_user (conn, user, ulen, flags, oparams); if (result == SASL_OK) { result = _sasl_auxprop_lookup_user_props (conn, flags, oparams); } RETURN(conn, result); } void _sasl_canonuser_free() { canonuser_plug_list_t *ptr, *ptr_next; for(ptr = canonuser_head; ptr; ptr = ptr_next) { ptr_next = ptr->next; if(ptr->plug->canon_user_free) ptr->plug->canon_user_free(ptr->plug->glob_context, sasl_global_utils); sasl_FREE(ptr); } canonuser_head = NULL; } int sasl_canonuser_add_plugin(const char *plugname, sasl_canonuser_init_t *canonuserfunc) { int result, out_version; canonuser_plug_list_t *new_item; sasl_canonuser_plug_t *plug; if(!plugname || strlen(plugname) > (PATH_MAX - 1)) { sasl_seterror(NULL, 0, "bad plugname passed to sasl_canonuser_add_plugin\n"); return SASL_BADPARAM; } result = canonuserfunc(sasl_global_utils, SASL_CANONUSER_PLUG_VERSION, &out_version, &plug, plugname); if(result != SASL_OK) { _sasl_log(NULL, SASL_LOG_ERR, "canonuserfunc error %i\n",result); return result; } if(!plug->canon_user_server && !plug->canon_user_client) { /* We need at least one of these implemented */ _sasl_log(NULL, SASL_LOG_ERR, "canonuser plugin without either client or server side"); return SASL_BADPROT; } new_item = sasl_ALLOC(sizeof(canonuser_plug_list_t)); if(!new_item) return SASL_NOMEM; strncpy(new_item->name, plugname, PATH_MAX); new_item->plug = plug; new_item->next = canonuser_head; canonuser_head = new_item; return SASL_OK; } #ifdef MIN #undef MIN #endif #define MIN(a,b) (((a) < (b))? (a):(b)) static int _canonuser_internal(const sasl_utils_t *utils, const char *user, unsigned ulen, unsigned flags __attribute__((unused)), char *out_user, unsigned out_umax, unsigned *out_ulen) { unsigned i; char *in_buf, *userin; const char *begin_u; unsigned u_apprealm = 0; sasl_server_conn_t *sconn = NULL; if(!utils || !user) return SASL_BADPARAM; in_buf = sasl_ALLOC((ulen + 2) * sizeof(char)); if(!in_buf) return SASL_NOMEM; userin = in_buf; memcpy(userin, user, ulen); userin[ulen] = '\0'; /* Strip User ID */ for(i=0;isspace((int)userin[i]) && i0) ulen -= i; for(;ulen > 0 && isspace((int)begin_u[ulen-1]); ulen--); if(begin_u == &(userin[ulen])) { sasl_FREE(in_buf); utils->seterror(utils->conn, 0, "All-whitespace username."); return SASL_FAIL; } if(utils->conn && utils->conn->type == SASL_CONN_SERVER) sconn = (sasl_server_conn_t *)utils->conn; /* Need to append realm if necessary (see sasl.h) */ if(sconn && sconn->user_realm && !strchr(user, '@')) { u_apprealm = (unsigned) strlen(sconn->user_realm) + 1; } /* Now Copy */ memcpy(out_user, begin_u, MIN(ulen, out_umax)); if(sconn && u_apprealm) { if(ulen >= out_umax) return SASL_BUFOVER; out_user[ulen] = '@'; memcpy(&(out_user[ulen+1]), sconn->user_realm, MIN(u_apprealm-1, out_umax-ulen-1)); } out_user[MIN(ulen + u_apprealm,out_umax)] = '\0'; if(ulen + u_apprealm > out_umax) return SASL_BUFOVER; if(out_ulen) *out_ulen = MIN(ulen + u_apprealm,out_umax); sasl_FREE(in_buf); return SASL_OK; } static int _cu_internal_server(void *glob_context __attribute__((unused)), sasl_server_params_t *sparams, const char *user, unsigned ulen, unsigned flags, char *out_user, unsigned out_umax, unsigned *out_ulen) { return _canonuser_internal(sparams->utils, user, ulen, flags, out_user, out_umax, out_ulen); } static int _cu_internal_client(void *glob_context __attribute__((unused)), sasl_client_params_t *cparams, const char *user, unsigned ulen, unsigned flags, char *out_user, unsigned out_umax, unsigned *out_ulen) { return _canonuser_internal(cparams->utils, user, ulen, flags, out_user, out_umax, out_ulen); } static sasl_canonuser_plug_t canonuser_internal_plugin = { 0, /* features */ 0, /* spare */ NULL, /* glob_context */ "INTERNAL", /* name */ NULL, /* canon_user_free */ _cu_internal_server, _cu_internal_client, NULL, NULL, NULL }; int internal_canonuser_init(const sasl_utils_t *utils __attribute__((unused)), int max_version, int *out_version, sasl_canonuser_plug_t **plug, const char *plugname __attribute__((unused))) { if(!out_version || !plug) return SASL_BADPARAM; if(max_version < SASL_CANONUSER_PLUG_VERSION) return SASL_BADVERS; *out_version = SASL_CANONUSER_PLUG_VERSION; *plug = &canonuser_internal_plugin; return SASL_OK; } cyrus-sasl-2.1.25/AUTHORS0000646000076400007640000000340711306006125011707 00000000000000Rob Siemborski wrote and tested the conversion to the SASLv2 API. Ken Murchison worked on the OTP, NTLM, SRP and SQL plugins, as well as helping to track down bugs as they appear. Rob Earhart wrote the build/installation procedure, wrote and tested some of the code, and provided general guidance and coding advice. Leif Johansson wrote the GSSAPI plugin, with contributions from Sam Hartman . Leandro Santi added Courier authdaemon support. Alexey Melnikov wrote the first pass of the DIGEST-MD5 plugin and continues to work on it. He also wrote a good deal of the current Windows support. Rainer Schoepf contributed the LOGIN plugin, based on Tim Martin's PLAIN plugin. Simon Loader wrote the MySQL auxprop module. Rolf Braun wrote the MacOS ports. Howard Chu put a good deal of work into OS/390 portability, correct building of static libraries, and a slew of misc. bugfixes. Tim Martin wrote, debugged, and tested most of the SASLv1 code. Larry Greenfield complained. a lot. Chris Newman wrote the initial version of the SASL API, as well as the version 2 SASL API (documented in sasl.h, saslutil.h, saslplug.h, and prop.h). Ryan Troll started the Windows port, and both Larry Greenfield and Alexey Melnikov have done more work on it. getaddrinfo.c was written by Hajimu UMEMOTO which is based on the IPv6 code written by KIKUCHI Takahiro $Id: AUTHORS,v 1.18 2006/12/01 17:34:58 mel Exp $ cyrus-sasl-2.1.25/sasldb/0000777000076400007640000000000011632367340012200 500000000000000cyrus-sasl-2.1.25/sasldb/db_gdbm.c0000666000076400007640000002222607622774136013657 00000000000000/* db_gdbm.c--SASL gdbm interface * Rob Siemborski * Rob Earhart * $Id: db_gdbm.c,v 1.4 2003/02/13 19:56:14 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include "sasldb.h" static int db_ok = 0; int _sasldb_getdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid, const char *realm, const char *propName, char *out, const size_t max_out, size_t *out_len) { int result = SASL_OK; char *key; size_t key_len; GDBM_FILE db; datum gkey, gvalue; void *cntxt; sasl_getopt_t *getopt; const char *path = SASL_DB_PATH; if (!utils) return SASL_BADPARAM; if (!authid || !propName || !realm || !out || !max_out) { utils->seterror(conn, 0, "Bad parameter in db_gdbm.c: _sasldb_getdata"); return SASL_BADPARAM; } if (!db_ok) { utils->seterror(conn, 0, "Database not checked"); return SASL_FAIL; } result = _sasldb_alloc_key(utils, authid, realm, propName, &key, &key_len); if (result != SASL_OK) { utils->seterror(conn, 0, "Could not allocate key in _sasldb_getdata"); return result; } if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = gdbm_open((char *)path, 0, GDBM_READER, S_IRUSR | S_IWUSR, NULL); if (! db) { utils->seterror(cntxt, 0, "Could not open %s: gdbm_errno=%d", path, gdbm_errno); result = SASL_FAIL; goto cleanup; } gkey.dptr = key; gkey.dsize = key_len; gvalue = gdbm_fetch(db, gkey); gdbm_close(db); if (! gvalue.dptr) { if (gdbm_errno == GDBM_ITEM_NOT_FOUND) { utils->seterror(conn, SASL_NOLOG, "user: %s@%s property: %s not found in %s", authid, realm, propName, path); result = SASL_NOUSER; } else { utils->seterror(conn, 0, "Couldn't fetch entry from %s: gdbm_errno=%d", path, gdbm_errno); result = SASL_FAIL; } goto cleanup; } if((size_t)gvalue.dsize > max_out + 1) { utils->seterror(cntxt, 0, "buffer overflow"); return SASL_BUFOVER; } if(out_len) *out_len = gvalue.dsize; memcpy(out, gvalue.dptr, gvalue.dsize); out[gvalue.dsize] = '\0'; /* Note: not sasl_FREE! This is memory allocated by gdbm, * which is using libc malloc/free. */ free(gvalue.dptr); cleanup: utils->free(key); return result; } int _sasldb_putdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid, const char *realm, const char *propName, const char *data, size_t data_len) { int result = SASL_OK; char *key; size_t key_len; GDBM_FILE db; datum gkey; void *cntxt; sasl_getopt_t *getopt; const char *path = SASL_DB_PATH; if (!utils) return SASL_BADPARAM; if (!authid || !realm || !propName) { utils->seterror(conn, 0, "Bad parameter in db_gdbm.c: _sasldb_putdata"); return SASL_BADPARAM; } result = _sasldb_alloc_key(utils, authid, realm, propName, &key, &key_len); if (result != SASL_OK) { utils->seterror(conn, 0, "Could not allocate key in _sasldb_putdata"); return result; } if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = gdbm_open((char *)path, 0, GDBM_WRCREAT, S_IRUSR | S_IWUSR, NULL); if (! db) { utils->log(conn, SASL_LOG_ERR, "SASL error opening password file. " "Do you have write permissions?\n"); utils->seterror(conn, 0, "Could not open %s for write: gdbm_errno=%d", path, gdbm_errno); result = SASL_FAIL; goto cleanup; } gkey.dptr = key; gkey.dsize = key_len; if (data) { datum gvalue; gvalue.dptr = (char *)data; if(!data_len) data_len = strlen(data); gvalue.dsize = data_len; if (gdbm_store(db, gkey, gvalue, GDBM_REPLACE)) { utils->seterror(conn, 0, "Couldn't replace entry in %s: gdbm_errno=%d", path, gdbm_errno); result = SASL_FAIL; } } else { if (gdbm_delete(db, gkey)) { utils->seterror(conn, 0, "Couldn't delete entry in %s: gdbm_errno=%d", path, gdbm_errno); result = SASL_NOUSER; } } gdbm_close(db); cleanup: utils->free(key); return result; } int _sasl_check_db(const sasl_utils_t *utils, sasl_conn_t *conn) { const char *path = SASL_DB_PATH; int ret; void *cntxt; sasl_getopt_t *getopt; sasl_verifyfile_t *vf; if(!utils) return SASL_BADPARAM; if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } ret = utils->getcallback(NULL, SASL_CB_VERIFYFILE, &vf, &cntxt); if(ret != SASL_OK) { utils->seterror(conn, 0, "No verifyfile callback"); return ret; } ret = vf(cntxt, path, SASL_VRFY_PASSWD); if (ret == SASL_OK) { db_ok = 1; } if (ret == SASL_OK || ret == SASL_CONTINUE) { return SASL_OK; } else { utils->seterror(conn, 0, "Verifyfile failed"); return ret; } } typedef struct gdbm_handle { GDBM_FILE db; datum dkey; int first; } handle_t; sasldb_handle _sasldb_getkeyhandle(const sasl_utils_t *utils, sasl_conn_t *conn) { const char *path = SASL_DB_PATH; sasl_getopt_t *getopt; void *cntxt; GDBM_FILE db; handle_t *handle; if(!utils || !conn) return NULL; if(!db_ok) { utils->seterror(conn, 0, "Database not OK in _sasldb_getkeyhandle"); return NULL; } if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = gdbm_open((char *)path, 0, GDBM_READER, S_IRUSR | S_IWUSR, NULL); if(!db) { utils->seterror(conn, 0, "Could not open %s: gdbm_errno=%d", path, gdbm_errno); return NULL; } handle = utils->malloc(sizeof(handle_t)); if(!handle) { utils->seterror(conn, 0, "no memory in _sasldb_getkeyhandle"); gdbm_close(db); return NULL; } handle->db = db; handle->first = 1; return (sasldb_handle)handle; } int _sasldb_getnextkey(const sasl_utils_t *utils __attribute__((unused)), sasldb_handle handle, char *out, const size_t max_out, size_t *out_len) { handle_t *dbh = (handle_t *)handle; datum nextkey; if(!utils || !handle || !out || !max_out) return SASL_BADPARAM; if(dbh->first) { dbh->dkey = gdbm_firstkey(dbh->db); dbh->first = 0; } else { nextkey = gdbm_nextkey(dbh->db, dbh->dkey); dbh->dkey = nextkey; } if(dbh->dkey.dptr == NULL) return SASL_OK; if((unsigned)dbh->dkey.dsize > max_out) return SASL_BUFOVER; memcpy(out, dbh->dkey.dptr, dbh->dkey.dsize); if(out_len) *out_len = dbh->dkey.dsize; return SASL_CONTINUE; } int _sasldb_releasekeyhandle(const sasl_utils_t *utils, sasldb_handle handle) { handle_t *dbh = (handle_t *)handle; if(!utils || !dbh) return SASL_BADPARAM; if(dbh->db) gdbm_close(dbh->db); utils->free(dbh); return SASL_OK; } cyrus-sasl-2.1.25/sasldb/sasldb.h0000646000076400007640000001121610414247657013545 00000000000000/* sasldb.h - SASLdb library header * Rob Siemborski * Tim Martin * $Id: sasldb.h,v 1.6 2006/04/03 10:58:20 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef SASLDB_H #define SASLDB_H #include "sasl.h" #include "saslplug.h" /* * Note that some of these require a sasl_conn_t in order for * the getcallback stuff to work correctly. This is great for * when they are called from a plugin or the library but makes * for much wierdness when an otherwise non-sasl application needs * to make use of this functionality. */ int _sasldb_getdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid, const char *realm, const char *propName, char *out, const size_t max_out, size_t *out_len); /* pass NULL for data to delete it */ int _sasldb_putdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid, const char *realm, const char *propName, const char *data, size_t data_len); /* Should be run before any db access is attempted */ LIBSASL_API int _sasl_check_db(const sasl_utils_t *utils, sasl_conn_t *conn); /* These allow iterating through the keys of the database */ typedef void* sasldb_handle; typedef int (* sasldb_list_callback_t) (const char *authid, const char *realm, const char *property, void *rock); LIBSASL_API sasldb_handle _sasldb_getkeyhandle(const sasl_utils_t *utils, sasl_conn_t *conn); LIBSASL_API int _sasldb_getnextkey(const sasl_utils_t *utils, sasldb_handle handle, char *out, const size_t max_out, size_t *out_len); LIBSASL_API int _sasldb_releasekeyhandle(const sasl_utils_t *utils, sasldb_handle handle); LIBSASL_API int _sasldb_listusers(const sasl_utils_t *utils, sasl_conn_t *context, sasldb_list_callback_t callback, void *callback_rock); #if defined(KEEP_DB_OPEN) void sasldb_auxprop_free (void *glob_context, const sasl_utils_t *utils); #else #define sasldb_auxprop_free NULL #endif /* The rest are implemented in allockey.c and individual drivers need not * do so */ /* These two are aliases for getdata/putdata */ int _sasldb_getsecret(const sasl_utils_t *utils, sasl_conn_t *context, const char *auth_identity, const char *realm, sasl_secret_t ** secret); int _sasldb_putsecret(const sasl_utils_t *utils, sasl_conn_t *context, const char *auth_identity, const char *realm, const sasl_secret_t * secret); LIBSASL_API int _sasldb_parse_key(const char *key, const size_t key_len, char *authid, const size_t max_authid, char *realm, const size_t max_realm, char *propName, const size_t max_propname); /* This function is internal, but might be useful to have around */ int _sasldb_alloc_key(const sasl_utils_t *utils, const char *auth_identity, const char *realm, const char *propName, char **key, size_t *key_len); #endif /* SASLDB_H */ cyrus-sasl-2.1.25/sasldb/db_none.c0000666000076400007640000000745207622774136013711 00000000000000/* db_none.c--provides linkage for systems which lack a backend db lib * Rob Siemborski * Rob Earhart * $Id: db_none.c,v 1.3 2003/02/13 19:56:14 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include "sasldb.h" /* This just exists to provide these symbols on systems where configure * couldn't find a database library (or the user says we do not want one). */ int _sasldb_getdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid __attribute__((unused)), const char *realm __attribute__((unused)), const char *propName __attribute__((unused)), char *out __attribute__((unused)), const size_t max_out __attribute__((unused)), size_t *out_len __attribute__((unused))) { if(conn) utils->seterror(conn, 0, "No Database Driver"); return SASL_FAIL; } int _sasldb_putdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid __attribute__((unused)), const char *realm __attribute__((unused)), const char *propName __attribute__((unused)), const char *data __attribute__((unused)), size_t data_len __attribute__((unused))) { if(conn) utils->seterror(conn, 0, "No Database Driver"); return SASL_FAIL; } int _sasl_check_db(const sasl_utils_t *utils, sasl_conn_t *conn) { if(conn) utils->seterror(conn, 0, "No Database Driver"); return SASL_FAIL; } sasldb_handle _sasldb_getkeyhandle(const sasl_utils_t *utils, sasl_conn_t *conn) { if(conn) utils->seterror(conn, 0, "No Database Driver"); return NULL; } int _sasldb_getnextkey(const sasl_utils_t *utils __attribute__((unused)), sasldb_handle handle __attribute__((unused)), char *out __attribute__((unused)), const size_t max_out __attribute__((unused)), size_t *out_len __attribute__((unused))) { return SASL_FAIL; } int _sasldb_releasekeyhandle(const sasl_utils_t *utils __attribute__((unused)), sasldb_handle handle __attribute__((unused))) { return SASL_FAIL; } cyrus-sasl-2.1.25/sasldb/NTMakefile0000666000076400007640000000473707752546253014047 00000000000000# NTMakefile for SASL, sasldb directory # Alexey Melnikov # ################################################################ # Copyright (c) 2003 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ #Suppress verbose output from defaulting values VERBOSE=0 !INCLUDE ..\win32\common.mak includedir = $(prefix)\include saslincludedir = $(includedir)\sasl\ saslinclude_HEADERS = sasldb.h # The first target get executed by default. We don't want this to be "install" all: @echo Nothing to be done for $@ # # /I flag to xcopy tells to treat the last parameter as directory and create all missing levels # install: $(saslinclude_HEADERS) !xcopy sasldb*.h $(saslincludedir) /I /F /Y !xcopy $? $(saslincludedir) /I /F /Y cyrus-sasl-2.1.25/sasldb/db_berkeley.c0000646000076400007640000003030611630151332014521 00000000000000/* db_berkeley.c--SASL berkeley db interface * Rob Siemborski * Tim Martin * $Id: db_berkeley.c,v 1.10 2011/09/01 14:12:18 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include "sasldb.h" static int db_ok = 0; #if defined(KEEP_DB_OPEN) static DB * g_db = NULL; #endif /* * Open the database */ static int berkeleydb_open(const sasl_utils_t *utils, sasl_conn_t *conn, int rdwr, DB **mbdb) { const char *path = SASL_DB_PATH; int ret; int flags; void *cntxt; sasl_getopt_t *getopt; #if defined(KEEP_DB_OPEN) if (g_db) { *mbdb = g_db; return SASL_OK; } #endif if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } if (rdwr) flags = DB_CREATE; else flags = DB_RDONLY; #if defined(KEEP_DB_OPEN) #if defined(DB_THREAD) flags |= DB_THREAD; #endif #endif #if DB_VERSION_MAJOR < 3 ret = db_open(path, DB_HASH, flags, 0660, NULL, NULL, mbdb); #else /* DB_VERSION_MAJOR < 3 */ ret = db_create(mbdb, NULL, 0); if (ret == 0 && *mbdb != NULL) { #if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); #else ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); #endif if (ret != 0) { (void) (*mbdb)->close(*mbdb, 0); *mbdb = NULL; } } #endif /* DB_VERSION_MAJOR < 3 */ if (ret != 0) { if (rdwr == 0 && ret == ENOENT) { /* File not found and we are only reading the data. Treat as SASL_NOUSER. */ return SASL_NOUSER; } utils->log(conn, SASL_LOG_ERR, "unable to open Berkeley db %s: %s", path, db_strerror(ret)); utils->seterror(conn, SASL_NOLOG, "Unable to open DB"); return SASL_FAIL; } #if defined(KEEP_DB_OPEN) /* Save the DB handle for later use */ g_db = *mbdb; #endif return SASL_OK; } /* * Close the database */ static void berkeleydb_close(const sasl_utils_t *utils, DB *mbdb) { int ret; #if defined(KEEP_DB_OPEN) /* Prevent other threads from reusing the same handle */ /* msdb == g_db */ g_db = NULL; #endif ret = mbdb->close(mbdb, 0); if (ret!=0) { /* error closing! */ utils->log(NULL, SASL_LOG_ERR, "error closing sasldb: %s", db_strerror(ret)); } } /* * Retrieve the secret from the database. * * Return SASL_NOUSER if the entry doesn't exist, * SASL_OK on success. * */ int _sasldb_getdata(const sasl_utils_t *utils, sasl_conn_t *context, const char *auth_identity, const char *realm, const char *propName, char *out, const size_t max_out, size_t *out_len) { int result = SASL_OK; char *key; size_t key_len; DBT dbkey, data; DB *mbdb = NULL; if(!utils) return SASL_BADPARAM; /* check parameters */ if (!auth_identity || !realm || !propName || !out || !max_out) { utils->seterror(context, 0, "Bad parameter in db_berkeley.c: _sasldb_getdata"); return SASL_BADPARAM; } if (!db_ok) { utils->seterror(context, 0, "Database not checked"); return SASL_FAIL; } /* allocate a key */ result = _sasldb_alloc_key(utils, auth_identity, realm, propName, &key, &key_len); if (result != SASL_OK) { utils->seterror(context, 0, "Could not allocate key in _sasldb_getdata"); return result; } /* zero out */ memset(&dbkey, 0, sizeof(dbkey)); memset(&data, 0, sizeof(data)); /* open the db */ result = berkeleydb_open(utils, context, 0, &mbdb); if (result != SASL_OK) goto cleanup; /* create the key to search for */ dbkey.data = key; dbkey.size = (u_int32_t) key_len; dbkey.flags = DB_DBT_USERMEM; data.flags = DB_DBT_MALLOC; /* ask berkeley db for the entry */ result = mbdb->get(mbdb, NULL, &dbkey, &data, 0); switch (result) { case 0: /* success */ break; case DB_NOTFOUND: result = SASL_NOUSER; utils->seterror(context, SASL_NOLOG, "user: %s@%s property: %s not found in sasldb", auth_identity,realm,propName); goto cleanup; break; default: utils->seterror(context, 0, "error fetching from sasldb: %s", db_strerror(result)); result = SASL_FAIL; goto cleanup; break; } if(data.size > max_out + 1) return SASL_BUFOVER; if(out_len) *out_len = data.size; memcpy(out, data.data, data.size); out[data.size] = '\0'; cleanup: #if !defined(KEEP_DB_OPEN) if (mbdb != NULL) berkeleydb_close(utils, mbdb); #endif utils->free(key); utils->free(data.data); return result; } /* * Put or delete an entry * * */ int _sasldb_putdata(const sasl_utils_t *utils, sasl_conn_t *context, const char *authid, const char *realm, const char *propName, const char *data_in, size_t data_len) { int result = SASL_OK; char *key; size_t key_len; DBT dbkey; DB *mbdb = NULL; if (!utils) return SASL_BADPARAM; if (!authid || !realm || !propName) { utils->seterror(context, 0, "Bad parameter in db_berkeley.c: _sasldb_putdata"); return SASL_BADPARAM; } if (!db_ok) { utils->seterror(context, 0, "Database not checked"); return SASL_FAIL; } result = _sasldb_alloc_key(utils, authid, realm, propName, &key, &key_len); if (result != SASL_OK) { utils->seterror(context, 0, "Could not allocate key in _sasldb_putdata"); return result; } /* open the db */ result=berkeleydb_open(utils, context, 1, &mbdb); if (result!=SASL_OK) goto cleanup; /* create the db key */ memset(&dbkey, 0, sizeof(dbkey)); dbkey.data = key; dbkey.size = (u_int32_t) key_len; if (data_in) { /* putting secret */ DBT data; memset(&data, 0, sizeof(data)); data.data = (char *)data_in; if(!data_len) data_len = strlen(data_in); data.size = (u_int32_t) data_len; result = mbdb->put(mbdb, NULL, &dbkey, &data, 0); if (result != 0) { utils->log(NULL, SASL_LOG_ERR, "error updating sasldb: %s", db_strerror(result)); utils->seterror(context, SASL_NOLOG, "Couldn't update db"); result = SASL_FAIL; goto cleanup; } } else { /* removing secret */ result=mbdb->del(mbdb, NULL, &dbkey, 0); if (result != 0) { utils->log(NULL, SASL_LOG_ERR, "error deleting entry from sasldb: %s", db_strerror(result)); utils->seterror(context, SASL_NOLOG, "Couldn't update db"); if (result == DB_NOTFOUND) result = SASL_NOUSER; else result = SASL_FAIL; goto cleanup; } } cleanup: #if !defined(KEEP_DB_OPEN) if (mbdb != NULL) berkeleydb_close(utils, mbdb); #endif utils->free(key); return result; } int _sasl_check_db(const sasl_utils_t *utils, sasl_conn_t *conn) { const char *path = SASL_DB_PATH; int ret; void *cntxt; sasl_getopt_t *getopt; sasl_verifyfile_t *vf; if (!utils) return SASL_BADPARAM; if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } ret = utils->getcallback(conn, SASL_CB_VERIFYFILE, (sasl_callback_ft *)&vf, &cntxt); if (ret != SASL_OK) { utils->seterror(conn, 0, "verifyfile failed"); return ret; } ret = vf(cntxt, path, SASL_VRFY_PASSWD); if (ret == SASL_OK) { db_ok = 1; } if (ret == SASL_OK || ret == SASL_CONTINUE) { return SASL_OK; } else { return ret; } } #if defined(KEEP_DB_OPEN) void sasldb_auxprop_free (void *glob_context, const sasl_utils_t *utils) { if (g_db != NULL) berkeleydb_close(utils, g_db); } #endif typedef struct berkeleydb_handle { DB *mbdb; DBC *cursor; } berkleyhandle_t; sasldb_handle _sasldb_getkeyhandle(const sasl_utils_t *utils, sasl_conn_t *conn) { int ret; DB *mbdb; berkleyhandle_t *handle; if(!utils || !conn) return NULL; if(!db_ok) { utils->seterror(conn, 0, "Database not OK in _sasldb_getkeyhandle"); return NULL; } ret = berkeleydb_open(utils, conn, 0, &mbdb); if (ret != SASL_OK) { return NULL; } handle = utils->malloc(sizeof(berkleyhandle_t)); if(!handle) { #if !defined(KEEP_DB_OPEN) (void)mbdb->close(mbdb, 0); #endif utils->seterror(conn, 0, "Memory error in _sasldb_gethandle"); return NULL; } handle->mbdb = mbdb; handle->cursor = NULL; return (sasldb_handle)handle; } int _sasldb_getnextkey(const sasl_utils_t *utils __attribute__((unused)), sasldb_handle handle, char *out, const size_t max_out, size_t *out_len) { DB *mbdb; int result; berkleyhandle_t *dbh = (berkleyhandle_t *)handle; DBT key, data; if(!utils || !handle || !out || !max_out) return SASL_BADPARAM; mbdb = dbh->mbdb; memset(&key,0, sizeof(key)); memset(&data,0,sizeof(data)); if(!dbh->cursor) { /* make cursor */ #if DB_VERSION_MAJOR < 3 #if DB_VERSION_MINOR < 6 result = mbdb->cursor(mbdb, NULL,&dbh->cursor); #else result = mbdb->cursor(mbdb, NULL,&dbh->cursor, 0); #endif /* DB_VERSION_MINOR < 7 */ #else /* DB_VERSION_MAJOR < 3 */ result = mbdb->cursor(mbdb, NULL,&dbh->cursor, 0); #endif /* DB_VERSION_MAJOR < 3 */ if (result!=0) { return SASL_FAIL; } /* loop thru */ result = dbh->cursor->c_get(dbh->cursor, &key, &data, DB_FIRST); } else { result = dbh->cursor->c_get(dbh->cursor, &key, &data, DB_NEXT); } if (result == DB_NOTFOUND) return SASL_OK; if (result != 0) { return SASL_FAIL; } if (key.size > max_out) { return SASL_BUFOVER; } memcpy(out, key.data, key.size); if (out_len) *out_len = key.size; return SASL_CONTINUE; } int _sasldb_releasekeyhandle(const sasl_utils_t *utils, sasldb_handle handle) { berkleyhandle_t *dbh = (berkleyhandle_t *)handle; int ret = 0; if (!utils || !dbh) return SASL_BADPARAM; if (dbh->cursor) { dbh->cursor->c_close(dbh->cursor); } #if !defined(KEEP_DB_OPEN) /* This is almost the same berkeleydb_close(), except that berkeleydb_close logs a message on error and does not return any error */ if (dbh->mbdb) { ret = dbh->mbdb->close(dbh->mbdb, 0); } #endif utils->free(dbh); if (ret) { return SASL_FAIL; } else { return SASL_OK; } } cyrus-sasl-2.1.25/sasldb/allockey.c0000646000076400007640000001610311306006127014055 00000000000000/* db_berkeley.c--SASL berkeley db interface * Rob Siemborski * Tim Martin * $Id: allockey.c,v 1.9 2008/10/30 14:17:08 mel Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include "sasldb.h" /* * Construct a key * */ int _sasldb_alloc_key(const sasl_utils_t *utils, const char *auth_identity, const char *realm, const char *propName, char **key, size_t *key_len) { size_t auth_id_len, realm_len, prop_len; if(!utils || !auth_identity || !realm || !propName || !key || !key_len) return SASL_BADPARAM; auth_id_len = strlen(auth_identity); realm_len = strlen(realm); prop_len = strlen(propName); *key_len = auth_id_len + realm_len + prop_len + 2; *key = utils->malloc(*key_len); if (! *key) return SASL_NOMEM; memcpy(*key, auth_identity, auth_id_len); (*key)[auth_id_len] = '\0'; memcpy(*key + auth_id_len + 1, realm, realm_len); (*key)[auth_id_len + realm_len + 1] = '\0'; memcpy(*key + auth_id_len + realm_len + 2, propName, prop_len); return SASL_OK; } /* * decode a key */ int _sasldb_parse_key(const char *key, const size_t key_len, char *authid, const size_t max_authid, char *realm, const size_t max_realm, char *propName, const size_t max_propname) { unsigned i = 0; unsigned numnulls = 0; size_t alen = 0, rlen = 0, pnlen = 0; if(!key || !key_len || (authid && !max_authid) || (realm && !max_realm) || (propName && !max_propname)) return SASL_BADPARAM; for(i=0; i= max_authid) return SASL_BUFOVER; strncpy(authid, key, max_authid); } if(realm) { if(rlen >= max_realm) return SASL_BUFOVER; strncpy(realm, key + alen + 1, max_realm); } if(propName) { if(pnlen >= max_propname) return SASL_BUFOVER; strncpy(propName, key + alen + rlen + 2, pnlen); /* Have to add the missing NULL */ propName[pnlen] = '\0'; } return SASL_OK; } /* These are more or less aliases to the correct functions */ int _sasldb_getsecret(const sasl_utils_t *utils, sasl_conn_t *context, const char *authid, const char *realm, sasl_secret_t ** secret) { char buf[8192]; size_t len; sasl_secret_t *out; int ret; const char *param = SASL_AUX_PASSWORD; param++; if(!secret) { utils->seterror(context, 0, "No secret pointer in _sasldb_getsecret"); return SASL_BADPARAM; } ret = _sasldb_getdata(utils, context, authid, realm, param, buf, 8192, &len); if(ret != SASL_OK) { return ret; } out = utils->malloc(sizeof(sasl_secret_t) + len); if(!out) { utils->seterror(context, 0, "Out of Memory in _sasldb_getsecret"); return SASL_NOMEM; } out->len = (unsigned) len; memcpy(out->data, buf, len); out->data[len]='\0'; *secret = out; return SASL_OK; } int _sasldb_putsecret(const sasl_utils_t *utils, sasl_conn_t *context, const char *authid, const char *realm, const sasl_secret_t * secret) { const char *param = SASL_AUX_PASSWORD; param++; /* skip leading * */ return _sasldb_putdata(utils, context, authid, realm, param, (const char *) (secret ? secret->data : NULL), (secret ? secret->len : 0)); } int __sasldb_internal_list (const char *authid, const char *realm, const char *property, void *rock __attribute__((unused))) { printf("%s@%s: %s\n", authid, realm, property); return (SASL_OK); } /* List all users in database */ int _sasldb_listusers (const sasl_utils_t *utils, sasl_conn_t *context, sasldb_list_callback_t callback, void *callback_rock) { int result; char key_buf[32768]; size_t key_len; sasldb_handle dbh; if (callback == NULL) { callback = &__sasldb_internal_list; callback_rock = NULL; } dbh = _sasldb_getkeyhandle(utils, context); if(!dbh) { utils->log (context, SASL_LOG_ERR, "_sasldb_getkeyhandle has failed"); return SASL_FAIL; } result = _sasldb_getnextkey(utils, dbh, key_buf, 32768, &key_len); while (result == SASL_CONTINUE) { char authid_buf[16384]; char realm_buf[16384]; char property_buf[16384]; int ret; ret = _sasldb_parse_key(key_buf, key_len, authid_buf, 16384, realm_buf, 16384, property_buf, 16384); if(ret == SASL_BUFOVER) { utils->log (context, SASL_LOG_ERR, "Key is too large in _sasldb_parse_key"); continue; } else if(ret != SASL_OK) { utils->log (context, SASL_LOG_ERR, "Bad Key in _sasldb_parse_key"); continue; } result = callback (authid_buf, realm_buf, property_buf, callback_rock); if (result != SASL_OK && result != SASL_CONTINUE) { break; } result = _sasldb_getnextkey(utils, dbh, key_buf, 32768, &key_len); } if (result == SASL_BUFOVER) { utils->log (context, SASL_LOG_ERR, "Key is too large in _sasldb_getnextkey"); } else if (result != SASL_OK) { utils->log (context, SASL_LOG_ERR, "DB failure in _sasldb_getnextkey"); } return _sasldb_releasekeyhandle(utils, dbh); } cyrus-sasl-2.1.25/sasldb/db_ndbm.c0000666000076400007640000002235307622774136013667 00000000000000/* db_ndbm.c--SASL ndbm interface * Rob Siemborski * Rob Earhart * $Id: db_ndbm.c,v 1.5 2003/02/13 19:56:14 rjs3 Exp $ */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include "sasldb.h" static int db_ok = 0; /* This provides a version of _sasl_db_getsecret and * _sasl_db_putsecret which work with ndbm. */ int _sasldb_getdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid, const char *realm, const char *propName, char *out, const size_t max_out, size_t *out_len) { int result = SASL_OK; char *key; size_t key_len; DBM *db; datum dkey, dvalue; void *cntxt; sasl_getopt_t *getopt; const char *path = SASL_DB_PATH; if (!utils) return SASL_BADPARAM; if (!authid || !propName || !realm || !out || !max_out) { utils->seterror(conn, 0, "Bad parameter in db_ndbm.c: _sasldb_getdata"); return SASL_BADPARAM; } if (!db_ok) { utils->seterror(conn, 0, "Database not checked"); return SASL_FAIL; } result = _sasldb_alloc_key(utils, authid, realm, propName, &key, &key_len); if (result != SASL_OK) { utils->seterror(conn, 0, "Could not allocate key in _sasldb_getdata"); return result; } if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR); if (! db) { utils->seterror(cntxt, 0, "Could not open db"); result = SASL_FAIL; goto cleanup; } dkey.dptr = key; dkey.dsize = key_len; dvalue = dbm_fetch(db, dkey); if (! dvalue.dptr) { utils->seterror(cntxt, 0, "no user in db"); result = SASL_NOUSER; goto cleanup; } if((size_t)dvalue.dsize > max_out + 1) { utils->seterror(cntxt, 0, "buffer overflow"); return SASL_BUFOVER; } if(out_len) *out_len = dvalue.dsize; memcpy(out, dvalue.dptr, dvalue.dsize); out[dvalue.dsize] = '\0'; #if NDBM_FREE /* Note: not sasl_FREE! This is memory allocated by ndbm, * which is using libc malloc/free. */ free(dvalue.dptr); #endif cleanup: utils->free(key); if(db) dbm_close(db); return result; } int _sasldb_putdata(const sasl_utils_t *utils, sasl_conn_t *conn, const char *authid, const char *realm, const char *propName, const char *data, size_t data_len) { int result = SASL_OK; char *key; size_t key_len; DBM *db; datum dkey; void *cntxt; sasl_getopt_t *getopt; const char *path = SASL_DB_PATH; if (!utils) return SASL_BADPARAM; if (!authid || !realm || !propName) { utils->seterror(conn, 0, "Bad parameter in db_ndbm.c: _sasldb_putdata"); return SASL_BADPARAM; } result = _sasldb_alloc_key(utils, authid, realm, propName, &key, &key_len); if (result != SASL_OK) { utils->seterror(conn, 0, "Could not allocate key in _sasldb_putdata"); return result; } if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = dbm_open(path, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR); if (! db) { utils->log(conn, SASL_LOG_ERR, "SASL error opening password file. " "Do you have write permissions?\n"); utils->seterror(conn, 0, "Could not open db for write"); goto cleanup; } dkey.dptr = key; dkey.dsize = key_len; if (data) { datum dvalue; dvalue.dptr = (void *)data; if(!data_len) data_len = strlen(data); dvalue.dsize = data_len; if (dbm_store(db, dkey, dvalue, DBM_REPLACE)) { utils->seterror(conn, 0, "Couldn't update db"); result = SASL_FAIL; } } else { if (dbm_delete(db, dkey)) { utils->seterror(conn, 0, "Couldn't update db"); result = SASL_NOUSER; } } dbm_close(db); cleanup: utils->free(key); return result; } #ifdef DBM_SUFFIX #define SUFLEN (strlen(DBM_SUFFIX) + 1) #else #define SUFLEN 5 #endif int _sasl_check_db(const sasl_utils_t *utils, sasl_conn_t *conn) { const char *path = SASL_DB_PATH; void *cntxt; sasl_getopt_t *getopt; sasl_verifyfile_t *vf; int ret = SASL_OK; char *db; if(!utils) return SASL_BADPARAM; if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = utils->malloc(strlen(path) + SUFLEN); if (db == NULL) { ret = SASL_NOMEM; } ret = utils->getcallback(NULL, SASL_CB_VERIFYFILE, &vf, &cntxt); if(ret != SASL_OK) { utils->seterror(conn, 0, "No verifyfile callback"); return ret; } #ifdef DBM_SUFFIX if (ret == SASL_OK) { sprintf(db, "%s%s", path, DBM_SUFFIX); ret = vf(cntxt, db, SASL_VRFY_PASSWD); } #else if (ret == SASL_OK) { sprintf(db, "%s.dir", path); ret = vf(cntxt, db, SASL_VRFY_PASSWD); } if (ret == SASL_OK) { sprintf(db, "%s.pag", path); ret = vf(cntxt, db, SASL_VRFY_PASSWD); } #endif if (db) { utils->free(db); } if (ret == SASL_OK) { db_ok = 1; } if (ret == SASL_OK || ret == SASL_CONTINUE) { return SASL_OK; } else { utils->seterror(conn, 0, "Verifyfile failed"); return ret; } } typedef struct ndbm_handle { DBM *db; datum dkey; int first; } handle_t; sasldb_handle _sasldb_getkeyhandle(const sasl_utils_t *utils, sasl_conn_t *conn) { const char *path = SASL_DB_PATH; sasl_getopt_t *getopt; void *cntxt; DBM *db; handle_t *handle; if(!utils || !conn) return NULL; if(!db_ok) { utils->seterror(conn, 0, "Database not OK in _sasldb_getkeyhandle"); return NULL; } if (utils->getcallback(conn, SASL_CB_GETOPT, &getopt, &cntxt) == SASL_OK) { const char *p; if (getopt(cntxt, NULL, "sasldb_path", &p, NULL) == SASL_OK && p != NULL && *p != 0) { path = p; } } db = dbm_open(path, O_RDONLY, S_IRUSR | S_IWUSR); if(!db) { utils->seterror(conn, 0, "Could not open db"); return NULL; } handle = utils->malloc(sizeof(handle_t)); if(!handle) { utils->seterror(conn, 0, "no memory in _sasldb_getkeyhandle"); dbm_close(db); return NULL; } handle->db = db; handle->first = 1; return (sasldb_handle)handle; } int _sasldb_getnextkey(const sasl_utils_t *utils __attribute__((unused)), sasldb_handle handle, char *out, const size_t max_out, size_t *out_len) { handle_t *dbh = (handle_t *)handle; datum nextkey; if(!utils || !handle || !out || !max_out) return SASL_BADPARAM; if(dbh->first) { dbh->dkey = dbm_firstkey(dbh->db); dbh->first = 0; } else { nextkey = dbm_nextkey(dbh->db); dbh->dkey = nextkey; } if(dbh->dkey.dptr == NULL) return SASL_OK; if((unsigned)dbh->dkey.dsize > max_out) return SASL_BUFOVER; memcpy(out, dbh->dkey.dptr, dbh->dkey.dsize); if(out_len) *out_len = dbh->dkey.dsize; return SASL_CONTINUE; } int _sasldb_releasekeyhandle(const sasl_utils_t *utils, sasldb_handle handle) { handle_t *dbh = (handle_t *)handle; if(!utils || !dbh) return SASL_BADPARAM; if(dbh->db) dbm_close(dbh->db); utils->free(dbh); return SASL_OK; } cyrus-sasl-2.1.25/sasldb/Makefile.am0000646000076400007640000000505611631155042014151 00000000000000# Makefile.am for the SASLdb library # Rob Siemborski # $Id: Makefile.am,v 1.33 2011/09/05 14:18:10 murch Exp $ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Library version info - here at the top, for sanity # Note that this doesn't necessaraly follow the libsasl2 verison info sasl_version = 1:25:0 INCLUDES=-I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c EXTRA_DIST = NTMakefile noinst_LTLIBRARIES = libsasldb.la noinst_LIBRARIES = libsasldb.a libsasldb_la_SOURCES = allockey.c sasldb.h EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) libsasldb_la_LIBADD = $(SASL_DB_BACKEND) # Prevent make dist stupidity libsasldb_a_SOURCES = EXTRA_libsasldb_a_SOURCES = libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) cyrus-sasl-2.1.25/sasldb/Makefile.in0000666000076400007640000004537211631670664014205 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the SASLdb library # Rob Siemborski # $Id: Makefile.am,v 1.33 2011/09/05 14:18:10 murch Exp $ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = sasldb DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) AR = ar ARFLAGS = cru libsasldb_a_AR = $(AR) $(ARFLAGS) libsasldb_a_LIBADD = am_libsasldb_a_OBJECTS = libsasldb_a_OBJECTS = $(am_libsasldb_a_OBJECTS) LTLIBRARIES = $(noinst_LTLIBRARIES) am__DEPENDENCIES_1 = am_libsasldb_la_OBJECTS = allockey.lo libsasldb_la_OBJECTS = $(am_libsasldb_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libsasldb_a_SOURCES) $(EXTRA_libsasldb_a_SOURCES) \ $(libsasldb_la_SOURCES) $(EXTRA_libsasldb_la_SOURCES) DIST_SOURCES = $(libsasldb_a_SOURCES) $(EXTRA_libsasldb_a_SOURCES) \ $(libsasldb_la_SOURCES) $(EXTRA_libsasldb_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ # Library version info - here at the top, for sanity # Note that this doesn't necessaraly follow the libsasl2 verison info sasl_version = 1:25:0 INCLUDES = -I$(top_srcdir)/include -I$(top_builddir)/include @SASL_DB_INC@ extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c EXTRA_DIST = NTMakefile noinst_LTLIBRARIES = libsasldb.la noinst_LIBRARIES = libsasldb.a libsasldb_la_SOURCES = allockey.c sasldb.h EXTRA_libsasldb_la_SOURCES = $(extra_common_sources) libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) libsasldb_la_LIBADD = $(SASL_DB_BACKEND) # Prevent make dist stupidity libsasldb_a_SOURCES = EXTRA_libsasldb_a_SOURCES = all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu sasldb/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu sasldb/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libsasldb.la: $(libsasldb_la_OBJECTS) $(libsasldb_la_DEPENDENCIES) $(LINK) $(libsasldb_la_OBJECTS) $(libsasldb_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/allockey.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db_berkeley.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db_gdbm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db_ndbm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/db_none.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LIBRARIES) $(LTLIBRARIES) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstLIBRARIES clean-noinstLTLIBRARIES \ ctags distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC) $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/configure0000777000076400007640000212763511631670665012605 00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.63. # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH if test "x$CONFIG_SHELL" = x; then if (eval ":") 2>/dev/null; then as_have_required=yes else as_have_required=no fi if test $as_have_required = yes && (eval ": (as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=\$LINENO as_lineno_2=\$LINENO test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } ") 2> /dev/null; then : else as_candidate_shells= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. case $as_dir in /*) for as_base in sh bash ksh sh5; do as_candidate_shells="$as_candidate_shells $as_dir/$as_base" done;; esac done IFS=$as_save_IFS for as_shell in $as_candidate_shells $SHELL; do # Try only shells that exist, to save several forks. if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { ("$as_shell") 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : _ASEOF }; then CONFIG_SHELL=$as_shell as_have_required=yes if { "$as_shell" 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : (as_func_return () { (exit $1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = "$1" ); then : else exitcode=1 echo positional parameters were not saved. fi test $exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } _ASEOF }; then break fi fi done if test "x$CONFIG_SHELL" != x; then for as_var in BASH_ENV ENV do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done export CONFIG_SHELL exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} fi if test $as_have_required = no; then echo This script requires a shell more modern than all the echo shells that I found on your system. Please install a echo modern shell, or manually run the script under such a echo shell if you do have one. { (exit 1); exit 1; } fi fi fi (eval "as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0") || { echo No shell found that supports shell functions. echo Please tell bug-autoconf@gnu.org about your system, echo including any error possibly output before this message. echo This can help us improve future autoconf versions. echo Configuration will now proceed without shell functions. } as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME= PACKAGE_TARNAME= PACKAGE_VERSION= PACKAGE_STRING= PACKAGE_BUGREPORT= ac_unique_file="lib/saslint.h" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" enable_option_checking=no ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE subdirs DIRS LTLIBOBJS LTGETNAMEINFOOBJS GETNAMEINFOOBJS LTGETADDRINFOOBJS GETADDRINFOOBJS LTSNPRINTFOBJS SNPRINTFOBJS GETSUBOPT LIBOBJS SASL_UTIL_HEADERS_EXTRA SASL_UTIL_LIBS_EXTRA SMTPTEST_PROGRAM SFIO_LIB_FLAGS SFIO_INC_FLAGS DMALLOC_LIBS MACOSX_FALSE MACOSX_TRUE configdir plugindir SASL_STATIC_LIBS SASL_STATIC_OBJS SASL_STATIC_SRCS SASL_MECHS LIB_LDAP LIB_SQLITE3 LIB_SQLITE LIB_PGSQL LIB_MYSQL PASSDSS_LIBS NTLM_LIBS PLAIN_LIBS GSSAPIBASE_LIBS GSSAPI_LIBS LIB_CRYPT SASL_KRB_LIB SRP_LIBS OTP_LIBS SCRAM_LIBS LIB_DES CMU_LIB_SUBDIR LIB_DOOR IPCTYPE PWCHECK_FALSE PWCHECK_TRUE PWCHECKMETH SASLAUTHD_FALSE SASLAUTHD_TRUE NM SASL_DL_LIB NO_SASL_DB_MANS_FALSE NO_SASL_DB_MANS_TRUE SASL_DB_LIB SASL_DB_INC SASL_DB_BACKEND_STATIC SASL_DB_BACKEND SASL_DB_MANS SASL_DB_UTILS EGREP GREP LIB_SOCKET SAMPLE_FALSE SAMPLE_TRUE JAVAROOT JAVA_INCLUDES JAVA_FALSE JAVA_TRUE JAVADOC JAVAH JAVAC PURIFY PURECOV LIBTOOL RANLIB LN_S CPP am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE am__quote am__include DEPDIR OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_os target_vendor target_cpu target host_os host_vendor host_cpu host build_os build_vendor build_cpu build target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_cmulocal enable_sample enable_obsolete_cram_attr enable_dependency_tracking with_staticsasl enable_static enable_shared enable_fast_install with_gnu_ld enable_libtool_lock enable_staticdlopen with_purecov with_purify enable_java with_javabase with_dbpath with_dblib with_bdb_libdir with_bdb_incdir with_gdbm enable_keep_db_open with_devrandom with_pam with_saslauthd with_authdaemond with_pwcheck with_ipctype enable_alwaystrue enable_checkapop enable_cram with_lib_subdir with_openssl with_des enable_digest enable_scram enable_otp with_with_opie enable_srp enable_srp_setpass enable_krb4 enable_gssapi with_gss_impl enable_gss_mutexes enable_plain enable_anon enable_login enable_ntlm enable_passdss with_ldap enable_sql with_mysql with_pgsql with_sqlite with_sqlite3 enable_ldapdb with_plugindir with_configdir with_rc4 enable_macos_framework with_dmalloc with_sfio ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP' ac_subdirs_all='saslauthd' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) { $as_echo "$as_me: error: unrecognized option: $ac_option Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2 { (exit 1); exit 1; }; } eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` { $as_echo "$as_me: error: missing argument to $ac_option" >&2 { (exit 1); exit 1; }; } fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2 { (exit 1); exit 1; }; } ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; } done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || { $as_echo "$as_me: error: working directory cannot be determined" >&2 { (exit 1); exit 1; }; } test "X$ac_ls_di" = "X$ac_pwd_ls_di" || { $as_echo "$as_me: error: pwd does not report name of working directory" >&2 { (exit 1); exit 1; }; } # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 { (exit 1); exit 1; }; } fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2 { (exit 1); exit 1; }; } pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures this package to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] --target=TARGET configure for building compilers for TARGET [HOST] _ACEOF fi if test -n "$ac_init_help"; then cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-cmulocal enable local mods for CMU [[no]] --enable-sample compile sample code [[yes]] --enable-obsolete_cram_attr enable support for cmusaslsecretCRAM-MD5 auxprop property [[yes]] --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --enable-static=PKGS build static libraries default=no --enable-shared=PKGS build shared libraries default=yes --enable-fast-install=PKGS optimize for fast installation default=yes --disable-libtool-lock avoid locking (might break parallel builds) --enable-staticdlopen try dynamic plugins when we are a static libsasl [no] --enable-java compile Java support [no] --enable-keep-db-open keep handle to Berkeley DB open for improved performance [no] --enable-alwaystrue enable the alwaystrue password verifier (discouraged) --enable-checkapop enable use of sasl_checkapop [yes] --enable-cram enable CRAM-MD5 authentication [yes] --enable-digest enable DIGEST-MD5 authentication [yes] --enable-scram enable SCRAM authentication [yes] --enable-otp enable OTP authentication [yes] --enable-srp enable SRP authentication [no] --enable-srp-setpass enable setting SRP secrets with saslpasswd [no] --enable-krb4 enable KERBEROS_V4 authentication [no] --enable-gssapi= enable GSSAPI authentication [yes] --enable-gss_mutexes use mutexes around calls to the GSS library --enable-plain enable PLAIN authentication yes --enable-anon enable ANONYMOUS authentication [yes] --enable-login enable unsupported LOGIN authentication [no] --enable-ntlm enable unsupported NTLM authentication [no] --enable-passdss enable PASSDSS authentication (experimental) [no] --enable-sql enable SQL auxprop [no] --enable-ldapdb enable LDAPDB plugin no --disable-macos-framework disable building and installing replacement SASL2 Framework for MacOS X-provided SASL Framework [no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-gnu-ld assume the C compiler uses GNU ld default=no --with-purecov link with purecov --with-purify link with purify --with-javabase=PATH set path to find jni.h in /usr/java/include --with-dbpath=PATH set the DB path to use /etc/sasldb2 --with-dblib=DBLIB set the DB library to use berkeley --with-bdb-libdir=DIR Berkeley DB lib files are in DIR --with-bdb-incdir=DIR Berkeley DB include files are in DIR --with-gdbm=PATH use gdbm from PATH --with-devrandom=PATH set the path to /dev/random [/dev/random] --with-pam=DIR use PAM (rooted in DIR) [yes] --with-saslauthd=DIR enable use of the saslauth daemon using state dir DIR --with-authdaemond=PATH enable use of authdaemon with default socket=PATH [yes] --with-pwcheck=DIR enable deprecated pwcheck daemon using statedir DIR --with-ipctype={unix,doors} use ipctype [unix] --with-lib-subdir=DIR Find libraries in DIR instead of lib --with-openssl=PATH use OpenSSL from PATH --with-des=DIR with DES (look in DIR) yes --with-opie=PATH use OPIE (One Time Passwords in Everything) from PATH --with-gss_impl={heimdal|mit|cybersafe|seam|auto} choose specific GSSAPI implementation [[auto]] --with-ldap=DIR use LDAP (in DIR) for saslauthd no --with-mysql=PATH use MySQL from PATH --with-pgsql=PATH use PostgreSQL from PATH --with-sqlite=PATH use SQLite from PATH --with-sqlite3=PATH use SQLite3 from PATH --with-plugindir=DIR set the directory where plugins will be found [/usr/lib/sasl2] --with-configdir=DIR set the directory where config files will be found /usr/lib/sasl2 --with-rc4 use internal rc4 routines [yes] --with-dmalloc=DIR with DMALLOC support (for test applications) [no] --with-sfio=DIR with SFIO support (for smtptest/libsfsasl) [no] Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF configure generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; 2) ac_configure_args1="$ac_configure_args1 '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac done done $as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } $as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------------- ## ## File substitutions. ## ## ------------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then ac_site_file1=$CONFIG_SITE elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test -r "$ac_site_file"; then { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:$LINENO: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:$LINENO: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 $as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test $cache_file = "/dev/null"; then cache_file="./config.cache" if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi fi ac_aux_dir= for ac_dir in config "$srcdir"/config; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in config \"$srcdir\"/config" >&5 $as_echo "$as_me: error: cannot find install-sh or install.sh in config \"$srcdir\"/config" >&2;} { (exit 1); exit 1; }; } fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 $as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} { (exit 1); exit 1; }; } { $as_echo "$as_me:$LINENO: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if test "${ac_cv_build+set}" = set; then $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 $as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;} { (exit 1); exit 1; }; } ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 $as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} { (exit 1); exit 1; }; } fi { $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 $as_echo "$as_me: error: invalid value of canonical build" >&2;} { (exit 1); exit 1; }; };; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:$LINENO: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if test "${ac_cv_host+set}" = set; then $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 $as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} { (exit 1); exit 1; }; } fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 $as_echo "$as_me: error: invalid value of canonical host" >&2;} { (exit 1); exit 1; }; };; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:$LINENO: checking target system type" >&5 $as_echo_n "checking target system type... " >&6; } if test "${ac_cv_target+set}" = set; then $as_echo_n "(cached) " >&6 else if test "x$target_alias" = x; then ac_cv_target=$ac_cv_host else ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` || { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&5 $as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&2;} { (exit 1); exit 1; }; } fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_target" >&5 $as_echo "$ac_cv_target" >&6; } case $ac_cv_target in *-*-*) ;; *) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical target" >&5 $as_echo "$as_me: error: invalid value of canonical target" >&2;} { (exit 1); exit 1; }; };; esac target=$ac_cv_target ac_save_IFS=$IFS; IFS='-' set x $ac_cv_target shift target_cpu=$1 target_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: target_os=$* IFS=$ac_save_IFS case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac # The aliases save the names the user supplied, while $host etc. # will get canonicalized. test -n "$target_alias" && test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- am__api_version='1.11' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:$LINENO: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Just in case sleep 1 echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5 $as_echo "$as_me: error: unsafe absolute working directory name" >&2;} { (exit 1); exit 1; }; };; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5 $as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;} { (exit 1); exit 1; }; };; esac # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&5 $as_echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken alias in your environment" >&2;} { (exit 1); exit 1; }; } fi test "$2" = conftest.file ) then # Ok. : else { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files! Check your system clock" >&5 $as_echo "$as_me: error: newly created file is older than distributed files! Check your system clock" >&2;} { (exit 1); exit 1; }; } fi { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_STRIP+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:$LINENO: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if test "${ac_cv_path_mkdir+set}" = set; then $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. test -d ./--version && rmdir ./--version MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } mkdir_p="$MKDIR_P" case $mkdir_p in [\\/$]* | ?:[\\/]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_AWK+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:$LINENO: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 $as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} { (exit 1); exit 1; }; } fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE=cyrus-sasl VERSION=2.1.25 cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. AMTAR=${AMTAR-"${am_missing_run}tar"} am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' ACLOCAL="$ACLOCAL -I \$(top_srcdir)/cmulocal" # and include our config dir scripts ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config" DIRS="" # Check whether --enable-cmulocal was given. if test "${enable_cmulocal+set}" = set; then enableval=$enable_cmulocal; else enable_cmulocal=no fi # Check whether --enable-sample was given. if test "${enable_sample+set}" = set; then enableval=$enable_sample; enable_sample=yes fi # Check whether --enable-obsolete_cram_attr was given. if test "${enable_obsolete_cram_attr+set}" = set; then enableval=$enable_obsolete_cram_attr; enable_obsolete_cram_attr=$enableval else enable_obsolete_cram_attr=yes fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 $as_echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } # Provide some information about the compiler. $as_echo "$as_me:$LINENO: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 { (ac_try="$ac_compiler --version >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compiler --version >&5") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -v >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compiler -v >&5") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -V >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compiler -V >&5") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { (ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi { $as_echo "$as_me:$LINENO: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } if test -z "$ac_file"; then $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables See \`config.log' for more details." >&5 $as_echo "$as_me: error: C compiler cannot create executables See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; }; } fi ac_exeext=$ac_cv_exeext # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi fi fi { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } { $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } { $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi rm -f conftest$ac_cv_exeext { $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT { $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if test "${ac_cv_objext+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if test "${ac_cv_c_compiler_gnu+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_compiler_gnu=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if test "${ac_cv_prog_cc_g+set}" = set; then $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 CFLAGS="" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_c89=$ac_arg else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:$LINENO: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:$LINENO: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi { $as_echo "$as_me:$LINENO: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi depcc="$CC" am_compiler_list= { $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:$LINENO: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&5 $as_echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_AWK+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:$LINENO: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:$LINENO: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:$LINENO: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi { $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in ./ | .// | /cC/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:$LINENO: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:$LINENO: checking for __attribute__" >&5 $as_echo_n "checking for __attribute__... " >&6; } if test "${ac_cv___attribute__+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include static void foo(void) __attribute__ ((noreturn)); static void foo(void) { exit(1); } int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv___attribute__=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv___attribute__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "$ac_cv___attribute__" = "yes"; then cat >>confdefs.h <<\_ACEOF #define HAVE___ATTRIBUTE__ 1 _ACEOF fi { $as_echo "$as_me:$LINENO: result: $ac_cv___attribute__" >&5 $as_echo "$ac_cv___attribute__" >&6; } # CMU GUESS RUNPATH SWITCH { $as_echo "$as_me:$LINENO: checking for runpath switch" >&5 $as_echo_n "checking for runpath switch... " >&6; } if test "${andrew_cv_runpath_switch+set}" = set; then $as_echo_n "(cached) " >&6 else # first, try -R SAVE_LDFLAGS="${LDFLAGS}" LDFLAGS="-R /usr/lib" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then andrew_cv_runpath_switch="-R" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 LDFLAGS="-Wl,-rpath,/usr/lib" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then andrew_cv_runpath_switch="-Wl,-rpath," else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 andrew_cv_runpath_switch="none" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="${SAVE_LDFLAGS}" fi { $as_echo "$as_me:$LINENO: result: $andrew_cv_runpath_switch" >&5 $as_echo "$andrew_cv_runpath_switch" >&6; } # Check whether --with-staticsasl was given. if test "${with_staticsasl+set}" = set; then withval=$with_staticsasl; fi if test "$with_staticsasl" = yes; then enable_shared=yes enable_static=yes fi save_target=$target if test -z "$target"; then target="NONE" fi # new libtool # Check whether --enable-static was given. if test "${enable_static+set}" = set; then enableval=$enable_static; p=${PACKAGE-default} case "$enableval" in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," for pkg in $enableval; do if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$ac_save_ifs" ;; esac else enable_static=no fi # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then enableval=$enable_shared; p=${PACKAGE-default} case "$enableval" in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," for pkg in $enableval; do if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$ac_save_ifs" ;; esac else enable_shared=yes fi # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then enableval=$enable_fast_install; p=${PACKAGE-default} case "$enableval" in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," for pkg in $enableval; do if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$ac_save_ifs" ;; esac else enable_fast_install=yes fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_RANLIB+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:$LINENO: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$ac_cv_c_compiler_gnu" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:$LINENO: checking for ld used by GCC" >&5 $as_echo_n "checking for ld used by GCC... " >&6; } ac_prog=`($CC -print-prog-name=ld) 2>&5` case "$ac_prog" in # Accept absolute paths. [\\/]* | [A-Za-z]:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:$LINENO: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:$LINENO: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if test "${ac_cv_path_LD+set}" = set; then $as_echo_n "(cached) " >&6 else if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then ac_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. if "$ac_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then test "$with_gnu_ld" != no && break else test "$with_gnu_ld" != yes && break fi fi done IFS="$ac_save_ifs" else ac_cv_path_LD="$LD" # Let the user override the test with a path. fi fi LD="$ac_cv_path_LD" if test -n "$LD"; then { $as_echo "$as_me:$LINENO: result: $LD" >&5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && { { $as_echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 $as_echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} { (exit 1); exit 1; }; } { $as_echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${ac_cv_prog_gnu_ld+set}" = set; then $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU ld's only accept -v. if $LD -v 2>&1 &5; then ac_cv_prog_gnu_ld=yes else ac_cv_prog_gnu_ld=no fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_gnu_ld" >&5 $as_echo "$ac_cv_prog_gnu_ld" >&6; } { $as_echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5 $as_echo_n "checking for BSD-compatible nm... " >&6; } if test "${ac_cv_path_NM+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. ac_cv_path_NM="$NM" else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then ac_cv_path_NM="$ac_dir/nm -B" break elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then ac_cv_path_NM="$ac_dir/nm -p" break else ac_cv_path_NM=${ac_cv_path_NM="$ac_dir/nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags fi fi done IFS="$ac_save_ifs" test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm fi fi NM="$ac_cv_path_NM" { $as_echo "$as_me:$LINENO: result: $NM" >&5 $as_echo "$NM" >&6; } case "$target" in NONE) lt_target="$host" ;; *) lt_target="$target" ;; esac # Check for any special flags to pass to ltconfig. libtool_flags="--cache-file=$cache_file" test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared" test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static" test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install" test "$ac_cv_c_compiler_gnu" = yes && libtool_flags="$libtool_flags --with-gcc" test "$ac_cv_prog_gnu_ld" = yes && libtool_flags="$libtool_flags --with-gnu-ld" # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" = xno && libtool_flags="$libtool_flags --disable-lock" test x"$silent" = xyes && libtool_flags="$libtool_flags --silent" # Some flags need to be propagated to the compiler or linker for good # libtool support. case "$lt_target" in *-*-irix6*) # Find out which ABI we are using. echo '#line 4787 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then case "`/usr/bin/file conftest.o`" in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } if test "${lt_cv_cc_needs_belf+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then lt_cv_cc_needs_belf=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 lt_cv_cc_needs_belf=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; esac # Save cache, so that ltconfig can load it cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache # Actually configure libtool. ac_aux_dir is where install-sh is found. CC="$CC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" \ LD="$LD" LDFLAGS="$LDFLAGS" LIBS="$LIBS" \ LN_S="$LN_S" NM="$NM" RANLIB="$RANLIB" \ DLLTOOL="$DLLTOOL" AS="$AS" OBJDUMP="$OBJDUMP" \ ${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \ $libtool_flags --no-verify $ac_aux_dir/ltmain.sh $lt_target \ || { { $as_echo "$as_me:$LINENO: error: libtool configure failed" >&5 $as_echo "$as_me: error: libtool configure failed" >&2;} { (exit 1); exit 1; }; } # Reload cache, that may have been modified by ltconfig if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ac_aux_dir/ltconfig $ac_aux_dir/ltmain.sh" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' # Redirect the config.log output again, so that the ltconfig log is not # clobbered by the next message. exec 5>>./config.log target=$save_target if test "$enable_static" = yes; then SASL_STATIC_LIBS=libsasl2.a else SASL_STATIC_LIBS= fi # Check whether --enable-staticdlopen was given. if test "${enable_staticdlopen+set}" = set; then enableval=$enable_staticdlopen; enable_staticdlopen=$enableval else enable_staticdlopen=no fi if test "$enable_staticdlopen" = yes; then cat >>confdefs.h <<\_ACEOF #define TRY_DLOPEN_WHEN_STATIC /**/ _ACEOF fi if test "$ac_cv_c_compiler_gnu" = yes; then CFLAGS="-Wall -W ${CFLAGS}" fi # Check whether --with-purecov was given. if test "${with_purecov+set}" = set; then withval=$with_purecov; fi if test "$with_purecov" = yes; then for ac_prog in purecov do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_PURECOV+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$PURECOV"; then ac_cv_prog_PURECOV="$PURECOV" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_PURECOV="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi PURECOV=$ac_cv_prog_PURECOV if test -n "$PURECOV"; then { $as_echo "$as_me:$LINENO: result: $PURECOV" >&5 $as_echo "$PURECOV" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PURECOV" && break done fi # Check whether --with-purify was given. if test "${with_purify+set}" = set; then withval=$with_purify; fi if test "$with_purify" = yes; then for ac_prog in purify do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_PURIFY+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$PURIFY"; then ac_cv_prog_PURIFY="$PURIFY" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_PURIFY="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi PURIFY=$ac_cv_prog_PURIFY if test -n "$PURIFY"; then { $as_echo "$as_me:$LINENO: result: $PURIFY" >&5 $as_echo "$PURIFY" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PURIFY" && break done fi # Check whether --enable-java was given. if test "${enable_java+set}" = set; then enableval=$enable_java; enable_java=$enableval else enable_java=no fi if test "$enable_java" = yes; then # Extract the first word of "javac", so it can be a program name with args. set dummy javac; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_JAVAC+set}" = set; then $as_echo_n "(cached) " >&6 else case $JAVAC in [\\/]* | ?:[\\/]*) ac_cv_path_JAVAC="$JAVAC" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_JAVAC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_JAVAC" && ac_cv_path_JAVAC="no" ;; esac fi JAVAC=$ac_cv_path_JAVAC if test -n "$JAVAC"; then { $as_echo "$as_me:$LINENO: result: $JAVAC" >&5 $as_echo "$JAVAC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi for ac_prog in javah kaffeh do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_JAVAH+set}" = set; then $as_echo_n "(cached) " >&6 else case $JAVAH in [\\/]* | ?:[\\/]*) ac_cv_path_JAVAH="$JAVAH" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_JAVAH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi JAVAH=$ac_cv_path_JAVAH if test -n "$JAVAH"; then { $as_echo "$as_me:$LINENO: result: $JAVAH" >&5 $as_echo "$JAVAH" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$JAVAH" && break done test -n "$JAVAH" || JAVAH="no" for ac_prog in javadoc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_JAVADOC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$JAVADOC"; then ac_cv_prog_JAVADOC="$JAVADOC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_JAVADOC="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi JAVADOC=$ac_cv_prog_JAVADOC if test -n "$JAVADOC"; then { $as_echo "$as_me:$LINENO: result: $JAVADOC" >&5 $as_echo "$JAVADOC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$JAVADOC" && break done test -n "$JAVADOC" || JAVADOC=":" if test "$JAVAC" = "no" -o "$JAVAH" = "no"; then { $as_echo "$as_me:$LINENO: WARNING: Disabling Java support" >&5 $as_echo "$as_me: WARNING: Disabling Java support" >&2;} enable_java=no fi else # Make distcheck work JAVAC="true" JAVAH="true" JAVADOC="true" fi if test "$enable_java" = yes; then JAVA_TRUE= JAVA_FALSE='#' else JAVA_TRUE='#' JAVA_FALSE= fi if test "$enable_java" = yes; then { $as_echo "$as_me:$LINENO: checking JNI cpp flags" >&5 $as_echo_n "checking JNI cpp flags... " >&6; } if test "${sasl_cv_java_includes+set}" = set; then $as_echo_n "(cached) " >&6 else if test `echo $JAVAH | sed 's,.*/,,'` = "kaffeh"; then sasl_cv_java_includes=-I`echo $JAVAH | sed -e 's,/bin.*,/include/kaffe,'` else java_base=`echo $JAVAC | sed 's,/bin.*,'','` # Check whether --with-javabase was given. if test "${with_javabase+set}" = set; then withval=$with_javabase; java_base=$withval fi sasl_cv_java_includes='' for dir in `find ${java_base}/include -follow -type d -print | grep -v green_threads`; do sasl_cv_java_includes="${sasl_cv_java_includes} -I$dir" done fi sasl_cv_java_includes="${sasl_cv_java_includes} -I$javapath/include" fi JAVA_INCLUDES=$sasl_cv_java_includes { $as_echo "$as_me:$LINENO: result: ok" >&5 $as_echo "ok" >&6; } JAVAROOT=".." JAVAC=`echo "$JAVAC" | sed 's,.*/,,'` JAVAH=`echo "$JAVAH" | sed 's,.*/,,'` fi if test "$enable_sample" = yes; then SAMPLE_TRUE= SAMPLE_FALSE='#' else SAMPLE_TRUE='#' SAMPLE_FALSE= fi save_LIBS="$LIBS" LIB_SOCKET="" { $as_echo "$as_me:$LINENO: checking for connect" >&5 $as_echo_n "checking for connect... " >&6; } if test "${ac_cv_func_connect+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define connect to an innocuous variant, in case declares connect. For example, HP-UX 11i declares gettimeofday. */ #define connect innocuous_connect /* System header to define __stub macros and hopefully few prototypes, which can conflict with char connect (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef connect /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char connect (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_connect || defined __stub___connect choke me #endif int main () { return connect (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_connect=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_connect=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_connect" >&5 $as_echo "$ac_cv_func_connect" >&6; } if test "x$ac_cv_func_connect" = x""yes; then : else { $as_echo "$as_me:$LINENO: checking for gethostbyname in -lnsl" >&5 $as_echo_n "checking for gethostbyname in -lnsl... " >&6; } if test "${ac_cv_lib_nsl_gethostbyname+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gethostbyname (); int main () { return gethostbyname (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_nsl_gethostbyname=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_nsl_gethostbyname=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_gethostbyname" >&5 $as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } if test "x$ac_cv_lib_nsl_gethostbyname" = x""yes; then LIB_SOCKET="-lnsl $LIB_SOCKET" fi { $as_echo "$as_me:$LINENO: checking for connect in -lsocket" >&5 $as_echo_n "checking for connect in -lsocket... " >&6; } if test "${ac_cv_lib_socket_connect+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char connect (); int main () { return connect (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_socket_connect=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_socket_connect=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_connect" >&5 $as_echo "$ac_cv_lib_socket_connect" >&6; } if test "x$ac_cv_lib_socket_connect" = x""yes; then LIB_SOCKET="-lsocket $LIB_SOCKET" fi fi LIBS="$LIB_SOCKET $save_LIBS" { $as_echo "$as_me:$LINENO: checking for res_search" >&5 $as_echo_n "checking for res_search... " >&6; } if test "${ac_cv_func_res_search+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define res_search to an innocuous variant, in case declares res_search. For example, HP-UX 11i declares gettimeofday. */ #define res_search innocuous_res_search /* System header to define __stub macros and hopefully few prototypes, which can conflict with char res_search (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef res_search /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char res_search (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_res_search || defined __stub___res_search choke me #endif int main () { return res_search (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_res_search=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_res_search=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_res_search" >&5 $as_echo "$ac_cv_func_res_search" >&6; } if test "x$ac_cv_func_res_search" = x""yes; then : else LIBS="-lresolv $LIB_SOCKET $save_LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ [ #include #include #include #ifdef HAVE_ARPA_NAMESER_COMPAT_H #include #endif #include ] int main () { [ const char host[12]="openafs.org"; u_char ans[1024]; res_search( host, C_IN, T_MX, (u_char *)&ans, sizeof(ans)); return 0; ] ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then LIB_SOCKET="-lresolv $LIB_SOCKET" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi LIBS="$LIB_SOCKET $save_LIBS" for ac_func in dn_expand dns_lookup do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done LIBS="$save_LIBS" # Check whether --with-dbpath was given. if test "${with_dbpath+set}" = set; then withval=$with_dbpath; dbpath=$withval else dbpath=/etc/sasldb2 fi { $as_echo "$as_me:$LINENO: checking DB path to use" >&5 $as_echo_n "checking DB path to use... " >&6; } { $as_echo "$as_me:$LINENO: result: $dbpath" >&5 $as_echo "$dbpath" >&6; } cat >>confdefs.h <<_ACEOF #define SASL_DB_PATH "$dbpath" _ACEOF { $as_echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if test "${ac_cv_path_GREP+set}" = set; then $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then { { $as_echo "$as_me:$LINENO: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 $as_echo "$as_me: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:$LINENO: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if test "${ac_cv_path_EGREP+set}" = set; then $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 $as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if test "${ac_cv_header_stdc+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_stdc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -rf conftest.dSYM rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then eval "$as_ac_Header=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done cmu_save_LIBS="$LIBS" # Check whether --with-dblib was given. if test "${with_dblib+set}" = set; then withval=$with_dblib; dblib=$withval else dblib=auto_detect fi # Check whether --with-bdb-libdir was given. if test "${with_bdb_libdir+set}" = set; then withval=$with_bdb_libdir; with_bdb_lib=$withval else test "${with_bdb_lib+set}" = set || with_bdb_lib=none fi # Check whether --with-bdb-incdir was given. if test "${with_bdb_incdir+set}" = set; then withval=$with_bdb_incdir; with_bdb_inc=$withval else test "${with_bdb_inc+set}" = set || with_bdb_inc=none fi SASL_DB_LIB="" case "$dblib" in berkeley) cmu_save_CPPFLAGS=$CPPFLAGS if test -d $with_bdb_inc; then CPPFLAGS="$CPPFLAGS -I$with_bdb_inc" BDB_INCADD="-I$with_bdb_inc" else BDB_INCADD="" fi if test "${ac_cv_header_db_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for db.h" >&5 $as_echo_n "checking for db.h... " >&6; } if test "${ac_cv_header_db_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_db_h" >&5 $as_echo "$ac_cv_header_db_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking db.h usability" >&5 $as_echo_n "checking db.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking db.h presence" >&5 $as_echo_n "checking db.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: db.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: db.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: db.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: db.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: db.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: db.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: db.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: db.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: db.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: db.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for db.h" >&5 $as_echo_n "checking for db.h... " >&6; } if test "${ac_cv_header_db_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_db_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_db_h" >&5 $as_echo "$ac_cv_header_db_h" >&6; } fi if test "x$ac_cv_header_db_h" = x""yes; then BDB_SAVE_LDFLAGS=$LDFLAGS if test -d $with_bdb_lib; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LDFLAGS="-L$with_bdb_lib ${LDFLAGS}" else LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_cv_runpath_switch$with_bdb_lib" fi # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD}" else BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_cv_runpath_switch$with_bdb_lib" fi else BDB_LIBADD="" fi saved_LIBS=$LIBS for dbname in ${with_bdb} db-4.7 db4.7 db47 db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db do LIBS="$saved_LIBS -l$dbname" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { db_create(NULL, NULL, 0); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then BDB_LIBADD="$BDB_LIBADD -l$dbname"; dblib="berkeley"; dbname=db else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 dblib="no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test "$dblib" = "berkeley"; then break; fi done if test "$dblib" = "no"; then LIBS="$saved_LIBS -ldb" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { db_open(NULL, 0, 0, 0, NULL, NULL, NULL); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 dblib="no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi LIBS=$saved_LIBS LDFLAGS=$BDB_SAVE_LDFLAGS else dblib="no" fi CPPFLAGS=$cmu_save_CPPFLAGS CPPFLAGS="${CPPFLAGS} ${BDB_INCADD}" SASL_DB_INC=$BDB_INCADD SASL_DB_LIB="${BDB_LIBADD}" ;; gdbm) # Check whether --with-gdbm was given. if test "${with_gdbm+set}" = set; then withval=$with_gdbm; with_gdbm="${withval}" fi case "$with_gdbm" in ""|yes) if test "${ac_cv_header_gdbm_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for gdbm.h" >&5 $as_echo_n "checking for gdbm.h... " >&6; } if test "${ac_cv_header_gdbm_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gdbm_h" >&5 $as_echo "$ac_cv_header_gdbm_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking gdbm.h usability" >&5 $as_echo_n "checking gdbm.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking gdbm.h presence" >&5 $as_echo_n "checking gdbm.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: gdbm.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: gdbm.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: gdbm.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: gdbm.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: gdbm.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: gdbm.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: gdbm.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: gdbm.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for gdbm.h" >&5 $as_echo_n "checking for gdbm.h... " >&6; } if test "${ac_cv_header_gdbm_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_gdbm_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gdbm_h" >&5 $as_echo "$ac_cv_header_gdbm_h" >&6; } fi if test "x$ac_cv_header_gdbm_h" = x""yes; then { $as_echo "$as_me:$LINENO: checking for gdbm_open in -lgdbm" >&5 $as_echo_n "checking for gdbm_open in -lgdbm... " >&6; } if test "${ac_cv_lib_gdbm_gdbm_open+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgdbm $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gdbm_open (); int main () { return gdbm_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gdbm_gdbm_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gdbm_gdbm_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gdbm_gdbm_open" >&5 $as_echo "$ac_cv_lib_gdbm_gdbm_open" >&6; } if test "x$ac_cv_lib_gdbm_gdbm_open" = x""yes; then SASL_DB_LIB="-lgdbm" else dblib="no" fi else dblib="no" fi ;; *) if test -d $with_gdbm; then CPPFLAGS="${CPPFLAGS} -I${with_gdbm}/include" LDFLAGS="${LDFLAGS} -L${with_gdbm}/lib" SASL_DB_LIB="-lgdbm" else with_gdbm="no" fi esac ;; ndbm) if test "${ac_cv_header_ndbm_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for ndbm.h" >&5 $as_echo_n "checking for ndbm.h... " >&6; } if test "${ac_cv_header_ndbm_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_ndbm_h" >&5 $as_echo "$ac_cv_header_ndbm_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking ndbm.h usability" >&5 $as_echo_n "checking ndbm.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking ndbm.h presence" >&5 $as_echo_n "checking ndbm.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: ndbm.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: ndbm.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: ndbm.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: ndbm.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: ndbm.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: ndbm.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: ndbm.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: ndbm.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for ndbm.h" >&5 $as_echo_n "checking for ndbm.h... " >&6; } if test "${ac_cv_header_ndbm_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_ndbm_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_ndbm_h" >&5 $as_echo "$ac_cv_header_ndbm_h" >&6; } fi if test "x$ac_cv_header_ndbm_h" = x""yes; then { $as_echo "$as_me:$LINENO: checking for dbm_open in -lndbm" >&5 $as_echo_n "checking for dbm_open in -lndbm... " >&6; } if test "${ac_cv_lib_ndbm_dbm_open+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lndbm $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dbm_open (); int main () { return dbm_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_ndbm_dbm_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_ndbm_dbm_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ndbm_dbm_open" >&5 $as_echo "$ac_cv_lib_ndbm_dbm_open" >&6; } if test "x$ac_cv_lib_ndbm_dbm_open" = x""yes; then SASL_DB_LIB="-lndbm" else { $as_echo "$as_me:$LINENO: checking for dbm_open" >&5 $as_echo_n "checking for dbm_open... " >&6; } if test "${ac_cv_func_dbm_open+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define dbm_open to an innocuous variant, in case declares dbm_open. For example, HP-UX 11i declares gettimeofday. */ #define dbm_open innocuous_dbm_open /* System header to define __stub macros and hopefully few prototypes, which can conflict with char dbm_open (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef dbm_open /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dbm_open (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_dbm_open || defined __stub___dbm_open choke me #endif int main () { return dbm_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_dbm_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_dbm_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_dbm_open" >&5 $as_echo "$ac_cv_func_dbm_open" >&6; } if test "x$ac_cv_func_dbm_open" = x""yes; then : else dblib="no" fi fi else dblib="no" fi ;; auto_detect) cmu_save_CPPFLAGS=$CPPFLAGS if test -d $with_bdb_inc; then CPPFLAGS="$CPPFLAGS -I$with_bdb_inc" BDB_INCADD="-I$with_bdb_inc" else BDB_INCADD="" fi if test "${ac_cv_header_db_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for db.h" >&5 $as_echo_n "checking for db.h... " >&6; } if test "${ac_cv_header_db_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_db_h" >&5 $as_echo "$ac_cv_header_db_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking db.h usability" >&5 $as_echo_n "checking db.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking db.h presence" >&5 $as_echo_n "checking db.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: db.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: db.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: db.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: db.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: db.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: db.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: db.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: db.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: db.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: db.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: db.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for db.h" >&5 $as_echo_n "checking for db.h... " >&6; } if test "${ac_cv_header_db_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_db_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_db_h" >&5 $as_echo "$ac_cv_header_db_h" >&6; } fi if test "x$ac_cv_header_db_h" = x""yes; then BDB_SAVE_LDFLAGS=$LDFLAGS if test -d $with_bdb_lib; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LDFLAGS="-L$with_bdb_lib ${LDFLAGS}" else LDFLAGS="-L$with_bdb_lib ${LDFLAGS} $andrew_cv_runpath_switch$with_bdb_lib" fi # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD}" else BDB_LIBADD="-L$with_bdb_lib ${BDB_LIBADD} $andrew_cv_runpath_switch$with_bdb_lib" fi else BDB_LIBADD="" fi saved_LIBS=$LIBS for dbname in ${with_bdb} db-4.7 db4.7 db47 db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db do LIBS="$saved_LIBS -l$dbname" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { db_create(NULL, NULL, 0); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then BDB_LIBADD="$BDB_LIBADD -l$dbname"; dblib="berkeley"; dbname=db else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 dblib="no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext if test "$dblib" = "berkeley"; then break; fi done if test "$dblib" = "no"; then LIBS="$saved_LIBS -ldb" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { db_open(NULL, 0, 0, 0, NULL, NULL, NULL); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then BDB_LIBADD="$BDB_LIBADD -ldb"; dblib="berkeley"; dbname=db else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 dblib="no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi LIBS=$saved_LIBS LDFLAGS=$BDB_SAVE_LDFLAGS else dblib="no" fi CPPFLAGS=$cmu_save_CPPFLAGS if test "$dblib" = no; then if test "${ac_cv_header_ndbm_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for ndbm.h" >&5 $as_echo_n "checking for ndbm.h... " >&6; } if test "${ac_cv_header_ndbm_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_ndbm_h" >&5 $as_echo "$ac_cv_header_ndbm_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking ndbm.h usability" >&5 $as_echo_n "checking ndbm.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking ndbm.h presence" >&5 $as_echo_n "checking ndbm.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: ndbm.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: ndbm.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: ndbm.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: ndbm.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: ndbm.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: ndbm.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: ndbm.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: ndbm.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: ndbm.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for ndbm.h" >&5 $as_echo_n "checking for ndbm.h... " >&6; } if test "${ac_cv_header_ndbm_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_ndbm_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_ndbm_h" >&5 $as_echo "$ac_cv_header_ndbm_h" >&6; } fi if test "x$ac_cv_header_ndbm_h" = x""yes; then { $as_echo "$as_me:$LINENO: checking for dbm_open in -lndbm" >&5 $as_echo_n "checking for dbm_open in -lndbm... " >&6; } if test "${ac_cv_lib_ndbm_dbm_open+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lndbm $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dbm_open (); int main () { return dbm_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_ndbm_dbm_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_ndbm_dbm_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ndbm_dbm_open" >&5 $as_echo "$ac_cv_lib_ndbm_dbm_open" >&6; } if test "x$ac_cv_lib_ndbm_dbm_open" = x""yes; then dblib="ndbm"; SASL_DB_LIB="-lndbm" else dblib="weird" fi else dblib="no" fi if test "$dblib" = "weird"; then { $as_echo "$as_me:$LINENO: checking for dbm_open" >&5 $as_echo_n "checking for dbm_open... " >&6; } if test "${ac_cv_func_dbm_open+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define dbm_open to an innocuous variant, in case declares dbm_open. For example, HP-UX 11i declares gettimeofday. */ #define dbm_open innocuous_dbm_open /* System header to define __stub macros and hopefully few prototypes, which can conflict with char dbm_open (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef dbm_open /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dbm_open (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_dbm_open || defined __stub___dbm_open choke me #endif int main () { return dbm_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_dbm_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_dbm_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_dbm_open" >&5 $as_echo "$ac_cv_func_dbm_open" >&6; } if test "x$ac_cv_func_dbm_open" = x""yes; then dblib="ndbm" else dblib="no" fi fi if test "$dblib" = no; then if test "${ac_cv_header_gdbm_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for gdbm.h" >&5 $as_echo_n "checking for gdbm.h... " >&6; } if test "${ac_cv_header_gdbm_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gdbm_h" >&5 $as_echo "$ac_cv_header_gdbm_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking gdbm.h usability" >&5 $as_echo_n "checking gdbm.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking gdbm.h presence" >&5 $as_echo_n "checking gdbm.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: gdbm.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: gdbm.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: gdbm.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: gdbm.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: gdbm.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: gdbm.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: gdbm.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gdbm.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: gdbm.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for gdbm.h" >&5 $as_echo_n "checking for gdbm.h... " >&6; } if test "${ac_cv_header_gdbm_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_gdbm_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gdbm_h" >&5 $as_echo "$ac_cv_header_gdbm_h" >&6; } fi if test "x$ac_cv_header_gdbm_h" = x""yes; then { $as_echo "$as_me:$LINENO: checking for gdbm_open in -lgdbm" >&5 $as_echo_n "checking for gdbm_open in -lgdbm... " >&6; } if test "${ac_cv_lib_gdbm_gdbm_open+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgdbm $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gdbm_open (); int main () { return gdbm_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gdbm_gdbm_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gdbm_gdbm_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gdbm_gdbm_open" >&5 $as_echo "$ac_cv_lib_gdbm_gdbm_open" >&6; } if test "x$ac_cv_lib_gdbm_gdbm_open" = x""yes; then dblib="gdbm"; SASL_DB_LIB="-lgdbm" else dblib="no" fi else dblib="no" fi fi else CPPFLAGS="${CPPFLAGS} ${BDB_INCADD}" SASL_DB_INC=$BDB_INCADD SASL_DB_LIB="${BDB_LIBADD}" fi ;; none) ;; no) ;; *) { $as_echo "$as_me:$LINENO: WARNING: Bad DB library implementation specified;" >&5 $as_echo "$as_me: WARNING: Bad DB library implementation specified;" >&2;} { { $as_echo "$as_me:$LINENO: error: Use either \"berkeley\", \"gdbm\", \"ndbm\" or \"none\"" >&5 $as_echo "$as_me: error: Use either \"berkeley\", \"gdbm\", \"ndbm\" or \"none\"" >&2;} { (exit 1); exit 1; }; } dblib=no ;; esac LIBS="$cmu_save_LIBS" { $as_echo "$as_me:$LINENO: checking DB library to use" >&5 $as_echo_n "checking DB library to use... " >&6; } { $as_echo "$as_me:$LINENO: result: $dblib" >&5 $as_echo "$dblib" >&6; } SASL_DB_BACKEND="db_${dblib}.lo" SASL_DB_BACKEND_STATIC="db_${dblib}.o allockey.o" SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_${dblib}.c \$(top_srcdir)/sasldb/allockey.c" SASL_DB_UTILS="saslpasswd2 sasldblistusers2" SASL_DB_MANS="saslpasswd2.8 sasldblistusers2.8" case "$dblib" in gdbm) SASL_MECHS="$SASL_MECHS libsasldb.la" cat >>confdefs.h <<\_ACEOF #define SASL_GDBM /**/ _ACEOF ;; ndbm) SASL_MECHS="$SASL_MECHS libsasldb.la" cat >>confdefs.h <<\_ACEOF #define SASL_NDBM /**/ _ACEOF ;; berkeley) SASL_MECHS="$SASL_MECHS libsasldb.la" cat >>confdefs.h <<\_ACEOF #define SASL_BERKELEYDB /**/ _ACEOF ;; *) { $as_echo "$as_me:$LINENO: WARNING: Disabling SASL authentication database support" >&5 $as_echo "$as_me: WARNING: Disabling SASL authentication database support" >&2;} SASL_DB_BACKEND="db_none.lo" SASL_DB_BACKEND_STATIC="db_none.o" SASL_DB_BACKEND_STATIC_SRCS="\$(top_srcdir)/sasldb/db_none.c" SASL_DB_UTILS="" SASL_DB_MANS="" SASL_DB_LIB="" ;; esac if test "$enable_static" = yes; then if test "$dblib" != "none"; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sasldb.c $SASL_DB_BACKEND_STATIC_SRCS" SASL_STATIC_OBJS="$SASL_STATIC_OBJS sasldb.o $SASL_DB_BACKEND_STATIC" cat >>confdefs.h <<\_ACEOF #define STATIC_SASLDB /**/ _ACEOF else SASL_STATIC_OBJS="$SASL_STATIC_OBJS $SASL_DB_BACKEND_STATIC" SASL_STATIC_SRCS="$SASL_STATIC_SRCS $SASL_DB_BACKEND_STATIC_SRCS" fi fi # Do we not install the SASL DB man pages? if test "x$SASL_DB_MANS" = "x"; then NO_SASL_DB_MANS_TRUE= NO_SASL_DB_MANS_FALSE='#' else NO_SASL_DB_MANS_TRUE='#' NO_SASL_DB_MANS_FALSE= fi # Check whether --enable-keep_db_open was given. if test "${enable_keep_db_open+set}" = set; then enableval=$enable_keep_db_open; keep_db_open=$enableval else keep_db_open=no fi # Disable if Berkeley DB is not used if test "$dblib" != berkeley; then keep_db_open=no fi if test "$keep_db_open" = yes; then cat >>confdefs.h <<\_ACEOF #define KEEP_DB_OPEN /**/ _ACEOF fi { $as_echo "$as_me:$LINENO: checking if Berkeley DB handle is kept open in SASLDB" >&5 $as_echo_n "checking if Berkeley DB handle is kept open in SASLDB... " >&6; } { $as_echo "$as_me:$LINENO: result: $keep_db_open" >&5 $as_echo "$keep_db_open" >&6; } { $as_echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if test "${ac_cv_lib_dl_dlopen+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_dl_dlopen=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_dl_dlopen=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = x""yes; then SASL_DL_LIB="-ldl" else SASL_DL_LIB="" fi # Check whether --with-devrandom was given. if test "${with_devrandom+set}" = set; then withval=$with_devrandom; devrandom=$withval else devrandom=/dev/random fi { $as_echo "$as_me:$LINENO: checking /dev/random to use" >&5 $as_echo_n "checking /dev/random to use... " >&6; } { $as_echo "$as_me:$LINENO: result: $devrandom" >&5 $as_echo "$devrandom" >&6; } cat >>confdefs.h <<_ACEOF #define SASL_DEV_RANDOM "$devrandom" _ACEOF for ac_prog in nm do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_NM+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$NM"; then ac_cv_prog_NM="$NM" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_NM="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NM=$ac_cv_prog_NM if test -n "$NM"; then { $as_echo "$as_me:$LINENO: result: $NM" >&5 $as_echo "$NM" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$NM" && break done { $as_echo "$as_me:$LINENO: checking for underscore before symbols" >&5 $as_echo_n "checking for underscore before symbols... " >&6; } if test "${sasl_cv_uscore+set}" = set; then $as_echo_n "(cached) " >&6 else echo "main(){int i=1;} foo(){int i=6;}" > conftest.c ${CC} -o a.out conftest.c > /dev/null if (${NM} a.out | grep _foo) > /dev/null; then sasl_cv_uscore=yes else sasl_cv_uscore=no fi fi { $as_echo "$as_me:$LINENO: result: $sasl_cv_uscore" >&5 $as_echo "$sasl_cv_uscore" >&6; } rm -f conftest.c a.out if test $sasl_cv_uscore = yes; then if test $ac_cv_lib_dl_dlopen = yes ; then { $as_echo "$as_me:$LINENO: checking whether dlsym adds the underscore for us" >&5 $as_echo_n "checking whether dlsym adds the underscore for us... " >&6; } cmu_save_LIBS="$LIBS" LIBS="$LIBS $SASL_DL_LIB" if test "${sasl_cv_dlsym_adds_uscore+set}" = set; then $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then { $as_echo "$as_me:$LINENO: WARNING: cross-compiler" >&5 $as_echo "$as_me: WARNING: cross-compiler" >&2;} else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include foo() { int i=0;} main() { void *self, *ptr1, *ptr2; self=dlopen(NULL,RTLD_LAZY); if(self) { ptr1=dlsym(self,"foo"); ptr2=dlsym(self,"_foo"); if(ptr1 && !ptr2) exit(0); } exit(1); } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then sasl_cv_dlsym_adds_uscore=yes else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) sasl_cv_dlsym_adds_uscore=no cat >>confdefs.h <<\_ACEOF #define DLSYM_NEEDS_UNDERSCORE /**/ _ACEOF fi rm -rf conftest.dSYM rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi LIBS="$cmu_save_LIBS" { $as_echo "$as_me:$LINENO: result: $sasl_cv_dlsym_adds_uscore" >&5 $as_echo "$sasl_cv_dlsym_adds_uscore" >&6; } fi fi for ac_func in syslog do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done # Check whether --with-pam was given. if test "${with_pam+set}" = set; then withval=$with_pam; with_pam=$withval else with_pam=yes fi if test "$with_pam" != no; then if test -d $with_pam; then CPPFLAGS="$CPPFLAGS -I${with_pam}/include" LDFLAGS="$LDFLAGS -L${with_pam}/lib" fi for ac_header in security/pam_appl.h pam/pam_appl.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done cmu_save_LIBS="$LIBS" { $as_echo "$as_me:$LINENO: checking for pam_start" >&5 $as_echo_n "checking for pam_start... " >&6; } if test "${ac_cv_func_pam_start+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define pam_start to an innocuous variant, in case declares pam_start. For example, HP-UX 11i declares gettimeofday. */ #define pam_start innocuous_pam_start /* System header to define __stub macros and hopefully few prototypes, which can conflict with char pam_start (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef pam_start /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_start (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_pam_start || defined __stub___pam_start choke me #endif int main () { return pam_start (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_pam_start=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_pam_start=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_pam_start" >&5 $as_echo "$ac_cv_func_pam_start" >&6; } if test "x$ac_cv_func_pam_start" = x""yes; then : else LIBS="-lpam $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #ifdef HAVE_PAM_PAM_APPL_H #include #endif #ifdef HAVE_SECURITY_PAM_H #include #endif int main () { const char *service="foo"; const char *user="bar"; pam_handle_t *pamh; struct pam_conv *conv; int baz; baz = pam_start(service, user, conv, &pamh); return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then LIBPAM="-lpam" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi LIBS="$cmu_save_LIBS $LIBPAM" fi # Check whether --with-saslauthd was given. if test "${with_saslauthd+set}" = set; then withval=$with_saslauthd; with_saslauthd=$withval else with_saslauthd=yes fi if test "$with_saslauthd" != no; then if test "$with_saslauthd" = yes; then with_saslauthd="/var/state/saslauthd" fi cat >>confdefs.h <<\_ACEOF #define HAVE_SASLAUTHD /**/ _ACEOF cat >>confdefs.h <<_ACEOF #define PATH_SASLAUTHD_RUNDIR "$with_saslauthd" _ACEOF fi if test "$with_saslauthd" != no; then SASLAUTHD_TRUE= SASLAUTHD_FALSE='#' else SASLAUTHD_TRUE='#' SASLAUTHD_FALSE= fi { $as_echo "$as_me:$LINENO: checking if I should include saslauthd" >&5 $as_echo_n "checking if I should include saslauthd... " >&6; } { $as_echo "$as_me:$LINENO: result: $with_saslauthd" >&5 $as_echo "$with_saslauthd" >&6; } # Check whether --with-authdaemond was given. if test "${with_authdaemond+set}" = set; then withval=$with_authdaemond; with_authdaemon=$withval else with_authdaemon=yes fi if test "$with_authdaemon" != no; then if test "$with_authdaemon" = yes; then with_authdaemon="/dev/null" fi cat >>confdefs.h <<\_ACEOF #define HAVE_AUTHDAEMON /**/ _ACEOF cat >>confdefs.h <<_ACEOF #define PATH_AUTHDAEMON_SOCKET "$with_authdaemon" _ACEOF fi { $as_echo "$as_me:$LINENO: checking to include Courier authdaemond support" >&5 $as_echo_n "checking to include Courier authdaemond support... " >&6; } { $as_echo "$as_me:$LINENO: result: $with_authdaemon" >&5 $as_echo "$with_authdaemon" >&6; } # Check whether --with-pwcheck was given. if test "${with_pwcheck+set}" = set; then withval=$with_pwcheck; with_pwcheck=$withval else with_pwcheck=no fi if test "$with_pwcheck" != no; then if test "$with_pwcheck" = yes; then with_pwcheck=/var/pwcheck fi cat >>confdefs.h <<\_ACEOF #define HAVE_PWCHECK /**/ _ACEOF cat >>confdefs.h <<_ACEOF #define PWCHECKDIR "$with_pwcheck" _ACEOF { $as_echo "$as_me:$LINENO: checking for getspnam" >&5 $as_echo_n "checking for getspnam... " >&6; } if test "${ac_cv_func_getspnam+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define getspnam to an innocuous variant, in case declares getspnam. For example, HP-UX 11i declares gettimeofday. */ #define getspnam innocuous_getspnam /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getspnam (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef getspnam /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getspnam (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_getspnam || defined __stub___getspnam choke me #endif int main () { return getspnam (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_getspnam=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_getspnam=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_getspnam" >&5 $as_echo "$ac_cv_func_getspnam" >&6; } if test "x$ac_cv_func_getspnam" = x""yes; then PWCHECKMETH="getspnam" else PWCHECKMETH="getpwnam" fi fi if test "$with_pwcheck" != no; then PWCHECK_TRUE= PWCHECK_FALSE='#' else PWCHECK_TRUE='#' PWCHECK_FALSE= fi { $as_echo "$as_me:$LINENO: checking if I should include pwcheck" >&5 $as_echo_n "checking if I should include pwcheck... " >&6; } { $as_echo "$as_me:$LINENO: result: $with_pwcheck" >&5 $as_echo "$with_pwcheck" >&6; } # Check whether --with-ipctype was given. if test "${with_ipctype+set}" = set; then withval=$with_ipctype; with_ipctype=$withval else with_ipctype="unix" fi IPCTYPE=$with_ipctype LIB_DOOR= if test "$with_ipctype" = "doors"; then LIB_DOOR="-ldoor" cat >>confdefs.h <<\_ACEOF #define USE_DOORS /**/ _ACEOF fi # Check whether --enable-alwaystrue was given. if test "${enable_alwaystrue+set}" = set; then enableval=$enable_alwaystrue; enable_alwaystrue=$enableval else enable_alwaystrue=no fi if test "$enable_alwaystrue" = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_ALWAYSTRUE /**/ _ACEOF fi { $as_echo "$as_me:$LINENO: checking if I should include the alwaystrue verifier" >&5 $as_echo_n "checking if I should include the alwaystrue verifier... " >&6; } { $as_echo "$as_me:$LINENO: result: $enable_alwaystrue" >&5 $as_echo "$enable_alwaystrue" >&6; } # Check whether --enable-checkapop was given. if test "${enable_checkapop+set}" = set; then enableval=$enable_checkapop; checkapop=$enableval else checkapop=yes fi { $as_echo "$as_me:$LINENO: checking if we should enable sasl_checkapop" >&5 $as_echo_n "checking if we should enable sasl_checkapop... " >&6; } if test "$checkapop" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } cat >>confdefs.h <<\_ACEOF #define DO_SASL_CHECKAPOP /**/ _ACEOF else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-cram was given. if test "${enable_cram+set}" = set; then enableval=$enable_cram; cram=$enableval else cram=yes fi { $as_echo "$as_me:$LINENO: checking CRAM-MD5" >&5 $as_echo_n "checking CRAM-MD5... " >&6; } if test "$cram" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS libcrammd5.la" if test "$enable_obsolete_cram_attr" = yes; then CPPFLAGS="$CPPFLAGS -DOBSOLETE_CRAM_ATTR=1" fi if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS cram.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/cram.c" cat >>confdefs.h <<\_ACEOF #define STATIC_CRAMMD5 /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --with-lib-subdir was given. if test "${with_lib_subdir+set}" = set; then withval=$with_lib_subdir; fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:$LINENO: checking size of long" >&5 $as_echo_n "checking size of long... " >&6; } if test "${ac_cv_sizeof_long+set}" = set; then $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { static int test_array [1 - 2 * !(((long int) (sizeof (long))) >= 0)]; test_array [0] = 0 ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { static int test_array [1 - 2 * !(((long int) (sizeof (long))) <= $ac_mid)]; test_array [0] = 0 ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_hi=$ac_mid; break else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_lo=`expr $ac_mid + 1` if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi ac_mid=`expr 2 '*' $ac_mid + 1` fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { static int test_array [1 - 2 * !(((long int) (sizeof (long))) < 0)]; test_array [0] = 0 ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { static int test_array [1 - 2 * !(((long int) (sizeof (long))) >= $ac_mid)]; test_array [0] = 0 ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_lo=$ac_mid; break else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_hi=`expr '(' $ac_mid ')' - 1` if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi ac_mid=`expr 2 '*' $ac_mid` fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_lo= ac_hi= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { static int test_array [1 - 2 * !(((long int) (sizeof (long))) <= $ac_mid)]; test_array [0] = 0 ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_hi=$ac_mid else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_lo=`expr '(' $ac_mid ')' + 1` fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done case $ac_lo in ?*) ac_cv_sizeof_long=$ac_lo;; '') if test "$ac_cv_type_long" = yes; then { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot compute sizeof (long) See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot compute sizeof (long) See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; }; } else ac_cv_sizeof_long=0 fi ;; esac else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default static long int longval () { return (long int) (sizeof (long)); } static unsigned long int ulongval () { return (long int) (sizeof (long)); } #include #include int main () { FILE *f = fopen ("conftest.val", "w"); if (! f) return 1; if (((long int) (sizeof (long))) < 0) { long int i = longval (); if (i != ((long int) (sizeof (long)))) return 1; fprintf (f, "%ld", i); } else { unsigned long int i = ulongval (); if (i != ((long int) (sizeof (long)))) return 1; fprintf (f, "%lu", i); } /* Do not output a trailing newline, as this causes \r\n confusion on some platforms. */ return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_long=`cat conftest.val` else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) if test "$ac_cv_type_long" = yes; then { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot compute sizeof (long) See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot compute sizeof (long) See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; }; } else ac_cv_sizeof_long=0 fi fi rm -rf conftest.dSYM rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi rm -f conftest.val fi { $as_echo "$as_me:$LINENO: result: $ac_cv_sizeof_long" >&5 $as_echo "$ac_cv_sizeof_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_LONG $ac_cv_sizeof_long _ACEOF { $as_echo "$as_me:$LINENO: checking what directory libraries are found in" >&5 $as_echo_n "checking what directory libraries are found in... " >&6; } if test "${ac_cv_cmu_lib_subdir+set}" = set; then $as_echo_n "(cached) " >&6 else test "X$with_lib_subdir" = "Xyes" && with_lib_subdir= test "X$with_lib_subdir" = "Xno" && with_lib_subdir= if test "X$with_lib_subdir" = "X" ; then ac_cv_cmu_lib_subdir=lib if test $ac_cv_sizeof_long -eq 4 ; then test -d /usr/lib32 && ac_cv_cmu_lib_subdir=lib32 fi if test $ac_cv_sizeof_long -eq 8 ; then test -d /usr/lib64 && ac_cv_cmu_lib_subdir=lib64 fi else ac_cv_cmu_lib_subdir=$with_lib_subdir fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_cmu_lib_subdir" >&5 $as_echo "$ac_cv_cmu_lib_subdir" >&6; } CMU_LIB_SUBDIR=$ac_cv_cmu_lib_subdir # Check whether --with-openssl was given. if test "${with_openssl+set}" = set; then withval=$with_openssl; with_openssl=$withval else with_openssl="yes" fi save_CPPFLAGS=$CPPFLAGS save_LDFLAGS=$LDFLAGS if test -d $with_openssl; then CPPFLAGS="${CPPFLAGS} -I${with_openssl}/include" # this is CMU ADD LIBPATH if test "$andrew_cv_runpath_switch" = "none" ; then LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" else LDFLAGS="-L${with_openssl}/$CMU_LIB_SUBDIR $andrew_cv_runpath_switch${with_openssl}/$CMU_LIB_SUBDIR ${LDFLAGS}" fi fi case "$with_openssl" in no) with_openssl="no";; *) LIB_RSAREF="" { $as_echo "$as_me:$LINENO: checking for RSAPublicEncrypt in -lrsaref" >&5 $as_echo_n "checking for RSAPublicEncrypt in -lrsaref... " >&6; } if test "${ac_cv_lib_rsaref_RSAPublicEncrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lrsaref $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char RSAPublicEncrypt (); int main () { return RSAPublicEncrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_rsaref_RSAPublicEncrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_rsaref_RSAPublicEncrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_rsaref_RSAPublicEncrypt" >&5 $as_echo "$ac_cv_lib_rsaref_RSAPublicEncrypt" >&6; } if test "x$ac_cv_lib_rsaref_RSAPublicEncrypt" = x""yes; then cmu_have_rsaref=yes; { $as_echo "$as_me:$LINENO: checking for RSAPublicEncrypt in -lRSAglue" >&5 $as_echo_n "checking for RSAPublicEncrypt in -lRSAglue... " >&6; } if test "${ac_cv_lib_RSAglue_RSAPublicEncrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lRSAglue $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char RSAPublicEncrypt (); int main () { return RSAPublicEncrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_RSAglue_RSAPublicEncrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_RSAglue_RSAPublicEncrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_RSAglue_RSAPublicEncrypt" >&5 $as_echo "$ac_cv_lib_RSAglue_RSAPublicEncrypt" >&6; } if test "x$ac_cv_lib_RSAglue_RSAPublicEncrypt" = x""yes; then LIB_RSAREF="-lRSAglue -lrsaref" else LIB_RSAREF="-lrsaref" fi else cmu_have_rsaref=no fi if test "${ac_cv_header_openssl_evp_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for openssl/evp.h" >&5 $as_echo_n "checking for openssl/evp.h... " >&6; } if test "${ac_cv_header_openssl_evp_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_evp_h" >&5 $as_echo "$ac_cv_header_openssl_evp_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking openssl/evp.h usability" >&5 $as_echo_n "checking openssl/evp.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking openssl/evp.h presence" >&5 $as_echo_n "checking openssl/evp.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: openssl/evp.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for openssl/evp.h" >&5 $as_echo_n "checking for openssl/evp.h... " >&6; } if test "${ac_cv_header_openssl_evp_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_openssl_evp_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_evp_h" >&5 $as_echo "$ac_cv_header_openssl_evp_h" >&6; } fi if test "x$ac_cv_header_openssl_evp_h" = x""yes; then { $as_echo "$as_me:$LINENO: checking for EVP_DigestInit in -lcrypto" >&5 $as_echo_n "checking for EVP_DigestInit in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_EVP_DigestInit+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIB_RSAREF $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char EVP_DigestInit (); int main () { return EVP_DigestInit (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_crypto_EVP_DigestInit=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_crypto_EVP_DigestInit=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_EVP_DigestInit" >&5 $as_echo "$ac_cv_lib_crypto_EVP_DigestInit" >&6; } if test "x$ac_cv_lib_crypto_EVP_DigestInit" = x""yes; then with_openssl="yes" else with_openssl="no" fi else with_openssl=no fi ;; esac if test "$with_openssl" != "no"; then cat >>confdefs.h <<\_ACEOF #define HAVE_OPENSSL /**/ _ACEOF else CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS fi { $as_echo "$as_me:$LINENO: checking for OpenSSL" >&5 $as_echo_n "checking for OpenSSL... " >&6; } { $as_echo "$as_me:$LINENO: result: $with_openssl" >&5 $as_echo "$with_openssl" >&6; } # Check whether --with-des was given. if test "${with_des+set}" = set; then withval=$with_des; with_des=$withval else with_des=yes fi LIB_DES="" if test "$with_des" != no; then if test -d $with_des; then CPPFLAGS="$CPPFLAGS -I${with_des}/include" LDFLAGS="$LDFLAGS -L${with_des}/lib" fi if test "$with_openssl" != no; then { $as_echo "$as_me:$LINENO: checking for des_cbc_encrypt in -lcrypto" >&5 $as_echo_n "checking for des_cbc_encrypt in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_des_cbc_encrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIB_RSAREF $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char des_cbc_encrypt (); int main () { return des_cbc_encrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_crypto_des_cbc_encrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_crypto_des_cbc_encrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_des_cbc_encrypt" >&5 $as_echo "$ac_cv_lib_crypto_des_cbc_encrypt" >&6; } if test "x$ac_cv_lib_crypto_des_cbc_encrypt" = x""yes; then if test "${ac_cv_header_openssl_des_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for openssl/des.h" >&5 $as_echo_n "checking for openssl/des.h... " >&6; } if test "${ac_cv_header_openssl_des_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_des_h" >&5 $as_echo "$ac_cv_header_openssl_des_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking openssl/des.h usability" >&5 $as_echo_n "checking openssl/des.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking openssl/des.h presence" >&5 $as_echo_n "checking openssl/des.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: openssl/des.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: openssl/des.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: openssl/des.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: openssl/des.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: openssl/des.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: openssl/des.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: openssl/des.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for openssl/des.h" >&5 $as_echo_n "checking for openssl/des.h... " >&6; } if test "${ac_cv_header_openssl_des_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_openssl_des_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_des_h" >&5 $as_echo "$ac_cv_header_openssl_des_h" >&6; } fi if test "x$ac_cv_header_openssl_des_h" = x""yes; then cat >>confdefs.h <<\_ACEOF #define WITH_SSL_DES /**/ _ACEOF LIB_DES="-lcrypto"; with_des=yes else with_des=no fi else with_des=no fi if test "$with_des" = no; then { $as_echo "$as_me:$LINENO: checking for DES_cbc_encrypt in -lcrypto" >&5 $as_echo_n "checking for DES_cbc_encrypt in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_DES_cbc_encrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIB_RSAREF $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char DES_cbc_encrypt (); int main () { return DES_cbc_encrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_crypto_DES_cbc_encrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_crypto_DES_cbc_encrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_DES_cbc_encrypt" >&5 $as_echo "$ac_cv_lib_crypto_DES_cbc_encrypt" >&6; } if test "x$ac_cv_lib_crypto_DES_cbc_encrypt" = x""yes; then if test "${ac_cv_header_openssl_des_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for openssl/des.h" >&5 $as_echo_n "checking for openssl/des.h... " >&6; } if test "${ac_cv_header_openssl_des_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_des_h" >&5 $as_echo "$ac_cv_header_openssl_des_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking openssl/des.h usability" >&5 $as_echo_n "checking openssl/des.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking openssl/des.h presence" >&5 $as_echo_n "checking openssl/des.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: openssl/des.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: openssl/des.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: openssl/des.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: openssl/des.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: openssl/des.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: openssl/des.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: openssl/des.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for openssl/des.h" >&5 $as_echo_n "checking for openssl/des.h... " >&6; } if test "${ac_cv_header_openssl_des_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_openssl_des_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_des_h" >&5 $as_echo "$ac_cv_header_openssl_des_h" >&6; } fi if test "x$ac_cv_header_openssl_des_h" = x""yes; then cat >>confdefs.h <<\_ACEOF #define WITH_SSL_DES /**/ _ACEOF LIB_DES="-lcrypto"; with_des=yes else with_des=no fi else with_des=no fi fi fi if test "$with_des" = no; then { $as_echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes" >&5 $as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; } if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldes $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char des_cbc_encrypt (); int main () { return des_cbc_encrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_des_des_cbc_encrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_des_des_cbc_encrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 $as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; } if test "x$ac_cv_lib_des_des_cbc_encrypt" = x""yes; then LIB_DES="-ldes"; with_des=yes else with_des=no fi fi if test "$with_des" = no; then { $as_echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes425" >&5 $as_echo_n "checking for des_cbc_encrypt in -ldes425... " >&6; } if test "${ac_cv_lib_des425_des_cbc_encrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldes425 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char des_cbc_encrypt (); int main () { return des_cbc_encrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_des425_des_cbc_encrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_des425_des_cbc_encrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_des425_des_cbc_encrypt" >&5 $as_echo "$ac_cv_lib_des425_des_cbc_encrypt" >&6; } if test "x$ac_cv_lib_des425_des_cbc_encrypt" = x""yes; then LIB_DES="-ldes425"; with_des=yes else with_des=no fi fi if test "$with_des" = no; then { $as_echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes524" >&5 $as_echo_n "checking for des_cbc_encrypt in -ldes524... " >&6; } if test "${ac_cv_lib_des524_des_cbc_encrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldes524 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char des_cbc_encrypt (); int main () { return des_cbc_encrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_des524_des_cbc_encrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_des524_des_cbc_encrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_des524_des_cbc_encrypt" >&5 $as_echo "$ac_cv_lib_des524_des_cbc_encrypt" >&6; } if test "x$ac_cv_lib_des524_des_cbc_encrypt" = x""yes; then LIB_DES="-ldes524"; with_des=yes else with_des=no fi fi if test "$with_des" = no; then LIB_RSAREF="" { $as_echo "$as_me:$LINENO: checking for RSAPublicEncrypt in -lrsaref" >&5 $as_echo_n "checking for RSAPublicEncrypt in -lrsaref... " >&6; } if test "${ac_cv_lib_rsaref_RSAPublicEncrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lrsaref $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char RSAPublicEncrypt (); int main () { return RSAPublicEncrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_rsaref_RSAPublicEncrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_rsaref_RSAPublicEncrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_rsaref_RSAPublicEncrypt" >&5 $as_echo "$ac_cv_lib_rsaref_RSAPublicEncrypt" >&6; } if test "x$ac_cv_lib_rsaref_RSAPublicEncrypt" = x""yes; then LIB_RSAREF="-lRSAglue -lrsaref"; cmu_have_rsaref=yes else cmu_have_rsaref=no fi { $as_echo "$as_me:$LINENO: checking for des_cbc_encrypt in -lcrypto" >&5 $as_echo_n "checking for des_cbc_encrypt in -lcrypto... " >&6; } if test "${ac_cv_lib_crypto_des_cbc_encrypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIB_RSAREF $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char des_cbc_encrypt (); int main () { return des_cbc_encrypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_crypto_des_cbc_encrypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_crypto_des_cbc_encrypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_des_cbc_encrypt" >&5 $as_echo "$ac_cv_lib_crypto_des_cbc_encrypt" >&6; } if test "x$ac_cv_lib_crypto_des_cbc_encrypt" = x""yes; then if test "${ac_cv_header_openssl_des_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for openssl/des.h" >&5 $as_echo_n "checking for openssl/des.h... " >&6; } if test "${ac_cv_header_openssl_des_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_des_h" >&5 $as_echo "$ac_cv_header_openssl_des_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking openssl/des.h usability" >&5 $as_echo_n "checking openssl/des.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking openssl/des.h presence" >&5 $as_echo_n "checking openssl/des.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: openssl/des.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: openssl/des.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: openssl/des.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: openssl/des.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: openssl/des.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: openssl/des.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: openssl/des.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: openssl/des.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for openssl/des.h" >&5 $as_echo_n "checking for openssl/des.h... " >&6; } if test "${ac_cv_header_openssl_des_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_openssl_des_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_des_h" >&5 $as_echo "$ac_cv_header_openssl_des_h" >&6; } fi if test "x$ac_cv_header_openssl_des_h" = x""yes; then cat >>confdefs.h <<\_ACEOF #define WITH_SSL_DES /**/ _ACEOF LIB_DES="-lcrypto"; with_des=yes else with_des=no fi else with_des=no fi fi fi if test "$with_des" != no; then cat >>confdefs.h <<\_ACEOF #define WITH_DES /**/ _ACEOF fi # Check whether --enable-digest was given. if test "${enable_digest+set}" = set; then enableval=$enable_digest; digest=$enableval else digest=yes fi if test "$digest" != no; then if test -d $digest; then CPPFLAGS="$CPPFLAGS -I$digest/include" LDFLAGS="$LDFLAGS -L$digest/lib" fi if test "$with_des" = no; then { $as_echo "$as_me:$LINENO: WARNING: No DES support for DIGEST-MD5" >&5 $as_echo "$as_me: WARNING: No DES support for DIGEST-MD5" >&2;} fi fi { $as_echo "$as_me:$LINENO: checking DIGEST-MD5" >&5 $as_echo_n "checking DIGEST-MD5... " >&6; } if test "$digest" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS libdigestmd5.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/digestmd5.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS digestmd5.o" cat >>confdefs.h <<\_ACEOF #define STATIC_DIGESTMD5 /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-scram was given. if test "${enable_scram+set}" = set; then enableval=$enable_scram; scram=$enableval else scram=yes fi if test "$with_openssl" = no; then { $as_echo "$as_me:$LINENO: WARNING: OpenSSL not found -- SCRAM will be disabled" >&5 $as_echo "$as_me: WARNING: OpenSSL not found -- SCRAM will be disabled" >&2;} scram=no fi { $as_echo "$as_me:$LINENO: checking SCRAM" >&5 $as_echo_n "checking SCRAM... " >&6; } if test "$scram" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SCRAM_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libscram.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/scram.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS scram.o" cat >>confdefs.h <<\_ACEOF #define STATIC_SCRAM /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-otp was given. if test "${enable_otp+set}" = set; then enableval=$enable_otp; otp=$enableval else otp=yes fi if test "$with_openssl" = no; then { $as_echo "$as_me:$LINENO: WARNING: OpenSSL not found -- OTP will be disabled" >&5 $as_echo "$as_me: WARNING: OpenSSL not found -- OTP will be disabled" >&2;} otp=no fi { $as_echo "$as_me:$LINENO: checking OTP" >&5 $as_echo_n "checking OTP... " >&6; } if test "$otp" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } OTP_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libotp.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/otp.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS otp.o" cat >>confdefs.h <<\_ACEOF #define STATIC_OTP /**/ _ACEOF fi # Check whether --with-with-opie was given. if test "${with_with_opie+set}" = set; then withval=$with_with_opie; with_opie="${withval}" fi case "$with_opie" in ""|yes) { $as_echo "$as_me:$LINENO: checking for opiechallenge in -lopie" >&5 $as_echo_n "checking for opiechallenge in -lopie... " >&6; } if test "${ac_cv_lib_opie_opiechallenge+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lopie $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opiechallenge (); int main () { return opiechallenge (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_opie_opiechallenge=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_opie_opiechallenge=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_opie_opiechallenge" >&5 $as_echo "$ac_cv_lib_opie_opiechallenge" >&6; } if test "x$ac_cv_lib_opie_opiechallenge" = x""yes; then if test "${ac_cv_header_opie_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for opie.h" >&5 $as_echo_n "checking for opie.h... " >&6; } if test "${ac_cv_header_opie_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_opie_h" >&5 $as_echo "$ac_cv_header_opie_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking opie.h usability" >&5 $as_echo_n "checking opie.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking opie.h presence" >&5 $as_echo_n "checking opie.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: opie.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: opie.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: opie.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: opie.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: opie.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: opie.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: opie.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: opie.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: opie.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: opie.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: opie.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: opie.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: opie.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: opie.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: opie.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: opie.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for opie.h" >&5 $as_echo_n "checking for opie.h... " >&6; } if test "${ac_cv_header_opie_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_opie_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_opie_h" >&5 $as_echo "$ac_cv_header_opie_h" >&6; } fi if test "x$ac_cv_header_opie_h" = x""yes; then with_opie="yes" else with_opie="no" fi else with_opie="no" fi ;; *) if test -d $with_opie; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" LDFLAGS="${LDFLAGS} -L${with_opie}/lib" else with_opie="no" fi ;; esac { $as_echo "$as_me:$LINENO: checking for OPIE" >&5 $as_echo_n "checking for OPIE... " >&6; } { $as_echo "$as_me:$LINENO: result: $with_opie" >&5 $as_echo "$with_opie" >&6; } if test "$with_opie" != no; then cat >>confdefs.h <<\_ACEOF #define HAVE_OPIE /**/ _ACEOF OTP_LIBS="$OTP_LIBS -lopie" fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-srp was given. if test "${enable_srp+set}" = set; then enableval=$enable_srp; srp=$enableval else srp=no fi if test "$with_openssl" = no; then { $as_echo "$as_me:$LINENO: WARNING: OpenSSL not found -- SRP will be disabled" >&5 $as_echo "$as_me: WARNING: OpenSSL not found -- SRP will be disabled" >&2;} srp=no fi { $as_echo "$as_me:$LINENO: checking SRP" >&5 $as_echo_n "checking SRP... " >&6; } if test "$srp" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SRP_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libsrp.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/srp.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS srp.o" cat >>confdefs.h <<\_ACEOF #define STATIC_SRP /**/ _ACEOF fi # Check whether --enable-srp_setpass was given. if test "${enable_srp_setpass+set}" = set; then enableval=$enable_srp_setpass; srp_setpass=$enableval else srp_setpass=no fi { $as_echo "$as_me:$LINENO: checking if we should enable setting SRP secrets with saslpasswd" >&5 $as_echo_n "checking if we should enable setting SRP secrets with saslpasswd... " >&6; } if test "$srp_setpass" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } cat >>confdefs.h <<\_ACEOF #define DO_SRP_SETPASS /**/ _ACEOF else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-krb4 was given. if test "${enable_krb4+set}" = set; then enableval=$enable_krb4; krb4=$enableval else krb4=no fi if test "$krb4" != no; then { $as_echo "$as_me:$LINENO: checking for res_search in -lresolv" >&5 $as_echo_n "checking for res_search in -lresolv... " >&6; } if test "${ac_cv_lib_resolv_res_search+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char res_search (); int main () { return res_search (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_resolv_res_search=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_resolv_res_search=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_res_search" >&5 $as_echo "$ac_cv_lib_resolv_res_search" >&6; } if test "x$ac_cv_lib_resolv_res_search" = x""yes; then cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi if test -d ${krb4}; then { $as_echo "$as_me:$LINENO: checking for Kerberos includes" >&5 $as_echo_n "checking for Kerberos includes... " >&6; } if test "${cyrus_krbinclude+set}" = set; then $as_echo_n "(cached) " >&6 else for krbhloc in include/kerberosIV include/kerberos include do if test -f ${krb4}/${krbhloc}/krb.h ; then cyrus_krbinclude=${krb4}/${krbhloc} break fi done fi { $as_echo "$as_me:$LINENO: result: $cyrus_krbinclude" >&5 $as_echo "$cyrus_krbinclude" >&6; } if test -n "${cyrus_krbinclude}"; then CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}" fi LDFLAGS="$LDFLAGS -L$krb4/lib" fi if test "$with_des" != no; then if test "${ac_cv_header_krb_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for krb.h" >&5 $as_echo_n "checking for krb.h... " >&6; } if test "${ac_cv_header_krb_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 $as_echo "$ac_cv_header_krb_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking krb.h usability" >&5 $as_echo_n "checking krb.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking krb.h presence" >&5 $as_echo_n "checking krb.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: krb.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: krb.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: krb.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: krb.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: krb.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: krb.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: krb.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: krb.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for krb.h" >&5 $as_echo_n "checking for krb.h... " >&6; } if test "${ac_cv_header_krb_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_krb_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 $as_echo "$ac_cv_header_krb_h" >&6; } fi if test "x$ac_cv_header_krb_h" = x""yes; then { $as_echo "$as_me:$LINENO: checking for com_err in -lcom_err" >&5 $as_echo_n "checking for com_err in -lcom_err... " >&6; } if test "${ac_cv_lib_com_err_com_err+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcom_err $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char com_err (); int main () { return com_err (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_com_err_com_err=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_com_err_com_err=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_com_err_com_err" >&5 $as_echo "$ac_cv_lib_com_err_com_err" >&6; } if test "x$ac_cv_lib_com_err_com_err" = x""yes; then { $as_echo "$as_me:$LINENO: checking for krb_mk_priv in -lkrb" >&5 $as_echo_n "checking for krb_mk_priv in -lkrb... " >&6; } if test "${ac_cv_lib_krb_krb_mk_priv+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb $LIB_DES -lcom_err $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb_mk_priv (); int main () { return krb_mk_priv (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb_krb_mk_priv=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb_krb_mk_priv=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb_krb_mk_priv" >&5 $as_echo "$ac_cv_lib_krb_krb_mk_priv" >&6; } if test "x$ac_cv_lib_krb_krb_mk_priv" = x""yes; then COM_ERR="-lcom_err"; SASL_KRB_LIB="-lkrb"; krb4lib="yes" else krb4lib=no fi else { $as_echo "$as_me:$LINENO: checking for krb_mk_priv in -lkrb" >&5 $as_echo_n "checking for krb_mk_priv in -lkrb... " >&6; } if test "${ac_cv_lib_krb_krb_mk_priv+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb $LIB_DES $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb_mk_priv (); int main () { return krb_mk_priv (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb_krb_mk_priv=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb_krb_mk_priv=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb_krb_mk_priv" >&5 $as_echo "$ac_cv_lib_krb_krb_mk_priv" >&6; } if test "x$ac_cv_lib_krb_krb_mk_priv" = x""yes; then COM_ERR=""; SASL_KRB_LIB="-lkrb"; krb4lib="yes" else krb4lib=no fi fi else krb4="no" fi if test "$krb4" != "no" -a "$krb4lib" = "no"; then { $as_echo "$as_me:$LINENO: checking for krb_mk_priv in -lkrb4" >&5 $as_echo_n "checking for krb_mk_priv in -lkrb4... " >&6; } if test "${ac_cv_lib_krb4_krb_mk_priv+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb4 $LIB_DES $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb_mk_priv (); int main () { return krb_mk_priv (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb4_krb_mk_priv=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb4_krb_mk_priv=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_krb_mk_priv" >&5 $as_echo "$ac_cv_lib_krb4_krb_mk_priv" >&6; } if test "x$ac_cv_lib_krb4_krb_mk_priv" = x""yes; then COM_ERR=""; SASL_KRB_LIB="-lkrb4"; krb4=yes else krb4=no fi fi if test "$krb4" = no; then { $as_echo "$as_me:$LINENO: WARNING: No Kerberos V4 found" >&5 $as_echo "$as_me: WARNING: No Kerberos V4 found" >&2;} fi else { $as_echo "$as_me:$LINENO: WARNING: No DES library found for Kerberos V4 support" >&5 $as_echo "$as_me: WARNING: No DES library found for Kerberos V4 support" >&2;} krb4=no fi fi if test "$krb4" != no; then cmu_save_LIBS="$LIBS" LIBS="$LIBS $SASL_KRB_LIB" for ac_func in krb_get_err_text do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done LIBS="$cmu_save_LIBS" fi { $as_echo "$as_me:$LINENO: checking KERBEROS_V4" >&5 $as_echo_n "checking KERBEROS_V4... " >&6; } if test "$krb4" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS libkerberos4.la" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/kerberos4.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS kerberos4.o" cat >>confdefs.h <<\_ACEOF #define STATIC_KERBEROS4 /**/ _ACEOF cat >>confdefs.h <<\_ACEOF #define HAVE_KRB /**/ _ACEOF SASL_KRB_LIB="$SASL_KRB_LIB $LIB_DES $COM_ERR" else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi { $as_echo "$as_me:$LINENO: checking for crypt" >&5 $as_echo_n "checking for crypt... " >&6; } if test "${ac_cv_func_crypt+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define crypt to an innocuous variant, in case declares crypt. For example, HP-UX 11i declares gettimeofday. */ #define crypt innocuous_crypt /* System header to define __stub macros and hopefully few prototypes, which can conflict with char crypt (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef crypt /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char crypt (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_crypt || defined __stub___crypt choke me #endif int main () { return crypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_crypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_crypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_crypt" >&5 $as_echo "$ac_cv_func_crypt" >&6; } if test "x$ac_cv_func_crypt" = x""yes; then cmu_have_crypt=yes else { $as_echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 $as_echo_n "checking for crypt in -lcrypt... " >&6; } if test "${ac_cv_lib_crypt_crypt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char crypt (); int main () { return crypt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_crypt_crypt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_crypt_crypt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 $as_echo "$ac_cv_lib_crypt_crypt" >&6; } if test "x$ac_cv_lib_crypt_crypt" = x""yes; then LIB_CRYPT="-lcrypt"; cmu_have_crypt=yes else cmu_have_crypt=no fi fi # Check whether --enable-gssapi was given. if test "${enable_gssapi+set}" = set; then enableval=$enable_gssapi; gssapi=$enableval else gssapi=yes fi # Check whether --with-gss_impl was given. if test "${with_gss_impl+set}" = set; then withval=$with_gss_impl; gss_impl=$withval else gss_impl=auto fi if test "$gssapi" != no; then platform= case "${host}" in *-*-linux*) platform=__linux ;; *-*-hpux*) platform=__hpux ;; *-*-irix*) platform=__irix ;; *-*-solaris2*) # When should we use __sunos? platform=__solaris ;; *-*-aix*) ###_AIX platform=__aix ;; *) { $as_echo "$as_me:$LINENO: WARNING: The system type is not recognized. If you believe that CyberSafe GSSAPI works on this platform, please update the configure script" >&5 $as_echo "$as_me: WARNING: The system type is not recognized. If you believe that CyberSafe GSSAPI works on this platform, please update the configure script" >&2;} if test "$gss_impl" = "cybersafe"; then { { $as_echo "$as_me:$LINENO: error: CyberSafe was forced, cannot continue as platform is not supported" >&5 $as_echo "$as_me: error: CyberSafe was forced, cannot continue as platform is not supported" >&2;} { (exit 1); exit 1; }; } fi ;; esac cmu_saved_CPPFLAGS=$CPPFLAGS if test -d ${gssapi}; then CPPFLAGS="$CPPFLAGS -I$gssapi/include" # We want to keep -I in our CPPFLAGS, but only if we succeed cmu_saved_CPPFLAGS=$CPPFLAGS ### I am not sure how useful is this (and whether this is required at all ### especially when we have to provide two -L flags for new CyberSafe LDFLAGS="$LDFLAGS -L$gssapi/lib" if test -n "$platform"; then if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi fi fi fi if test "${ac_cv_header_gssapi_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for gssapi.h" >&5 $as_echo_n "checking for gssapi.h... " >&6; } if test "${ac_cv_header_gssapi_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_h" >&5 $as_echo "$ac_cv_header_gssapi_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking gssapi.h usability" >&5 $as_echo_n "checking gssapi.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking gssapi.h presence" >&5 $as_echo_n "checking gssapi.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: gssapi.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: gssapi.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: gssapi.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: gssapi.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: gssapi.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: gssapi.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: gssapi.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: gssapi.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for gssapi.h" >&5 $as_echo_n "checking for gssapi.h... " >&6; } if test "${ac_cv_header_gssapi_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_gssapi_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_h" >&5 $as_echo "$ac_cv_header_gssapi_h" >&6; } fi if test "x$ac_cv_header_gssapi_h" = x""yes; then : else if test "${ac_cv_header_gssapi_gssapi_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for gssapi/gssapi.h" >&5 $as_echo_n "checking for gssapi/gssapi.h... " >&6; } if test "${ac_cv_header_gssapi_gssapi_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_gssapi_h" >&5 $as_echo "$ac_cv_header_gssapi_gssapi_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking gssapi/gssapi.h usability" >&5 $as_echo_n "checking gssapi/gssapi.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking gssapi/gssapi.h presence" >&5 $as_echo_n "checking gssapi/gssapi.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: gssapi/gssapi.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: gssapi/gssapi.h: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for gssapi/gssapi.h" >&5 $as_echo_n "checking for gssapi/gssapi.h... " >&6; } if test "${ac_cv_header_gssapi_gssapi_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_gssapi_gssapi_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_gssapi_h" >&5 $as_echo "$ac_cv_header_gssapi_gssapi_h" >&6; } fi if test "x$ac_cv_header_gssapi_gssapi_h" = x""yes; then : else { $as_echo "$as_me:$LINENO: WARNING: Disabling GSSAPI - no include files found" >&5 $as_echo "$as_me: WARNING: Disabling GSSAPI - no include files found" >&2;}; gssapi=no fi fi for ac_header in gssapi/gssapi_ext.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done CPPFLAGS=$cmu_saved_CPPFLAGS fi if test "$gssapi" != no; then if test "$ac_cv_header_gssapi_h" = "yes" -o "$ac_cv_header_gssapi_gssapi_h" = "yes"; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSSAPI_H /**/ _ACEOF fi # We need to find out which gssapi implementation we are # using. Supported alternatives are: MIT Kerberos 5, # Heimdal Kerberos 5 (http://www.pdc.kth.se/heimdal), # CyberSafe Kerberos 5 (http://www.cybersafe.com/) # and Sun SEAM (http://wwws.sun.com/software/security/kerberos/) # # The choice is reflected in GSSAPIBASE_LIBS { $as_echo "$as_me:$LINENO: checking for res_search in -lresolv" >&5 $as_echo_n "checking for res_search in -lresolv... " >&6; } if test "${ac_cv_lib_resolv_res_search+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char res_search (); int main () { return res_search (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_resolv_res_search=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_resolv_res_search=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_res_search" >&5 $as_echo "$ac_cv_lib_resolv_res_search" >&6; } if test "x$ac_cv_lib_resolv_res_search" = x""yes; then cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi if test -d ${gssapi}; then gssapi_dir="${gssapi}/lib" GSSAPIBASE_LIBS="-L$gssapi_dir" GSSAPIBASE_STATIC_LIBS="-L$gssapi_dir" else # FIXME: This is only used for building cyrus, and then only as # a real hack. it needs to be fixed. gssapi_dir="/usr/local/lib" fi # Check a full link against the Heimdal libraries. # If this fails, check a full link against the MIT libraries. # If this fails, check a full link against the CyberSafe libraries. # If this fails, check a full link against the Solaris 8 and up libgss. if test "$gss_impl" = "auto" -o "$gss_impl" = "heimdal"; then gss_failed=0 { $as_echo "$as_me:$LINENO: checking for gss_unwrap in -lgssapi" >&5 $as_echo_n "checking for gss_unwrap in -lgssapi... " >&6; } if test "${ac_cv_lib_gssapi_gss_unwrap+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi ${GSSAPIBASE_LIBS} -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err ${LIB_SOCKET} $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gss_unwrap (); int main () { return gss_unwrap (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gssapi_gss_unwrap=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gssapi_gss_unwrap=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_unwrap" >&5 $as_echo "$ac_cv_lib_gssapi_gss_unwrap" >&6; } if test "x$ac_cv_lib_gssapi_gss_unwrap" = x""yes; then gss_impl="heimdal" else gss_failed=1 fi if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then # check for libkrb5support first { $as_echo "$as_me:$LINENO: checking for krb5int_getspecific in -lkrb5support" >&5 $as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; } if test "${ac_cv_lib_krb5support_krb5int_getspecific+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5support ${LIB_SOCKET} $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb5int_getspecific (); int main () { return krb5int_getspecific (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb5support_krb5int_getspecific=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb5support_krb5int_getspecific=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5 $as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; } if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = x""yes; then K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a fi gss_failed=0 { $as_echo "$as_me:$LINENO: checking for gss_unwrap in -lgssapi_krb5" >&5 $as_echo_n "checking for gss_unwrap in -lgssapi_krb5... " >&6; } if test "${ac_cv_lib_gssapi_krb5_gss_unwrap+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi_krb5 ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET} $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gss_unwrap (); int main () { return gss_unwrap (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gssapi_krb5_gss_unwrap=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gssapi_krb5_gss_unwrap=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_unwrap" >&5 $as_echo "$ac_cv_lib_gssapi_krb5_gss_unwrap" >&6; } if test "x$ac_cv_lib_gssapi_krb5_gss_unwrap" = x""yes; then gss_impl="mit" else gss_failed=1 fi if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi # For Cybersafe one has to set a platform define in order to make compilation work if test "$gss_impl" = "auto" -o "$gss_impl" = "cybersafe"; then cmu_saved_CPPFLAGS=$CPPFLAGS cmu_saved_GSSAPIBASE_LIBS=$GSSAPIBASE_LIBS # FIXME - Note that the libraries are in .../lib64 for 64bit kernels if test -d "${gssapi}/appsec-rt/lib"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -L${gssapi}/appsec-rt/lib" fi CPPFLAGS="$CPPFLAGS -D$platform" if test -d "${gssapi}/appsec-sdk/include"; then CPPFLAGS="$CPPFLAGS -I${gssapi}/appsec-sdk/include" fi gss_failed=0 # Check for CyberSafe with two libraries first, than fall back to a single # library (older CyberSafe) unset ac_cv_lib_gss_csf_gss_acq_user { $as_echo "$as_me:$LINENO: checking for csf_gss_acq_user in -lgss" >&5 $as_echo_n "checking for csf_gss_acq_user in -lgss... " >&6; } if test "${ac_cv_lib_gss_csf_gss_acq_user+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgss ${GSSAPIBASE_LIBS} -lgss -lcstbk5 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char csf_gss_acq_user (); int main () { return csf_gss_acq_user (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gss_csf_gss_acq_user=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gss_csf_gss_acq_user=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gss_csf_gss_acq_user" >&5 $as_echo "$ac_cv_lib_gss_csf_gss_acq_user" >&6; } if test "x$ac_cv_lib_gss_csf_gss_acq_user" = x""yes; then gss_impl="cybersafe03" else unset ac_cv_lib_gss_csf_gss_acq_user; { $as_echo "$as_me:$LINENO: checking for csf_gss_acq_user in -lgss" >&5 $as_echo_n "checking for csf_gss_acq_user in -lgss... " >&6; } if test "${ac_cv_lib_gss_csf_gss_acq_user+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgss $GSSAPIBASE_LIBS -lgss $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char csf_gss_acq_user (); int main () { return csf_gss_acq_user (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gss_csf_gss_acq_user=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gss_csf_gss_acq_user=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gss_csf_gss_acq_user" >&5 $as_echo "$ac_cv_lib_gss_csf_gss_acq_user" >&6; } if test "x$ac_cv_lib_gss_csf_gss_acq_user" = x""yes; then gss_impl="cybersafe" else gss_failed=1 fi fi if test "$gss_failed" = "1"; then # Restore variables GSSAPIBASE_LIBS=$cmu_saved_GSSAPIBASE_LIBS CPPFLAGS=$cmu_saved_CPPFLAGS if test "$gss_impl" != "auto"; then gss_impl="failed" fi fi fi if test "$gss_impl" = "auto" -o "$gss_impl" = "seam"; then gss_failed=0 { $as_echo "$as_me:$LINENO: checking for gss_unwrap in -lgss" >&5 $as_echo_n "checking for gss_unwrap in -lgss... " >&6; } if test "${ac_cv_lib_gss_gss_unwrap+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgss -lgss $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gss_unwrap (); int main () { return gss_unwrap (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_gss_gss_unwrap=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_gss_gss_unwrap=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gss_gss_unwrap" >&5 $as_echo "$ac_cv_lib_gss_gss_unwrap" >&6; } if test "x$ac_cv_lib_gss_gss_unwrap" = x""yes; then gss_impl="seam" else gss_failed=1 fi if test "$gss_impl" != "auto" -a "$gss_failed" = "1"; then gss_impl="failed" fi fi if test "$gss_impl" = "mit"; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP}" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a $gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a ${K5SUPSTATIC}" elif test "$gss_impl" = "heimdal"; then CPPFLAGS="$CPPFLAGS -DKRB5_HEIMDAL" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken ${LIB_CRYPT} ${LIB_DES} -lcom_err" GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_STATIC_LIBS $gssapi_dir/libgssapi.a $gssapi_dir/libkrb5.a $gssapi_dir/libasn1.a $gssapi_dir/libroken.a $gssapi_dir/libcom_err.a ${LIB_CRYPT}" elif test "$gss_impl" = "cybersafe03"; then # Version of CyberSafe with two libraries CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss -lcstbk5" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "cybersafe"; then CPPFLAGS="$CPPFLAGS -D$platform -I${gssapi}/appsec-sdk/include" GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgss" # there is no static libgss for CyberSafe GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "seam"; then GSSAPIBASE_LIBS=-lgss # there is no static libgss on Solaris 8 and up GSSAPIBASE_STATIC_LIBS=none elif test "$gss_impl" = "failed"; then gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= { $as_echo "$as_me:$LINENO: WARNING: Disabling GSSAPI - specified library not found" >&5 $as_echo "$as_me: WARNING: Disabling GSSAPI - specified library not found" >&2;} else gssapi="no" GSSAPIBASE_LIBS= GSSAPIBASE_STATIC_LIBS= { $as_echo "$as_me:$LINENO: WARNING: Disabling GSSAPI - no library" >&5 $as_echo "$as_me: WARNING: Disabling GSSAPI - no library" >&2;} fi fi # # Cybersafe defines both GSS_C_NT_HOSTBASED_SERVICE and GSS_C_NT_USER_NAME # in gssapi\rfckrb5.h # if test "$gssapi" != "no"; then if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #ifdef GSS_C_NT_HOSTBASED_SERVICE hostbased_service_gss_nt_yes #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "hostbased_service_gss_nt_yes" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSS_C_NT_HOSTBASED_SERVICE /**/ _ACEOF else { $as_echo "$as_me:$LINENO: WARNING: Cybersafe define not found" >&5 $as_echo "$as_me: WARNING: Cybersafe define not found" >&2;} fi rm -f conftest* elif test "$ac_cv_header_gssapi_h" = "yes"; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "GSS_C_NT_HOSTBASED_SERVICE" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSS_C_NT_HOSTBASED_SERVICE /**/ _ACEOF fi rm -f conftest* elif test "$ac_cv_header_gssapi_gssapi_h"; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "GSS_C_NT_HOSTBASED_SERVICE" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSS_C_NT_HOSTBASED_SERVICE /**/ _ACEOF fi rm -f conftest* fi if test "$gss_impl" = "cybersafe" -o "$gss_impl" = "cybersafe03"; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #ifdef GSS_C_NT_USER_NAME user_name_yes_gss_nt #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "user_name_yes_gss_nt" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSS_C_NT_USER_NAME /**/ _ACEOF else { $as_echo "$as_me:$LINENO: WARNING: Cybersafe define not found" >&5 $as_echo "$as_me: WARNING: Cybersafe define not found" >&2;} fi rm -f conftest* elif test "$ac_cv_header_gssapi_h" = "yes"; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "GSS_C_NT_USER_NAME" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSS_C_NT_USER_NAME /**/ _ACEOF fi rm -f conftest* cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "gss_inquire_attrs_for_mech" >/dev/null 2>&1; then rfc5587=yes fi rm -f conftest* cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "gss_inquire_mech_for_saslname" >/dev/null 2>&1; then rfc5801=yes fi rm -f conftest* elif test "$ac_cv_header_gssapi_gssapi_h"; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "GSS_C_NT_USER_NAME" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_GSS_C_NT_USER_NAME /**/ _ACEOF fi rm -f conftest* cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "gss_inquire_attrs_for_mech" >/dev/null 2>&1; then rfc5587=yes fi rm -f conftest* cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "gss_inquire_mech_for_saslname" >/dev/null 2>&1; then rfc5801=yes fi rm -f conftest* fi fi GSSAPI_LIBS="" { $as_echo "$as_me:$LINENO: checking GSSAPI" >&5 $as_echo_n "checking GSSAPI... " >&6; } if test "$gssapi" != no; then { $as_echo "$as_me:$LINENO: result: with implementation ${gss_impl}" >&5 $as_echo "with implementation ${gss_impl}" >&6; } { $as_echo "$as_me:$LINENO: checking for res_search in -lresolv" >&5 $as_echo_n "checking for res_search in -lresolv... " >&6; } if test "${ac_cv_lib_resolv_res_search+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char res_search (); int main () { return res_search (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_resolv_res_search=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_resolv_res_search=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_res_search" >&5 $as_echo "$ac_cv_lib_resolv_res_search" >&6; } if test "x$ac_cv_lib_resolv_res_search" = x""yes; then GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lresolv" fi SASL_MECHS="$SASL_MECHS libgssapiv2.la" SASL_STATIC_OBJS="$SASL_STATIC_OBJS gssapi.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gssapi.c" if test "$rfc5587" = "yes" -a "$rfc5801" = "yes"; then SASL_MECHS="$SASL_MECHS libgs2.la" SASL_STATIC_OBJS="$SASL_STATIC_OBJS gs2.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/gs2.c" fi cmu_save_LIBS="$LIBS" LIBS="$LIBS $GSSAPIBASE_LIBS" for ac_func in gsskrb5_register_acceptor_identity do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in gss_decapsulate_token do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in gss_encapsulate_token do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in gss_oid_equal do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done LIBS="$cmu_save_LIBS" cmu_save_LIBS="$LIBS" LIBS="$LIBS $GSSAPIBASE_LIBS" for ac_func in gss_get_name_attribute do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done LIBS="$cmu_save_LIBS" else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi if test "$gssapi" != "no"; then cat >>confdefs.h <<\_ACEOF #define STATIC_GSSAPIV2 /**/ _ACEOF mutex_default="no" if test "$gss_impl" = "mit"; then mutex_default="yes" fi { $as_echo "$as_me:$LINENO: checking to use mutexes aroung GSS calls" >&5 $as_echo_n "checking to use mutexes aroung GSS calls... " >&6; } # Check whether --enable-gss_mutexes was given. if test "${enable_gss_mutexes+set}" = set; then enableval=$enable_gss_mutexes; use_gss_mutexes=$enableval else use_gss_mutexes=$mutex_default fi if test $use_gss_mutexes = "yes"; then cat >>confdefs.h <<\_ACEOF #define GSS_USE_MUTEXES /**/ _ACEOF fi { $as_echo "$as_me:$LINENO: result: $use_gss_mutexes" >&5 $as_echo "$use_gss_mutexes" >&6; } fi # Check whether --enable-plain was given. if test "${enable_plain+set}" = set; then enableval=$enable_plain; plain=$enableval else plain=yes fi PLAIN_LIBS="" if test "$plain" != no; then if test "$cmu_have_crypt" = yes; then PLAIN_LIBS=$LIB_CRYPT fi fi { $as_echo "$as_me:$LINENO: checking PLAIN" >&5 $as_echo_n "checking PLAIN... " >&6; } if test "$plain" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS libplain.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS plain.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/plain.c" cat >>confdefs.h <<\_ACEOF #define STATIC_PLAIN /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-anon was given. if test "${enable_anon+set}" = set; then enableval=$enable_anon; anon=$enableval else anon=yes fi { $as_echo "$as_me:$LINENO: checking ANONYMOUS" >&5 $as_echo_n "checking ANONYMOUS... " >&6; } if test "$anon" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS libanonymous.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS anonymous.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/anonymous.c" cat >>confdefs.h <<\_ACEOF #define STATIC_ANONYMOUS /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-login was given. if test "${enable_login+set}" = set; then enableval=$enable_login; login=$enableval else login=no fi { $as_echo "$as_me:$LINENO: checking LOGIN" >&5 $as_echo_n "checking LOGIN... " >&6; } if test "$login" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS liblogin.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/login.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS login.o" cat >>confdefs.h <<\_ACEOF #define STATIC_LOGIN /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-ntlm was given. if test "${enable_ntlm+set}" = set; then enableval=$enable_ntlm; ntlm=$enableval else ntlm=no fi if test "$with_openssl" = no; then { $as_echo "$as_me:$LINENO: WARNING: OpenSSL not found -- NTLM will be disabled" >&5 $as_echo "$as_me: WARNING: OpenSSL not found -- NTLM will be disabled" >&2;} ntlm=no fi { $as_echo "$as_me:$LINENO: checking NTLM" >&5 $as_echo_n "checking NTLM... " >&6; } if test "$ntlm" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } NTLM_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libntlm.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ntlm.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS ntlm.o" cat >>confdefs.h <<\_ACEOF #define STATIC_NTLM /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --enable-passdss was given. if test "${enable_passdss+set}" = set; then enableval=$enable_passdss; passdss=$enableval else passdss=no fi if test "$with_openssl" = no; then { $as_echo "$as_me:$LINENO: WARNING: OpenSSL not found -- PASSDSS will be disabled" >&5 $as_echo "$as_me: WARNING: OpenSSL not found -- PASSDSS will be disabled" >&2;} passdss=no fi { $as_echo "$as_me:$LINENO: checking PASSDSS" >&5 $as_echo_n "checking PASSDSS... " >&6; } if test "$passdss" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } PASSDSS_LIBS="-lcrypto $LIB_RSAREF" SASL_MECHS="$SASL_MECHS libpassdss.la" if test "$enable_static" = yes; then SASL_STATIC_OBJS="$SASL_STATIC_OBJS passdss.o" SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/passdss.c" cat >>confdefs.h <<\_ACEOF #define STATIC_PASSDSS /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # make the option show up so people don't whine that it is only in the # saslauthd configure script --help # Check whether --with-ldap was given. if test "${with_ldap+set}" = set; then withval=$with_ldap; else with_ldap=no fi # Check whether --enable-sql was given. if test "${enable_sql+set}" = set; then enableval=$enable_sql; sql=$enableval else sql=no fi { $as_echo "$as_me:$LINENO: checking SQL" >&5 $as_echo_n "checking SQL... " >&6; } if test "$sql" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } SASL_MECHS="$SASL_MECHS libsql.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/sql.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS sql.o" cat >>confdefs.h <<\_ACEOF #define STATIC_SQL /**/ _ACEOF fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --with-mysql was given. if test "${with_mysql+set}" = set; then withval=$with_mysql; with_mysql=$withval else with_mysql=$sql fi # find location of library # presuming if one given then correct if test "${with_mysql}" = "yes"; then with_mysql=notfound for mysqlloc in lib/mysql lib mysql/lib do if test -f ${prefix}/${mysqlloc}/libmysqlclient.a; then with_mysql="${prefix}" break elif test -f /usr/local/${mysqlloc}/libmysqlclient.a; then with_mysql="/usr/local" break elif test -f /usr/${mysqlloc}/libmysqlclient.a; then with_mysql="/usr" break fi done fi LIB_MYSQL="" case "$with_mysql" in no) true;; notfound) { $as_echo "$as_me:$LINENO: WARNING: MySQL Library not found" >&5 $as_echo "$as_me: WARNING: MySQL Library not found" >&2;}; true;; *) if test -d ${with_mysql}/lib/mysql; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_MYSQL="-L${with_mysql}/lib/mysql ${LIB_MYSQL}" else LIB_MYSQL="-L${with_mysql}/lib/mysql ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}/lib/mysql" fi elif test -d ${with_mysql}/mysql/lib; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_MYSQL="-L${with_mysql}/mysql/lib ${LIB_MYSQL}" else LIB_MYSQL="-L${with_mysql}/mysql/lib ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}/mysql/lib" fi elif test -d ${with_mysql}/lib; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_MYSQL="-L${with_mysql}/lib ${LIB_MYSQL}" else LIB_MYSQL="-L${with_mysql}/lib ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}/lib" fi else # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_MYSQL="-L${with_mysql} ${LIB_MYSQL}" else LIB_MYSQL="-L${with_mysql} ${LIB_MYSQL} $andrew_cv_runpath_switch${with_mysql}" fi fi LIB_MYSQL_DIR=$LIB_MYSQL LIB_MYSQL="$LIB_MYSQL -lmysqlclient" if test -d ${with_mysql}/include/mysql; then CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include/mysql" elif test -d ${with_mysql}/mysql/include; then CPPFLAGS="${CPPFLAGS} -I${with_mysql}/mysql/include" elif test -d ${with_mysql}/include; then CPPFLAGS="${CPPFLAGS} -I${with_mysql}/include" else CPPFLAGS="${CPPFLAGS} -I${with_mysql}" fi save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_MYSQL_DIR" { $as_echo "$as_me:$LINENO: checking for mysql_select_db in -lmysqlclient" >&5 $as_echo_n "checking for mysql_select_db in -lmysqlclient... " >&6; } if test "${ac_cv_lib_mysqlclient_mysql_select_db+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lmysqlclient $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char mysql_select_db (); int main () { return mysql_select_db (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_mysqlclient_mysql_select_db=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_mysqlclient_mysql_select_db=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_mysqlclient_mysql_select_db" >&5 $as_echo "$ac_cv_lib_mysqlclient_mysql_select_db" >&6; } if test "x$ac_cv_lib_mysqlclient_mysql_select_db" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_MYSQL /**/ _ACEOF else { $as_echo "$as_me:$LINENO: WARNING: MySQL library mysqlclient does not work" >&5 $as_echo "$as_me: WARNING: MySQL library mysqlclient does not work" >&2;} with_mysql=no fi LDFLAGS=$save_LDFLAGS;; esac # Check whether --with-pgsql was given. if test "${with_pgsql+set}" = set; then withval=$with_pgsql; with_pgsql=$withval else with_pgsql=$sql fi # find location of library # presuing if one given then correct if test "${with_pgsql}" = "yes"; then with_pgsql=notfound for pgsqlloc in lib/pgsql lib pgsql/lib do if test -f ${prefix}/${pgsqlloc}/libpq.a; then with_pgsql="${prefix}" break elif test -f /usr/local/${pgsqlloc}/libpq.a; then with_pgsql="/usr/local" break elif test -f /usr/${pgsqlloc}/libpq.a; then with_pgsql="/usr" break fi done fi LIB_PGSQL="" case "$with_pgsql" in no) true;; notfound) { $as_echo "$as_me:$LINENO: WARNING: PostgreSQL Library not found" >&5 $as_echo "$as_me: WARNING: PostgreSQL Library not found" >&2;}; true;; *) if test -d ${with_pgsql}/lib/pgsql; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_PGSQL="-L${with_pgsql}/lib/pgsql ${LIB_PGSQL}" else LIB_PGSQL="-L${with_pgsql}/lib/pgsql ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}/lib/pgsql" fi elif test -d ${with_pgsql}/pgsql/lib; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_PGSQL="-L${with_pgsql}/pgsql/lib ${LIB_PGSQL}" else LIB_PGSQL="-L${with_pgsql}/pgsql/lib ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}/pgsql/lib" fi elif test -d ${with_pgsql}/lib; then # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_PGSQL="-L${with_pgsql}/lib ${LIB_PGSQL}" else LIB_PGSQL="-L${with_pgsql}/lib ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}/lib" fi else # this is CMU ADD LIBPATH TO if test "$andrew_cv_runpath_switch" = "none" ; then LIB_PGSQL="-L${with_pgsql} ${LIB_PGSQL}" else LIB_PGSQL="-L${with_pgsql} ${LIB_PGSQL} $andrew_cv_runpath_switch${with_pgsql}" fi fi LIB_PGSQL_DIR=$LIB_PGSQL LIB_PGSQL="$LIB_PGSQL -lpq" if test -d ${with_pgsql}/include/pgsql; then CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql" elif test -d ${with_pgsql}/pgsql/include; then CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include" elif test -d ${with_pgsql}/include; then CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include" else CPPFLAGS="${CPPFLAGS} -I${with_pgsql}" fi save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIB_PGSQL_DIR" { $as_echo "$as_me:$LINENO: checking for PQsetdbLogin in -lpq" >&5 $as_echo_n "checking for PQsetdbLogin in -lpq... " >&6; } if test "${ac_cv_lib_pq_PQsetdbLogin+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpq $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char PQsetdbLogin (); int main () { return PQsetdbLogin (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_pq_PQsetdbLogin=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_pq_PQsetdbLogin=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_pq_PQsetdbLogin" >&5 $as_echo "$ac_cv_lib_pq_PQsetdbLogin" >&6; } if test "x$ac_cv_lib_pq_PQsetdbLogin" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_PGSQL /**/ _ACEOF else { $as_echo "$as_me:$LINENO: WARNING: PostgreSQL Library pq does not work" >&5 $as_echo "$as_me: WARNING: PostgreSQL Library pq does not work" >&2;} with_pgsql=no fi LDFLAGS=$save_LDFLAGS;; esac # Check whether --with-sqlite was given. if test "${with_sqlite+set}" = set; then withval=$with_sqlite; with_sqlite=$withval else with_sqlite=$sql fi # find location of library # presuing if one given then correct if test "${with_sqlite}" = "yes"; then with_sqlite=notfound for sqliteloc in lib do if test -f ${prefix}/${sqliteloc}/libsqlite.a; then with_sqlite="${prefix}" break elif test -f /usr/local/${sqliteloc}/libsqlite.a; then with_sqlite="/usr/local" break elif test -f /usr/${sqliteloc}/libsqlite.a; then with_sqlite="/usr" break fi done fi LIB_SQLITE="" case "$with_sqlite" in no) true;; notfound) { $as_echo "$as_me:$LINENO: WARNING: SQLite Library not found" >&5 $as_echo "$as_me: WARNING: SQLite Library not found" >&2;}; true;; *) if test -d ${with_sqlite}/lib; then LIB_SQLITE="-L${with_sqlite}/lib -R${with_sqlite}/lib" else LIB_SQLITE="-L${with_sqlite} -R${with_sqlite}" fi LIB_SQLITE_DIR=$LIB_SQLITE LIB_SQLITE="$LIB_SQLITE -lsqlite" if test -d ${with_sqlite}/include; then CPPFLAGS="${CPPFLAGS} -I${with_sqlite}/include" else CPPFLAGS="${CPPFLAGS} -I${with_sqlite}" fi { $as_echo "$as_me:$LINENO: checking for sqlite_open in -lsqlite" >&5 $as_echo_n "checking for sqlite_open in -lsqlite... " >&6; } if test "${ac_cv_lib_sqlite_sqlite_open+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsqlite $LIB_SQLITE_DIR $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sqlite_open (); int main () { return sqlite_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_sqlite_sqlite_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_sqlite_sqlite_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_sqlite_sqlite_open" >&5 $as_echo "$ac_cv_lib_sqlite_sqlite_open" >&6; } if test "x$ac_cv_lib_sqlite_sqlite_open" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SQLITE /**/ _ACEOF else { $as_echo "$as_me:$LINENO: WARNING: SQLite Library sqlite does not work" >&5 $as_echo "$as_me: WARNING: SQLite Library sqlite does not work" >&2;} with_sqlite=no fi ;; esac # Check whether --with-sqlite3 was given. if test "${with_sqlite3+set}" = set; then withval=$with_sqlite3; with_sqlite3=$withval else with_sqlite3=$sql fi # find location of library # we assume that if one given then it is correct if test "${with_sqlite3}" = "yes"; then with_sqlite3=notfound for sqlite3loc in lib do if test -f ${prefix}/${sqlite3loc}/libsqlite3.a; then with_sqlite3="${prefix}" break elif test -f /usr/local/${sqlite3loc}/libsqlite3.a; then with_sqlite3="/usr/local" break elif test -f /usr/${sqlite3loc}/libsqlite3.a; then with_sqlite3="/usr" break fi done fi LIB_SQLITE3="" case "$with_sqlite3" in no) true;; notfound) { $as_echo "$as_me:$LINENO: WARNING: SQLite3 Library not found" >&5 $as_echo "$as_me: WARNING: SQLite3 Library not found" >&2;}; true;; *) if test -d ${with_sqlite3}/lib; then LIB_SQLITE3="-L${with_sqlite3}/lib -R${with_sqlite3}/lib" else LIB_SQLITE3="-L${with_sqlite3} -R${with_sqlite3}" fi LIB_SQLITE3_DIR=$LIB_SQLITE3 LIB_SQLITE3="$LIB_SQLITE3 -lsqlite3" if test -d ${with_sqlite3}/include; then CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}/include" else CPPFLAGS="${CPPFLAGS} -I${with_sqlite3}" fi { $as_echo "$as_me:$LINENO: checking for sqlite3_open in -lsqlite3" >&5 $as_echo_n "checking for sqlite3_open in -lsqlite3... " >&6; } if test "${ac_cv_lib_sqlite3_sqlite3_open+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsqlite3 $LIB_SQLITE3_DIR $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char sqlite3_open (); int main () { return sqlite3_open (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_sqlite3_sqlite3_open=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_sqlite3_sqlite3_open=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_sqlite3_sqlite3_open" >&5 $as_echo "$ac_cv_lib_sqlite3_sqlite3_open" >&6; } if test "x$ac_cv_lib_sqlite3_sqlite3_open" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SQLITE3 /**/ _ACEOF else { $as_echo "$as_me:$LINENO: WARNING: SQLite3 Library sqlite3 does not work" >&5 $as_echo "$as_me: WARNING: SQLite3 Library sqlite3 does not work" >&2;} with_sqlite3=no fi ;; esac if test "$sql" = yes -a "$with_pgsql" = no -a "$with_mysql" = no -a "$with_sqlite" = no -a "$with_sqlite3" = no; then { { $as_echo "$as_me:$LINENO: error: --enable-sql chosen but neither Postgres nor MySQL nor SQLite nor SQLite3 found" >&5 $as_echo "$as_me: error: --enable-sql chosen but neither Postgres nor MySQL nor SQLite nor SQLite3 found" >&2;} { (exit 1); exit 1; }; } fi if test "$enable_shared" = yes; then cat >>confdefs.h <<\_ACEOF #define DO_DLOPEN /**/ _ACEOF fi # Check whether --enable-ldapdb was given. if test "${enable_ldapdb+set}" = set; then enableval=$enable_ldapdb; ldapdb=$enableval else ldapdb=no fi { $as_echo "$as_me:$LINENO: checking LDAPDB" >&5 $as_echo_n "checking LDAPDB... " >&6; } if test "$ldapdb" != no; then { $as_echo "$as_me:$LINENO: result: enabled" >&5 $as_echo "enabled" >&6; } if test "$with_ldap" = no; then { { $as_echo "$as_me:$LINENO: error: Cannot enable LDAPDB plugin: You need to specify --with-ldap" >&5 $as_echo "$as_me: error: Cannot enable LDAPDB plugin: You need to specify --with-ldap" >&2;} { (exit 1); exit 1; }; } fi save_CPPFLAGS=$CPPFLAGS save_LDFLAGS=$LDFLAGS if test -d $with_ldap; then CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" # this is CMU ADD LIBPATH if test "$andrew_cv_runpath_switch" = "none" ; then LDFLAGS="-L${with_ldap}/lib ${LDFLAGS}" else LDFLAGS="-L${with_ldap}/lib $andrew_cv_runpath_switch${with_ldap}/lib ${LDFLAGS}" fi fi for ac_header in ldap.h lber.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done if test $ac_cv_header_ldap_h = yes -a $ac_cv_header_lber_h = yes; then { $as_echo "$as_me:$LINENO: checking OpenLDAP api" >&5 $as_echo_n "checking OpenLDAP api... " >&6; } if test "${cmu_cv_openldap_api+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #ifdef LDAP_API_FEATURE_X_OPENLDAP char *__openldap_api = LDAP_API_FEATURE_X_OPENLDAP; #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "__openldap_api" >/dev/null 2>&1; then cmu_cv_openldap_api=yes else cmu_cv_openldap_api=no fi rm -f conftest* fi { $as_echo "$as_me:$LINENO: result: $cmu_cv_openldap_api" >&5 $as_echo "$cmu_cv_openldap_api" >&6; } if test "$cmu_cv_openldap_api" = yes; then { $as_echo "$as_me:$LINENO: checking for ldap_initialize in -lldap" >&5 $as_echo_n "checking for ldap_initialize in -lldap... " >&6; } if test "${ac_cv_lib_ldap_ldap_initialize+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap -llber $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_initialize (); int main () { return ldap_initialize (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_ldap_ldap_initialize=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_ldap_ldap_initialize=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_ldap_initialize" >&5 $as_echo "$ac_cv_lib_ldap_ldap_initialize" >&6; } if test "x$ac_cv_lib_ldap_ldap_initialize" = x""yes; then cmu_link_openldap="-lldap -llber" else cmu_link_openldap=no fi fi fi if test "$cmu_cv_openldap_api" = no -o "$cmu_link_openldap" = no; then { { $as_echo "$as_me:$LINENO: error: Cannot enable LDAPDB plugin: Could not locate OpenLDAP" >&5 $as_echo "$as_me: error: Cannot enable LDAPDB plugin: Could not locate OpenLDAP" >&2;} { (exit 1); exit 1; }; } else { $as_echo "$as_me:$LINENO: checking OpenLDAP version" >&5 $as_echo_n "checking OpenLDAP version... " >&6; } if test "${cmu_cv_openldap_compat+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include /* Require 2.1.27+ and 2.2.6+ */ #if LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 1 && LDAP_VENDOR_VERSION_PATCH > 26 char *__openldap_compat = "2.1.27 or better okay"; #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2 && LDAP_VENDOR_VERSION_PATCH > 5 char *__openldap_compat = "2.2.6 or better okay"; #elif LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR > 2 char *__openldap_compat = "2.3 or better okay" #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "__openldap_compat" >/dev/null 2>&1; then cmu_cv_openldap_compat=yes else cmu_cv_openldap_compat=no fi rm -f conftest* fi { $as_echo "$as_me:$LINENO: result: $cmu_cv_openldap_compat" >&5 $as_echo "$cmu_cv_openldap_compat" >&6; } if test "$cmu_cv_openldap_compat" = no; then { { $as_echo "$as_me:$LINENO: error: Cannot enable LDAPDB plugin: OpenLDAP library located but incompatible" >&5 $as_echo "$as_me: error: Cannot enable LDAPDB plugin: OpenLDAP library located but incompatible" >&2;} { (exit 1); exit 1; }; } else LIB_LDAP=$cmu_link_openldap SASL_MECHS="$SASL_MECHS libldapdb.la" if test "$enable_static" = yes; then SASL_STATIC_SRCS="$SASL_STATIC_SRCS \$(top_srcdir)/plugins/ldapdb.c" SASL_STATIC_OBJS="$SASL_STATIC_OBJS ldapdb.o" cat >>confdefs.h <<\_ACEOF #define STATIC_LDAPDB /**/ _ACEOF fi fi fi if test "$cmu_cv_openldap_compat" != yes; then CPPFLAGS=$save_CPPFLAGS LDFLAGS=$save_LDFLAGS fi else { $as_echo "$as_me:$LINENO: result: disabled" >&5 $as_echo "disabled" >&6; } fi # Check whether --with-plugindir was given. if test "${with_plugindir+set}" = set; then withval=$with_plugindir; plugindir=$withval else plugindir=/usr/lib/sasl2 fi cat >>confdefs.h <<_ACEOF #define PLUGINDIR "$plugindir" _ACEOF # Check whether --with-configdir was given. if test "${with_configdir+set}" = set; then withval=$with_configdir; configdir=$withval else configdir=$plugindir:/etc/sasl2 fi cat >>confdefs.h <<_ACEOF #define CONFIGDIR "$configdir" _ACEOF # Check whether --with-rc4 was given. if test "${with_rc4+set}" = set; then withval=$with_rc4; with_rc4=$withval else with_rc4=yes fi if test "$with_rc4" != no; then cat >>confdefs.h <<\_ACEOF #define WITH_RC4 /**/ _ACEOF fi building_for_macosx=no case "$host_os" in darwin*) # Check whether --enable-macos-framework was given. if test "${enable_macos_framework+set}" = set; then enableval=$enable_macos_framework; building_for_macosx=no else building_for_macosx=yes fi ;; esac if test "$building_for_macosx" = yes; then MACOSX_TRUE= MACOSX_FALSE='#' else MACOSX_TRUE='#' MACOSX_FALSE= fi { $as_echo "$as_me:$LINENO: checking for dmalloc library" >&5 $as_echo_n "checking for dmalloc library... " >&6; } # Check whether --with-dmalloc was given. if test "${with_dmalloc+set}" = set; then withval=$with_dmalloc; with_dmalloc=$withval else with_dmalloc=no fi DMALLOC_LIBS="" if test "$with_dmalloc" != "no"; then if test "$with_dmalloc" = "yes"; then with_dmalloc="/usr/local" fi if test -r "$with_dmalloc/libdmalloc.a"; then DMALLOC_LIBS="$with_dmalloc/libdmalloc.a" cat >>confdefs.h <<\_ACEOF #define WITH_DMALLOC /**/ _ACEOF { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } elif test -r "$with_dmalloc/lib/libdmalloc.a"; then DMALLOC_LIBS="$with_dmalloc/lib/libdmalloc.a" cat >>confdefs.h <<\_ACEOF #define WITH_DMALLOC /**/ _ACEOF { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } else { { $as_echo "$as_me:$LINENO: error: cannot find dmalloc library" >&5 $as_echo "$as_me: error: cannot find dmalloc library" >&2;} { (exit please check your installation.); exit please check your installation.; }; } fi else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:$LINENO: checking for sfio library" >&5 $as_echo_n "checking for sfio library... " >&6; } # Check whether --with-sfio was given. if test "${with_sfio+set}" = set; then withval=$with_sfio; with_sfio=$withval else with_sfio=no fi if test "$with_sfio" != "no"; then if test "$with_sfio" = "yes"; then with_sfio="/usr/local" fi if test -r "$with_sfio/sfio.h"; then SFIO_DIR=$with_sfio; SFIO_INC_DIR=$with_sfio elif test -r "$with_sfio/include/sfio.h"; then SFIO_DIR=$with_sfio; SFIO_INC_DIR=$with_sfio/include elif test -r "$with_sfio/include/sfio/sfio.h"; then SFIO_DIR=$with_sfio; SFIO_INC_DIR=$with_sfio/include/sfio fi if test -z "$SFIO_DIR"; then { { $as_echo "$as_me:$LINENO: error: Cannot find sfio.h" >&5 $as_echo "$as_me: error: Cannot find sfio.h" >&2;} { (exit Please check your SFIO installation.); exit Please check your SFIO installation.; }; } fi str="$SFIO_DIR/lib/libsfio.*" for i in `echo $str`; do if test -r $i; then SFIO_LIBDIR=$SFIO_DIR/lib break 2 fi done str="$SFIO_DIR/lib/sfio/libsfio.*" for i in `echo $str`; do if test -r $i; then SFIO_LIBDIR=$SFIO_DIR/lib/sfio break 2 fi done if test -z "$SFIO_LIBDIR"; then { { $as_echo "$as_me:$LINENO: error: Cannot find sfio library" >&5 $as_echo "$as_me: error: Cannot find sfio library" >&2;} { (exit Please check your SFIO installation.); exit Please check your SFIO installation.; }; } fi SFIO_INC_FLAGS="-I$SFIO_INC_DIR" SFIO_LIB_FLAGS="-L$SFIO_LIBDIR -lsfio" SMTPTEST_PROGRAM="smtptest" SASL_UTIL_LIBS_EXTRA=libsfsasl2.la SASL_UTIL_HEADERS_EXTRA=sfsasl.h { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } SFIO_INC_FLAGS="" SFIO_LIB_FLAGS="" SMTPTEST_PROGRAM="" SASL_UTIL_LIBS_EXTRA="" SASL_UTIL_HEADERS_EXTRA="" fi sasl_cv_getsubopt=no { $as_echo "$as_me:$LINENO: checking for getsubopt" >&5 $as_echo_n "checking for getsubopt... " >&6; } if test "${ac_cv_func_getsubopt+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define getsubopt to an innocuous variant, in case declares getsubopt. For example, HP-UX 11i declares gettimeofday. */ #define getsubopt innocuous_getsubopt /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getsubopt (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef getsubopt /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getsubopt (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_getsubopt || defined __stub___getsubopt choke me #endif int main () { return getsubopt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_getsubopt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_getsubopt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_getsubopt" >&5 $as_echo "$ac_cv_func_getsubopt" >&6; } if test "x$ac_cv_func_getsubopt" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_GETSUBOPT /**/ _ACEOF else sasl_cv_getsubopt=yes fi if test $sasl_cv_getsubopt = yes; then case " $LIBOBJS " in *" getsubopt.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getsubopt.$ac_objext" ;; esac GETSUBOPT="getsubopt.lo" fi sasl_cv_snprintf=no SNPRINTFOBJS="" { $as_echo "$as_me:$LINENO: checking for snprintf" >&5 $as_echo_n "checking for snprintf... " >&6; } if test "${ac_cv_func_snprintf+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define snprintf to an innocuous variant, in case declares snprintf. For example, HP-UX 11i declares gettimeofday. */ #define snprintf innocuous_snprintf /* System header to define __stub macros and hopefully few prototypes, which can conflict with char snprintf (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef snprintf /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char snprintf (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_snprintf || defined __stub___snprintf choke me #endif int main () { return snprintf (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_snprintf=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_snprintf=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_snprintf" >&5 $as_echo "$ac_cv_func_snprintf" >&6; } if test "x$ac_cv_func_snprintf" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SNPRINTF /**/ _ACEOF else sasl_cv_snprintf=yes fi { $as_echo "$as_me:$LINENO: checking for vsnprintf" >&5 $as_echo_n "checking for vsnprintf... " >&6; } if test "${ac_cv_func_vsnprintf+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define vsnprintf to an innocuous variant, in case declares vsnprintf. For example, HP-UX 11i declares gettimeofday. */ #define vsnprintf innocuous_vsnprintf /* System header to define __stub macros and hopefully few prototypes, which can conflict with char vsnprintf (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef vsnprintf /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char vsnprintf (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_vsnprintf || defined __stub___vsnprintf choke me #endif int main () { return vsnprintf (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_vsnprintf=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_vsnprintf=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_vsnprintf" >&5 $as_echo "$ac_cv_func_vsnprintf" >&6; } if test "x$ac_cv_func_vsnprintf" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_VSNPRINTF /**/ _ACEOF else sasl_cv_snprintf=yes fi if test $sasl_cv_snprintf = yes; then case " $LIBOBJS " in *" snprintf.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS snprintf.$ac_objext" ;; esac SNPRINTFOBJS="snprintf.o" LTSNPRINTFOBJS="snprintf.lo" fi { $as_echo "$as_me:$LINENO: checking for inet_aton in -lresolv" >&5 $as_echo_n "checking for inet_aton in -lresolv... " >&6; } if test "${ac_cv_lib_resolv_inet_aton+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inet_aton (); int main () { return inet_aton (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_resolv_inet_aton=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_resolv_inet_aton=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_inet_aton" >&5 $as_echo "$ac_cv_lib_resolv_inet_aton" >&6; } if test "x$ac_cv_lib_resolv_inet_aton" = x""yes; then cat >>confdefs.h <<_ACEOF #define HAVE_LIBRESOLV 1 _ACEOF LIBS="-lresolv $LIBS" fi GETADDRINFOOBJS="" sasl_cv_getaddrinfo=yes { $as_echo "$as_me:$LINENO: checking for getaddrinfo" >&5 $as_echo_n "checking for getaddrinfo... " >&6; } if test "${ac_cv_func_getaddrinfo+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define getaddrinfo to an innocuous variant, in case declares getaddrinfo. For example, HP-UX 11i declares gettimeofday. */ #define getaddrinfo innocuous_getaddrinfo /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getaddrinfo (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef getaddrinfo /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getaddrinfo (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_getaddrinfo || defined __stub___getaddrinfo choke me #endif int main () { return getaddrinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_getaddrinfo=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_getaddrinfo=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo" >&5 $as_echo "$ac_cv_func_getaddrinfo" >&6; } if test "x$ac_cv_func_getaddrinfo" = x""yes; then ac_cv_lib_socket_getaddrinfo=no ac_cv_lib_inet6_getaddrinfo=no else { $as_echo "$as_me:$LINENO: checking for getaddrinfo in -lsocket" >&5 $as_echo_n "checking for getaddrinfo in -lsocket... " >&6; } if test "${ac_cv_lib_socket_getaddrinfo+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getaddrinfo (); int main () { return getaddrinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_socket_getaddrinfo=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_socket_getaddrinfo=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_getaddrinfo" >&5 $as_echo "$ac_cv_lib_socket_getaddrinfo" >&6; } if test "x$ac_cv_lib_socket_getaddrinfo" = x""yes; then LIBS="$LIBS -lsocket" ac_cv_lib_inet6_getaddrinfo=no else { $as_echo "$as_me:$LINENO: checking whether your system has IPv6 directory" >&5 $as_echo_n "checking whether your system has IPv6 directory... " >&6; } if test "${ipv6_cv_dir+set}" = set; then $as_echo_n "(cached) " >&6 else for ipv6_cv_dir in /usr/local/v6 /usr/inet6 no; do if test $ipv6_cv_dir = no -o -d $ipv6_cv_dir; then break fi done fi { $as_echo "$as_me:$LINENO: result: $ipv6_cv_dir" >&5 $as_echo "$ipv6_cv_dir" >&6; } if test $ipv6_cv_dir = no; then ac_cv_lib_inet6_getaddrinfo=no else if test x$ipv6_libinet6 = x; then ipv6_libinet6=no SAVELDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -L$ipv6_cv_dir/lib" fi { $as_echo "$as_me:$LINENO: checking for getaddrinfo in -linet6" >&5 $as_echo_n "checking for getaddrinfo in -linet6... " >&6; } if test "${ac_cv_lib_inet6_getaddrinfo+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-linet6 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getaddrinfo (); int main () { return getaddrinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_inet6_getaddrinfo=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_inet6_getaddrinfo=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_inet6_getaddrinfo" >&5 $as_echo "$ac_cv_lib_inet6_getaddrinfo" >&6; } if test "x$ac_cv_lib_inet6_getaddrinfo" = x""yes; then if test $ipv6_libinet6 = no; then ipv6_libinet6=yes LIBS="$LIBS -linet6" fi fi if test $ipv6_libinet6 = no; then LDFLAGS="$SAVELDFLAGS" fi fi fi fi ipv6_cv_getaddrinfo=no if test $ac_cv_func_getaddrinfo = yes -o $ac_cv_lib_socket_getaddrinfo = yes \ -o $ac_cv_lib_inet6_getaddrinfo = yes then ipv6_cv_getaddrinfo=yes fi if test $ipv6_cv_getaddrinfo = no; then if test getaddrinfo = getaddrinfo; then for ipv6_cv_pfx in o n; do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "${ipv6_cv_pfx}getaddrinfo" >/dev/null 2>&1; then as_ac_var=`$as_echo "ac_cv_func_${ipv6_cv_pfx}getaddrinfo" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for ${ipv6_cv_pfx}getaddrinfo" >&5 $as_echo_n "checking for ${ipv6_cv_pfx}getaddrinfo... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define ${ipv6_cv_pfx}getaddrinfo to an innocuous variant, in case declares ${ipv6_cv_pfx}getaddrinfo. For example, HP-UX 11i declares gettimeofday. */ #define ${ipv6_cv_pfx}getaddrinfo innocuous_${ipv6_cv_pfx}getaddrinfo /* System header to define __stub macros and hopefully few prototypes, which can conflict with char ${ipv6_cv_pfx}getaddrinfo (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef ${ipv6_cv_pfx}getaddrinfo /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ${ipv6_cv_pfx}getaddrinfo (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_${ipv6_cv_pfx}getaddrinfo || defined __stub___${ipv6_cv_pfx}getaddrinfo choke me #endif int main () { return ${ipv6_cv_pfx}getaddrinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` fi rm -f conftest* if eval test X\$ac_cv_func_${ipv6_cv_pfx}getaddrinfo = Xyes; then cat >>confdefs.h <<\_ACEOF #define HAVE_GETADDRINFO /**/ _ACEOF ipv6_cv_getaddrinfo=yes break fi done fi fi if test $ipv6_cv_getaddrinfo = yes; then { $as_echo "$as_me:$LINENO: checking for gai_strerror" >&5 $as_echo_n "checking for gai_strerror... " >&6; } if test "${ac_cv_func_gai_strerror+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define gai_strerror to an innocuous variant, in case declares gai_strerror. For example, HP-UX 11i declares gettimeofday. */ #define gai_strerror innocuous_gai_strerror /* System header to define __stub macros and hopefully few prototypes, which can conflict with char gai_strerror (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef gai_strerror /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gai_strerror (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_gai_strerror || defined __stub___gai_strerror choke me #endif int main () { return gai_strerror (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_gai_strerror=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_gai_strerror=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_gai_strerror" >&5 $as_echo "$ac_cv_func_gai_strerror" >&6; } if test "x$ac_cv_func_gai_strerror" = x""yes; then ac_cv_lib_socket_gai_strerror=no ac_cv_lib_inet6_gai_strerror=no else { $as_echo "$as_me:$LINENO: checking for gai_strerror in -lsocket" >&5 $as_echo_n "checking for gai_strerror in -lsocket... " >&6; } if test "${ac_cv_lib_socket_gai_strerror+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gai_strerror (); int main () { return gai_strerror (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_socket_gai_strerror=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_socket_gai_strerror=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_gai_strerror" >&5 $as_echo "$ac_cv_lib_socket_gai_strerror" >&6; } if test "x$ac_cv_lib_socket_gai_strerror" = x""yes; then LIBS="$LIBS -lsocket" ac_cv_lib_inet6_gai_strerror=no else { $as_echo "$as_me:$LINENO: checking whether your system has IPv6 directory" >&5 $as_echo_n "checking whether your system has IPv6 directory... " >&6; } if test "${ipv6_cv_dir+set}" = set; then $as_echo_n "(cached) " >&6 else for ipv6_cv_dir in /usr/local/v6 /usr/inet6 no; do if test $ipv6_cv_dir = no -o -d $ipv6_cv_dir; then break fi done fi { $as_echo "$as_me:$LINENO: result: $ipv6_cv_dir" >&5 $as_echo "$ipv6_cv_dir" >&6; } if test $ipv6_cv_dir = no; then ac_cv_lib_inet6_gai_strerror=no else if test x$ipv6_libinet6 = x; then ipv6_libinet6=no SAVELDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -L$ipv6_cv_dir/lib" fi { $as_echo "$as_me:$LINENO: checking for gai_strerror in -linet6" >&5 $as_echo_n "checking for gai_strerror in -linet6... " >&6; } if test "${ac_cv_lib_inet6_gai_strerror+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-linet6 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gai_strerror (); int main () { return gai_strerror (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_inet6_gai_strerror=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_inet6_gai_strerror=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_inet6_gai_strerror" >&5 $as_echo "$ac_cv_lib_inet6_gai_strerror" >&6; } if test "x$ac_cv_lib_inet6_gai_strerror" = x""yes; then if test $ipv6_libinet6 = no; then ipv6_libinet6=yes LIBS="$LIBS -linet6" fi fi if test $ipv6_libinet6 = no; then LDFLAGS="$SAVELDFLAGS" fi fi fi fi ipv6_cv_gai_strerror=no if test $ac_cv_func_gai_strerror = yes -o $ac_cv_lib_socket_gai_strerror = yes \ -o $ac_cv_lib_inet6_gai_strerror = yes then ipv6_cv_gai_strerror=yes fi if test $ipv6_cv_gai_strerror = no; then if test gai_strerror = getaddrinfo; then for ipv6_cv_pfx in o n; do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "${ipv6_cv_pfx}gai_strerror" >/dev/null 2>&1; then as_ac_var=`$as_echo "ac_cv_func_${ipv6_cv_pfx}gai_strerror" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for ${ipv6_cv_pfx}gai_strerror" >&5 $as_echo_n "checking for ${ipv6_cv_pfx}gai_strerror... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define ${ipv6_cv_pfx}gai_strerror to an innocuous variant, in case declares ${ipv6_cv_pfx}gai_strerror. For example, HP-UX 11i declares gettimeofday. */ #define ${ipv6_cv_pfx}gai_strerror innocuous_${ipv6_cv_pfx}gai_strerror /* System header to define __stub macros and hopefully few prototypes, which can conflict with char ${ipv6_cv_pfx}gai_strerror (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef ${ipv6_cv_pfx}gai_strerror /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ${ipv6_cv_pfx}gai_strerror (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_${ipv6_cv_pfx}gai_strerror || defined __stub___${ipv6_cv_pfx}gai_strerror choke me #endif int main () { return ${ipv6_cv_pfx}gai_strerror (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` fi rm -f conftest* if eval test X\$ac_cv_func_${ipv6_cv_pfx}gai_strerror = Xyes; then cat >>confdefs.h <<\_ACEOF #define HAVE_GETADDRINFO /**/ _ACEOF ipv6_cv_gai_strerror=yes break fi done fi fi if test $ipv6_cv_gai_strerror = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_GETADDRINFO /**/ _ACEOF sasl_cv_getaddrinfo=no else : fi else : fi if test $sasl_cv_getaddrinfo = yes; then case " $LIBOBJS " in *" getaddrinfo.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getaddrinfo.$ac_objext" ;; esac GETADDRINFOOBJS="getaddrinfo.o" LTGETADDRINFOOBJS="getaddrinfo.lo" fi GETNAMEINFOOBJS="" sasl_cv_getnameinfo=no { $as_echo "$as_me:$LINENO: checking for getnameinfo" >&5 $as_echo_n "checking for getnameinfo... " >&6; } if test "${ac_cv_func_getnameinfo+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define getnameinfo to an innocuous variant, in case declares getnameinfo. For example, HP-UX 11i declares gettimeofday. */ #define getnameinfo innocuous_getnameinfo /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getnameinfo (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef getnameinfo /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getnameinfo (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_getnameinfo || defined __stub___getnameinfo choke me #endif int main () { return getnameinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_func_getnameinfo=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_func_getnameinfo=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_func_getnameinfo" >&5 $as_echo "$ac_cv_func_getnameinfo" >&6; } if test "x$ac_cv_func_getnameinfo" = x""yes; then ac_cv_lib_socket_getnameinfo=no ac_cv_lib_inet6_getnameinfo=no else { $as_echo "$as_me:$LINENO: checking for getnameinfo in -lsocket" >&5 $as_echo_n "checking for getnameinfo in -lsocket... " >&6; } if test "${ac_cv_lib_socket_getnameinfo+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getnameinfo (); int main () { return getnameinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_socket_getnameinfo=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_socket_getnameinfo=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_socket_getnameinfo" >&5 $as_echo "$ac_cv_lib_socket_getnameinfo" >&6; } if test "x$ac_cv_lib_socket_getnameinfo" = x""yes; then LIBS="$LIBS -lsocket" ac_cv_lib_inet6_getnameinfo=no else { $as_echo "$as_me:$LINENO: checking whether your system has IPv6 directory" >&5 $as_echo_n "checking whether your system has IPv6 directory... " >&6; } if test "${ipv6_cv_dir+set}" = set; then $as_echo_n "(cached) " >&6 else for ipv6_cv_dir in /usr/local/v6 /usr/inet6 no; do if test $ipv6_cv_dir = no -o -d $ipv6_cv_dir; then break fi done fi { $as_echo "$as_me:$LINENO: result: $ipv6_cv_dir" >&5 $as_echo "$ipv6_cv_dir" >&6; } if test $ipv6_cv_dir = no; then ac_cv_lib_inet6_getnameinfo=no else if test x$ipv6_libinet6 = x; then ipv6_libinet6=no SAVELDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -L$ipv6_cv_dir/lib" fi { $as_echo "$as_me:$LINENO: checking for getnameinfo in -linet6" >&5 $as_echo_n "checking for getnameinfo in -linet6... " >&6; } if test "${ac_cv_lib_inet6_getnameinfo+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-linet6 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getnameinfo (); int main () { return getnameinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_inet6_getnameinfo=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_inet6_getnameinfo=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_inet6_getnameinfo" >&5 $as_echo "$ac_cv_lib_inet6_getnameinfo" >&6; } if test "x$ac_cv_lib_inet6_getnameinfo" = x""yes; then if test $ipv6_libinet6 = no; then ipv6_libinet6=yes LIBS="$LIBS -linet6" fi fi if test $ipv6_libinet6 = no; then LDFLAGS="$SAVELDFLAGS" fi fi fi fi ipv6_cv_getnameinfo=no if test $ac_cv_func_getnameinfo = yes -o $ac_cv_lib_socket_getnameinfo = yes \ -o $ac_cv_lib_inet6_getnameinfo = yes then ipv6_cv_getnameinfo=yes fi if test $ipv6_cv_getnameinfo = no; then if test getnameinfo = getaddrinfo; then for ipv6_cv_pfx in o n; do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "${ipv6_cv_pfx}getnameinfo" >/dev/null 2>&1; then as_ac_var=`$as_echo "ac_cv_func_${ipv6_cv_pfx}getnameinfo" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for ${ipv6_cv_pfx}getnameinfo" >&5 $as_echo_n "checking for ${ipv6_cv_pfx}getnameinfo... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define ${ipv6_cv_pfx}getnameinfo to an innocuous variant, in case declares ${ipv6_cv_pfx}getnameinfo. For example, HP-UX 11i declares gettimeofday. */ #define ${ipv6_cv_pfx}getnameinfo innocuous_${ipv6_cv_pfx}getnameinfo /* System header to define __stub macros and hopefully few prototypes, which can conflict with char ${ipv6_cv_pfx}getnameinfo (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef ${ipv6_cv_pfx}getnameinfo /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ${ipv6_cv_pfx}getnameinfo (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_${ipv6_cv_pfx}getnameinfo || defined __stub___${ipv6_cv_pfx}getnameinfo choke me #endif int main () { return ${ipv6_cv_pfx}getnameinfo (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` fi rm -f conftest* if eval test X\$ac_cv_func_${ipv6_cv_pfx}getnameinfo = Xyes; then cat >>confdefs.h <<\_ACEOF #define HAVE_GETADDRINFO /**/ _ACEOF ipv6_cv_getnameinfo=yes break fi done fi fi if test $ipv6_cv_getnameinfo = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_GETNAMEINFO /**/ _ACEOF else sasl_cv_getnameinfo=yes fi if test $sasl_cv_getnameinfo = yes; then case " $LIBOBJS " in *" getnameinfo.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS getnameinfo.$ac_objext" ;; esac GETNAMEINFOOBJS="getnameinfo.o" LTGETNAMEINFOOBJS="getnameinfo.lo" fi LTLIBOBJS=`echo "$LIBOBJS" | sed 's,\.[^.]* ,.lo ,g;s,\.[^.]*$,.lo,'` { $as_echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if test "${ac_cv_c_const+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { /* FIXME: Include the comments suggested by Paul. */ #ifndef __cplusplus /* Ultrix mips cc rejects this. */ typedef int charset[2]; const charset cs; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this. */ char *t; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; }; struct s *b; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_c_const=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then cat >>confdefs.h <<\_ACEOF #define const /**/ _ACEOF fi { $as_echo "$as_me:$LINENO: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if test "${ac_cv_c_inline+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; static $ac_kw foo_t static_foo () {return 0; } $ac_kw foo_t foo () {return 0; } #endif _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_c_inline=$ac_kw else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi { $as_echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5 $as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; *) case $ac_cv_c_inline in no) ac_val=;; *) ac_val=$ac_cv_c_inline;; esac cat >>confdefs.h <<_ACEOF #ifndef __cplusplus #define inline $ac_val #endif _ACEOF ;; esac { $as_echo "$as_me:$LINENO: checking for mode_t" >&5 $as_echo_n "checking for mode_t... " >&6; } if test "${ac_cv_type_mode_t+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_type_mode_t=no cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { if (sizeof (mode_t)) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { if (sizeof ((mode_t))) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_type_mode_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5 $as_echo "$ac_cv_type_mode_t" >&6; } if test "x$ac_cv_type_mode_t" = x""yes; then : else cat >>confdefs.h <<_ACEOF #define mode_t int _ACEOF fi { $as_echo "$as_me:$LINENO: checking for pid_t" >&5 $as_echo_n "checking for pid_t... " >&6; } if test "${ac_cv_type_pid_t+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_type_pid_t=no cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { if (sizeof (pid_t)) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { if (sizeof ((pid_t))) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_type_pid_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5 $as_echo "$ac_cv_type_pid_t" >&6; } if test "x$ac_cv_type_pid_t" = x""yes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi { $as_echo "$as_me:$LINENO: checking return type of signal handlers" >&5 $as_echo_n "checking return type of signal handlers... " >&6; } if test "${ac_cv_type_signal+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { return *(signal (0, 0)) (0) == 1; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_type_signal=int else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_type_signal=void fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5 $as_echo "$ac_cv_type_signal" >&6; } cat >>confdefs.h <<_ACEOF #define RETSIGTYPE $ac_cv_type_signal _ACEOF { $as_echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if test "${ac_cv_header_time+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_time=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then cat >>confdefs.h <<\_ACEOF #define TIME_WITH_SYS_TIME 1 _ACEOF fi { $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if test "${ac_cv_header_stdc+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_stdc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -rf conftest.dSYM rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5 $as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include <$ac_hdr> int main () { if ((DIR *) 0) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then eval "$as_ac_Header=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then { $as_echo "$as_me:$LINENO: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if test "${ac_cv_search_opendir+set}" = set; then $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' dir; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_search_opendir=$ac_res else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext if test "${ac_cv_search_opendir+set}" = set; then break fi done if test "${ac_cv_search_opendir+set}" = set; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else { $as_echo "$as_me:$LINENO: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if test "${ac_cv_search_opendir+set}" = set; then $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' x; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_search_opendir=$ac_res else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext if test "${ac_cv_search_opendir+set}" = set; then break fi done if test "${ac_cv_search_opendir+set}" = set; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi { $as_echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5 $as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } if test "${ac_cv_header_sys_wait_h+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #ifndef WEXITSTATUS # define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) #endif #ifndef WIFEXITED # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main () { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_sys_wait_h=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_sys_wait_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5 $as_echo "$ac_cv_header_sys_wait_h" >&6; } if test $ac_cv_header_sys_wait_h = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SYS_WAIT_H 1 _ACEOF fi for ac_header in des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:$LINENO: checking whether you have ss_family in struct sockaddr_storage" >&5 $as_echo_n "checking whether you have ss_family in struct sockaddr_storage... " >&6; } if test "${ipv6_cv_ss_family+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { struct sockaddr_storage ss; int i = ss.ss_family; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ipv6_cv_ss_family=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ipv6_cv_ss_family=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ipv6_cv_ss_family = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SS_FAMILY /**/ _ACEOF else : fi { $as_echo "$as_me:$LINENO: result: $ipv6_cv_ss_family" >&5 $as_echo "$ipv6_cv_ss_family" >&6; } { $as_echo "$as_me:$LINENO: checking whether you have sa_len in struct sockaddr" >&5 $as_echo_n "checking whether you have sa_len in struct sockaddr... " >&6; } if test "${ipv6_cv_sa_len+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { struct sockaddr sa; int i = sa.sa_len; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ipv6_cv_sa_len=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ipv6_cv_sa_len=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ipv6_cv_sa_len = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SOCKADDR_SA_LEN /**/ _ACEOF else : fi { $as_echo "$as_me:$LINENO: result: $ipv6_cv_sa_len" >&5 $as_echo "$ipv6_cv_sa_len" >&6; } { $as_echo "$as_me:$LINENO: checking for socklen_t" >&5 $as_echo_n "checking for socklen_t... " >&6; } if test "${ipv6_cv_socklen_t+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { socklen_t len = 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ipv6_cv_socklen_t=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ipv6_cv_socklen_t=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi if test $ipv6_cv_socklen_t = yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_SOCKLEN_T /**/ _ACEOF else : fi { $as_echo "$as_me:$LINENO: result: $ipv6_cv_socklen_t" >&5 $as_echo "$ipv6_cv_socklen_t" >&6; } #AC_FUNC_MEMCMP #AC_FUNC_VPRINTF for ac_func in gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 $as_echo_n "checking for $ac_func... " >&6; } if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Define $ac_func to an innocuous variant, in case declares $ac_func. For example, HP-UX 11i declares gettimeofday. */ #define $ac_func innocuous_$ac_func /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$ac_func || defined __stub___$ac_func choke me #endif int main () { return $ac_func (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then eval "$as_ac_var=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_var=no" fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_var'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test $enable_cmulocal = yes; then { $as_echo "$as_me:$LINENO: WARNING: enabling CMU local kludges" >&5 $as_echo "$as_me: WARNING: enabling CMU local kludges" >&2;} cat >>confdefs.h <<\_ACEOF #define KRB4_IGNORE_IP_ADDRESS /**/ _ACEOF cat >>confdefs.h <<_ACEOF #define PREFER_MECH "KERBEROS_V4" _ACEOF fi cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "sockaddr_storage" >/dev/null 2>&1; then cat >>confdefs.h <<\_ACEOF #define HAVE_STRUCT_SOCKADDR_STORAGE /**/ _ACEOF fi rm -f conftest* subdirs="$subdirs saslauthd" ac_config_headers="$ac_config_headers config.h" ac_config_files="$ac_config_files Makefile include/Makefile sasldb/Makefile plugins/Makefile lib/Makefile utils/Makefile doc/Makefile sample/Makefile java/Makefile java/CyrusSasl/Makefile java/Test/Makefile java/javax/Makefile java/javax/security/Makefile java/javax/security/auth/Makefile java/javax/security/auth/callback/Makefile pwcheck/Makefile man/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' else am__EXEEXT_TRUE='#' am__EXEEXT_FALSE= fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${JAVA_TRUE}" && test -z "${JAVA_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"JAVA\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"JAVA\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${SAMPLE_TRUE}" && test -z "${SAMPLE_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"SAMPLE\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"SAMPLE\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${NO_SASL_DB_MANS_TRUE}" && test -z "${NO_SASL_DB_MANS_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"NO_SASL_DB_MANS\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"NO_SASL_DB_MANS\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${SASLAUTHD_TRUE}" && test -z "${SASLAUTHD_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"SASLAUTHD\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"SASLAUTHD\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${PWCHECK_TRUE}" && test -z "${PWCHECK_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"PWCHECK\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"PWCHECK\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi if test -z "${MACOSX_TRUE}" && test -z "${MACOSX_FALSE}"; then { { $as_echo "$as_me:$LINENO: error: conditional \"MACOSX\" was never defined. Usually this means the macro was only invoked conditionally." >&5 $as_echo "$as_me: error: conditional \"MACOSX\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi : ${CONFIG_STATUS=./config.status} ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 # Save the log message, to keep $[0] and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by $as_me, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files from templates according to the current configuration. Usage: $0 [OPTION]... [FILE]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ config.status configured by $0, generated by GNU Autoconf 2.63, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" Copyright (C) 2008 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac CONFIG_FILES="$CONFIG_FILES '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header { $as_echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; };; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) { $as_echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *) ac_config_targets="$ac_config_targets $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;; "sasldb/Makefile") CONFIG_FILES="$CONFIG_FILES sasldb/Makefile" ;; "plugins/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/Makefile" ;; "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; "utils/Makefile") CONFIG_FILES="$CONFIG_FILES utils/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "sample/Makefile") CONFIG_FILES="$CONFIG_FILES sample/Makefile" ;; "java/Makefile") CONFIG_FILES="$CONFIG_FILES java/Makefile" ;; "java/CyrusSasl/Makefile") CONFIG_FILES="$CONFIG_FILES java/CyrusSasl/Makefile" ;; "java/Test/Makefile") CONFIG_FILES="$CONFIG_FILES java/Test/Makefile" ;; "java/javax/Makefile") CONFIG_FILES="$CONFIG_FILES java/javax/Makefile" ;; "java/javax/security/Makefile") CONFIG_FILES="$CONFIG_FILES java/javax/security/Makefile" ;; "java/javax/security/auth/Makefile") CONFIG_FILES="$CONFIG_FILES java/javax/security/auth/Makefile" ;; "java/javax/security/auth/callback/Makefile") CONFIG_FILES="$CONFIG_FILES java/javax/security/auth/callback/Makefile" ;; "pwcheck/Makefile") CONFIG_FILES="$CONFIG_FILES pwcheck/Makefile" ;; "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 $as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 trap '{ (exit 1); exit 1; }' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || { $as_echo "$as_me: cannot create a temporary directory in ." >&2 { (exit 1); exit 1; } } # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=' ' ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 $as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 $as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 $as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\).*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\).*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5 $as_echo "$as_me: error: could not setup config files machinery" >&2;} { (exit 1); exit 1; }; } _ACEOF # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/ s/:*\${srcdir}:*/:/ s/:*@srcdir@:*/:/ s/^\([^=]*=[ ]*\):*/\1/ s/:*$// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_t=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_t"; then break elif $ac_last_try; then { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5 $as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5 $as_echo "$as_me: error: could not setup config headers machinery" >&2;} { (exit 1); exit 1; }; } fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5 $as_echo "$as_me: error: invalid tag $ac_tag" >&2;} { (exit 1); exit 1; }; };; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 $as_echo "$as_me: error: cannot find input file: $ac_f" >&2;} { (exit 1); exit 1; }; };; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac ac_file_inputs="$ac_file_inputs '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:$LINENO: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir="$ac_dir" case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 $as_echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p ' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" } >"$tmp/config.h" \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$tmp/config.h" "$ac_file" \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5 $as_echo "$as_me: error: could not create -" >&2;} { (exit 1); exit 1; }; } fi # Compute "$ac_file"'s index in $config_headers. _am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir=$dirpart/$fdir case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 $as_echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ;; esac done # for ac_tag { (exit 0); exit 0; } _ACEOF chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5 $as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || { (exit 1); exit 1; } fi # # CONFIG_SUBDIRS section. # if test "$no_recursion" != yes; then # Remove --cache-file, --srcdir, and --disable-option-checking arguments # so they do not pile up. ac_sub_configure_args= ac_prev= eval "set x $ac_configure_args" shift for ac_arg do if test -n "$ac_prev"; then ac_prev= continue fi case $ac_arg in -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \ | --c=*) ;; --config-cache | -C) ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) ;; --disable-option-checking) ;; *) case $ac_arg in *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac ac_sub_configure_args="$ac_sub_configure_args '$ac_arg'" ;; esac done # Always prepend --prefix to ensure using the same prefix # in subdir configurations. ac_arg="--prefix=$prefix" case $ac_arg in *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args" # Pass --silent if test "$silent" = yes; then ac_sub_configure_args="--silent $ac_sub_configure_args" fi # Always prepend --disable-option-checking to silence warnings, since # different subdirs can have different --enable and --with options. ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args" ac_popdir=`pwd` for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue # Do not complain, so a configure script can configure whichever # parts of a large source tree are present. test -d "$srcdir/$ac_dir" || continue ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)" $as_echo "$as_me:$LINENO: $ac_msg" >&5 $as_echo "$ac_msg" >&6 { as_dir="$ac_dir" case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 $as_echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" # Check for guested configure; otherwise get Cygnus style configure. if test -f "$ac_srcdir/configure.gnu"; then ac_sub_configure=$ac_srcdir/configure.gnu elif test -f "$ac_srcdir/configure"; then ac_sub_configure=$ac_srcdir/configure elif test -f "$ac_srcdir/configure.in"; then # This should be Cygnus configure. ac_sub_configure=$ac_aux_dir/configure else { $as_echo "$as_me:$LINENO: WARNING: no configuration information is in $ac_dir" >&5 $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2;} ac_sub_configure= fi # The recursion is here. if test -n "$ac_sub_configure"; then # Make the cache file name correct relative to the subdirectory. case $cache_file in [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;; *) # Relative name. ac_sub_cache_file=$ac_top_build_prefix$cache_file ;; esac { $as_echo "$as_me:$LINENO: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5 $as_echo "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;} # The eval makes quoting arguments work. eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \ --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" || { { $as_echo "$as_me:$LINENO: error: $ac_sub_configure failed for $ac_dir" >&5 $as_echo "$as_me: error: $ac_sub_configure failed for $ac_dir" >&2;} { (exit 1); exit 1; }; } fi cd "$ac_popdir" done fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi echo Configuration Complete. Type \'make\' to build. cyrus-sasl-2.1.25/NTMakefile0000666000076400007640000000451210014712127012542 00000000000000# Top-level NTMakefile for SASL # Alexey Melnikov # ################################################################ # Copyright (c) 2003 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ !INCLUDE .\win32\common.mak SUBDIRS=lib plugins utils sample INCSUBDIRS=include sasldb win32\include DOCSUBDIRS=doc all-first: all #nmake doesn't have "for" construct? #front ! will call the command replacing $? with a value from dependency list all clean: $(SUBDIRS) !cd $? && $(MAKE) /f NTMakefile /$(MAKEFLAGS) VERBOSE=0 $@ install: $(INCSUBDIRS) $(SUBDIRS) $(DOCSUBDIRS) !cd $? && $(MAKE) /f NTMakefile /$(MAKEFLAGS) prefix=$(prefix) $@ cyrus-sasl-2.1.25/config.h.in0000666000076400007640000003520011631670672012677 00000000000000/* config.h.in. Generated from configure.in by autoheader. */ /* acconfig.h - autoheader configuration input */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef CONFIG_H #define CONFIG_H /* Runtime config file location */ #undef CONFIGDIR /* Do we need a leading _ for dlsym? */ #undef DLSYM_NEEDS_UNDERSCORE /* Should we build a shared plugin (via dlopen) library? */ #undef DO_DLOPEN /* should we support sasl_checkapop? */ #undef DO_SASL_CHECKAPOP /* should we support setpass() for SRP? */ #undef DO_SRP_SETPASS /* should we mutex-wrap calls into the GSS library? */ #undef GSS_USE_MUTEXES /* Enable 'alwaystrue' password verifier? */ #undef HAVE_ALWAYSTRUE /* Include support for Courier's authdaemond? */ #undef HAVE_AUTHDAEMON /* Define to 1 if you have the header file. */ #undef HAVE_DES_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the `dns_lookup' function. */ #undef HAVE_DNS_LOOKUP /* Define to 1 if you have the `dn_expand' function. */ #undef HAVE_DN_EXPAND /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Do we have a getaddrinfo? */ #undef HAVE_GETADDRINFO /* Define to 1 if you have the `getdomainname' function. */ #undef HAVE_GETDOMAINNAME /* Define to 1 if you have the `gethostname' function. */ #undef HAVE_GETHOSTNAME /* Do we have a getnameinfo() function? */ #undef HAVE_GETNAMEINFO /* Define to 1 if you have the `getpassphrase' function. */ #undef HAVE_GETPASSPHRASE /* Define to 1 if you have the `getpwnam' function. */ #undef HAVE_GETPWNAM /* Define to 1 if you have the `getspnam' function. */ #undef HAVE_GETSPNAM /* do we have getsubopt()? */ #undef HAVE_GETSUBOPT /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_EXT_H /* Define if you have the gssapi.h header file */ #undef HAVE_GSSAPI_H /* Define to 1 if you have the `gsskrb5_register_acceptor_identity' function. */ #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE /* Define if your GSSAPI implementation defines GSS_C_NT_USER_NAME */ #undef HAVE_GSS_C_NT_USER_NAME /* Define to 1 if you have the `gss_decapsulate_token' function. */ #undef HAVE_GSS_DECAPSULATE_TOKEN /* Define to 1 if you have the `gss_encapsulate_token' function. */ #undef HAVE_GSS_ENCAPSULATE_TOKEN /* Define to 1 if you have the `gss_get_name_attribute' function. */ #undef HAVE_GSS_GET_NAME_ATTRIBUTE /* Define to 1 if you have the `gss_oid_equal' function. */ #undef HAVE_GSS_OID_EQUAL /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the `jrand48' function. */ #undef HAVE_JRAND48 /* Do we have Kerberos 4 Support? */ #undef HAVE_KRB /* Define to 1 if you have the `krb_get_err_text' function. */ #undef HAVE_KRB_GET_ERR_TEXT /* Define to 1 if you have the header file. */ #undef HAVE_LBER_H /* Define to 1 if you have the header file. */ #undef HAVE_LDAP_H /* Define to 1 if you have the `resolv' library (-lresolv). */ #undef HAVE_LIBRESOLV /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H /* Define to 1 if you have the header file. */ #undef HAVE_MALLOC_H /* Define to 1 if you have the `memcpy' function. */ #undef HAVE_MEMCPY /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `mkdir' function. */ #undef HAVE_MKDIR /* Do we have mysql support? */ #undef HAVE_MYSQL /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_NDIR_H /* Do we have OpenSSL? */ #undef HAVE_OPENSSL /* Use OPIE for server-side OTP? */ #undef HAVE_OPIE /* Define to 1 if you have the header file. */ #undef HAVE_PAM_PAM_APPL_H /* Define to 1 if you have the header file. */ #undef HAVE_PATHS_H /* Do we have Postgres support? */ #undef HAVE_PGSQL /* Include Support for pwcheck daemon? */ #undef HAVE_PWCHECK /* Include support for saslauthd? */ #undef HAVE_SASLAUTHD /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_APPL_H /* Define to 1 if you have the `select' function. */ #undef HAVE_SELECT /* Does the system have snprintf()? */ #undef HAVE_SNPRINTF /* Does sockaddr have an sa_len? */ #undef HAVE_SOCKADDR_SA_LEN /* Define to 1 if you have the `socket' function. */ #undef HAVE_SOCKET /* Do we have a socklen_t? */ #undef HAVE_SOCKLEN_T /* Do we have SQLite support? */ #undef HAVE_SQLITE /* Do we have SQLite3 support? */ #undef HAVE_SQLITE3 /* Is there an ss_family in sockaddr_storage? */ #undef HAVE_SS_FAMILY /* Define to 1 if you have the header file. */ #undef HAVE_STDARG_H /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strchr' function. */ #undef HAVE_STRCHR /* Define to 1 if you have the `strdup' function. */ #undef HAVE_STRDUP /* Define to 1 if you have the `strerror' function. */ #undef HAVE_STRERROR /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strspn' function. */ #undef HAVE_STRSPN /* Define to 1 if you have the `strstr' function. */ #undef HAVE_STRSTR /* Define to 1 if you have the `strtol' function. */ #undef HAVE_STRTOL /* Do we have struct sockaddr_stroage? */ #undef HAVE_STRUCT_SOCKADDR_STORAGE /* Define to 1 if you have the header file. */ #undef HAVE_SYSEXITS_H /* Define to 1 if you have the `syslog' function. */ #undef HAVE_SYSLOG /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_DIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_FILE_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_PARAM_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UIO_H /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the header file. */ #undef HAVE_VARARGS_H /* Does the system have vsnprintf()? */ #undef HAVE_VSNPRINTF /* define if your compiler has __attribute__ */ #undef HAVE___ATTRIBUTE__ /* Should we keep handle to Berkeley DB open in SASLDB plugin? */ #undef KEEP_DB_OPEN /* Ignore IP Address in Kerberos 4 tickets? */ #undef KRB4_IGNORE_IP_ADDRESS /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Where do we look for Courier authdaemond's socket? */ #undef PATH_AUTHDAEMON_SOCKET /* Where do we look for saslauthd's socket? */ #undef PATH_SASLAUTHD_RUNDIR /* Runtime plugin location */ #undef PLUGINDIR /* Force a preferred mechanism */ #undef PREFER_MECH /* Location of pwcheck socket */ #undef PWCHECKDIR /* Define as the return type of signal handlers (`int' or `void'). */ #undef RETSIGTYPE /* Use BerkeleyDB for SASLdb */ #undef SASL_BERKELEYDB /* Path to default SASLdb database */ #undef SASL_DB_PATH /* File to use for source of randomness */ #undef SASL_DEV_RANDOM /* Use GDBM for SASLdb */ #undef SASL_GDBM /* Use NDBM for SASLdb */ #undef SASL_NDBM /* The size of `long', as computed by sizeof. */ #undef SIZEOF_LONG /* Link ANONYMOUS Staticly */ #undef STATIC_ANONYMOUS /* Link CRAM-MD5 Staticly */ #undef STATIC_CRAMMD5 /* Link DIGEST-MD5 Staticly */ #undef STATIC_DIGESTMD5 /* Link GSSAPI Staticly */ #undef STATIC_GSSAPIV2 /* User KERBEROS_V4 Staticly */ #undef STATIC_KERBEROS4 /* Link ldapdb plugin Staticly */ #undef STATIC_LDAPDB /* Link LOGIN Staticly */ #undef STATIC_LOGIN /* Link NTLM Staticly */ #undef STATIC_NTLM /* Link OTP Staticly */ #undef STATIC_OTP /* Link PASSDSS Staticly */ #undef STATIC_PASSDSS /* Link PLAIN Staticly */ #undef STATIC_PLAIN /* Link SASLdb Staticly */ #undef STATIC_SASLDB /* Link SCRAM Staticly */ #undef STATIC_SCRAM /* Link SQL plugin staticly */ #undef STATIC_SQL /* Link SRP Staticly */ #undef STATIC_SRP /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME /* Should we try to dlopen() plugins while staticly compiled? */ #undef TRY_DLOPEN_WHEN_STATIC /* use the doors IPC API for saslauthd? */ #undef USE_DOORS /* Version number of package */ #undef VERSION /* Use DES */ #undef WITH_DES /* Linking against dmalloc? */ #undef WITH_DMALLOC /* Use internal RC4 implementation? */ #undef WITH_RC4 /* Use OpenSSL DES Implementation */ #undef WITH_SSL_DES /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif /* Define to `int' if does not define. */ #undef mode_t /* Define to `int' if does not define. */ #undef pid_t /* Create a struct iovec if we need one */ #if !defined(_WIN32) && !defined(HAVE_SYS_UIO_H) /* (win32 is handled in sasl.h) */ struct iovec { char *iov_base; long iov_len; }; #else #include #include #endif /* location of the random number generator */ #ifdef DEV_RANDOM #undef DEV_RANDOM #endif #define DEV_RANDOM SASL_DEV_RANDOM /* if we've got krb_get_err_txt, we might as well use it; especially since krb_err_txt isn't in some newer distributions (MIT Kerb for Mac 4 being a notable example). If we don't have it, we fall back to the krb_err_txt array */ #ifdef HAVE_KRB_GET_ERR_TEXT #define get_krb_err_txt krb_get_err_text #else #define get_krb_err_txt(X) (krb_err_txt[(X)]) #endif /* Make Solaris happy... */ #ifndef __EXTENSIONS__ #define __EXTENSIONS__ #endif /* Make Linux happy... */ #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #ifndef HAVE___ATTRIBUTE__ /* Can't use attributes... */ #define __attribute__(foo) #endif #define SASL_PATH_ENV_VAR "SASL_PATH" #define SASL_CONF_PATH_ENV_VAR "SASL_CONF_PATH" #include #include #include #ifndef WIN32 # include # ifdef HAVE_SYS_PARAM_H # include # endif #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif /* HAVE_SOCKLEN_T */ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE #define _SS_MAXSIZE 128 /* Implementation specific max size */ #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { struct sockaddr ss_sa; char __ss_pad2[_SS_PADSIZE]; }; # define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #ifndef AF_INET6 /* Define it to something that should never appear */ #define AF_INET6 AF_MAX #endif #ifndef HAVE_GETADDRINFO #define getaddrinfo sasl_getaddrinfo #define freeaddrinfo sasl_freeaddrinfo #define gai_strerror sasl_gai_strerror #endif #ifndef HAVE_GETNAMEINFO #define getnameinfo sasl_getnameinfo #endif #if !defined(HAVE_GETNAMEINFO) || !defined(HAVE_GETADDRINFO) #include "gai.h" #endif #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ #define AI_NUMERICHOST 4 #define NI_NUMERICHOST 2 #define NI_NAMEREQD 4 #define NI_NUMERICSERV 8 #endif /* Defined in RFC 1035. max strlen is only 253 due to length bytes. */ #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 255 #endif #ifndef HAVE_SYSEXITS_H #include "exits.h" #else #include "sysexits.h" #endif /* Get the correct time.h */ #if TIME_WITH_SYS_TIME # include # include #else # if HAVE_SYS_TIME_H # include # else # include # endif #endif #ifndef HIER_DELIMITER #define HIER_DELIMITER '/' #endif #endif /* CONFIG_H */ cyrus-sasl-2.1.25/INSTALL.TXT0000666000076400007640000000006510367732556012371 00000000000000For installation instructions, see doc/install.html. cyrus-sasl-2.1.25/COPYING0000666000076400007640000000350507761501567011717 00000000000000/* CMU libsasl * Tim Martin * Rob Earhart * Rob Siemborski */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ cyrus-sasl-2.1.25/dlcompat-20010505/0000777000076400007640000000000011632367343013430 500000000000000cyrus-sasl-2.1.25/java/0000777000076400007640000000000011632367341011652 500000000000000cyrus-sasl-2.1.25/java/doc/0000777000076400007640000000000011632367343012421 500000000000000cyrus-sasl-2.1.25/java/doc/.cvsignore0000666000076400007640000000005107276043732014337 00000000000000Makefile.in Makefile .deps .libs *.l[ao] cyrus-sasl-2.1.25/java/Test/0000777000076400007640000000000011632367342012572 500000000000000cyrus-sasl-2.1.25/java/Test/Handler.java0000666000076400007640000000404107617037402014730 00000000000000 import java.io.*; import javax.security.auth.callback.*; class Handler implements javax.security.auth.callback.CallbackHandler{ String authid; String userid; String password; String realm; public Handler() { } public Handler(String authid, String userid, String password, String realm) { this.authid = authid; this.userid = userid; this.password = password; this.realm = realm; } private String getinput(String prompt) { System.out.println(prompt); System.out.print(">"); String result=""; try { int c; do { c = System.in.read(); if (c!='\n') result+=(char)c; } while (c!='\n'); System.out.println("res = "+result); } catch (IOException e) { } return result; } private void getauthid(NameCallback c) { if (authid!=null) { c.setName(authid); return; } /* authid = System.getProperty("user.name"); if (authid!=null) { c.setName(authid); return; } */ c.setName( getinput(c.getPrompt())); } private void getpassword(PasswordCallback c) { if (password!=null) { c.setPassword(password.toCharArray()); return; } c.setPassword( (getinput("Enter password")).toCharArray()); } private void getrealm(RealmCallback c) { if (realm!=null) { c.setRealm(realm); return; } c.setRealm( getinput(c.getPrompt()) ); } public void invokeCallback(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { for (int lup=0;lup0) { /* read from keyboard */ arr = new byte[len+1]; System.in.read(arr,0,len); if (arr[len-1]=='\n') { arr[len-1]= (byte) '\r'; arr[len]= (byte) '\n'; } /* write out to stream */ saslout.write(arr); saslout.flush(); } else if ((len = saslin.available())>0) { /* read from socket */ arr = new byte[len]; saslin.read(arr); System.out.print(new String(arr)); } else { /* sleep */ } } } catch (SaslException e) { } catch (IOException e) { } } static void usage() { System.out.println("Usage:"); System.out.println("jimtest [-k minssf] [-l maxssf] [-m mech] [-p port] server"); System.exit(1); } public static void main (String args[]) { String[] mechs; SaslClient conn; String arg; int i = 0; int minssf = 0; int maxssf = 9999; String onemech = null; int port = 143; while ((i < (args.length-1) ) && (args[i].startsWith("-"))) { arg = args[i++]; // use this type of check for arguments that require arguments if (arg.equals("-k")) { if (i < args.length) minssf = Integer.parseInt(args[i++]); else { System.err.println("-k requires a number"); usage(); } } else if (arg.equals("-l")) { if (i < args.length) maxssf = Integer.parseInt(args[i++]); else { System.err.println("-l requires a number"); usage(); } } else if (arg.equals("-m")) { if (i < args.length) onemech = args[i++]; else { System.err.println("-m requires parameter"); usage(); } } else if (arg.equals("-p")) { if (i < args.length) port = Integer.parseInt(args[i++]); else { System.err.println("-p requires a number"); usage(); } } else { usage(); } } if (i != args.length-1) usage(); String servername = args[i]; if (connect(servername,port)==false) { System.out.println("Unable to connect to host: "+servername); System.exit(1); } mechs = askcapabilities(); if (onemech!=null) { mechs = new String[1]; mechs[0]=onemech; } conn = start_sasl(mechs,servername, s.getLocalAddress().getHostName(), minssf,maxssf); if (conn == null) { System.out.println("Authentication failed"); System.exit(1); } be_interactive(conn); } } cyrus-sasl-2.1.25/java/Test/ServerHandler.java0000666000076400007640000000406207617037402016122 00000000000000 import java.io.*; import javax.security.auth.callback.*; class ServerHandler implements javax.security.auth.callback.CallbackHandler{ String authid; String userid; String password; String realm; public ServerHandler() { } public ServerHandler(String authid, String userid, String password, String realm) { this.authid = authid; this.userid = userid; this.password = password; this.realm = realm; } private String getinput(String prompt) { System.out.println(prompt); System.out.print(">"); String result=""; try { int c; do { c = System.in.read(); if (c!='\n') result+=(char)c; } while (c!='\n'); System.out.println("res = "+result); } catch (IOException e) { } return result; } private void getauthid(NameCallback c) { if (authid!=null) { c.setName(authid); return; } /* authid = System.getProperty("user.name"); if (authid!=null) { c.setName(authid); return; } */ c.setName( getinput(c.getPrompt())); } private void getpassword(PasswordCallback c) { if (password!=null) { c.setPassword(password.toCharArray()); return; } c.setPassword( (getinput("Enter password")).toCharArray()); } private void getrealm(RealmCallback c) { if (realm!=null) { c.setRealm(realm); return; } c.setRealm( getinput(c.getPrompt()) ); } public void invokeCallback(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { for (int lup=0;lup classjavasasl.stamp install-javasaslJAVA: classjavasasl.stamp @$(NORMAL_INSTALL) test -z "$(javasasldir)" || $(MKDIR_P) "$(DESTDIR)$(javasasldir)" @test -n "$(javasasl_JAVA)" && test -n "$(javasasldir)" || exit 0; \ set x *.class; shift; test "$$1" != "*.class" || exit 0; \ echo " $(INSTALL_DATA)" "$$@" "'$(DESTDIR)$(javasasldir)/$$p'"; \ $(INSTALL_DATA) "$$@" "$(DESTDIR)$(javasasldir)" uninstall-javasaslJAVA: @$(NORMAL_UNINSTALL) @test -n "$(javasasl_JAVA)" && test -n "$(javasasldir)" || exit 0; \ set x *.class; shift; test "$$1" != "*.class" || exit 0; \ echo " ( cd '$(DESTDIR)$(javasasldir)' && rm -f" "$$@" ")"; \ cd "$(DESTDIR)$(javasasldir)" && rm -f "$$@" clean-javasaslJAVA: -rm -f *.class classjavasasl.stamp tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile classjavasasl.stamp installdirs: for dir in "$(DESTDIR)$(javasasldir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-javasaslJAVA clean-libtool \ mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-javasaslJAVA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-javasaslJAVA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic \ clean-javasaslJAVA clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am \ install-javasaslJAVA install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ uninstall-javasaslJAVA $(CLASSES): callback.stamp # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/java/javax/security/auth/Makefile.in0000666000076400007640000004776111631670663017602 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = java/javax/security/auth DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = callback all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu java/javax/security/auth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu java/javax/security/auth/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/java/javax/security/Makefile.am0000666000076400007640000000354507201111760016602 00000000000000################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ SUBDIRS = auth cyrus-sasl-2.1.25/java/javax/security/Makefile.in0000666000076400007640000004773611631670663016643 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = java/javax/security DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = auth all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu java/javax/security/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu java/javax/security/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/java/javax/Makefile.am0000666000076400007640000000355107201111760014730 00000000000000################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ SUBDIRS = security cyrus-sasl-2.1.25/java/javax/Makefile.in0000666000076400007640000004770711631670663014772 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = java/javax DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = security all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu java/javax/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu java/javax/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/java/README0000666000076400007640000000156007201111760012441 000000000000004-Nov-2000 after a "make install" class files are installed in $(prefix)/lib/java/classes/sasl to compile programs using it, do: javac -classpath /usr/java/lib/classes.zip:/usr/local/lib/java/classes/sasl .java (make sure to substitute your JDK for /usr/java/lib/classes.zip) to run, do java -classpath ---------------------------- This is a java version of the SASL libraries. It supports all the mechanisms in the C version and conforms to the internet draft in the doc/ directory. JNI is used. Sample applications exist in the Test/ directory. They generally can be run with something like: java -debug -classpath ../:/usr/java/lib/classes.zip:/usr/obj/sasl/java/:. jimtest -p 2143 -m KERBEROS_V4 cyrus-dev and java -debug -classpath ../:/usr/java/lib/classes.zip:/usr/obj/sasl/java/:. testserver Any feedback is welcome.cyrus-sasl-2.1.25/java/Makefile.in0000666000076400007640000004654711631670663013662 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the Java SASL library # Rob Earhart # ################################################################ # Copyright 1998 by Carnegie Mellon University # # All Rights Reserved # #Permission to use, copy, modify, and distribute this software and its #documentation for any purpose and without fee is hereby granted, #provided that the above copyright notice appear in all copies and that #both that copyright notice and this permission notice appear in #supporting documentation, and that the name of Carnegie Mellon University #not be used in advertising or publicity pertaining to distribution of the #software without specific, written prior permission. # #CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS #SOFTWARE, INCLUDING #ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, #IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, #INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM #LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE #OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR #PERFORMANCE OF THIS SOFTWARE. ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = java DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = CyrusSasl javax Test EXTRA_DIST = doc all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu java/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu java/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/java/CyrusSasl/0000777000076400007640000000000011632367342013603 500000000000000cyrus-sasl-2.1.25/java/CyrusSasl/SaslClientFactory.java0000666000076400007640000000054307065745616017772 00000000000000package CyrusSasl; import java.util.Hashtable; public interface SaslClientFactory { public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Hashtable props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException; } cyrus-sasl-2.1.25/java/CyrusSasl/GenericCommon.java0000666000076400007640000001636707617041637017134 00000000000000package CyrusSasl; import java.util.Hashtable; import java.net.*; /** * @version 1.0 * @author Tim Martin */ public abstract class GenericCommon { /* These are the jni functions called by the routines in common * see javasasl.c for their implementations */ private native void jni_sasl_set_prop_string(int ptr, int propnum, String value); private native void jni_sasl_set_prop_int(int ptr, int propnum, int value); private native void jni_sasl_set_prop_bytes(int ptr, int propnum, byte[] value); private native void jni_sasl_set_server(int ptr, byte []ipnum, int port); private native void jni_sasl_set_client(int ptr, byte []ipnum, int port); private native void jni_sasl_setSecurity(int ptr, int minssf, int maxssf); private native int jni_sasl_getSecurity(int ptr); private native byte[] jni_sasl_encode(int ptr, byte[] in,int len); private native byte[] jni_sasl_decode(int ptr, byte[] in,int len); private native void jni_sasl_dispose(int ptr); /** * security layer security strength factor */ public static int SASL_SSF =1; public static int SASL_MAXOUTBUF=2; /* security layer max output buf unsigned */ public static int SASL_REALM =3; /* server authentication realm used */ public static int SASL_GETOPTCTX=4; /* context for getopt callback */ /** * Local sockaddr_in (use setServer and setClient to set this) */ public static int SASL_IP_LOCAL =5; /** * Remote sockaddr_in (use setClient and setServer to set this) */ public static int SASL_IP_REMOTE =6; /** * External security factor (use setSecurity to set this) */ public static int SASL_SSF_EXTERNAL=100; public static int SASL_SEC_PROPS =101; /* sasl_security_properties_t */ int ptr; // this is the actual pointer to sasl_conn_t int ssfactive; // active ssf on this connection boolean finished; public boolean done() { return finished; } /** * Set a SASL property that takes a string value * * @param PROPERTY one of the property constants * @param value string value */ public void setproperty(int PROPERTY, String value) { jni_sasl_set_prop_string(ptr,PROPERTY,value); } /** * Set a SASL property that takes a integer value * * @param PROPERTY one of the property constants * @param value integer value */ public void setproperty(int PROPERTY, int value) { jni_sasl_set_prop_int(ptr,PROPERTY,value); } /** * Set a SASL property that takes a byte[] value * * @param PROPERTY one of the property constants * @param value byte[] value */ public void setproperty(int PROPERTY, byte[] value) { jni_sasl_set_prop_bytes(ptr,PROPERTY,value); } /** * Set the SASL properties for the server * This sets the IP address and port * * @param name String of name of server (e.g. cyrus.andrew.cmu.edu) * @param port port connected to on that server */ private boolean setRemoteIP(String name,int port) { byte[]ip=null; try { InetAddress server=InetAddress.getByName(name); ip=server.getAddress(); } catch (UnknownHostException e) { return false; } jni_sasl_set_server(ptr, ip, port); return true; } /** * Set the SASL properties for the client * This sets the IP address and port * * @param name String of local cannonical name (e.g. myhostname.andrew.cmu.edu) * @param port port connecting */ private boolean setLocalIP(String name, int port) { byte[]ip=null; try { InetAddress server=InetAddress.getByName(name); ip=server.getAddress(); } catch (UnknownHostException e) { return false; } jni_sasl_set_client(ptr, ip, port); return true; } /** * Set the SASL properties for the client * This sets the IP address and port * * @param local local InetAdress * @param port port connecting */ public boolean setClient(InetAddress local,int port) { byte[]ip=local.getAddress(); jni_sasl_set_client(ptr, ip, port); return true; } /** * Set the SASL properties for the client * This sets the IP address and port * The local IP address is determined with InetAddress.getLocalHost() * * @param port port connecting */ public boolean setClient(int port) { try { return setClient(InetAddress.getLocalHost(),port); } catch (UnknownHostException e) { return false; } } /** * Sets the security properties for the session * * @param external external security strength * @param minssf minimum security needed * @param maxssf maximum security to negotiate * * @return if the propery was set sucessfully or not */ public boolean setSecurity(int external, int minssf, int maxssf) { /* setproperty(SASL_SSF_EXTERNAL, external); */ jni_sasl_setSecurity(ptr,minssf,maxssf); return true; } public int getSecurity() { return jni_sasl_getSecurity(ptr); } /** * Encode a String with the negotiated layer * * @param in String to be encoded * @return the encoded string represented at a byte[] */ public byte[] encode(byte[] in) { byte[] out=jni_sasl_encode(ptr,in,in.length); return out; } /** * Decode a byte[] with the negotiated layer * * @param in byte[] to be decoded * @param len number of bytes to be decoded * @return the decoded string represented at a byte[] */ public byte[] decode(byte[] in, int len) { byte[] out=jni_sasl_decode(ptr,in,len); return out; } /** * Decode a String with the negotiated layer. NOTE: Be careful with * this function. International or high ascii characters may do strange * things. The byte[] method is preferred * * @param in String to be decoded * @return the decoded string represented at a byte[] */ public byte[] decode(String in) { return decode(in.getBytes(),in.length()); } protected void setcommonproperties(Hashtable props) { int i_ssfmin = 0; String s_ssfmin=(String) props.get("javax.security.sasl.encryption.minimum"); if (s_ssfmin!=null) i_ssfmin = Integer.parseInt(s_ssfmin); int i_ssfmax = 256; String s_ssfmax=(String) props.get("javax.security.sasl.encryption.maximum"); if (s_ssfmax!=null) i_ssfmax = Integer.parseInt(s_ssfmax); int i_external = 0; /* String external=(String) props.getProperty("security.policy.encryption.external", */ setSecurity(i_external, i_ssfmin, i_ssfmax); String iplocal = (String) props.get("javax.security.sasl.ip.local"); if (iplocal!=null) setLocalIP(iplocal,0); String ipremote = (String) props.get("javax.security.sasl.ip.remote"); if (ipremote!=null) setRemoteIP(ipremote,0); /* String maxbuf=props.getProperty("security.maxbuf","65000"); */ /* xxx this raises an exception for some reason setproperty(SASL_MAXOUTBUF,Integer.parseInt(maxbuf)); */ } final protected void finalize () throws Throwable { jni_sasl_dispose(ptr); } protected boolean complete = false; public boolean isComplete() { return complete; } /* called by JNI layer */ public void setcomplete(int a) { complete = true; } } cyrus-sasl-2.1.25/java/CyrusSasl/GenericClient.java0000666000076400007640000001125007671765316017113 00000000000000package CyrusSasl; import javax.security.auth.callback.*; import java.io.*; public class GenericClient extends GenericCommon implements SaslClient { private byte[]initial_response; private String mechanism; private boolean hasinitresp; private javax.security.auth.callback.CallbackHandler cbh; GenericClient(int cptr, String mechlist, java.util.Hashtable props, javax.security.auth.callback.CallbackHandler cbh) { ptr=cptr; this.cbh = cbh; /* set properties */ super.setcommonproperties(props); initial_response = jni_sasl_client_start(cptr, mechlist); } private native byte[] jni_sasl_client_start(int ptr, String mechlist); /** * Perform a step. start() must have been preformed succesfully * before this step() can be called. A client should call this * method until it receives notification from the server that * authentication is complete. Any protocol specific decoding (such * as base64 decoding) must be done before calling step(). The * return byte array should be encoded by the protocol specific * method then sent to the server * * @param challenge byte[] from server (must be protocol specific decode before) * @exception saslException sasl exception * @return the byte[] you should send to the server */ public byte[] evaluateChallenge(byte[] challenge) throws SaslException { /* xxx this should check for empty challenge & existing initial sasl challenge */ byte[] out=null; if (complete && challenge == null) { /* we're already done and there's no challenge */ return null; } if (challenge==null) { out=jni_sasl_client_step(ptr, null, 0); } else { out=jni_sasl_client_step(ptr, challenge, challenge.length); } return out; } private native byte[] jni_sasl_client_step(int ptr, byte[] in, int inlen); public boolean hasInitialResponse() { return hasinitresp; } /** * Use this method to obtain the name of the mechanism being * negotiated with the server. After giving start() a list of * mechanisms one will be chosen. Use this method to determine which * one if being used if any. * * @return the mechanism currently negotiated or already negotiated */ public String getMechanismName() { return mechanism; } /* called from C layer */ private void callback_setmechanism(String mech, int initresp) { mechanism = mech; hasinitresp = initresp != 0; } private String userid; private String authid; private String password; private String realm; private void do_callbacks(int wantuid, int wantaid, int wantpass, int wantrealm) throws SaslException { int numcb = wantuid+wantaid+wantpass+wantrealm; Callback[] cbs = new Callback[numcb]; int pos = 0; NameCallback nc = null; NameCallback nc2 = null; PasswordCallback pc = null; RealmCallback rc = null; if (wantuid==1) { nc = new NameCallback("Please enter your authorization id"); cbs[pos] = nc; pos++; } if (wantaid==1) { nc2 = new NameCallback("Please enter your authentication id"); cbs[pos] = nc2; pos++; } if (wantpass==1) { pc = new PasswordCallback("Please enter your password", false); cbs[pos] = pc; pos++; } if (wantrealm==1) { rc = new RealmCallback("Please enter your realm"); cbs[pos] = rc; pos++; } try { cbh.handle(cbs); } catch (UnsupportedCallbackException e) { throw new SaslException("Unsupported callback",null); } catch (IOException e) { throw new SaslException("IO exception",null); } if (nc!=null) { this.userid = nc.getName(); } if (nc2!=null) { this.authid = nc2.getName(); } if (pc!=null) { this.password = new String(pc.getPassword()); } if (rc!=null) { this.realm = rc.getRealm(); } } private String get_userid(int a) { return userid; } private String get_authid(int a) { return authid; } private String get_password(int a) { return password; } private String get_realm(int a) { return realm; } public InputStream getInputStream(InputStream source) throws IOException { if (getSecurity() > 0) { return new SaslInputStream(source,this); } else { // no security layer, no indirection needed return source; } } public OutputStream getOutputStream(OutputStream dest) throws IOException { if (getSecurity() > 0) { return new SaslOutputStream(dest,this); } else { // no security layer, no indirection needed return dest; } } public byte[] createInitialResponse(){ /* xxx this is deprecated */ return initial_response; } } cyrus-sasl-2.1.25/java/CyrusSasl/ServerFactory.java0000666000076400007640000000406007541706133017163 00000000000000package CyrusSasl; import java.util.Hashtable; import javax.security.auth.callback.*; class ServerFactory implements SaslServerFactory { private int localptr = 0; /* JNI functions */ private native int jni_sasl_server_init(String appname); private native int jni_sasl_server_new(String service, String local_domain, int secflags); public ServerFactory() { /* these parameters aren't needed for getting mech list */ localptr = jni_sasl_server_new("foo", "bar", 0); } private boolean init(String appname) { /* load library */ try { System.loadLibrary("javasasl"); } catch (UnsatisfiedLinkError e) { /* xxx */ System.out.println("Unable to load javasasl library"); } jni_sasl_server_init(appname); return true; } { init("javasasl application"); } public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Hashtable props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException { int cptr; cptr = jni_sasl_server_new(protocol, serverName, 0); if (cptr == 0) { throw new SaslException("Unable to create new Client connection object", new Throwable()); } return new GenericServer(cptr,mechanism,props,cbh); } private native String jni_sasl_server_getlist(int ptr, String prefix, String sep, String suffix); public String[] getMechanismNames() { if (localptr == 0) localptr = jni_sasl_server_new("foo", "bar", 0); String list = jni_sasl_server_getlist(localptr, "", "\n","\n"); /* count newlines */ int newlines = 0; int pos =0; while (pos < list.length()) { if (list.charAt(pos)=='\n') newlines++; pos++; } String[]ret = new String[newlines]; int num =0; pos =0; String temp=""; while (pos < list.length()) { if (list.charAt(pos)=='\n') { ret[num++]=temp; temp=new String(""); } else { temp+=list.charAt(pos); } pos++; } return ret; } } cyrus-sasl-2.1.25/java/CyrusSasl/javasasl.h0000666000076400007640000002004411175641745015504 00000000000000/* DO NOT EDIT THIS FILE - it is machine generated */ #include /* Header for class CyrusSasl_Sasl */ #ifndef _Included_CyrusSasl_Sasl #define _Included_CyrusSasl_Sasl #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_GenericClient */ #ifndef _Included_CyrusSasl_GenericClient #define _Included_CyrusSasl_GenericClient #ifdef __cplusplus extern "C" { #endif /* * Class: CyrusSasl_GenericClient * Method: jni_sasl_client_start * Signature: (ILjava/lang/String;)[B */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericClient_jni_1sasl_1client_1start (JNIEnv *, jobject, jint, jstring); /* * Class: CyrusSasl_GenericClient * Method: jni_sasl_client_step * Signature: (I[BI)[B */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericClient_jni_1sasl_1client_1step (JNIEnv *, jobject, jint, jbyteArray, jint); #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_ClientFactory */ #ifndef _Included_CyrusSasl_ClientFactory #define _Included_CyrusSasl_ClientFactory #ifdef __cplusplus extern "C" { #endif /* * Class: CyrusSasl_ClientFactory * Method: jni_sasl_client_init * Signature: (Ljava/lang/String;)I */ JNIEXPORT jint JNICALL Java_CyrusSasl_ClientFactory_jni_1sasl_1client_1init (JNIEnv *, jobject, jstring); /* * Class: CyrusSasl_ClientFactory * Method: jni_sasl_client_new * Signature: (Ljava/lang/String;Ljava/lang/String;IZ)I */ JNIEXPORT jint JNICALL Java_CyrusSasl_ClientFactory_jni_1sasl_1client_1new (JNIEnv *, jobject, jstring, jstring, jint, jboolean); #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_GenericCommon */ #ifndef _Included_CyrusSasl_GenericCommon #define _Included_CyrusSasl_GenericCommon #ifdef __cplusplus extern "C" { #endif /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_set_prop_string * Signature: (IILjava/lang/String;)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1string (JNIEnv *, jobject, jint, jint, jstring); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_set_prop_int * Signature: (III)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1int (JNIEnv *, jobject, jint, jint, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_set_prop_bytes * Signature: (II[B)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1bytes (JNIEnv *, jobject, jint, jint, jbyteArray); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_set_server * Signature: (I[BI)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1server (JNIEnv *, jobject, jint, jbyteArray, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_set_client * Signature: (I[BI)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1client (JNIEnv *, jobject, jint, jbyteArray, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_setSecurity * Signature: (III)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1setSecurity (JNIEnv *, jobject, jint, jint, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_getSecurity * Signature: (I)I */ JNIEXPORT jint JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1getSecurity (JNIEnv *, jobject, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_encode * Signature: (I[BI)[B */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1encode (JNIEnv *, jobject, jint, jbyteArray, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_decode * Signature: (I[BI)[B */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1decode (JNIEnv *, jobject, jint, jbyteArray, jint); /* * Class: CyrusSasl_GenericCommon * Method: jni_sasl_dispose * Signature: (I)V */ JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1dispose (JNIEnv *, jobject, jint); #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslClient */ #ifndef _Included_CyrusSasl_SaslClient #define _Included_CyrusSasl_SaslClient #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslClientFactory */ #ifndef _Included_CyrusSasl_SaslClientFactory #define _Included_CyrusSasl_SaslClientFactory #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslException */ #ifndef _Included_CyrusSasl_SaslException #define _Included_CyrusSasl_SaslException #ifdef __cplusplus extern "C" { #endif #undef CyrusSasl_SaslException_serialVersionUID #define CyrusSasl_SaslException_serialVersionUID -3042686055658047285LL #undef CyrusSasl_SaslException_serialVersionUID #define CyrusSasl_SaslException_serialVersionUID -3387516993124229948LL #undef CyrusSasl_SaslException_serialVersionUID #define CyrusSasl_SaslException_serialVersionUID 7818375828146090155LL #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslInputStream */ #ifndef _Included_CyrusSasl_SaslInputStream #define _Included_CyrusSasl_SaslInputStream #ifdef __cplusplus extern "C" { #endif #undef CyrusSasl_SaslInputStream_SKIP_BUFFER_SIZE #define CyrusSasl_SaslInputStream_SKIP_BUFFER_SIZE 2048L #undef CyrusSasl_SaslInputStream_DoEncrypt #define CyrusSasl_SaslInputStream_DoEncrypt 1L #undef CyrusSasl_SaslInputStream_DoDebug #define CyrusSasl_SaslInputStream_DoDebug 0L #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslOutputStream */ #ifndef _Included_CyrusSasl_SaslOutputStream #define _Included_CyrusSasl_SaslOutputStream #ifdef __cplusplus extern "C" { #endif #undef CyrusSasl_SaslOutputStream_DoEncrypt #define CyrusSasl_SaslOutputStream_DoEncrypt 1L #undef CyrusSasl_SaslOutputStream_DoDebug #define CyrusSasl_SaslOutputStream_DoDebug 0L #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslUtils */ #ifndef _Included_CyrusSasl_SaslUtils #define _Included_CyrusSasl_SaslUtils #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_ServerFactory */ #ifndef _Included_CyrusSasl_ServerFactory #define _Included_CyrusSasl_ServerFactory #ifdef __cplusplus extern "C" { #endif /* * Class: CyrusSasl_ServerFactory * Method: jni_sasl_server_init * Signature: (Ljava/lang/String;)I */ JNIEXPORT jint JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1init (JNIEnv *, jobject, jstring); /* * Class: CyrusSasl_ServerFactory * Method: jni_sasl_server_new * Signature: (Ljava/lang/String;Ljava/lang/String;I)I */ JNIEXPORT jint JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1new (JNIEnv *, jobject, jstring, jstring, jint); /* * Class: CyrusSasl_ServerFactory * Method: jni_sasl_server_getlist * Signature: (ILjava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; */ JNIEXPORT jstring JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1getlist (JNIEnv *, jobject, jint, jstring, jstring, jstring); #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslServerFactory */ #ifndef _Included_CyrusSasl_SaslServerFactory #define _Included_CyrusSasl_SaslServerFactory #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_SaslServer */ #ifndef _Included_CyrusSasl_SaslServer #define _Included_CyrusSasl_SaslServer #ifdef __cplusplus extern "C" { #endif #ifdef __cplusplus } #endif #endif /* Header for class CyrusSasl_GenericServer */ #ifndef _Included_CyrusSasl_GenericServer #define _Included_CyrusSasl_GenericServer #ifdef __cplusplus extern "C" { #endif /* * Class: CyrusSasl_GenericServer * Method: jni_sasl_server_start * Signature: (ILjava/lang/String;[BI)[B */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericServer_jni_1sasl_1server_1start (JNIEnv *, jobject, jint, jstring, jbyteArray, jint); /* * Class: CyrusSasl_GenericServer * Method: jni_sasl_server_step * Signature: (I[BI)[B */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericServer_jni_1sasl_1server_1step (JNIEnv *, jobject, jint, jbyteArray, jint); #ifdef __cplusplus } #endif #endif cyrus-sasl-2.1.25/java/CyrusSasl/SaslServerFactory.java0000666000076400007640000000054707070063130020002 00000000000000package CyrusSasl; import java.util.Hashtable; public interface SaslServerFactory { public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Hashtable props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException; public String[] getMechanismNames(); } cyrus-sasl-2.1.25/java/CyrusSasl/GenericServer.java0000666000076400007640000000341507242046466017137 00000000000000package CyrusSasl; import javax.security.auth.callback.*; import java.io.*; public class GenericServer extends GenericCommon implements SaslServer { private byte[]initial_response; private String mechanism; private javax.security.auth.callback.CallbackHandler cbh; private boolean started = false; /* JNI functions */ private native byte[] jni_sasl_server_start(int ptr, String mech, byte[]in, int inlen); private native byte[] jni_sasl_server_step(int ptr, byte[] in, int inlen); GenericServer(int cptr, String mechanism, java.util.Hashtable props, javax.security.auth.callback.CallbackHandler cbh) { ptr=cptr; this.cbh = cbh; this.mechanism = mechanism; started = false; /* set properties */ super.setcommonproperties(props); } public byte[] evaluateResponse(byte[] response) throws SaslException { byte[] out; byte[] in; int inlen; if (response == null) { in=null; inlen = 0; } else { in = response; inlen = response.length; } if (started == false) { out=jni_sasl_server_start(ptr, mechanism,in,inlen); started = true; } else { out=jni_sasl_server_step(ptr,in,inlen); } return out; } public String getMechanismName() { return mechanism; } public InputStream getInputStream(InputStream source) throws IOException { if (getSecurity() > 0) { return new SaslInputStream(source,this); } else { // no security layer, no indirection needed return source; } } public OutputStream getOutputStream(OutputStream dest) throws IOException { if (getSecurity() > 0) { return new SaslOutputStream(dest,this); } else { // no security layer, no indirection needed return dest; } } } cyrus-sasl-2.1.25/java/CyrusSasl/ClientFactory.java0000666000076400007640000000331307541706133017133 00000000000000package CyrusSasl; import java.util.Hashtable; import javax.security.auth.callback.*; class ClientFactory implements SaslClientFactory { public ClientFactory() { } /* JNI functions */ private native int jni_sasl_client_init(String appname); private native int jni_sasl_client_new(String service, String serverFQDN, int secflags, boolean successdata); private boolean init_client(String appname) { /* load library */ try { System.loadLibrary("javasasl"); } catch (UnsatisfiedLinkError e) { /* xxx */ System.out.println("Unable to load javasasl library"); } jni_sasl_client_init(appname); return true; } /* initialize the client when the class is loaded */ { init_client("javasasl application"); } public SaslClient createSaslClient(String[] mechanisms, String authorizationId, String protocol, String serverName, Hashtable props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException { int cptr; boolean successdata = true; // here's a list of protocols we know don't have success data if (protocol.equals("imap") || protocol.equals("pop3") || protocol.equals("smtp")) { successdata = false; } cptr = jni_sasl_client_new(protocol, serverName, 0, successdata); if (cptr == 0) { throw new SaslException("Unable to create new Client connection object", new Throwable()); } /* create the mechlist the way our library likes to see it */ String mechlist=""; for (int lup=0;lup 1) ina = 1; return size + ina; } private void buffer_add(byte[] str,int len) throws IOException { if (str == null) { // nothing to add return; } byte[] b = str; /* xxx this can be optimized */ for (int lup=0;lup= BUFFERSIZE) { throw new IOException(); } } } private void buffer_add(byte[] str) throws IOException { buffer_add(str,str.length); } private void readsome() throws IOException { int len=in.available(); if (DoDebug) { System.err.println("DEBUG in readsome(), avail " + len); } if (len > BUFFERSIZE || len == 0) len = BUFFERSIZE; byte[]tmp=new byte[len]; len = in.read(tmp); if (len>0) { if (DoEncrypt) { buffer_add( conn.decode(tmp,len) ); } else { buffer_add(tmp, len); } } } public synchronized void close() throws IOException { super.close(); } public synchronized void reset() throws IOException { throw new IOException(); } public synchronized void mark(int readlimit) { return; } public boolean markSupported() { return false; } /* read a single byte */ public synchronized int read() throws IOException { int ret; if (DoDebug) { System.err.println("DEBUG in read(), size " + size); } if (size == 0) { readsome(); } if (size == 0) { if (DoDebug) { System.err.println("DEBUG read() returning -1"); } return -1; } ret = buffer[bufferstart]; bufferstart = (bufferstart + 1) % BUFFERSIZE; size--; if (DoDebug) { System.err.println("DEBUG read() returning " + ret); } return ret; } public synchronized int read(byte b[]) throws IOException { return read(b,0,b.length); } public synchronized int read(byte b[], int off, int len) throws IOException { if (DoDebug) { System.err.println("DEBUG in read(b, off, len), size " + size); } if (off < 0 || len < 0) { throw new IndexOutOfBoundsException(); } if (len == 0) { return 0; } // block only if we need to if (size == 0) { readsome(); if (size == 0) { if (DoDebug) { System.err.println("DEBUG read(b, off, len) returning -1"); } return -1; } } int l; for (l = off; l < len + off; l++) { if (bufferstart == bufferend) break; b[l] = buffer[bufferstart]; bufferstart = (bufferstart + 1) % BUFFERSIZE; size--; } if (DoDebug) { System.err.println("DEBUG read() returning " + (l - off)); } return l - off; } public synchronized long skip(long n) throws IOException { if (n<=0) return 0; long toskip = n; while (toskip > 0) { if (size == 0) { readsome(); if (size == 0) { return n - toskip; } } if (toskip > size) { toskip -= size; bufferstart = bufferend = size = 0; } else { // we've got all the data we need to skip size -= toskip; bufferstart = (int) ((bufferstart + toskip) % BUFFERSIZE); } } // skipped the full amount return n; } } cyrus-sasl-2.1.25/java/CyrusSasl/Sasl.java0000666000076400007640000000701507074204772015275 00000000000000package CyrusSasl; import java.util.Hashtable; import javax.security.auth.callback.*; public class Sasl { private static SaslClientFactory client_factory = null; private static SaslServerFactory server_factory = null; /* Creates a SaslClient using the parameters supplied. It returns null if no SaslClient can be created using the parameters supplied. Throws SaslException if it cannot create a SaslClient because of an error. The algorithm for selection is as follows: 1. If a factory has been installed via setSaslClientFactory(), try it first. If non-null answer produced, return it. 2. Use the packages listed in the javax.security.sasl.client.pkgs property from props to load in a factory and try to create a SaslClient, by looking for a class named ClientFactory. Repeat this for each package on the list until a non-null answer is produced. If non-null answer produced, return it. 3. Repeat previous step using the javax.security.sasl.client.pkgs System property. 4. If no non-null answer produced, return null. Parameters are: mechanisms The non-null list of mechanism names to try. Each is the IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5"). authorizationID The possibly null protocol-dependent identification to be used for authorization, e.g. user name or distinguished name. When the SASL authentication completes successfully, the entity named by authorizationId is granted access. If null, access is granted to a protocol-dependent default (for example, in LDAP this is the DN in the bind request). protocol The non-null string name of the protocol for which the authentication is being performed, e.g "pop", "ldap". serverName The non-null fully qualified host name of the server to authenticate to. props The possibly null additional configuration properties for the session, e.g. */ public static SaslClient createSaslClient(String[] mechanisms, String authorizationID, String protocol, String serverName, Hashtable props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException { if (client_factory == null) { client_factory = new ClientFactory(); } return client_factory.createSaslClient(mechanisms, authorizationID, protocol, serverName, props, cbh); } public static void setSaslClientFactory(SaslClientFactory fac) { client_factory = fac; } public static void setSaslServerFactory(SaslServerFactory fac) { server_factory = fac; } public static SaslServer CreateSaslServer(String mechanism, String protocol, String serverName, Hashtable props, javax.security.auth.callback.CallbackHandler cbh) throws SaslException { if (server_factory == null) { server_factory = new ServerFactory(); } return server_factory.createSaslServer(mechanism, protocol, serverName, props, cbh); } public static String[] getMechanismNames() { if (server_factory == null) { server_factory = new ServerFactory(); } return server_factory.getMechanismNames(); } } cyrus-sasl-2.1.25/java/CyrusSasl/SaslServer.java0000666000076400007640000000057607070063202016454 00000000000000package CyrusSasl; import java.io.*; public interface SaslServer { public byte[] evaluateResponse(byte[] challenge) throws SaslException; public boolean isComplete(); public String getMechanismName(); public InputStream getInputStream(InputStream source) throws IOException; public OutputStream getOutputStream(OutputStream dest) throws IOException; } cyrus-sasl-2.1.25/java/CyrusSasl/SaslOutputStream.java0000666000076400007640000000444107375273236017677 00000000000000package CyrusSasl; import java.io.*; public class SaslOutputStream extends OutputStream { static final boolean DoEncrypt = true; static final boolean DoDebug = false; private static int MAXBUFFERSIZE=1000; private GenericCommon conn; OutputStream out; private byte[] buffer=new byte[MAXBUFFERSIZE]; private int buffersize=0; public SaslOutputStream(OutputStream out, GenericCommon conn) { if (DoDebug) { System.err.println("DEBUG constructing SaslOutputStream"); } this.conn=conn; this.out=out; } private void write_if_size() throws IOException { if (DoDebug) { System.err.println("DEBUG write_if_size(): buffersize " + buffersize); } if ( buffersize >=MAXBUFFERSIZE) flush(); } public synchronized void write(int b) throws IOException { buffer[buffersize]=(byte) b; buffersize++; write_if_size(); } public synchronized void write(byte b[]) throws IOException { write(b,0,b.length); } public synchronized void write(byte b[], int off, int len) throws IOException { if (DoDebug) { System.err.println("DEBUG writing() len " + len); } if (len+buffersize < MAXBUFFERSIZE) { for (int lup=0;lup #include #include #include #include #include #include #include #include #include #include "javasasl.h" #define VL(x) /* printf x */ static JNIEnv *globalenv; static jobject globalobj; static int setcomplete(JNIEnv *env, jobject obj); static void throwexception(JNIEnv *env, int error) { jclass newExcCls; VL (("Throwing exception!\n")); newExcCls = (*env)->FindClass(env, "CyrusSasl/SaslException"); if (newExcCls == 0) { return; } (*env)->ThrowNew(env, newExcCls, sasl_errstring(error,NULL,NULL)); } /* server init */ JNIEXPORT jint JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1init (JNIEnv *env, jobject obj __attribute__((unused)), jstring jstr) { /* Obtain a C-copy of the Java string */ const char *str = (*env)->GetStringUTFChars(env, jstr, 0); int result; result=sasl_server_init(NULL,str); if (result!=SASL_OK) throwexception(env,result); /* Now we are done with str */ (*env)->ReleaseStringUTFChars(env, jstr, str); return result; } static int log(void *context __attribute__((unused)), int priority, const char *message) { const char *label; jstring jlabel, jmessage; jclass cls; jmethodID mid; if (! message) return SASL_BADPARAM; switch (priority) { case SASL_LOG_ERR: label = "Error"; break; case SASL_LOG_WARN: label = "Warning"; break; case SASL_LOG_NOTE: label = "Note"; break; case SASL_LOG_FAIL: label = "Fail"; break; case SASL_LOG_PASS: label = "Pass"; break; case SASL_LOG_TRACE: label = "Trace"; break; case SASL_LOG_DEBUG: label = "Debug"; break; default: return SASL_BADPARAM; } VL(("I have message %s\n",message)); VL(("Trying to call log callback\n")); cls = (*globalenv)->GetObjectClass(globalenv, globalobj); mid = (*globalenv)->GetMethodID(globalenv, cls, "callback_log", "(Ljava/lang/String;Ljava/lang/String;)V"); if (mid == 0) { return SASL_FAIL; } /* make label into a java string */ jlabel= (*globalenv)->NewStringUTF(globalenv,label); /* make message into a java string */ jmessage= (*globalenv)->NewStringUTF(globalenv,message); /* call java */ (*globalenv)->CallVoidMethod(globalenv, globalobj, mid, jlabel, jmessage); /* Now we are done with jlabel */ (*globalenv)->ReleaseStringUTFChars(globalenv, jlabel, label); /* Now we are done with jmessage */ (*globalenv)->ReleaseStringUTFChars(globalenv, jmessage, message); VL(("done with log callback")); return SASL_OK; } static sasl_callback_t callbacks[] = { { SASL_CB_LOG, &log, NULL }, { SASL_CB_PASS, NULL, NULL }, { SASL_CB_USER, NULL, NULL /* we'll handle these ourselves */ }, { SASL_CB_AUTHNAME, NULL, NULL /* we'll handle these ourselves */ }, { /* TODO SASL_CB_ECHOPROMPT, &prompt, NULL }, { SASL_CB_NOECHOPROMPT, &prompt, NULL }, { */ SASL_CB_LIST_END, NULL, NULL } }; /* client init */ JNIEXPORT jint JNICALL Java_CyrusSasl_ClientFactory_jni_1sasl_1client_1init (JNIEnv *env, jobject obj __attribute__((unused)), jstring jstr) { /* Obtain a C-copy of the Java string */ const char *str = (*env)->GetStringUTFChars(env, jstr, 0); int result; VL(("client initing\n")); result=sasl_client_init(callbacks); if (result!=SASL_OK) throwexception(env,result); /* Now we are done with str */ (*env)->ReleaseStringUTFChars(env, jstr, str); return result; } /* server new */ JNIEXPORT jint JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1new (JNIEnv *env, jobject obj __attribute__((unused)), jstring jservice, jstring jlocal, jint jsecflags) { sasl_conn_t *conn; const char *service = (*env)->GetStringUTFChars(env, jservice, 0); const char *local_domain = (*env)->GetStringUTFChars(env, jlocal, 0); const char *user_domain = NULL; int result; if (local_domain) { VL(("local domain = %s\n",local_domain)); } if (user_domain) { VL(("user domain = %s\n",user_domain)); } result=sasl_server_new(service, local_domain, user_domain, NULL, NULL, NULL, jsecflags, &conn); if (result!=SASL_OK) throwexception(env,result); /* Now we are done with str */ (*env)->ReleaseStringUTFChars(env, jservice, service); (*env)->ReleaseStringUTFChars(env, jlocal, local_domain); return (jint) conn; } JNIEXPORT jint JNICALL JNICALL Java_CyrusSasl_ClientFactory_jni_1sasl_1client_1new (JNIEnv *env, jobject obj __attribute__((unused)), jstring jservice, jstring jserver, jint jsecflags, jboolean successdata) { sasl_conn_t *conn; const char *service = (*env)->GetStringUTFChars(env, jservice, 0); const char *serverFQDN = (*env)->GetStringUTFChars(env, jserver, 0); int result; result=sasl_client_new(service, serverFQDN, NULL, NULL, NULL, jsecflags | (successdata ? SASL_SUCCESS_DATA : 0), &conn); if (result!=SASL_OK) throwexception(env,result); /* Now we are done with str */ (*env)->ReleaseStringUTFChars(env, jservice, service); (*env)->ReleaseStringUTFChars(env, jserver, serverFQDN); return (jint) conn; } /* server start */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericServer_jni_1sasl_1server_1start (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jstring jstr, jbyteArray jarr, jint jlen) { sasl_conn_t *conn; const char *mech = (*env)->GetStringUTFChars(env, jstr, 0); const char *out; unsigned int outlen; int result; jbyteArray arr; char *tmp; char *in=NULL; VL(("in server start\n")); if (jarr!=NULL) in = (*env)->GetByteArrayElements(env, jarr, 0); conn=(sasl_conn_t *) ptr; result=sasl_server_start(conn, mech, (const char *) in, jlen, &out, &outlen); if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) { throwexception(env,result); return NULL; } /* Because SASLv2 does not allow for persistance, we'll copy * it here */ tmp = malloc(outlen); if(!tmp) { throwexception(env, SASL_NOMEM); return NULL; } memcpy(tmp, out, outlen); arr=(*env)->NewByteArray(env,outlen); (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); return arr; } static int getvalue(JNIEnv *env, jobject obj, char *funcname, char **result, int *len) { jclass cls; jmethodID mid; const char *str; jstring jstr; /* set up for java callback */ cls = (*env)->GetObjectClass(env, obj); mid = (*env)->GetMethodID(env, cls, funcname, "(I)Ljava/lang/String;"); if (mid == 0) { VL(("Can't find %s callback!!!\n",funcname)); return SASL_FAIL; } VL(("do the callback\n")); jstr = (jstring) (*env)->CallObjectMethod(env, obj, mid); if (jstr) { VL(("convert the result string into a char *\n")); str = (*env)->GetStringUTFChars(env, jstr, 0); /* copy password into the result */ *result=(char *) malloc( strlen(str)); strcpy(*result, str); *len=strlen(str); /* Now we are done with str */ (*env)->ReleaseStringUTFChars(env, jstr, str); } else { *result = NULL; *len = 0; } return SASL_OK; } static int callall_callbacks(JNIEnv *env, jobject obj, int calluid,int callaid, int callpass,int callrealm) { jclass cls; jmethodID mid; /* set up for java callback */ cls = (*env)->GetObjectClass(env, obj); mid = (*env)->GetMethodID(env, cls, "do_callbacks", "(IIII)V"); if (mid == 0) { VL(("Can't find do_callbacks callback!!!\n")); return SASL_FAIL; } /* do the callback */ (*env)->CallVoidMethod(env, obj, mid,calluid,callaid,callpass,callrealm); VL(("callall_callbacks worked\n")); return SASL_OK; } /* * Fills in all the prompts by doing callbacks to java * returns SASL_INTERACT on sucess */ static int fillin_interactions(JNIEnv *env, jobject obj, sasl_interact_t *tlist) { sasl_interact_t *ptr=tlist; sasl_interact_t *uid=NULL; int is_uid = 0; sasl_interact_t *aid=NULL; int is_aid = 0; sasl_interact_t *pass=NULL;int is_pass = 0; sasl_interact_t *realm=NULL; int is_realm = 0; /* First go through the prompt list to see what we have */ while (ptr->id!=SASL_CB_LIST_END) { if (ptr->id==SASL_CB_PASS) { pass=ptr; is_pass = 1; } if (ptr->id==SASL_CB_AUTHNAME) { aid=ptr; is_aid = 1; } if (ptr->id==SASL_CB_USER) { uid=ptr; is_uid = 1; } if (ptr->id==SASL_CB_GETREALM) { realm = ptr; is_realm = 1; } ptr->result=NULL; /* increment to next sasl_interact_t */ ptr++; } callall_callbacks(env,obj,is_uid,is_aid,is_pass,is_realm); if (is_pass) { VL(("in is_pass\n")); getvalue(env,obj,"get_password",(char **) &(pass->result),(int *) &(pass->len)); } if (is_aid) { VL(("in is_aid\n")); getvalue(env,obj,"get_authid",(char **) &(aid->result),(int *) &(aid->len)); } if (is_uid) { VL(("in is_uid\n")); getvalue(env,obj,"get_userid",(char **) &(uid->result),(int *) &(uid->len)); } if (is_realm) { VL(("in is_realm\n")); getvalue(env,obj,"get_realm",(char **) &(realm->result),(int *) &(realm->len)); } /* everything should now be filled in (i think) */ VL(("everything should now be filled in (i think)\n")); return SASL_INTERACT; } /* client start */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericClient_jni_1sasl_1client_1start(JNIEnv *env, jobject obj, jint ptr, jstring jstr) { sasl_conn_t *conn=(sasl_conn_t *) ptr; const char *mechlist = (*env)->GetStringUTFChars(env, jstr, 0); const char *out; unsigned int outlen=0; const char *mechusing; int result; sasl_interact_t *client_interact=NULL; char *tmp; jbyteArray arr; jstring jmechusing; jclass cls; jmethodID mid; VL(("sasl_start")); do { result=sasl_client_start(conn, mechlist, &client_interact, &out, &outlen, &mechusing); if (result==SASL_INTERACT) { int res2 = fillin_interactions(env,obj,client_interact); } } while (result==SASL_INTERACT); /* ok release mechlist */ (*env)->ReleaseStringUTFChars(env, jstr, mechlist); if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) { throwexception(env,result); return NULL; } /* tell the java layer what mechanism we're using */ /* set up for java callback */ cls = (*env)->GetObjectClass(env, obj); mid = (*env)->GetMethodID(env, cls, "callback_setmechanism", "(Ljava/lang/String;I)V"); if (mid == 0) { throwexception(env,SASL_FAIL); return NULL; } VL(("mechusing=%s\n",mechusing)); /* make into mech */ jmechusing= (*env)->NewStringUTF(env,mechusing); /* do the callback */ (*env)->CallVoidMethod(env, obj, mid,jmechusing); /* Because SASLv2 does not allow for persistance, we'll copy * it here */ tmp = malloc(outlen); if(!tmp) { throwexception(env, SASL_NOMEM); return NULL; } memcpy(tmp, out, outlen); arr=(*env)->NewByteArray(env,outlen); (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); return arr; } /* server step */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericServer_jni_1sasl_1server_1step (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jbyteArray jarr, jint jlen) { sasl_conn_t *conn=(sasl_conn_t *) ptr; int result; const char *out; unsigned int outlen; jbyteArray arr; char *in = NULL; char *tmp; if (jlen > 0) in = (*env)->GetByteArrayElements(env, jarr, 0); result=sasl_server_step(conn, (const char *) in, jlen, &out, &outlen); if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) { VL (("Throwing exception! %d\n",result)); /* throw exception */ throwexception(env,result); return NULL; } if (result == SASL_OK) { setcomplete(env,obj); } if (jlen > 0) (*env)->ReleaseByteArrayElements(env, jarr,in ,0); /* Because SASLv2 does not allow for persistance, we'll copy * it here */ tmp = malloc(outlen); if(!tmp) { throwexception(env, SASL_NOMEM); return NULL; } memcpy(tmp, out, outlen); arr=(*env)->NewByteArray(env,outlen); (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); return arr; } /* * Tell client we're done */ static int setcomplete(JNIEnv *env, jobject obj) { jclass cls; jmethodID mid; VL (("Complete!\n")); /* set up for java callback */ cls = (*env)->GetObjectClass(env, obj); mid = (*env)->GetMethodID(env, cls, "setcomplete", "(I)V"); if (mid == 0) { VL(("Can't find do_callbacks callback!!!\n")); return SASL_FAIL; } /* do the callback */ (*env)->CallVoidMethod(env, obj, mid, 5); return SASL_OK; } /* client step */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericClient_jni_1sasl_1client_1step (JNIEnv *env, jobject obj, jint ptr, jbyteArray jarr, jint jlen) { sasl_conn_t *conn=(sasl_conn_t *) ptr; /* const char *in = (*env)->GetStringUTFChars(env, jstr, 0);*/ int result; sasl_interact_t *client_interact=NULL; const char *out; unsigned int outlen; jbyteArray arr; char *in; char *tmp; VL(("in client step\n")); if (jarr) { in = (*env)->GetByteArrayElements(env, jarr, 0); in[jlen]=0; } else { assert(jlen == 0); in = NULL; } VL(("in client step 2\n")); globalenv=env; globalobj=obj; do { result=sasl_client_step(conn, (const char *) in, jlen, &client_interact, &out, &outlen); VL(("in client step 3\n")); if (result==SASL_INTERACT) { result = fillin_interactions(env,obj,client_interact); } } while (result==SASL_INTERACT); if ((result!=SASL_OK) && (result!=SASL_CONTINUE)) { /* throw exception */ VL (("Throwing exception %d\n",result)); throwexception(env,result); return NULL; } if (result == SASL_OK) { VL (("Setting complete\n")); setcomplete(env,obj); } if (jarr) { VL(("about to releasebytearrayelements\n")); (*env)->ReleaseByteArrayElements(env, jarr,in ,0); } /* Because SASLv2 does not allow for persistance, we'll copy * it here */ tmp = malloc(outlen); if(!tmp) { throwexception(env, SASL_NOMEM); return NULL; } VL(("in client step 4\n")); memcpy(tmp, out, outlen); arr=(*env)->NewByteArray(env,outlen); (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); VL(("returning arr\n")); return arr; } JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1string (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jint propnum, jstring val) { sasl_conn_t *conn=(sasl_conn_t *) ptr; const char *value = (*env)->GetStringUTFChars(env, val, 0); int result=sasl_setprop(conn, propnum, value); if (result!=SASL_OK) throwexception(env,result); } JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1int (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jint propnum, jint jval) { sasl_conn_t *conn=(sasl_conn_t *) ptr; int value=jval; int result; VL(("sasl conn = %d\n",conn)); VL (("propnum = %d\n",propnum)); result=sasl_setprop(conn, propnum, &value); VL (("setprop returned %d\n",result)); if (result!=SASL_OK) throwexception(env,result); } JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1prop_1bytes (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jint propnum, jbyteArray jarr) { char *value = (*env)->GetByteArrayElements(env, jarr, 0); sasl_conn_t *conn=(sasl_conn_t *) ptr; int result; result=sasl_setprop(conn, propnum, value); if (result!=SASL_OK) throwexception(env,result); } /* encode */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1encode (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jbyteArray jarr, jint jlen) { sasl_conn_t *conn=(sasl_conn_t *) ptr; char *in = (*env)->GetByteArrayElements(env, jarr, 0); const char *out; unsigned int outlen; char *tmp; int result; jbyteArray arr; result=sasl_encode(conn,(const char *) in, jlen, &out, &outlen); if (result!=SASL_OK) throwexception(env,result); /* Because SASLv2 does not allow for persistance, we'll copy * it here */ tmp = malloc(outlen); if(!tmp) { throwexception(env, SASL_NOMEM); return NULL; } memcpy(tmp, out, outlen); arr=(*env)->NewByteArray(env,outlen); (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); return arr; } /* decode */ JNIEXPORT jbyteArray JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1decode (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jbyteArray jarr, jint jlen) { sasl_conn_t *conn=(sasl_conn_t *) ptr; char *in = (*env)->GetByteArrayElements(env, jarr, 0); const char *out; unsigned int outlen=9; char *tmp; int inlen=jlen; int result; jbyteArray arr; result=sasl_decode(conn, (const char *) in, inlen, &out, &outlen); if (result!=SASL_OK) throwexception(env,result); /* Because SASLv2 does not allow for persistance, we'll copy * it here */ tmp = malloc(outlen); if(!tmp) { throwexception(env, SASL_NOMEM); return NULL; } memcpy(tmp, out, outlen); arr=(*env)->NewByteArray(env,outlen); (*env)->SetByteArrayRegion(env,arr, 0, outlen, (char *)tmp); (*env)->ReleaseByteArrayElements(env, jarr, in,0); return arr; } /*JNIEXPORT jbyteArray JNICALL Java_sasl_saslServerConn_jni_1sasl_1server_1decode (JNIEnv *env, jobject obj, jint ptr, jbyteArray in, jint inlen) { return Java_sasl_saslClientConn_jni_1sasl_1client_1decode(env,obj,ptr,in,inlen); }*/ JNIEXPORT void JNICALL Java_CyrusSasl_CommonConn_jni_1sasl_1dispose (JNIEnv *env __attribute__((unused)), jobject obj __attribute__((unused)), jint ptr) { sasl_conn_t *conn=(sasl_conn_t *) ptr; sasl_dispose(&conn); } JNIEXPORT jstring JNICALL Java_CyrusSasl_ServerFactory_jni_1sasl_1server_1getlist (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jstring jpre, jstring jsep, jstring jsuf) { sasl_conn_t *conn=(sasl_conn_t *) ptr; const char *pre = (*env)->GetStringUTFChars(env, jpre, 0); const char *sep = (*env)->GetStringUTFChars(env, jsep, 0); const char *suf = (*env)->GetStringUTFChars(env, jsuf, 0); const char *list; unsigned int plen; jstring ret; int result=sasl_listmech(conn, NULL, pre, sep, suf, &list, &plen, NULL); if (result!=SASL_OK) { throwexception(env,result); return NULL; } ret= (*env)->NewStringUTF(env,list); if (ret==NULL) throwexception(env, -1); return ret; } JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1server (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jbyteArray jarr, jint jport) { sasl_conn_t *conn=(sasl_conn_t *) ptr; unsigned char *ip = (*env)->GetByteArrayElements(env, jarr, 0); char out[52]; int result; sprintf(out, "%d.%d.%d.%d;%d", ip[0], ip[1], ip[2], ip[3], (int)jport); result=sasl_setprop(conn, SASL_IPREMOTEPORT, out); VL(("Set IP_REMOTE: %s: %d\n",out, result)); /* if not set throw an exception */ if (result!=SASL_OK) throwexception(env,result); } JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1set_1client (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jbyteArray jarr, jint jport) { sasl_conn_t *conn=(sasl_conn_t *) ptr; unsigned char *ip = (*env)->GetByteArrayElements(env, jarr, 0); char out[52]; int result; sprintf(out, "%d.%d.%d.%d;%d", ip[0], ip[1], ip[2], ip[3], (int)jport); result=sasl_setprop(conn, SASL_IPLOCALPORT, out); VL(("Set IP_LOCAL: %s: %d\n",out, result)); /* if not set throw and exception */ if (result!=SASL_OK) throwexception(env,result); } /* allocate a secprops structure */ static sasl_security_properties_t *make_secprops(int min,int max) { sasl_security_properties_t *ret=(sasl_security_properties_t *) malloc(sizeof(sasl_security_properties_t)); ret->maxbufsize=1024; ret->min_ssf=min; ret->max_ssf=max; ret->security_flags=0; ret->property_names=NULL; ret->property_values=NULL; return ret; } JNIEXPORT void JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1setSecurity (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr, jint minssf, jint maxssf) { int result=SASL_FAIL; sasl_conn_t *conn=(sasl_conn_t *) ptr; sasl_security_properties_t *secprops=NULL; /* set sec props */ secprops=make_secprops(minssf,maxssf); if (secprops!=NULL) result=sasl_setprop(conn, SASL_SEC_PROPS, secprops); /* if not set throw and exception */ if (result!=SASL_OK) throwexception(env,result); } JNIEXPORT jint JNICALL Java_CyrusSasl_GenericCommon_jni_1sasl_1getSecurity (JNIEnv *env, jobject obj __attribute__((unused)), jint ptr) { int r = SASL_FAIL; sasl_conn_t *conn = (sasl_conn_t *) ptr; int *ssfp; r = sasl_getprop(conn, SASL_SSF, (const void **) &ssfp); if (r != SASL_OK) { throwexception(env, r); } return *ssfp; } cyrus-sasl-2.1.25/java/CyrusSasl/Makefile.am0000666000076400007640000000473210006240505015546 00000000000000# Makefile.am for the Java SASL library # Rob Earhart # ################################################################ # Copyright 1998 by Carnegie Mellon University # # All Rights Reserved # #Permission to use, copy, modify, and distribute this software and its #documentation for any purpose and without fee is hereby granted, #provided that the above copyright notice appear in all copies and that #both that copyright notice and this permission notice appear in #supporting documentation, and that the name of Carnegie Mellon University #not be used in advertising or publicity pertaining to distribution of the #software without specific, written prior permission. # #CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS #SOFTWARE, INCLUDING #ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, #IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, #INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM #LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE #OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR #PERFORMANCE OF THIS SOFTWARE. ################################################################ javasasl_version = 1:0:0 javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl javahtmldir = $(prefix)/html/sasl INCLUDES=-I$(top_srcdir)/include $(JAVA_INCLUDES) javasasl_JAVA = Sasl.java GenericClient.java \ ClientFactory.java \ GenericCommon.java SaslClient.java \ SaslClientFactory.java SaslException.java \ SaslInputStream.java SaslOutputStream.java\ SaslUtils.java ServerFactory.java \ SaslServerFactory.java SaslServer.java \ GenericServer.java EXTRA_DIST = $(javasasl_JAVA) CLASSES = $(javasasl_JAVA:.java=.class) lib_LTLIBRARIES = libjavasasl.la libjavasasl_la_SOURCES = javasasl.h javasasl.c libjavasasl_la_LDFLAGS = -export_dynamic -L../../lib/.libs -lsasl2 -version-info $(javasasl_version) $(wildcard ../lib/*.lo) BUILT_SOURCES = javasasl.h $(CLASSES) $(srcdir)/javasasl.c: javasasl.h javasasl.h: $(CLASSES) $(CLASSPATH_ENV) $(JAVAH) -o $@ -jni $(patsubst %.class,CyrusSasl.%,$^) # force build of class files $(CLASSES): classjavasasl.stamp #install-data-local: # xxx broken # $(mkinstalldirs) $(javahtmldir) # $(CLASSPATH_ENV) $(JAVADOC) -d $(javahtmldir) sasl # -if test ! -h $(javahtmldir)/images; \ # then \ # $(LN_S) $(JAVA_BASE)/docs/api/images $(javahtmldir)/images; \ # fi cyrus-sasl-2.1.25/java/CyrusSasl/SaslException.java0000666000076400007640000000067607070052632017152 00000000000000package CyrusSasl; import java.io.IOException; public class SaslException extends IOException { private int foo; public SaslException() { super(); foo = 3; } public SaslException(String message) { super(message); } public SaslException(String message, Throwable ex) { } public Throwable getException() { return null; } public void printStackTrace() { } } cyrus-sasl-2.1.25/java/CyrusSasl/SaslUtils.java0000666000076400007640000001236407065745617016331 00000000000000package CyrusSasl; public abstract class SaslUtils { /** * a static array that maps 6 bit integers to a specific char */ private final static char enc_table[] = { // 0 1 2 3 4 5 6 7 'A','B','C','D','E','F','G','H', // 0 'I','J','K','L','M','N','O','P', // 1 'Q','R','S','T','U','V','W','X', // 2 'Y','Z','a','b','c','d','e','f', // 3 'g','h','i','j','k','l','m','n', // 4 'o','p','q','r','s','t','u','v', // 5 'w','x','y','z','0','1','2','3', // 6 '4','5','6','7','8','9','+','/' // 7 }; private final static byte dec_table[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, }; /** * Base 64 Encodes a String in byte[] form * * @param buf String to be encoded * * @return the encoded value in string form */ public static String encode64( byte buf[] ) { int i = 0; StringBuffer buffer = new StringBuffer(); int len = buf.length; int delta = len % 3; byte a, b, c; for (int count = len / 3; count > 0; count--) { a = buf[i++]; b = buf[i++]; c = buf[i++]; buffer.append(enc_table[(a >>> 2) & 0x3F]); buffer.append(enc_table[((a << 4) & 0x30) + ((b >>> 4) & 0xf)]); buffer.append(enc_table[((b << 2) & 0x3c) + ((c >>> 6) & 0x3)]); buffer.append(enc_table[c & 0x3F]); /* if (i != 0 && i%57 == 0) buffer.append("\r\n");*/ } if (delta == 1) { a = buf[i++]; buffer.append(enc_table[(a >>> 2) & 0x3F]); buffer.append(enc_table[((a << 4) & 0x30)]); buffer.append('='); buffer.append('='); } if (delta == 2) { a = buf[i++]; b = buf[i++]; buffer.append(enc_table[(a >>> 2) & 0x3F]); buffer.append(enc_table[((a << 4) & 0x30) + ((b >>> 4) & 0xf)]); buffer.append(enc_table[((b << 2) & 0x3c)]); buffer.append('='); } /*buffer.append("\r\n");*/ return buffer.toString(); } /** * Base 64 Encodes a String in String form * * @param s String to be encoded * * @return the encoded value in string form */ public static String encode64( String s ) { return encode64( s.getBytes() ); } /** * Base 64 Decodes a byte[] string * Ignores trailing whitespace and newlines * * @param buf buffer to be decoded * * @return the decoded value in byte[] form */ public static byte[] decode64( byte buf[] ) { int padCount = 0; int i, len = buf.length; int real_len = 0; for (i=len-1; i >= 0; --i) { if (buf[i] > ' ') real_len++; if (buf[i] == 0x3D) padCount++; } // Hmm - should this be a "bad format MIME" exception instead? if (real_len%4 != 0) throw new IllegalArgumentException("Length not a multiple of 4"); int ret_len = (real_len/4)*3 - padCount; byte ret[] = new byte[ret_len]; i = 0; byte[] t = new byte[4]; int output_index = 0; int j = 0; t[0] = t[1] = t[2] = t[3] = 61; // Ascii = while (i < len) { byte c = buf[i++]; if (c > ' ') t[j++] = c; if (j == 4) { output_index += decode64(ret, output_index, t[0], t[1], t[2], t[3]); j = 0; t[0] = t[1] = t[2] = t[3] = 61; // Ascii = } } if (j > 0) decode64(ret, output_index, t[0], t[1], t[2], t[3]); return ret; } /** * Base 64 Decodes a String * Ignores trailing whitespace and newlines * * @param msg String to be decoded * * @return the decoded value in byte[] form */ public static byte[] decode64( String msg ) { return decode64( msg.getBytes()); } // Returns the number of bytes converted private static int decode64( byte ret[], int ret_off, byte a, byte b, byte c, byte d ) { byte da = dec_table[a]; byte db = dec_table[b]; byte dc = dec_table[c]; byte dd = dec_table[d]; if (da == -1 || db == -1 || (dc == -1 && c != 0x3d) || (dd == -1 && d != 0x3d)) throw new IllegalArgumentException("Invalid character ["+a+", "+b+", "+c+", "+d+"]"); ret[ret_off++] = (byte)(da << 2 | db >>> 4); if (c == 0x3d) // Ascii = return 1; ret[ret_off++] = (byte)(db << 4 | dc >>> 2); if (d == 0x3d) // Ascii = return 2; ret[ret_off++] = (byte)(dc << 6 | dd); return 3; } } cyrus-sasl-2.1.25/java/CyrusSasl/Makefile.in0000666000076400007640000005346311631670663015605 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the Java SASL library # Rob Earhart # ################################################################ # Copyright 1998 by Carnegie Mellon University # # All Rights Reserved # #Permission to use, copy, modify, and distribute this software and its #documentation for any purpose and without fee is hereby granted, #provided that the above copyright notice appear in all copies and that #both that copyright notice and this permission notice appear in #supporting documentation, and that the name of Carnegie Mellon University #not be used in advertising or publicity pertaining to distribution of the #software without specific, written prior permission. # #CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS #SOFTWARE, INCLUDING #ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, #IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, #INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM #LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE #OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR #PERFORMANCE OF THIS SOFTWARE. ################################################################ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ subdir = java/CyrusSasl DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(javasasldir)" LTLIBRARIES = $(lib_LTLIBRARIES) libjavasasl_la_LIBADD = am_libjavasasl_la_OBJECTS = javasasl.lo libjavasasl_la_OBJECTS = $(am_libjavasasl_la_OBJECTS) libjavasasl_la_LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libjavasasl_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(libjavasasl_la_SOURCES) DIST_SOURCES = $(libjavasasl_la_SOURCES) CLASSPATH_ENV = CLASSPATH=$(JAVAROOT):$(srcdir)/$(JAVAROOT):$$CLASSPATH ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ javasasl_version = 1:0:0 javasasldir = $(prefix)/lib/java/classes/sasl/CyrusSasl javahtmldir = $(prefix)/html/sasl INCLUDES = -I$(top_srcdir)/include $(JAVA_INCLUDES) javasasl_JAVA = Sasl.java GenericClient.java \ ClientFactory.java \ GenericCommon.java SaslClient.java \ SaslClientFactory.java SaslException.java \ SaslInputStream.java SaslOutputStream.java\ SaslUtils.java ServerFactory.java \ SaslServerFactory.java SaslServer.java \ GenericServer.java EXTRA_DIST = $(javasasl_JAVA) CLASSES = $(javasasl_JAVA:.java=.class) lib_LTLIBRARIES = libjavasasl.la libjavasasl_la_SOURCES = javasasl.h javasasl.c libjavasasl_la_LDFLAGS = -export_dynamic -L../../lib/.libs -lsasl2 -version-info $(javasasl_version) $(wildcard ../lib/*.lo) BUILT_SOURCES = javasasl.h $(CLASSES) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu java/CyrusSasl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu java/CyrusSasl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libjavasasl.la: $(libjavasasl_la_OBJECTS) $(libjavasasl_la_DEPENDENCIES) $(libjavasasl_la_LINK) -rpath $(libdir) $(libjavasasl_la_OBJECTS) $(libjavasasl_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/javasasl.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs classjavasasl.stamp: $(javasasl_JAVA) @list1='$?'; list2=; if test -n "$$list1"; then \ for p in $$list1; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ list2="$$list2 $$d$$p"; \ done; \ echo '$(CLASSPATH_ENV) $(JAVAC) -d $(JAVAROOT) $(AM_JAVACFLAGS) $(JAVACFLAGS) '"$$list2"; \ $(CLASSPATH_ENV) $(JAVAC) -d $(JAVAROOT) $(AM_JAVACFLAGS) $(JAVACFLAGS) $$list2; \ else :; fi echo timestamp > classjavasasl.stamp install-javasaslJAVA: classjavasasl.stamp @$(NORMAL_INSTALL) test -z "$(javasasldir)" || $(MKDIR_P) "$(DESTDIR)$(javasasldir)" @test -n "$(javasasl_JAVA)" && test -n "$(javasasldir)" || exit 0; \ set x *.class; shift; test "$$1" != "*.class" || exit 0; \ echo " $(INSTALL_DATA)" "$$@" "'$(DESTDIR)$(javasasldir)/$$p'"; \ $(INSTALL_DATA) "$$@" "$(DESTDIR)$(javasasldir)" uninstall-javasaslJAVA: @$(NORMAL_UNINSTALL) @test -n "$(javasasl_JAVA)" && test -n "$(javasasldir)" || exit 0; \ set x *.class; shift; test "$$1" != "*.class" || exit 0; \ echo " ( cd '$(DESTDIR)$(javasasldir)' && rm -f" "$$@" ")"; \ cd "$(DESTDIR)$(javasasldir)" && rm -f "$$@" clean-javasaslJAVA: -rm -f *.class classjavasasl.stamp ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(LTLIBRARIES) classjavasasl.stamp installdirs: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(javasasldir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-javasaslJAVA clean-libLTLIBRARIES \ clean-libtool mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-javasaslJAVA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-javasaslJAVA uninstall-libLTLIBRARIES .MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-javasaslJAVA clean-libLTLIBRARIES clean-libtool ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-javasaslJAVA install-libLTLIBRARIES \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ uninstall-am uninstall-javasaslJAVA uninstall-libLTLIBRARIES $(srcdir)/javasasl.c: javasasl.h javasasl.h: $(CLASSES) $(CLASSPATH_ENV) $(JAVAH) -o $@ -jni $(patsubst %.class,CyrusSasl.%,$^) # force build of class files $(CLASSES): classjavasasl.stamp #install-data-local: # xxx broken # $(mkinstalldirs) $(javahtmldir) # $(CLASSPATH_ENV) $(JAVADOC) -d $(javahtmldir) sasl # -if test ! -h $(javahtmldir)/images; \ # then \ # $(LN_S) $(JAVA_BASE)/docs/api/images $(javahtmldir)/images; \ # fi # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/Makefile.am0000646000076400007640000000746710433355203012711 00000000000000AUTOMAKE_OPTIONS = 1.7 # Top-level Makefile.am for SASL # Rob Earhart # ################################################################ # Copyright (c) 2000 Carnegie Mellon University. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # 3. The name "Carnegie Mellon University" must not be used to # endorse or promote products derived from this software without # prior written permission. For permission or any other legal # details, please contact # Office of Technology Transfer # Carnegie Mellon University # 5000 Forbes Avenue # Pittsburgh, PA 15213-3890 # (412) 268-4387, fax: (412) 268-7395 # tech-transfer@andrew.cmu.edu # # 4. Redistributions of any form whatsoever must retain the following # acknowledgment: # "This product includes software developed by Computing Services # at Carnegie Mellon University (http://www.cmu.edu/computing/)." # # CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO # THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY # AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE # FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN # AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING # OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # ################################################################ if SASLAUTHD SAD = saslauthd else SAD = endif if PWCHECK PWC = pwcheck else PWC = endif if SAMPLE SAM = sample else SAM = endif if JAVA JAV = java else JAV = endif if MACOSX INSTALLOSX = install-exec-local-osx else INSTALLOSX = endif SUBDIRS=include sasldb plugins lib utils doc man $(PWC) $(SAM) $(JAV) $(SAD) EXTRA_DIST=config cmulocal win32 mac dlcompat-20010505 NTMakefile INSTALL.TXT dist-hook: @find $(distdir) -exec chmod o+w {} ';' @find $(distdir) -name CVS -print | xargs -t rm -rf (cd $(distdir)/plugins && sh makeinit.sh) framedir = /Library/Frameworks/SASL2.framework install-exec-local: $(INSTALLOSX) @if test "$(plugindir)" != "$(prefix)/lib/sasl2"; then \ echo "********************************************************"; \ echo "* WARNING:"; \ echo "* Plugins are being installed into $(prefix)/lib/sasl2,"; \ echo "* but the library will look for them in $(plugindir)."; \ echo "* You need to make sure that the plugins will eventually"; \ echo "* be in $(plugindir) -- the easiest way is to make a"; \ echo "* symbolic link from $(plugindir) to $(prefix)/lib/sasl2,"; \ echo "* but this may not be appropriate for your site, so this"; \ echo "* installation procedure won't do it for you."; \ echo "*"; \ echo "* If you don't want to do this for some reason, you can"; \ echo "* set the location where the library will look for plugins"; \ echo "* by setting the environment variable SASL_PATH to the path"; \ echo "* the library should use."; \ echo "********************************************************"; \ fi install-exec-local-osx: $(mkinstalldirs) $(framedir)/Versions/A/Headers $(mkinstalldirs) $(framedir)/Versions/A/Resources cd $(framedir)/Versions ; ln -fs A Current cd $(framedir) ; ln -fs Versions/A/Headers . cd $(framedir) ; ln -fs Versions/A/Resources . $(INSTALL_DATA) $(srcdir)/config/Info.plist $(framedir)/Versions/A/Resources cyrus-sasl-2.1.25/NEWS0000646000076400007640000004660011631664415011355 00000000000000New in 2.1.25 ------------- * Make sure that a failed authorization doesn't preclude further server-side SASL authentication attempts from working. * Fixed a crash caused by aborted SASL authentication and initiation of another one using the same SASL context. * (Windows) Fixed the random number generator to actually produce random output on each run. * Be protective against calling sasl_server_step once authentication has failed (multiple SASL plugins) * Fixed several bugs in the mech_avail callback handling in the server side code. * Added support for channel bindings * Added support for ordering SASL mechanisms by strength (on the client side), or using the "client_mech_list" option. * server_idle needs to obey server's SASL mechanism list from the server context. * Better server plugin API mismatch reporting * Build: - Updated config to the latest GNU snapshot - Fixed SASL's libtool MacOS/X 64-bit file magic * New SASL plugin: SCRAM * New SASL plugin: GS2 * DIGEST-MD5 plugin: - Allow DIGEST-MD5 plugin to be used for client-side and server-side HTTP Digest, including running over non-persistent connections (RFC 2617) - Use the same username for reauthentication cache lookup and update - Minimize the number of auxprop lookups in the server side DIGEST-MD5 plugin for the most common case when authentication and authorization identities are the same. - Updated digestmd5_server_mech_step2() to be more defensive against empty client input. - Fixed some memory leaks on failed plugin initialization. Prevent potential race condition when freeding plugin state. Set the freed reauthentication cache mutex to NULL, to make errors due to mutex access after free more obvious. - Test against broken UTF-8 based hashes if calculation using special ISO-8859-1 code fails. - Fixed an interop problem with some LDAP clients ignoring server advertised realm and providing their own. * GSSAPI plugin: - Fix to build GSSAPI with Heimdal - Properly set serveroutlen to 0 in one place. Don't send empty challenge once server context establishment is done, as this is in violation of the RFC 2222 and its successor. - Don't send maxbuf, if no security layer can be established. Added additional checks for buffer lengths. * LDAPDB plugin: - build fixes New in 2.1.24 ------------- * Order advertised server-side SASL mechanisms per the specified 'mech_list' option or by relative "strength" * Make sure that sasl_set_alloc() has no effect once sasl_client_init() or sasl_server_init() is called * Fixed sasl_set_mutex() to disallow changing mutex management functions once sasl_server_init()/sasl_client_init() is called (bug # 3083) * Removed unused mutexes in lib/client.c and lib/server.c (bug # 3141) * Added direct support for hashed password to auxprop API * Don't treat a constraint violation as an error to store an auxprop property * Extended libsasl (auxprop) to support user deletion * Extended SASL auxprop_lookup to return error code * Updated sasl_user_exists() so that it can handle passwordless accounts (e.g. disabled) * (Windows) Free handles of shared libraries on Windows that were loaded but are not SASL plugins (bug # 2089) * Prevent freeing of common state on a subsequent call to _sasl_common_init. Make sure that the last global callback always wins. * Implemented sasl_client_done()/sasl_server_done() * Added automatic hostname canonicalization inside libsasl * Made sasl_config_init() public * Strip trailing spaces from server config file option values (bug # 3139, bug # 3041) * Fixed potential buffer overflow in saslautd_verify_password(). * Fixed segfault in dlclose() on HPUX * Various bugfixes for 64bit platforms * Fixed bug # 2895 (passing LF to sasl_decode64) in sample/sample-client.c, sample/sample-server.c, utils/smtptest.c * pluginviewer: Code cleanup, improved human readable messages * Build: - (Windows) Updated makefiles to build with VC 8.0 (VC++ 2005) - (Windows) Added Windows64 build - Updated to use .plugin extension on MacOS - Changed 64bit HP-UX build to use .so for shared libraries * saslauthd: - Fixed bug counting double-quotes in username/password in auth_rimap.c. Also fixed bug zeroing password. - auth_krb.c: improved diagnostic in the k5support_verify_tgt() function. - auth_sasldb.c: pid_file_lock is created with a mask of 644 instead of 0644 - auth_shadow.c: Define _XOPEN_SOURCE before including unistd.h, so that crypt is correctly defined - auth_getpwent.c: Fixed Solaris build * SASLDB plugin: - Fixed spurious 'user not found' errors caused by an attempt to delete a non-existent property - Added direct support for hashed password to auxprop API - Sleepycat driver: Return SASL_NOUSER instead of SASL_FAIL when the database file doesn't exist - Ignore properties starting with '*' in the auxprop store function * SQL plugin: - Added support for SQLITE3 - Uninitialized variables can cause crash when the searched user is not found - Added direct support for hashed password - Ignore properties starting with '*' in the auxprop store function * LDAPDB plugin: - Added code to extend LDAPDB into a canon_user plugin in addition to its existing auxprop plugin functionality * PLAIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * LOGIN plugin: - Advertise SASL_SEC_PASS_CREDENTIALS feature * DIGEST-MD5 plugin: - Fixed a memory leak in the DIGEST-MD5 security layer - Fixed memory leaks in client-side reauth and other places - More detailed error reporting. - Fixed parsing of challenges/responses with extra commas. - Allow for multiple qop options from the server and require a single qop option from the client. * GSSAPI plugin: - Check that params->serverFQDN is not NULL before using strlen on it - Make auxprop lookup calls optional * EXTERNAL plugin: - Make auxprop lookup calls optional * NTLM plugin: - allow a comma separated list of servernames in 'ntlm_server' option - Fixed crash in calculating NTv2 reponse * OTP plugin: - Don't use a stack variable for an OTP prompt (bug # 2822) - Downgrade the failure to store OTP secret to debug level * KERBEROS_V4 plugin: - Make auxprop lookup calls optional New in 2.1.23 ------------- * Fixed CERT VU#238019 (make sure sasl_encode64() always NUL terminates output or returns SASL_BUFOVER) New in 2.1.22 ------------- * Added support for spliting big data blocks (bigger than maxbuf) into multiple SASL packets in sasl_encodev * Various sasl_decode64() fixes * Increase canonicalization buffer size to 1024 bytes * Call do_authorization() after successful APOP authentication * Allow for configuration file location to be configurable independently of plugin location (bug # 2795) * Added sasl_set_path function, which provides a more convenient way of setting plugin and config paths. Changed the default sasl_getpath_t/sasl_getconfpath_t callbacks to calculate the value only once and cache it for later use. * Fixed load_config to search for the config file in all directories (bug # 2796). Changed the default search path to be /usr/lib/sasl2:/etc/sasl2 * Don't ignore log_level configuration option in default UNIX syslog logging callback * (Windows) Minor IPv6 related changes in Makefiles for Visual Studio 6 * (Windows) Fixed bug of not setting the CODEGEN (code generation option) nmake option if STATIC nmake option is set. * Several fixed to DIGEST-MD5 plugin: - Enable RC4 cipher in Windows build of DIGEST-MD5 - Server side: handle missing realm option as if realm="" was sent - Fix DIGEST-MD5 to properly advertise maxssf when both DES and RC4 are disabled - Check that DIGEST-MD5 SASL packet are no shorter than 16 bytes * Several changes/fixed to SASLDB plugin: - Prevent spurious SASL_NOUSER errors - Added ability to keep BerkleyDB handle open between operations (for performance reason). New behavior can be enabled with --enable-keep-db-open. * Better error checking in SQL (MySQL) auxprop plugin code * Added support for HTTP POST password validation in saslauthd * Added new application ("pluginviewer") that helps report information about installed plugins * Allow for building with OpenSSL 0.9.8 * Allow for building with OpenLDAP 2.3+ * Several quoting fixes to configure script * A large number of other minor bugfixes and cleanups New in 2.1.21 ------------- * Fixes DIGEST-MD5 server side segfault caused by the client not sending any realms * Minor Other bugfixes New in 2.1.20 ------------- * Fixes to cram plugin to avoid attempting to canonify uninitialized data. * NTLM portability fixes. * Avoid potential attack using SASL_PATH when sasl is used in a setuid environment. * A trivial number of small bugfixes. New in 2.1.19 ------------- * Fixes to saslauthd to allow better integration with realms (-r flag to saslauthd, %R token in LDAP module) * Support for forwarding of GSSAPI credentials * SQLite support for the SQL plugin * A nontrivial number of small bugfixes. New in 2.1.18 ------------- * saslauthd/LDAP no longer tagged "experimental" * Add group membership check to saslauthd/LDAP * Fix Solaris 9 "NI_WITHSCOPEID" issue * Fix missing "getaddrinfo.c" and other distribution problems * Significant Windows enhancements * A large number of other minor bugfixes and cleanups New in 2.1.17 ------------- * Allow selection of GSSAPI implementation explicitly (--with-gss_impl) * Other GSSAPI detection improvements * Now correctly do authorizaton callback in sasl_checkpass() * Disable KERBEROS_V4 by default * Continued Win32/Win64 Improvements * Minor Other bugfixes New in 2.1.16-BETA ------------------ * Significantly improved Win32 support * Writable auxprop support * Expanded SQL support (including postgres) * Significantly improved documentation * Improved realm/username handling with saslauthd * Support for modern automake and autoconf New in 2.1.15 ------------- * Fix a number of build issues * Add a doc/components.html that hopefully describes how things interact better. New in 2.1.14 ------------- * OS X 10.2 support * Support for the Sun SEAM GSSAPI implementation * Support for MySQL 4 * A number of build fixes * Other minor bugfixes New in 2.1.13 ------------- * Add a configure option to allow specification of what /dev/random to use. * Addition of a saslauthd credential cache feature (-c option). * Unification of the saslauthd ipc method code. * Fix a number of autoconf issues. * A significant number of fixes throughout the library from Sun Microsystems. * Other minor bugfixes. New in 2.1.12 ------------- * Distribute in Solaris tar (not GNU tar format) * Fix a number of build/configure related issues. New in 2.1.11 ------------- * Add the fastbind auth method to the saslauthd LDAP module. * Fix a potential memory leak in the doors version of saslauthd. * NTLM now only requires one of LM or NT, not both. * Fix a variety of Berkeley DB, LDAP, OpenSSL, and other build issues. * Win32 support compiles, but no documentation as of yet. New in 2.1.10 ------------- * Further DIGEST-MD5 DES interoperability fixes. Now works against Active Directory. * Fix some potential buffer overflows. * Misc. cleanups in the saslauthd LDAP module * Fix security properties of NTLM and EXTERNAL New in 2.1.9 ------------ * Include missing lib/staticopen.h file. New in 2.1.8 ------------ * Support for the NTLM mechanism (Ken Murchison ) * Support libtool --enable-shared and --enable-static (Howard Chu ) * OS/390 Support (Howard Chu ) * Berkeley DB 4.1 Support (Mika Iisakkila ) * Documentation fixes * The usual round of assorted other minor bugfixes. New in 2.1.7 ------------ * Add SASL_AUTHUSER as a parameter to sasl_getprop * Allow applications to require proxy-capable mechanisms (SASL_NEED_PROXY) * Performance improvements in our treatment of /dev/random * Removal of buggy DIGEST-MD5 reauth support. * Documentation fixes * Assorted other minor bugfixes. New in 2.1.6 ------------ * Security fix for the CRAM-MD5 plugin to check the full length of the digest string. * Return of the Experimental LDAP saslauthd module. * Addition of Experimental MySQL auxprop plugin. * Can now select multiple auxprop plugins (and a priority ordering) * Mechanism selection now includes number of security flags * Mac OS X 10.1 Fixes * Misc other minor bugfixes. New in 2.1.5 ------------ * Remove LDAP support due to copyright concerns. * Minor bugfixes. New in 2.1.4 ------------ * Enhancements and cleanup to the experimental LDAP saslauthd module (Igor Brezac ) * Addition of a new sasl_version() API * Misc. Bugfixes New in 2.1.3-BETA ----------------- * Significant amount of plugin cleanup / standardization. A good deal of code is now shared between them. (mostly due to Ken Murchison ) * DIGEST-MD5 now supports reauthentication. Also has a fix for DES interoperability. * saslauthd now supports the Solaris "doors" IPC method (--with-ipctype=doors) * Significant GSSAPI fixes (mostly due to Howard Chu ) * Auxprop interface now correctly deals with the * prefix indicating authid vs. authzid. (May break some incompatible auxprop plugins). * We now allow multiple pwcheck_method(s). Also you can restrict auxprop plugins to the use of a single plugin. * Added an experimental saslauthd LDAP module (Igor Brezac ) * Removed check for db3/db.h * Misc. documentation updates. (Marshall Rose, and others) * Other misc. bugfixes. New in 2.1.2 ------------ * Mostly a minor-bugfix release * Improved documentation / cleanup of old references to obsolete pwcheck_methods * Better error reporting for auxprop password verifiers New in 2.1.1 ------------ * Many minor bugfixes throughout. * Improvements to OTP and SRP mechanisms (now compliant with draft-burdis-cat-srp-sasl-06.txt) * API additions including sasl_global_listmech, and a cleaner handling of client-first and server-last semantics (no application level changes) * Minor documentation improvements New in 2.1.0 ------------ * The Cyrus SASL library is now considered stable. It is still not backwards compatible with applications that require SASLv1. * Minor API changes occured, namely the canon_user callback interface. * saslauthd now preforks a number of processes to handle connections * Many bugfixes through the entire library. New in 2.0.5-BETA ----------------- * THIS IS A BETA-QUALITY RELEASE THAT IS NOT INTENDED FOR PRODUCTION USE. IT *WILL BREAK* ANY APPLICATION EXPECTING THE SASLv1 API. * Improved performance of security layers in KERBEROS_V4, GSSAPI, and DIGEST. * This release includes an OTP plugin that requires libopie. * SRP plugin now in alpha stage. * Includes many significant bugfixes throughout the library. New in 2.0.4-BETA ----------------- * THIS IS A BETA-QUALITY RELEASE THAT IS ONLY INTENDED FOR USE BY DEVELOPERS WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. IT *WILL BREAK* ANY APPLICATION EXPECTING THE SASLv1 API. * This release now includes Mac OS 9 and Mac OS X support. * Significant new features include * DES and 3DES Encryption should now be working for DIGEST-MD5 * Improved configuration system * Improved documentation (now includes plugin writers guide) * Many other bugfixes (see ChangeLog) New in 2.0.3-BETA ----------------- * THIS IS A BETA-QUALITY RELEASE THAT IS ONLY INTENDED FOR USE BY DEVELOPERS WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. IT *WILL BREAK* ANY APPLICATION EXPECTING THE SASLv1 API. * This library should be fairly close to the core features that will be released in a final version of Cyrus SASLv2. It very likely has bugs. * Major new features included in this release: - The glue code now correctly handles client-send-first and server-send-last situations based on what the protocol and mechanism each support. - The sasldb code has been extracted from the main library and now resides in a separate libsasldb.la that is available at build time. - SASLdb now supports multiple auxiliary properties, though as distributed only userPassword is implemented and used. - Much improved configure checking for various items, including Berkeley DB, Kerberos, and GSSAPI. - Better (more standard) handling of realms in DIGEST-MD5. - A new Plugin Programmer's guide. - IPv6 support. - Error reporting now works in the GSSAPI plugin. * See the ChangeLog for a more detailed list of changes. New in 2.0.2-ALPHA ------------------ * THIS IS AN ALPHA-QUALITY RELEASE THAT IS ONLY INTENDED FOR DEVELOPERS WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. * This release is intended to show developers that use Cyrus SASL what direction we are planning on taking the library so that they can make plans to migrate their applications accordingly * Major new features included in this release: - Ability to compile a static library including all mechanisms. This means lower memory usage and faster mechanism loading time, but is not for everyone (or even many people). See doc/advanced.html, as well as the '--with-staticsasl' configure flag. - Man pages should now all be present and are close to being correct. - Can now build libsfsasl and the smtptest program (using the --with-sfio configure flag) - Reverted to the v1 entry points for mechanisms, to allow v1 mechanisms to fail loading cleanly. - Auxprop and canon_user plugins can now load from DSOs - Java code now compiles (but is not well tested, or up to date with the current Java API draft) - Error handling and use of sasl_errdetail has been fleshed out and should now work in most cases. * Still Coming: - Cleanup of the client-send-first and server-send-last situation - Error reporting in GSSAPI plugin - Move the sasldb code out of the main library and into plugins and utilities only. New in 2.0.0-ALPHA ------------------ * THIS IS AN ALPHA-QUALITY RELEASE THAT IS ONLY INTENDED FOR DEVELOPERS WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. * This release is intended to show developers that use Cyrus SASL what direction we are planning on taking the library so that they can make plans to migrate their applications accordingly * This release implements the SASLv2 API. Some of the major improvements in the API include: - Memory management is now sane (whoever allocates the memory is responsible for freeing it) - Auxiliary Property plugin support (ability to interface with directory services as part of authentication) - Username canonification plugin support - Improved error reporting (not fully implemented in this release) - Database support has been simplified. We now maintain only a single store of plaintext passwords that is shared by all supplied plugins (using the auxiliary property interface). The new API is more fully documented in the header files sasl.h, saslplug.h saslutil.h, and prop.h. The man pages, programmers guide, and system administrators guide have also been rewritten to deal with the new API. * There is still a good amount of work to be done, and as this code is alpha quality, it has bugs, known and unknown. Please either use our bugzilla at http://bugzilla.andrew.cmu.edu, or email cyrus-bugs@andrew.cmu.edu with questions, comments, or bug reports. - Most notably, the Java bindings have not been converted to work with the new API, and thus will not compile successfully. - The current development branch with this source is in our cvs repository as the "sasl-v2-rjs3" branch of the "sasl" collection. (see http://asg.web.cmu.edu/cyrus/download/anoncvs.html for more info) cyrus-sasl-2.1.25/aclocal.m40000666000076400007640000010441011631670660012511 00000000000000# generated automatically by aclocal 1.11 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],, [m4_warning([this file was generated for autoconf 2.63. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) # Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.11], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.11])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to # `$srcdir', `$srcdir/..', or `$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is `.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 9 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ(2.52)dnl ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 10 # There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "GCJ", or "OBJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl ifelse([$1], CC, [depcc="$CC" am_compiler_list=], [$1], CXX, [depcc="$CXX" am_compiler_list=], [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], UPC, [depcc="$UPC" am_compiler_list=], [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi am__universal=false m4_case([$1], [CC], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac], [CXX], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac]) for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE(dependency-tracking, [ --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. #serial 5 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each `.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2008, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 16 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.62])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES(CC)], [define([AC_PROG_CC], defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES(CXX)], [define([AC_PROG_CXX], defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES(OBJC)], [define([AC_PROG_OBJC], defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) _AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl dnl The `parallel-tests' driver may need to know about EXEEXT, so add the dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 6 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it supports --run. # If it does, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= AC_MSG_WARN([`missing' script is too old or missing]) fi ]) # Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_MKDIR_P # --------------- # Check for `mkdir -p'. AC_DEFUN([AM_PROG_MKDIR_P], [AC_PREREQ([2.60])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, dnl while keeping a definition of mkdir_p for backward compatibility. dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of dnl Makefile.ins that do not define MKDIR_P, so we do our own dnl adjustment using top_builddir (which is defined more often than dnl MKDIR_P). AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl case $mkdir_p in [[\\/$]]* | ?:[[\\/]]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # ------------------------------ # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), 1)]) # _AM_SET_OPTIONS(OPTIONS) # ---------------------------------- # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Just in case sleep 1 echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; esac # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT(yes)]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor `install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in `make install-strip', and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be `maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of `v7', `ustar', or `pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. AM_MISSING_PROG([AMTAR], [tar]) m4_if([$1], [v7], [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], [m4_case([$1], [ustar],, [pax],, [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and # Solaris sh will not grok spaces in the rhs of `-'. for _am_tool in $_am_tools do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([config/kerberos_v4.m4]) m4_include([config/libtool.m4]) m4_include([config/plain.m4]) m4_include([config/sasldb.m4]) m4_include([cmulocal/berkdb.m4]) m4_include([cmulocal/bsd_sockets.m4]) m4_include([cmulocal/c-attribute.m4]) m4_include([cmulocal/common.m4]) m4_include([cmulocal/cyrus.m4]) m4_include([cmulocal/init_automake.m4]) m4_include([cmulocal/ipv6.m4]) m4_include([cmulocal/openldap.m4]) m4_include([cmulocal/openssl.m4]) m4_include([cmulocal/sasl2.m4]) cyrus-sasl-2.1.25/pwcheck/0000777000076400007640000000000011632367341012355 500000000000000cyrus-sasl-2.1.25/pwcheck/pwcheck_getspnam.c0000666000076400007640000000305306761264724015774 00000000000000/* pwcheck_getspnam.c -- check passwords using getspnam() $Id: pwcheck_getspnam.c,v 1.1 1999/08/26 16:22:44 leg Exp $ Copyright 1998, 1999 Carnegie Mellon University All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Carnegie Mellon University not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ******************************************************************/ #include extern char *crypt(); char *pwcheck(userid, password) char *userid; char *password; { struct spwd *pwd; pwd = getspnam(userid); if (!pwd) { return "Userid not found"; } if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) { return "Incorrect password"; } else { return "OK"; } } cyrus-sasl-2.1.25/pwcheck/pwcheck.c0000666000076400007640000001364307403027673014076 00000000000000/* pwcheck.c -- Unix pwcheck daemon $Id: pwcheck.c,v 1.8 2001/12/04 02:06:51 rjs3 Exp $ Copyright 1998, 1999 Carnegie Mellon University All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Carnegie Mellon University not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ******************************************************************/ #include #ifdef HAVE_UNISTD_H #include #endif #include #include #include #include #include #include #include #include #ifdef HAVE_PATHS_H #include #endif #include #if !defined(_PATH_PWCHECKPID) #ifdef _PATH_VARRUN # define _PATH_PWCHECKPID (_PATH_VARRUN "pwcheck.pid") #else # define _PATH_PWCHECKPID (NULL) #endif #endif void newclient(int); int retry_write(int, const char *, unsigned int); /* * Unix pwcheck daemon-authenticated login (shadow password) */ int main() { char fnamebuf[MAXPATHLEN]; int s; int c; int count; int rc; struct sockaddr_un srvaddr; struct sockaddr_un clientaddr; int r; int len; mode_t oldumask; char *pid_file = _PATH_PWCHECKPID; FILE *fp = NULL; pid_t pid; openlog("pwcheck", LOG_NDELAY, LOG_AUTH); /* Daemonize. */ count = 5; while (count--) { pid = fork(); if (pid > 0) _exit(0); /* parent dies */ if ((pid == -1) && (errno == EAGAIN)) { syslog(LOG_WARNING, "master fork failed (sleeping): %m"); sleep(5); continue; } } if (pid == -1) { rc = errno; syslog(LOG_ERR, "FATAL: master fork failed: %m"); fprintf(stderr, "pwcheck: "); errno = rc; perror("fork"); exit(1); } /* * We're now running in the child. Lose our controlling terminal * and obtain a new process group. */ if (setsid() == -1) { rc = errno; syslog(LOG_ERR, "FATAL: setsid: %m"); fprintf(stderr, "pwcheck: "); errno = rc; perror("setsid"); exit(1); } s = open("/dev/null", O_RDWR, 0); if (s == -1) { rc = errno; syslog(LOG_ERR, "FATAL: /dev/null: %m"); fprintf(stderr, "pwcheck: "); errno = rc; perror("/dev/null"); exit(1); } dup2(s, fileno(stdin)); dup2(s, fileno(stdout)); dup2(s, fileno(stderr)); if (s > 2) { close(s); } /* * Record process ID - shamelessly stolen from inetd (I.V.) */ pid = getpid(); if (pid_file) { fp = fopen(pid_file, "w"); } if (fp) { fprintf(fp, "%ld\n", (long)pid); fclose(fp); } else if (pid_file) { syslog(LOG_WARNING, "%s: %m", pid_file); } s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) { perror("socket"); exit(1); } strncpy(fnamebuf, PWCHECKDIR, sizeof(fnamebuf)); strncpy(fnamebuf + sizeof(PWCHECKDIR)-1, "/pwcheck", sizeof(fnamebuf) - sizeof(PWCHECKDIR)); fnamebuf[MAXPATHLEN-1] = '\0'; (void) unlink(fnamebuf); memset((char *)&srvaddr, 0, sizeof(srvaddr)); srvaddr.sun_family = AF_UNIX; strncpy(srvaddr.sun_path, fnamebuf, sizeof(srvaddr.sun_path)); /* Most systems make sockets 0777 no matter what you ask for. Known exceptions are Linux and DUX. */ oldumask = umask((mode_t) 0); /* for Linux, which observes the umask when setting up the socket */ r = bind(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr)); if (r == -1) { syslog(LOG_ERR, "%.*s: %m", sizeof(srvaddr.sun_path), srvaddr.sun_path); exit(1); } umask(oldumask); /* for Linux */ chmod(fnamebuf, (mode_t) 0777); /* for DUX, where this isn't the default. (harmlessly fails on some systems) */ r = listen(s, 5); if (r == -1) { syslog(LOG_ERR, "listen: %m"); exit(1); } for (;;) { len = sizeof(clientaddr); c = accept(s, (struct sockaddr *)&clientaddr, &len); if (c == -1 && errno != EINTR) { syslog(LOG_WARNING, "accept: %m"); continue; } newclient(c); } } void newclient(int c) { char request[1024]; int n; unsigned int start; char *reply; extern char *pwcheck(); start = 0; while (start < sizeof(request) - 1) { n = read(c, request+start, sizeof(request) - 1 - start); if (n < 1) { reply = "Error reading request"; goto sendreply; } start += n; if (request[start-1] == '\0' && strlen(request) < start) { break; } } if (start >= sizeof(request) - 1) { reply = "Request too big"; } else { reply = pwcheck(request, request + strlen(request) + 1); } sendreply: retry_write(c, reply, strlen(reply)); close(c); } /* * Keep calling the write() system call with 'fd', 'buf', and 'nbyte' * until all the data is written out or an error occurs. */ int retry_write(int fd, const char *buf, unsigned int nbyte) { int n; int written = 0; if (nbyte == 0) return 0; for (;;) { n = write(fd, buf, nbyte); if (n == -1) { if (errno == EINTR) continue; return -1; } written += n; if ((unsigned int) n >= nbyte) return written; buf += n; nbyte -= n; } } cyrus-sasl-2.1.25/pwcheck/Makefile.am0000666000076400007640000000246307423100772014332 00000000000000# Makefile.am for the pwcheck daemon # Larry Greenfield # # Copyright 1999 by Carnegie Mellon University # # All Rights Reserved # # Permission to use, copy, modify, and distribute this software and its # documentation for any purpose and without fee is hereby granted, # provided that the above copyright notice appear in all copies and that # both that copyright notice and this permission notice appear in # supporting documentation, and that the name of CMU not be # used in advertising or publicity pertaining to distribution of the # software without specific, written prior permission. # # CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING # ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL # CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR # ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, # ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS # SOFTWARE. # sbin_PROGRAMS = pwcheck INCLUDES = -I../include -I../lib pwcheck_SOURCES = pwcheck.c EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@ cyrus-sasl-2.1.25/pwcheck/pwcheck_getpwnam.c0000666000076400007640000000323706761264723016003 00000000000000/* pwcheck_getpwnam.c -- check passwords using getpwname() $Id: pwcheck_getpwnam.c,v 1.1 1999/08/26 16:22:43 leg Exp $ Copyright 1998, 1999 Carnegie Mellon University All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Carnegie Mellon University not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ******************************************************************/ #include extern char *crypt(); char *pwcheck(userid, password) char *userid; char *password; { char* r; struct passwd *pwd; pwd = getpwnam(userid); if (!pwd) { r = "Userid not found"; } else if (pwd->pw_passwd[0] == '*') { r = "Account disabled"; } else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) { r = "Incorrect password"; } else { r = "OK"; } endpwent(); return r; } cyrus-sasl-2.1.25/pwcheck/README0000666000076400007640000000322607066512000013146 00000000000000Pwcheck is a daemon for permitting the SASL library to check passwords against the shadow password database. To use: * Configure the Cyrus SASL library with the "--with-pwcheck" switch. * Compile and install the Cyrus SASL library software * Create the directory "/var/pwcheck" and make it readable by only those users who need to be able to verify passwords. For instance, if you wish to use pwcheck with Cyrus imapd: mkdir /var/pwcheck chown cyrus /var/pwcheck chmod 700 /var/pwcheck * Configure your applications to use "pwcheck_method: pwcheck". For example, if you are using this with the Cyrus IMAP server, you can put in the imapd.conf the following line: sasl_pwcheck_method: pwcheck or for an application that doesn't overload its configuration file, you could put the following line in its configuration file located in /usr/lib/sasl (e.g. /usr/lib/.conf): pwcheck_method: pwcheck * Upon system startup, arrange for the daemon $prefix/sbin/pwcheck to be run as root in the background. How it works: The Cyrus servers connect to the unix-domain socket /var/pwcheck/pwcheck to send a potential user's userid and password to the pwcheck daemon. The pwcheck daemon uses its root privileges to verify the userid and password against the shadow password database. The pwcheck daemon then returns an error message or "OK" to the Cyrus server and closes the unix-domain connection. The permissions on the /var/pwcheck directory control who can connect to the pwcheck daemon. The pwcheck daemon is not designed to deal with denial-of-service attacks from its clients, so the directory should be restricted to trustworthy server processes. cyrus-sasl-2.1.25/pwcheck/Makefile.in0000666000076400007640000004530011631670664014350 00000000000000# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am for the pwcheck daemon # Larry Greenfield # # Copyright 1999 by Carnegie Mellon University # # All Rights Reserved # # Permission to use, copy, modify, and distribute this software and its # documentation for any purpose and without fee is hereby granted, # provided that the above copyright notice appear in all copies and that # both that copyright notice and this permission notice appear in # supporting documentation, and that the name of CMU not be # used in advertising or publicity pertaining to distribution of the # software without specific, written prior permission. # # CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING # ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL # CMU BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR # ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, # ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS # SOFTWARE. # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ sbin_PROGRAMS = pwcheck$(EXEEXT) subdir = pwcheck DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/kerberos_v4.m4 \ $(top_srcdir)/config/libtool.m4 $(top_srcdir)/config/plain.m4 \ $(top_srcdir)/config/sasldb.m4 \ $(top_srcdir)/cmulocal/berkdb.m4 \ $(top_srcdir)/cmulocal/bsd_sockets.m4 \ $(top_srcdir)/cmulocal/c-attribute.m4 \ $(top_srcdir)/cmulocal/common.m4 \ $(top_srcdir)/cmulocal/cyrus.m4 \ $(top_srcdir)/cmulocal/init_automake.m4 \ $(top_srcdir)/cmulocal/ipv6.m4 \ $(top_srcdir)/cmulocal/openldap.m4 \ $(top_srcdir)/cmulocal/openssl.m4 \ $(top_srcdir)/cmulocal/sasl2.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/config/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(sbindir)" PROGRAMS = $(sbin_PROGRAMS) am_pwcheck_OBJECTS = pwcheck.$(OBJEXT) pwcheck_OBJECTS = $(am_pwcheck_OBJECTS) pwcheck_DEPENDENCIES = pwcheck_@PWCHECKMETH@.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link \ $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ SOURCES = $(pwcheck_SOURCES) $(EXTRA_pwcheck_SOURCES) DIST_SOURCES = $(pwcheck_SOURCES) $(EXTRA_pwcheck_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CMU_LIB_SUBDIR = @CMU_LIB_SUBDIR@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DIRS = @DIRS@ DMALLOC_LIBS = @DMALLOC_LIBS@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GETADDRINFOOBJS = @GETADDRINFOOBJS@ GETNAMEINFOOBJS = @GETNAMEINFOOBJS@ GETSUBOPT = @GETSUBOPT@ GREP = @GREP@ GSSAPIBASE_LIBS = @GSSAPIBASE_LIBS@ GSSAPI_LIBS = @GSSAPI_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ IPCTYPE = @IPCTYPE@ JAVAC = @JAVAC@ JAVADOC = @JAVADOC@ JAVAH = @JAVAH@ JAVAROOT = @JAVAROOT@ JAVA_INCLUDES = @JAVA_INCLUDES@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIB_CRYPT = @LIB_CRYPT@ LIB_DES = @LIB_DES@ LIB_DOOR = @LIB_DOOR@ LIB_LDAP = @LIB_LDAP@ LIB_MYSQL = @LIB_MYSQL@ LIB_PGSQL = @LIB_PGSQL@ LIB_SOCKET = @LIB_SOCKET@ LIB_SQLITE = @LIB_SQLITE@ LIB_SQLITE3 = @LIB_SQLITE3@ LN_S = @LN_S@ LTGETADDRINFOOBJS = @LTGETADDRINFOOBJS@ LTGETNAMEINFOOBJS = @LTGETNAMEINFOOBJS@ LTLIBOBJS = @LTLIBOBJS@ LTSNPRINTFOBJS = @LTSNPRINTFOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NTLM_LIBS = @NTLM_LIBS@ OBJEXT = @OBJEXT@ OTP_LIBS = @OTP_LIBS@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PASSDSS_LIBS = @PASSDSS_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PLAIN_LIBS = @PLAIN_LIBS@ PURECOV = @PURECOV@ PURIFY = @PURIFY@ PWCHECKMETH = @PWCHECKMETH@ RANLIB = @RANLIB@ SASL_DB_BACKEND = @SASL_DB_BACKEND@ SASL_DB_BACKEND_STATIC = @SASL_DB_BACKEND_STATIC@ SASL_DB_INC = @SASL_DB_INC@ SASL_DB_LIB = @SASL_DB_LIB@ SASL_DB_MANS = @SASL_DB_MANS@ SASL_DB_UTILS = @SASL_DB_UTILS@ SASL_DL_LIB = @SASL_DL_LIB@ SASL_KRB_LIB = @SASL_KRB_LIB@ SASL_MECHS = @SASL_MECHS@ SASL_STATIC_LIBS = @SASL_STATIC_LIBS@ SASL_STATIC_OBJS = @SASL_STATIC_OBJS@ SASL_STATIC_SRCS = @SASL_STATIC_SRCS@ SASL_UTIL_HEADERS_EXTRA = @SASL_UTIL_HEADERS_EXTRA@ SASL_UTIL_LIBS_EXTRA = @SASL_UTIL_LIBS_EXTRA@ SCRAM_LIBS = @SCRAM_LIBS@ SET_MAKE = @SET_MAKE@ SFIO_INC_FLAGS = @SFIO_INC_FLAGS@ SFIO_LIB_FLAGS = @SFIO_LIB_FLAGS@ SHELL = @SHELL@ SMTPTEST_PROGRAM = @SMTPTEST_PROGRAM@ SNPRINTFOBJS = @SNPRINTFOBJS@ SRP_LIBS = @SRP_LIBS@ STRIP = @STRIP@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ configdir = @configdir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target = @target@ target_alias = @target_alias@ target_cpu = @target_cpu@ target_os = @target_os@ target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ INCLUDES = -I../include -I../lib pwcheck_SOURCES = pwcheck.c EXTRA_pwcheck_SOURCES = pwcheck_getpwnam.c pwcheck_getspnam.c pwcheck_DEPENDECIES = pwcheck_@PWCHECKMETH@.lo pwcheck_LDADD = pwcheck_@PWCHECKMETH@.lo @LIB_CRYPT@ @LIB_SOCKET@ all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu pwcheck/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu pwcheck/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list pwcheck$(EXEEXT): $(pwcheck_OBJECTS) $(pwcheck_DEPENDENCIES) @rm -f pwcheck$(EXEEXT) $(LINK) $(pwcheck_OBJECTS) $(pwcheck_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwcheck.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwcheck_getpwnam.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwcheck_getspnam.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(sbindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-sbinPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-sbinPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-sbinPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-sbinPROGRAMS install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-sbinPROGRAMS # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: cyrus-sasl-2.1.25/saslauthd/0000777000076400007640000000000011632367342012722 500000000000000cyrus-sasl-2.1.25/saslauthd/include/0000777000076400007640000000000011632367343014346 500000000000000cyrus-sasl-2.1.25/saslauthd/include/gai.h0000666000076400007640000000642707622774135015215 00000000000000/* * Mar 8, 2000 by Hajimu UMEMOTO * $Id: gai.h,v 1.2 2003/02/13 19:56:13 rjs3 Exp $ * * This module is besed on ssh-1.2.27-IPv6-1.5 written by * KIKUCHI Takahiro */ /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * fake library for ssh * * This file is included in getaddrinfo.c and getnameinfo.c. * See getaddrinfo.c and getnameinfo.c. */ #ifndef _GAI_H_ #define _GAI_H_ #ifndef NI_MAXHOST #define NI_MAXHOST 1025 #endif #ifndef NI_MAXSERV #define NI_MAXSERV 32 #endif /* for old netdb.h */ #ifndef EAI_NODATA #define EAI_NODATA 1 #define EAI_MEMORY 2 #define EAI_FAMILY 5 /* ai_family not supported */ #define EAI_SERVICE 9 /* servname not supported for ai_socktype */ #endif /* dummy value for old netdb.h */ #ifndef AI_PASSIVE #define AI_PASSIVE 1 #define AI_CANONNAME 2 #define AI_NUMERICHOST 4 #define NI_NUMERICHOST 2 #define NI_NAMEREQD 4 #define NI_NUMERICSERV 8 struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ int ai_family; /* PF_xxx */ int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ size_t ai_addrlen; /* length of ai_addr */ char *ai_canonname; /* canonical name for hostname */ struct sockaddr *ai_addr; /* binary address */ struct addrinfo *ai_next; /* next structure in linked list */ }; #endif int getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); int getnameinfo(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, int); void freeaddrinfo(struct addrinfo *); char *gai_strerror(int); #endif cyrus-sasl-2.1.25/saslauthd/configure.in0000646000076400007640000002135211630174072015146 00000000000000AC_INIT(mechanisms.h) AC_PREREQ([2.54]) AC_CONFIG_AUX_DIR(config) AC_CANONICAL_HOST dnl Should we enable SASLAUTHd at all? AC_ARG_WITH(saslauthd, [ --with-saslauthd=DIR enable use of the saslauth daemon using state dir DIR ], with_saslauthd=$withval, with_saslauthd=yes) if test "$with_saslauthd" = yes; then with_saslauthd="/var/state/saslauthd" fi AC_DEFINE(HAVE_SASLAUTHD,[],[Include support for saslauthd?]) AC_DEFINE_UNQUOTED(PATH_SASLAUTHD_RUNDIR, "$with_saslauthd",[Location of saslauthd socket]) AM_CONDITIONAL(SASLAUTHD, test "$with_saslauthd" != no) AM_INIT_AUTOMAKE(saslauthd,2.1.25) CMU_INIT_AUTOMAKE dnl Checks for programs. AC_PROG_CC AC_PROG_CPP AC_PROG_AWK AC_PROG_MAKE_SET AC_PROG_LN_S AC_PROG_INSTALL dnl Checks for build foo CMU_C___ATTRIBUTE__ CMU_GUESS_RUNPATH_SWITCH dnl Checks for libraries. CMU_SOCKETS CMU_HAVE_OPENSSL AC_MSG_CHECKING(for OpenSSL) AC_MSG_RESULT($with_openssl) SASL_DES_CHK dnl mechanism-related checking SASL_KERBEROS_V4_CHK SASL_GSSAPI_CHK if test "$gssapi" != no; then if test "$gss_impl" = "heimdal"; then AC_DEFINE(KRB5_HEIMDAL,[],[Using Heimdal]) fi AC_DEFINE(HAVE_GSSAPI,[],[Include GSSAPI/Kerberos 5 Support]) fi SASL2_CRYPT_CHK AC_ARG_ENABLE(sia, [ --enable-sia enable SIA authentication [no] ], sia=$enableval, sia=no) LIB_SIA="" if test "$sia" != no; then if test -f /etc/sia/matrix.conf; then AC_DEFINE(HAVE_SIA,[],[Include SIA Support]) LIB_SIA="-lsecurity -ldb -lm -laud" else AC_ERROR([No support for SIA found]) fi fi AC_SUBST(LIB_SIA) AC_ARG_ENABLE(auth-sasldb, [ --enable-auth-sasldb enable experimental SASLdb authentication module [no] ], authsasldb=$enableval, authsasldb=no) if test "$authsasldb" != no; then if test ! -d "../sasldb"; then echo "ERROR: Cannot build sasldb module outside of the full SASL source tree." exit 0; fi AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support]) SASL_DB_PATH_CHECK() SASL_DB_CHECK() SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al" fi AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ], httpform=$enableval, httpform=no) if test "$httpform" != no; then AC_DEFINE(HAVE_HTTPFORM,[],[Include HTTP form Support]) fi AC_ARG_WITH(pam, [ --with-pam=DIR use PAM (rooted in DIR) [yes] ], with_pam=$withval, with_pam=yes) if test "$with_pam" != no; then if test -d $with_pam; then CPPFLAGS="$CPPFLAGS -I${with_pam}/include" LDFLAGS="$LDFLAGS -L${with_pam}/lib" fi cmu_save_LIBS="$LIBS" AC_CHECK_LIB(pam, pam_start, [ AC_CHECK_HEADER(security/pam_appl.h,, with_pam=no)], with_pam=no, $SASL_DL_LIB) LIBS="$cmu_save_LIBS" fi AC_ARG_WITH(ipctype, [ --with-ipctype={unix,doors} use ipctype [unix] ], with_ipctype=$withval, with_ipctype="unix") MAIN_COMPAT_OBJ="saslauthd-${with_ipctype}.o" AC_SUBST(MAIN_COMPAT_OBJ) if test "$with_ipctype" = "doors"; then AC_DEFINE(USE_DOORS,[],[Use the doors IPC API]) AC_DEFINE(SASLAUTHD_THREADED,[],[Saslauthd runs threaded?]) LIBS="$LIBS -ldoor -lpthread" fi AC_MSG_CHECKING(for PAM support) AC_MSG_RESULT($with_pam) LIB_PAM="" if test "$with_pam" != no; then AC_DEFINE(HAVE_PAM,[],[Support for PAM?]) LIB_PAM="-lpam" fi AC_SUBST(LIB_PAM) AC_CHECK_LIB(resolv, inet_aton) AC_MSG_CHECKING(to include LDAP support) AC_ARG_WITH(ldap, [ --with-ldap=DIR use LDAP (in DIR) [no] ], with_ldap=$withval, with_ldap=no) AC_MSG_RESULT($with_ldap) if test -d $with_ldap; then CPPFLAGS="$CPPFLAGS -I${with_ldap}/include" CMU_ADD_LIBPATH(${with_ldap}/lib) fi LDAP_LIBS="" if test "$with_ldap" != no; then AC_CHECK_LIB(ldap, ldap_initialize, [ AC_DEFINE(HAVE_LDAP,[],[Support for LDAP?]) LDAP_LIBS="-lldap -llber" if test "$with_openssl" != "no"; then LDAP_LIBS="$LDAP_LIBS -lcrypto $LIB_RSAREF" fi],,-llber) fi AC_SUBST(LDAP_LIBS) dnl Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_HEADER_TIME AC_CHECK_HEADERS(crypt.h fcntl.h krb5.h strings.h syslog.h unistd.h sys/time.h sys/uio.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_PID_T LTLIBOBJS=`echo "$LIB@&t@OBJS" | sed 's,\.[[^.]]* ,.lo ,g;s,\.[[^.]]*$,.lo,'` AC_SUBST(LTLIBOBJS) dnl Checks for which function macros exist AC_MSG_CHECKING(whether $CC implements __func__) AC_CACHE_VAL(have_func, [AC_TRY_LINK([#include ],[printf("%s", __func__);], have_func=yes, have_func=no)]) AC_MSG_RESULT($have_func) if test "$have_func" = yes; then AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__]) else AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__) AC_CACHE_VAL(have_pretty_function, [AC_TRY_LINK([#include ],[printf("%s", __PRETTY_FUNCTION__);], have_pretty_function=yes, have_pretty_function=no)]) AC_MSG_RESULT($have_pretty_function) if test "$have_pretty_function" = yes; then AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__]) else AC_MSG_CHECKING(whether $CC implements __FUNCTION__) AC_CACHE_VAL(have_function, [AC_TRY_LINK([#include ],[printf("%s", __FUNCTION__);], have_function=yes, have_function=no)]) AC_MSG_RESULT($have_function) if test "$have_function" = yes; then AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__]) fi fi fi dnl Checks for library functions. AC_TYPE_SIGNAL AC_CHECK_FUNCS(gethostname mkdir socket strdup) AC_CHECK_FUNCS(getspnam getuserpw, break) AC_CHECK_FUNCS(strlcat strlcpy) if test $ac_cv_func_getspnam = yes; then AC_MSG_CHECKING(if getpwnam_r/getspnam_r take 5 arguments) AC_TRY_COMPILE( [ #include #include #include ], [ struct passwd *pw; struct passwd pwbuf; char pwdata[512]; (void) getpwnam_r("bin", &pwbuf, pwdata, sizeof(pwdata), &pw); ], [AC_MSG_RESULT(yes) AC_DEFINE(GETXXNAM_R_5ARG, 1, [Define if your getpwnam_r()/getspnam_r() functions take 5 arguments])], [AC_MSG_RESULT(no)] ) fi dnl Check for getaddrinfo GETADDRINFOOBJS="" sasl_cv_getaddrinfo=no IPv6_CHECK_FUNC(getaddrinfo, [AC_DEFINE(HAVE_GETADDRINFO,[],[Do we have a getaddrinfo() function?])], [sasl_cv_getaddrinfo=yes]) if test $sasl_cv_getaddrinfo = yes; then AC_LIBOBJ(getaddrinfo) fi dnl Check for getnameinfo GETNAMEINFOOBJS="" sasl_cv_getnameinfo=no IPv6_CHECK_FUNC(getnameinfo, [AC_DEFINE(HAVE_GETNAMEINFO,[],[Do we have a getnameinfo() function?])], [sasl_cv_getnameinfo=yes]) if test $sasl_cv_getnameinfo = yes; then AC_LIBOBJ(getnameinfo) fi IPv6_CHECK_SS_FAMILY() IPv6_CHECK_SA_LEN() IPv6_CHECK_SOCKLEN_T() AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE,[],[Do we have a sockaddr_storage struct?])) AH_TOP([ #ifndef _SASLAUTHD_H #define _SASLAUTHD_H #include ]) AH_BOTTOM([ #ifndef HAVE___ATTRIBUTE__ /* Can't use attributes... */ #define __attribute__(foo) #endif #include #include #include #ifndef WIN32 # include # include #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif /* HAVE_SOCKLEN_T */ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE #define _SS_MAXSIZE 128 /* Implementation specific max size */ #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { struct sockaddr ss_sa; char __ss_pad2[_SS_PADSIZE]; }; # define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #ifndef AF_INET6 /* Define it to something that should never appear */ #define AF_INET6 AF_MAX #endif /* Create a struct iovec if we need one */ #if !defined(HAVE_SYS_UIO_H) struct iovec { long iov_len; char *iov_base; }; #else #include #include #endif #ifndef HAVE_GETADDRINFO #define getaddrinfo sasl_getaddrinfo #define freeaddrinfo sasl_freeaddrinfo #define getnameinfo sasl_getnameinfo #define gai_strerror sasl_gai_strerror #include "gai.h" #endif #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ #define AI_NUMERICHOST 4 #define NI_NUMERICHOST 2 #define NI_NAMEREQD 4 #define NI_NUMERICSERV 8 #endif /* handy string manipulation functions */ #ifndef HAVE_STRLCPY extern size_t saslauthd_strlcpy(char *dst, const char *src, size_t len); #define strlcpy(x,y,z) saslauthd_strlcpy((x),(y),(z)) #endif #ifndef HAVE_STRLCAT extern size_t saslauthd_strlcat(char *dst, const char *src, size_t len); #define strlcat(x,y,z) saslauthd_strlcat((x),(y),(z)) #endif #endif ]) AC_CONFIG_HEADERS(saslauthd.h) AC_OUTPUT(Makefile) cyrus-sasl-2.1.25/saslauthd/auth_rimap.h0000666000076400007640000000274507403027676015160 00000000000000/* COPYRIGHT * Copyright (c) 1998 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ char *auth_rimap(const char *, const char *, const char *, const char *); int auth_rimap_init(void); cyrus-sasl-2.1.25/saslauthd/auth_httpform.h0000666000076400007640000000274210405351505015673 00000000000000/* COPYRIGHT * Copyright (c) 2005 Pyx Engineering AG * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY PYX ENGINEERING AG ''AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL PYX ENGINEERING AG OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ char *auth_httpform(const char *, const char *, const char *, const char *); int auth_httpform_init(void); cyrus-sasl-2.1.25/saslauthd/saslauthd_md5.h0000666000076400007640000000270407641124634015553 00000000000000/* MD5.H - header file for MD5C.C */ /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. */ /* MD5 context. */ typedef struct { UINT4 state[4]; /* state (ABCD) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ unsigned char buffer[64]; /* input buffer */ } MD5_CTX; void _saslauthd_MD5Init PROTO_LIST ((MD5_CTX *)); void _saslauthd_MD5Update PROTO_LIST ((MD5_CTX *, unsigned char *, unsigned int)); void _saslauthd_MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); void _saslauthd_hmac_md5 PROTO_LIST ((unsigned char *, int, unsigned char *, int, caddr_t)); cyrus-sasl-2.1.25/saslauthd/globals.h0000666000076400007640000000505010030621732014421 00000000000000/******************************************************************************* * ***************************************************************************** * * * * globals.h * * * * Description: Header file for all application wide globale variables. * * * * Copyright (c) 1997-2000 Messaging Direct Ltd. * * All rights reserved. * * * * Redistribution and use in source and binary forms, with or without * * modification, are permitted provided that the following conditions * * are met: * * * * 1. Redistributions of source code must retain the above copyright * * notice, this list of conditions and the following disclaimer. * * * * 2. Redistributions in binary form must reproduce the above copyright * * notice, this list of conditions and the following disclaimer in the * * documentation and/or other materials provided with the distribution. * * * * THIS SOFTWARE IS PROVIDED ``AS IS''. ANY EXPRESS OR IMPLIED WARRANTIES, * * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * * IN NO EVENT SHALL JEREMY RUMPF OR ANY CONTRIBUTER TO THIS SOFTWARE BE * * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF * * THE POSSIBILITY OF SUCH DAMAGE * * * * HISTORY * * * * This source file created using 8 space tabs. * * * ****************************************************************************** ********************************************************************************/ #ifndef _GLOBALS_H #define _GLOBALS_H #include "mechanisms.h" /* saslauthd-main.c */ extern int g_argc; extern char **g_argv; extern int flags; extern int num_procs; extern char *mech_option; extern char *run_path; extern authmech_t *auth_mech; /* flags bits */ #define VERBOSE (1 << 1) #define LOG_USE_SYSLOG (1 << 2) #define LOG_USE_STDERR (1 << 3) #define AM_MASTER (1 << 4) #define USE_ACCEPT_LOCK (1 << 5) #define DETACH_TTY (1 << 6) #define CACHE_ENABLED (1 << 7) #define USE_PROCESS_MODEL (1 << 8) #define CONCAT_LOGIN_REALM (1 << 9) #endif /* _GLOBALS_H */ cyrus-sasl-2.1.25/saslauthd/auth_sasldb.h0000666000076400007640000000271307403027677015314 00000000000000/* COPYRIGHT * Copyright (c) 1997 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ char *auth_sasldb(const char *, const char *, const char *, const char *); cyrus-sasl-2.1.25/saslauthd/mechanisms.h0000646000076400007640000000550410414247656015146 00000000000000/* COPYRIGHT * Copyright (c) 1997-2000 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ #ifdef __GNUC__ #ident "$Id: mechanisms.h,v 1.10 2006/03/13 20:17:09 mel Exp $" #endif #ifndef _MECHANISMS_H #define _MECHANISMS_H #include "saslauthd.h" /* PUBLIC DEPENDENCIES */ /* Authentication mechanism dispatch table definition */ typedef struct { char *name; /* name of the mechanism */ int (*initialize)(void); /* initialization function */ char *(*authenticate)(const char *, const char *, const char *, const char *); /* authentication function */ } authmech_t; extern authmech_t mechanisms[]; /* array of supported auth mechs */ extern authmech_t *authmech; /* auth mech daemon is using */ /* END PUBLIC DEPENDENCIES */ /* * Figure out which optional drivers we support. */ #ifndef AUTH_KRB5 # if defined(HAVE_KRB5_H) && defined(HAVE_GSSAPI) # define AUTH_KRB5 # endif #endif #ifndef AUTH_KRB4 # if defined(HAVE_KRB) # define AUTH_KRB4 # endif #endif #ifndef AUTH_DCE # if defined(HAVE_USERSEC_H) && defined(HAVE_AUTHENTICATE) # define AUTH_DCE # endif #endif #ifndef AUTH_SHADOW # if defined(HAVE_GETSPNAM) || defined(HAVE_GETUSERPW) # define AUTH_SHADOW # endif #endif #ifndef AUTH_SIA # if defined(HAVE_SIA_VALIDATE_USER) # define AUTH_SIA # endif #endif #ifndef AUTH_PAM # ifdef HAVE_PAM # define AUTH_PAM # endif #endif #ifndef AUTH_LDAP # ifdef HAVE_LDAP # define AUTH_LDAP # endif #endif #ifndef AUTH_HTTPFORM # ifdef HAVE_HTTPFORM # define AUTH_HTTPFORM # endif #endif #endif /* _MECHANISMS_H */ cyrus-sasl-2.1.25/saslauthd/saslauthd.mdoc0000646000076400007640000001663511306006127015474 00000000000000.\" $Id: saslauthd.mdoc,v 1.19 2009/04/11 20:08:48 mel Exp $ .\" Copyright 1997-2001 Messaging Direct Ltd. All rights reserved. .\" .\" This manpage uses the BSD mdoc manpage macros. Please don't .\" downgrade it to -man. The -mdoc macros are included with .\" GNU roff, and, of course, with the BSD distributions. .\" .\" To make life easier for sites that don't support -mdoc, .\" please generate (and commit!) an updated pre-formatted .\" manpage in saslauthd.8 whenever you change this source .\" version. Only the pre-formatted manpage is installed. .\" .Dd 10 24 2002 .Dt SASLAUTHD 8 .Os "CMU-SASL" .Sh NAME .Nm saslauthd .Nd sasl authentication server .Sh SYNOPSIS .Nm .Fl a .Ar authmech .Op Fl \&Tvdchlr .Op Fl O Ar option .Op Fl m Ar mux_path .Op Fl n Ar threads .Op Fl s Ar size .Op Fl t Ar timeout .Sh DESCRIPTION .Nm is a daemon process that handles plaintext authentication requests on behalf of the SASL library. .Pp The server fulfills two roles: it isolates all code requiring superuser privileges into a single process, and it can be used to provide .Em proxy authentication services to clients that do not understand SASL based authentication. .Pp .Nm should be started from the system boot scripts when going to multi-user mode. When running against a protected authentication database (e.g. the .Li shadow mechanism), it must be run as the superuser. .Ss Options Options named by lower\-case letters configure the server itself. Upper\-case options control the behavior of specific authentication mechanisms; their applicability to a particular authentication mechanism is described in the .Sx AUTHENTICATION MECHANISMS section. .Bl -tag -width indent .It Fl a Ar authmech Use .Ar authmech as the authentication mechanism. (See the .Sx AUTHENTICATION MECHANISMS section below.) This parameter is mandatory. .It Fl O Ar option A mechanism specific option (e.g. rimap hostname or config file path) .It Fl H Ar hostname The remote host to be contacted by the .Li rimap authentication mechanism. (Deprecated, use -O instead) .It Fl m Ar path Use .Ar path as the pathname to the named socket to listen on for connection requests. This must be an absolute pathname, and MUST NOT include the trailing "/mux". Note that the default for this value is "/var/state/saslauthd" (or what was specified at compile time) and that this directory must exist for saslauthd to function. .It Fl n Ar threads Use .Ar threads processes for responding to authentication queries. (default: 5) A value of zero will indicate that saslauthd should fork an individual process for each connection. This can solve leaks that occur in some deployments. .It Fl s Ar size Use .Ar size as the table size of the hash table (in kilobytes) .It Fl t Ar timeout Use .Ar timeout as the expiration time of the authentication cache (in seconds) .It Fl T Honour time-of-day login restrictions. .It Fl h Show usage information .It Fl c Enable caching of authentication credentials .It Fl l Disable the use of a lock file for controlling access to accept(). .It Fl r Combine the realm with the login (with an '@' sign in between). e.g. login: "foo" realm: "bar" will get passed as login: "foo@bar". Note that the realm will still be passed, which may lead to unexpected behaviour. .It Fl v Print the version number and available authentication mechanisms on standard error, then exit. .It Fl d Debugging mode. .El .Ss Logging .Nm logs its activities via .Nm syslogd using the .Dv LOG_AUTH facility. .Sh AUTHENTICATION MECHANISMS .Nm supports one or more .Qq authentication mechanisms , dependent upon the facilities provided by the underlying operating system. The mechanism is selected by the .Fl aho flag from the following list of choices: .Bl -tag -width "kerberos4" .It Li dce .Em (AIX) .Pp Authenticate using the DCE authentication environment. .It Li getpwent .Em (All platforms) .Pp Authenticate using the .Fn getpwent library function. Typically this authenticates against the local password file. See your system's .Xr getpwent 3 man page for details. .It Li kerberos4 .Em (All platforms) .Pp Authenticate against the local Kerberos 4 realm. (See the .Sx NOTES section for caveats about this driver.) .It Li kerberos5 .Em (All platforms) .Pp Authenticate against the local Kerberos 5 realm. .It Li pam .Em (Linux, Solaris) .Pp Authenticate using Pluggable Authentication Modules (PAM). .It Li rimap .Em (All platforms) .Pp Forward authentication requests to a remote IMAP server. This driver connects to a remote IMAP server, specified using the -O flag, and attempts to login (via an IMAP .Ql LOGIN command) using the credentials supplied to the local server. If the remote authentication succeeds the local connection is also considered to be authenticated. The remote connection is closed as soon as the tagged response from the .Ql LOGIN command is received from the remote server. .Pp The .Ar option parameter to the .Fl O flag describes the remote server to forward authentication requests to. .Ar hostname can be a hostname (imap.example.com) or a dotted\-quad IP address (192.168.0.1). The latter is useful if the remote server is multi\-homed and has network interfaces that are unreachable from the local IMAP server. The remote host is contacted on the .Ql imap service port. A non\-default port can be specified by appending a slash and the port name or number to the .Ar hostname argument. .Pp The .Fl O flag and argument are mandatory when using the .Li rimap mechanism. .It Li shadow .Em (AIX, Irix, Linux, Solaris) .Pp Authenticate against the local .Qq shadow password file . The exact mechanism is system dependent. .Nm currently understands the .Fn getspnam and .Fn getuserpw library routines. Some systems honour the .Fl T flag. .It Li sasldb .Em (All platforms) .Pp Authenticate against the SASL authentication database. Note that this is probably not what you want to use, and is even disabled at compile-time by default. If you want to use sasldb with the SASL library, you probably want to use the pwcheck_method of "auxprop" along with the sasldb auxprop plugin instead. .It Li ldap .Em (All platforms that support OpenLDAP 2.0 or higher) .Pp Authenticate against an ldap server. The ldap configuration parameters are read from /usr/local/etc/saslauthd.conf. The location of this file can be changed with the -O parameter. See the LDAP_SASLAUTHD file included with the distribution for the list of available parameters. .It Li sia .Em (Digital UNIX) .Pp Authenticate using the Digital .Ux Security Integration Architecture (a.k.a. .Qq enhanced security ) . .El .Sh NOTES The .Li kerberos4 authentication driver consumes considerable resources. To perform an authentication it must obtain a ticket granting ticket from the TGT server .Sy on every authentication request. The Kerberos library routines that obtain the TGT also create a local ticket file, on the reasonable assumption that you will want to save the TGT for use by other Kerberos applications. These ticket files are unusable by .Nm No , however there is no way not to create them. The overhead of creating and removing these ticket files can cause serious performance degradation on busy servers. (Kerberos was never intended to be used in this manner, anyway.) .Sh FILES .Bl -tag -width "/var/run/saslauthd/mux" .It Pa /var/run/saslauthd/mux The default communications socket. .It Pa /usr/local/etc/saslauthd.conf The default configuration file for ldap support. .El .Sh SEE ALSO .Xr passwd 1 , .Xr getpwent 3 , .Xr getspnam 3 , .Xr getuserpw 3 , .Xr sasl_checkpass 3 .Xr sia_authenticate_user 3 , cyrus-sasl-2.1.25/saslauthd/auth_pam.c0000666000076400007640000001645610241567607014621 00000000000000/* MODULE: auth_pam */ /* COPYRIGHT * Copyright (c) 2000 Fabian Knittel. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain any existing copyright * notice, and this entire permission notice in its entirety, * including the disclaimer of warranties. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 2. Redistributions in binary form must reproduce all prior and current * copyright notices, this list of conditions, and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ /* * Pluggable Authentication Modules, PAM(8), based authentication module * for saslauthd. * * Written by Fabian Knittel . Original implementation * Debian's pwcheck_pam daemon by Michael-John Turner . */ /* PUBLIC DEPENDENCIES */ #include "mechanisms.h" #include #ifdef HAVE_CONFIG_H #include #endif #ifdef AUTH_PAM # include # include #ifdef HAVE_SECURITY_PAM_APPL_H # include #elif defined(HAVE_PAM_PAM_APPL_H) # include #endif # include "auth_pam.h" /* END PUBLIC DEPENDENCIES */ /* Structure for application specific data passed through PAM * to our conv call-back routine saslauthd_pam_conv. */ typedef struct { const char *login; /* plaintext authenticator */ const char *password; /* plaintext password */ pam_handle_t *pamh; /* pointer to PAM handle */ } pam_appdata; # define RETURN(x) return strdup(x) /* FUNCTION: saslauthd_pam_conv */ /* SYNOPSIS * Call-back function used by the PAM library to communicate with us. Each * received message expects a response, pointed to by resp. * END SYNOPSIS */ static int /* R: PAM return code */ saslauthd_pam_conv ( /* PARAMETERS */ int num_msg, /* I: number of messages */ const struct pam_message **msg, /* I: pointer to array of messages */ struct pam_response **resp, /* O: pointer to pointer of response */ void *appdata_ptr /* I: pointer to app specific data */ /* END PARAMETERS */ ) { /* VARIABLES */ pam_appdata *my_appdata; /* application specific data */ struct pam_response *my_resp; /* response created by this func */ int i; /* loop counter */ const char *login_prompt; /* string prompting for user-name */ int rc; /* return code holder */ /* END VARIABLES */ my_appdata = appdata_ptr; my_resp = malloc(sizeof(struct pam_response) * num_msg); if (my_resp == NULL) return PAM_CONV_ERR; for (i = 0; i < num_msg; i++) switch (msg[i]->msg_style) { /* * We assume PAM_PROMPT_ECHO_OFF to be a request for password. * This assumption might be unsafe. * * For PAM_PROMPT_ECHO_ON we first check whether the provided * request string matches PAM_USER_PROMPT and, only if they do * match, assume it to be a request for the login. */ case PAM_PROMPT_ECHO_OFF: /* password */ my_resp[i].resp = strdup(my_appdata->password); if (my_resp[i].resp == NULL) { syslog(LOG_DEBUG, "DEBUG: saslauthd_pam_conv: strdup failed"); goto ret_error; } my_resp[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: /* username? */ /* Recheck setting each time, as it might have been changed in the mean-while. */ rc = pam_get_item(my_appdata->pamh, PAM_USER_PROMPT, (void *) &login_prompt); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, "DEBUG: saslauthd_pam_conv: unable to read " "login prompt string: %s", pam_strerror(my_appdata->pamh, rc)); goto ret_error; } if (strcmp(msg[i]->msg, login_prompt) == 0) { my_resp[i].resp = strdup(my_appdata->login); my_resp[i].resp_retcode = PAM_SUCCESS; } else { /* ignore */ syslog(LOG_DEBUG, "DEBUG: saslauthd_pam_conv: unknown prompt " "string: %s", msg[i]->msg); my_resp[i].resp = NULL; my_resp[i].resp_retcode = PAM_SUCCESS; } break; case PAM_ERROR_MSG: /* ignore */ case PAM_TEXT_INFO: /* ignore */ my_resp[i].resp = NULL; my_resp[i].resp_retcode = PAM_SUCCESS; break; default: /* error */ goto ret_error; } *resp = my_resp; return PAM_SUCCESS; ret_error: /* * Free response structure. Don't free my_resp[i], as that * isn't initialised yet. */ { int y; for (y = 0; y < i; y++) if (my_resp[y].resp != NULL) free(my_resp[y].resp); free(my_resp); } return PAM_CONV_ERR; } /* END FUNCTION: saslauthd_pam_conv */ /* FUNCTION: auth_pam */ char * /* R: allocated response string */ auth_pam ( /* PARAMETERS */ const char *login, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service, /* I: service name */ const char *realm __attribute__((unused)) /* END PARAMETERS */ ) { /* VARIABLES */ pam_appdata my_appdata; /* application specific data */ struct pam_conv my_conv; /* pam conversion data */ pam_handle_t *pamh; /* pointer to PAM handle */ int rc; /* return code holder */ /* END VARIABLES */ my_appdata.login = login; my_appdata.password = password; my_appdata.pamh = NULL; my_conv.conv = saslauthd_pam_conv; my_conv.appdata_ptr = &my_appdata; rc = pam_start(service, login, &my_conv, &pamh); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_start failed: %s", pam_strerror(pamh, rc)); RETURN("NO PAM start error"); } my_appdata.pamh = pamh; rc = pam_authenticate(pamh, PAM_SILENT); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_authenticate failed: %s", pam_strerror(pamh, rc)); pam_end(pamh, rc); RETURN("NO PAM auth error"); } rc = pam_acct_mgmt(pamh, PAM_SILENT); if (rc != PAM_SUCCESS) { syslog(LOG_DEBUG, "DEBUG: auth_pam: pam_acct_mgmt failed: %s", pam_strerror(pamh, rc)); pam_end(pamh, rc); RETURN("NO PAM acct error"); } pam_end(pamh, PAM_SUCCESS); RETURN("OK"); } /* END FUNCTION: auth_pam */ #else /* !AUTH_PAM */ char * auth_pam( const char *login __attribute__((unused)), const char *password __attribute__((unused)), const char *service __attribute__((unused)), const char *realm __attribute__((unused)) ) { return NULL; } #endif /* !AUTH_PAM */ /* END MODULE: auth_pam */ cyrus-sasl-2.1.25/saslauthd/ipc_unix.c0000666000076400007640000003732607750260502014633 00000000000000/******************************************************************************* * * ipc_unix.c * * Description: Implements the AF_UNIX IPC method. * * Copyright (c) 1997-2000 Messaging Direct Ltd. * All rights reserved. * * Portions Copyright (c) 2003 Jeremy Rumpf * jrumpf@heavyload.net * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * * * HISTORY * * * This source file created using 8 space tabs. * ********************************************************************************/ /**************************************** * enable/disable ifdef *****************************************/ #include "saslauthd-main.h" #ifdef USE_UNIX_IPC /****************************************/ /**************************************** * includes *****************************************/ #include #include #include #include #include #include #include #include #include #include #include "globals.h" #include "utils.h" /**************************************** * declarations/protos *****************************************/ static void do_request(int); static void send_no(int, char *); static int rel_accept_lock(); static int get_accept_lock(); /**************************************** * module globals *****************************************/ static int sock_fd; /* descriptor for the socket */ static int accept_fd; /* descriptor for the accept lock */ static struct sockaddr_un server; /* domain socket control, server side */ static struct sockaddr_un client; /* domain socket control, client side */ static SALEN_TYPE len; /* length for the client sockaddr_un */ static char *sock_file; /* path to the AF_UNIX socket */ static char *accept_file;/* path to the accept() lock file */ /**************************************** * flags global from saslauthd-main.c * run_path global from saslauthd-main.c * num_procs global from saslauthd-main.c * detach_tty() function from saslauthd-main.c * rx_rec() function from utils.c * tx_rec() function from utils.c * logger() function from utils.c *****************************************/ /************************************************************* * IPC init. Initialize the environment specific to the * AF_UNIX IPC method. * * __Required Function__ **************************************************************/ void ipc_init() { int rc; size_t sock_file_len; /********************************************************* * When we're not preforking, using an accept lock is a * waste of resources. Otherwise, setup the accept lock * file. **********************************************************/ if (num_procs == 0) flags &= ~USE_ACCEPT_LOCK; if (flags & USE_ACCEPT_LOCK) { size_t accept_file_len; accept_file_len = strlen(run_path) + sizeof(ACCEPT_LOCK_FILE) + 1; if ((accept_file = malloc(accept_file_len)) == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } strlcpy(accept_file, run_path, accept_file_len); strlcat(accept_file, ACCEPT_LOCK_FILE, accept_file_len); if ((accept_fd = open(accept_file, O_RDWR|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR)) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not open accept lock file: %s", accept_file); logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); exit(1); } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "using accept lock file: %s", accept_file); } /************************************************************** * We're at the point where we can't really do anything else * until we attempt to detach or daemonize. **************************************************************/ detach_tty(); /************************************************************** * Setup the UNIX domain socket **************************************************************/ sock_file_len = strlen(run_path) + sizeof(SOCKET_FILE) + 1; if ((sock_file = malloc(sock_file_len)) == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } strlcpy(sock_file, run_path, sock_file_len); strlcat(sock_file, SOCKET_FILE, sock_file_len); unlink(sock_file); memset(&server, 0, sizeof(server)); strlcpy(server.sun_path, sock_file, sizeof(server.sun_path)); server.sun_family = AF_UNIX; if ((sock_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not create socket"); logger(L_ERR, L_FUNC, "socket: %s", strerror(rc)); exit(1); } umask(0); if (bind(sock_fd, (struct sockaddr *)&server, sizeof(server)) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not bind to socket: %s", sock_file); logger(L_ERR, L_FUNC, "bind: %s", strerror(rc)); exit(1); } if (chmod(sock_file, S_IRWXU|S_IRWXG|S_IRWXO) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not chmod socket: %s", sock_file); logger(L_ERR, L_FUNC, "chmod: %s", strerror(rc)); exit(1); } fchmod(sock_fd, S_IRWXU|S_IRWXG|S_IRWXO); umask(077); if (listen(sock_fd, SOCKET_BACKLOG) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not listen on socket: %s", sock_file); logger(L_ERR, L_FUNC, "listen: %s", strerror(rc)); exit(1); } logger(L_INFO, L_FUNC, "listening on socket: %s", sock_file); /************************************************************** * Ok boys... Let's procreate... If necessary of course... * Num_procs == 0 means we're running one shot per process. In * that case, we'll handle forking on a per connection basis. **************************************************************/ if (num_procs != 0) flags |= USE_PROCESS_MODEL; return; } /************************************************************* * Main IPC loop. Handle all the socket accept stuff, fork if * needed, then pass things off to do_request(). * * __Required Function__ **************************************************************/ void ipc_loop() { int rc; int conn_fd; while(1) { len = sizeof(client); /************************************************************** * First, if needed, get the accept lock. If it fails, take a * nap and go to the top of the loop. (or should we just die?) *************************************************************/ if (get_accept_lock() != 0) { sleep(5); continue; } conn_fd = accept(sock_fd, (struct sockaddr *)&client, &len); rc = errno; rel_accept_lock(); if (conn_fd == -1) { if (rc != EINTR) { logger(L_ERR, L_FUNC, "socket accept failure"); logger(L_ERR, L_FUNC, "accept: %s", strerror(rc)); sleep(5); } continue; } /************************************************************** * If we're running one shot, drop off a kid to handle the * connection. *************************************************************/ if (num_procs == 0) { if(flags & DETACH_TTY) { if (have_baby() > 0) { /* parent */ close(conn_fd); continue; } close(sock_fd); /* child */ } do_request(conn_fd); close(conn_fd); if(flags & DETACH_TTY) { exit(0); } else { continue; } } /************************************************************** * Normal prefork mode. *************************************************************/ do_request(conn_fd); close(conn_fd); } return; } /************************************************************* * General cleanup. Unlock, close, and unlink our files. * * __Required Function__ **************************************************************/ void ipc_cleanup() { struct flock lock_st; if (flags & USE_ACCEPT_LOCK) { lock_st.l_type = F_UNLCK; lock_st.l_start = 0; lock_st.l_whence = SEEK_SET; lock_st.l_len = 1; fcntl(accept_fd, F_SETLK, &lock_st); close(accept_fd); unlink(accept_file); if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "accept lock file removed: %s", accept_file); } close(sock_fd); unlink(sock_file); if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "socket removed: %s", sock_file); } /************************************************************* * Handle the comms on the socket, pass the request off to * do_auth() back in saslauthd-main.c, then transmit the * result back out on the socket. **************************************************************/ void do_request(int conn_fd) { unsigned short count; /* input/output data byte count */ unsigned short ncount; /* input/output data byte count, network */ char *response; /* response to send to the client */ char login[MAX_REQ_LEN + 1]; /* account name to authenticate */ char password[MAX_REQ_LEN + 1]; /* password for authentication */ char service[MAX_REQ_LEN + 1]; /* service name for authentication */ char realm[MAX_REQ_LEN + 1]; /* user realm for authentication */ /************************************************************** * The input data stream consists of the login id, password, * service name and user realm as counted length strings. * We read in each string, then dispatch the data. **************************************************************/ /* login id */ if (rx_rec(conn_fd, (void *)&count, (size_t)sizeof(count)) != (ssize_t)sizeof(count)) return; count = ntohs(count); if (count > MAX_REQ_LEN) { logger(L_ERR, L_FUNC, "login exceeded MAX_REQ_LEN: %d", MAX_REQ_LEN); send_no(conn_fd, ""); return; } if (rx_rec(conn_fd, (void *)login, (size_t)count) != (ssize_t)count) return; login[count] = '\0'; /* password */ if (rx_rec(conn_fd, (void *)&count, (size_t)sizeof(count)) != (ssize_t)sizeof(count)) return; count = ntohs(count); if (count > MAX_REQ_LEN) { logger(L_ERR, L_FUNC, "password exceeded MAX_REQ_LEN: %d", MAX_REQ_LEN); send_no(conn_fd, ""); return; } if (rx_rec(conn_fd, (void *)password, (size_t)count) != (ssize_t)count) return; password[count] = '\0'; /* service */ if (rx_rec(conn_fd, (void *)&count, (size_t)sizeof(count)) != (ssize_t)sizeof(count)) return; count = ntohs(count); if (count > MAX_REQ_LEN) { logger(L_ERR, L_FUNC, "service exceeded MAX_REQ_LEN: %d", MAX_REQ_LEN); send_no(conn_fd, ""); return; } if (rx_rec(conn_fd, (void *)service, (size_t)count) != (ssize_t)count) return; service[count] = '\0'; /* realm */ if (rx_rec(conn_fd, (void *)&count, (size_t)sizeof(count)) != (ssize_t)sizeof(count)) return; count = ntohs(count); if (count > MAX_REQ_LEN) { logger(L_ERR, L_FUNC, "realm exceeded MAX_REQ_LEN: %d", MAX_REQ_LEN); send_no(conn_fd, ""); return; } if (rx_rec(conn_fd, (void *)realm, (size_t)count) != (ssize_t)count) return; realm[count] = '\0'; /************************************************************** * We don't allow NULL passwords or login names **************************************************************/ if (*login == '\0') { logger(L_ERR, L_FUNC, "NULL login received"); send_no(conn_fd, "NULL login received"); return; } if (*password == '\0') { logger(L_ERR, L_FUNC, "NULL password received"); send_no(conn_fd, "NULL password received"); return; } /************************************************************** * Get the mechanism response from do_auth() and send it back. **************************************************************/ response = do_auth(login, password, service, realm); memset(password, 0, strlen(password)); if (response == NULL) { send_no(conn_fd, "NULL response from mechanism"); return; } count = strlen(response); ncount = htons(count); if (tx_rec(conn_fd, (void *)&ncount, (size_t)sizeof(ncount)) != (ssize_t)sizeof(ncount)) { free(response); return; } if (tx_rec(conn_fd, (void *)response, (size_t)count) != (ssize_t)sizeof(count)) { free(response); return; } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "response: %s", response); free(response); return; } /************************************************************* * In case something went out to lunch while reading in the * request data, we may want to attempt to send out a default * "NO" response on the socket. The mesg is optional. **************************************************************/ void send_no(int conn_fd, char *mesg) { char buff[1024]; unsigned short count; unsigned short ncount; buff[0] = 'N'; buff[1] = 'O'; buff[2] = ' '; /* buff, except for the trailing NUL and 'NO ' */ strncpy(buff + 3, mesg, sizeof(buff) - 1 - 3); buff[1023] = '\0'; count = strlen(buff); ncount = htons(count); if (tx_rec(conn_fd, (void *)&ncount, (size_t)sizeof(ncount)) != (ssize_t)sizeof(ncount)) return; if (tx_rec(conn_fd, (void *)buff, (size_t)count) != (ssize_t)sizeof(count)) return; if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "response: %s", buff); return; } /************************************************************* * Attempt to get a write lock on the accept lock file. * Return 0 if everything went ok, return -1 if something bad * happened. This function is expected to block. **************************************************************/ int get_accept_lock() { struct flock lock_st; int rc; if (!(flags & USE_ACCEPT_LOCK)) return 0; lock_st.l_type = F_WRLCK; lock_st.l_start = 0; lock_st.l_whence = SEEK_SET; lock_st.l_len = 1; errno = 0; do { rc = fcntl(accept_fd, F_SETLKW, &lock_st); } while (rc != 0 && errno == EINTR); if (rc != 0) { rc = errno; logger(L_ERR, L_FUNC, "could not acquire accept lock"); logger(L_ERR, L_FUNC, "fcntl: %s", strerror(rc)); return -1; } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "acquired accept lock"); return 0; } /************************************************************* * Attempt to release the write lock on the accept lock file. * Return 0 if everything went ok, return -1 if something bad * happened. **************************************************************/ int rel_accept_lock() { struct flock lock_st; int rc; if (!(flags & USE_ACCEPT_LOCK)) return 0; lock_st.l_type = F_UNLCK; lock_st.l_start = 0; lock_st.l_whence = SEEK_SET; lock_st.l_len = 1; errno = 0; do { rc = fcntl(accept_fd, F_SETLKW, &lock_st); } while (rc != 0 && errno == EINTR); if (rc != 0) { rc = errno; logger(L_ERR, L_FUNC, "could not release accept lock"); logger(L_ERR, L_FUNC, "fcntl: %s", strerror(rc)); return -1; } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "released accept lock"); return 0; } #endif /* USE_UNIX_IPC */ cyrus-sasl-2.1.25/saslauthd/cfile.h0000666000076400007640000000443610173322676014104 00000000000000/* Simple Config file API * Dave Eckhardt * Rob Siemborski * Tim Martin (originally in Cyrus distribution) * $Id: cfile.h,v 1.1 2005/01/19 00:11:42 shadow Exp $ */ /* * Copyright (c) 2001 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The name "Carnegie Mellon University" must not be used to * endorse or promote products derived from this software without * prior written permission. For permission or any other legal * details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * tech-transfer@andrew.cmu.edu * * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/)." * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ struct cfile; /* cc can type check, nobody can look inside */ typedef struct cfile *cfile; cfile cfile_read(const char *filename, char *complaint, int complaint_len); const char *cfile_getstring(cfile cf,const char *key,const char *def); int cfile_getint(cfile cf,const char *key,int def); int cfile_getswitch(cfile cf,const char *key,int def); void cfile_free(cfile cf); cyrus-sasl-2.1.25/saslauthd/cache.c0000666000076400007640000006152707707540134014064 00000000000000/***************************************************************************** * * cache.c * * Description: Implements a credentail caching layer to ease the loading * on the authentication mechanisms. * * Copyright (C) 2003 Jeremy Rumpf * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS''. ANY EXPRESS OR IMPLIED WARRANTIES, * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL JEREMY RUMPF OR ANY CONTRIBUTER TO THIS SOFTWARE BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF * THE POSSIBILITY OF SUCH DAMAGE * * Jeremy Rumpf * jrumpf@heavyload.net * *****************************************************************************/ /**************************************** * includes *****************************************/ #include "saslauthd.h" #include #include #include #include #include #include #include #include #include #include #include #include "cache.h" #include "utils.h" #include "globals.h" #include "md5global.h" #include "saslauthd_md5.h" /**************************************** * module globals *****************************************/ static struct mm_ctl mm; static struct lock_ctl lock; static struct bucket *table = NULL; static struct stats *table_stats = NULL; static unsigned int table_size = 0; static unsigned int table_timeout = 0; /**************************************** * flags global from saslauthd-main.c * run_path global from saslauthd-main.c * tx_rec() function from utils.c * logger() function from utils.c *****************************************/ /************************************************************* * The initialization function. This function will setup * the hash table's memory region, initialize the table, etc. **************************************************************/ int cache_init(void) { int bytes; char cache_magic[64]; void *base; if (!(flags & CACHE_ENABLED)) return 0; memset(cache_magic, 0, sizeof(cache_magic)); strlcpy(cache_magic, CACHE_CACHE_MAGIC, sizeof(cache_magic)); /************************************************************** * Compute the size of the hash table. This and a stats * struct will make up the memory region. **************************************************************/ if (table_size == 0) table_size = CACHE_DEFAULT_TABLE_SIZE; bytes = (table_size * CACHE_MAX_BUCKETS_PER * sizeof(struct bucket)) \ + sizeof(struct stats) + 256; if ((base = cache_alloc_mm(bytes)) == NULL) return -1; if (table_timeout == 0) table_timeout = CACHE_DEFAULT_TIMEOUT; if (flags & VERBOSE) { logger(L_DEBUG, L_FUNC, "bucket size: %d bytes", sizeof(struct bucket)); logger(L_DEBUG, L_FUNC, "stats size : %d bytes", sizeof(struct stats)); logger(L_DEBUG, L_FUNC, "timeout : %d seconds", table_timeout); logger(L_DEBUG, L_FUNC, "cache table: %d total bytes", bytes); logger(L_DEBUG, L_FUNC, "cache table: %d slots", table_size); logger(L_DEBUG, L_FUNC, "cache table: %d buckets", table_size * CACHE_MAX_BUCKETS_PER); } /************************************************************** * At the top of the region is the magic and stats struct. The * slots follow. Due to locking, the counters in the stats * struct will not be entirely accurate. **************************************************************/ memset(base, 0, bytes); memcpy(base, cache_magic, 64); table_stats = (void *)((char *)base + 64); table_stats->table_size = table_size; table_stats->max_buckets_per = CACHE_MAX_BUCKETS_PER; table_stats->sizeof_bucket = sizeof(struct bucket); table_stats->timeout = table_timeout; table_stats->bytes = bytes; table = (void *)((char *)table_stats + 128); /************************************************************** * Last, initialize the hash table locking. **************************************************************/ if (cache_init_lock() != 0) return -1; return 0; } /************************************************************* * Here we'll take some credentials and run them through * the hash table. If we have a valid hit then all is good * return CACHE_OK. If we don't get a hit, write the entry to * the result pointer and expect a later call to * cache_commit() to flush the bucket into the table. **************************************************************/ int cache_lookup(const char *user, const char *realm, const char *service, const char *password, struct cache_result *result) { int user_length = 0; int realm_length = 0; int service_length = 0; int hash_offset; unsigned char pwd_digest[16]; MD5_CTX md5_context; time_t epoch; time_t epoch_timeout; struct bucket *ref_bucket; struct bucket *low_bucket; struct bucket *high_bucket; struct bucket *read_bucket = NULL; char userrealmserv[CACHE_MAX_CREDS_LENGTH]; static char *debug = "[login=%s] [service=%s] [realm=%s]: %s"; if (!(flags & CACHE_ENABLED)) return CACHE_FAIL; memset((void *)result, 0, sizeof(struct cache_result)); result->status = CACHE_NO_FLUSH; /************************************************************** * Initial length checks **************************************************************/ user_length = strlen(user) + 1; realm_length = strlen(realm) + 1; service_length = strlen(service) + 1; if ((user_length + realm_length + service_length) > CACHE_MAX_CREDS_LENGTH) { return CACHE_TOO_BIG; } /************************************************************** * Any ideas on how not to call time() for every lookup? **************************************************************/ epoch = time(NULL); epoch_timeout = epoch - table_timeout; /************************************************************** * Get the offset into the hash table and the md5 sum of * the password. **************************************************************/ strlcpy(userrealmserv, user, sizeof(userrealmserv)); strlcat(userrealmserv, realm, sizeof(userrealmserv)); strlcat(userrealmserv, service, sizeof(userrealmserv)); hash_offset = cache_pjwhash(userrealmserv); _saslauthd_MD5Init(&md5_context); _saslauthd_MD5Update(&md5_context, password, strlen(password)); _saslauthd_MD5Final(pwd_digest, &md5_context); /************************************************************** * Loop through the bucket chain to try and find a hit. * * low_bucket = bucket at the start of the slot. * * high_bucket = last bucket in the slot. * * read_bucket = Contains the matched bucket if found. * Otherwise is NULL. * * Also, lock the slot first to avoid contention in the * bucket chain. * **************************************************************/ table_stats->attempts++; if (cache_get_rlock(hash_offset) != 0) { table_stats->misses++; table_stats->lock_failures++; return CACHE_FAIL; } low_bucket = table + (CACHE_MAX_BUCKETS_PER * hash_offset); high_bucket = low_bucket + CACHE_MAX_BUCKETS_PER; for (ref_bucket = low_bucket; ref_bucket < high_bucket; ref_bucket++) { if (strcmp(user, ref_bucket->creds + ref_bucket->user_offt) == 0 && \ strcmp (realm, ref_bucket->creds + ref_bucket->realm_offt) == 0 && \ strcmp(service, ref_bucket->creds + ref_bucket->service_offt) == 0) { read_bucket = ref_bucket; break; } } /************************************************************** * If we have our fish, check the password. If it's good, * release the slot (row) lock and return CACHE_OK. Else, * we'll write the entry to the result pointer. If we have a * read_bucket, then tell cache_commit() to not rescan the * chain (CACHE_FLUSH). Else, have cache_commit() determine the * best bucket to place the new entry (CACHE_FLUSH_WITH_RESCAN). **************************************************************/ if (read_bucket != NULL && read_bucket->created > epoch_timeout) { if (memcmp(pwd_digest, read_bucket->pwd_digest, 16) == 0) { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with valid passwd"); cache_un_lock(hash_offset); table_stats->hits++; return CACHE_OK; } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, debug, user, realm, service, "found with invalid passwd, update pending"); result->status = CACHE_FLUSH; } else { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, debug, user, realm, service, "not found, update pending"); result->status = CACHE_FLUSH_WITH_RESCAN; } result->hash_offset = hash_offset; result->read_bucket = read_bucket; result->bucket.user_offt = 0; result->bucket.realm_offt = user_length; result->bucket.service_offt = user_length + realm_length; strcpy(result->bucket.creds + result->bucket.user_offt, user); strcpy(result->bucket.creds + result->bucket.realm_offt, realm); strcpy(result->bucket.creds + result->bucket.service_offt, service); memcpy(result->bucket.pwd_digest, pwd_digest, 16); result->bucket.created = epoch; cache_un_lock(hash_offset); table_stats->misses++; return CACHE_FAIL; } /************************************************************* * If it was later determined that the previous failed lookup * is ok, flush the result->bucket out to it's permanent home * in the hash table. **************************************************************/ void cache_commit(struct cache_result *result) { struct bucket *write_bucket; struct bucket *ref_bucket; struct bucket *low_bucket; struct bucket *high_bucket; if (!(flags & CACHE_ENABLED)) return; if (result->status == CACHE_NO_FLUSH) return; if (cache_get_wlock(result->hash_offset) != 0) { table_stats->lock_failures++; return; } if (result->status == CACHE_FLUSH) { write_bucket = result->read_bucket; } else { /********************************************************* * CACHE_FLUSH_WITH_RESCAN is the default action to take. * Simply traverse the slot looking for the oldest bucket * and mark it for writing. **********************************************************/ low_bucket = table + (CACHE_MAX_BUCKETS_PER * result->hash_offset); high_bucket = low_bucket + CACHE_MAX_BUCKETS_PER; write_bucket = low_bucket; for (ref_bucket = low_bucket; ref_bucket < high_bucket; ref_bucket++) { if (ref_bucket->created < write_bucket->created) write_bucket = ref_bucket; } } memcpy((void *)write_bucket, (void *)&(result->bucket), sizeof(struct bucket)); if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "lookup committed"); cache_un_lock(result->hash_offset); return; } /************************************************************* * Hashing function. Algorithm is an adaptation of Peter * Weinberger's (PJW) generic hashing algorithm, which * is based on Allen Holub's version. **************************************************************/ int cache_pjwhash(char *datum ) { const int BITS_IN_int = ( sizeof(int) * CHAR_BIT ); const int THREE_QUARTERS = ((int) ((BITS_IN_int * 3) / 4)); const int ONE_EIGHTH = ((int) (BITS_IN_int / 8)); const int HIGH_BITS = ( ~((unsigned int)(~0) >> ONE_EIGHTH )); unsigned int hash_value, i; for (hash_value = 0; *datum; ++datum) { hash_value = (hash_value << ONE_EIGHTH) + *datum; if ((i = hash_value & HIGH_BITS) != 0) hash_value = (hash_value ^ (i >> THREE_QUARTERS)) & ~HIGH_BITS; } return (hash_value % table_size); } /************************************************************* * Allow someone to set the hash table size (in kilobytes). * Since the hash table has to be prime, this won't be exact. **************************************************************/ void cache_set_table_size(const char *size) { unsigned int kilobytes; unsigned int bytes; unsigned int calc_bytes = 0; unsigned int calc_table_size = 1; kilobytes = strtol(size, (char **)NULL, 10); if (kilobytes <= 0) { logger(L_ERR, L_FUNC, "cache size must be positive and non zero"); exit(1); } bytes = kilobytes * 1024; calc_table_size = bytes / (sizeof(struct bucket) * CACHE_MAX_BUCKETS_PER); do { calc_table_size = cache_get_next_prime(calc_table_size); calc_bytes = calc_table_size * sizeof(struct bucket) * CACHE_MAX_BUCKETS_PER; } while (calc_bytes < bytes); table_size = calc_table_size; return; } /************************************************************* * Allow someone to set the table timeout (in seconds) **************************************************************/ void cache_set_timeout(const char *time) { table_timeout = strtol(time, (char **)NULL, 10); if (table_timeout <= 0) { logger(L_ERR, L_FUNC, "cache timeout must be positive"); exit(1); } return; } /************************************************************* * Find the next closest prime relative to the number given. * This is a variation of an implementation of the * Sieve of Erastothenes by Frank Pilhofer, * http://www.fpx.de/fp/Software/Sieve.html. **************************************************************/ unsigned int cache_get_next_prime(unsigned int number) { #define TEST(f,x) (*(f+((x)>>4))&(1<<(((x)&15L)>>1))) #define SET(f,x) *(f+((x)>>4))|=1<<(((x)&15)>>1) unsigned char *feld = NULL; unsigned int teste = 1; unsigned int max; unsigned int mom; unsigned int alloc; max = number + 20000; feld = malloc(alloc=(((max-=10000)>>4)+1)); if (feld == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } memset(feld, 0, alloc); while ((teste += 2) < max) { if (!TEST(feld, teste)) { if (teste > number) { free(feld); return teste; } for (mom=3*teste; mom 0) { if (tx_rec(file_fd, null_buff, sizeof(null_buff)) != (ssize_t)sizeof(null_buff)) { rc = errno; logger(L_ERR, L_FUNC, "failed while writing to mmap file: %s", mm.file); close(file_fd); return NULL; } chunk_count--; } if ((mm.base = mmap(NULL, bytes, PROT_READ|PROT_WRITE, MAP_SHARED, file_fd, 0))== (void *)-1) { rc = errno; logger(L_ERR, L_FUNC, "could not mmap shared memory segment"); logger(L_ERR, L_FUNC, "mmap: %s", strerror(rc)); close(file_fd); return NULL; } close(file_fd); if (flags & VERBOSE) { logger(L_DEBUG, L_FUNC, "mmaped shared memory segment on file: %s", mm.file); } return mm.base; } /************************************************************* * When we die we may need to perform some cleanup on the * mmaped region. We assume we're the last process out here. * Otherwise, deleting the file may cause SIGBUS signals to * be generated for other processes. **************************************************************/ void cache_cleanup_mm(void) { if (mm.base != NULL) { munmap(mm.base, mm.bytes); unlink(mm.file); if (flags & VERBOSE) { logger(L_DEBUG, L_FUNC, "cache mmap file removed: %s", mm.file); } } return; } /***************************************************************** * The following is relative to the fcntl() locking method. Probably * used when the Sys IV SHM Implementation is in effect. ****************************************************************/ #ifdef CACHE_USE_FCNTL /************************************************************* * Setup the locking stuff required to implement the fcntl() * style record locking of the hash table. Return 0 if * everything is peachy, otherwise -1. * __FCNTL Impl__ **************************************************************/ int cache_init_lock(void) { int rc; size_t flock_file_len; flock_file_len = strlen(run_path) + sizeof(CACHE_FLOCK_FILE) + 1; if ((lock.flock_file = (char *)malloc(flock_file_len)) == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); return -1; } strlcpy(lock.flock_file, run_path, flock_file_len); strlcat(lock.flock_file, CACHE_FLOCK_FILE, flock_file_len); if ((lock.flock_fd = open(lock.flock_file, O_RDWR|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR)) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not open flock file: %s", lock.flock_file); logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); return -1; } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "flock file opened at %s", lock.flock_file); return 0; } /************************************************************* * When the processes die we'll need to cleanup/delete * the flock_file. More for correctness than anything. * __FCNTL Impl__ **************************************************************/ void cache_cleanup_lock(void) { if (lock.flock_file != NULL) { unlink(lock.flock_file); if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "flock file removed: %s", lock.flock_file); } return; } /************************************************************* * Attempt to get a write lock on a slot. Return 0 if * everything went ok, return -1 if something bad happened. * This function is expected to block. * __FCNTL Impl__ **************************************************************/ int cache_get_wlock(unsigned int slot) { struct flock lock_st; int rc; lock_st.l_type = F_WRLCK; lock_st.l_start = slot; lock_st.l_whence = SEEK_SET; lock_st.l_len = 1; errno = 0; do { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "attempting a write lock on slot: %d", slot); rc = fcntl(lock.flock_fd, F_SETLKW, &lock_st); } while (rc != 0 && errno == EINTR); if (rc != 0) { rc = errno; logger(L_ERR, L_FUNC, "could not acquire a write lock on slot: %d\n", slot); logger(L_ERR, L_FUNC, "fcntl: %s", strerror(rc)); return -1; } return 0; } /************************************************************* * Attempt to get a read lock on a slot. Return 0 if * everything went ok, return -1 if something bad happened. * This function is expected to block. * __FCNTL Impl__ **************************************************************/ int cache_get_rlock(unsigned int slot) { struct flock lock_st; int rc; lock_st.l_type = F_RDLCK; lock_st.l_start = slot; lock_st.l_whence = SEEK_SET; lock_st.l_len = 1; errno = 0; do { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "attempting a read lock on slot: %d", slot); rc = fcntl(lock.flock_fd, F_SETLKW, &lock_st); } while (rc != 0 && errno == EINTR); if (rc != 0) { rc = errno; logger(L_ERR, L_FUNC, "could not acquire a read lock on slot: %d\n", slot); logger(L_ERR, L_FUNC, "fcntl: %s", strerror(rc)); return -1; } return 0; } /************************************************************* * Releases a previously acquired lock on a slot. * __FCNTL Impl__ **************************************************************/ int cache_un_lock(unsigned int slot) { struct flock lock_st; int rc; lock_st.l_type = F_UNLCK; lock_st.l_start = slot; lock_st.l_whence = SEEK_SET; lock_st.l_len = 1; errno = 0; do { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "attempting to release lock on slot: %d", slot); rc = fcntl(lock.flock_fd, F_SETLKW, &lock_st); } while (rc != 0 && errno == EINTR); if (rc != 0) { rc = errno; logger(L_ERR, L_FUNC, "could not release lock on slot: %d\n", slot); logger(L_ERR, L_FUNC, "fcntl: %s", strerror(rc)); return -1; } return 0; } #endif /* CACHE_USE_FCNTL */ /********************************************************************** * The following is relative to the POSIX threads rwlock method of locking * slots in the hash table. Used when the Doors IPC is in effect, thus * -lpthreads is evident. ***********************************************************************/ #ifdef CACHE_USE_PTHREAD_RWLOCK /************************************************************* * Initialize a pthread_rwlock_t for every slot (row) in the * hash table. Return 0 if everything went ok, -1 if we bomb. * __RWLock Impl__ **************************************************************/ int cache_init_lock(void) { unsigned int x; pthread_rwlock_t *rwlock; if (!(lock.rwlock = (pthread_rwlock_t *)malloc(sizeof(pthread_rwlock_t) * table_size))) { logger(L_ERR, L_FUNC, "could not allocate memory"); return -1; } for (x = 0; x < table_size; x++) { rwlock = lock.rwlock + x; if (pthread_rwlock_init(rwlock, NULL) != 0) { logger(L_ERR, L_FUNC, "failed to initialize lock %d", x); return -1; } } if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "%d rwlocks initialized", table_size); return 0; } /************************************************************* * Destroy all of the rwlocks, free the buffer. * __RWLock Impl__ **************************************************************/ void cache_cleanup_lock(void) { unsigned int x; pthread_rwlock_t *rwlock; if(!lock.rwlock) return; for(x=0; x #include #include #include #include #ifdef _AIX # include #endif /* _AIX */ #include #include #include #include #include #include #include #include "mechanisms.h" #include "utils.h" #include "cfile.h" #include "globals.h" #include "auth_httpform.h" /* END PUBLIC DEPENDENCIES */ #ifndef MAX #define MAX(p,q) ((p >= q) ? p : q) #endif /* PRIVATE DEPENDENCIES */ static cfile config = NULL; static const char *r_host = "localhost"; /* remote host (mech_option) */ static const char *r_port = "80"; /* remote port (mech_option) */ static const char *r_uri = NULL; /* URI to call (mech_option) */ static const char *formdata = NULL; /* HTML form data (mech_option) */ static struct addrinfo *ai = NULL; /* remote host, as looked up */ /* END PRIVATE DEPENDENCIES */ #define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */ #define RESP_LEN 1000 /* size of read response buffer */ #define TWO_CRLF "\r\n\r\n" #define CRLF "\r\n" #define SPACE " " #define HTTP_STATUS_SUCCESS "200" #define HTTP_STATUS_REFUSE "403" /* Common failure response strings for auth_httpform() */ #define RESP_IERROR "NO [ALERT] saslauthd internal error" #define RESP_UNAVAILABLE "NO [ALERT] The remote authentication server is currently unavailable" #define RESP_UNEXPECTED "NO [ALERT] Unexpected response from remote authentication server" /* FUNCTION: sig_null */ /* SYNOPSIS * Catch and ignore a signal. * END SYNOPSIS */ static RETSIGTYPE /* R: OS dependent */ sig_null ( /* PARAMETERS */ int sig /* I: signal being caught */ /* END PARAMETERS */ ) { switch (sig) { case SIGALRM: signal(SIGALRM, sig_null); break; case SIGPIPE: signal(SIGPIPE, sig_null); break; default: logger(L_INFO, "auth_httpform", "unexpected signal %d", sig); break; } #ifdef __APPLE__ return; #else /* __APPLE__ */ # if RETSIGTYPE == void return; # else /* RETSIGTYPE */ return 0; # endif /* RETSIGTYPE */ #endif /* __APPLE__ */ } /* END FUNCTION: sig_null */ /* FUNCTION: url_escape */ /* SYNOPSIS * URL-escapes the given string * * Note: calling function must free memory. * * END SYNOPSIS */ static char *url_escape( /* PARAMETERS */ const char *string /* END PARAMETERS */ ) { /* VARIABLES */ size_t length = strlen(string); size_t alloc = length+50; /* add some reserve */ char *out; int outidx=0, inidx=0; /* END VARIABLES */ out = malloc(alloc); if (!out) return NULL; while (inidx < length) { char in = string[inidx]; if (!(in >= 'a' && in <= 'z') && !(in >= 'A' && in <= 'Z') && !(in >= '0' && in <= '9') && in != '&' && in != '=' && in != '-' && in != '_') { /* encode it */ if (outidx+3 > alloc) { /* the size grows with two, since this'll become a %XX */ char *tmp = NULL; alloc *= 2; tmp = realloc(out, alloc); if (!tmp) { free(out); return NULL; } else { out = tmp; } } snprintf(&out[outidx], 4, "%%%02X", in); outidx += 3; } else { /* just copy this */ out[outidx++] = in; } inidx++; } out[outidx] = 0; /* terminate it */ return out; } /* END FUNCTION: url_escape */ /* FUNCTION: create_post_data */ /* SYNOPSIS * Replace %u, %p and %r in the form data read from the config file * with the actual username and password. * * Large parts of this functions have been shamelessly copied from * the sql_create_statement() in the sql.c plugin code * * Note: calling function must free memory. * * END SYNOPSIS */ static char *create_post_data( /* PARAMETERS */ const char *formdata, const char *user, const char *password, const char *realm /* END PARAMETERS */ ) { /* VARIABLES */ const char *ptr, *line_ptr; char *buf, *buf_ptr; int filtersize; int ulen, plen, rlen; int numpercents=0; int biggest; size_t i; /* END VARIABLES */ /* calculate memory needed for creating the complete query string. */ ulen = strlen(user); plen = strlen(password); rlen = strlen(realm); /* what if we have multiple %foo occurrences in the input query? */ for (i = 0; i < strlen(formdata); i++) { if (formdata[i] == '%') { numpercents++; } } /* find the biggest of ulen, plen */ biggest = MAX(MAX(ulen, plen), rlen); /* don't forget the trailing 0x0 */ filtersize = strlen(formdata) + 1 + (numpercents*biggest)+1; /* ok, now try to allocate a chunk of that size */ buf = (char *) malloc(filtersize); if (!buf) { logger(LOG_ERR, "auth_httpform:create_post_data", "failed to allocate memory"); return NULL; } buf_ptr = buf; line_ptr = formdata; /* replace the strings */ while ( (ptr = strchr(line_ptr, '%')) ) { /* copy up to but not including the next % */ memcpy(buf_ptr, line_ptr, ptr - line_ptr); buf_ptr += ptr - line_ptr; ptr++; switch (ptr[0]) { case '%': buf_ptr[0] = '%'; buf_ptr++; break; case 'u': memcpy(buf_ptr, user, ulen); buf_ptr += ulen; break; case 'p': memcpy(buf_ptr, password, plen); buf_ptr += plen; break; case 'r': memcpy(buf_ptr, realm, rlen); buf_ptr += rlen; break; default: buf_ptr[0] = '%'; buf_ptr[1] = ptr[0]; buf_ptr += 2; break; } ptr++; line_ptr = ptr; } /* don't forget the rest */ memcpy(buf_ptr, line_ptr, strlen(line_ptr)+1); return buf; } /* END FUNCTION: create_post_data */ /* FUNCTION: build_sasl_response */ /* SYNOPSIS * Build a SASL response out of the HTTP response * * Note: The returned string is malloced and will be free'd by the * saslauthd core * * END SYNOPSIS */ static char *build_sasl_response( /* PARAMETERS */ const char *http_response /* END PARAMETERS */ ) { /* VARIABLES */ size_t length = 0; char *c, *http_response_code, *http_response_string; char *sasl_response; /* END VARIABLES */ /* parse the response, just the first line */ /* e.g. HTTP/1.1 200 OK */ /* e.g. HTTP/1.1 403 User unknown */ c = strpbrk(http_response, CRLF); if (c != NULL) { *c = '\0'; /* tie off line termination */ } /* isolate the HTTP response code and string */ http_response_code = strpbrk(http_response, SPACE) + 1; http_response_string = strpbrk(http_response_code, SPACE) + 1; *(http_response_string-1) = '\0'; /* replace space after code with 0 */ if (!strcmp(http_response_code, HTTP_STATUS_SUCCESS)) { return strdup("OK remote authentication successful"); } if (!strcmp(http_response_code, HTTP_STATUS_REFUSE)) { /* return the HTTP response string as the SASL response */ length = strlen(http_response_string) + 3 + 1; sasl_response = malloc(length); if (sasl_response == NULL) return NULL; snprintf(sasl_response, length, "NO %s", http_response_string); return sasl_response; } logger(L_INFO, "auth_httpform", "unexpected response to auth request: %s %s", http_response_code, http_response_string); return strdup(RESP_UNEXPECTED); } /* END FUNCTION: build_sasl_response */ /* FUNCTION: auth_httpform_init */ /* SYNOPSIS * Validate the host and service names for the remote server. * END SYNOPSIS */ int auth_httpform_init ( /* PARAMETERS */ void /* no parameters */ /* END PARAMETERS */ ) { /* VARIABLES */ int rc; char *configname = NULL; struct addrinfo hints; /* END VARIABLES */ /* name of config file may be given with -O option */ if (mech_option) configname = mech_option; else if (access(SASLAUTHD_CONF_FILE_DEFAULT, F_OK) == 0) configname = SASLAUTHD_CONF_FILE_DEFAULT; /* open and read config file */ if (configname) { char complaint[1024]; if (!(config = cfile_read(configname, complaint, sizeof (complaint)))) { syslog(LOG_ERR, "auth_httpform_init %s", complaint); return -1; } } if (config) { r_host = cfile_getstring(config, "httpform_host", r_host); r_port = cfile_getstring(config, "httpform_port", r_port); r_uri = cfile_getstring(config, "httpform_uri", r_uri); formdata = cfile_getstring(config, "httpform_data", formdata); } if (formdata == NULL || r_uri == NULL) { syslog(LOG_ERR, "auth_httpform_init formdata and uri must be specified"); return -1; } /* lookup the host/port - taken from auth_rimap */ if (ai) freeaddrinfo(ai); memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_CANONNAME; if ((rc = getaddrinfo(r_host, r_port, &hints, &ai)) != 0) { syslog(LOG_ERR, "auth_httpform_init: getaddrinfo %s/%s: %s", r_host, r_port, gai_strerror(rc)); return -1; } /* Make sure we have AF_INET or AF_INET6 addresses. */ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) { syslog(LOG_ERR, "auth_httpform_init: no IP address info for %s", ai->ai_canonname ? ai->ai_canonname : r_host); freeaddrinfo(ai); ai = NULL; return -1; } return 0; } /* END FUNCTION: auth_httpform_init */ /* FUNCTION: auth_httpform */ /* SYNOPSIS * Proxy authenticate to a remote HTTP server with a form POST. * * This mechanism takes the plaintext authenticator and password, forms * them into an HTTP POST request. If the HTTP server responds with a 200 * status code, the credentials are considered valid. If it responds with * a 403 HTTP status code, the credentials are considered wrong. Any other * HTTP status code is treated like a network error. */ /* XXX This should be extended to support SASL PLAIN authentication */ char * /* R: Allocated response string */ auth_httpform ( /* PARAMETERS */ const char *user, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service, const char *realm /* END PARAMETERS */ ) { /* VARIABLES */ int s=-1; /* socket to remote auth host */ struct addrinfo *r; /* remote socket address info */ char *req; /* request, with user and pw */ char *escreq; /* URL-escaped request */ char *c; /* scratch pointer */ int rc; /* return code scratch area */ char postbuf[RESP_LEN]; /* request buffer */ int postlen; /* length of post request */ char rbuf[RESP_LEN]; /* response read buffer */ char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; int saved_errno; int niflags; /* END VARIABLES */ /* sanity checks */ assert(user != NULL); assert(password != NULL); /*establish connection to remote */ for (r = ai; r; r = r->ai_next) { s = socket(r->ai_family, r->ai_socktype, r->ai_protocol); if (s < 0) continue; if (connect(s, r->ai_addr, r->ai_addrlen) >= 0) break; close(s); s = -1; saved_errno = errno; niflags = (NI_NUMERICHOST | NI_NUMERICSERV); #ifdef NI_WITHSCOPEID if (r->ai_family == AF_INET6) niflags |= NI_WITHSCOPEID; #endif if (getnameinfo(r->ai_addr, r->ai_addrlen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf), niflags) != 0) { strlcpy(hbuf, "unknown", sizeof(hbuf)); strlcpy(pbuf, "unknown", sizeof(pbuf)); } errno = saved_errno; syslog(LOG_WARNING, "auth_httpform: connect %s[%s]/%s: %m", ai->ai_canonname ? ai->ai_canonname : r_host, hbuf, pbuf); } if (s < 0) { if (getnameinfo(ai->ai_addr, ai->ai_addrlen, NULL, 0, pbuf, sizeof(pbuf), NI_NUMERICSERV) != 0) strlcpy(pbuf, "unknown", sizeof(pbuf)); syslog(LOG_WARNING, "auth_httpform: couldn't connect to %s/%s", ai->ai_canonname ? ai->ai_canonname : r_host, pbuf); return strdup("NO [ALERT] Couldn't contact remote authentication server"); } /* CLAIM: we now have a TCP connection to the remote HTTP server */ /* * Install noop signal handlers. These just reinstall the handler * and return so that we take an EINTR during network I/O. */ (void) signal(SIGALRM, sig_null); (void) signal(SIGPIPE, sig_null); /* build the HTTP request */ req = create_post_data(formdata, user, password, realm); if (req == NULL) { close(s); syslog(LOG_WARNING, "auth_httpform: create_post_data == NULL"); return strdup(RESP_IERROR); } escreq = url_escape(req); if (escreq == NULL) { memset(req, 0, strlen(req)); free(req); close(s); syslog(LOG_WARNING, "auth_httpform: url_escape == NULL"); return strdup(RESP_IERROR); } postlen = snprintf(postbuf, RESP_LEN-1, "POST %s HTTP/1.1" CRLF "Host: %s:%s" CRLF "User-Agent: saslauthd" CRLF "Accept: */*" CRLF "Content-Type: application/x-www-form-urlencoded" CRLF "Content-Length: %d" TWO_CRLF "%s", r_uri, r_host, r_port, strlen(escreq), escreq); if (flags & VERBOSE) { syslog(LOG_DEBUG, "auth_httpform: sending %s %s %s", r_host, r_uri, escreq); } /* send it */ alarm(NETWORK_IO_TIMEOUT); rc = tx_rec(s, postbuf, postlen); alarm(0); if (rc < postlen) { syslog(LOG_WARNING, "auth_httpform: failed to send request"); memset(req, 0, strlen(req)); free(req); memset(escreq, 0, strlen(escreq)); free(escreq); memset(postbuf, 0, postlen); close(s); return strdup(RESP_IERROR); } /* don't need these any longer */ memset(req, 0, strlen(req)); free(req); memset(escreq, 0, strlen(escreq)); free(escreq); memset(postbuf, 0, postlen); /* read and parse the response */ alarm(NETWORK_IO_TIMEOUT); rc = read(s, rbuf, sizeof(rbuf)); alarm(0); close(s); /* we're done with the remote */ if (rc == -1) { syslog(LOG_WARNING, "auth_httpform: read (response): %m"); return strdup(RESP_IERROR); } if (flags & VERBOSE) { syslog(LOG_DEBUG, "auth_httpform: [%s] %s", user, rbuf); } rbuf[rc] = '\0'; /* make sure str-funcs find null */ return build_sasl_response(rbuf); } /* END FUNCTION: auth_httpform */ /* END MODULE: auth_httpform */ cyrus-sasl-2.1.25/saslauthd/auth_sia.c0000666000076400007640000000544407403027677014617 00000000000000/* MODULE: auth_sia */ /* COPYRIGHT * Copyright (c) 1998 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ #ifdef __GNUC__ #ident "$Id: auth_sia.c,v 1.3 2001/12/04 02:06:55 rjs3 Exp $" #endif /* PUBLIC DEPENDENCIES */ #include "mechanisms.h" #ifdef AUTH_SIA #include #include #include #include "auth_sia.h" #include "globals.h" /* END PUBLIC DEPENDENCIES */ /* FUNCTION: auth_sia */ /* SYNOPSIS * Authenticate against the Digital UNIX SIA environment. */ char * /* R: allocated response string */ auth_sia ( /* PARAMETERS */ const char *login, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service __attribute__((unused)), const char *realm __attribute__((unused)) /* END PARAMETERS */ ) { /* VARIABLES */ int rc; /* END VARIABLES */ rc = sia_validate_user(0, g_argc, g_argv, 0, login, 0, 0, 0, password); if (rc == SIASUCCESS) { return strdup("OK"); } if (rc == SIAFAIL) { return strdup("NO"); } /* Shouldn't happen */ syslog(LOG_WARNING, "auth_sia: impossible return (%d) from sia_validate_user", rc); return strdup("NO (possible system error)"); } #else /* ! AUTH_SIA */ char * auth_sia( const char *login __attribute__((unused)), const char *password __attribute__((unused)), const char *service __attribute__((unused)), const char *realm __attribute__((unused)) ) { return NULL; } #endif /* END FUNCTION: auth_sia */ /* END MODULE: auth_sia */ cyrus-sasl-2.1.25/saslauthd/auth_krb4.c0000666000076400007640000002000110177672572014671 00000000000000/* MODULE: auth_krb4 */ /* COPYRIGHT * Copyright (c) 1997 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ #ifdef __GNUC__ #ident "$Id: auth_krb4.c,v 1.12 2005/02/01 12:26:34 mel Exp $" #endif /* PUBLIC DEPENDENCIES */ #include #include "mechanisms.h" #include "globals.h" #include "cfile.h" #include "krbtf.h" #ifdef AUTH_KRB4 # include # ifdef WITH_DES # ifdef WITH_SSL_DES # include # else # include # endif /* WITH_SSL_DES */ # endif /* WITH_DES */ #endif /* AUTH_KRB4 */ #include #include #include #include #include #include #include "auth_krb4.h" #ifdef DEADCODE extern int swap_bytes; /* from libkrb.a */ #endif /* DEADCODE */ /* END PUBLIC DEPENDENCIES */ /* PRIVATE DEPENDENCIES */ #ifdef AUTH_KRB4 static char default_realm[REALM_SZ]; static cfile config = 0; static char myhostname[BUFSIZ]; /* Is BUFSIZ right here? */ static char *srvtabname = ""; /* "" means "system default srvtab" */ static char *verify_principal = "rcmd"; /* A principal in the default srvtab */ #endif /* AUTH_KRB4 */ /* END PRIVATE DEPENDENCIES */ #define TF_NAME_LEN 128 /* Kerberos for Macintosh doesn't define this, so we will. (Thanks Fink!) */ #ifndef KRB_TICKET_GRANTING_TICKET #define KRB_TICKET_GRANTING_TICKET "krbtgt" #endif /* !defined(KRB_TICKET_GRANTING_TICKET) */ /* FUNCTION: auth_krb4_init */ /* SYNOPSIS * Initialize the Kerberos IV authentication environment. * * krb4 proxy authentication has a side effect of creating a ticket * file for the user we are authenticating. We keep these in a private * directory so as not to override a system ticket file that may be * in use. * * This function tries to create the directory, and initializes the * global variable tf_dir with the pathname of the directory. * END SYNOPSIS */ int /* R: -1 on failure, else 0 */ auth_krb4_init ( /* PARAMETERS */ void /* no parameters */ /* END PARAMETERS */ ) { #ifdef AUTH_KRB4 /* VARIABLES */ int rc; /* return code holder */ char *configname = 0; /* END VARIABLES */ if (mech_option) configname = mech_option; else if (access(SASLAUTHD_CONF_FILE_DEFAULT, F_OK) == 0) configname = SASLAUTHD_CONF_FILE_DEFAULT; if (configname) { char complaint[1024]; config = cfile_read(configname, complaint, sizeof(complaint)); if (!config) { syslog(LOG_ERR, "auth_krb4_init %s", complaint); return -1; } } if (config) { srvtabname = cfile_getstring(config, "krb4_srvtab", srvtabname); verify_principal = cfile_getstring(config, "krb4_verify_principal", verify_principal); } if (krbtf_init() == -1) { syslog(LOG_ERR, "auth_krb4_init krbtf_init failed"); return -1; } rc = krb_get_lrealm(default_realm, 1); if (rc) { syslog(LOG_ERR, "auth_krb4: krb_get_lrealm: %s", krb_get_err_text(rc)); return -1; } if (gethostname(myhostname, sizeof(myhostname)) < 0) { syslog(LOG_ERR, "auth_krb4: gethoanem(): %m"); return -1; } myhostname[sizeof(myhostname) - 1] = '\0'; return 0; #else /* ! AUTH_KRB4 */ return -1; #endif /* ! AUTH_KRB4 */ } /* END FUNCTION: auth_krb4_init */ /* FUNCTION: auth_krb4 */ /* SYNOPSIS * Authenticate against Kerberos IV. * END SYNOPSIS */ #ifdef AUTH_KRB4 char * /* R: allocated response string */ auth_krb4 ( /* PARAMETERS */ const char *login, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service, const char *realm_in /* END PARAMETERS */ ) { /* VARIABLES */ char aname[ANAME_SZ]; /* Kerberos principal */ const char *realm; /* Kerberos realm to authenticate in */ int rc; /* return code */ char tf_name[TF_NAME_LEN]; /* Ticket file name */ char *instance, *user_specified; KTEXT_ST ticket; AUTH_DAT kdata; /* END VARIABLES */ /* * Make sure we have a password. If this is NULL the call * to krb_get_pw_in_tkt below would try to prompt for * one interactively. */ if (password == NULL) { syslog(LOG_ERR, "auth_krb4: NULL password?"); return strdup("NO saslauthd internal error"); } if (krbtf_name(tf_name, sizeof(tf_name)) != 0) { syslog(LOG_ERR, "auth_krb4: could not generate ticket file name"); return strdup("NO saslauthd internal error"); } krb_set_tkt_string(tf_name); strncpy(aname, login, ANAME_SZ-1); aname[ANAME_SZ-1] = '\0'; instance = ""; if (config) { char keyname[1024]; snprintf(keyname, sizeof(keyname), "krb4_%s_instance", service); instance = cfile_getstring(config, keyname, ""); } user_specified = strchr(aname, '.'); if (user_specified) { if (instance && instance[0]) { /* sysadmin specified a (mandatory) instance */ if (strcmp(user_specified + 1, instance)) { return strdup("NO saslauthd principal name error"); } /* nuke instance from "aname"-- matches what's already in "instance" */ *user_specified = '\0'; } else { /* sysadmin has no preference, so we shift * instance name from "aname" to "instance" */ *user_specified = '\0'; instance = user_specified + 1; } } if(realm_in && *realm_in != '\0') { realm = realm_in; } else { realm = default_realm; } rc = krb_get_pw_in_tkt(aname, instance, realm, KRB_TICKET_GRANTING_TICKET, realm, 1, password); if (rc == INTK_BADPW || rc == KDC_PR_UNKNOWN) { return strdup("NO"); } else if (rc != KSUCCESS) { syslog(LOG_ERR, "ERROR: auth_krb4: krb_get_pw_in_tkt: %s", krb_get_err_text(rc)); return strdup("NO saslauthd internal error"); } /* if the TGT wasn't spoofed, it should entitle us to an rcmd ticket... */ rc = krb_mk_req(&ticket, verify_principal, myhostname, default_realm, 0); if (rc != KSUCCESS) { syslog(LOG_ERR, "ERROR: auth_krb4: krb_get_pw_in_tkt: %s", krb_get_err_text(rc)); dest_tkt(); return strdup("NO saslauthd internal error"); } /* .. and that ticket should match our secret host key */ rc = krb_rd_req(&ticket, verify_principal, myhostname, 0, &kdata, srvtabname); if (rc != RD_AP_OK) { syslog(LOG_ERR, "ERROR: auth_krb4: krb_rd_req:%s", krb_get_err_text(rc)); dest_tkt(); return strdup("NO saslauthd internal error"); } dest_tkt(); return strdup("OK"); } #else /* ! AUTH_KRB4 */ char * auth_krb4 ( const char *login __attribute__((unused)), const char *password __attribute__((unused)), const char *service __attribute__((unused)), const char *realm __attribute__((unused)) ) { return NULL; } #endif /* ! AUTH_KRB4 */ /* END FUNCTION: auth_krb4 */ /* END MODULE: auth_krb4 */ cyrus-sasl-2.1.25/saslauthd/ChangeLog0000666000076400007640000000010407637665032014416 00000000000000Currently saslauthd changes are tracked in the main SASL ChangeLog. cyrus-sasl-2.1.25/saslauthd/utils.h0000666000076400007640000000547707762666403014201 00000000000000/******************************************************************************* * ***************************************************************************** * * * * utils.h * * * * Description: Header file for utils.c * * * * * * Copyright (c) 1997-2000 Messaging Direct Ltd. * * All rights reserved. * * * * Portions Copyright (c) 2003 Jeremy Rumpf * * jrumpf@heavyload.net * * * * Redistribution and use in source and binary forms, with or without * * modification, are permitted provided that the following conditions * * are met: * * * * 1. Redistributions of source code must retain the above copyright * * notice, this list of conditions and the following disclaimer. * * * * 2. Redistributions in binary form must reproduce the above copyright * * notice, this list of conditions and the following disclaimer in the * * documentation and/or other materials provided with the distribution. * * * * THIS SOFTWARE IS PROVIDED ``AS IS''. ANY EXPRESS OR IMPLIED WARRANTIES, * * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * * IN NO EVENT SHALL JEREMY RUMPF OR ANY CONTRIBUTER TO THIS SOFTWARE BE * * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF * * THE POSSIBILITY OF SUCH DAMAGE * * * * HISTORY * * * * * * This source file created using 8 space tabs. * * * ****************************************************************************** ********************************************************************************/ #ifndef _UTILS_H #define _UTILS_H #include #include #include #include "saslauthd.h" /* log prioities */ #define L_ERR LOG_ERR #define L_INFO LOG_INFO #define L_DEBUG LOG_DEBUG /* some magic to grab function names */ #ifdef HAVE_FUNC # define L_FUNC __func__ # define HAVE_L_FUNC 1 #elif defined(HAVE_PRETTY_FUNCTION) # define L_FUNC __PRETTY_FUNCTION__ # define HAVE_L_FUNC 1 #elif defined(HAVE_FUNCTION) # define L_FUNC __FUNCTION__ # define HAVE_L_FUNC 1 #else # define L_FUNC "" # undef HAVE_L_FUNC #endif #ifdef HAVE_L_FUNC # define L_STDERR_FORMAT "saslauthd[%d] :%-16s: %s\n" #else # define L_STDERR_FORMAT "saslauthd[%d] :%s%s\n" #endif /* utils.c */ extern void logger(int, const char *, const char *, ...); extern ssize_t tx_rec(int filefd, void *, size_t); extern ssize_t rx_rec(int , void *, size_t); extern int retry_writev(int, struct iovec *, int); #endif /* _UTILS_H */ cyrus-sasl-2.1.25/saslauthd/saslauthd.h.in0000666000076400007640000001736411630174447015423 00000000000000/* saslauthd.h.in. Generated from configure.in by autoheader. */ #ifndef _SASLAUTHD_H #define _SASLAUTHD_H #include /* Include SASLdb Support */ #undef AUTH_SASLDB /* Define if your getpwnam_r()/getspnam_r() functions take 5 arguments */ #undef GETXXNAM_R_5ARG /* Define to 1 if you have the header file. */ #undef HAVE_CRYPT_H /* Define to 1 if you have the `dns_lookup' function. */ #undef HAVE_DNS_LOOKUP /* Define to 1 if you have the `dn_expand' function. */ #undef HAVE_DN_EXPAND /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Does the compiler understand __func__ */ #undef HAVE_FUNC /* Does compiler understand __FUNCTION__ */ #undef HAVE_FUNCTION /* Do we have a getaddrinfo? */ #undef HAVE_GETADDRINFO /* Define to 1 if you have the `gethostname' function. */ #undef HAVE_GETHOSTNAME /* Do we have a getnameinfo() function? */ #undef HAVE_GETNAMEINFO /* Define to 1 if you have the `getspnam' function. */ #undef HAVE_GETSPNAM /* Define to 1 if you have the `getuserpw' function. */ #undef HAVE_GETUSERPW /* Include GSSAPI/Kerberos 5 Support */ #undef HAVE_GSSAPI /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_GSSAPI_EXT_H /* Define if you have the gssapi.h header file */ #undef HAVE_GSSAPI_H /* Define to 1 if you have the `gsskrb5_register_acceptor_identity' function. */ #undef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY /* Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE */ #undef HAVE_GSS_C_NT_HOSTBASED_SERVICE /* Define if your GSSAPI implementation defines GSS_C_NT_USER_NAME */ #undef HAVE_GSS_C_NT_USER_NAME /* Define to 1 if you have the `gss_decapsulate_token' function. */ #undef HAVE_GSS_DECAPSULATE_TOKEN /* Define to 1 if you have the `gss_encapsulate_token' function. */ #undef HAVE_GSS_ENCAPSULATE_TOKEN /* Define to 1 if you have the `gss_get_name_attribute' function. */ #undef HAVE_GSS_GET_NAME_ATTRIBUTE /* Define to 1 if you have the `gss_oid_equal' function. */ #undef HAVE_GSS_OID_EQUAL /* Include HTTP form Support */ #undef HAVE_HTTPFORM /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Do we have Kerberos 4 Support? */ #undef HAVE_KRB /* Define to 1 if you have the header file. */ #undef HAVE_KRB5_H /* Define to 1 if you have the `krb_get_err_text' function. */ #undef HAVE_KRB_GET_ERR_TEXT /* Support for LDAP? */ #undef HAVE_LDAP /* Define to 1 if you have the `resolv' library (-lresolv). */ #undef HAVE_LIBRESOLV /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `mkdir' function. */ #undef HAVE_MKDIR /* Do we have OpenSSL? */ #undef HAVE_OPENSSL /* Support for PAM? */ #undef HAVE_PAM /* Does compiler understand __PRETTY_FUNCTION__ */ #undef HAVE_PRETTY_FUNCTION /* Include support for saslauthd? */ #undef HAVE_SASLAUTHD /* Include SIA Support */ #undef HAVE_SIA /* Does sockaddr have an sa_len? */ #undef HAVE_SOCKADDR_SA_LEN /* Define to 1 if you have the `socket' function. */ #undef HAVE_SOCKET /* Do we have a socklen_t? */ #undef HAVE_SOCKLEN_T /* Is there an ss_family in sockaddr_storage? */ #undef HAVE_SS_FAMILY /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strdup' function. */ #undef HAVE_STRDUP /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strlcat' function. */ #undef HAVE_STRLCAT /* Define to 1 if you have the `strlcpy' function. */ #undef HAVE_STRLCPY /* Do we have a sockaddr_storage struct? */ #undef HAVE_STRUCT_SOCKADDR_STORAGE /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UIO_H /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* define if your compiler has __attribute__ */ #undef HAVE___ATTRIBUTE__ /* Using Heimdal */ #undef KRB5_HEIMDAL /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Location of saslauthd socket */ #undef PATH_SASLAUTHD_RUNDIR /* Define as the return type of signal handlers (`int' or `void'). */ #undef RETSIGTYPE /* Saslauthd runs threaded? */ #undef SASLAUTHD_THREADED /* Use BerkeleyDB for SASLdb */ #undef SASL_BERKELEYDB /* Path to default SASLdb database */ #undef SASL_DB_PATH /* Use GDBM for SASLdb */ #undef SASL_GDBM /* Use NDBM for SASLdb */ #undef SASL_NDBM /* The size of `long', as computed by sizeof. */ #undef SIZEOF_LONG /* User KERBEROS_V4 Staticly */ #undef STATIC_KERBEROS4 /* Link SASLdb Staticly */ #undef STATIC_SASLDB /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME /* Use the doors IPC API */ #undef USE_DOORS /* Version number of package */ #undef VERSION /* Use DES */ #undef WITH_DES /* Use OpenSSL DES Implementation */ #undef WITH_SSL_DES /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `int' if does not define. */ #undef pid_t #ifndef HAVE___ATTRIBUTE__ /* Can't use attributes... */ #define __attribute__(foo) #endif #include #include #include #ifndef WIN32 # include # include #else /* WIN32 */ # include #endif /* WIN32 */ #include #include #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif /* HAVE_SOCKLEN_T */ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE #define _SS_MAXSIZE 128 /* Implementation specific max size */ #define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { struct sockaddr ss_sa; char __ss_pad2[_SS_PADSIZE]; }; # define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #ifndef AF_INET6 /* Define it to something that should never appear */ #define AF_INET6 AF_MAX #endif /* Create a struct iovec if we need one */ #if !defined(HAVE_SYS_UIO_H) struct iovec { long iov_len; char *iov_base; }; #else #include #include #endif #ifndef HAVE_GETADDRINFO #define getaddrinfo sasl_getaddrinfo #define freeaddrinfo sasl_freeaddrinfo #define getnameinfo sasl_getnameinfo #define gai_strerror sasl_gai_strerror #include "gai.h" #endif #ifndef AI_NUMERICHOST /* support glibc 2.0.x */ #define AI_NUMERICHOST 4 #define NI_NUMERICHOST 2 #define NI_NAMEREQD 4 #define NI_NUMERICSERV 8 #endif /* handy string manipulation functions */ #ifndef HAVE_STRLCPY extern size_t saslauthd_strlcpy(char *dst, const char *src, size_t len); #define strlcpy(x,y,z) saslauthd_strlcpy((x),(y),(z)) #endif #ifndef HAVE_STRLCAT extern size_t saslauthd_strlcat(char *dst, const char *src, size_t len); #define strlcat(x,y,z) saslauthd_strlcat((x),(y),(z)) #endif #endif cyrus-sasl-2.1.25/saslauthd/auth_krb5.c0000646000076400007640000003207711306006127014666 00000000000000/* MODULE: auth_krb5 */ /* COPYRIGHT * Copyright (c) 1997 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ #ifdef __GNUC__ #ident "$Id: auth_krb5.c,v 1.18 2008/01/23 15:39:34 murch Exp $" #endif /* ok, this is wrong but the most convenient way of doing * it for now. We assume (possibly incorrectly) that if GSSAPI exists then * the Kerberos 5 headers and libraries exist. * What really should be done is a configure.in check for krb5.h and use * that since none of this code is GSSAPI but rather raw Kerberos5. */ /* Also, at some point one would hope it would be possible to * have less divergence between Heimdal and MIT Kerberos 5. * * As of the summer of 2003, the obvious issues are that * MIT doesn't have krb5_verify_opt_*() and Heimdal doesn't * have krb5_sname_to_principal(). */ /* PUBLIC DEPENDENCIES */ #include "mechanisms.h" #include "globals.h" /* mech_option */ #include "cfile.h" #include "krbtf.h" #ifdef AUTH_KRB5 # include static cfile config = 0; static char *keytabname = NULL; /* "system default" */ static char *verify_principal = "host"; /* a principal in the default keytab */ #endif /* AUTH_KRB5 */ #include #include #include #include #include #include #include #include "auth_krb5.h" /* END PUBLIC DEPENDENCIES */ int /* R: -1 on failure, else 0 */ auth_krb5_init ( /* PARAMETERS */ void /* no parameters */ /* END PARAMETERS */ ) { #ifdef AUTH_KRB5 int rc; char *configname = 0; if (krbtf_init() == -1) { syslog(LOG_ERR, "auth_krb5_init krbtf_init failed"); return -1; } if (mech_option) configname = mech_option; else if (access(SASLAUTHD_CONF_FILE_DEFAULT, F_OK) == 0) configname = SASLAUTHD_CONF_FILE_DEFAULT; if (configname) { char complaint[1024]; if (!(config = cfile_read(configname, complaint, sizeof (complaint)))) { syslog(LOG_ERR, "auth_krb5_init %s", complaint); return -1; } } if (config) { keytabname = cfile_getstring(config, "krb5_keytab", keytabname); verify_principal = cfile_getstring(config, "krb5_verify_principal", verify_principal); } return 0; #else return -1; #endif } #ifdef AUTH_KRB5 static int form_principal_name ( const char *user, const char *service, const char *realm, char *pname, int pnamelen ) { const char *forced_instance = 0; int plen; if (config) { char keyname[1024]; snprintf(keyname, sizeof (keyname), "krb5_%s_instance", service); forced_instance = cfile_getstring(config, keyname, 0); } if (forced_instance) { char *user_specified; if (user_specified = strchr(user, '/')) { if (strcmp(user_specified + 1, forced_instance)) { /* user not allowed to override sysadmin */ return -1; } else { /* don't need to force--user already asked for it */ forced_instance = 0; } } } /* form user[/instance][@realm] */ plen = snprintf(pname, pnamelen, "%s%s%s%s%s", user, (forced_instance ? "/" : ""), (forced_instance ? forced_instance : ""), ((realm && realm[0]) ? "@" : ""), ((realm && realm[0]) ? realm : "") ); if ((plen <= 0) || (plen >= pnamelen)) return -1; /* Perhaps we should uppercase the realm? */ return 0; } #ifdef KRB5_HEIMDAL char * /* R: allocated response string */ auth_krb5 ( /* PARAMETERS */ const char *user, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service, /* I: service authenticating to */ const char *realm /* I: user's realm */ /* END PARAMETERS */ ) { /* VARIABLES */ krb5_context context; krb5_ccache ccache = NULL; krb5_keytab kt = NULL; krb5_principal auth_user; krb5_verify_opt opt; char * result; char tfname[2048]; char principalbuf[2048]; /* END VARIABLES */ if (!user || !password) { syslog(LOG_ERR, "auth_krb5: NULL password or username?"); return strdup("NO saslauthd internal NULL password or username"); } if (krb5_init_context(&context)) { syslog(LOG_ERR, "auth_krb5: krb5_init_context"); return strdup("NO saslauthd internal krb5_init_context error"); } if (form_principal_name(user, service, realm, principalbuf, sizeof (principalbuf))) { syslog(LOG_ERR, "auth_krb5: form_principal_name"); return strdup("NO saslauthd principal name error"); } if (krb5_parse_name (context, principalbuf, &auth_user)) { krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_parse_name"); return strdup("NO saslauthd internal krb5_parse_name error"); } if (krbtf_name(tfname, sizeof (tfname)) != 0) { syslog(LOG_ERR, "auth_krb5: could not generate ccache name"); return strdup("NO saslauthd internal error"); } if (krb5_cc_resolve(context, tfname, &ccache)) { krb5_free_principal(context, auth_user); krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_cc_resolve"); return strdup("NO saslauthd internal error"); } if (keytabname) { if (krb5_kt_resolve(context, keytabname, &kt)) { krb5_free_principal(context, auth_user); krb5_cc_destroy(context, ccache); krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_kt_resolve"); return strdup("NO saslauthd internal error"); } } krb5_verify_opt_init(&opt); krb5_verify_opt_set_secure(&opt, 1); krb5_verify_opt_set_ccache(&opt, ccache); if (kt) krb5_verify_opt_set_keytab(&opt, kt); krb5_verify_opt_set_service(&opt, verify_principal); if (krb5_verify_user_opt(context, auth_user, password, &opt)) { result = strdup("NO krb5_verify_user_opt failed"); } else { result = strdup("OK"); } krb5_free_principal(context, auth_user); krb5_cc_destroy(context, ccache); if (kt) krb5_kt_close(context, kt); krb5_free_context(context); return result; } #else /* !KRB5_HEIMDAL */ static void k5support_log_err(krb5_context context, krb5_error_code code, char const *msg) { const char *k5_msg = krb5_get_error_message(context, code); syslog(LOG_DEBUG, "auth_krb5: %s: %s (%d)\n", msg, k5_msg, code); krb5_free_error_message(context, k5_msg); } /* returns 0 for failure, 1 for success */ static int k5support_verify_tgt(krb5_context context, krb5_ccache ccache) { krb5_principal server; krb5_data packet; krb5_keyblock *keyblock = NULL; krb5_auth_context auth_context = NULL; krb5_error_code k5_retcode; krb5_keytab kt = NULL; char thishost[BUFSIZ]; int result = 0; memset(&packet, 0, sizeof(packet)); if ((k5_retcode = krb5_sname_to_principal(context, NULL, verify_principal, KRB5_NT_SRV_HST, &server))) { k5support_log_err(context, k5_retcode, "krb5_sname_to_principal()"); return 0; } if (keytabname) { if ((k5_retcode = krb5_kt_resolve(context, keytabname, &kt))) { k5support_log_err(context, k5_retcode, "krb5_kt_resolve()"); goto fini; } } if ((k5_retcode = krb5_kt_read_service_key(context, kt, server, 0, 0, &keyblock))) { k5support_log_err(context, k5_retcode, "krb5_kt_read_service_key()"); goto fini; } if (keyblock) { krb5_free_keyblock(context, keyblock); } /* this duplicates work done in krb5_sname_to_principal * oh well. */ if (gethostname(thishost, BUFSIZ) < 0) { goto fini; } thishost[BUFSIZ-1] = '\0'; if ((k5_retcode = krb5_mk_req(context, &auth_context, 0, verify_principal, thishost, NULL, ccache, &packet))) { k5support_log_err(context, k5_retcode, "krb5_mk_req()"); } if (auth_context) { krb5_auth_con_free(context, auth_context); auth_context = NULL; } if (k5_retcode) { goto fini; } if ((k5_retcode = krb5_rd_req(context, &auth_context, &packet, server, NULL, NULL, NULL))) { k5support_log_err(context, k5_retcode, "krb5_rd_req()"); goto fini; } if (auth_context) { krb5_auth_con_free(context, auth_context); auth_context = NULL; } /* all is good now */ result = 1; fini: krb5_free_data_contents(context, &packet); krb5_free_principal(context, server); return result; } /* FUNCTION: auth_krb5 */ /* SYNOPSIS * Authenticate against Kerberos V. * END SYNOPSIS */ char * /* R: allocated response string */ auth_krb5 ( /* PARAMETERS */ const char *user, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service, /* I: service authenticating to */ const char *realm /* I: user's realm */ /* END PARAMETERS */ ) { /* VARIABLES */ krb5_context context; krb5_ccache ccache = NULL; krb5_principal auth_user; krb5_creds creds; krb5_get_init_creds_opt opts; char * result; char tfname[2048]; char principalbuf[2048]; krb5_error_code code; /* END VARIABLES */ if (!user|| !password) { syslog(LOG_ERR, "auth_krb5: NULL password or username?"); return strdup("NO saslauthd internal error"); } if (krb5_init_context(&context)) { syslog(LOG_ERR, "auth_krb5: krb5_init_context"); return strdup("NO saslauthd internal error"); } if (form_principal_name(user, service, realm, principalbuf, sizeof (principalbuf))) { syslog(LOG_ERR, "auth_krb5: form_principal_name"); return strdup("NO saslauthd principal name error"); } if (krb5_parse_name (context, principalbuf, &auth_user)) { krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_parse_name"); return strdup("NO saslauthd internal error"); } if (krbtf_name(tfname, sizeof (tfname)) != 0) { syslog(LOG_ERR, "auth_krb5: could not generate ticket file name"); return strdup("NO saslauthd internal error"); } if (krb5_cc_resolve(context, tfname, &ccache)) { krb5_free_principal(context, auth_user); krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_cc_resolve"); return strdup("NO saslauthd internal error"); } if (krb5_cc_initialize (context, ccache, auth_user)) { krb5_free_principal(context, auth_user); krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_cc_initialize"); return strdup("NO saslauthd internal error"); } krb5_get_init_creds_opt_init(&opts); /* 15 min should be more than enough */ krb5_get_init_creds_opt_set_tkt_life(&opts, 900); if (code = krb5_get_init_creds_password(context, &creds, auth_user, password, NULL, NULL, 0, NULL, &opts)) { krb5_cc_destroy(context, ccache); krb5_free_principal(context, auth_user); krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_get_init_creds_password: %d", code); return strdup("NO saslauthd internal error"); } /* at this point we should have a TGT. Let's make sure it is valid */ if (krb5_cc_store_cred(context, ccache, &creds)) { krb5_free_principal(context, auth_user); krb5_cc_destroy(context, ccache); krb5_free_context(context); syslog(LOG_ERR, "auth_krb5: krb5_cc_store_cred"); return strdup("NO saslauthd internal error"); } if (!k5support_verify_tgt(context, ccache)) { syslog(LOG_ERR, "auth_krb5: k5support_verify_tgt"); result = strdup("NO saslauthd internal error"); goto fini; } /* * fall through -- user is valid beyond this point */ result = strdup("OK"); fini: /* destroy any tickets we had */ krb5_free_cred_contents(context, &creds); krb5_free_principal(context, auth_user); krb5_cc_destroy(context, ccache); krb5_free_context(context); return result; } #endif /* KRB5_HEIMDAL */ #else /* ! AUTH_KRB5 */ char * auth_krb5 ( const char *login __attribute__((unused)), const char *password __attribute__((unused)), const char *service __attribute__((unused)), const char *realm __attribute__((unused)) ) { return NULL; } #endif /* ! AUTH_KRB5 */ /* END FUNCTION: auth_krb5 */ /* END MODULE: auth_krb5 */ cyrus-sasl-2.1.25/saslauthd/auth_krb5.h0000666000076400007640000000274307462045612014704 00000000000000/* COPYRIGHT * Copyright (c) 1997 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ char *auth_krb5(const char *, const char *, const char *, const char *); int auth_krb5_init(void); cyrus-sasl-2.1.25/saslauthd/auth_shadow.c0000646000076400007640000001764411306006127015313 00000000000000/* MODULE: auth_shadow */ /* COPYRIGHT * Copyright (c) 1997 Messaging Direct Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * END COPYRIGHT */ #ifdef __GNUC__ #ident "$Id: auth_shadow.c,v 1.12 2009/08/14 14:58:38 mel Exp $" #endif /* PUBLIC DEPENDENCIES */ #include "mechanisms.h" #ifdef AUTH_SHADOW #define PWBUFSZ 256 /***SWB***/ # include # include # include # include # include # include # include #ifdef HAVE_CRYPT_H #include #endif # ifndef HAVE_GETSPNAM # ifdef WITH_DES # ifdef WITH_SSL_DES # include # else # include # endif /* WITH_SSL_DES */ # endif /* WITH_DES */ #endif /* ! HAVE_GETSPNAM */ # ifdef HAVE_GETUSERPW # include # include # else /* ! HAVE_GETUSERPW */ # include # endif /* ! HAVE_GETUSERPW */ # include "auth_shadow.h" # include "globals.h" /* END PUBLIC DEPENDENCIES */ /* FUNCTION: auth_shadow */ /* SYNOPSIS * Authenticate against the system shadow password database. Where * possible (and if enabled by the command line arguments), enforce * time-of-day and other login restrictions. */ char * /* R: allocated response string */ auth_shadow ( /* PARAMETERS */ const char *login, /* I: plaintext authenticator */ const char *password, /* I: plaintext password */ const char *service __attribute__((unused)), const char *realm __attribute__((unused)) /* END PARAMETERS */ ) { /************************************************************************ * * * This is gross. Everyone wants to do this differently, thus we have * * to #ifdef the whole mess for each system type. * * * ***********************************************************************/ # ifdef HAVE_GETSPNAM /*************** * getspnam_r() * ***************/ /* VARIABLES */ long today; /* the current time */ char *cpw; /* pointer to crypt() result */ struct passwd *pw; /* return from getpwnam_r() */ struct spwd *sp; /* return from getspnam_r() */ # ifdef _REENTRANT struct passwd pwbuf; char pwdata[PWBUFSZ]; /* pwbuf indirect data goes in here */ struct spwd spbuf; char spdata[PWBUFSZ]; /* spbuf indirect data goes in here */ # endif /* _REENTRANT */ /* END VARIABLES */ # define RETURN(x) return strdup(x) /* * "Magic" password field entries for SunOS. * * *LK* is hinted at in the shadow(4) man page, but the * only definition for it (that I could find) is in the passmgmt(1M) * man page. * * *NP* is documented in getspnam(3) and indicates the caller had * insufficient permission to read the shadow password database * (generally this is a NIS error). */ # define SHADOW_PW_LOCKED "*LK*" /* account locked (not used by us) */ # define SHADOW_PW_EPERM "*NP*" /* insufficient database perms */ # ifdef _REENTRANT # ifdef GETXXNAM_R_5ARG (void) getpwnam_r(login, &pwbuf, pwdata, sizeof(pwdata), &pw); # else pw = getpwnam_r(login, &pwbuf, pwdata, sizeof(pwdata)); # endif /* GETXXNAM_R_5ARG */ # else pw = getpwnam(login); # endif /* _REENTRANT */ endpwent(); if (pw == NULL) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: getpwnam(%s) returned NULL", login); } RETURN("NO"); } today = (long)time(NULL)/(24L*60*60); # ifdef _REENTRANT # ifdef GETXXNAM_R_5ARG (void) getspnam_r(login, &spbuf, spdata, sizeof(spdata), &sp); # else sp = getspnam_r(login, &spbuf, spdata, sizeof(spdata)); # endif /* GETXXNAM_R_5ARG */ # else sp = getspnam(login); # endif /* _REENTRANT */ endspent(); if (sp == NULL) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: getspnam(%s) returned NULL", login); } RETURN("NO"); } if (!strcmp(sp->sp_pwdp, SHADOW_PW_EPERM)) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: sp->sp_pwdp == SHADOW_PW_EPERM"); } RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)"); } /* * Note: no check for SHADOW_PW_LOCKED. Returning a "locked" notification * would allow login-id namespace probes, and violates our policy of * not returning any information about a login until we have validated * the password. */ cpw = strdup((const char *)crypt(password, sp->sp_pwdp)); if (strcmp(sp->sp_pwdp, cpw)) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'", sp->sp_pwdp, cpw); } free(cpw); RETURN("NO"); } free(cpw); /* * The following fields will be set to -1 if: * * 1) They are not specified in the shadow database, or * 2) The database is being served up by NIS. */ if ((sp->sp_expire != -1) && (today > sp->sp_expire)) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: account expired: %dl > %dl", today, sp->sp_expire); } RETURN("NO Account expired"); } /* Remaining tests are relative to the last change date for the password */ if (sp->sp_lstchg != -1) { if ((sp->sp_max != -1) && ((sp->sp_lstchg + sp->sp_max) < today)) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: password expired: %ld + %ld < %ld", sp->sp_lstchg, sp->sp_max, today); } RETURN("NO Password expired"); } } if (flags & VERBOSE) { syslog(LOG_DEBUG, "DEBUG: auth_shadow: OK: %s", login); } RETURN("OK"); # elif defined(HAVE_GETUSERPW) /************* * AIX 4.1.4 * ************/ /* VARIABLES */ struct userpw *upw; /* return from getuserpw() */ /* END VARIABLES */ # define RETURN(x) { endpwdb(); return strdup(x); } if (setpwdb(S_READ) == -1) { syslog(LOG_ERR, "setpwdb: %m"); RETURN("NO setpwdb() internal failure (saslauthd)"); } upw = getuserpw(login); if (upw == 0) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "auth_shadow: getuserpw(%s) == 0", login); } RETURN("NO"); } if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) { if (flags & VERBOSE) { syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s", password, upw->upw_passwd); } RETURN("NO"); } RETURN("OK"); # else /* HAVE_GETUSERPW */ # error "unknown shadow authentication type" # endif /* ! HAVE_GETUSERPW */ } #else /* !AUTH_SHADOW */ char * auth_shadow ( const char *login __attribute__((unused)), const char *passwd __attribute__((unused)), const char *service __attribute__((unused)), const char *realm __attribute__((unused)) ) { return NULL; } #endif /* !AUTH_SHADOW */ /* END FUNCTION: auth_shadow */ /* END MODULE: auth_shadow */ cyrus-sasl-2.1.25/saslauthd/md5global.h0000666000076400007640000000175707641124634014673 00000000000000/* GLOBAL.H - RSAREF types and constants */ #ifndef MD5GLOBAL_H #define MD5GLOBAL_H /* PROTOTYPES should be set to one if and only if the compiler supports function argument prototyping. The following makes PROTOTYPES default to 0 if it has not already been defined with C compiler flags. */ #ifndef PROTOTYPES #define PROTOTYPES 0 #endif /* POINTER defines a generic pointer type */ typedef unsigned char *POINTER; typedef signed char INT1; /* 8 bits */ typedef short INT2; /* 16 bits */ typedef int INT4; /* 32 bits */ /* There is no 64 bit type */ typedef unsigned char UINT1; /* 8 bits */ typedef unsigned short UINT2; /* 16 bits */ typedef unsigned int UINT4; /* 32 bits */ /* There is no 64 bit type */ /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it returns an empty list. */ #if PROTOTYPES #define PROTO_LIST(list) list #else #define PROTO_LIST(list) () #endif #endif /* MD5GLOBAL_H */ cyrus-sasl-2.1.25/saslauthd/saslauthd-main.c0000646000076400007640000007352611306006127015720 00000000000000/***************************************************************************** * * saslauthd-main.c * * Description: Main program source. * * Copyright (c) 1997-2000 Messaging Direct Ltd. * All rights reserved. * * Portions Copyright (c) 2003 Jeremy Rumpf * jrumpf@heavyload.net * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY MESSAGING DIRECT LTD. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MESSAGING DIRECT LTD. OR * ITS EMPLOYEES OR AGENTS BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * * * HISTORY * * saslauthd is a re-implementation of the pwcheck utility included * with the CMU Cyrus IMAP server circa 1997. This implementation * was written by Lyndon Nerenberg of Messaging Direct Inc. (which * at that time was the Esys Corporation) and was included in the * company's IMAP message store product (Simeon Message Service) as * the smsauthd utility. * * This implementation was contributed to CMU by Messaging Direct Ltd. * in September 2000. * * September 2001 (Ken Murchison of Oceana Matrix Ltd.): * - Modified the protocol to use counted length strings instead of * nul delimited strings. * - Augmented the protocol to accept the service name and user realm. * * Feb 2003: Partial rewrite and cleanup by Jeremy Rumpf jrumpf@heavyload.net * - Merge the doors and unix IPC methods under a common framework. * * OVERVIEW * * saslauthd provides an interface between the SASL library and various * external authentication mechanisms. The primary goal is to isolate * code that requires superuser privileges (for example, access to * the shadow password file) into a single easily audited module. It * can also act as an authentication proxy between plaintext-equivelent * authentication schemes (i.e. CRAM-MD5) and more secure authentication * services such as Kerberos, although such usage is STRONGLY discouraged * because it exposes the strong credentials via the insecure plaintext * mechanisms. * * The program listens for connections on a UNIX domain socket. Access to * the service is controlled by the UNIX filesystem permissions on the * socket. * * The service speaks a very simple protocol. The client connects and * sends the authentication identifier, the plaintext password, the * service name and user realm as counted length strings (a 16-bit * unsigned integer in network byte order followed by the string * itself). The server returns a single response as a counted length * string. The response begins with "OK" or "NO", and is followed by * an optional text string (separated from the OK/NO by a single space * character), and a NUL. The server then closes the connection. * * An "OK" response indicates the authentication credentials are valid. * A "NO" response indicates the authentication failed. * * The optional text string may be used to indicate an exceptional * condition in the authentication environment that should be communicated * to the client. * *****************************************************************************/ #include #include #include #include #include #ifdef _AIX # include #endif /* _AIX */ #include #include #include #include #include #include #include #include #include #include #include "globals.h" #include "saslauthd-main.h" #include "cache.h" #include "utils.h" /* max login + max realm + '@' */ #define MAX_LOGIN_REALM_LEN (MAX_REQ_LEN * 2) + 1 /**************************************** * declarations/protos *****************************************/ static void show_version(); static void show_usage(); /**************************************** * application globals *****************************************/ int flags = 0; /* Runtime flags */ int g_argc; /* Copy of argc for those who need it*/ char **g_argv; /* Copy of argv for those who need it*/ char *run_path = NULL; /* path to our working directory */ authmech_t *auth_mech = NULL; /* Authentication mechanism to use */ char *mech_option = NULL; /* mechanism-specific option */ int num_procs = 5; /* The max number of worker processes*/ /**************************************** * module globals *****************************************/ extern char *optarg; /* For getopt() */ static int master_pid; /* Pid of the master process */ static int pid_fd; /* Descriptor to the open pid file */ static int pid_file_lock_fd; /* Descriptor to the open pid lock file */ static char *pid_file; /* Pid file name */ static char *pid_file_lock; /* Pid lock file name */ static int startup_pipe[2] = { -1, -1 }; int main(int argc, char **argv) { int option; int rc; int x; struct flock lockinfo; char *auth_mech_name = NULL; size_t pid_file_size; /* XXX force openlog() before any of our mechs try syslog() */ logger(L_INFO, L_FUNC, "starting %s", argv[0]); SET_AUTH_PARAMETERS(argc, argv); g_argc = argc; g_argv = argv; /* default flags */ flags |= USE_ACCEPT_LOCK; flags |= DETACH_TTY; flags |= LOG_USE_SYSLOG; flags |= LOG_USE_STDERR; flags |= AM_MASTER; while ((option = getopt(argc, argv, "a:cdhO:lm:n:rs:t:vV")) != -1) { switch(option) { case 'a': /* Only one at a time, please! */ if(auth_mech_name) { show_usage(); break; } auth_mech_name = strdup(optarg); if (!auth_mech_name) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } break; case 'c': flags |= CACHE_ENABLED; break; case 'd': flags |= VERBOSE; flags &= ~DETACH_TTY; break; case 'h': show_usage(); break; case 'O': set_mech_option(optarg); break; case 'l': flags &= ~USE_ACCEPT_LOCK; break; case 'm': set_run_path(optarg); break; case 'n': set_max_procs(optarg); break; case 'r': flags |= CONCAT_LOGIN_REALM; break; case 's': cache_set_table_size(optarg); break; case 't': cache_set_timeout(optarg); break; case 'V': flags |= VERBOSE; break; case 'v': show_version(); break; default: show_usage(); break; } } if (run_path == NULL) run_path = PATH_SASLAUTHD_RUNDIR; if (auth_mech_name == NULL) { logger(L_ERR, L_FUNC, "no authentication mechanism specified"); show_usage(); exit(1); } /* Create our working directory */ if (mkdir(run_path, 0755) == -1 && errno != EEXIST) { logger(L_ERR, L_FUNC, "can not mkdir: %s", run_path); logger(L_ERR, L_FUNC, "Check to make sure the parent directory exists and is"); logger(L_ERR, L_FUNC, "writeable by the user this process runs as."); exit(1); } set_auth_mech(auth_mech_name); if (flags & VERBOSE) { logger(L_DEBUG, L_FUNC, "num_procs : %d", num_procs); if (mech_option == NULL) logger(L_DEBUG, L_FUNC, "mech_option: NULL"); else logger(L_DEBUG, L_FUNC, "mech_option: %s", mech_option); logger(L_DEBUG, L_FUNC, "run_path : %s", run_path); logger(L_DEBUG, L_FUNC, "auth_mech : %s", auth_mech->name); } /********************************************************* * Change our working directory to the dir where the * run path is set to, core dumps will go there to keep * them intact. **********************************************************/ if (chdir(run_path) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not chdir to: %s", run_path); logger(L_ERR, L_FUNC, "chdir: %s", strerror(rc)); logger(L_ERR, L_FUNC, "Check to make sure the directory exists and is"); logger(L_ERR, L_FUNC, "writeable by the user this process runs as."); exit(1); } umask(0077); pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1; if ((pid_file_lock = malloc(pid_file_size)) == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } strlcpy(pid_file_lock, run_path, pid_file_size); strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size); if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) { rc = errno; logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock); logger(L_ERR, L_FUNC, "open: %s", strerror(rc)); logger(L_ERR, L_FUNC, "Check to make sure the directory exists and is"); logger(L_ERR, L_FUNC, "writeable by the user this process runs as."); exit(1); } lockinfo.l_type = F_WRLCK; lockinfo.l_start = 0; lockinfo.l_len = 0; lockinfo.l_whence = SEEK_SET; if (fcntl(pid_file_lock_fd, F_SETLK, &lockinfo) == -1) { rc = errno; logger(L_ERR, L_FUNC, "could not lock pid lock file: %s", pid_file_lock); logger(L_ERR, L_FUNC, "fcntl: %s", strerror(rc)); exit(1); } if(pipe(startup_pipe) == -1) { logger(L_ERR, L_FUNC, "can't create startup pipe"); exit(1); } /********************************************************* * Enable signal handlers. **********************************************************/ signal_setup(); /********************************************************* * Cache setup, exit if it doesn't succeed (optional would * be to disable the cache and log a warning). **********************************************************/ if (cache_init() != 0) exit(1); /********************************************************* * Call the ipc specific initializer. This should also * call detach_tty() at the appropriate point. **********************************************************/ ipc_init(); /********************************************************* * Enable general cleanup. **********************************************************/ atexit(server_exit); /********************************************************* * If required, enable the process model. **********************************************************/ if (flags & USE_PROCESS_MODEL) { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "using process model"); for (x = 1; x < num_procs; x++) { if (have_baby() != 0) continue; /* parent */ break; /* child */ } } /********************************************************* * Enter the ipc loop, we should never return. **********************************************************/ ipc_loop(); exit(0); } /************************************************************* * Performs all authentication centric duties. We should be * getting callbacks from the ipc method here. We'll simply * return a pointer to a string to send back to the client. * The caller is responsible for freeing the pointer. **************************************************************/ char *do_auth(const char *_login, const char *password, const char *service, const char *realm) { struct cache_result lkup_result; char *response; int cached = 0; char login_buff[MAX_LOGIN_REALM_LEN]; char *login; /*********************************************************** * Check to concat the login and realm into a single login. * Aka, login: foo realm: bar becomes login: foo@bar. * We do this because some mechs have no concept of a realm. * Ie. auth_pam and friends. ***********************************************************/ if ((flags & CONCAT_LOGIN_REALM) && realm && realm[0] != '\0') { strlcpy(login_buff, _login, sizeof(login_buff)); strlcat(login_buff, "@", sizeof(login_buff)); strlcat(login_buff, realm, sizeof(login_buff)); login = login_buff; } else { login = (char *)_login; } if (cache_lookup(login, realm, service, password, &lkup_result) == CACHE_OK) { response = strdup("OK"); cached = 1; } else { response = auth_mech->authenticate(login, password, service, realm); if (response == NULL) { logger(L_ERR, L_FUNC, "internal mechanism failure: %s", auth_mech->name); response = strdup("NO internal mechanism failure"); } } if (strncmp(response, "OK", 2) == 0) { cache_commit(&lkup_result); if (flags & VERBOSE) { if (cached) logger(L_DEBUG, L_FUNC, "auth success (cached): [user=%s] [service=%s] [realm=%s]", \ login, service, realm); else logger(L_DEBUG, L_FUNC, "auth success: [user=%s] [service=%s] [realm=%s] [mech=%s]", \ login, service, realm, auth_mech->name); } return response; } if (strncmp(response, "NO", 2) == 0) { logger(L_INFO, L_FUNC, "auth failure: [user=%s] [service=%s] [realm=%s] [mech=%s] [reason=%s]", \ login, service, realm, auth_mech->name, strlen(response) >= 4 ? response+3 : "Unknown"); return response; } logger(L_ERR, L_FUNC, "mechanism returned unknown response: %s", auth_mech->name); response = strdup("NO internal mechanism failure"); return response; } /************************************************************* * Allow someone to set the auth mech to use **************************************************************/ void set_auth_mech(const char *mech) { for (auth_mech = mechanisms; auth_mech->name != NULL; auth_mech++) { if (strcasecmp(auth_mech->name, mech) == 0) break; } if (auth_mech->name == NULL) { logger(L_ERR, L_FUNC, "unknown authentication mechanism: %s", mech); exit(1); } if (auth_mech->initialize) { if(auth_mech->initialize() != 0) { logger(L_ERR, L_FUNC, "failed to initialize mechanism %s", auth_mech->name); exit(1); } } } /************************************************************* * Allow someone to set the number of worker processes we * will use. Only applicable to unix ipc. **************************************************************/ void set_max_procs(const char *procs) { num_procs = atoi(procs); if(num_procs < 0) { logger(L_ERR, L_FUNC, "invalid number of worker processes defined"); exit(1); } return; } /************************************************************* * Allow someone to set the mechanism specific option **************************************************************/ void set_mech_option(const char *option) { free(mech_option); mech_option = NULL; if ((mech_option = strdup(option)) == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } return; } /************************************************************* * Allow someone to set the path to our working directory **************************************************************/ void set_run_path(const char *path) { if (*path != '/') { logger(L_ERR, L_FUNC, "-m requires an absolute pathname"); exit(1); } free(run_path); run_path = NULL; if ((run_path = strdup(path)) == NULL) { logger(L_ERR, L_FUNC, "could not allocate memory"); exit(1); } return; } /************************************************************* * Setup all the proper signal masks. **************************************************************/ void signal_setup() { static struct sigaction act_sigchld; static struct sigaction act_sigalrm; static struct sigaction act_sigterm; static struct sigaction act_sigpipe; static struct sigaction act_sighup; static struct sigaction act_sigint; int rc; /************************************************************** * Handler for SIGCHLD **************************************************************/ act_sigchld.sa_handler = handle_sigchld; sigemptyset(&act_sigchld.sa_mask); if (sigaction(SIGCHLD, &act_sigchld, NULL) != 0) { rc = errno; logger(L_ERR, L_FUNC, "failed to set sigaction for SIGCHLD"); logger(L_ERR, L_FUNC, "sigaction: %s", strerror(rc)); exit(1); } /************************************************************** * Handler for SIGALRM (IGNORE) **************************************************************/ act_sigalrm.sa_handler = SIG_IGN; sigemptyset(&act_sigalrm.sa_mask); if (sigaction(SIGALRM, &act_sigalrm, NULL) != 0) { rc = errno; logger(L_ERR, L_FUNC, "failed to set sigaction for SIGALRM"); logger(L_ERR, L_FUNC, "sigaction: %s", strerror(rc)); exit(1); } /************************************************************** * Handler for SIGPIPE (IGNORE) **************************************************************/ act_sigpipe.sa_handler = SIG_IGN; sigemptyset(&act_sigpipe.sa_mask); if (sigaction(SIGPIPE, &act_sigpipe, NULL) != 0) { rc = errno; logger(L_ERR, L_FUNC, "failed to set sigaction for SIGPIPE"); logger(L_ERR, L_FUNC, "sigaction: %s", strerror(rc)); exit(1); } /************************************************************** * Handler for SIGHUP (IGNORE) **************************************************************/ act_sighup.sa_handler = SIG_IGN; sigemptyset(&act_sighup.sa_mask); if (sigaction(SIGHUP, &act_sighup, NULL) != 0) { rc = errno; logger(L_ERR, L_FUNC, "failed to set sigaction for SIGHUP"); logger(L_ERR, L_FUNC, "sigaction: %s", strerror(rc)); exit(1); } /************************************************************** * Handler for SIGTERM **************************************************************/ act_sigterm.sa_handler = server_exit; sigemptyset(&act_sigterm.sa_mask); if (sigaction(SIGTERM, &act_sigterm, NULL) != 0) { rc = errno; logger(L_ERR, L_FUNC, "failed to set sigaction for SIGTERM"); logger(L_ERR, L_FUNC, "sigaction: %s", strerror(rc)); exit(1); } /************************************************************** * Handler for SIGINT **************************************************************/ act_sigint.sa_handler = server_exit; sigemptyset(&act_sigint.sa_mask); if (sigaction(SIGINT, &act_sigint, NULL) != 0) { rc = errno; logger(L_ERR, L_FUNC, "failed to set sigaction for SIGINT"); logger(L_ERR, L_FUNC, "sigaction: %s", strerror(rc)); exit(1); } return; } /************************************************************* * Detaches us from the controlling tty (aka daemonize). * More than likely this will be called from an ipc_init() * function as we want to stay in the foreground for as long * as possible. **************************************************************/ void detach_tty() { int x; int rc; int null_fd; int exit_result; pid_t pid; char pid_buf[100]; struct flock lockinfo; /************************************************************** * Make sure we're supposed to do this, the user may have * requested us to stay in the foreground. **************************************************************/ if (flags & DETACH_TTY) { for(x=5; x; x--) { pid = fork(); if ((pid == -1) && (errno == EAGAIN)) { logger(L_ERR, L_FUNC, "fork failed, retrying"); sleep(5); continue; } break; } if (pid == -1) { /* Non retryable error. */ rc = errno; logger(L_ERR, L_FUNC, "Cannot start saslauthd"); logger(L_ERR, L_FUNC, "saslauthd master fork failed: %s", strerror(rc)); exit(1); } else if (pid != 0) { int exit_code; /* Parent, wait for child */ if(read(startup_pipe[0], &exit_code, sizeof(exit_code)) == -1) { logger(L_ERR, L_FUNC, "Cannot start saslauthd"); logger(L_ERR, L_FUNC, "could not read from startup_pipe"); unlink(pid_file_lock); exit(1); } else { if (exit_code != 0) { logger(L_ERR, L_FUNC, "Cannot start saslauthd"); if (exit_code == 2) { logger(L_ERR, L_FUNC, "Another instance of saslauthd is currently running"); } else { logger(L_ERR, L_FUNC, "Check syslog for errors"); } } unlink(pid_file_lock); exit(exit_code); } } /* Child! */ close(startup_pipe[0]); free(pid_file_lock); if (setsid() == -1) { exit_result = 1; rc = errno; logger(L_ERR, L_FUNC, "failed to set session id: %s", strerror(rc)); /* Tell our parent that we failed. */ write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(1); } if ((null_fd = open("/dev/null", O_RDWR, 0)) == -1) { exit_result = 1; rc = errno; logger(L_ERR, L_FUNC, "failed to open /dev/null: %s", strerror(rc)); /* Tell our parent that we failed. */ write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(1); } /********************************************************* * From this point on, stop printing errors out to stderr. **********************************************************/ flags &= ~LOG_USE_STDERR; close(STDIN_FILENO); close(STDOUT_FILENO); close(STDERR_FILENO); dup2(null_fd, STDIN_FILENO); dup2(null_fd, STDOUT_FILENO); dup2(null_fd, STDERR_FILENO); if (null_fd > 2) close(null_fd); /********************************************************* * Locks don't persist across forks. Relock the pid file * to keep folks from having duplicate copies running... *********************************************************/ if (!(pid_file = malloc(strlen(run_path) + sizeof(PID_FILE) + 1))) { exit_result = 1; logger(L_ERR, L_FUNC, "could not allocate memory"); write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(1); } strcpy(pid_file, run_path); strcat(pid_file, PID_FILE); /* Write out the pidfile */ pid_fd = open(pid_file, O_CREAT|O_RDWR, 0644); if(pid_fd == -1) { rc = errno; exit_result = 1; logger(L_ERR, L_FUNC, "could not open pid file %s: %s", pid_file, strerror(rc)); /* Tell our parent that we failed. */ write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(1); } else { char buf[100]; lockinfo.l_type = F_WRLCK; lockinfo.l_start = 0; lockinfo.l_len = 0; lockinfo.l_whence = SEEK_SET; if (fcntl(pid_fd, F_SETLK, &lockinfo) == -1) { exit_result = 2; rc = errno; logger(L_ERR, L_FUNC, "could not lock pid file %s: %s", pid_file, strerror(rc)); /* Tell our parent that we failed. */ write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(2); } else { int pid_fd_flags = fcntl(pid_fd, F_GETFD, 0); if (pid_fd_flags != -1) { pid_fd_flags = fcntl(pid_fd, F_SETFD, pid_fd_flags | FD_CLOEXEC); } if (pid_fd_flags == -1) { int exit_result = 1; logger(L_ERR, L_FUNC, "unable to set close-on-exec for pidfile"); /* Tell our parent that we failed. */ write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(1); } /* Write PID */ master_pid = getpid(); snprintf(buf, sizeof(buf), "%lu\n", (unsigned long)master_pid); if (lseek(pid_fd, 0, SEEK_SET) == -1 || ftruncate(pid_fd, 0) == -1 || write(pid_fd, buf, strlen(buf)) == -1) { int exit_result = 1; rc = errno; logger(L_ERR, L_FUNC, "could not write to pid file %s: %s", pid_file, strerror(rc)); /* Tell our parent that we failed. */ write(startup_pipe[1], &exit_result, sizeof(exit_result)); exit(1); } fsync(pid_fd); } } { int exit_result = 0; /* success! */ if(write(startup_pipe[1], &exit_result, sizeof(exit_result)) == -1) { logger(L_ERR, L_FUNC, "could not write success result to startup pipe"); exit(1); } } close(startup_pipe[1]); if(pid_file_lock_fd != -1) close(pid_file_lock_fd); } logger(L_INFO, L_FUNC, "master pid is: %lu", (unsigned long)master_pid); return; } /************************************************************* * Fork off a copy of ourselves. Return 0 if we're the child, * > 0 for the parent. Die if we can't fork (the environment * is probably unstable?). **************************************************************/ pid_t have_baby() { pid_t pid; int rc; pid = fork(); if (pid < 0) { rc = errno; logger(L_ERR, L_FUNC, "could not fork child process"); logger(L_ERR, L_FUNC, "fork: %s", strerror(rc)); exit(1); } /********************************************************* * If we're the child, clear the AM_MASTER flag. **********************************************************/ if (pid == 0) { flags &= ~AM_MASTER; return pid; } if (flags & VERBOSE) { logger(L_DEBUG, L_FUNC, "forked child: %lu", (unsigned long)pid); } return pid; } /************************************************************* * Reap in all the dead children **************************************************************/ void handle_sigchld() { pid_t pid; while ((pid = waitpid(-1, 0, WNOHANG)) > 0) { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "child exited: %lu", (unsigned long)pid); } return; } /************************************************************* * Do some final cleanup here. **************************************************************/ void server_exit() { struct flock lock_st; /********************************************************* * If we're not the master process, don't do anything **********************************************************/ if (!(flags & AM_MASTER)) { if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "child exited: %d", getpid()); _exit(0); } kill(-master_pid, SIGTERM); /********************************************************* * Tidy up and delete the pid_file. (close will release the lock) * besides, we want to unlink it first anyway to avoid a race. * Note that only one process (the master, in our case) should * unlink it. **********************************************************/ if(flags & DETACH_TTY) { if(getpid() == master_pid) unlink(pid_file); close(pid_fd); if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "pid file removed: %s", pid_file); free(pid_file); } else { /* Tidy up and delete the pid_file_lock. (in the detached case this is covered by the parent process already */ unlink(pid_file_lock); close(pid_file_lock_fd); if (flags & VERBOSE) logger(L_DEBUG, L_FUNC, "pid file lock removed: %s", pid_file_lock); free(pid_file_lock); } /********************************************************* * Cleanup the cache, if it's enabled **********************************************************/ if (flags & CACHE_ENABLED) { cache_cleanup_lock(); cache_cleanup_mm(); } /********************************************************* * Tell the IPC method to clean its room. **********************************************************/ ipc_cleanup(); /********************************************************* * Any other cleanup should go here **********************************************************/ logger(L_INFO, L_FUNC, "master exited: %d", master_pid); _exit(0); } /************************************************************* * Dump out our version and all the auth mechs we support **************************************************************/ void show_version() { authmech_t *authmech; fprintf(stderr, "saslauthd %s\nauthentication mechanisms:", VERSION); for (authmech = mechanisms; authmech->name != NULL; authmech++) { fprintf(stderr, " %s", authmech->name); } fprintf(stderr, "\n\n"); exit(0); } /************************************************************* * Dump out our usage info and tag a show_version after it **************************************************************/ void show_usage() { fprintf(stderr, "usage: saslauthd [options]\n\n"); fprintf(stderr, "option information:\n"); fprintf(stderr, " -a Selects the authentication mechanism to use.\n"); fprintf(stderr, " -c Enable credential caching.\n"); fprintf(stderr, " -d Debugging (don't detach from tty, implies -V)\n"); fprintf(stderr, " -r Combine the realm with the login before passing to authentication mechanism\n"); fprintf(stderr, " Ex. login: \"foo\" realm: \"bar\" will get passed as login: \"foo@bar\"\n"); fprintf(stderr, " The realm name is passed untouched.\n"); fprintf(stderr, " -O