mod_auth_kerb-5.4/0000755000175000000000000000000011115727042013246 5ustar xpristrootmod_auth_kerb-5.4/configure.in0000644000000000000000000002474411115726553015215 0ustar rootroot# Process this file with autoconf to produce a configure script. AC_REVISION($Revision: 1.40 $) AC_PREREQ(2.57) AC_INIT(mod_auth_kerb, 5.4, modauthkerb-developers@lists.sourceforge.net) AC_CONFIG_SRCDIR([src/mod_auth_kerb.c]) AC_CONFIG_HEADER([config.h]) # Checks for programs. AC_PROG_CC AC_PROG_MAKE_SET # Checks for libraries. # FIXME: Replace `main' with a function in `-lresolv': LIB_resolv="" AC_CHECK_LIB([resolv], [main], [LIB_resolv=-lresolv]) AC_SUBST(LIB_resolv) # Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([limits.h netdb.h stddef.h stdlib.h string.h unistd.h]) # Checks for typedefs, structures, and compiler characteristics. #AC_C_CONST AC_TYPE_SIZE_T AC_STRUCT_TM # Checks for library functions. #AC_FUNC_MALLOC #AC_FUNC_MEMCMP #AC_CHECK_FUNCS([gethostbyname memset putenv strcasecmp strchr strdup strerror]) # # kerberos5 enviroment # krb5_config_command=krb5-config SPNEGO_SRCS="" AC_ARG_WITH(krb5, AC_HELP_STRING([--with-krb5=dir],[use krb5 in dir]), [ with_krb5="$withval" ]) if test "x$with_krb5" = "xyes" ; then with_krb5="" fi if test "x$with_krb5" != "xno" ; then ac_save_CPPFLAGS="$CPPFLAGS" ac_save_LDFLAGS="$LDFLAGS" ac_save_LIBS="$LIBS" if test -n "$with_krb5"; then if test -x "$with_krb5/bin/krb5-config"; then krb5_config_command="$with_krb5/bin/krb5-config" else krb5_config_command="" fi fi dnl dnl find header files dnl if test -z "$KRB5_CPPFLAGS"; then TMP_KRB5_CPPFLAGS="" if test -n "$krb5_config_command"; then TMP_KRB5_CPPFLAGS=`$krb5_config_command --cflags gssapi 2>/dev/null` fi if test -z "$TMP_KRB5_CPPFLAGS" -a -n "with_krb5"; then TMP_KRB5_CPPFLAGS="-I$with_krb5/include" fi CPPFLAGS="$CPPFLAGS $TMP_KRB5_CPPFLAGS" AC_CHECK_HEADERS(gssapi.h, [ KRB5_CPPFLAGS="$TMP_KRB5_CPPFLAGS" ]) if test -z "$KRB5_CPPFLAGS"; then AC_CHECK_HEADERS(gssapi/gssapi.h, [ KRB5_CPPFLAGS="$TMP_KRB5_CPPFLAGS" ]) fi CPPFLAGS="$ac_save_CPPFLAGS" fi dnl dnl find libraries dnl if test -z "$KRB5_LDFLAGS" -a -n "$krb5_config_command"; then TMP_KRB5_LDFLAGS=`$krb5_config_command --libs gssapi 2>/dev/null` if test -n "$TMP_KRB5_LDFLAGS"; then LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" AC_CHECK_LIB(krb5, krb5_init_context, [ KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" ]) LIBS="$ac_save_LIBS" fi fi if test "x$with_krb5"="x"; then tmp_lf_inc="" else tmp_lf_inc="-L" fi if test -z "$KRB5_LDFLAGS"; then #try MIT TMP_KRB5_LDFLAGS="$tmp_lf_inc$with_krb5/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" AC_CHECK_LIB(krb5, krb5_init_context, [ KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" ]) LIBS="$ac_save_LIBS" fi if test -z "$KRB5_LDFLAGS"; then #Try Heimdal TMP_KRB5_LDFLAGS="$tmp_lf_inc$with_krb5/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt" LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" AC_CHECK_LIB(krb5, krb5_init_context, [ KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" ]) LIBS="$ac_save_LIBS" fi if test -z "$KRB5_LDFLAGS"; then #Try Heimdal on OpenBSD TMP_KRB5_LDFLAGS="$tmp_lf_inc$with_krb5/lib -lgssapi -lkrb5 -lasn1 -ldes -lcrypto" LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" AC_CHECK_LIB(krb5, krb5_init_context, [ KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" ]) LIBS="$ac_save_LIBS" fi if test -z "$KRB5_LDFLAGS"; then with_krb5=no else AC_DEFINE(KRB5) AC_CHECK_LIB(krb5, krb5_cc_new_unique, [ AC_DEFINE(HAVE_KRB5_CC_NEW_UNIQUE) ]) # check for Heimdal have_heimdal="" AC_MSG_CHECKING(whether we are using Heimdal) ac_save_CFLAGS="$CFLAGS" CFLAGS="$KRB5_CPPFLAGS" AC_TRY_COMPILE([#include ], [ char *tmp = heimdal_version; ], [ AC_MSG_RESULT(yes) AC_DEFINE(HEIMDAL) have_heimdal=yes ], [ AC_MSG_RESULT(no) ]) CFLAGS="$ac_save_CFLAGS" # If SPNEGO is supported by the gssapi libraries, we shouln't build our support. # SPNEGO is supported as of Heimdal 0.7, and MIT 1.5. gssapi_supports_spnego="" AC_MSG_CHECKING(whether the GSSAPI libraries support SPNEGO) ac_save_CFLAGS="$CFLAGS" CFLAGS="$KRB5_CPPFLAGS" ac_save_LDFLAGS="$LDFLAGS" if test -n "$with_krb5"; then LDFLAGS="$KRB5_LDFLAGS -Wl,-rpath -Wl,$with_krb5/lib" else LDFLAGS="$KRB5_LDFLAGS" fi AC_TRY_RUN([ #include #include #ifdef HEIMDAL #include #else #include #endif int main(int argc, char** argv) { OM_uint32 major_status, minor_status; gss_OID_set mech_set; gss_OID_desc spnego_oid_desc = {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; int SPNEGO = 0; major_status = gss_indicate_mechs(&minor_status, &mech_set); if (GSS_ERROR(major_status)) return 1; else { unsigned int i; for (i=0; i < mech_set->count && !SPNEGO; i++) { gss_OID tmp_oid = &mech_set->elements[i]; if (tmp_oid->length == spnego_oid_desc.length && !memcmp(tmp_oid->elements, spnego_oid_desc.elements, tmp_oid->length)) { SPNEGO = 1; break; } } gss_release_oid_set(&minor_status, &mech_set); return (!SPNEGO); } }], [ if test $? -eq 0; then AC_MSG_RESULT(yes) AC_DEFINE(GSSAPI_SUPPORTS_SPNEGO) gssapi_supports_spnego=yes else AC_MSG_RESULT(no) fi], [AC_MSG_RESULT(no)]) CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" if test -z "$gssapi_supports_spnego"; then if test -n "$have_heimdal"; then SPNEGO_SRCS="\ spnegokrb5/asn1_MechType.c \ spnegokrb5/asn1_MechTypeList.c \ spnegokrb5/asn1_ContextFlags.c \ spnegokrb5/asn1_NegTokenInit.c \ spnegokrb5/asn1_NegTokenTarg.c \ spnegokrb5/init_sec_context.c \ spnegokrb5/accept_sec_context.c \ spnegokrb5/encapsulate.c \ spnegokrb5/decapsulate.c \ spnegokrb5/external.c" else SPNEGO_SRCS="\ spnegokrb5/asn1_MechType.c \ spnegokrb5/asn1_MechTypeList.c \ spnegokrb5/asn1_ContextFlags.c \ spnegokrb5/asn1_NegTokenInit.c \ spnegokrb5/asn1_NegTokenTarg.c \ spnegokrb5/der_get.c \ spnegokrb5/der_put.c \ spnegokrb5/der_free.c \ spnegokrb5/der_length.c \ spnegokrb5/der_copy.c \ spnegokrb5/timegm.c \ spnegokrb5/init_sec_context.c \ spnegokrb5/accept_sec_context.c \ spnegokrb5/encapsulate.c \ spnegokrb5/decapsulate.c \ spnegokrb5/external.c" fi fi fi fi AC_SUBST(KRB5_CPPFLAGS) AC_SUBST(KRB5_LDFLAGS) AC_SUBST(SPNEGO_SRCS) # # Kerberos4 enviroment # AC_ARG_WITH(krb4, AC_HELP_STRING([--with-krb4=dir], [use krb4 in dir]), [ with_krb4="$withval" ]) if test "x$with_krb4" = "xyes" ; then with_krb4="" fi if test "x$with_krb4" != "xno"; then AC_MSG_CHECKING([for Kerberos4 installation]) if test "x$with_krb4" != "x"; then if test -x "$with_krb4/bin/krb4-config"; then KRB4_CPPFLAGS=`$with_krb4/bin/krb4-config --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`$with_krb4/bin/krb4-config --libs krb4 2>/dev/null` elif test -x "$with_krb4/bin/krb5-config"; then KRB4_CPPFLAGS=`$with_krb4/bin/krb5-config --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`$with_krb4/bin/krb5-config --libs krb4 2>/dev/null` else AC_MSG_ERROR([failed to find krb4-config or krb5-config in $with_krb4/bin]) fi else KRB4_CPPFLAGS=`krb4-config --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`krb4-config --libs krb4 2>/dev/null` if test "x$KRB4_LDFLAGS" = "x" -a -n "$krb5_config_command"; then KRB4_CPPFLAGS=`$krb5_config_command --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`$krb5_config_command --libs krb4 2>/dev/null` if test $? -ne 0; then KRB4_CPPFLAGS="" KRB4_LDFLAGS="" fi fi fi if test "x$KRB4_LDFLAGS" = "x"; then with_krb4=no AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) ac_save_CFLAGS=$CFLAGS ac_save_CPPFLAGS=$CPPFLAGS ac_save_LDFLAGS=$LDFLAGS ac_save_LIBS=$LIBS CFLAGS="$CFLAGS $KRB4_CPPFLAGS" CPPFLAGS="$CFLAGS $KRB4_CPPFLAGS" LDFLAGS="$LDFLAGS $KRB4_LDFLAGS" LIBS="$LIBS $LDFLAGS $LIB_resolv" # if not found krb.h suppose it's in the kerberosIV subdirectory AC_CHECK_HEADER(krb.h, , with_krb4=no) if test "x$with_krb4" = "xno"; then KRB4_CPPFLAGS="$KRB4_CPPFLAGS ${KRB4_CPPFLAGS}/kerberosIV" # second run of AC_CHECK_HEADER for the same library returns the cached # result created by previous run :-( AC_CHECK_HEADER(kerberosIV/krb.h, with_krb4=yes, [ with_krb4=no KRB4_CPPFLAGS="" KRB4_LDFLAGS=""]) fi if test "x$with_krb4" != "xno"; then AC_CHECK_LIB(krb4, krb_get_pw_in_tkt, [], [with_krb4=no]) if test "x$with_krb4" = "xno"; then AC_CHECK_LIB(krb, krb_get_pw_in_tkt, [with_krb4=yes], [with_krb4=no KRB4_CPPFLAGS="" KRB4_LDFLAGS=""]) fi fi CFLAGS=$ac_save_CFLAGS CPPFLAGS=$ac_save_CPPFLAGS LDFLAGS=$ac_save_LDFLAGS LIBS=$ac_save_LIBS AC_DEFINE(KRB4) fi fi AC_SUBST(KRB4_CPPFLAGS) AC_SUBST(KRB4_LDFLAGS) if test "x$with_krb5" = "xno" -a "x$with_krb4" = "xno"; then AC_MSG_ERROR([No Kerberos enviroment found]) fi # # Apache enviroment # AC_ARG_WITH(apache, AC_HELP_STRING([--with-apache=dir],[use apache in dir]), [ with_apache="$withval" ]) AC_PATH_PROG([APXS], [apxs], [], [$with_apache/bin:$with_apache/sbin:$PATH]) if test -z "$APXS"; then AC_PATH_PROG([APXS], [apxs2], [], [$with_apache/bin:$with_apache/sbin:$PATH]) if test -z "$APXS"; then AC_MSG_ERROR([failed to find apache apxs executable]) fi fi AC_SUBST(APXS) AC_CONFIG_FILES([Makefile]) AC_OUTPUT mod_auth_kerb-5.4/configure0000755000000000000000000056307211115727042014607 0ustar rootroot#! /bin/sh # From configure.in Revision: 1.40 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.63 for mod_auth_kerb 5.4. # # Report bugs to . # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH if test "x$CONFIG_SHELL" = x; then if (eval ":") 2>/dev/null; then as_have_required=yes else as_have_required=no fi if test $as_have_required = yes && (eval ": (as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=\$LINENO as_lineno_2=\$LINENO test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } ") 2> /dev/null; then : else as_candidate_shells= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. case $as_dir in /*) for as_base in sh bash ksh sh5; do as_candidate_shells="$as_candidate_shells $as_dir/$as_base" done;; esac done IFS=$as_save_IFS for as_shell in $as_candidate_shells $SHELL; do # Try only shells that exist, to save several forks. if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { ("$as_shell") 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : _ASEOF }; then CONFIG_SHELL=$as_shell as_have_required=yes if { "$as_shell" 2> /dev/null <<\_ASEOF if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi : (as_func_return () { (exit $1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = "$1" ); then : else exitcode=1 echo positional parameters were not saved. fi test $exitcode = 0) || { (exit 1); exit 1; } ( as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } _ASEOF }; then break fi fi done if test "x$CONFIG_SHELL" != x; then for as_var in BASH_ENV ENV do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done export CONFIG_SHELL exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} fi if test $as_have_required = no; then echo This script requires a shell more modern than all the echo shells that I found on your system. Please install a echo modern shell, or manually run the script under such a echo shell if you do have one. { (exit 1); exit 1; } fi fi fi (eval "as_func_return () { (exit \$1) } as_func_success () { as_func_return 0 } as_func_failure () { as_func_return 1 } as_func_ret_success () { return 0 } as_func_ret_failure () { return 1 } exitcode=0 if as_func_success; then : else exitcode=1 echo as_func_success failed. fi if as_func_failure; then exitcode=1 echo as_func_failure succeeded. fi if as_func_ret_success; then : else exitcode=1 echo as_func_ret_success failed. fi if as_func_ret_failure; then exitcode=1 echo as_func_ret_failure succeeded. fi if ( set x; as_func_ret_success y && test x = \"\$1\" ); then : else exitcode=1 echo positional parameters were not saved. fi test \$exitcode = 0") || { echo No shell found that supports shell functions. echo Please tell bug-autoconf@gnu.org about your system, echo including any error possibly output before this message. echo This can help us improve future autoconf versions. echo Configuration will now proceed without shell functions. } as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='mod_auth_kerb' PACKAGE_TARNAME='mod_auth_kerb' PACKAGE_VERSION='5.4' PACKAGE_STRING='mod_auth_kerb 5.4' PACKAGE_BUGREPORT='modauthkerb-developers@lists.sourceforge.net' ac_unique_file="src/mod_auth_kerb.c" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='LTLIBOBJS LIBOBJS APXS KRB4_LDFLAGS KRB4_CPPFLAGS SPNEGO_SRCS KRB5_LDFLAGS KRB5_CPPFLAGS EGREP GREP CPP LIB_resolv SET_MAKE OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking with_krb5 with_krb4 with_apache ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 { (exit 1); exit 1; }; } ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) { $as_echo "$as_me: error: unrecognized option: $ac_option Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2 { (exit 1); exit 1; }; } eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` { $as_echo "$as_me: error: missing argument to $ac_option" >&2 { (exit 1); exit 1; }; } fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2 { (exit 1); exit 1; }; } ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 { (exit 1); exit 1; }; } done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || { $as_echo "$as_me: error: working directory cannot be determined" >&2 { (exit 1); exit 1; }; } test "X$ac_ls_di" = "X$ac_pwd_ls_di" || { $as_echo "$as_me: error: pwd does not report name of working directory" >&2 { (exit 1); exit 1; }; } # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 { (exit 1); exit 1; }; } fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2 { (exit 1); exit 1; }; } pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures mod_auth_kerb 5.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/mod_auth_kerb] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of mod_auth_kerb 5.4:";; esac cat <<\_ACEOF Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-krb5=dir use krb5 in dir --with-krb4=dir use krb4 in dir --with-apache=dir use apache in dir Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF mod_auth_kerb configure 5.4 generated by GNU Autoconf 2.63 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by mod_auth_kerb $as_me 5.4, which was generated by GNU Autoconf 2.63. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; 2) ac_configure_args1="$ac_configure_args1 '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac done done $as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } $as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------------- ## ## File substitutions. ## ## ------------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then ac_site_file1=$CONFIG_SITE elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test -r "$ac_site_file"; then { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:$LINENO: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:$LINENO: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 $as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers config.h" # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:$LINENO: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&5 $as_echo "$as_me: error: no acceptable C compiler found in \$PATH See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } # Provide some information about the compiler. $as_echo "$as_me:$LINENO: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 { (ac_try="$ac_compiler --version >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compiler --version >&5") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -v >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compiler -v >&5") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { (ac_try="$ac_compiler -V >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compiler -V >&5") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { (ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi { $as_echo "$as_me:$LINENO: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } if test -z "$ac_file"; then $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables See \`config.log' for more details." >&5 $as_echo "$as_me: error: C compiler cannot create executables See \`config.log' for more details." >&2;} { (exit 77); exit 77; }; }; } fi ac_exeext=$ac_cv_exeext # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi fi fi { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } { $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } { $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi rm -f conftest$ac_cv_exeext { $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT { $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if test "${ac_cv_objext+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot compute suffix of object files: cannot compile See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if test "${ac_cv_c_compiler_gnu+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_compiler_gnu=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if test "${ac_cv_prog_cc_g+set}" = set; then $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 CFLAGS="" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_g=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_prog_cc_c89=$ac_arg else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:$LINENO: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:$LINENO: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi # Checks for libraries. # FIXME: Replace `main' with a function in `-lresolv': LIB_resolv="" { $as_echo "$as_me:$LINENO: checking for main in -lresolv" >&5 $as_echo_n "checking for main in -lresolv... " >&6; } if test "${ac_cv_lib_resolv_main+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_resolv_main=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_resolv_main=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_main" >&5 $as_echo "$ac_cv_lib_resolv_main" >&6; } if test "x$ac_cv_lib_resolv_main" = x""yes; then LIB_resolv=-lresolv fi # Checks for header files. ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:$LINENO: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then # Broken: success on invalid input. continue else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&5 $as_echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if test "${ac_cv_path_GREP+set}" = set; then $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then { { $as_echo "$as_me:$LINENO: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 $as_echo "$as_me: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:$LINENO: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if test "${ac_cv_path_EGREP+set}" = set; then $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break ac_count=`expr $ac_count + 1` if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 $as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} { (exit 1); exit 1; }; } fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if test "${ac_cv_header_stdc+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_header_stdc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) ac_cv_header_stdc=no fi rm -rf conftest.dSYM rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi fi fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 _ACEOF fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then eval "$as_ac_Header=yes" else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in limits.h netdb.h stddef.h stdlib.h string.h unistd.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ----------------------------------------------------------- ## ## Report this to modauthkerb-developers@lists.sourceforge.net ## ## ----------------------------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done # Checks for typedefs, structures, and compiler characteristics. #AC_C_CONST { $as_echo "$as_me:$LINENO: checking for size_t" >&5 $as_echo_n "checking for size_t... " >&6; } if test "${ac_cv_type_size_t+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_type_size_t=no cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { if (sizeof (size_t)) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default int main () { if (sizeof ((size_t))) return 0; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_type_size_t=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5 $as_echo "$ac_cv_type_size_t" >&6; } if test "x$ac_cv_type_size_t" = x""yes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi { $as_echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5 $as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } if test "${ac_cv_struct_tm+set}" = set; then $as_echo_n "(cached) " >&6 else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include int main () { struct tm tm; int *p = &tm.tm_sec; return !p; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_cv_struct_tm=time.h else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_struct_tm=sys/time.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5 $as_echo "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then cat >>confdefs.h <<\_ACEOF #define TM_IN_SYS_TIME 1 _ACEOF fi # Checks for library functions. #AC_FUNC_MALLOC #AC_FUNC_MEMCMP #AC_CHECK_FUNCS([gethostbyname memset putenv strcasecmp strchr strdup strerror]) # # kerberos5 enviroment # krb5_config_command=krb5-config SPNEGO_SRCS="" # Check whether --with-krb5 was given. if test "${with_krb5+set}" = set; then withval=$with_krb5; with_krb5="$withval" fi if test "x$with_krb5" = "xyes" ; then with_krb5="" fi if test "x$with_krb5" != "xno" ; then ac_save_CPPFLAGS="$CPPFLAGS" ac_save_LDFLAGS="$LDFLAGS" ac_save_LIBS="$LIBS" if test -n "$with_krb5"; then if test -x "$with_krb5/bin/krb5-config"; then krb5_config_command="$with_krb5/bin/krb5-config" else krb5_config_command="" fi fi if test -z "$KRB5_CPPFLAGS"; then TMP_KRB5_CPPFLAGS="" if test -n "$krb5_config_command"; then TMP_KRB5_CPPFLAGS=`$krb5_config_command --cflags gssapi 2>/dev/null` fi if test -z "$TMP_KRB5_CPPFLAGS" -a -n "with_krb5"; then TMP_KRB5_CPPFLAGS="-I$with_krb5/include" fi CPPFLAGS="$CPPFLAGS $TMP_KRB5_CPPFLAGS" for ac_header in gssapi.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ----------------------------------------------------------- ## ## Report this to modauthkerb-developers@lists.sourceforge.net ## ## ----------------------------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF KRB5_CPPFLAGS="$TMP_KRB5_CPPFLAGS" fi done if test -z "$KRB5_CPPFLAGS"; then for ac_header in gssapi/gssapi.h do as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 $as_echo_n "checking $ac_header usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 $as_echo_n "checking $ac_header presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include <$ac_header> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ----------------------------------------------------------- ## ## Report this to modauthkerb-developers@lists.sourceforge.net ## ## ----------------------------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 $as_echo_n "checking for $ac_header... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then $as_echo_n "(cached) " >&6 else eval "$as_ac_Header=\$ac_header_preproc" fi ac_res=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi as_val=`eval 'as_val=${'$as_ac_Header'} $as_echo "$as_val"'` if test "x$as_val" = x""yes; then cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF KRB5_CPPFLAGS="$TMP_KRB5_CPPFLAGS" fi done fi CPPFLAGS="$ac_save_CPPFLAGS" fi if test -z "$KRB5_LDFLAGS" -a -n "$krb5_config_command"; then TMP_KRB5_LDFLAGS=`$krb5_config_command --libs gssapi 2>/dev/null` if test -n "$TMP_KRB5_LDFLAGS"; then LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" { $as_echo "$as_me:$LINENO: checking for krb5_init_context in -lkrb5" >&5 $as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; } if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb5_init_context (); int main () { return krb5_init_context (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb5_krb5_init_context=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb5_krb5_init_context=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_init_context" >&5 $as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; } if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" fi LIBS="$ac_save_LIBS" fi fi if test "x$with_krb5"="x"; then tmp_lf_inc="" else tmp_lf_inc="-L" fi if test -z "$KRB5_LDFLAGS"; then #try MIT TMP_KRB5_LDFLAGS="$tmp_lf_inc$with_krb5/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" { $as_echo "$as_me:$LINENO: checking for krb5_init_context in -lkrb5" >&5 $as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; } if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb5_init_context (); int main () { return krb5_init_context (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb5_krb5_init_context=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb5_krb5_init_context=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_init_context" >&5 $as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; } if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" fi LIBS="$ac_save_LIBS" fi if test -z "$KRB5_LDFLAGS"; then #Try Heimdal TMP_KRB5_LDFLAGS="$tmp_lf_inc$with_krb5/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt" LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" { $as_echo "$as_me:$LINENO: checking for krb5_init_context in -lkrb5" >&5 $as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; } if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb5_init_context (); int main () { return krb5_init_context (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb5_krb5_init_context=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb5_krb5_init_context=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_init_context" >&5 $as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; } if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" fi LIBS="$ac_save_LIBS" fi if test -z "$KRB5_LDFLAGS"; then #Try Heimdal on OpenBSD TMP_KRB5_LDFLAGS="$tmp_lf_inc$with_krb5/lib -lgssapi -lkrb5 -lasn1 -ldes -lcrypto" LIBS="$LIBS $TMP_KRB5_LDFLAGS $LIB_resolv" { $as_echo "$as_me:$LINENO: checking for krb5_init_context in -lkrb5" >&5 $as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; } if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb5_init_context (); int main () { return krb5_init_context (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb5_krb5_init_context=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb5_krb5_init_context=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_init_context" >&5 $as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; } if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then KRB5_LDFLAGS="$TMP_KRB5_LDFLAGS" fi LIBS="$ac_save_LIBS" fi if test -z "$KRB5_LDFLAGS"; then with_krb5=no else cat >>confdefs.h <<\_ACEOF #define KRB5 1 _ACEOF { $as_echo "$as_me:$LINENO: checking for krb5_cc_new_unique in -lkrb5" >&5 $as_echo_n "checking for krb5_cc_new_unique in -lkrb5... " >&6; } if test "${ac_cv_lib_krb5_krb5_cc_new_unique+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb5 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb5_cc_new_unique (); int main () { return krb5_cc_new_unique (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb5_krb5_cc_new_unique=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb5_krb5_cc_new_unique=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_cc_new_unique" >&5 $as_echo "$ac_cv_lib_krb5_krb5_cc_new_unique" >&6; } if test "x$ac_cv_lib_krb5_krb5_cc_new_unique" = x""yes; then cat >>confdefs.h <<\_ACEOF #define HAVE_KRB5_CC_NEW_UNIQUE 1 _ACEOF fi # check for Heimdal have_heimdal="" { $as_echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5 $as_echo_n "checking whether we are using Heimdal... " >&6; } ac_save_CFLAGS="$CFLAGS" CFLAGS="$KRB5_CPPFLAGS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include int main () { char *tmp = heimdal_version; ; return 0; } _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<\_ACEOF #define HEIMDAL 1 _ACEOF have_heimdal=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$ac_save_CFLAGS" # If SPNEGO is supported by the gssapi libraries, we shouln't build our support. # SPNEGO is supported as of Heimdal 0.7, and MIT 1.5. gssapi_supports_spnego="" { $as_echo "$as_me:$LINENO: checking whether the GSSAPI libraries support SPNEGO" >&5 $as_echo_n "checking whether the GSSAPI libraries support SPNEGO... " >&6; } ac_save_CFLAGS="$CFLAGS" CFLAGS="$KRB5_CPPFLAGS" ac_save_LDFLAGS="$LDFLAGS" if test -n "$with_krb5"; then LDFLAGS="$KRB5_LDFLAGS -Wl,-rpath -Wl,$with_krb5/lib" else LDFLAGS="$KRB5_LDFLAGS" fi if test "$cross_compiling" = yes; then { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { { $as_echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 $as_echo "$as_me: error: cannot run test program while cross compiling See \`config.log' for more details." >&2;} { (exit 1); exit 1; }; }; } else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include #include #ifdef HEIMDAL #include #else #include #endif int main(int argc, char** argv) { OM_uint32 major_status, minor_status; gss_OID_set mech_set; gss_OID_desc spnego_oid_desc = {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; int SPNEGO = 0; major_status = gss_indicate_mechs(&minor_status, &mech_set); if (GSS_ERROR(major_status)) return 1; else { unsigned int i; for (i=0; i < mech_set->count && !SPNEGO; i++) { gss_OID tmp_oid = &mech_set->elements[i]; if (tmp_oid->length == spnego_oid_desc.length && !memcmp(tmp_oid->elements, spnego_oid_desc.elements, tmp_oid->length)) { SPNEGO = 1; break; } } gss_release_oid_set(&minor_status, &mech_set); return (!SPNEGO); } } _ACEOF rm -f conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' { (case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then if test $? -eq 0; then { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<\_ACEOF #define GSSAPI_SUPPORTS_SPNEGO 1 _ACEOF gssapi_supports_spnego=yes else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ( exit $ac_status ) { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi rm -rf conftest.dSYM rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" if test -z "$gssapi_supports_spnego"; then if test -n "$have_heimdal"; then SPNEGO_SRCS="\ spnegokrb5/asn1_MechType.c \ spnegokrb5/asn1_MechTypeList.c \ spnegokrb5/asn1_ContextFlags.c \ spnegokrb5/asn1_NegTokenInit.c \ spnegokrb5/asn1_NegTokenTarg.c \ spnegokrb5/init_sec_context.c \ spnegokrb5/accept_sec_context.c \ spnegokrb5/encapsulate.c \ spnegokrb5/decapsulate.c \ spnegokrb5/external.c" else SPNEGO_SRCS="\ spnegokrb5/asn1_MechType.c \ spnegokrb5/asn1_MechTypeList.c \ spnegokrb5/asn1_ContextFlags.c \ spnegokrb5/asn1_NegTokenInit.c \ spnegokrb5/asn1_NegTokenTarg.c \ spnegokrb5/der_get.c \ spnegokrb5/der_put.c \ spnegokrb5/der_free.c \ spnegokrb5/der_length.c \ spnegokrb5/der_copy.c \ spnegokrb5/timegm.c \ spnegokrb5/init_sec_context.c \ spnegokrb5/accept_sec_context.c \ spnegokrb5/encapsulate.c \ spnegokrb5/decapsulate.c \ spnegokrb5/external.c" fi fi fi fi # # Kerberos4 enviroment # # Check whether --with-krb4 was given. if test "${with_krb4+set}" = set; then withval=$with_krb4; with_krb4="$withval" fi if test "x$with_krb4" = "xyes" ; then with_krb4="" fi if test "x$with_krb4" != "xno"; then { $as_echo "$as_me:$LINENO: checking for Kerberos4 installation" >&5 $as_echo_n "checking for Kerberos4 installation... " >&6; } if test "x$with_krb4" != "x"; then if test -x "$with_krb4/bin/krb4-config"; then KRB4_CPPFLAGS=`$with_krb4/bin/krb4-config --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`$with_krb4/bin/krb4-config --libs krb4 2>/dev/null` elif test -x "$with_krb4/bin/krb5-config"; then KRB4_CPPFLAGS=`$with_krb4/bin/krb5-config --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`$with_krb4/bin/krb5-config --libs krb4 2>/dev/null` else { { $as_echo "$as_me:$LINENO: error: failed to find krb4-config or krb5-config in $with_krb4/bin" >&5 $as_echo "$as_me: error: failed to find krb4-config or krb5-config in $with_krb4/bin" >&2;} { (exit 1); exit 1; }; } fi else KRB4_CPPFLAGS=`krb4-config --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`krb4-config --libs krb4 2>/dev/null` if test "x$KRB4_LDFLAGS" = "x" -a -n "$krb5_config_command"; then KRB4_CPPFLAGS=`$krb5_config_command --cflags krb4 2>/dev/null` KRB4_LDFLAGS=`$krb5_config_command --libs krb4 2>/dev/null` if test $? -ne 0; then KRB4_CPPFLAGS="" KRB4_LDFLAGS="" fi fi fi if test "x$KRB4_LDFLAGS" = "x"; then with_krb4=no { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } else { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; } ac_save_CFLAGS=$CFLAGS ac_save_CPPFLAGS=$CPPFLAGS ac_save_LDFLAGS=$LDFLAGS ac_save_LIBS=$LIBS CFLAGS="$CFLAGS $KRB4_CPPFLAGS" CPPFLAGS="$CFLAGS $KRB4_CPPFLAGS" LDFLAGS="$LDFLAGS $KRB4_LDFLAGS" LIBS="$LIBS $LDFLAGS $LIB_resolv" # if not found krb.h suppose it's in the kerberosIV subdirectory if test "${ac_cv_header_krb_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for krb.h" >&5 $as_echo_n "checking for krb.h... " >&6; } if test "${ac_cv_header_krb_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 $as_echo "$ac_cv_header_krb_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking krb.h usability" >&5 $as_echo_n "checking krb.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking krb.h presence" >&5 $as_echo_n "checking krb.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: krb.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: krb.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: krb.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: krb.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: krb.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: krb.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: krb.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: krb.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: krb.h: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ----------------------------------------------------------- ## ## Report this to modauthkerb-developers@lists.sourceforge.net ## ## ----------------------------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:$LINENO: checking for krb.h" >&5 $as_echo_n "checking for krb.h... " >&6; } if test "${ac_cv_header_krb_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_krb_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 $as_echo "$ac_cv_header_krb_h" >&6; } fi if test "x$ac_cv_header_krb_h" = x""yes; then : else with_krb4=no fi if test "x$with_krb4" = "xno"; then KRB4_CPPFLAGS="$KRB4_CPPFLAGS ${KRB4_CPPFLAGS}/kerberosIV" # second run of AC_CHECK_HEADER for the same library returns the cached # result created by previous run :-( if test "${ac_cv_header_kerberosIV_krb_h+set}" = set; then { $as_echo "$as_me:$LINENO: checking for kerberosIV/krb.h" >&5 $as_echo_n "checking for kerberosIV/krb.h... " >&6; } if test "${ac_cv_header_kerberosIV_krb_h+set}" = set; then $as_echo_n "(cached) " >&6 fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_kerberosIV_krb_h" >&5 $as_echo "$ac_cv_header_kerberosIV_krb_h" >&6; } else # Is the header compilable? { $as_echo "$as_me:$LINENO: checking kerberosIV/krb.h usability" >&5 $as_echo_n "checking kerberosIV/krb.h usability... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default #include _ACEOF rm -f conftest.$ac_objext if { (ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_compile") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then ac_header_compiler=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:$LINENO: checking kerberosIV/krb.h presence" >&5 $as_echo_n "checking kerberosIV/krb.h presence... " >&6; } cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ #include _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then ac_header_preproc=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in yes:no: ) { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: proceeding with the compiler's result" >&2;} ac_header_preproc=yes ;; no:yes:* ) { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: present but cannot be compiled" >&2;} { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: see the Autoconf documentation" >&2;} { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: proceeding with the preprocessor's result" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: proceeding with the preprocessor's result" >&2;} { $as_echo "$as_me:$LINENO: WARNING: kerberosIV/krb.h: in the future, the compiler will take precedence" >&5 $as_echo "$as_me: WARNING: kerberosIV/krb.h: in the future, the compiler will take precedence" >&2;} ( cat <<\_ASBOX ## ----------------------------------------------------------- ## ## Report this to modauthkerb-developers@lists.sourceforge.net ## ## ----------------------------------------------------------- ## _ASBOX ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:$LINENO: checking for kerberosIV/krb.h" >&5 $as_echo_n "checking for kerberosIV/krb.h... " >&6; } if test "${ac_cv_header_kerberosIV_krb_h+set}" = set; then $as_echo_n "(cached) " >&6 else ac_cv_header_kerberosIV_krb_h=$ac_header_preproc fi { $as_echo "$as_me:$LINENO: result: $ac_cv_header_kerberosIV_krb_h" >&5 $as_echo "$ac_cv_header_kerberosIV_krb_h" >&6; } fi if test "x$ac_cv_header_kerberosIV_krb_h" = x""yes; then with_krb4=yes else with_krb4=no KRB4_CPPFLAGS="" KRB4_LDFLAGS="" fi fi if test "x$with_krb4" != "xno"; then { $as_echo "$as_me:$LINENO: checking for krb_get_pw_in_tkt in -lkrb4" >&5 $as_echo_n "checking for krb_get_pw_in_tkt in -lkrb4... " >&6; } if test "${ac_cv_lib_krb4_krb_get_pw_in_tkt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb4 $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb_get_pw_in_tkt (); int main () { return krb_get_pw_in_tkt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb4_krb_get_pw_in_tkt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb4_krb_get_pw_in_tkt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_krb_get_pw_in_tkt" >&5 $as_echo "$ac_cv_lib_krb4_krb_get_pw_in_tkt" >&6; } if test "x$ac_cv_lib_krb4_krb_get_pw_in_tkt" = x""yes; then cat >>confdefs.h <<_ACEOF #define HAVE_LIBKRB4 1 _ACEOF LIBS="-lkrb4 $LIBS" else with_krb4=no fi if test "x$with_krb4" = "xno"; then { $as_echo "$as_me:$LINENO: checking for krb_get_pw_in_tkt in -lkrb" >&5 $as_echo_n "checking for krb_get_pw_in_tkt in -lkrb... " >&6; } if test "${ac_cv_lib_krb_krb_get_pw_in_tkt+set}" = set; then $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkrb $LIBS" cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char krb_get_pw_in_tkt (); int main () { return krb_get_pw_in_tkt (); ; return 0; } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" $as_echo "$ac_try_echo") >&5 (eval "$ac_link") 2>conftest.er1 ac_status=$? grep -v '^ *+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then ac_cv_lib_krb_krb_get_pw_in_tkt=yes else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_cv_lib_krb_krb_get_pw_in_tkt=no fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:$LINENO: result: $ac_cv_lib_krb_krb_get_pw_in_tkt" >&5 $as_echo "$ac_cv_lib_krb_krb_get_pw_in_tkt" >&6; } if test "x$ac_cv_lib_krb_krb_get_pw_in_tkt" = x""yes; then with_krb4=yes else with_krb4=no KRB4_CPPFLAGS="" KRB4_LDFLAGS="" fi fi fi CFLAGS=$ac_save_CFLAGS CPPFLAGS=$ac_save_CPPFLAGS LDFLAGS=$ac_save_LDFLAGS LIBS=$ac_save_LIBS cat >>confdefs.h <<\_ACEOF #define KRB4 1 _ACEOF fi fi if test "x$with_krb5" = "xno" -a "x$with_krb4" = "xno"; then { { $as_echo "$as_me:$LINENO: error: No Kerberos enviroment found" >&5 $as_echo "$as_me: error: No Kerberos enviroment found" >&2;} { (exit 1); exit 1; }; } fi # # Apache enviroment # # Check whether --with-apache was given. if test "${with_apache+set}" = set; then withval=$with_apache; with_apache="$withval" fi # Extract the first word of "apxs", so it can be a program name with args. set dummy apxs; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_APXS+set}" = set; then $as_echo_n "(cached) " >&6 else case $APXS in [\\/]* | ?:[\\/]*) ac_cv_path_APXS="$APXS" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_dummy="$with_apache/bin:$with_apache/sbin:$PATH" for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_APXS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi APXS=$ac_cv_path_APXS if test -n "$APXS"; then { $as_echo "$as_me:$LINENO: result: $APXS" >&5 $as_echo "$APXS" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$APXS"; then # Extract the first word of "apxs2", so it can be a program name with args. set dummy apxs2; ac_word=$2 { $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_APXS+set}" = set; then $as_echo_n "(cached) " >&6 else case $APXS in [\\/]* | ?:[\\/]*) ac_cv_path_APXS="$APXS" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_dummy="$with_apache/bin:$with_apache/sbin:$PATH" for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_APXS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi APXS=$ac_cv_path_APXS if test -n "$APXS"; then { $as_echo "$as_me:$LINENO: result: $APXS" >&5 $as_echo "$APXS" >&6; } else { $as_echo "$as_me:$LINENO: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$APXS"; then { { $as_echo "$as_me:$LINENO: error: failed to find apache apxs executable" >&5 $as_echo "$as_me: error: failed to find apache apxs executable" >&2;} { (exit 1); exit 1; }; } fi fi ac_config_files="$ac_config_files Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) $as_unset $ac_var ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote # substitution turns \\\\ into \\, and sed turns \\ into \). sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : ${CONFIG_STATUS=./config.status} ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ## --------------------- ## ## M4sh Initialization. ## ## --------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac fi # PATH needs CR # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # Support unset when possible. if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then as_unset=unset else as_unset=false fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 { (exit 1); exit 1; } fi # Work around bugs in pre-3.0 UWIN ksh. for as_var in ENV MAIL MAILPATH do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # Required to use basename. if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi # Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # CDPATH. $as_unset CDPATH as_lineno_1=$LINENO as_lineno_2=$LINENO test "x$as_lineno_1" != "x$as_lineno_2" && test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { # Create $as_me.lineno as a copy of $as_myself, but with $LINENO # uniformly replaced by the line number. The first 'sed' inserts a # line-number line after each line using $LINENO; the second 'sed' # does the real work. The second script uses 'N' to pair each # line-number line with the line containing $LINENO, and appends # trailing '-' during substitution so that $LINENO is not a special # case at line end. # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the # scripts with optimization help from Paolo Bonzini. Blame Lee # E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 { (exit 1); exit 1; }; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in -n*) case `echo 'x\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. *) ECHO_C='\c';; esac;; *) ECHO_N='-n';; esac if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p=: else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 # Save the log message, to keep $[0] and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by mod_auth_kerb $as_me 5.4, which was generated by GNU Autoconf 2.63. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files from templates according to the current configuration. Usage: $0 [OPTION]... [FILE]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ mod_auth_kerb config.status 5.4 configured by $0, generated by GNU Autoconf 2.63, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" Copyright (C) 2008 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac CONFIG_FILES="$CONFIG_FILES '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header { $as_echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; };; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) { $as_echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2 { (exit 1); exit 1; }; } ;; *) ac_config_targets="$ac_config_targets $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 $as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 trap '{ (exit 1); exit 1; }' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || { $as_echo "$as_me: cannot create a temporary directory in ." >&2 { (exit 1); exit 1; } } # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=' ' ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 $as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 $as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 $as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\).*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\).*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5 $as_echo "$as_me: error: could not setup config files machinery" >&2;} { (exit 1); exit 1; }; } _ACEOF # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/ s/:*\${srcdir}:*/:/ s/:*@srcdir@:*/:/ s/^\([^=]*=[ ]*\):*/\1/ s/:*$// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_t=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_t"; then break elif $ac_last_try; then { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5 $as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;} { (exit 1); exit 1; }; } else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5 $as_echo "$as_me: error: could not setup config headers machinery" >&2;} { (exit 1); exit 1; }; } fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5 $as_echo "$as_me: error: invalid tag $ac_tag" >&2;} { (exit 1); exit 1; }; };; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 $as_echo "$as_me: error: cannot find input file: $ac_f" >&2;} { (exit 1); exit 1; }; };; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac ac_file_inputs="$ac_file_inputs '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:$LINENO: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` { as_dir="$ac_dir" case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 $as_echo "$as_me: error: cannot create directory $as_dir" >&2;} { (exit 1); exit 1; }; }; } ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p ' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" } >"$tmp/config.h" \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$tmp/config.h" "$ac_file" \ || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 $as_echo "$as_me: error: could not create $ac_file" >&2;} { (exit 1); exit 1; }; } fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5 $as_echo "$as_me: error: could not create -" >&2;} { (exit 1); exit 1; }; } fi ;; esac done # for ac_tag { (exit 0); exit 0; } _ACEOF chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5 $as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;} { (exit 1); exit 1; }; } # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || { (exit 1); exit 1; } fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi mod_auth_kerb-5.4/config.h.in0000644000175000000000000000144511113277171015276 0ustar xpristroot /* Define to the version of this package. */ /* Conflicts with defintions from Apache */ /* #undef PACKAGE_VERSION */ /* Define to `unsigned' if does not define. */ #undef size_t /* Define if you are using the Heimdal implementation of Krb5 */ #undef HEIMDAL /* Define if you want to enable support for Kerberos5 */ #undef KRB5 /* Define if you want to enable support for Kerberos4 */ #undef KRB4 /* Define if your GSSAPI library supports handling SPNEGO tokens */ #undef GSSAPI_SUPPORTS_SPNEGO /* Define if your krb supports krb5_cc_new_unique function to deal with threading issues */ #undef HAVE_KRB5_CC_NEW_UNIQUE /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H mod_auth_kerb-5.4/INSTALL0000644000175000000000000002245611113277171014311 0ustar xpristroot1. Prerequisites ---------------- - Development enviroment for Kerberos5 and/or Kerberos4 (i.e. libraries and header files). The module works with the MIT Kerberos implementation (supporting both krb4 and krb5), the kth-krb Kerberos4 implementation, and the Heimdal Kerberos5 implementation. Kerberos libraries come with most Linux distributions but they may not be installed by default. - Apache server installed with SSL support. Both 1.x and 2.x series of Apache are supported, provided they are compiled to support DSO. SSL support (provided by either mod_ssl or apache-ssl) is necessary for the module to work in a secure way. Most Linux distributions contain suitable Apache packages. - The latest source of the module available from the main project site (http://sourceforge.net/project/showfiles.php?group_id=51775). - Working C compiler, GNU make. 2. Building and installing the module ------------------------------------- Unpack the distribution tarball and run the configure script to set up the build enviroment. The script will try to find krb5 and/or krb4 libraries and headers and an Apache installation directory. You can use following flags to specify locations of these files: --with-krb4= --with-krb5= these options are used to specify locations of the installation directories for krb4 and krb5, respectively. If you don't want to compile support for one of the method, use no as the appropriate parameter or specify --without-krb5 or --without-krb4. --with-apache= use this parameter to specify location where the Apache installation resides. After the configuration script finishes run make followed by make install. In order to install the module you will have to have writing permission for the apache directory. An example of the building stage follows: ./configure --with-krb5=/software/krb5-1.3.1 \ --with-krb4=no \ --with-apache=/software/apache-2.0.47 make su make install 3. Create the Kerberos principal for the server ----------------------------------------------- A service principal for the web server must be registered with the KDC in order to let the module verify users properly. In general the principals for web servers have names with format HTTP/servername@REALM, where servername is the fully-qualified domain name of the server and REALM is your Kerberos realm. If you have multiple virtual servers requiring authentication service principals have to be generated for each virtual servername. After creating the service principal, corresponding Kerberos keys must be extracted to a keytab file stored on the server host. Steps to create the principal and extracting the keys vary depending on the KDC server type used. Heimdal or MIT KDC ------------------ From the www machine start the kadmin command, connect to the KDC and create principal HTTP/servername@REALM with a random key(s). Then extract the keys into a local keytab and change ownership and permissions for the keytab file so that only the apache user can access it. Example using kadmin from Heimdal: kadmin -p admin@REALM -r REALM ank -r HTTP/servername@REALM kadmin -p admin@REALM -r REALM ext -k /etc/httpd/keytab HTTP/servername@REALM chown nobody /etc/httpd/keytab chmod 400 /etc/httpd/keytab Windows 2000 Domain Controler ----------------------------- The Kerberos realm in Active Directory is the same as the DNS domain name of the AD domain. For example, a Kerberos principal for host server.example.com might be "HTTP/server.example.com@EXAMPLE.COM". To install the principal in AD you first need to create a user account in the domain for the server. It makes sense to call this account something meaningful, maybe "httpd_servername" so that it is obvious what this account is used for. To create the account you can use standard AD tools. Make sure that the user account has "Password never expires" set and write down the password you set for the account (you will need it later). When using ticket based authentication (KrbMethodNegotiate) and also wanting to save the ticket (KrbSaveCredentials), the user account for the Kerberos principal must have the option "Account is trusted for delegation" set. This enables to user account to delegate the tickets to the server for further authentication. If you want to kerberize additional hosts you need to create one user account per each kerberized host. The Kerberos principal is associated with a user account with the ktpass.exe tool that is part of the Microsoft Support Tools package. This tools needs to be run on a domain controller. To associate a Kerberos principal with a user account just run ktpass.exe in a command prompt with appropriate parameters to create a keytab file. Full description of the ktpass.exe command can be found at http://support.microsoft.com/default.aspx?scid=kb;en-us;324144. ktpass -out c:\apache.ktab -princ HTTP/server.name@REALM.NAME -pass account_password -mapuser httpd_servername -crypto DES-CBC-MD5 In the above the c:\apache.ktab is the name of the created keytab file, account_passwored is the password you set for the user account and httpd_servername is the name of the user account. The DES-CBC-MD5 encryption is needed to get Heimdal to work with Microsoft KDC, MIT Kerberos does not seem to need it but it does not hurt either. In fact, RFC1510 discourages using DES-CBC-CRC (default in Win2k ktpass.exe) so it's probably better to use DES-CBC-MD5 in all cases. You need to copy the keytab file to your web server in a secure way to avoid revealing the server key(s). Note that the copy needs to be done in binary mode to avoid corrupting the file. Make sure that the keytab file is owned by the apache user and only readable to this user (i.e. the permissions are 400). After copying the keytab verify the content using the ktutil tool. See http://www.grolmsnet.de/kerbtut for more information about using mod_auth_kerb with Windows KDC. 4. Verifying krb5 on the server host ------------------------------------ Before starting configuring the module make sure your Kerberos enviroment on the web host is properly configured. The easiest way to check is using the kinit command to get a ticket from the KDC. 5. Configuring mod_auth_kerb ---------------------------- First make sure that Apache works as expected. You need to load the mod_auth_kerb module. To do this, add a LoadModule statement into the appropriate section of httpd.conf file. LoadModule auth_kerb_module modules/mod_auth_kerb.so The configuration of mod_auth_kerb can be done per directory. The configuration directives can be stored in either a section of httpd.conf or in a .htaccess file in the coresponding directory. Example of a Directory section from httpd.conf: AuthType Kerberos AuthName "Kerberos Login" Krb5Keytab /etc/apache/apache.keytab KrbAuthRealms EXAMPLE.COM Require valid-user The Krb5Keytab file is the one created as described above in section 3. Summary of all configuration directives supported by the module can be found in README. 6. Configuring the browsers --------------------------- For password based authentication any browser supporting the Basic HTTP authentication method can be used without any changes. In order to use ticket based authentication (Negotiate) you will need either MS Internet Explorer 5.0+ running on Win2000 SP2 (or later) or Mozilla with the Negotiateauth extension (available in 1.7beta and later). Internet Explorer ----------------- To make the Negotiate authentication work the web server hostname must be in Internet Explorer "Local Intranet" security zone and the "Windows Integrated Authentication" must be enabled in the IE advanced options. See also a guide from Microsoft describing how to configure Windows Machine to use Unix KDC available at http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Mozilla ------- First make sure your Mozilla distribution contains the Negotiateauth component (libnegotiateauth.so on Unix, negotiateauth.dll on Windows). Generally this is included in versions 1.7beta and later on Unix platforms including Mac OSX, maybe 1.8 and later on Windows.) Next, you have to specify URL's for which it is allowed to use the Negotiate authentication method. It's done by setting the network.negotiate-auth.trusted-uris preference. In order to set it, just type "about:config" in the URL bar and then set the value of "network.negotiate-auth.trusted-uris" to "https://secured.webserver.name". If you want to find out what happens in the Negotiateauth component use following environment variables: NSPR_LOG_MODULES=negotiateauth:5 NSPR_LOG_FILE=/tmp/negotiateauth.log before starting Mozilla. You will see debugging messages logged in the file specified by NSPR_LOG_FILE (/tmp/negotiateauth.log) KDE Konqueror ------------- http://www.grolmsnet.de/kerbtut/konqueror.html 6. Access control ----------------- If you want only particular users to be able to access the secured area, you can list their principal names in the appropriate Require directive. They must be full Kerberos names, including the REALM part. For example: Require user kouril@REALM.COM The user's name is put by Apache in the REMOTE_USER environment variable so that it could be used by cgi-bin scripts. $Id: INSTALL,v 1.9 2005/06/03 16:58:24 kouril Exp $ mod_auth_kerb-5.4/apxs.sh0000755000000000000000000000032311115236364014175 0ustar rootroot#!/bin/sh cppflags=`[ -n "$1" ] && echo $1 | sed -e 's/\([^ ]*\)/-Wc,\1/g'` ldflags=`[ -n "$2" ] && echo $2 | sed -e 's/\([^ ]*\)/-Wl,\1/g'` ret=eval "$4" $5 $cppflags $ldflags src/mod_auth_kerb.c $3 exit $ret mod_auth_kerb-5.4/src/0000755000175000000000000000000011115727042014035 5ustar xpristrootmod_auth_kerb-5.4/src/mit-internals.h0000644000175000000000000002024011113277171016773 0ustar xpristroot/* * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. * * This software is being provided to you, the LICENSEE, by the * Massachusetts Institute of Technology (M.I.T.) under the following * license. By obtaining, using and/or copying this software, you agree * that you have read, understood, and will comply with these terms and * conditions: * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute * this software and its documentation for any purpose and without fee or * royalty is hereby granted, provided that you agree to comply with the * following copyright notice and statements, including the disclaimer, and * that the same appear on ALL copies of the software and documentation, * including modifications that you make for internal use or for * distribution: * * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. * * The name of the Massachusetts Institute of Technology or M.I.T. may NOT * be used in advertising or publicity pertaining to distribution of the * software. Title to copyright in this software and any associated * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. */ /* * Copyright (C) 1998 by the FundsXpress, INC. * * All rights reserved. * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of FundsXpress. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ #ifndef _MIT_INTERNALS_H_ #define _MIT_INTERNALS_H_ /* must be included after krb5.h to override definitons from there */ /* * MIT Kerberos 1.3.x replay cache implementation causes major problems * with Microsoft Kerberos5 implementation by incorrectly detecting * Microsoft authenticators as replays. The problem is being worked on * by both MIT and Microsoft but until a definite fix is available, we * must disable the replay cache in order to work with Microsoft clients. * The only working way to do this seems to be overriding the function * that stores authenticators in replay cache with one that does nothing. * Note that disabling replay cache is potentially unsecure. */ /* Definition from MIT krb5-1.3.3 krb5.h */ typedef struct _krb5_donot_replay_internal { krb5_magic magic; char *server; /* null-terminated */ char *client; /* null-terminated */ krb5_int32 cusec; krb5_timestamp ctime; } krb5_donot_replay_internal; /* Definitions from MIT krb5-1.3.3 k5-int.h */ struct _krb5_rc_ops_internal { krb5_magic magic; char *type; krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_rcache,krb5_deltat); /* create */ krb5_error_code (KRB5_CALLCONV *recover) (krb5_context, krb5_rcache); /* open */ krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_rcache,krb5_donot_replay_internal *); krb5_error_code (KRB5_CALLCONV *expunge) (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *get_span) (krb5_context, krb5_rcache,krb5_deltat *); char *(KRB5_CALLCONV *get_name) (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_rcache, char *); }; typedef struct _krb5_rc_ops_internal krb5_rc_ops_internal; /* Definitions from MIT krb5-1.3.3 rc_dfl.h */ extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init (krb5_context, krb5_rcache, krb5_deltat); extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover (krb5_context, krb5_rcache); extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy (krb5_context, krb5_rcache); extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close (krb5_context, krb5_rcache); extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge (krb5_context, krb5_rcache); extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span (krb5_context, krb5_rcache, krb5_deltat *); extern char * KRB5_CALLCONV krb5_rc_dfl_get_name (krb5_context, krb5_rcache); extern krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve (krb5_context, krb5_rcache, char *); /* Definition from MIT krb5-1.3.3 k5-int.h */ /* kouril: use the _internal suffix in order to avoid conflicts with * the definition in krb5.h */ struct krb5_rc_st_internal { krb5_magic magic; const struct _krb5_rc_ops_internal *ops; krb5_pointer data; }; typedef struct krb5_rc_st_internal *krb5_rcache_internal; /* Definitions from MIT krb5-1.3.3 gssapiP_krb5.h */ typedef struct _krb5_gss_cred_id_rec { /* name/type of credential */ gss_cred_usage_t usage; krb5_principal princ; /* this is not interned as a gss_name_t */ int prerfc_mech; int rfc_mech; /* keytab (accept) data */ krb5_keytab keytab; krb5_rcache_internal rcache; /* ccache (init) data */ krb5_ccache ccache; krb5_timestamp tgt_expire; } krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; #endif /* _MIT_INTERNALS_H_ */ mod_auth_kerb-5.4/src/.#mod_auth_kerb.c.1.1470000644000000000000000000015442311115245564017230 0ustar rootroot/* * Daniel Kouril * * Source and Documentation can be found at: * http://modauthkerb.sourceforge.net/ * * Based on work by * James E. Robinson, III * Daniel Henninger * Ludek Sulak */ /* * Copyright (c) 2004-2006 Masarykova universita * (Masaryk University, Brno, Czech Republic) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the University nor the names of its contributors may * be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ident "$Id: mod_auth_kerb.c,v 1.147 2008/12/02 14:49:13 baalberith Exp $" #include "config.h" #include #include #include #define MODAUTHKERB_VERSION "5.3" #define MECH_NEGOTIATE "Negotiate" #define SERVICE_NAME "HTTP" #include #include #include #include #include #include #ifdef STANDARD20_MODULE_STUFF #include #include #else #define apr_pstrdup ap_pstrdup #define apr_psprintf ap_psprintf #define apr_pstrcat ap_pstrcat #define apr_pcalloc ap_pcalloc #define apr_table_setn ap_table_setn #define apr_table_add ap_table_add #define apr_base64_decode_len ap_base64decode_len #define apr_base64_decode ap_base64decode #define apr_base64_encode_len ap_base64encode_len #define apr_base64_encode ap_base64encode #define apr_pool_cleanup_null ap_null_cleanup #define apr_pool_cleanup_register ap_register_cleanup #endif /* STANDARD20_MODULE_STUFF */ #ifdef _WIN32 #define vsnprintf _vsnprintf #define snprintf _snprintf #endif #ifdef KRB5 #include #ifdef HEIMDAL # include #else # include # include # include # define GSS_C_NT_USER_NAME gss_nt_user_name # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name # define GSS_KRB5_NT_PRINCIPAL_NAME gss_nt_krb5_name # define krb5_get_err_text(context,code) error_message(code) #endif #ifndef GSSAPI_SUPPORTS_SPNEGO # include "spnegokrb5.h" #endif #endif /* KRB5 */ #ifdef KRB4 /* Prevent warning about closesocket redefinition (Apache's ap_config.h and * MIT Kerberos' port-sockets.h both define it as close) */ #ifdef closesocket # undef closesocket #endif #include #include /* gethostbyname() */ #endif /* KRB4 */ #if HAVE_UNISTD_H #include #endif #ifndef KRB5_LIB_FUNCTION # if defined(_WIN32) # define KRB5_LIB_FUNCTION _stdcall # else # define KRB5_LIB_FUNCTION # endif #endif #ifdef STANDARD20_MODULE_STUFF module AP_MODULE_DECLARE_DATA auth_kerb_module; #else module auth_kerb_module; #endif /*************************************************************************** Macros To Ease Compatibility ***************************************************************************/ #ifdef STANDARD20_MODULE_STUFF #define MK_POOL apr_pool_t #define MK_TABLE_GET apr_table_get #define MK_USER r->user #define MK_AUTH_TYPE r->ap_auth_type #else #define MK_POOL pool #define MK_TABLE_GET ap_table_get #define MK_USER r->connection->user #define MK_AUTH_TYPE r->connection->ap_auth_type #define PROXYREQ_PROXY STD_PROXY #endif /*************************************************************************** Auth Configuration Structure ***************************************************************************/ typedef struct { char *krb_auth_realms; int krb_save_credentials; int krb_verify_kdc; const char *krb_service_name; int krb_authoritative; int krb_delegate_basic; #if 0 int krb_ssl_preauthentication; #endif #ifdef KRB5 char *krb_5_keytab; int krb_method_gssapi; int krb_method_k5pass; int krb5_do_auth_to_local; #endif #ifdef KRB4 char *krb_4_srvtab; int krb_method_k4pass; #endif } kerb_auth_config; typedef struct krb5_conn_data { char *authline; char *user; char *mech; int last_return; } krb5_conn_data; static void set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf, int use_krb4, int use_krb5pwd, char *negotiate_ret_value); static const char* krb5_save_realms(cmd_parms *cmd, void *sec, const char *arg); #ifdef STANDARD20_MODULE_STUFF #define command(name, func, var, type, usage) \ AP_INIT_ ## type (name, (void*) func, \ (void*)APR_OFFSETOF(kerb_auth_config, var), \ OR_AUTHCFG | RSRC_CONF, usage) #else #define command(name, func, var, type, usage) \ { name, func, \ (void*)XtOffsetOf(kerb_auth_config, var), \ OR_AUTHCFG | RSRC_CONF, type, usage } #endif static const command_rec kerb_auth_cmds[] = { command("KrbAuthRealms", krb5_save_realms, krb_auth_realms, RAW_ARGS, "Realms to attempt authentication against (can be multiple)."), command("KrbAuthRealm", krb5_save_realms, krb_auth_realms, RAW_ARGS, "Alias for KrbAuthRealms."), command("KrbSaveCredentials", ap_set_flag_slot, krb_save_credentials, FLAG, "Save and store credentials/tickets retrieved during auth."), command("KrbVerifyKDC", ap_set_flag_slot, krb_verify_kdc, FLAG, "Verify tickets against keytab to prevent KDC spoofing attacks."), command("KrbServiceName", ap_set_string_slot, krb_service_name, TAKE1, "Full or partial service name to be used by Apache for authentication."), command("KrbAuthoritative", ap_set_flag_slot, krb_authoritative, FLAG, "Set to 'off' to allow access control to be passed along to lower modules iff the UserID is not known to this module."), command("KrbDelegateBasic", ap_set_flag_slot, krb_delegate_basic, FLAG, "Always offer Basic authentication regardless of KrbMethodK5Pass and pass on authentication to lower modules if Basic headers arrive."), #if 0 command("KrbEnableSSLPreauthentication", ap_set_flag_slot, krb_ssl_preauthentication, FLAG, "Don't do Kerberos authentication if the user is already authenticated using SSL and her client certificate."), #endif #ifdef KRB5 command("Krb5Keytab", ap_set_file_slot, krb_5_keytab, TAKE1, "Location of Kerberos V5 keytab file."), command("KrbMethodNegotiate", ap_set_flag_slot, krb_method_gssapi, FLAG, "Enable Negotiate authentication method."), command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass, FLAG, "Enable Kerberos V5 password authentication."), command("KrbLocalUserMapping", ap_set_flag_slot, krb5_do_auth_to_local, FLAG, "Set to 'on' to have Kerberos do auth_to_local mapping of principal names to system user names."), #endif #ifdef KRB4 command("Krb4Srvtab", ap_set_file_slot, krb_4_srvtab, TAKE1, "Location of Kerberos V4 srvtab file."), command("KrbMethodK4Passwd", ap_set_flag_slot, krb_method_k4pass, FLAG, "Enable Kerberos V4 password authentication."), #endif { NULL } }; #ifdef _WIN32 int mkstemp(char *template) { int start, i; pid_t val; val = getpid(); start = strlen(template) - 1; while(template[start] == 'X') { template[start] = '0' + val % 10; val /= 10; start--; } do{ int fd; fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); if(fd >= 0 || errno != EEXIST) return fd; i = start + 1; do{ if(template[i] == 0) return -1; template[i]++; if(template[i] == '9' + 1) template[i] = 'a'; if(template[i] <= 'z') break; template[i] = 'a'; i++; }while(1); }while(1); } #endif #if defined(KRB5) && !defined(HEIMDAL) /* Needed to work around problems with replay caches */ #include "mit-internals.h" /* This is our replacement krb5_rc_store function */ static krb5_error_code KRB5_LIB_FUNCTION mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache, krb5_donot_replay_internal *donot_replay) { return 0; } /* And this is the operations vector for our replay cache */ const krb5_rc_ops_internal mod_auth_kerb_rc_ops = { 0, "dfl", krb5_rc_dfl_init, krb5_rc_dfl_recover, krb5_rc_dfl_destroy, krb5_rc_dfl_close, mod_auth_kerb_rc_store, krb5_rc_dfl_expunge, krb5_rc_dfl_get_span, krb5_rc_dfl_get_name, krb5_rc_dfl_resolve }; #endif /*************************************************************************** Auth Configuration Initialization ***************************************************************************/ static void *kerb_dir_create_config(MK_POOL *p, char *d) { kerb_auth_config *rec; rec = (kerb_auth_config *) apr_pcalloc(p, sizeof(kerb_auth_config)); ((kerb_auth_config *)rec)->krb_verify_kdc = 1; ((kerb_auth_config *)rec)->krb_service_name = NULL; ((kerb_auth_config *)rec)->krb_authoritative = 1; ((kerb_auth_config *)rec)->krb_delegate_basic = 0; #if 0 ((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0; #endif #ifdef KRB5 ((kerb_auth_config *)rec)->krb5_do_auth_to_local = 0; ((kerb_auth_config *)rec)->krb_method_k5pass = 1; ((kerb_auth_config *)rec)->krb_method_gssapi = 1; #endif #ifdef KRB4 ((kerb_auth_config *)rec)->krb_method_k4pass = 1; #endif return rec; } static const char* krb5_save_realms(cmd_parms *cmd, void *vsec, const char *arg) { kerb_auth_config *sec = (kerb_auth_config *) vsec; sec->krb_auth_realms= apr_pstrdup(cmd->pool, arg); return NULL; } static void log_rerror(const char *file, int line, int level, int status, const request_rec *r, const char *fmt, ...) { char errstr[1024]; va_list ap; va_start(ap, fmt); vsnprintf(errstr, sizeof(errstr), fmt, ap); va_end(ap); #ifdef STANDARD20_MODULE_STUFF ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); #else ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr); #endif } #ifdef KRB4 /*************************************************************************** Username/Password Validation for Krb4 ***************************************************************************/ static int verify_krb4_user(request_rec *r, const char *name, const char *instance, const char *realm, const char *password, const char *linstance, const char *srvtab, int krb_verify_kdc) { int ret; char *phost; unsigned long addr; struct hostent *hp; const char *hostname; KTEXT_ST ticket; AUTH_DAT authdata; char lrealm[REALM_SZ]; ret = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, DEFAULT_TKT_LIFE, password); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot get krb4 ticket: krb_get_pw_in_tkt() failed: %s", krb_get_err_text(ret)); return ret; } if (!krb_verify_kdc) return ret; hostname = ap_get_server_name(r); hp = gethostbyname(hostname); if (hp == NULL) { dest_tkt(); log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot verify krb4 ticket: gethostbyname() failed: %s", hstrerror(h_errno)); return h_errno; } memcpy(&addr, hp->h_addr, sizeof(addr)); phost = krb_get_phost((char *)hostname); krb_get_lrealm(lrealm, 1); ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot verify krb4 ticket: krb_mk_req() failed: %s", krb_get_err_text(ret)); dest_tkt(); return ret; } ret = krb_rd_req(&ticket, (char *)linstance, phost, addr, &authdata, (char *)srvtab); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot verify krb4 ticket: krb_rd_req() failed: %s", krb_get_err_text(ret)); dest_tkt(); } return ret; } static int krb4_cache_cleanup(void *data) { char *tkt_file = (char *) data; krb_set_tkt_string(tkt_file); dest_tkt(); return OK; } static int authenticate_user_krb4pwd(request_rec *r, kerb_auth_config *conf, const char *auth_line) { int ret; const char *sent_pw; const char *sent_name; char *sent_instance; char tkt_file[32]; char *tkt_file_p = NULL; int fd; const char *realms; const char *realm; char *user; char lrealm[REALM_SZ]; int all_principals_unkown; sent_pw = ap_pbase64decode(r->pool, auth_line); sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':'); sent_instance = strchr(sent_name, '.'); if (sent_instance) *sent_instance++ = '\0'; snprintf(tkt_file, sizeof(tkt_file), "/tmp/apache_tkt_XXXXXX"); fd = mkstemp(tkt_file); if (fd < 0) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot create krb4 ccache: mkstemp() failed: %s", strerror(errno)); return HTTP_INTERNAL_SERVER_ERROR; } tkt_file_p = apr_pstrdup(r->pool, tkt_file); apr_pool_cleanup_register(r->pool, tkt_file_p, krb4_cache_cleanup, apr_pool_cleanup_null); krb_set_tkt_string(tkt_file); all_principals_unkown = 1; realms = conf->krb_auth_realms; do { memset(lrealm, 0, sizeof(lrealm)); realm = NULL; if (realms) realm = ap_getword_white(r->pool, &realms); if (realm == NULL) { ret = krb_get_lrealm(lrealm, 1); if (ret) break; realm = lrealm; } /* XXX conf->krb_service_name */ ret = verify_krb4_user(r, (char *)sent_name, (sent_instance) ? sent_instance : "", (char *)realm, (char *)sent_pw, conf->krb_service_name, conf->krb_4_srvtab, conf->krb_verify_kdc); if (!conf->krb_authoritative && ret) { /* if we're not authoritative, we allow authentication to pass on * to another modules if (and only if) the user is not known to us */ if (all_principals_unkown && ret != KDC_PR_UNKNOWN) all_principals_unkown = 0; } if (ret == 0) break; } while (realms && *realms); if (ret) { /* XXX log only in the verify_krb4_user() call */ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Verifying krb4 password failed"); ret = (!conf->krb_authoritative && all_principals_unkown == 1 && ret == KDC_PR_UNKNOWN) ? DECLINED : HTTP_UNAUTHORIZED; goto end; } user = apr_pstrdup(r->pool, sent_name); if (sent_instance) user = apr_pstrcat(r->pool, user, ".", sent_instance, NULL); user = apr_pstrcat(r->pool, user, "@", realm, NULL); MK_USER = user; MK_AUTH_TYPE = "Basic"; apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p); if (!conf->krb_save_credentials) krb4_cache_cleanup(tkt_file); end: if (ret) krb4_cache_cleanup(tkt_file); close(fd); tf_close(); return ret; } #endif /* KRB4 */ #ifdef KRB5 /*************************************************************************** Username/Password Validation for Krb5 ***************************************************************************/ /* MIT kerberos uses replay cache checks even during credential verification * (i.e. in krb5_verify_init_creds()), which is obviosuly useless. In order to * avoid problems with multiple apache processes accessing the same rcache file * we had to use this call instead, which is only a bit modified version of * krb5_verify_init_creds() */ static krb5_error_code verify_krb5_init_creds(request_rec *r, krb5_context context, krb5_creds *creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab) { krb5_error_code ret; krb5_data req; krb5_ccache local_ccache = NULL; krb5_creds *new_creds = NULL; krb5_auth_context auth_context = NULL; krb5_keytab keytab = NULL; char *server_name; memset(&req, 0, sizeof(req)); if (ap_req_keytab == NULL) { ret = krb5_kt_default (context, &keytab); if (ret) return ret; } else keytab = ap_req_keytab; #ifdef HAVE_KRB5_CC_NEW_UNIQUE ret = krb5_cc_new_unique(context, "MEMORY", NULL, &local_ccache); #else ret = krb5_cc_resolve(context, "MEMORY:", &local_ccache); #endif if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_cc_resolve() failed when verifying KDC"); return ret; } ret = krb5_cc_initialize(context, local_ccache, creds->client); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_cc_initialize() failed when verifying KDC"); goto end; } ret = krb5_cc_store_cred (context, local_ccache, creds); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_cc_initialize() failed when verifying KDC"); goto end; } ret = krb5_unparse_name(context, ap_req_server, &server_name); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_unparse_name() failed when verifying KDC"); goto end; } log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Trying to verify authenticity of KDC using principal %s", server_name); free(server_name); if (!krb5_principal_compare (context, ap_req_server, creds->server)) { krb5_creds match_cred; memset (&match_cred, 0, sizeof(match_cred)); match_cred.client = creds->client; match_cred.server = ap_req_server; ret = krb5_get_credentials (context, 0, local_ccache, &match_cred, &new_creds); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_get_credentials() failed when verifying KDC"); goto end; } creds = new_creds; } ret = krb5_mk_req_extended (context, &auth_context, 0, NULL, creds, &req); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_mk_req_extended() failed when verifying KDC"); goto end; } krb5_auth_con_free (context, auth_context); auth_context = NULL; ret = krb5_auth_con_init(context, &auth_context); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_auth_con_init() failed when verifying KDC"); goto end; } /* use KRB5_AUTH_CONTEXT_DO_SEQUENCE to skip replay cache checks */ krb5_auth_con_setflags(context, auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE); ret = krb5_rd_req (context, &auth_context, &req, ap_req_server, keytab, 0, NULL); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_rd_req() failed when verifying KDC"); goto end; } end: #ifdef HEIMDAL /* XXX Do I ever want to support Heimdal 0.4 ??? */ krb5_data_free(&req); #else krb5_free_data_contents(context, &req); #endif if (auth_context) krb5_auth_con_free (context, auth_context); if (new_creds) krb5_free_creds (context, new_creds); if (ap_req_keytab == NULL && keytab) krb5_kt_close (context, keytab); if (local_ccache) krb5_cc_destroy (context, local_ccache); return ret; } /* Inspired by krb5_verify_user from Heimdal */ static krb5_error_code verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal, const char *password, krb5_principal server, krb5_keytab keytab, int krb_verify_kdc, char *krb_service_name, krb5_ccache *ccache) { krb5_creds creds; krb5_get_init_creds_opt options; krb5_error_code ret; krb5_ccache ret_ccache = NULL; char *name = NULL; krb5_keytab_entry entry; krb5_kt_cursor cursor; /* XXX error messages shouldn't be logged here (and in the while() loop in * authenticate_user_krb5pwd() as weell), in order to avoid confusing log * entries when using multiple realms */ memset(&creds, 0, sizeof(creds)); ret = krb5_unparse_name(context, principal, &name); if (ret == 0) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Trying to get TGT for user %s", name); free(name); } krb5_get_init_creds_opt_init(&options); ret = krb5_get_init_creds_password(context, &creds, principal, (char *)password, NULL, NULL, 0, NULL, &options); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_get_init_creds_password() failed: %s", krb5_get_err_text(context, ret)); goto end; } /* XXX { char *realm; krb5_get_default_realm(context, &realm); log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "trying to verify password using key for %s/%s@%s", service, ap_get_server_name(r), realm); } */ /*if (krb_verify_kdc && (ret = verify_krb5_init_creds(r, context, &creds, server, keytab))) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "failed to verify krb5 credentials: %s", krb5_get_err_text(context, ret)); goto end; }*/ if (krb_verify_kdc) { if (krb_service_name && strcmp(krb_service_name,"Any") == 0) { ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(!ret) { while((krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ if ((ret = verify_krb5_init_creds(r, context, &creds, entry.principal, keytab)) == 0) break; } } if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "failed to verify krb5 credentials: %s", krb5_get_err_text(context, ret)); krb5_kt_end_seq_get(context, keytab, &cursor); krb5_kt_close(context, keytab); goto end; } krb5_kt_end_seq_get(context, keytab, &cursor); krb5_kt_close(context, keytab); } else { if ((ret = verify_krb5_init_creds(r, context, &creds, server, keytab))) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "failed to verify krb5 credentials: %s", krb5_get_err_text(context, ret)); goto end; } } } #ifdef HAVE_KRB5_CC_NEW_UNIQUE ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ret_ccache); #else ret = krb5_cc_resolve(context, "MEMORY:", &ret_ccache); #endif if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "generating new memory ccache failed: %s", krb5_get_err_text(context, ret)); goto end; } ret = krb5_cc_initialize(context, ret_ccache, principal); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_cc_initialize() failed: %s", krb5_get_err_text(context, ret)); goto end; } ret = krb5_cc_store_cred(context, ret_ccache, &creds); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_cc_store_cred() failed: %s", krb5_get_err_text(context, ret)); goto end; } *ccache = ret_ccache; ret_ccache = NULL; end: krb5_free_cred_contents(context, &creds); if (ret_ccache) krb5_cc_destroy(context, ret_ccache); return ret; } static int krb5_cache_cleanup(void *data) { krb5_context context; krb5_ccache cache; krb5_error_code problem; char *cache_name = (char *) data; problem = krb5_init_context(&context); if (problem) { /* ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "krb5_init_context() failed"); */ return HTTP_INTERNAL_SERVER_ERROR; } problem = krb5_cc_resolve(context, cache_name, &cache); if (problem) { /* log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "krb5_cc_resolve() failed (%s: %s)", cache_name, krb5_get_err_text(context, problem)); */ return HTTP_INTERNAL_SERVER_ERROR; } krb5_cc_destroy(context, cache); krb5_free_context(context); return OK; } static int create_krb5_ccache(krb5_context kcontext, request_rec *r, kerb_auth_config *conf, krb5_principal princ, krb5_ccache *ccache) { char *ccname; int fd; krb5_error_code problem; int ret; krb5_ccache tmp_ccache = NULL; ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XXXXXX", P_tmpdir); fd = mkstemp(ccname + strlen("FILE:")); if (fd < 0) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "mkstemp() failed: %s", strerror(errno)); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } close(fd); problem = krb5_cc_resolve(kcontext, ccname, &tmp_ccache); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_cc_resolve() failed: %s", krb5_get_err_text(kcontext, problem)); ret = HTTP_INTERNAL_SERVER_ERROR; unlink(ccname); goto end; } problem = krb5_cc_initialize(kcontext, tmp_ccache, princ); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize krb5 ccache %s: krb5_cc_initialize() failed: %s", ccname, krb5_get_err_text(kcontext, problem)); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname); apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup, apr_pool_cleanup_null); *ccache = tmp_ccache; tmp_ccache = NULL; ret = OK; end: if (tmp_ccache) krb5_cc_destroy(kcontext, tmp_ccache); return ret; } static int store_krb5_creds(krb5_context kcontext, request_rec *r, kerb_auth_config *conf, krb5_ccache delegated_cred) { char errstr[1024]; krb5_error_code problem; krb5_principal princ; krb5_ccache ccache; int ret; problem = krb5_cc_get_principal(kcontext, delegated_cred, &princ); if (problem) { snprintf(errstr, sizeof(errstr), "krb5_cc_get_principal() failed: %s", krb5_get_err_text(kcontext, problem)); return HTTP_INTERNAL_SERVER_ERROR; } ret = create_krb5_ccache(kcontext, r, conf, princ, &ccache); if (ret) { krb5_free_principal(kcontext, princ); return ret; } #ifdef HEIMDAL problem = krb5_cc_copy_cache(kcontext, delegated_cred, ccache); #else problem = krb5_cc_copy_creds(kcontext, delegated_cred, ccache); #endif krb5_free_principal(kcontext, princ); if (problem) { snprintf(errstr, sizeof(errstr), "Failed to store credentials: %s", krb5_get_err_text(kcontext, problem)); krb5_cc_destroy(kcontext, ccache); return HTTP_INTERNAL_SERVER_ERROR; } krb5_cc_close(kcontext, ccache); return OK; } static int authenticate_user_krb5pwd(request_rec *r, kerb_auth_config *conf, const char *auth_line) { const char *sent_pw = NULL; const char *sent_name = NULL; const char *realms = NULL; const char *realm = NULL; krb5_context kcontext = NULL; krb5_error_code code; krb5_principal client = NULL; krb5_principal server = NULL; krb5_ccache ccache = NULL; krb5_keytab keytab = NULL; int ret; char *name = NULL; int all_principals_unkown; char *p = NULL; code = krb5_init_context(&kcontext); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize Kerberos5 context (%d)", code); return HTTP_INTERNAL_SERVER_ERROR; } sent_pw = ap_pbase64decode(r->pool, auth_line); sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':'); if (sent_pw == NULL || *sent_pw == '\0') { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "empty passwords are not accepted"); ret = HTTP_UNAUTHORIZED; goto end; } if (conf->krb_5_keytab) krb5_kt_resolve(kcontext, conf->krb_5_keytab, &keytab); if (conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL) ret = krb5_parse_name (kcontext, conf->krb_service_name, &server); else ret = krb5_sname_to_principal(kcontext, ap_get_server_name(r), (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, KRB5_NT_SRV_HST, &server); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error parsing server name (%s): %s", (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, krb5_get_err_text(kcontext, ret)); ret = HTTP_UNAUTHORIZED; goto end; } code = krb5_unparse_name(kcontext, server, &name); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_unparse_name() failed: %s", krb5_get_err_text(kcontext, code)); ret = HTTP_UNAUTHORIZED; goto end; } log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Using %s as server principal for password verification", name); free(name); name = NULL; p = strchr(sent_name, '@'); if (p) { *p++ = '\0'; if (conf->krb_auth_realms && !ap_find_token(r->pool, conf->krb_auth_realms, p)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Specified realm `%s' not allowed by configuration", p); ret = HTTP_UNAUTHORIZED; goto end; } } realms = (p) ? p : conf->krb_auth_realms; all_principals_unkown = 1; do { name = (char *) sent_name; if (realms && (realm = ap_getword_white(r->pool, &realms))) name = apr_psprintf(r->pool, "%s@%s", sent_name, realm); if (client) { krb5_free_principal(kcontext, client); client = NULL; } code = krb5_parse_name(kcontext, name, &client); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_parse_name() failed: %s", krb5_get_err_text(kcontext, code)); continue; } code = verify_krb5_user(r, kcontext, client, sent_pw, server, keytab, conf->krb_verify_kdc, conf->krb_service_name, &ccache); if (!conf->krb_authoritative && code) { /* if we're not authoritative, we allow authentication to pass on * to another modules if (and only if) the user is not known to us */ if (all_principals_unkown && code != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) all_principals_unkown = 0; } if (code == 0) break; /* ap_getword_white() used above shifts the parameter, so it's not needed to touch the realms variable */ } while (realms && *realms); memset((char *)sent_pw, 0, strlen(sent_pw)); if (code) { if (!conf->krb_authoritative && all_principals_unkown == 1 && code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) ret = DECLINED; else ret = HTTP_UNAUTHORIZED; goto end; } code = krb5_unparse_name(kcontext, client, &name); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_unparse_name() failed: %s", krb5_get_err_text(kcontext, code)); ret = HTTP_UNAUTHORIZED; goto end; } MK_USER = apr_pstrdup (r->pool, name); MK_AUTH_TYPE = "Basic"; free(name); if (conf->krb_save_credentials) store_krb5_creds(kcontext, r, conf, ccache); ret = OK; end: log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "kerb_authenticate_user_krb5pwd ret=%d user=%s authtype=%s", ret, (MK_USER)?MK_USER:"(NULL)", (MK_AUTH_TYPE)?MK_AUTH_TYPE:"(NULL)"); if (client) krb5_free_principal(kcontext, client); if (server) krb5_free_principal(kcontext, server); if (ccache) krb5_cc_destroy(kcontext, ccache); if (keytab) krb5_kt_close(kcontext, keytab); krb5_free_context(kcontext); return ret; } /********************************************************************* * GSSAPI Authentication ********************************************************************/ static const char * get_gss_error(request_rec *r, OM_uint32 err_maj, OM_uint32 err_min, char *prefix) { OM_uint32 maj_stat, min_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string; char *err_msg; log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "GSS-API major_status:%8.8x, minor_status:%8.8x", err_maj, err_min); err_msg = apr_pstrdup(r->pool, prefix); do { maj_stat = gss_display_status (&min_stat, err_maj, GSS_C_GSS_CODE, GSS_C_NO_OID, &msg_ctx, &status_string); if (!GSS_ERROR(maj_stat)) { err_msg = apr_pstrcat(r->pool, err_msg, ": ", (char*) status_string.value, NULL); gss_release_buffer(&min_stat, &status_string); } } while (!GSS_ERROR(maj_stat) && msg_ctx != 0); msg_ctx = 0; err_msg = apr_pstrcat(r->pool, err_msg, " (", NULL); do { maj_stat = gss_display_status (&min_stat, err_min, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); if (!GSS_ERROR(maj_stat)) { err_msg = apr_pstrcat(r->pool, err_msg, ", ", (char *) status_string.value, NULL); gss_release_buffer(&min_stat, &status_string); } } while (!GSS_ERROR(maj_stat) && msg_ctx != 0); err_msg = apr_pstrcat(r->pool, err_msg, ")", NULL); return err_msg; } static int store_gss_creds(request_rec *r, kerb_auth_config *conf, char *princ_name, gss_cred_id_t delegated_cred) { OM_uint32 maj_stat, min_stat; krb5_principal princ = NULL; krb5_ccache ccache = NULL; krb5_error_code problem; krb5_context context; int ret = HTTP_INTERNAL_SERVER_ERROR; problem = krb5_init_context(&context); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize krb5 context"); return HTTP_INTERNAL_SERVER_ERROR; } problem = krb5_parse_name(context, princ_name, &princ); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot parse delegated username (%s)", krb5_get_err_text(context, problem)); goto end; } problem = create_krb5_ccache(context, r, conf, princ, &ccache); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot create krb5 ccache (%s)", krb5_get_err_text(context, problem)); goto end; } maj_stat = gss_krb5_copy_ccache(&min_stat, delegated_cred, ccache); if (GSS_ERROR(maj_stat)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot store delegated credential (%s)", get_gss_error(r, maj_stat, min_stat, "gss_krb5_copy_ccache")); goto end; } krb5_cc_close(context, ccache); ccache = NULL; ret = 0; end: if (princ) krb5_free_principal(context, princ); if (ccache) krb5_cc_destroy(context, ccache); krb5_free_context(context); return ret; } static int get_gss_creds(request_rec *r, kerb_auth_config *conf, gss_cred_id_t *server_creds) { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; OM_uint32 major_status, minor_status, minor_status2; gss_name_t server_name = GSS_C_NO_NAME; char buf[1024]; int have_server_princ; have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL; if (have_server_princ) strncpy(buf, conf->krb_service_name, sizeof(buf)); else if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) { *server_creds = GSS_C_NO_CREDENTIAL; return 0; } else snprintf(buf, sizeof(buf), "%s@%s", (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, ap_get_server_name(r)); token.value = buf; token.length = strlen(buf) + 1; major_status = gss_import_name(&minor_status, &token, (have_server_princ) ? GSS_KRB5_NT_PRINCIPAL_NAME : GSS_C_NT_HOSTBASED_SERVICE, &server_name); memset(&token, 0, sizeof(token)); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_import_name() failed")); return HTTP_INTERNAL_SERVER_ERROR; } major_status = gss_display_name(&minor_status, server_name, &token, NULL); if (GSS_ERROR(major_status)) { /* Perhaps we could just ignore this error but it's safer to give up now, I think */ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_display_name() failed")); return HTTP_INTERNAL_SERVER_ERROR; } log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s", token.value); gss_release_buffer(&minor_status, &token); major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL); gss_release_name(&minor_status2, &server_name); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_acquire_cred() failed")); return HTTP_INTERNAL_SERVER_ERROR; } #ifndef HEIMDAL /* * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to * the replay cache. * This allows us to override the replay cache function vector with * our own one. * Note that this is a dirty hack to get things working and there may * well be unknown side-effects. */ { krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds; /* First we try to verify we are linked with 1.3.x to prevent from crashing when linked with 1.4.x */ if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) { if (gss_creds->rcache && gss_creds->rcache->ops && gss_creds->rcache->ops->type && memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0) /* Override the rcache operations */ gss_creds->rcache->ops = &mod_auth_kerb_rc_ops; } } #endif return 0; } static int cmp_gss_type(gss_buffer_t token, gss_OID oid) { unsigned char *p; size_t len; if (token->length == 0) return GSS_S_DEFECTIVE_TOKEN; p = token->value; if (*p++ != 0x60) return GSS_S_DEFECTIVE_TOKEN; len = *p++; if (len & 0x80) { if ((len & 0x7f) > 4) return GSS_S_DEFECTIVE_TOKEN; p += len & 0x7f; } if (*p++ != 0x06) return GSS_S_DEFECTIVE_TOKEN; if (((OM_uint32) *p++) != oid->length) return GSS_S_DEFECTIVE_TOKEN; return memcmp(p, oid->elements, oid->length); } static int authenticate_user_gss(request_rec *r, kerb_auth_config *conf, const char *auth_line, char **negotiate_ret_value) { OM_uint32 major_status, minor_status, minor_status2; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; const char *auth_param = NULL; int ret; gss_name_t client_name = GSS_C_NO_NAME; gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL; OM_uint32 (KRB5_LIB_FUNCTION *accept_sec_token) (OM_uint32 *, gss_ctx_id_t *, const gss_cred_id_t, const gss_buffer_t, const gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *); gss_OID_desc spnego_oid; gss_ctx_id_t context = GSS_C_NO_CONTEXT; gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL; OM_uint32 ret_flags = 0; *negotiate_ret_value = "\0"; spnego_oid.length = 6; spnego_oid.elements = (void *)"\x2b\x06\x01\x05\x05\x02"; if (conf->krb_5_keytab) { char *ktname; /* we don't use the ap_* calls here, since the string passed to putenv() * will become part of the enviroment and shouldn't be free()ed by apache */ ktname = malloc(strlen("KRB5_KTNAME=") + strlen(conf->krb_5_keytab) + 1); if (ktname == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "malloc() failed: not enough memory"); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } sprintf(ktname, "KRB5_KTNAME=%s", conf->krb_5_keytab); putenv(ktname); #ifdef HEIMDAL /* Seems to be also supported by latest MIT */ gsskrb5_register_acceptor_identity(conf->krb_5_keytab); #endif } ret = get_gss_creds(r, conf, &server_creds); if (ret) goto end; /* ap_getword() shifts parameter */ auth_param = ap_getword_white(r->pool, &auth_line); if (auth_param == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No Authorization parameter in request from client"); ret = HTTP_UNAUTHORIZED; goto end; } input_token.length = apr_base64_decode_len(auth_param) + 1; input_token.value = apr_pcalloc(r->connection->pool, input_token.length); if (input_token.value == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "ap_pcalloc() failed (not enough memory)"); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } input_token.length = apr_base64_decode(input_token.value, auth_param); #ifdef GSSAPI_SUPPORTS_SPNEGO accept_sec_token = gss_accept_sec_context; #else accept_sec_token = (cmp_gss_type(&input_token, &spnego_oid) == 0) ? gss_accept_sec_context_spnego : gss_accept_sec_context; #endif log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Verifying client data using %s", (accept_sec_token == gss_accept_sec_context) ? "KRB5 GSS-API" : "SPNEGO GSS-API"); major_status = accept_sec_token(&minor_status, &context, server_creds, &input_token, GSS_C_NO_CHANNEL_BINDINGS, &client_name, NULL, &output_token, &ret_flags, NULL, &delegated_cred); log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Client %s us their credential", (ret_flags & GSS_C_DELEG_FLAG) ? "sent" : "didn't send"); if (output_token.length) { char *token = NULL; size_t len; len = apr_base64_encode_len(output_token.length) + 1; token = apr_pcalloc(r->connection->pool, len + 1); if (token == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "ap_pcalloc() failed (not enough memory)"); ret = HTTP_INTERNAL_SERVER_ERROR; gss_release_buffer(&minor_status2, &output_token); goto end; } apr_base64_encode(token, output_token.value, output_token.length); token[len] = '\0'; *negotiate_ret_value = token; log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "GSS-API token of length %d bytes will be sent back", output_token.length); gss_release_buffer(&minor_status2, &output_token); set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value); } if (GSS_ERROR(major_status)) { if (input_token.length > 7 && memcmp(input_token.value, "NTLMSSP", 7) == 0) log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration."); log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_accept_sec_context() failed")); /* Don't offer the Negotiate method again if call to GSS layer failed */ *negotiate_ret_value = NULL; ret = HTTP_UNAUTHORIZED; goto end; } #if 0 /* This is a _Kerberos_ module so multiple authentication rounds aren't * supported. If we wanted a generic GSS authentication we would have to do * some magic with exporting context etc. */ if (major_status & GSS_S_CONTINUE_NEEDED) { ret = HTTP_UNAUTHORIZED; goto end; } #endif major_status = gss_display_name(&minor_status, client_name, &output_token, NULL); gss_release_name(&minor_status, &client_name); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_display_name() failed")); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } MK_AUTH_TYPE = MECH_NEGOTIATE; MK_USER = apr_pstrdup(r->pool, output_token.value); if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) store_gss_creds(r, conf, (char *)output_token.value, delegated_cred); gss_release_buffer(&minor_status, &output_token); ret = OK; end: if (delegated_cred) gss_release_cred(&minor_status, &delegated_cred); if (output_token.length) gss_release_buffer(&minor_status, &output_token); if (client_name != GSS_C_NO_NAME) gss_release_name(&minor_status, &client_name); if (server_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&minor_status, &server_creds); if (context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER); return ret; } static int do_krb5_an_to_ln(request_rec *r) { krb5_error_code code; int ret = HTTP_INTERNAL_SERVER_ERROR; char *MK_USER_LNAME = NULL; krb5_context kcontext = NULL; krb5_principal client = NULL; code = krb5_init_context(&kcontext); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize Kerberos5 context (%d)", code); goto end; } code = krb5_parse_name(kcontext, MK_USER, &client); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_parse_name() failed: %s", krb5_get_err_text(kcontext, code)); goto end; } MK_USER_LNAME = apr_pcalloc(r->pool, strlen(MK_USER)+1); if (MK_USER_LNAME == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "ap_pcalloc() failed (not enough memory)"); goto end; } code = krb5_aname_to_localname(kcontext, client, strlen(MK_USER), MK_USER_LNAME); if (code) { if (code != KRB5_LNAME_NOTRANS) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_aname_to_localname() failed: %s", krb5_get_err_text(kcontext, code)); } else { log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "krb5_aname_to_localname() found no " "mapping for principal %s", MK_USER); } } else { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "kerb_authenticate_a_name_to_local_name %s -> %s", (MK_USER)?MK_USER:"(NULL)", (MK_USER_LNAME)?MK_USER_LNAME:"(NULL)"); MK_USER = apr_pstrdup(r->pool, MK_USER_LNAME); ret = OK; } end: if (client) krb5_free_principal(kcontext, client); if (kcontext) krb5_free_context(kcontext); return ret; } #endif /* KRB5 */ static krb5_conn_data * already_succeeded(request_rec *r, char *auth_line) { krb5_conn_data *conn_data; const char keyname[1024]; snprintf(keyname, sizeof(keyname) - 1, "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, r->connection->id); if (apr_pool_userdata_get(&conn_data, keyname, r->connection->pool) != 0) return NULL; if(conn_data) { if(strcmp(conn_data->authline, auth_line) == 0) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request"); return conn_data; } } return NULL; } static void set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf, int use_krb4, int use_krb5pwd, char *negotiate_ret_value) { const char *auth_name = NULL; int set_basic = 0; char *negoauth_param; const char *header_name = (r->proxyreq == PROXYREQ_PROXY) ? "Proxy-Authenticate" : "WWW-Authenticate"; /* get the user realm specified in .htaccess */ auth_name = ap_auth_name(r); /* XXX should the WWW-Authenticate header be cleared first? * apache in the proxy mode should retain client's authN headers? */ #ifdef KRB5 if (negotiate_ret_value != NULL && conf->krb_method_gssapi) { negoauth_param = (*negotiate_ret_value == '\0') ? MECH_NEGOTIATE : apr_pstrcat(r->pool, MECH_NEGOTIATE " ", negotiate_ret_value, NULL); apr_table_add(r->err_headers_out, header_name, negoauth_param); } if ((use_krb5pwd && conf->krb_method_k5pass) || conf->krb_delegate_basic) { apr_table_add(r->err_headers_out, header_name, apr_pstrcat(r->pool, "Basic realm=\"", auth_name, "\"", NULL)); set_basic = 1; } #endif #ifdef KRB4 if (!set_basic && ((use_krb4 && conf->krb_method_k4pass) || conf->krb_delegate_basic)) apr_table_add(r->err_headers_out, header_name, apr_pstrcat(r->pool, "Basic realm=\"", auth_name, "\"", NULL)); #endif } static int kerb_authenticate_user(request_rec *r) { kerb_auth_config *conf = (kerb_auth_config *) ap_get_module_config(r->per_dir_config, &auth_kerb_module); krb5_conn_data *prevauth = NULL; const char *auth_type = NULL; const char *auth_line = NULL; const char *type = NULL; int use_krb5 = 0, use_krb4 = 0; int ret; static int last_return = HTTP_UNAUTHORIZED; char *negotiate_ret_value = NULL; char keyname[1024]; /* get the type specified in .htaccess */ type = ap_auth_type(r); log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "kerb_authenticate_user entered with user %s and auth_type %s", (MK_USER)?MK_USER:"(NULL)",type?type:"(NULL)"); if (type && strcasecmp(type, "Kerberos") == 0) use_krb5 = use_krb4 = 1; else if(type && strcasecmp(type, "KerberosV5") == 0) use_krb5 = 1; else if(type && strcasecmp(type, "KerberosV4") == 0) use_krb4 = 1; else return DECLINED; #if 0 if (conf->krb_ssl_preauthentication) { const char *ssl_client_verify = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_VERIFY"); if (ssl_client_verify && strcmp(ssl_client_verify, "SUCCESS") == 0) return OK; } #endif /* get what the user sent us in the HTTP header */ auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY) ? "Proxy-Authorization" : "Authorization"); if (!auth_line) { set_kerb_auth_headers(r, conf, use_krb4, use_krb5, (use_krb5) ? "\0" : NULL); return HTTP_UNAUTHORIZED; } auth_type = ap_getword_white(r->pool, &auth_line); /* If we are delegating Basic to other modules, DECLINE the request */ if (conf->krb_delegate_basic && #ifdef KRB5 !conf->krb_method_k5pass && #endif #ifdef KRB4 !conf->krb_method_k4pass && #endif (strcasecmp(auth_type, "Basic") == 0)) return DECLINED; if ( (prevauth = already_succeeded(r, auth_line)) == NULL) { ret = HTTP_UNAUTHORIZED; #ifdef KRB5 if (use_krb5 && conf->krb_method_gssapi && strcasecmp(auth_type, MECH_NEGOTIATE) == 0) { ret = authenticate_user_gss(r, conf, auth_line, &negotiate_ret_value); } else if (use_krb5 && conf->krb_method_k5pass && strcasecmp(auth_type, "Basic") == 0) { ret = authenticate_user_krb5pwd(r, conf, auth_line); } #endif #ifdef KRB4 if (ret == HTTP_UNAUTHORIZED && use_krb4 && conf->krb_method_k4pass && strcasecmp(auth_type, "Basic") == 0) ret = authenticate_user_krb4pwd(r, conf, auth_line); #endif if (ret == HTTP_UNAUTHORIZED) set_kerb_auth_headers(r, conf, use_krb4, use_krb5, negotiate_ret_value); } else { ret = prevauth->last_return; MK_USER = prevauth->user; MK_AUTH_TYPE = prevauth->mech; } /* * save who was auth'd, if it's not already stashed. */ if(!prevauth) { prevauth = (krb5_conn_data *) apr_pcalloc(r->connection->pool, sizeof(krb5_conn_data)); prevauth->user = apr_pstrdup(r->connection->pool, MK_USER); prevauth->authline = apr_pstrdup(r->connection->pool, auth_line); prevauth->mech = apr_pstrdup(r->connection->pool, auth_type); prevauth->last_return = ret; snprintf(keyname, sizeof(keyname) - 1, "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, r->connection->id); apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool); } if (ret == OK && conf->krb5_do_auth_to_local) ret = do_krb5_an_to_ln(r); /* XXX log_debug: if ret==OK, log(user XY authenticated) */ last_return = ret; return ret; } int have_rcache_type(const char *type) { krb5_error_code ret; krb5_context context; krb5_rcache id = NULL; int found; ret = krb5_init_context(&context); if (ret) return 0; ret = krb5_rc_resolve_full(context, &id, "none:"); found = (ret == 0); if (ret == 0) krb5_rc_destroy(context, id); krb5_free_context(context); return found; } /*************************************************************************** Module Setup/Configuration ***************************************************************************/ #ifndef STANDARD20_MODULE_STUFF static void kerb_module_init(server_rec *dummy, pool *p) { #ifndef HEIMDAL /* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. 1.3.x are covered by the hack overiding the replay calls */ if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) putenv(strdup("KRB5RCACHETYPE=none")); #endif } module MODULE_VAR_EXPORT auth_kerb_module = { STANDARD_MODULE_STUFF, kerb_module_init, /* module initializer */ kerb_dir_create_config, /* per-directory config creator */ NULL, /* per-directory config merger */ NULL, /* per-server config creator */ NULL, /* per-server config merger */ kerb_auth_cmds, /* command table */ NULL, /* [ 9] content handlers */ NULL, /* [ 2] URI-to-filename translation */ kerb_authenticate_user, /* [ 5] check/validate user_id */ NULL, /* [ 6] check user_id is valid *here* */ NULL, /* [ 4] check access by host address */ NULL, /* [ 7] MIME type checker/setter */ NULL, /* [ 8] fixups */ NULL, /* [10] logger */ NULL, /* [ 3] header parser */ NULL, /* process initialization */ NULL, /* process exit/cleanup */ NULL /* [ 1] post read_request handling */ #ifdef EAPI ,NULL, /* EAPI: add_module */ NULL, /* EAPI: remove_module */ NULL, /* EAPI: rewrite_command */ NULL /* EAPI: new_connection */ #endif }; #else static int kerb_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { ap_add_version_component(p, "mod_auth_kerb/" MODAUTHKERB_VERSION); #ifndef HEIMDAL /* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. 1.3.x are covered by the hack overiding the replay calls */ if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) putenv(strdup("KRB5RCACHETYPE=none")); #endif return OK; } static void kerb_register_hooks(apr_pool_t *p) { ap_hook_post_config(kerb_init_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id(kerb_authenticate_user, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA auth_kerb_module = { STANDARD20_MODULE_STUFF, kerb_dir_create_config, /* create per-dir conf structures */ NULL, /* merge per-dir conf structures */ NULL, /* create per-server conf structures */ NULL, /* merge per-server conf structures */ kerb_auth_cmds, /* table of configuration directives */ kerb_register_hooks /* register hooks */ }; #endif mod_auth_kerb-5.4/src/krbhostname.c0000644000175000000000000000240611113277171016521 0ustar xpristroot#include #include #include #include #include #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 64 #endif int main(int argc, char **argv) { struct addrinfo *ai, hints; char *hostname; char localname[MAXHOSTNAMELEN]; char hnamebuf[NI_MAXHOST]; if(gethostname(localname, MAXHOSTNAMELEN)) { return 1; } printf("gethostname() returns \"%s\"\n", localname); if(argc == 2) { hostname = argv[1]; } else { hostname = localname; } printf("Using \"%s\" as service host name\n", hostname); memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; if(getaddrinfo(hostname, NULL, &hints, &ai)) { printf("getaddrinfo() failed\n"); return 1; } if(ai->ai_canonname) { hostname = strdup(ai->ai_canonname); printf("Canonical hostname from getaddrinfo() is \"%s\"\n", hostname); } if(getnameinfo(ai->ai_addr, ai->ai_addrlen, hnamebuf, sizeof(hnamebuf), NULL, 0, NI_NAMEREQD)) { printf("getnameinfo() failed\n"); return 1; } printf("Hostname from getnameinfo() is \"%s\"\n", hnamebuf); freeaddrinfo(ai); return 0; } mod_auth_kerb-5.4/src/mod_auth_kerb.c0000644000000000000000000015450311115726553016437 0ustar rootroot/* * Daniel Kouril * * Source and Documentation can be found at: * http://modauthkerb.sourceforge.net/ * * Based on work by * James E. Robinson, III * Daniel Henninger * Ludek Sulak */ /* * Copyright (c) 2004-2006 Masarykova universita * (Masaryk University, Brno, Czech Republic) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the University nor the names of its contributors may * be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #ident "$Id: mod_auth_kerb.c,v 1.150 2008/12/04 10:14:03 baalberith Exp $" #include "config.h" #include #include #include #define MODAUTHKERB_VERSION "5.4" #define MECH_NEGOTIATE "Negotiate" #define SERVICE_NAME "HTTP" #include #include #include #include #include #include #ifdef STANDARD20_MODULE_STUFF #include #include #else #define apr_pstrdup ap_pstrdup #define apr_psprintf ap_psprintf #define apr_pstrcat ap_pstrcat #define apr_pcalloc ap_pcalloc #define apr_table_setn ap_table_setn #define apr_table_add ap_table_add #define apr_base64_decode_len ap_base64decode_len #define apr_base64_decode ap_base64decode #define apr_base64_encode_len ap_base64encode_len #define apr_base64_encode ap_base64encode #define apr_pool_cleanup_null ap_null_cleanup #define apr_pool_cleanup_register ap_register_cleanup #endif /* STANDARD20_MODULE_STUFF */ #ifdef _WIN32 #define vsnprintf _vsnprintf #define snprintf _snprintf #endif #ifdef KRB5 #include #ifdef HEIMDAL # include #else # include # include # include # define GSS_C_NT_USER_NAME gss_nt_user_name # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name # define GSS_KRB5_NT_PRINCIPAL_NAME gss_nt_krb5_name # define krb5_get_err_text(context,code) error_message(code) #endif #ifndef GSSAPI_SUPPORTS_SPNEGO # include "spnegokrb5.h" #endif #endif /* KRB5 */ #ifdef KRB4 /* Prevent warning about closesocket redefinition (Apache's ap_config.h and * MIT Kerberos' port-sockets.h both define it as close) */ #ifdef closesocket # undef closesocket #endif #include #include /* gethostbyname() */ #endif /* KRB4 */ #if HAVE_UNISTD_H #include #endif #ifndef KRB5_LIB_FUNCTION # if defined(_WIN32) # define KRB5_LIB_FUNCTION _stdcall # else # define KRB5_LIB_FUNCTION # endif #endif #ifdef STANDARD20_MODULE_STUFF module AP_MODULE_DECLARE_DATA auth_kerb_module; #else module auth_kerb_module; #endif /*************************************************************************** Macros To Ease Compatibility ***************************************************************************/ #ifdef STANDARD20_MODULE_STUFF #define MK_POOL apr_pool_t #define MK_TABLE_GET apr_table_get #define MK_USER r->user #define MK_AUTH_TYPE r->ap_auth_type #else #define MK_POOL pool #define MK_TABLE_GET ap_table_get #define MK_USER r->connection->user #define MK_AUTH_TYPE r->connection->ap_auth_type #define PROXYREQ_PROXY STD_PROXY #endif /*************************************************************************** Auth Configuration Structure ***************************************************************************/ typedef struct { char *krb_auth_realms; int krb_save_credentials; int krb_verify_kdc; const char *krb_service_name; int krb_authoritative; int krb_delegate_basic; #if 0 int krb_ssl_preauthentication; #endif #ifdef KRB5 char *krb_5_keytab; int krb_method_gssapi; int krb_method_k5pass; int krb5_do_auth_to_local; #endif #ifdef KRB4 char *krb_4_srvtab; int krb_method_k4pass; #endif } kerb_auth_config; typedef struct krb5_conn_data { char *authline; char *user; char *mech; int last_return; } krb5_conn_data; static void set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf, int use_krb4, int use_krb5pwd, char *negotiate_ret_value); static const char* krb5_save_realms(cmd_parms *cmd, void *sec, const char *arg); #ifdef STANDARD20_MODULE_STUFF #define command(name, func, var, type, usage) \ AP_INIT_ ## type (name, (void*) func, \ (void*)APR_OFFSETOF(kerb_auth_config, var), \ OR_AUTHCFG | RSRC_CONF, usage) #else #define command(name, func, var, type, usage) \ { name, func, \ (void*)XtOffsetOf(kerb_auth_config, var), \ OR_AUTHCFG | RSRC_CONF, type, usage } #endif static const command_rec kerb_auth_cmds[] = { command("KrbAuthRealms", krb5_save_realms, krb_auth_realms, RAW_ARGS, "Realms to attempt authentication against (can be multiple)."), command("KrbAuthRealm", krb5_save_realms, krb_auth_realms, RAW_ARGS, "Alias for KrbAuthRealms."), command("KrbSaveCredentials", ap_set_flag_slot, krb_save_credentials, FLAG, "Save and store credentials/tickets retrieved during auth."), command("KrbVerifyKDC", ap_set_flag_slot, krb_verify_kdc, FLAG, "Verify tickets against keytab to prevent KDC spoofing attacks."), command("KrbServiceName", ap_set_string_slot, krb_service_name, TAKE1, "Full or partial service name to be used by Apache for authentication."), command("KrbAuthoritative", ap_set_flag_slot, krb_authoritative, FLAG, "Set to 'off' to allow access control to be passed along to lower modules iff the UserID is not known to this module."), command("KrbDelegateBasic", ap_set_flag_slot, krb_delegate_basic, FLAG, "Always offer Basic authentication regardless of KrbMethodK5Pass and pass on authentication to lower modules if Basic headers arrive."), #if 0 command("KrbEnableSSLPreauthentication", ap_set_flag_slot, krb_ssl_preauthentication, FLAG, "Don't do Kerberos authentication if the user is already authenticated using SSL and her client certificate."), #endif #ifdef KRB5 command("Krb5Keytab", ap_set_file_slot, krb_5_keytab, TAKE1, "Location of Kerberos V5 keytab file."), command("KrbMethodNegotiate", ap_set_flag_slot, krb_method_gssapi, FLAG, "Enable Negotiate authentication method."), command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass, FLAG, "Enable Kerberos V5 password authentication."), command("KrbLocalUserMapping", ap_set_flag_slot, krb5_do_auth_to_local, FLAG, "Set to 'on' to have Kerberos do auth_to_local mapping of principal names to system user names."), #endif #ifdef KRB4 command("Krb4Srvtab", ap_set_file_slot, krb_4_srvtab, TAKE1, "Location of Kerberos V4 srvtab file."), command("KrbMethodK4Passwd", ap_set_flag_slot, krb_method_k4pass, FLAG, "Enable Kerberos V4 password authentication."), #endif { NULL } }; #ifdef _WIN32 int mkstemp(char *template) { int start, i; pid_t val; val = getpid(); start = strlen(template) - 1; while(template[start] == 'X') { template[start] = '0' + val % 10; val /= 10; start--; } do{ int fd; fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); if(fd >= 0 || errno != EEXIST) return fd; i = start + 1; do{ if(template[i] == 0) return -1; template[i]++; if(template[i] == '9' + 1) template[i] = 'a'; if(template[i] <= 'z') break; template[i] = 'a'; i++; }while(1); }while(1); } #endif #if defined(KRB5) && !defined(HEIMDAL) /* Needed to work around problems with replay caches */ #include "mit-internals.h" /* This is our replacement krb5_rc_store function */ static krb5_error_code KRB5_LIB_FUNCTION mod_auth_kerb_rc_store(krb5_context context, krb5_rcache rcache, krb5_donot_replay_internal *donot_replay) { return 0; } /* And this is the operations vector for our replay cache */ const krb5_rc_ops_internal mod_auth_kerb_rc_ops = { 0, "dfl", krb5_rc_dfl_init, krb5_rc_dfl_recover, krb5_rc_dfl_destroy, krb5_rc_dfl_close, mod_auth_kerb_rc_store, krb5_rc_dfl_expunge, krb5_rc_dfl_get_span, krb5_rc_dfl_get_name, krb5_rc_dfl_resolve }; #endif /*************************************************************************** Auth Configuration Initialization ***************************************************************************/ static void *kerb_dir_create_config(MK_POOL *p, char *d) { kerb_auth_config *rec; rec = (kerb_auth_config *) apr_pcalloc(p, sizeof(kerb_auth_config)); ((kerb_auth_config *)rec)->krb_verify_kdc = 1; ((kerb_auth_config *)rec)->krb_service_name = NULL; ((kerb_auth_config *)rec)->krb_authoritative = 1; ((kerb_auth_config *)rec)->krb_delegate_basic = 0; #if 0 ((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0; #endif #ifdef KRB5 ((kerb_auth_config *)rec)->krb5_do_auth_to_local = 0; ((kerb_auth_config *)rec)->krb_method_k5pass = 1; ((kerb_auth_config *)rec)->krb_method_gssapi = 1; #endif #ifdef KRB4 ((kerb_auth_config *)rec)->krb_method_k4pass = 1; #endif return rec; } static const char* krb5_save_realms(cmd_parms *cmd, void *vsec, const char *arg) { kerb_auth_config *sec = (kerb_auth_config *) vsec; sec->krb_auth_realms= apr_pstrdup(cmd->pool, arg); return NULL; } static void log_rerror(const char *file, int line, int level, int status, const request_rec *r, const char *fmt, ...) { char errstr[1024]; va_list ap; va_start(ap, fmt); vsnprintf(errstr, sizeof(errstr), fmt, ap); va_end(ap); #ifdef STANDARD20_MODULE_STUFF ap_log_rerror(file, line, level | APLOG_NOERRNO, status, r, "%s", errstr); #else ap_log_rerror(file, line, level | APLOG_NOERRNO, r, "%s", errstr); #endif } #ifdef KRB4 /*************************************************************************** Username/Password Validation for Krb4 ***************************************************************************/ static int verify_krb4_user(request_rec *r, const char *name, const char *instance, const char *realm, const char *password, const char *linstance, const char *srvtab, int krb_verify_kdc) { int ret; char *phost; unsigned long addr; struct hostent *hp; const char *hostname; KTEXT_ST ticket; AUTH_DAT authdata; char lrealm[REALM_SZ]; ret = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, DEFAULT_TKT_LIFE, password); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot get krb4 ticket: krb_get_pw_in_tkt() failed: %s", krb_get_err_text(ret)); return ret; } if (!krb_verify_kdc) return ret; hostname = ap_get_server_name(r); hp = gethostbyname(hostname); if (hp == NULL) { dest_tkt(); log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot verify krb4 ticket: gethostbyname() failed: %s", hstrerror(h_errno)); return h_errno; } memcpy(&addr, hp->h_addr, sizeof(addr)); phost = krb_get_phost((char *)hostname); krb_get_lrealm(lrealm, 1); ret = krb_mk_req(&ticket, linstance, phost, lrealm, 0); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot verify krb4 ticket: krb_mk_req() failed: %s", krb_get_err_text(ret)); dest_tkt(); return ret; } ret = krb_rd_req(&ticket, (char *)linstance, phost, addr, &authdata, (char *)srvtab); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot verify krb4 ticket: krb_rd_req() failed: %s", krb_get_err_text(ret)); dest_tkt(); } return ret; } static int krb4_cache_cleanup(void *data) { char *tkt_file = (char *) data; krb_set_tkt_string(tkt_file); dest_tkt(); return OK; } static int authenticate_user_krb4pwd(request_rec *r, kerb_auth_config *conf, const char *auth_line) { int ret; char *sent_pw; const char *sent_name; char *sent_instance; char tkt_file[32]; char *tkt_file_p = NULL; int fd; const char *realms; const char *realm; char *user; char lrealm[REALM_SZ]; int all_principals_unkown; sent_pw = ap_pbase64decode(r->pool, auth_line); sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':'); sent_instance = strchr(sent_name, '.'); if (sent_instance) *sent_instance++ = '\0'; snprintf(tkt_file, sizeof(tkt_file), "/tmp/apache_tkt_XXXXXX"); fd = mkstemp(tkt_file); if (fd < 0) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot create krb4 ccache: mkstemp() failed: %s", strerror(errno)); return HTTP_INTERNAL_SERVER_ERROR; } tkt_file_p = apr_pstrdup(r->pool, tkt_file); apr_pool_cleanup_register(r->pool, tkt_file_p, krb4_cache_cleanup, apr_pool_cleanup_null); krb_set_tkt_string(tkt_file); all_principals_unkown = 1; realms = conf->krb_auth_realms; do { memset(lrealm, 0, sizeof(lrealm)); realm = NULL; if (realms) realm = ap_getword_white(r->pool, &realms); if (realm == NULL) { ret = krb_get_lrealm(lrealm, 1); if (ret) break; realm = lrealm; } /* XXX conf->krb_service_name */ ret = verify_krb4_user(r, (char *)sent_name, (sent_instance) ? sent_instance : "", (char *)realm, (char *)sent_pw, conf->krb_service_name, conf->krb_4_srvtab, conf->krb_verify_kdc); if (!conf->krb_authoritative && ret) { /* if we're not authoritative, we allow authentication to pass on * to another modules if (and only if) the user is not known to us */ if (all_principals_unkown && ret != KDC_PR_UNKNOWN) all_principals_unkown = 0; } if (ret == 0) break; } while (realms && *realms); if (ret) { /* XXX log only in the verify_krb4_user() call */ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Verifying krb4 password failed"); ret = (!conf->krb_authoritative && all_principals_unkown == 1 && ret == KDC_PR_UNKNOWN) ? DECLINED : HTTP_UNAUTHORIZED; goto end; } user = apr_pstrdup(r->pool, sent_name); if (sent_instance) user = apr_pstrcat(r->pool, user, ".", sent_instance, NULL); user = apr_pstrcat(r->pool, user, "@", realm, NULL); MK_USER = user; MK_AUTH_TYPE = "Basic"; apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p); if (!conf->krb_save_credentials) krb4_cache_cleanup(tkt_file); end: if (ret) krb4_cache_cleanup(tkt_file); close(fd); tf_close(); return ret; } #endif /* KRB4 */ #ifdef KRB5 /*************************************************************************** Username/Password Validation for Krb5 ***************************************************************************/ /* MIT kerberos uses replay cache checks even during credential verification * (i.e. in krb5_verify_init_creds()), which is obviosuly useless. In order to * avoid problems with multiple apache processes accessing the same rcache file * we had to use this call instead, which is only a bit modified version of * krb5_verify_init_creds() */ static krb5_error_code verify_krb5_init_creds(request_rec *r, krb5_context context, krb5_creds *creds, krb5_principal ap_req_server, krb5_keytab ap_req_keytab) { krb5_error_code ret; krb5_data req; krb5_ccache local_ccache = NULL; krb5_creds *new_creds = NULL; krb5_auth_context auth_context = NULL; krb5_keytab keytab = NULL; char *server_name; memset(&req, 0, sizeof(req)); if (ap_req_keytab == NULL) { ret = krb5_kt_default (context, &keytab); if (ret) return ret; } else keytab = ap_req_keytab; #ifdef HAVE_KRB5_CC_NEW_UNIQUE ret = krb5_cc_new_unique(context, "MEMORY", NULL, &local_ccache); #else ret = krb5_cc_resolve(context, "MEMORY:", &local_ccache); #endif if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_cc_resolve() failed when verifying KDC"); return ret; } ret = krb5_cc_initialize(context, local_ccache, creds->client); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_cc_initialize() failed when verifying KDC"); goto end; } ret = krb5_cc_store_cred (context, local_ccache, creds); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_cc_initialize() failed when verifying KDC"); goto end; } ret = krb5_unparse_name(context, ap_req_server, &server_name); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_unparse_name() failed when verifying KDC"); goto end; } log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Trying to verify authenticity of KDC using principal %s", server_name); free(server_name); if (!krb5_principal_compare (context, ap_req_server, creds->server)) { krb5_creds match_cred; memset (&match_cred, 0, sizeof(match_cred)); match_cred.client = creds->client; match_cred.server = ap_req_server; ret = krb5_get_credentials (context, 0, local_ccache, &match_cred, &new_creds); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_get_credentials() failed when verifying KDC"); goto end; } creds = new_creds; } ret = krb5_mk_req_extended (context, &auth_context, 0, NULL, creds, &req); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_mk_req_extended() failed when verifying KDC"); goto end; } krb5_auth_con_free (context, auth_context); auth_context = NULL; ret = krb5_auth_con_init(context, &auth_context); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_auth_con_init() failed when verifying KDC"); goto end; } /* use KRB5_AUTH_CONTEXT_DO_SEQUENCE to skip replay cache checks */ krb5_auth_con_setflags(context, auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE); ret = krb5_rd_req (context, &auth_context, &req, ap_req_server, keytab, 0, NULL); if (ret) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "krb5_rd_req() failed when verifying KDC"); goto end; } end: #ifdef HEIMDAL /* XXX Do I ever want to support Heimdal 0.4 ??? */ krb5_data_free(&req); #else krb5_free_data_contents(context, &req); #endif if (auth_context) krb5_auth_con_free (context, auth_context); if (new_creds) krb5_free_creds (context, new_creds); if (ap_req_keytab == NULL && keytab) krb5_kt_close (context, keytab); if (local_ccache) krb5_cc_destroy (context, local_ccache); return ret; } /* Inspired by krb5_verify_user from Heimdal */ static krb5_error_code verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal, const char *password, krb5_principal server, krb5_keytab keytab, int krb_verify_kdc, char *krb_service_name, krb5_ccache *ccache) { krb5_creds creds; krb5_get_init_creds_opt options; krb5_error_code ret; krb5_ccache ret_ccache = NULL; char *name = NULL; krb5_keytab_entry entry; krb5_kt_cursor cursor; /* XXX error messages shouldn't be logged here (and in the while() loop in * authenticate_user_krb5pwd() as weell), in order to avoid confusing log * entries when using multiple realms */ memset(&creds, 0, sizeof(creds)); ret = krb5_unparse_name(context, principal, &name); if (ret == 0) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Trying to get TGT for user %s", name); free(name); } krb5_get_init_creds_opt_init(&options); ret = krb5_get_init_creds_password(context, &creds, principal, (char *)password, NULL, NULL, 0, NULL, &options); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_get_init_creds_password() failed: %s", krb5_get_err_text(context, ret)); goto end; } /* XXX { char *realm; krb5_get_default_realm(context, &realm); log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "trying to verify password using key for %s/%s@%s", service, ap_get_server_name(r), realm); } */ /*if (krb_verify_kdc && (ret = verify_krb5_init_creds(r, context, &creds, server, keytab))) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "failed to verify krb5 credentials: %s", krb5_get_err_text(context, ret)); goto end; }*/ if (krb_verify_kdc) { if (krb_service_name && strcmp(krb_service_name,"Any") == 0) { ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(!ret) { while((krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ if ((ret = verify_krb5_init_creds(r, context, &creds, entry.principal, keytab)) == 0) break; } } if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "failed to verify krb5 credentials: %s", krb5_get_err_text(context, ret)); krb5_kt_end_seq_get(context, keytab, &cursor); krb5_kt_close(context, keytab); goto end; } krb5_kt_end_seq_get(context, keytab, &cursor); krb5_kt_close(context, keytab); } else { if ((ret = verify_krb5_init_creds(r, context, &creds, server, keytab))) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "failed to verify krb5 credentials: %s", krb5_get_err_text(context, ret)); goto end; } } } #ifdef HAVE_KRB5_CC_NEW_UNIQUE ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ret_ccache); #else ret = krb5_cc_resolve(context, "MEMORY:", &ret_ccache); #endif if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "generating new memory ccache failed: %s", krb5_get_err_text(context, ret)); goto end; } ret = krb5_cc_initialize(context, ret_ccache, principal); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_cc_initialize() failed: %s", krb5_get_err_text(context, ret)); goto end; } ret = krb5_cc_store_cred(context, ret_ccache, &creds); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_cc_store_cred() failed: %s", krb5_get_err_text(context, ret)); goto end; } *ccache = ret_ccache; ret_ccache = NULL; end: krb5_free_cred_contents(context, &creds); if (ret_ccache) krb5_cc_destroy(context, ret_ccache); return ret; } static int krb5_cache_cleanup(void *data) { krb5_context context; krb5_ccache cache; krb5_error_code problem; char *cache_name = (char *) data; problem = krb5_init_context(&context); if (problem) { /* ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "krb5_init_context() failed"); */ return HTTP_INTERNAL_SERVER_ERROR; } problem = krb5_cc_resolve(context, cache_name, &cache); if (problem) { /* log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "krb5_cc_resolve() failed (%s: %s)", cache_name, krb5_get_err_text(context, problem)); */ return HTTP_INTERNAL_SERVER_ERROR; } krb5_cc_destroy(context, cache); krb5_free_context(context); return OK; } static int create_krb5_ccache(krb5_context kcontext, request_rec *r, kerb_auth_config *conf, krb5_principal princ, krb5_ccache *ccache) { char *ccname; int fd; krb5_error_code problem; int ret; krb5_ccache tmp_ccache = NULL; ccname = apr_psprintf(r->pool, "FILE:%s/krb5cc_apache_XXXXXX", P_tmpdir); fd = mkstemp(ccname + strlen("FILE:")); if (fd < 0) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "mkstemp() failed: %s", strerror(errno)); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } close(fd); problem = krb5_cc_resolve(kcontext, ccname, &tmp_ccache); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_cc_resolve() failed: %s", krb5_get_err_text(kcontext, problem)); ret = HTTP_INTERNAL_SERVER_ERROR; unlink(ccname); goto end; } problem = krb5_cc_initialize(kcontext, tmp_ccache, princ); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize krb5 ccache %s: krb5_cc_initialize() failed: %s", ccname, krb5_get_err_text(kcontext, problem)); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } apr_table_setn(r->subprocess_env, "KRB5CCNAME", ccname); apr_pool_cleanup_register(r->pool, ccname, krb5_cache_cleanup, apr_pool_cleanup_null); *ccache = tmp_ccache; tmp_ccache = NULL; ret = OK; end: if (tmp_ccache) krb5_cc_destroy(kcontext, tmp_ccache); return ret; } static int store_krb5_creds(krb5_context kcontext, request_rec *r, kerb_auth_config *conf, krb5_ccache delegated_cred) { char errstr[1024]; krb5_error_code problem; krb5_principal princ; krb5_ccache ccache; int ret; problem = krb5_cc_get_principal(kcontext, delegated_cred, &princ); if (problem) { snprintf(errstr, sizeof(errstr), "krb5_cc_get_principal() failed: %s", krb5_get_err_text(kcontext, problem)); return HTTP_INTERNAL_SERVER_ERROR; } ret = create_krb5_ccache(kcontext, r, conf, princ, &ccache); if (ret) { krb5_free_principal(kcontext, princ); return ret; } #ifdef HEIMDAL problem = krb5_cc_copy_cache(kcontext, delegated_cred, ccache); #else problem = krb5_cc_copy_creds(kcontext, delegated_cred, ccache); #endif krb5_free_principal(kcontext, princ); if (problem) { snprintf(errstr, sizeof(errstr), "Failed to store credentials: %s", krb5_get_err_text(kcontext, problem)); krb5_cc_destroy(kcontext, ccache); return HTTP_INTERNAL_SERVER_ERROR; } krb5_cc_close(kcontext, ccache); return OK; } static int authenticate_user_krb5pwd(request_rec *r, kerb_auth_config *conf, const char *auth_line) { const char *sent_pw = NULL; const char *sent_name = NULL; const char *realms = NULL; const char *realm = NULL; krb5_context kcontext = NULL; krb5_error_code code; krb5_principal client = NULL; krb5_principal server = NULL; krb5_ccache ccache = NULL; krb5_keytab keytab = NULL; int ret; char *name = NULL; int all_principals_unkown; char *p = NULL; code = krb5_init_context(&kcontext); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize Kerberos5 context (%d)", code); return HTTP_INTERNAL_SERVER_ERROR; } sent_pw = ap_pbase64decode(r->pool, auth_line); sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':'); if (sent_pw == NULL || *sent_pw == '\0') { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "empty passwords are not accepted"); ret = HTTP_UNAUTHORIZED; goto end; } if (conf->krb_5_keytab) krb5_kt_resolve(kcontext, conf->krb_5_keytab, &keytab); if (conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL) ret = krb5_parse_name (kcontext, conf->krb_service_name, &server); else ret = krb5_sname_to_principal(kcontext, ap_get_server_name(r), (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, KRB5_NT_SRV_HST, &server); if (ret) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error parsing server name (%s): %s", (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, krb5_get_err_text(kcontext, ret)); ret = HTTP_UNAUTHORIZED; goto end; } code = krb5_unparse_name(kcontext, server, &name); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_unparse_name() failed: %s", krb5_get_err_text(kcontext, code)); ret = HTTP_UNAUTHORIZED; goto end; } log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Using %s as server principal for password verification", name); free(name); name = NULL; p = strchr(sent_name, '@'); if (p) { *p++ = '\0'; if (conf->krb_auth_realms && !ap_find_token(r->pool, conf->krb_auth_realms, p)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Specified realm `%s' not allowed by configuration", p); ret = HTTP_UNAUTHORIZED; goto end; } } realms = (p) ? p : conf->krb_auth_realms; all_principals_unkown = 1; do { name = (char *) sent_name; if (realms && (realm = ap_getword_white(r->pool, &realms))) name = apr_psprintf(r->pool, "%s@%s", sent_name, realm); if (client) { krb5_free_principal(kcontext, client); client = NULL; } code = krb5_parse_name(kcontext, name, &client); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_parse_name() failed: %s", krb5_get_err_text(kcontext, code)); continue; } code = verify_krb5_user(r, kcontext, client, sent_pw, server, keytab, conf->krb_verify_kdc, conf->krb_service_name, &ccache); if (!conf->krb_authoritative && code) { /* if we're not authoritative, we allow authentication to pass on * to another modules if (and only if) the user is not known to us */ if (all_principals_unkown && code != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) all_principals_unkown = 0; } if (code == 0) break; /* ap_getword_white() used above shifts the parameter, so it's not needed to touch the realms variable */ } while (realms && *realms); memset((char *)sent_pw, 0, strlen(sent_pw)); if (code) { if (!conf->krb_authoritative && all_principals_unkown == 1 && code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) ret = DECLINED; else ret = HTTP_UNAUTHORIZED; goto end; } code = krb5_unparse_name(kcontext, client, &name); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_unparse_name() failed: %s", krb5_get_err_text(kcontext, code)); ret = HTTP_UNAUTHORIZED; goto end; } MK_USER = apr_pstrdup (r->pool, name); MK_AUTH_TYPE = "Basic"; free(name); if (conf->krb_save_credentials) store_krb5_creds(kcontext, r, conf, ccache); ret = OK; end: log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "kerb_authenticate_user_krb5pwd ret=%d user=%s authtype=%s", ret, (MK_USER)?MK_USER:"(NULL)", (MK_AUTH_TYPE)?MK_AUTH_TYPE:"(NULL)"); if (client) krb5_free_principal(kcontext, client); if (server) krb5_free_principal(kcontext, server); if (ccache) krb5_cc_destroy(kcontext, ccache); if (keytab) krb5_kt_close(kcontext, keytab); krb5_free_context(kcontext); return ret; } /********************************************************************* * GSSAPI Authentication ********************************************************************/ static const char * get_gss_error(request_rec *r, OM_uint32 err_maj, OM_uint32 err_min, char *prefix) { OM_uint32 maj_stat, min_stat; OM_uint32 msg_ctx = 0; gss_buffer_desc status_string; char *err_msg; log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "GSS-API major_status:%8.8x, minor_status:%8.8x", err_maj, err_min); err_msg = apr_pstrdup(r->pool, prefix); do { maj_stat = gss_display_status (&min_stat, err_maj, GSS_C_GSS_CODE, GSS_C_NO_OID, &msg_ctx, &status_string); if (!GSS_ERROR(maj_stat)) { err_msg = apr_pstrcat(r->pool, err_msg, ": ", (char*) status_string.value, NULL); gss_release_buffer(&min_stat, &status_string); } } while (!GSS_ERROR(maj_stat) && msg_ctx != 0); msg_ctx = 0; err_msg = apr_pstrcat(r->pool, err_msg, " (", NULL); do { maj_stat = gss_display_status (&min_stat, err_min, GSS_C_MECH_CODE, GSS_C_NULL_OID, &msg_ctx, &status_string); if (!GSS_ERROR(maj_stat)) { err_msg = apr_pstrcat(r->pool, err_msg, ", ", (char *) status_string.value, NULL); gss_release_buffer(&min_stat, &status_string); } } while (!GSS_ERROR(maj_stat) && msg_ctx != 0); err_msg = apr_pstrcat(r->pool, err_msg, ")", NULL); return err_msg; } static int store_gss_creds(request_rec *r, kerb_auth_config *conf, char *princ_name, gss_cred_id_t delegated_cred) { OM_uint32 maj_stat, min_stat; krb5_principal princ = NULL; krb5_ccache ccache = NULL; krb5_error_code problem; krb5_context context; int ret = HTTP_INTERNAL_SERVER_ERROR; problem = krb5_init_context(&context); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize krb5 context"); return HTTP_INTERNAL_SERVER_ERROR; } problem = krb5_parse_name(context, princ_name, &princ); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot parse delegated username (%s)", krb5_get_err_text(context, problem)); goto end; } problem = create_krb5_ccache(context, r, conf, princ, &ccache); if (problem) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot create krb5 ccache (%s)", krb5_get_err_text(context, problem)); goto end; } maj_stat = gss_krb5_copy_ccache(&min_stat, delegated_cred, ccache); if (GSS_ERROR(maj_stat)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot store delegated credential (%s)", get_gss_error(r, maj_stat, min_stat, "gss_krb5_copy_ccache")); goto end; } krb5_cc_close(context, ccache); ccache = NULL; ret = 0; end: if (princ) krb5_free_principal(context, princ); if (ccache) krb5_cc_destroy(context, ccache); krb5_free_context(context); return ret; } static int get_gss_creds(request_rec *r, kerb_auth_config *conf, gss_cred_id_t *server_creds) { gss_buffer_desc token = GSS_C_EMPTY_BUFFER; OM_uint32 major_status, minor_status, minor_status2; gss_name_t server_name = GSS_C_NO_NAME; char buf[1024]; int have_server_princ; have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL; if (have_server_princ) strncpy(buf, conf->krb_service_name, sizeof(buf)); else if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) { *server_creds = GSS_C_NO_CREDENTIAL; return 0; } else snprintf(buf, sizeof(buf), "%s@%s", (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME, ap_get_server_name(r)); token.value = buf; token.length = strlen(buf) + 1; major_status = gss_import_name(&minor_status, &token, (have_server_princ) ? (gss_OID) GSS_KRB5_NT_PRINCIPAL_NAME : (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name); memset(&token, 0, sizeof(token)); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_import_name() failed")); return HTTP_INTERNAL_SERVER_ERROR; } major_status = gss_display_name(&minor_status, server_name, &token, NULL); if (GSS_ERROR(major_status)) { /* Perhaps we could just ignore this error but it's safer to give up now, I think */ log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_display_name() failed")); return HTTP_INTERNAL_SERVER_ERROR; } log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s", token.value); gss_release_buffer(&minor_status, &token); major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_ACCEPT, server_creds, NULL, NULL); gss_release_name(&minor_status2, &server_name); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_acquire_cred() failed")); return HTTP_INTERNAL_SERVER_ERROR; } #ifndef HEIMDAL /* * With MIT Kerberos 5 1.3.x the gss_cred_id_t is the same as * krb5_gss_cred_id_t and krb5_gss_cred_id_rec contains a pointer to * the replay cache. * This allows us to override the replay cache function vector with * our own one. * Note that this is a dirty hack to get things working and there may * well be unknown side-effects. */ { krb5_gss_cred_id_t gss_creds = (krb5_gss_cred_id_t) *server_creds; /* First we try to verify we are linked with 1.3.x to prevent from crashing when linked with 1.4.x */ if (gss_creds && (gss_creds->usage == GSS_C_ACCEPT)) { if (gss_creds->rcache && gss_creds->rcache->ops && gss_creds->rcache->ops->type && memcmp(gss_creds->rcache->ops->type, "dfl", 3) == 0) /* Override the rcache operations */ gss_creds->rcache->ops = &mod_auth_kerb_rc_ops; } } #endif return 0; } static int cmp_gss_type(gss_buffer_t token, gss_OID oid) { unsigned char *p; size_t len; if (token->length == 0) return GSS_S_DEFECTIVE_TOKEN; p = token->value; if (*p++ != 0x60) return GSS_S_DEFECTIVE_TOKEN; len = *p++; if (len & 0x80) { if ((len & 0x7f) > 4) return GSS_S_DEFECTIVE_TOKEN; p += len & 0x7f; } if (*p++ != 0x06) return GSS_S_DEFECTIVE_TOKEN; if (((OM_uint32) *p++) != oid->length) return GSS_S_DEFECTIVE_TOKEN; return memcmp(p, oid->elements, oid->length); } static int authenticate_user_gss(request_rec *r, kerb_auth_config *conf, const char *auth_line, char **negotiate_ret_value) { OM_uint32 major_status, minor_status, minor_status2; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; const char *auth_param = NULL; int ret; gss_name_t client_name = GSS_C_NO_NAME; gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL; OM_uint32 (KRB5_LIB_FUNCTION *accept_sec_token) (OM_uint32 *, gss_ctx_id_t *, const gss_cred_id_t, const gss_buffer_t, const gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *); gss_OID_desc spnego_oid; gss_ctx_id_t context = GSS_C_NO_CONTEXT; gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL; OM_uint32 ret_flags = 0; *negotiate_ret_value = "\0"; spnego_oid.length = 6; spnego_oid.elements = (void *)"\x2b\x06\x01\x05\x05\x02"; if (conf->krb_5_keytab) { char *ktname; /* we don't use the ap_* calls here, since the string passed to putenv() * will become part of the enviroment and shouldn't be free()ed by apache */ ktname = malloc(strlen("KRB5_KTNAME=") + strlen(conf->krb_5_keytab) + 1); if (ktname == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "malloc() failed: not enough memory"); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } sprintf(ktname, "KRB5_KTNAME=%s", conf->krb_5_keytab); putenv(ktname); #ifdef HEIMDAL /* Seems to be also supported by latest MIT */ gsskrb5_register_acceptor_identity(conf->krb_5_keytab); #endif } ret = get_gss_creds(r, conf, &server_creds); if (ret) goto end; /* ap_getword() shifts parameter */ auth_param = ap_getword_white(r->pool, &auth_line); if (auth_param == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No Authorization parameter in request from client"); ret = HTTP_UNAUTHORIZED; goto end; } input_token.length = apr_base64_decode_len(auth_param) + 1; input_token.value = apr_pcalloc(r->connection->pool, input_token.length); if (input_token.value == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "ap_pcalloc() failed (not enough memory)"); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } input_token.length = apr_base64_decode(input_token.value, auth_param); #ifdef GSSAPI_SUPPORTS_SPNEGO accept_sec_token = gss_accept_sec_context; #else accept_sec_token = (cmp_gss_type(&input_token, &spnego_oid) == 0) ? gss_accept_sec_context_spnego : gss_accept_sec_context; #endif log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Verifying client data using KRB5 GSS-API %s", (accept_sec_token == gss_accept_sec_context) ? "" : "with our SPNEGO lib"); major_status = accept_sec_token(&minor_status, &context, server_creds, &input_token, GSS_C_NO_CHANNEL_BINDINGS, &client_name, NULL, &output_token, &ret_flags, NULL, &delegated_cred); log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Client %s us their credential", (ret_flags & GSS_C_DELEG_FLAG) ? "delegated" : "didn't delegate"); if (output_token.length) { char *token = NULL; size_t len; len = apr_base64_encode_len(output_token.length) + 1; token = apr_pcalloc(r->connection->pool, len + 1); if (token == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "ap_pcalloc() failed (not enough memory)"); ret = HTTP_INTERNAL_SERVER_ERROR; gss_release_buffer(&minor_status2, &output_token); goto end; } apr_base64_encode(token, output_token.value, output_token.length); token[len] = '\0'; *negotiate_ret_value = token; log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "GSS-API token of length %d bytes will be sent back", output_token.length); gss_release_buffer(&minor_status2, &output_token); set_kerb_auth_headers(r, conf, 0, 0, *negotiate_ret_value); } if (GSS_ERROR(major_status)) { if (input_token.length > 7 && memcmp(input_token.value, "NTLMSSP", 7) == 0) log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration."); log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_accept_sec_context() failed")); /* Don't offer the Negotiate method again if call to GSS layer failed */ *negotiate_ret_value = NULL; ret = HTTP_UNAUTHORIZED; goto end; } #if 0 /* This is a _Kerberos_ module so multiple authentication rounds aren't * supported. If we wanted a generic GSS authentication we would have to do * some magic with exporting context etc. */ if (major_status & GSS_S_CONTINUE_NEEDED) { ret = HTTP_UNAUTHORIZED; goto end; } #endif major_status = gss_display_name(&minor_status, client_name, &output_token, NULL); gss_release_name(&minor_status, &client_name); if (GSS_ERROR(major_status)) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r, major_status, minor_status, "gss_display_name() failed")); ret = HTTP_INTERNAL_SERVER_ERROR; goto end; } MK_AUTH_TYPE = MECH_NEGOTIATE; MK_USER = apr_pstrdup(r->pool, output_token.value); if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) store_gss_creds(r, conf, (char *)output_token.value, delegated_cred); gss_release_buffer(&minor_status, &output_token); ret = OK; end: if (delegated_cred) gss_release_cred(&minor_status, &delegated_cred); if (output_token.length) gss_release_buffer(&minor_status, &output_token); if (client_name != GSS_C_NO_NAME) gss_release_name(&minor_status, &client_name); if (server_creds != GSS_C_NO_CREDENTIAL) gss_release_cred(&minor_status, &server_creds); if (context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER); return ret; } static int do_krb5_an_to_ln(request_rec *r) { krb5_error_code code; int ret = HTTP_INTERNAL_SERVER_ERROR; char *MK_USER_LNAME = NULL; krb5_context kcontext = NULL; krb5_principal client = NULL; code = krb5_init_context(&kcontext); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Cannot initialize Kerberos5 context (%d)", code); goto end; } code = krb5_parse_name(kcontext, MK_USER, &client); if (code) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_parse_name() failed: %s", krb5_get_err_text(kcontext, code)); goto end; } MK_USER_LNAME = apr_pcalloc(r->pool, strlen(MK_USER)+1); if (MK_USER_LNAME == NULL) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "ap_pcalloc() failed (not enough memory)"); goto end; } code = krb5_aname_to_localname(kcontext, client, strlen(MK_USER), MK_USER_LNAME); if (code) { if (code != KRB5_LNAME_NOTRANS) { log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "krb5_aname_to_localname() failed: %s", krb5_get_err_text(kcontext, code)); } else { log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "krb5_aname_to_localname() found no " "mapping for principal %s", MK_USER); } } else { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "kerb_authenticate_a_name_to_local_name %s -> %s", (MK_USER)?MK_USER:"(NULL)", (MK_USER_LNAME)?MK_USER_LNAME:"(NULL)"); MK_USER = apr_pstrdup(r->pool, MK_USER_LNAME); ret = OK; } end: if (client) krb5_free_principal(kcontext, client); if (kcontext) krb5_free_context(kcontext); return ret; } #endif /* KRB5 */ static krb5_conn_data * already_succeeded(request_rec *r, char *auth_line) { krb5_conn_data *conn_data; char keyname[1024]; snprintf(keyname, sizeof(keyname) - 1, "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, r->connection->id); if (apr_pool_userdata_get((void**)&conn_data, keyname, r->connection->pool) != 0) return NULL; if(conn_data) { if(strcmp(conn_data->authline, auth_line) == 0) { log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "matched previous auth request"); return conn_data; } } return NULL; } static void set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf, int use_krb4, int use_krb5pwd, char *negotiate_ret_value) { const char *auth_name = NULL; int set_basic = 0; char *negoauth_param; const char *header_name = (r->proxyreq == PROXYREQ_PROXY) ? "Proxy-Authenticate" : "WWW-Authenticate"; /* get the user realm specified in .htaccess */ auth_name = ap_auth_name(r); /* XXX should the WWW-Authenticate header be cleared first? * apache in the proxy mode should retain client's authN headers? */ #ifdef KRB5 if (negotiate_ret_value != NULL && conf->krb_method_gssapi) { negoauth_param = (*negotiate_ret_value == '\0') ? MECH_NEGOTIATE : apr_pstrcat(r->pool, MECH_NEGOTIATE " ", negotiate_ret_value, NULL); apr_table_add(r->err_headers_out, header_name, negoauth_param); } if ((use_krb5pwd && conf->krb_method_k5pass) || conf->krb_delegate_basic) { apr_table_add(r->err_headers_out, header_name, apr_pstrcat(r->pool, "Basic realm=\"", auth_name, "\"", NULL)); set_basic = 1; } #endif #ifdef KRB4 if (!set_basic && ((use_krb4 && conf->krb_method_k4pass) || conf->krb_delegate_basic)) apr_table_add(r->err_headers_out, header_name, apr_pstrcat(r->pool, "Basic realm=\"", auth_name, "\"", NULL)); #endif } static int kerb_authenticate_user(request_rec *r) { kerb_auth_config *conf = (kerb_auth_config *) ap_get_module_config(r->per_dir_config, &auth_kerb_module); krb5_conn_data *prevauth = NULL; const char *auth_type = NULL; char *auth_line = NULL; const char *type = NULL; int use_krb5 = 0, use_krb4 = 0; int ret; static int last_return = HTTP_UNAUTHORIZED; char *negotiate_ret_value = NULL; char keyname[1024]; /* get the type specified in .htaccess */ type = ap_auth_type(r); log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "kerb_authenticate_user entered with user %s and auth_type %s", (MK_USER)?MK_USER:"(NULL)",type?type:"(NULL)"); if (type && strcasecmp(type, "Kerberos") == 0) use_krb5 = use_krb4 = 1; else if(type && strcasecmp(type, "KerberosV5") == 0) use_krb5 = 1; else if(type && strcasecmp(type, "KerberosV4") == 0) use_krb4 = 1; else return DECLINED; #if 0 if (conf->krb_ssl_preauthentication) { const char *ssl_client_verify = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_VERIFY"); if (ssl_client_verify && strcmp(ssl_client_verify, "SUCCESS") == 0) return OK; } #endif /* get what the user sent us in the HTTP header */ auth_line = (char *)MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY) ? "Proxy-Authorization" : "Authorization"); if (!auth_line) { set_kerb_auth_headers(r, conf, use_krb4, use_krb5, (use_krb5) ? "\0" : NULL); return HTTP_UNAUTHORIZED; } auth_type = ap_getword_white(r->pool, (const char **)&auth_line); /* If we are delegating Basic to other modules, DECLINE the request */ if (conf->krb_delegate_basic && #ifdef KRB5 !conf->krb_method_k5pass && #endif #ifdef KRB4 !conf->krb_method_k4pass && #endif (strcasecmp(auth_type, "Basic") == 0)) return DECLINED; if ( (prevauth = already_succeeded(r, auth_line)) == NULL) { ret = HTTP_UNAUTHORIZED; #ifdef KRB5 if (use_krb5 && conf->krb_method_gssapi && strcasecmp(auth_type, MECH_NEGOTIATE) == 0) { ret = authenticate_user_gss(r, conf, auth_line, &negotiate_ret_value); } else if (use_krb5 && conf->krb_method_k5pass && strcasecmp(auth_type, "Basic") == 0) { ret = authenticate_user_krb5pwd(r, conf, auth_line); } #endif #ifdef KRB4 if (ret == HTTP_UNAUTHORIZED && use_krb4 && conf->krb_method_k4pass && strcasecmp(auth_type, "Basic") == 0) ret = authenticate_user_krb4pwd(r, conf, auth_line); #endif if (ret == HTTP_UNAUTHORIZED) set_kerb_auth_headers(r, conf, use_krb4, use_krb5, negotiate_ret_value); } else { ret = prevauth->last_return; MK_USER = prevauth->user; MK_AUTH_TYPE = prevauth->mech; } /* * save who was auth'd, if it's not already stashed. */ if(!prevauth) { prevauth = (krb5_conn_data *) apr_pcalloc(r->connection->pool, sizeof(krb5_conn_data)); prevauth->user = apr_pstrdup(r->connection->pool, MK_USER); prevauth->authline = apr_pstrdup(r->connection->pool, auth_line); prevauth->mech = apr_pstrdup(r->connection->pool, auth_type); prevauth->last_return = ret; snprintf(keyname, sizeof(keyname) - 1, "mod_auth_kerb::connection::%s::%ld", r->connection->remote_ip, r->connection->id); apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool); } if (ret == OK && conf->krb5_do_auth_to_local) ret = do_krb5_an_to_ln(r); /* XXX log_debug: if ret==OK, log(user XY authenticated) */ last_return = ret; return ret; } int have_rcache_type(const char *type) { krb5_error_code ret; krb5_context context; krb5_rcache id = NULL; int found; ret = krb5_init_context(&context); if (ret) return 0; ret = krb5_rc_resolve_full(context, &id, "none:"); found = (ret == 0); if (ret == 0) krb5_rc_destroy(context, id); krb5_free_context(context); return found; } /*************************************************************************** Module Setup/Configuration ***************************************************************************/ #ifndef STANDARD20_MODULE_STUFF static void kerb_module_init(server_rec *dummy, pool *p) { #ifndef HEIMDAL /* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. 1.3.x are covered by the hack overiding the replay calls */ if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) putenv(strdup("KRB5RCACHETYPE=none")); #endif } module MODULE_VAR_EXPORT auth_kerb_module = { STANDARD_MODULE_STUFF, kerb_module_init, /* module initializer */ kerb_dir_create_config, /* per-directory config creator */ NULL, /* per-directory config merger */ NULL, /* per-server config creator */ NULL, /* per-server config merger */ kerb_auth_cmds, /* command table */ NULL, /* [ 9] content handlers */ NULL, /* [ 2] URI-to-filename translation */ kerb_authenticate_user, /* [ 5] check/validate user_id */ NULL, /* [ 6] check user_id is valid *here* */ NULL, /* [ 4] check access by host address */ NULL, /* [ 7] MIME type checker/setter */ NULL, /* [ 8] fixups */ NULL, /* [10] logger */ NULL, /* [ 3] header parser */ NULL, /* process initialization */ NULL, /* process exit/cleanup */ NULL /* [ 1] post read_request handling */ #ifdef EAPI ,NULL, /* EAPI: add_module */ NULL, /* EAPI: remove_module */ NULL, /* EAPI: rewrite_command */ NULL /* EAPI: new_connection */ #endif }; #else static int kerb_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { ap_add_version_component(p, "mod_auth_kerb/" MODAUTHKERB_VERSION); #ifndef HEIMDAL /* Suppress the MIT replay cache. Requires MIT Kerberos 1.4.0 or later. 1.3.x are covered by the hack overiding the replay calls */ if (getenv("KRB5RCACHETYPE") == NULL && have_rcache_type("none")) putenv(strdup("KRB5RCACHETYPE=none")); #endif return OK; } static void kerb_register_hooks(apr_pool_t *p) { ap_hook_post_config(kerb_init_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id(kerb_authenticate_user, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA auth_kerb_module = { STANDARD20_MODULE_STUFF, kerb_dir_create_config, /* create per-dir conf structures */ NULL, /* merge per-dir conf structures */ NULL, /* create per-server conf structures */ NULL, /* merge per-server conf structures */ kerb_auth_cmds, /* table of configuration directives */ kerb_register_hooks /* register hooks */ }; #endif mod_auth_kerb-5.4/LICENSE0000644000175000000000000001772111115241456014263 0ustar xpristrootmod_auth_kerb license --------------------- /* * Copyright (c) 2004-2006 Masarykova universita * (Masaryk University, Brno, Czech Republic) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the University nor the names of its contributors may * be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ This package also contains parts (see the spnego subdirectory) based on the Heimdal source code (http://www.pdc.kth.se/heimdal/) released under following license statement: /* * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' * AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE * LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY * WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ This package also contains a small subset of the MIT private headers (see src/mit-internals.h) which are licensed under following terms: /* * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003 by the Massachusetts Institute of Technology, * Cambridge, MA, USA. All Rights Reserved. * * This software is being provided to you, the LICENSEE, by the * Massachusetts Institute of Technology (M.I.T.) under the following * license. By obtaining, using and/or copying this software, you agree * that you have read, understood, and will comply with these terms and * conditions: * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute * this software and its documentation for any purpose and without fee or * royalty is hereby granted, provided that you agree to comply with the * following copyright notice and statements, including the disclaimer, and * that the same appear on ALL copies of the software and documentation, * including modifications that you make for internal use or for * distribution: * * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. * * The name of the Massachusetts Institute of Technology or M.I.T. may NOT * be used in advertising or publicity pertaining to distribution of the * software. Title to copyright in this software and any associated * documentation shall at all times remain with M.I.T., and USER agrees to * preserve same. * * Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. */ /* * Copyright (C) 1998 by the FundsXpress, INC. * * All rights reserved. * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of FundsXpress. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ mod_auth_kerb-5.4/spnegokrb5/0000755000175000000000000000000011115727042015325 5ustar xpristrootmod_auth_kerb-5.4/spnegokrb5/asn1_NegTokenTarg.c0000644000175000000000000001442311113277171020750 0ustar xpristroot/* Generated from spnego.asn1 */ /* Do not edit */ #include #include #include #include #include #include #include #include #include #define BACK if (e) return e; p -= l; len -= l; ret += l int encode_NegTokenTarg(unsigned char *p, size_t len, const NegTokenTarg *data, size_t *size) { size_t ret = 0; size_t l; int i, e; i = 0; if((data)->mechListMIC) { int oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->mechListMIC, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 3, &l); BACK; ret += oldret; } if((data)->responseToken) { int oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->responseToken, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 2, &l); BACK; ret += oldret; } if((data)->supportedMech) { int oldret = ret; ret = 0; e = encode_MechType(p, len, (data)->supportedMech, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 1, &l); BACK; ret += oldret; } if((data)->negResult) { int oldret = ret; ret = 0; e = encode_enumerated(p, len, (data)->negResult, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 0, &l); BACK; ret += oldret; } e = der_put_length_and_tag (p, len, ret, UNIV, CONS, UT_Sequence, &l); BACK; *size = ret; return 0; } #define FORW if(e) goto fail; p += l; len -= l; ret += l int decode_NegTokenTarg(const unsigned char *p, size_t len, NegTokenTarg *data, size_t *size) { size_t ret = 0, reallen; size_t l; int e; memset(data, 0, sizeof(*data)); reallen = 0; e = der_match_tag_and_length (p, len, UNIV, CONS, UT_Sequence,&reallen, &l); FORW; { int dce_fix; if((dce_fix = fix_dce(reallen, &len)) < 0) return ASN1_BAD_FORMAT; { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 0, &l); if (e) (data)->negResult = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->negResult = malloc(sizeof(*(data)->negResult)); if((data)->negResult == NULL) return ENOMEM; e = decode_enumerated(p, len, (data)->negResult, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 1, &l); if (e) (data)->supportedMech = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->supportedMech = malloc(sizeof(*(data)->supportedMech)); if((data)->supportedMech == NULL) return ENOMEM; e = decode_MechType(p, len, (data)->supportedMech, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 2, &l); if (e) (data)->responseToken = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->responseToken = malloc(sizeof(*(data)->responseToken)); if((data)->responseToken == NULL) return ENOMEM; e = decode_octet_string(p, len, (data)->responseToken, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 3, &l); if (e) (data)->mechListMIC = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->mechListMIC = malloc(sizeof(*(data)->mechListMIC)); if((data)->mechListMIC == NULL) return ENOMEM; e = decode_octet_string(p, len, (data)->mechListMIC, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; } } if(size) *size = ret; return 0; fail: free_NegTokenTarg(data); return e; } void free_NegTokenTarg(NegTokenTarg *data) { if((data)->negResult) { free((data)->negResult); } if((data)->supportedMech) { free_MechType((data)->supportedMech); free((data)->supportedMech); } if((data)->responseToken) { free_octet_string((data)->responseToken); free((data)->responseToken); } if((data)->mechListMIC) { free_octet_string((data)->mechListMIC); free((data)->mechListMIC); } } size_t length_NegTokenTarg(const NegTokenTarg *data) { size_t ret = 0; if((data)->negResult){ int oldret = ret; ret = 0; ret += length_enumerated((data)->negResult); ret += 1 + length_len(ret) + oldret; } if((data)->supportedMech){ int oldret = ret; ret = 0; ret += length_MechType((data)->supportedMech); ret += 1 + length_len(ret) + oldret; } if((data)->responseToken){ int oldret = ret; ret = 0; ret += length_octet_string((data)->responseToken); ret += 1 + length_len(ret) + oldret; } if((data)->mechListMIC){ int oldret = ret; ret = 0; ret += length_octet_string((data)->mechListMIC); ret += 1 + length_len(ret) + oldret; } ret += 1 + length_len(ret); return ret; } int copy_NegTokenTarg(const NegTokenTarg *from, NegTokenTarg *to) { if((from)->negResult) { (to)->negResult = malloc(sizeof(*(to)->negResult)); if((to)->negResult == NULL) return ENOMEM; *((to)->negResult) = *((from)->negResult); }else (to)->negResult = NULL; if((from)->supportedMech) { (to)->supportedMech = malloc(sizeof(*(to)->supportedMech)); if((to)->supportedMech == NULL) return ENOMEM; if(copy_MechType((from)->supportedMech, (to)->supportedMech)) return ENOMEM; }else (to)->supportedMech = NULL; if((from)->responseToken) { (to)->responseToken = malloc(sizeof(*(to)->responseToken)); if((to)->responseToken == NULL) return ENOMEM; if(copy_octet_string((from)->responseToken, (to)->responseToken)) return ENOMEM; }else (to)->responseToken = NULL; if((from)->mechListMIC) { (to)->mechListMIC = malloc(sizeof(*(to)->mechListMIC)); if((to)->mechListMIC == NULL) return ENOMEM; if(copy_octet_string((from)->mechListMIC, (to)->mechListMIC)) return ENOMEM; }else (to)->mechListMIC = NULL; return 0; } mod_auth_kerb-5.4/spnegokrb5/init_sec_context.c0000644000175000000000000001055011113277171021034 0ustar xpristroot/* * SPNEGO wrapper for Kerberos5 GSS-API * kouril@ics.muni.cz, 2003 * (mostly based on Heimdal code) */ #include "spnegokrb5_locl.h" static int add_mech(MechTypeList *mech_list, gss_OID mech) { MechType *tmp; int ret; tmp = realloc(mech_list->val, (mech_list->len + 1) * sizeof(*tmp)); if (tmp == NULL) return ENOMEM; mech_list->val = tmp; ret = der_get_oid(mech->elements, mech->length, &mech_list->val[mech_list->len], NULL); if (ret) return ret; mech_list->len++; return 0; } #if 0 static int set_context_flags(OM_uint32 req_flags, ContextFlags *flags) { if (req_flags & GSS_C_DELEG_FLAG) flags->delegFlag = 1; if (req_flags & GSS_C_MUTUAL_FLAG) flags->mutualFlag = 1; if (req_flags & GSS_C_REPLAY_FLAG) flags->replayFlag = 1; if (req_flags & GSS_C_SEQUENCE_FLAG) flags->sequenceFlag = 1; if (req_flags & GSS_C_ANON_FLAG) flags->anonFlag = 1; if (req_flags & GSS_C_CONF_FLAG) flags->confFlag = 1; if (req_flags & GSS_C_INTEG_FLAG) flags->integFlag = 1; return 0; } #endif OM_uint32 KRB5_LIB_FUNCTION gss_init_sec_context_spnego( OM_uint32 * minor_status, const gss_cred_id_t initiator_cred_handle, gss_ctx_id_t * context_handle, const gss_name_t target_name, const gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, const gss_channel_bindings_t input_chan_bindings, const gss_buffer_t input_token, gss_OID * actual_mech_type, gss_buffer_t output_token, OM_uint32 * ret_flags, OM_uint32 * time_rec) { NegTokenInit token_init; OM_uint32 major_status, minor_status2; gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER; unsigned char *buf = NULL; size_t buf_size; size_t len; int ret; memset(&token_init, 0, sizeof(token_init)); ALLOC(token_init.mechTypes); if (token_init.mechTypes == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } ret = add_mech(token_init.mechTypes, GSS_KRB5_MECH); if (ret) { *minor_status = ret; ret = GSS_S_FAILURE; goto end; } #if 0 ALLOC(token_init.reqFlags); if (token_init.reqFlags == NULL) { *minor_status = ENOMEM; ret = GSS_S_FAILURE; goto end; } set_context_flags(req_flags, token_init.reqFlags); #endif major_status = gss_init_sec_context(minor_status, initiator_cred_handle, context_handle, target_name, GSS_KRB5_MECH, req_flags, time_req, input_chan_bindings, input_token, actual_mech_type, &krb5_output_token, ret_flags, time_rec); if (GSS_ERROR(major_status)) { ret = major_status; goto end; } if (krb5_output_token.length > 0) { ALLOC(token_init.mechToken); if (token_init.mechToken == NULL) { *minor_status = ENOMEM; ret = GSS_S_FAILURE; goto end; } token_init.mechToken->data = krb5_output_token.value; token_init.mechToken->length = krb5_output_token.length; krb5_output_token.length = 0; /* don't free it later */ } /* The MS implementation of SPNEGO seems to not like the mechListMIC field, * so we omit it (it's optional anyway) */ buf_size = 1024; buf = malloc(buf_size); do { ret = encode_NegTokenInit(buf + buf_size -1, buf_size, &token_init, &len); if (ret == 0) { size_t tmp; ret = der_put_length_and_tag(buf + buf_size - len - 1, buf_size - len, len, KERB_CTXT, CONS, 0, &tmp); if (ret == 0) len += tmp; } if (ret) { if (ret == ASN1_OVERFLOW) { u_char *tmp; buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { *minor_status = ENOMEM; ret = GSS_S_FAILURE; goto end; } buf = tmp; } else { *minor_status = ret; ret = GSS_S_FAILURE; goto end; } } } while (ret == ASN1_OVERFLOW); ret = gssapi_spnego_encapsulate(minor_status, buf + buf_size - len, len, output_token, GSS_SPNEGO_MECH); ret = major_status; end: free_NegTokenInit(&token_init); if (krb5_output_token.length > 0) gss_release_buffer(&minor_status2, &krb5_output_token); if (buf) free(buf); return ret; } mod_auth_kerb-5.4/spnegokrb5/asn1_MechTypeList.c0000644000175000000000000000415511113277171020773 0ustar xpristroot/* Generated from spnego.asn1 */ /* Do not edit */ #include #include #include #include #include #include #include #include #include #define BACK if (e) return e; p -= l; len -= l; ret += l int encode_MechTypeList(unsigned char *p, size_t len, const MechTypeList *data, size_t *size) { size_t ret = 0; size_t l; int i, e; i = 0; for(i = (data)->len - 1; i >= 0; --i) { int oldret = ret; ret = 0; e = encode_MechType(p, len, &(data)->val[i], &l); BACK; ret += oldret; } e = der_put_length_and_tag (p, len, ret, UNIV, CONS, UT_Sequence, &l); BACK; *size = ret; return 0; } #define FORW if(e) goto fail; p += l; len -= l; ret += l int decode_MechTypeList(const unsigned char *p, size_t len, MechTypeList *data, size_t *size) { size_t ret = 0, reallen; size_t l; int e; memset(data, 0, sizeof(*data)); reallen = 0; e = der_match_tag_and_length (p, len, UNIV, CONS, UT_Sequence,&reallen, &l); FORW; if(len < reallen) return ASN1_OVERRUN; len = reallen; { size_t origlen = len; int oldret = ret; ret = 0; (data)->len = 0; (data)->val = NULL; while(ret < origlen) { (data)->len++; (data)->val = realloc((data)->val, sizeof(*((data)->val)) * (data)->len); e = decode_MechType(p, len, &(data)->val[(data)->len-1], &l); FORW; len = origlen - ret; } ret += oldret; } if(size) *size = ret; return 0; fail: free_MechTypeList(data); return e; } void free_MechTypeList(MechTypeList *data) { while((data)->len){ free_MechType(&(data)->val[(data)->len-1]); (data)->len--; } free((data)->val); } size_t length_MechTypeList(const MechTypeList *data) { size_t ret = 0; { int oldret = ret; int i; ret = 0; for(i = (data)->len - 1; i >= 0; --i){ ret += length_MechType(&(data)->val[i]); } ret += 1 + length_len(ret) + oldret; } return ret; } int copy_MechTypeList(const MechTypeList *from, MechTypeList *to) { if(((to)->val = malloc((from)->len * sizeof(*(to)->val))) == NULL && (from)->len != 0) return ENOMEM; for((to)->len = 0; (to)->len < (from)->len; (to)->len++){ if(copy_MechType(&(from)->val[(to)->len], &(to)->val[(to)->len])) return ENOMEM; } return 0; } mod_auth_kerb-5.4/spnegokrb5/parse_units.h0000644000175000000000000000463111113277171020037 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: parse_units.h,v 1.1 2003/09/05 09:16:50 kouril Exp $ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ #include #include struct units { const char *name; unsigned mult; }; int parse_units (const char *s, const struct units *units, const char *def_unit); void print_units_table (const struct units *units, FILE *f); int parse_flags (const char *s, const struct units *units, int orig); int unparse_units (int num, const struct units *units, char *s, size_t len); int unparse_units_approx (int num, const struct units *units, char *s, size_t len); int unparse_flags (int num, const struct units *units, char *s, size_t len); void print_flags_table (const struct units *units, FILE *f); #endif /* __PARSE_UNITS_H__ */ mod_auth_kerb-5.4/spnegokrb5/spnegokrb5.h0000644000175000000000000000221211113277171017553 0ustar xpristroot#ifndef _SPNEGOKRB5_H_ #define _SPNEGOKRB5_H_ #ifdef __cplusplus extern "C" { #endif #include "config.h" #ifdef HEIMDAL # include #else # include #endif #ifndef KRB5_LIB_FUNCTION # if defined(_WIN32) # define KRB5_LIB_FUNCTION _stdcall # else # define KRB5_LIB_FUNCTION # endif #endif OM_uint32 KRB5_LIB_FUNCTION gss_init_sec_context_spnego( OM_uint32 *, const gss_cred_id_t, gss_ctx_id_t *, const gss_name_t, const gss_OID, OM_uint32, OM_uint32, const gss_channel_bindings_t, const gss_buffer_t, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *); OM_uint32 KRB5_LIB_FUNCTION gss_accept_sec_context_spnego (OM_uint32 *, gss_ctx_id_t *, const gss_cred_id_t, const gss_buffer_t, const gss_channel_bindings_t, gss_name_t *, gss_OID *, gss_buffer_t, OM_uint32 *, OM_uint32 *, gss_cred_id_t *); #ifdef __cplusplus } #endif #endif mod_auth_kerb-5.4/spnegokrb5/asn1_MechType.c0000644000175000000000000000212211113277171020127 0ustar xpristroot/* Generated from spnego.asn1 */ /* Do not edit */ #include #include #include #include #include #include #include #include #include #define BACK if (e) return e; p -= l; len -= l; ret += l int encode_MechType(unsigned char *p, size_t len, const MechType *data, size_t *size) { size_t ret = 0; size_t l; int i, e; i = 0; e = encode_oid(p, len, data, &l); BACK; *size = ret; return 0; } #define FORW if(e) goto fail; p += l; len -= l; ret += l int decode_MechType(const unsigned char *p, size_t len, MechType *data, size_t *size) { size_t ret = 0, reallen; size_t l; int e; memset(data, 0, sizeof(*data)); reallen = 0; e = decode_oid(p, len, data, &l); FORW; if(size) *size = ret; return 0; fail: free_MechType(data); return e; } void free_MechType(MechType *data) { free_oid(data); } size_t length_MechType(const MechType *data) { size_t ret = 0; ret += length_oid(data); return ret; } int copy_MechType(const MechType *from, MechType *to) { if(copy_oid(from, to)) return ENOMEM; return 0; } mod_auth_kerb-5.4/spnegokrb5/encapsulate.c0000644000175000000000000000576011113277171020006 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "spnegokrb5_locl.h" static void gssapi_encap_length (size_t data_len, size_t *len, size_t *total_len, const gss_OID mech) { size_t len_len; *len = 1 + 1 + mech->length + data_len; len_len = length_len(*len); *total_len = 1 + len_len + *len; } static u_char * gssapi_mech_make_header (u_char *p, size_t len, const gss_OID mech) { int e; size_t len_len, foo; *p++ = 0x60; len_len = length_len(len); e = der_put_length (p + len_len - 1, len_len, len, &foo); if(e || foo != len_len) abort (); p += len_len; *p++ = 0x06; *p++ = mech->length; memcpy (p, mech->elements, mech->length); p += mech->length; return p; } /* * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. */ OM_uint32 gssapi_spnego_encapsulate( OM_uint32 *minor_status, unsigned char *buf, size_t buf_size, gss_buffer_t output_token, const gss_OID mech ) { size_t len, outer_len; u_char *p; gssapi_encap_length (buf_size, &len, &outer_len, mech); output_token->length = outer_len; output_token->value = malloc (outer_len); if (output_token->value == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } p = gssapi_mech_make_header (output_token->value, len, mech); memcpy (p, buf, buf_size); return GSS_S_COMPLETE; } mod_auth_kerb-5.4/spnegokrb5/der_length.c0000644000175000000000000000654111113277171017613 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" #if 0 RCSID("$Id: der_length.c,v 1.1 2003/09/05 08:54:08 kouril Exp $"); #endif static size_t len_unsigned (unsigned val) { size_t ret = 0; do { ++ret; val /= 256; } while (val); return ret; } static size_t len_int (int val) { size_t ret = 0; if (val == 0) return 1; while (val > 255 || val < -255) { ++ret; val /= 256; } if (val != 0) { ++ret; if ((signed char)val != val) ++ret; val /= 256; } return ret; } static size_t len_oid (const oid *oid) { size_t ret = 1; int n; for (n = 2; n < oid->length; ++n) { unsigned u = oid->components[n]; ++ret; u /= 128; while (u > 0) { ++ret; u /= 128; } } return ret; } size_t length_len (size_t len) { if (len < 128) return 1; else return len_unsigned (len) + 1; } size_t length_integer (const int *data) { size_t len = len_int (*data); return 1 + length_len(len) + len; } size_t length_unsigned (const unsigned *data) { size_t len = len_unsigned (*data); return 1 + length_len(len) + len; } size_t length_enumerated (const unsigned *data) { size_t len = len_int (*data); return 1 + length_len(len) + len; } size_t length_general_string (const general_string *data) { char *str = *data; size_t len = strlen(str); return 1 + length_len(len) + len; } size_t length_octet_string (const octet_string *k) { return 1 + length_len(k->length) + k->length; } size_t length_oid (const oid *k) { size_t len = len_oid (k); return 1 + length_len(len) + len; } size_t length_generalized_time (const time_t *t) { octet_string k; size_t ret; time2generalizedtime (*t, &k); ret = 1 + length_len(k.length) + k.length; free (k.data); return ret; } mod_auth_kerb-5.4/spnegokrb5/der_put.c0000644000175000000000000002103111113277171017131 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" #if 0 RCSID("$Id: der_put.c,v 1.1 2003/09/05 08:54:08 kouril Exp $"); #endif /* * All encoding functions take a pointer `p' to first position in * which to write, from the right, `len' which means the maximum * number of characters we are able to write. The function returns * the number of characters written in `size' (if non-NULL). * The return value is 0 or an error. */ static int der_put_unsigned (unsigned char *p, size_t len, unsigned val, size_t *size) { unsigned char *base = p; if (val) { while (len > 0 && val) { *p-- = val % 256; val /= 256; --len; } if (val != 0) return ASN1_OVERFLOW; else { *size = base - p; return 0; } } else if (len < 1) return ASN1_OVERFLOW; else { *p = 0; *size = 1; return 0; } } int der_put_int (unsigned char *p, size_t len, int val, size_t *size) { unsigned char *base = p; if(val >= 0) { do { if(len < 1) return ASN1_OVERFLOW; *p-- = val % 256; len--; val /= 256; } while(val); if(p[1] >= 128) { if(len < 1) return ASN1_OVERFLOW; *p-- = 0; len--; } } else { val = ~val; do { if(len < 1) return ASN1_OVERFLOW; *p-- = ~(val % 256); len--; val /= 256; } while(val); if(p[1] < 128) { if(len < 1) return ASN1_OVERFLOW; *p-- = 0xff; len--; } } *size = base - p; return 0; } int der_put_length (unsigned char *p, size_t len, size_t val, size_t *size) { if (len < 1) return ASN1_OVERFLOW; if (val < 128) { *p = val; *size = 1; return 0; } else { size_t l; int e; e = der_put_unsigned (p, len - 1, val, &l); if (e) return e; p -= l; *p = 0x80 | l; *size = l + 1; return 0; } } int der_put_general_string (unsigned char *p, size_t len, const general_string *str, size_t *size) { size_t slen = strlen(*str); if (len < slen) return ASN1_OVERFLOW; p -= slen; len -= slen; memcpy (p+1, *str, slen); *size = slen; return 0; } int der_put_octet_string (unsigned char *p, size_t len, const octet_string *data, size_t *size) { if (len < data->length) return ASN1_OVERFLOW; p -= data->length; len -= data->length; memcpy (p+1, data->data, data->length); *size = data->length; return 0; } int der_put_oid (unsigned char *p, size_t len, const oid *data, size_t *size) { unsigned char *base = p; int n; for (n = data->length - 1; n >= 2; --n) { unsigned u = data->components[n]; if (len < 1) return ASN1_OVERFLOW; *p-- = u % 128; u /= 128; --len; while (u > 0) { if (len < 1) return ASN1_OVERFLOW; *p-- = 128 + u % 128; u /= 128; --len; } } if (len < 1) return ASN1_OVERFLOW; *p-- = 40 * data->components[0] + data->components[1]; *size = base - p; return 0; } int der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *size) { if (len < 1) return ASN1_OVERFLOW; *p = (class << 6) | (type << 5) | tag; /* XXX */ *size = 1; return 0; } int der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val, Der_class class, Der_type type, int tag, size_t *size) { size_t ret = 0; size_t l; int e; e = der_put_length (p, len, len_val, &l); if(e) return e; p -= l; len -= l; ret += l; e = der_put_tag (p, len, class, type, tag, &l); if(e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int encode_integer (unsigned char *p, size_t len, const int *data, size_t *size) { int num = *data; size_t ret = 0; size_t l; int e; e = der_put_int (p, len, num, &l); if(e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_Integer, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int encode_unsigned (unsigned char *p, size_t len, const unsigned *data, size_t *size) { unsigned num = *data; size_t ret = 0; size_t l; int e; e = der_put_unsigned (p, len, num, &l); if(e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_Integer, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int encode_enumerated (unsigned char *p, size_t len, const unsigned *data, size_t *size) { unsigned num = *data; size_t ret = 0; size_t l; int e; e = der_put_int (p, len, num, &l); if(e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_Enumerated, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int encode_general_string (unsigned char *p, size_t len, const general_string *data, size_t *size) { size_t ret = 0; size_t l; int e; e = der_put_general_string (p, len, data, &l); if (e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_GeneralString, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int encode_octet_string (unsigned char *p, size_t len, const octet_string *k, size_t *size) { size_t ret = 0; size_t l; int e; e = der_put_octet_string (p, len, k, &l); if (e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_OctetString, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int encode_oid(unsigned char *p, size_t len, const oid *k, size_t *size) { size_t ret = 0; size_t l; int e; e = der_put_oid (p, len, k, &l); if (e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, l, UNIV, PRIM, UT_OID, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } int time2generalizedtime (time_t t, octet_string *s) { struct tm *tm; size_t len; len = 15; s->data = malloc(len + 1); if (s->data == NULL) return ENOMEM; s->length = len; tm = gmtime (&t); snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec); return 0; } int encode_generalized_time (unsigned char *p, size_t len, const time_t *t, size_t *size) { size_t ret = 0; size_t l; octet_string k; int e; e = time2generalizedtime (*t, &k); if (e) return e; e = der_put_octet_string (p, len, &k, &l); free (k.data); if (e) return e; p -= l; len -= l; ret += l; e = der_put_length_and_tag (p, len, k.length, UNIV, PRIM, UT_GeneralizedTime, &l); if (e) return e; p -= l; len -= l; ret += l; *size = ret; return 0; } mod_auth_kerb-5.4/spnegokrb5/asn1_err.h0000644000175000000000000000140011113277171017204 0ustar xpristroot/* Generated from ../../../lib/asn1/asn1_err.et */ /* $Id: asn1_err.h,v 1.1 2003/09/05 09:16:50 kouril Exp $ */ #ifndef __asn1_err_h__ #define __asn1_err_h__ struct et_list; void initialize_asn1_error_table_r(struct et_list **); void initialize_asn1_error_table(void); #define init_asn1_err_tbl initialize_asn1_error_table typedef enum asn1_error_number{ ASN1_BAD_TIMEFORMAT = 1859794432, ASN1_MISSING_FIELD = 1859794433, ASN1_MISPLACED_FIELD = 1859794434, ASN1_TYPE_MISMATCH = 1859794435, ASN1_OVERFLOW = 1859794436, ASN1_OVERRUN = 1859794437, ASN1_BAD_ID = 1859794438, ASN1_BAD_LENGTH = 1859794439, ASN1_BAD_FORMAT = 1859794440, ASN1_PARSE_ERROR = 1859794441 } asn1_error_number; #define ERROR_TABLE_BASE_asn1 1859794432 #endif /* __asn1_err_h__ */ mod_auth_kerb-5.4/spnegokrb5/der_copy.c0000644000175000000000000000464511113277171017307 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" #if 0 RCSID("$Id: der_copy.c,v 1.1 2003/09/05 08:54:08 kouril Exp $"); #endif int copy_general_string (const general_string *from, general_string *to) { *to = strdup(*from); if(*to == NULL) return ENOMEM; return 0; } int copy_octet_string (const octet_string *from, octet_string *to) { to->length = from->length; to->data = malloc(to->length); if(to->length != 0 && to->data == NULL) return ENOMEM; memcpy(to->data, from->data, to->length); return 0; } int copy_oid (const oid *from, oid *to) { to->length = from->length; to->components = malloc(to->length * sizeof(*to->components)); if (to->length != 0 && to->components == NULL) return ENOMEM; memcpy(to->components, from->components, to->length); return 0; } mod_auth_kerb-5.4/spnegokrb5/der_free.c0000644000175000000000000000364411113277171017254 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" #if 0 RCSID("$Id: der_free.c,v 1.1 2003/09/05 08:54:08 kouril Exp $"); #endif void free_general_string (general_string *str) { free(*str); } void free_octet_string (octet_string *k) { free(k->data); } void free_oid (oid *k) { free(k->components); } mod_auth_kerb-5.4/spnegokrb5/spnego.asn10000644000175000000000000000244111113277171017406 0ustar xpristrootSPNEGO DEFINITIONS ::= BEGIN -- NegotiationToken ::= CHOICE { -- negTokenInit [0] NegTokenInit, -- negTokenTarg [1] NegTokenTarg } MechType::= OBJECT IDENTIFIER MechTypeList ::= SEQUENCE OF MechType ContextFlags ::= BIT STRING { delegFlag (0), mutualFlag (1), replayFlag (2), sequenceFlag (3), anonFlag (4), confFlag (5), integFlag (6) } NegTokenInit ::= SEQUENCE { mechTypes [0] MechTypeList OPTIONAL, reqFlags [1] ContextFlags OPTIONAL, mechToken [2] OCTET STRING OPTIONAL, mechListMIC [3] OCTET STRING OPTIONAL } NegTokenTarg ::= SEQUENCE { negResult [0] ENUMERATED { accept_completed (0), accept_incomplete (1), reject (2) } OPTIONAL, supportedMech [1] MechType OPTIONAL, responseToken [2] OCTET STRING OPTIONAL, mechListMIC [3] OCTET STRING OPTIONAL } END mod_auth_kerb-5.4/spnegokrb5/der_get.c0000644000175000000000000002430611113277171017110 0ustar xpristroot/* * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" #if 0 RCSID("$Id: der_get.c,v 1.2 2008/06/24 12:59:55 kouril Exp $"); #include #endif /* * All decoding functions take a pointer `p' to first position in * which to read, from the left, `len' which means the maximum number * of characters we are able to read, `ret' were the value will be * returned and `size' where the number of used bytes is stored. * Either 0 or an error code is returned. */ static int der_get_unsigned (const unsigned char *p, size_t len, unsigned *ret, size_t *size) { unsigned val = 0; size_t oldlen = len; while (len--) val = val * 256 + *p++; *ret = val; if(size) *size = oldlen; return 0; } int der_get_int (const unsigned char *p, size_t len, int *ret, size_t *size) { int val = 0; size_t oldlen = len; if (len > 0) { val = (signed char)*p++; while (--len) val = val * 256 + *p++; } *ret = val; if(size) *size = oldlen; return 0; } int der_get_length (const unsigned char *p, size_t len, size_t *val, size_t *size) { size_t v; if (len <= 0) return ASN1_OVERRUN; --len; v = *p++; if (v < 128) { *val = v; if(size) *size = 1; } else { int e; size_t l; unsigned tmp; if(v == 0x80){ *val = ASN1_INDEFINITE; if(size) *size = 1; return 0; } v &= 0x7F; if (len < v) return ASN1_OVERRUN; e = der_get_unsigned (p, v, &tmp, &l); if(e) return e; *val = tmp; if(size) *size = l + 1; } return 0; } int der_get_general_string (const unsigned char *p, size_t len, general_string *str, size_t *size) { char *s; s = malloc (len + 1); if (s == NULL) return ENOMEM; memcpy (s, p, len); s[len] = '\0'; *str = s; if(size) *size = len; return 0; } int der_get_octet_string (const unsigned char *p, size_t len, octet_string *data, size_t *size) { data->length = len; data->data = malloc(len); if (data->data == NULL && data->length != 0) return ENOMEM; memcpy (data->data, p, len); if(size) *size = len; return 0; } int der_get_oid (const unsigned char *p, size_t len, oid *data, size_t *size) { int n; size_t oldlen = len; if (len < 1) return ASN1_OVERRUN; data->components = malloc((len + 1) * sizeof(*data->components)); if (data->components == NULL && len != 0) return ENOMEM; data->components[0] = (*p) / 40; data->components[1] = (*p) % 40; --len; ++p; for (n = 2; len > 0; ++n) { unsigned u = 0; do { --len; u = u * 128 + (*p++ % 128); } while (len > 0 && p[-1] & 0x80); data->components[n] = u; } if (p[-1] & 0x80) { free_oid (data); return ASN1_OVERRUN; } data->length = n; if (size) *size = oldlen; return 0; } int der_get_tag (const unsigned char *p, size_t len, Der_class *class, Der_type *type, int *tag, size_t *size) { if (len < 1) return ASN1_OVERRUN; *class = (Der_class)(((*p) >> 6) & 0x03); *type = (Der_type)(((*p) >> 5) & 0x01); *tag = (*p) & 0x1F; if(size) *size = 1; return 0; } int der_match_tag (const unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *size) { size_t l; Der_class thisclass; Der_type thistype; int thistag; int e; e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); if (e) return e; if (class != thisclass || type != thistype) return ASN1_BAD_ID; if(tag > thistag) return ASN1_MISPLACED_FIELD; if(tag < thistag) return ASN1_MISSING_FIELD; if(size) *size = l; return 0; } int der_match_tag_and_length (const unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *length_ret, size_t *size) { size_t l, ret = 0; int e; e = der_match_tag (p, len, class, type, tag, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, length_ret, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } int decode_integer (const unsigned char *p, size_t len, int *num, size_t *size) { size_t ret = 0; size_t l, reallen; int e; e = der_match_tag (p, len, UNIV, PRIM, UT_Integer, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &reallen, &l); if (e) return e; p += l; len -= l; ret += l; if (reallen > len) return ASN1_OVERRUN; e = der_get_int (p, reallen, num, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } int decode_unsigned (const unsigned char *p, size_t len, unsigned *num, size_t *size) { size_t ret = 0; size_t l, reallen; int e; e = der_match_tag (p, len, UNIV, PRIM, UT_Integer, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &reallen, &l); if (e) return e; p += l; len -= l; ret += l; if (reallen > len) return ASN1_OVERRUN; e = der_get_unsigned (p, reallen, num, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } int decode_enumerated (const unsigned char *p, size_t len, unsigned *num, size_t *size) { size_t ret = 0; size_t l, reallen; int e; e = der_match_tag (p, len, UNIV, PRIM, UT_Enumerated, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &reallen, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_int (p, reallen, num, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } int decode_general_string (const unsigned char *p, size_t len, general_string *str, size_t *size) { size_t ret = 0; size_t l; int e; size_t slen; e = der_match_tag (p, len, UNIV, PRIM, UT_GeneralString, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &slen, &l); if (e) return e; p += l; len -= l; ret += l; if (len < slen) return ASN1_OVERRUN; e = der_get_general_string (p, slen, str, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } int decode_octet_string (const unsigned char *p, size_t len, octet_string *k, size_t *size) { size_t ret = 0; size_t l; int e; size_t slen; e = der_match_tag (p, len, UNIV, PRIM, UT_OctetString, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &slen, &l); if (e) return e; p += l; len -= l; ret += l; if (len < slen) return ASN1_OVERRUN; e = der_get_octet_string (p, slen, k, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } int decode_oid (const unsigned char *p, size_t len, oid *k, size_t *size) { size_t ret = 0; size_t l; int e; size_t slen; e = der_match_tag (p, len, UNIV, PRIM, UT_OID, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &slen, &l); if (e) return e; p += l; len -= l; ret += l; if (len < slen) return ASN1_OVERRUN; e = der_get_oid (p, slen, k, &l); if (e) return e; p += l; len -= l; ret += l; if(size) *size = ret; return 0; } static void generalizedtime2time (const char *s, time_t *t) { struct tm tm; memset(&tm, 0, sizeof(tm)); sscanf (s, "%04d%02d%02d%02d%02d%02dZ", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec); tm.tm_year -= 1900; tm.tm_mon -= 1; *t = timegm (&tm); } int decode_generalized_time (const unsigned char *p, size_t len, time_t *t, size_t *size) { octet_string k; char *times; size_t ret = 0; size_t l; int e; size_t slen; e = der_match_tag (p, len, UNIV, PRIM, UT_GeneralizedTime, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, &slen, &l); if (e) return e; p += l; len -= l; ret += l; if (len < slen) return ASN1_OVERRUN; e = der_get_octet_string (p, slen, &k, &l); if (e) return e; p += l; len -= l; ret += l; times = realloc(k.data, k.length + 1); if (times == NULL){ free(k.data); return ENOMEM; } times[k.length] = 0; generalizedtime2time (times, t); free (times); if(size) *size = ret; return 0; } int fix_dce(size_t reallen, size_t *len) { if(reallen == ASN1_INDEFINITE) return 1; if(*len < reallen) return -1; *len = reallen; return 0; } mod_auth_kerb-5.4/spnegokrb5/der.h0000644000175000000000000001341111113277171016251 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: der.h,v 1.2 2005/06/08 10:36:46 kouril Exp $ */ #ifndef __DER_H__ #define __DER_H__ #include typedef enum {UNIV = 0, APPL = 1, KERB_CTXT = 2 , PRIVATE = 3} Der_class; typedef enum {PRIM = 0, CONS = 1} Der_type; /* Universal tags */ enum { UT_Boolean = 1, UT_Integer = 2, UT_BitString = 3, UT_OctetString = 4, UT_Null = 5, UT_OID = 6, UT_Enumerated = 10, UT_Sequence = 16, UT_Set = 17, UT_PrintableString = 19, UT_IA5String = 22, UT_UTCTime = 23, UT_GeneralizedTime = 24, UT_VisibleString = 26, UT_GeneralString = 27 }; #define ASN1_INDEFINITE 0xdce0deed #ifndef HAVE_TIMEGM time_t timegm (struct tm *); #endif int time2generalizedtime (time_t t, octet_string *s); int der_get_int (const unsigned char *p, size_t len, int *ret, size_t *size); int der_get_length (const unsigned char *p, size_t len, size_t *val, size_t *size); int der_get_general_string (const unsigned char *p, size_t len, general_string *str, size_t *size); int der_get_octet_string (const unsigned char *p, size_t len, octet_string *data, size_t *size); int der_get_oid (const unsigned char *p, size_t len, oid *data, size_t *size); int der_get_tag (const unsigned char *p, size_t len, Der_class *class, Der_type *type, int *tag, size_t *size); int der_match_tag (const unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *size); int der_match_tag_and_length (const unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *length_ret, size_t *size); int decode_integer (const unsigned char*, size_t, int*, size_t*); int decode_unsigned (const unsigned char*, size_t, unsigned*, size_t*); int decode_enumerated (const unsigned char*, size_t, unsigned*, size_t*); int decode_general_string (const unsigned char*, size_t, general_string*, size_t*); int decode_oid (const unsigned char *p, size_t len, oid *k, size_t *size); int decode_octet_string (const unsigned char*, size_t, octet_string*, size_t*); int decode_generalized_time (const unsigned char*, size_t, time_t*, size_t*); int der_put_int (unsigned char *p, size_t len, int val, size_t*); int der_put_length (unsigned char *p, size_t len, size_t val, size_t*); int der_put_general_string (unsigned char *p, size_t len, const general_string *str, size_t*); int der_put_octet_string (unsigned char *p, size_t len, const octet_string *data, size_t*); int der_put_oid (unsigned char *p, size_t len, const oid *data, size_t *size); int der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t*); int der_put_length_and_tag (unsigned char*, size_t, size_t, Der_class, Der_type, int, size_t*); int encode_integer (unsigned char *p, size_t len, const int *data, size_t*); int encode_unsigned (unsigned char *p, size_t len, const unsigned *data, size_t*); int encode_enumerated (unsigned char *p, size_t len, const unsigned *data, size_t*); int encode_general_string (unsigned char *p, size_t len, const general_string *data, size_t*); int encode_octet_string (unsigned char *p, size_t len, const octet_string *k, size_t*); int encode_oid (unsigned char *p, size_t len, const oid *k, size_t*); int encode_generalized_time (unsigned char *p, size_t len, const time_t *t, size_t*); void free_integer (int *num); void free_general_string (general_string *str); void free_octet_string (octet_string *k); void free_oid (oid *k); void free_generalized_time (time_t *t); size_t length_len (size_t len); size_t length_integer (const int *data); size_t length_unsigned (const unsigned *data); size_t length_enumerated (const unsigned *data); size_t length_general_string (const general_string *data); size_t length_octet_string (const octet_string *k); size_t length_oid (const oid *k); size_t length_generalized_time (const time_t *t); int copy_general_string (const general_string *from, general_string *to); int copy_octet_string (const octet_string *from, octet_string *to); int copy_oid (const oid *from, oid *to); int fix_dce(size_t reallen, size_t *len); #endif /* __DER_H__ */ mod_auth_kerb-5.4/spnegokrb5/timegm.c0000644000175000000000000000460111113277171016755 0ustar xpristroot/* * Copyright (c) 1997 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" #if 0 RCSID("$Id: timegm.c,v 1.1 2003/09/05 08:54:08 kouril Exp $"); #endif #ifndef HAVE_TIMEGM static int is_leap(unsigned y) { y += 1900; return (y % 4) == 0 && ((y % 100) != 0 || (y % 400) == 0); } time_t timegm (struct tm *tm) { static const unsigned ndays[2][12] ={ {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}}; time_t res = 0; unsigned i; for (i = 70; i < tm->tm_year; ++i) res += is_leap(i) ? 366 : 365; for (i = 0; i < tm->tm_mon; ++i) res += ndays[is_leap(tm->tm_year)][i]; res += tm->tm_mday - 1; res *= 24; res += tm->tm_hour; res *= 60; res += tm->tm_min; res *= 60; res += tm->tm_sec; return res; } #endif /* HAVE_TIMEGM */ mod_auth_kerb-5.4/spnegokrb5/decapsulate.c0000644000175000000000000000632711113277171017774 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "spnegokrb5_locl.h" #if 0 RCSID("$Id: decapsulate.c,v 1.3 2006/08/15 11:34:49 kouril Exp $"); #endif static OM_uint32 gssapi_verify_mech_header(u_char **str, size_t total_len, const gss_OID mech) { size_t len, len_len, mech_len, foo; int e; u_char *p = *str; if (total_len < 1) return GSS_S_DEFECTIVE_TOKEN; if (*p++ != 0x60) return GSS_S_DEFECTIVE_TOKEN; e = der_get_length (p, total_len - 1, &len, &len_len); if (e || 1 + len_len + len != total_len) return GSS_S_DEFECTIVE_TOKEN; p += len_len; if (*p++ != 0x06) return GSS_S_DEFECTIVE_TOKEN; e = der_get_length (p, total_len - 1 - len_len - 1, &mech_len, &foo); if (e) return GSS_S_DEFECTIVE_TOKEN; p += foo; if (mech_len != mech->length) return GSS_S_BAD_MECH; if (memcmp(p, mech->elements, mech->length) != 0) return GSS_S_BAD_MECH; p += mech_len; *str = p; return GSS_S_COMPLETE; } /* * Remove the GSS-API wrapping from `in_token' giving `buf and buf_size' * Does not copy data, so just free `in_token'. */ OM_uint32 gssapi_spnego_decapsulate( OM_uint32 *minor_status, gss_buffer_t input_token_buffer, unsigned char **buf, size_t *buf_len, const gss_OID mech ) { u_char *p; OM_uint32 ret; p = input_token_buffer->value; ret = gssapi_verify_mech_header(&p, input_token_buffer->length, mech); if (ret) { *minor_status = ret; return GSS_S_FAILURE; } *buf_len = input_token_buffer->length - (p - (u_char *)input_token_buffer->value); *buf = p; return GSS_S_COMPLETE; } mod_auth_kerb-5.4/spnegokrb5/asn1_NegTokenInit.c0000644000175000000000000001430611113277171020756 0ustar xpristroot/* Generated from spnego.asn1 */ /* Do not edit */ #include #include #include #include #include #include #include #include #include #define BACK if (e) return e; p -= l; len -= l; ret += l int encode_NegTokenInit(unsigned char *p, size_t len, const NegTokenInit *data, size_t *size) { size_t ret = 0; size_t l; int i, e; i = 0; if((data)->mechListMIC) { int oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->mechListMIC, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 3, &l); BACK; ret += oldret; } if((data)->mechToken) { int oldret = ret; ret = 0; e = encode_octet_string(p, len, (data)->mechToken, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 2, &l); BACK; ret += oldret; } if((data)->reqFlags) { int oldret = ret; ret = 0; e = encode_ContextFlags(p, len, (data)->reqFlags, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 1, &l); BACK; ret += oldret; } if((data)->mechTypes) { int oldret = ret; ret = 0; e = encode_MechTypeList(p, len, (data)->mechTypes, &l); BACK; e = der_put_length_and_tag (p, len, ret, KERB_CTXT, CONS, 0, &l); BACK; ret += oldret; } e = der_put_length_and_tag (p, len, ret, UNIV, CONS, UT_Sequence, &l); BACK; *size = ret; return 0; } #define FORW if(e) goto fail; p += l; len -= l; ret += l int decode_NegTokenInit(const unsigned char *p, size_t len, NegTokenInit *data, size_t *size) { size_t ret = 0, reallen; size_t l; int e; memset(data, 0, sizeof(*data)); reallen = 0; e = der_match_tag_and_length (p, len, UNIV, CONS, UT_Sequence,&reallen, &l); FORW; { int dce_fix; if((dce_fix = fix_dce(reallen, &len)) < 0) return ASN1_BAD_FORMAT; { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 0, &l); if (e) (data)->mechTypes = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->mechTypes = malloc(sizeof(*(data)->mechTypes)); if((data)->mechTypes == NULL) return ENOMEM; e = decode_MechTypeList(p, len, (data)->mechTypes, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 1, &l); if (e) (data)->reqFlags = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->reqFlags = malloc(sizeof(*(data)->reqFlags)); if((data)->reqFlags == NULL) return ENOMEM; e = decode_ContextFlags(p, len, (data)->reqFlags, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 2, &l); if (e) (data)->mechToken = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->mechToken = malloc(sizeof(*(data)->mechToken)); if((data)->mechToken == NULL) return ENOMEM; e = decode_octet_string(p, len, (data)->mechToken, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } { size_t newlen, oldlen; e = der_match_tag (p, len, KERB_CTXT, CONS, 3, &l); if (e) (data)->mechListMIC = NULL; else { p += l; len -= l; ret += l; e = der_get_length (p, len, &newlen, &l); FORW; { int dce_fix; oldlen = len; if((dce_fix = fix_dce(newlen, &len)) < 0)return ASN1_BAD_FORMAT; (data)->mechListMIC = malloc(sizeof(*(data)->mechListMIC)); if((data)->mechListMIC == NULL) return ENOMEM; e = decode_octet_string(p, len, (data)->mechListMIC, &l); FORW; if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; }else len = oldlen - newlen; } } } if(dce_fix){ e = der_match_tag_and_length (p, len, (Der_class)0, (Der_type)0, 0, &reallen, &l); FORW; } } if(size) *size = ret; return 0; fail: free_NegTokenInit(data); return e; } void free_NegTokenInit(NegTokenInit *data) { if((data)->mechTypes) { free_MechTypeList((data)->mechTypes); free((data)->mechTypes); } if((data)->reqFlags) { free_ContextFlags((data)->reqFlags); free((data)->reqFlags); } if((data)->mechToken) { free_octet_string((data)->mechToken); free((data)->mechToken); } if((data)->mechListMIC) { free_octet_string((data)->mechListMIC); free((data)->mechListMIC); } } size_t length_NegTokenInit(const NegTokenInit *data) { size_t ret = 0; if((data)->mechTypes){ int oldret = ret; ret = 0; ret += length_MechTypeList((data)->mechTypes); ret += 1 + length_len(ret) + oldret; } if((data)->reqFlags){ int oldret = ret; ret = 0; ret += length_ContextFlags((data)->reqFlags); ret += 1 + length_len(ret) + oldret; } if((data)->mechToken){ int oldret = ret; ret = 0; ret += length_octet_string((data)->mechToken); ret += 1 + length_len(ret) + oldret; } if((data)->mechListMIC){ int oldret = ret; ret = 0; ret += length_octet_string((data)->mechListMIC); ret += 1 + length_len(ret) + oldret; } ret += 1 + length_len(ret); return ret; } int copy_NegTokenInit(const NegTokenInit *from, NegTokenInit *to) { if((from)->mechTypes) { (to)->mechTypes = malloc(sizeof(*(to)->mechTypes)); if((to)->mechTypes == NULL) return ENOMEM; if(copy_MechTypeList((from)->mechTypes, (to)->mechTypes)) return ENOMEM; }else (to)->mechTypes = NULL; if((from)->reqFlags) { (to)->reqFlags = malloc(sizeof(*(to)->reqFlags)); if((to)->reqFlags == NULL) return ENOMEM; if(copy_ContextFlags((from)->reqFlags, (to)->reqFlags)) return ENOMEM; }else (to)->reqFlags = NULL; if((from)->mechToken) { (to)->mechToken = malloc(sizeof(*(to)->mechToken)); if((to)->mechToken == NULL) return ENOMEM; if(copy_octet_string((from)->mechToken, (to)->mechToken)) return ENOMEM; }else (to)->mechToken = NULL; if((from)->mechListMIC) { (to)->mechListMIC = malloc(sizeof(*(to)->mechListMIC)); if((to)->mechListMIC == NULL) return ENOMEM; if(copy_octet_string((from)->mechListMIC, (to)->mechListMIC)) return ENOMEM; }else (to)->mechListMIC = NULL; return 0; } mod_auth_kerb-5.4/spnegokrb5/asn1-common.h0000644000175000000000000000056311113277171017633 0ustar xpristroot/* $Id: asn1-common.h,v 1.1 2003/09/05 08:54:08 kouril Exp $ */ #include #include #ifndef __asn1_common_definitions__ #define __asn1_common_definitions__ typedef struct octet_string { size_t length; void *data; } octet_string; typedef char *general_string; typedef struct oid { size_t length; unsigned *components; } oid; #endif mod_auth_kerb-5.4/spnegokrb5/asn1_ContextFlags.c0000644000175000000000000000531011113277171021014 0ustar xpristroot/* Generated from spnego.asn1 */ /* Do not edit */ #include #include #include #include #include #include #include #include #include #define BACK if (e) return e; p -= l; len -= l; ret += l int encode_ContextFlags(unsigned char *p, size_t len, const ContextFlags *data, size_t *size) { size_t ret = 0; size_t l; int i, e; i = 0; { unsigned char c = 0; *p-- = c; len--; ret++; c = 0; *p-- = c; len--; ret++; c = 0; *p-- = c; len--; ret++; c = 0; if(data->integFlag) c |= 1<<1; if(data->confFlag) c |= 1<<2; if(data->anonFlag) c |= 1<<3; if(data->sequenceFlag) c |= 1<<4; if(data->replayFlag) c |= 1<<5; if(data->mutualFlag) c |= 1<<6; if(data->delegFlag) c |= 1<<7; *p-- = c; *p-- = 0; len -= 2; ret += 2; } e = der_put_length_and_tag (p, len, ret, UNIV, PRIM,UT_BitString, &l); BACK; *size = ret; return 0; } #define FORW if(e) goto fail; p += l; len -= l; ret += l int decode_ContextFlags(const unsigned char *p, size_t len, ContextFlags *data, size_t *size) { size_t ret = 0, reallen; size_t l; int e; memset(data, 0, sizeof(*data)); reallen = 0; e = der_match_tag_and_length (p, len, UNIV, PRIM, UT_BitString,&reallen, &l); FORW; if(len < reallen) return ASN1_OVERRUN; p++; len--; reallen--; ret++; data->delegFlag = (*p >> 7) & 1; data->mutualFlag = (*p >> 6) & 1; data->replayFlag = (*p >> 5) & 1; data->sequenceFlag = (*p >> 4) & 1; data->anonFlag = (*p >> 3) & 1; data->confFlag = (*p >> 2) & 1; data->integFlag = (*p >> 1) & 1; p += reallen; len -= reallen; ret += reallen; if(size) *size = ret; return 0; fail: free_ContextFlags(data); return e; } void free_ContextFlags(ContextFlags *data) { } size_t length_ContextFlags(const ContextFlags *data) { size_t ret = 0; ret += 7; return ret; } int copy_ContextFlags(const ContextFlags *from, ContextFlags *to) { *(to) = *(from); return 0; } unsigned ContextFlags2int(ContextFlags f) { unsigned r = 0; if(f.delegFlag) r |= (1U << 0); if(f.mutualFlag) r |= (1U << 1); if(f.replayFlag) r |= (1U << 2); if(f.sequenceFlag) r |= (1U << 3); if(f.anonFlag) r |= (1U << 4); if(f.confFlag) r |= (1U << 5); if(f.integFlag) r |= (1U << 6); return r; } ContextFlags int2ContextFlags(unsigned n) { ContextFlags flags; flags.delegFlag = (n >> 0) & 1; flags.mutualFlag = (n >> 1) & 1; flags.replayFlag = (n >> 2) & 1; flags.sequenceFlag = (n >> 3) & 1; flags.anonFlag = (n >> 4) & 1; flags.confFlag = (n >> 5) & 1; flags.integFlag = (n >> 6) & 1; return flags; } struct units ContextFlags_units[] = { {"integFlag", 1U << 6}, {"confFlag", 1U << 5}, {"anonFlag", 1U << 4}, {"sequenceFlag", 1U << 3}, {"replayFlag", 1U << 2}, {"mutualFlag", 1U << 1}, {"delegFlag", 1U << 0}, {NULL, 0} }; mod_auth_kerb-5.4/spnegokrb5/asn1_err.et0000644000175000000000000000143511113277171017375 0ustar xpristroot# # Error messages for the asn.1 library # # This might look like a com_err file, but is not # id "$Id: asn1_err.et,v 1.1 2003/09/05 09:16:50 kouril Exp $" error_table asn1 prefix ASN1 error_code BAD_TIMEFORMAT, "ASN.1 failed call to system time library" error_code MISSING_FIELD, "ASN.1 structure is missing a required field" error_code MISPLACED_FIELD, "ASN.1 unexpected field number" error_code TYPE_MISMATCH, "ASN.1 type numbers are inconsistent" error_code OVERFLOW, "ASN.1 value too large" error_code OVERRUN, "ASN.1 encoding ended unexpectedly" error_code BAD_ID, "ASN.1 identifier doesn't match expected value" error_code BAD_LENGTH, "ASN.1 length doesn't match expected value" error_code BAD_FORMAT, "ASN.1 badly-formatted encoding" error_code PARSE_ERROR, "ASN.1 parse error" end mod_auth_kerb-5.4/spnegokrb5/external.c0000644000175000000000000000050511113277171017314 0ustar xpristroot#include "spnegokrb5_locl.h" static gss_OID_desc gss_krb5_mech_oid_desc = {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; gss_OID GSS_KRB5_MECH = &gss_krb5_mech_oid_desc; static gss_OID_desc gss_spnego_mech_oid_desc = {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; gss_OID GSS_SPNEGO_MECH = &gss_spnego_mech_oid_desc; mod_auth_kerb-5.4/spnegokrb5/accept_sec_context.c0000644000175000000000000001431611113277171021334 0ustar xpristroot/* * SPNEGO wrapper for Kerberos5 GSS-API * kouril@ics.muni.cz, 2003 * (mostly based on Heimdal code) */ #include "spnegokrb5_locl.h" #define OID_cmp(o1, o2) \ (((o1)->length == (o2)->length) && \ (memcmp((o1)->components, (o2)->components,(int) (o1)->length) == 0)) static OM_uint32 code_NegTokenArg(OM_uint32 *minor_status, const NegTokenTarg *targ, unsigned char **outbuf, size_t *outbuf_size) { OM_uint32 ret; u_char *buf; size_t buf_size, buf_len; buf_size = 1024; buf = malloc(buf_size); if (buf == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } do { ret = encode_NegTokenTarg(buf + buf_size -1, buf_size, targ, &buf_len); if (ret == 0) { size_t tmp; ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, buf_size - buf_len, buf_len, KERB_CTXT, CONS, 1, &tmp); if (ret == 0) buf_len += tmp; } if (ret) { if (ret == ASN1_OVERFLOW) { u_char *tmp; buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { *minor_status = ENOMEM; free(buf); return GSS_S_FAILURE; } buf = tmp; } else { *minor_status = ret; free(buf); return GSS_S_FAILURE; } } } while (ret == ASN1_OVERFLOW); *outbuf = malloc(buf_len); if (*outbuf == NULL) { *minor_status = ENOMEM; free(buf); return GSS_S_FAILURE; } memcpy(*outbuf, buf + buf_size - buf_len, buf_len); *outbuf_size = buf_len; free(buf); return GSS_S_COMPLETE; } static OM_uint32 send_reject (OM_uint32 *minor_status, gss_buffer_t output_token) { NegTokenTarg targ; OM_uint32 ret; targ.negResult = malloc(sizeof(*targ.negResult)); if (targ.negResult == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } *(targ.negResult) = reject; targ.supportedMech = NULL; targ.responseToken = NULL; targ.mechListMIC = NULL; ret = code_NegTokenArg (minor_status, &targ, (unsigned char**) &output_token->value, &output_token->length); free_NegTokenTarg(&targ); if (ret) return ret; return GSS_S_BAD_MECH; } static OM_uint32 send_accept (OM_uint32 *minor_status, gss_buffer_t output_token, gss_buffer_t mech_token) { NegTokenTarg targ; OM_uint32 ret; memset(&targ, 0, sizeof(targ)); targ.negResult = malloc(sizeof(*targ.negResult)); if (targ.negResult == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } *(targ.negResult) = accept_completed; targ.supportedMech = malloc(sizeof(*targ.supportedMech)); if (targ.supportedMech == NULL) { free_NegTokenTarg(&targ); *minor_status = ENOMEM; return GSS_S_FAILURE; } ret = der_get_oid(GSS_KRB5_MECH->elements, GSS_KRB5_MECH->length, targ.supportedMech, NULL); if (ret) { free_NegTokenTarg(&targ); *minor_status = ENOMEM; return GSS_S_FAILURE; } if (mech_token != NULL && mech_token->length != 0) { targ.responseToken = malloc(sizeof(*targ.responseToken)); if (targ.responseToken == NULL) { free_NegTokenTarg(&targ); *minor_status = ENOMEM; return GSS_S_FAILURE; } targ.responseToken->length = mech_token->length; targ.responseToken->data = mech_token->value; mech_token->length = 0; mech_token->value = NULL; } else { targ.responseToken = NULL; } ret = code_NegTokenArg (minor_status, &targ, (unsigned char **) &output_token->value, &output_token->length); free_NegTokenTarg(&targ); if (ret) return ret; return GSS_S_COMPLETE; } OM_uint32 KRB5_LIB_FUNCTION gss_accept_sec_context_spnego (OM_uint32 * minor_status, gss_ctx_id_t * context_handle, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t input_token_buffer, const gss_channel_bindings_t input_chan_bindings, gss_name_t * src_name, gss_OID * mech_type, gss_buffer_t output_token, OM_uint32 * ret_flags, OM_uint32 * time_rec, gss_cred_id_t * delegated_cred_handle) { NegTokenInit init_token; OM_uint32 major_status; OM_uint32 minor_status2; gss_buffer_desc ibuf, obuf; gss_buffer_t ot = NULL; unsigned char *buf; size_t buf_size; size_t len, taglen, ni_len; int found = 0; int ret, i; memset(&init_token, 0, sizeof(init_token)); ret = gssapi_spnego_decapsulate(minor_status, input_token_buffer, &buf, &buf_size, GSS_SPNEGO_MECH); if (ret) return ret; ret = der_match_tag_and_length(buf, buf_size, KERB_CTXT, CONS, 0, &len, &taglen); if (ret) return ret; ret = decode_NegTokenInit(buf + taglen, len, &init_token, &ni_len); if (ret) { *minor_status = EINVAL; /* XXX */ return GSS_S_DEFECTIVE_TOKEN; } if (init_token.mechTypes == NULL) return send_reject (minor_status, output_token); for (i = 0; !found && i < init_token.mechTypes->len; ++i) { unsigned char mechbuf[17]; size_t mech_len; ret = der_put_oid (mechbuf + sizeof(mechbuf) - 1, sizeof(mechbuf), &init_token.mechTypes->val[i], &mech_len); if (ret) return GSS_S_DEFECTIVE_TOKEN; if (mech_len == GSS_KRB5_MECH->length && memcmp(GSS_KRB5_MECH->elements, mechbuf + sizeof(mechbuf) - mech_len, mech_len) == 0) found = 1; } if (!found) return send_reject (minor_status, output_token); if (init_token.mechToken != NULL) { ibuf.length = init_token.mechToken->length; ibuf.value = init_token.mechToken->data; major_status = gss_accept_sec_context(minor_status, context_handle, acceptor_cred_handle, &ibuf, input_chan_bindings, src_name, mech_type, &obuf, ret_flags, time_rec, delegated_cred_handle); if (GSS_ERROR(major_status)) { send_reject (&minor_status2, output_token); return major_status; } ot = &obuf; } ret = send_accept (&minor_status2, output_token, ot); if (ot != NULL) gss_release_buffer(&minor_status2, ot); return ret; } mod_auth_kerb-5.4/spnegokrb5/spnego_asn1.h0000644000175000000000000001073511113277171017722 0ustar xpristroot/* Generated from spnego.asn1 */ /* Do not edit */ #ifndef __spnego_asn1_h__ #define __spnego_asn1_h__ #include #include #include #ifndef __asn1_common_definitions__ #define __asn1_common_definitions__ typedef struct octet_string { size_t length; void *data; } octet_string; typedef char *general_string; typedef struct oid { size_t length; unsigned *components; } oid; #define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ do { \ (BL) = length_##T((S)); \ (B) = malloc((BL)); \ if((B) == NULL) { \ (R) = ENOMEM; \ } else { \ (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ (S), (L)); \ if((R) != 0) { \ free((B)); \ (B) = NULL; \ } \ } \ } while (0) #endif /* MechType ::= OBJECT IDENTIFIER */ typedef oid MechType; int encode_MechType(unsigned char *, size_t, const MechType *, size_t *); int decode_MechType(const unsigned char *, size_t, MechType *, size_t *); void free_MechType (MechType *); size_t length_MechType(const MechType *); int copy_MechType (const MechType *, MechType *); /* MechTypeList ::= SEQUENCE OF MechType */ typedef struct MechTypeList { unsigned int len; MechType *val; } MechTypeList; int encode_MechTypeList(unsigned char *, size_t, const MechTypeList *, size_t *); int decode_MechTypeList(const unsigned char *, size_t, MechTypeList *, size_t *); void free_MechTypeList (MechTypeList *); size_t length_MechTypeList(const MechTypeList *); int copy_MechTypeList (const MechTypeList *, MechTypeList *); /* ContextFlags ::= BIT STRING { delegFlag(0), mutualFlag(1), replayFlag(2), sequenceFlag(3), anonFlag(4), confFlag(5), integFlag(6) } */ typedef struct ContextFlags { unsigned int delegFlag:1; unsigned int mutualFlag:1; unsigned int replayFlag:1; unsigned int sequenceFlag:1; unsigned int anonFlag:1; unsigned int confFlag:1; unsigned int integFlag:1; } ContextFlags; int encode_ContextFlags(unsigned char *, size_t, const ContextFlags *, size_t *); int decode_ContextFlags(const unsigned char *, size_t, ContextFlags *, size_t *); void free_ContextFlags (ContextFlags *); size_t length_ContextFlags(const ContextFlags *); int copy_ContextFlags (const ContextFlags *, ContextFlags *); unsigned ContextFlags2int(ContextFlags); ContextFlags int2ContextFlags(unsigned); extern struct units ContextFlags_units[]; /* NegTokenInit ::= SEQUENCE { mechTypes[0] MechTypeList OPTIONAL, reqFlags[1] ContextFlags OPTIONAL, mechToken[2] OCTET STRING OPTIONAL, mechListMIC[3] OCTET STRING OPTIONAL } */ typedef struct NegTokenInit { MechTypeList *mechTypes; ContextFlags *reqFlags; octet_string *mechToken; octet_string *mechListMIC; } NegTokenInit; int encode_NegTokenInit(unsigned char *, size_t, const NegTokenInit *, size_t *); int decode_NegTokenInit(const unsigned char *, size_t, NegTokenInit *, size_t *); void free_NegTokenInit (NegTokenInit *); size_t length_NegTokenInit(const NegTokenInit *); int copy_NegTokenInit (const NegTokenInit *, NegTokenInit *); /* NegTokenTarg ::= SEQUENCE { negResult[0] ENUMERATED { accept_completed(0), accept_incomplete(1), reject(2) } OPTIONAL, supportedMech[1] MechType OPTIONAL, responseToken[2] OCTET STRING OPTIONAL, mechListMIC[3] OCTET STRING OPTIONAL } */ typedef struct NegTokenTarg { enum { accept_completed = 0, accept_incomplete = 1, reject = 2 } *negResult; MechType *supportedMech; octet_string *responseToken; octet_string *mechListMIC; } NegTokenTarg; int encode_NegTokenTarg(unsigned char *, size_t, const NegTokenTarg *, size_t *); int decode_NegTokenTarg(const unsigned char *, size_t, NegTokenTarg *, size_t *); void free_NegTokenTarg (NegTokenTarg *); size_t length_NegTokenTarg(const NegTokenTarg *); int copy_NegTokenTarg (const NegTokenTarg *, NegTokenTarg *); #endif /* __spnego_asn1_h__ */ mod_auth_kerb-5.4/spnegokrb5/der_locl.h0000644000175000000000000000406411113277171017266 0ustar xpristroot/* * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $Id: der_locl.h,v 1.2 2003/09/05 09:16:50 kouril Exp $ */ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include #include #include #include /* #include */ #include #include #include #endif /* __DER_LOCL_H__ */ mod_auth_kerb-5.4/spnegokrb5/spnegokrb5_locl.h0000644000175000000000000000160711113277171020573 0ustar xpristroot#include #include #include #include "config.h" #if HAVE_SYS_TYPES_H #include #endif #ifdef HEIMDAL # include #else # include # include #endif #include #include #include #include #define ALLOC(X) (X) = calloc(1, sizeof(*(X))) extern gss_OID GSS_KRB5_MECH; extern gss_OID GSS_SPNEGO_MECH; OM_uint32 gssapi_spnego_encapsulate( OM_uint32 *, unsigned char *, size_t, gss_buffer_t, const gss_OID); OM_uint32 gssapi_spnego_decapsulate( OM_uint32 *, gss_buffer_t, unsigned char **, size_t *, const gss_OID); mod_auth_kerb-5.4/ChangeLog0000644000000000000000000000062411115726376014450 0ustar rootroot-- 5.4 -- *implemented KrbServiceName Any to deal with multiple keytab entries for various browsers *implemented KrbLocalUserMapping i.e. to strip @REALM from username for further use *implemented already_succeeded function to avoid hammering the KDC with same auth requests in single connection *fixed threading issues *improved configure and Makefile scripts (mainly for BSD users) *fixed minor issues mod_auth_kerb-5.4/Makefile.in0000644000175000000000000000202411115240416015304 0ustar xpristrootAPXS = @APXS@ KRB5_CPPFLAGS = @KRB5_CPPFLAGS@ KRB5_LDFLAGS = @KRB5_LDFLAGS@ KRB4_CPPFLAGS = @KRB4_CPPFLAGS@ KRB4_LDFLAGS = @KRB4_LDFLAGS@ LIB_resolv = @LIB_resolv@ SPNEGO_SRCS = @SPNEGO_SRCS@ CPPFLAGS = -I. -Ispnegokrb5 $(KRB5_CPPFLAGS) $(KRB4_CPPFLAGS) $(DEFS) LDFLAGS = $(KRB5_LDFLAGS) $(KRB4_LDFLAGS) $(LIB_resolv) CFLAGS = all: src/mod_auth_kerb.so src/mod_auth_kerb.so: src/mod_auth_kerb.c $(SPNEGO_SRCS) ./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c" "src/mod_auth_kerb.c" install: ./apxs.sh "${CPPFLAGS}" "${LDFLAGS}" "${SPNEGO_SRCS}" "${APXS}" "-c -i" "src/mod_auth_kerb.c" clean: for i in . src spnegokrb5; do \ $(RM) $$i/*.{o,so,a,la,lo,slo} core; \ $(RM) -rf $$i/.libs; \ done distclean: clean $(RM) config.h config.status Makefile config.log $(RM) -rf autom4te.cache make_release: echo "Did you increase version numbers?" autoconf $(RM) -rf autom4te.cache $(RM) -rf .cvsignore spnegokrb5/.cvsignore src/.cvsignore $(RM) -rf CVS spnegokrb5/CVS src/CVS .PHONY: all install clean distclean mod_auth_kerb-5.4/README0000644000175000000000000001452411113277171014135 0ustar xpristrootMod_auth_kerb (http://modauthkerb.sourceforge.net/) is an Apache module designed to provide Kerberos authentication to the Apache web server. Using the Basic Auth mechanism, it retrieves a username/password pair from the browser and checks them against a Kerberos server as set up by your particular organization. The module also supports the Negotiate authentication method, which performs full Kerberos authentication based on ticket exchanges, and does not require users to insert their passwords to the browser. In order to use the Negotiate method you need a browser supporting it (currently standard IE6.0 or Mozilla with the negotiateauth extension (http://negotiateauth.mozdev.org/). The module supports both kerberos4 and kerberos5 protocols for password verification. The Negotiate mechanism can be only used with Kerberos v5. The module supports both 1.x and 2.x versions of Apache. If you are using the Basic Auth mechanism, the module does not do any special encryption of any sort. The passing of the username and password is done with the same Base64 encoding that Basic Auth uses. This can easily be converted to plain text. To counter this, I would suggest also using mod_ssl or Apache-SSL. The use of SSL encryption is also recommended if you are using the Negotiate method. Building and installing the module ---------------------------------- see INSTALL Summary of Supported Directives ------------------------------- AuthType type For Kerberos authentication to work, AuthType must be set to 'Kerberos'. For the reasons of backwards compatibility the values KerberosV4 and KerberosV5 are also supported. Their use is not recommended though, for finer setting use following three options. KrbMethodNegotiate on | off (set to on by default) To enable or disable the use of the Negotiate method. You need a special support on the browser side to support this mechanism. KrbMethodK5Passwd on | off (set to on by default) To enable or disable the use of password based authentication for Kerberos v5. KrbMethodK4Passwd on | off (set to on by default) To enable or disable the use of password based authentication for Kerberos v4. KrbAuthoritative on | off (set to on by default) If set to off this directive allow authentication controls to be pass on to another modules. Use only if you really know what you are doing. KrbAuthRealms realm1 [realm2 ... realmN] This option takes one or more arguments (separated by spaces), specifying the Kerberos realm(s) to be used for authentication. This defaults to the default realm taken from the local Kerberos configuration. KrbVerifyKDC on | off (set to on by default) This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing atacks. It should be used only for testing purposes. You have been warned. KrbServiceName server_principal Specifies a principal name to use by Apache when authenticating the clients. By default value of the form HTTP/@ is used. The FQDN part can contain any hostname and can be used to work around problems with misconfigured DNS. A corresponding key of this name must be stored in the keytab. If this option is set to 'Any', then any prinicpal from the keytab which matches the client's request may be used. Krb4Srvtab /path/to/srvtab This option takes one argument, specifying the path to the Kerberos V4 srvtab. It will simply use the "default srvtab" from Kerberos V4's configuration if this option is not specified. The srvtab must be readable for the apache process, and should be different from srvtabs containing keys for other services. Krb5Keytab /path/to/keytab This option takes one argument, specifying the location of the Kerberos V5 keytab file. It will use the "default keytab" from Kerberos V5's config if it is not specified here. The keytab file must be readable for the apache process, and should be different from other keytabs in the system. KrbSaveCredentials on | off (set to off by default) This option enables credential saving functionality. KrbDelegateBasic on | off (set to off by default) If set to 'on' this options causes that Basic authentication is always offered regardless setting the KrbMethodK[45]Pass directives. Then, if a Basic authentication header arrives authentication decision is passed along to another modules. This option is a work-around for insufficient authentication scheme in Apache (Apache 2.1 seems to provide better support for multiple various authentication mechanisms). Note on server principals ------------------------- Now you have to create an service key for the module, which is needed to perform client authentication. Verification of the kerberos password has two steps. In the first one the KDC is contacted using the password trying to receive a ticket for the client. After this ticket is sucessfuly acquired, the module must also verify that KDC hasn't been deliberately faked and the ticket just received can be trusted. If this check would haven't been done any attacker capable of spoofing the KDC could impersonate any principal registered with the KDC. In order to do this check the apache module must verify that the KDC knows its service key, which the apache shares with the KDC. This service key must be created during configuration the module. This service key is also needed when the Negotiate method is used. In this case the module acts as a standard kerberos service (similarly to e.g. kerberized ssh or ftp servers). Default name of the service key is HTTP/@REALM, another name of the first instance can be set using the KrbServiceName option. The key must be stored in a keytab on a local disk, the Krb5Keytab and Krb4Srvtab options are used to specify the filename with the keytab. This file should be only readable for the apache process and contain only the key used for www authentication. Ticket File/Credential Cache Saving ----------------------------------- Sometimes there is need to keep the ticket file or credential cache around after a user authenticates, normally for cgi scripts. If you turn on KrbSaveCredentials, the tickets will be retrieved into a ticket file or credential cache that will be available for the request handler. The ticket file will be removed after request is handled. $Id: README,v 1.12 2008/09/17 14:01:55 baalberith Exp $