HESPREFIX/include and HESPREFIX/lib are the directories you have the
Hesiod libraries installed in.
-If your site has a Kerberos 4 service, you can enable Kerberos support
-by adding the option "--with-krb4=KRBPREFIX" to the configure line,
-where KRBPREFIX/include and KRBPREFIX/lib are the direcetories you
+If your site has a Kerberos 5 service, you can enable Kerberos 5 support
+by adding the option "--with-krb5=KRBPREFIX" to the configure line,
+where KRBPREFIX/include and KRBPREFIX/lib are the directories you
have the Kerberos libraries installed in.
+If your site has a Kerberos 4 service, you can enable Kerberos 4 support
+by adding the option "--with-krb4=KRBPREFIX" to the configure line,
+where KRBPREFIX/include and KRBPREFIX/lib are the directories you
+have the Kerberos libraries installed in. Note that this is
+deprecated, and should only be enabled for transitions.
+
+If you build with both krb5 and krb4, you will get a client that only
+knows how to authenticate with krb5 servers, but a server that can
+understand authentication from both krb4 and krb5 clients.
+
+If you want/need a krb4 client, you have to build without krb5.
+
If you have a make which supports VPATH in a manner compatible with
GNU make, you can build in a separate directory. Simply invoke the
configure script from within the build directory and configure will
We have tried to make Zephyr as portable as is reasonably possible,
but have not taken into account every possible kind of system. If you
have any problems building or installing Zephyr according to these
-instructions, please send mail to zephyr-bugs@mit.edu.
-
+instructions, please go to http://zephyr.1ts.org and open a ticket.
build:
$(MAKE) all
- $(MAKE) check
-all:
- for i in ${SUBDIRS}; do (cd $$i; ${MAKE} $@) || exit 1; done
-
-check clean:
+all check clean:
for i in ${SUBDIRS}; do (cd $$i; ${MAKE} $@) || exit 1; done
install:
in the configuration directory (which is /etc/athena/zephyr if you
configured with --enable-athena, or /usr/local/etc/zephyr if you
installed Zephyr in /usr/local and didn't use --enable-athena). This
-file should contain a list of the servers, one per line.
-
-3. If you configured Zephyr with Kerberos 4 support, make a service
-key "zephyr.zephyr@<your realm>" and install a srvtab for that service
-as "srvtab" in the configuration directory of each of your zephyr
-servers.
+file should contain a list of the servers, one per line. The server
+will read and use this file if it exists even if the server was built
+with hesiod support.
+
+3. If you configured Zephyr with Kerberos 5 support, make a service
+key "zephyr/zephyr@<your realm>" and install a keytab for that service
+as "krb5.keytab" in the configuration directory of each of your zephyr
+servers. Note that you need to ktadd the keytab only once and copy it
+around; the files on all the servers should be identical.
4. Start zephyrd from the system binary directory (/usr/athena/etc if
you configured with --enable-athena, /usr/local/sbin if you installed
-This is an alpha release of version 3.0 of the Project Athena Zephyr
+This is a release candidate of version 3.0 of the Project Athena Zephyr
notification system.
Zephyr allows users to send messages to other users or to groups of
Please read the file NOTES before making any modifications to the
source tree.
---Greg Hudson
-ghudson@mit.edu
-
+--Karl Ramm
+http://zephyr.1ts.org/
username", you are sending a message to <MESSAGE,PERSONAL,username>.
If you don't specify a username on the zwrite command line, you will
be sending to the recipient "*", so when you use "zwrite -c newclass",
-you are sending a message to <newclass,PERSONAL,username>.
+you are sending a message to <newclass,PERSONAL,*>.
Similarly, every time you request a subscription, you are subscribing
to a class, an instance, and a recipient. The recipient must be
*
* Created by: Robert French
*
- * $Id: zaway.c 2337 2009-03-22 21:03:21Z kcr $
+ * $Id: zaway.c 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987, 1993 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <zephyr/mit-copyright.h>
#include <zephyr/zephyr.h>
#include <pwd.h>
-#include <com_err.h>
#ifndef lint
-static const char rcsid_zaway_c[] = "$Id: zaway.c 2337 2009-03-22 21:03:21Z kcr $";
+static const char rcsid_zaway_c[] = "$Id: zaway.c 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $";
#endif
#define MESSAGE_CLASS "MESSAGE"
*
* Created by: Robert French
*
- * $Id: zctl.c 2333 2009-03-22 18:30:19Z kcr $
+ * $Id: zctl.c 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <sysdep.h>
#include <zephyr/zephyr.h>
#include <ss/ss.h>
-#include <com_err.h>
#include <pwd.h>
#include <netdb.h>
#ifndef lint
-static const char rcsid_zctl_c[] = "$Id: zctl.c 2333 2009-03-22 18:30:19Z kcr $";
+static const char rcsid_zctl_c[] = "$Id: zctl.c 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $";
#endif
#define SUBSATONCE 7
exit((code != 0));
}
- printf("ZCTL $Revision: 2333 $ (Protocol %s%d.%d) - Type '?' for a list of commands.\n\n",
+ printf("ZCTL $Revision: 2493 $ (Protocol %s%d.%d) - Type '?' for a list of commands.\n\n",
ZVERSIONHDR,
ZVERSIONMAJOR,ZVERSIONMINOR);
*
* Created by: David Jedlinsky
*
- * $Id: zleave.c 2323 2009-03-22 05:27:07Z kcr $
+ * $Id: zleave.c 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <zephyr/mit-copyright.h>
#include <zephyr/zephyr.h>
-#include <com_err.h>
-
#ifndef lint
-static const char rcsid_zlocate_c[] = "$Id: zleave.c 2323 2009-03-22 05:27:07Z kcr $";
+static const char rcsid_zlocate_c[] = "$Id: zleave.c 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $";
#endif /* lint */
/*
*
* Created by: Robert French
*
- * $Id: zwrite.c 2294 2009-03-15 18:39:20Z kcr $
+ * $Id: zwrite.c 2522 2009-08-08 03:08:30Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <pwd.h>
#ifndef lint
-static const char rcsid_zwrite_c[] = "$Id: zwrite.c 2294 2009-03-15 18:39:20Z kcr $";
+static const char rcsid_zwrite_c[] = "$Id: zwrite.c 2522 2009-08-08 03:08:30Z kcr@ATHENA.MIT.EDU $";
#endif /* lint */
#define DEFAULT_CLASS "MESSAGE"
if (format)
notice.z_default_format = format;
else if (filsys == 1)
- notice.z_default_format = "@bold(Filesystem Operation Message for $instance:)\nFrom: @bold($sender) at $time $date\n$message";
+ notice.z_default_format = "@b(Filesystem Info Message for $instance)\nFrom: @b($sender) @ $time $date\n$message";
else if (auth == ZAUTH) {
if (signature)
- notice.z_default_format = "Class $class, Instance $instance:\nTo: @bold($recipient) at $time $date\nFrom: @bold($1) <$sender>\n\n$2";
+ notice.z_default_format = "Class $class Instance $instance\nTo @b($recipient) @ $time $date\nFrom @b($1) <$sender>\n\n$2";
else
- notice.z_default_format = "Class $class, Instance $instance:\nTo: @bold($recipient) at $time $date\n$message";
+ notice.z_default_format = "Class $class Instance $instance\nTo @b($recipient) @ $time $date\n$message";
} else {
if (signature)
- notice.z_default_format = "@bold(UNAUTHENTIC) Class $class, Instance $instance at $time $date:\nFrom: @bold($1) <$sender>\n\n$2";
+ notice.z_default_format = "@b(UNAUTHENTIC) Class $class Instance $instance @ $time $date\nFrom @b($1) <$sender>\n\n$2";
else
- notice.z_default_format = "@bold(UNAUTHENTIC) Class $class, Instance $instance at $time $date:\n$message";
+ notice.z_default_format = "@b(UNAUTHENTIC) Class $class Instance $instance @ $time $date\n$message";
}
if (!nocheck && nrecips)
send_off(¬ice, 0);
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
# Free Software Foundation, Inc.
-timestamp='2008-01-23'
+timestamp='2009-06-10'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep __ELF__ >/dev/null
+ | grep -q __ELF__
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
- grep __LP64__ >/dev/null
+ grep -q __LP64__
then
HP_ARCH="hppa2.0w"
else
x86)
echo i586-pc-interix${UNAME_RELEASE}
exit ;;
- EM64T | authenticamd)
+ EM64T | authenticamd | genuineintel)
echo x86_64-unknown-interix${UNAME_RELEASE}
exit ;;
IA64)
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
- mips:Linux:*:*)
+ mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
- #undef mips
- #undef mipsel
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mipsel
+ CPU=${UNAME_MACHINE}el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips
- #else
- CPU=
- #endif
- #endif
-EOF
- eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
- /^CPU/{
- s: ::g
- p
- }'`"
- test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
- ;;
- mips64:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #undef CPU
- #undef mips64
- #undef mips64el
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mips64el
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips64
+ CPU=${UNAME_MACHINE}
#else
CPU=
#endif
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+ objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
- a.out-i386-linux)
- echo "${UNAME_MACHINE}-pc-linux-gnuaout"
- exit ;;
- coff-i386)
- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit ;;
- "")
- # Either a pre-BFD a.out linker (linux-gnuoldld) or
- # one that does not give us useful --help.
- echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
- exit ;;
esac
# Determine whether the default compiler is a.out or elf
eval $set_cc_for_build
i*86:syllable:*:*)
echo ${UNAME_MACHINE}-pc-syllable
exit ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit ;;
i*86:*DOS:*:*)
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
- echo i386-pc-msdosdjgpp
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit ;;
- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
exit ;;
SM[BE]S:UNIX_SV:*:*)
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
# Free Software Foundation, Inc.
-timestamp='2008-01-16'
+timestamp='2009-06-11'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
case $maybe_os in
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
os=
basic_machine=$1
;;
+ -bluegene*)
+ os=-cnk
+ ;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
+ | lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | mcore | mep \
+ | maxq | mb | microblaze | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
- | mips64vr | mips64vrel \
+ | mips64octeon | mips64octeonel \
| mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | moxie \
| mt \
| msp430 \
| nios | nios2 \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
| score \
- | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
| v850 | v850e \
| we32k \
| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
- | z8k)
+ | z8k | z80)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
+ | lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
+ | mips64octeon-* | mips64octeonel-* \
| mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
| xstormy16-* | xtensa*-* \
| ymp-* \
- | z8k-*)
+ | z8k-* | z80-*)
;;
# Recognize the basic CPU types without company name, with glob match.
xtensa*)
basic_machine=m68k-apollo
os=-bsd
;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
os=-linux
;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
c90)
basic_machine=c90-cray
os=-unicos
;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
convex-c1)
basic_machine=c1-convex
os=-bsd
basic_machine=m88k-motorola
os=-sysv3
;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
djgpp)
basic_machine=i586-pc
os=-msdosdjgpp
basic_machine=z8k-unknown
os=-sim
;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
none)
basic_machine=none-none
os=-none
we32k)
basic_machine=we32k-att
;;
- sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* \
+ | -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
-zvmoe)
os=-zvmoe
;;
+ -dicos*)
+ os=-dicos
+ ;;
-none)
;;
*)
-sunos*)
vendor=sun
;;
- -aix*)
+ -cnk*|-aix*)
vendor=ibm
;;
-beos*)
X_EXTRA_LIBS
XCLIENTS
ZWGC_LIBX11
+LIBICONV
TLIB
RLIB
SLIB
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 4193 "configure"' > conftest.$ac_ext
+ echo '#line 4194 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6759: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6760: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6763: \$? = $ac_status" >&5
+ echo "$as_me:6764: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6992: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6993: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6996: \$? = $ac_status" >&5
+ echo "$as_me:6997: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7052: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7053: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7056: \$? = $ac_status" >&5
+ echo "$as_me:7057: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 8382 "configure"' > conftest.$ac_ext
+ echo '#line 8383 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9220 "configure"
+#line 9221 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9318 "configure"
+#line 9319 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11497: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11498: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:11501: \$? = $ac_status" >&5
+ echo "$as_me:11502: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11557: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11558: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:11561: \$? = $ac_status" >&5
+ echo "$as_me:11562: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 12068 "configure"' > conftest.$ac_ext
+ echo '#line 12069 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 12906 "configure"
+#line 12907 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 13004 "configure"
+#line 13005 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13831: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13832: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:13835: \$? = $ac_status" >&5
+ echo "$as_me:13836: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13891: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13892: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:13895: \$? = $ac_status" >&5
+ echo "$as_me:13896: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 15201 "configure"' > conftest.$ac_ext
+ echo '#line 15202 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15945: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15946: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15949: \$? = $ac_status" >&5
+ echo "$as_me:15950: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16178: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16179: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16182: \$? = $ac_status" >&5
+ echo "$as_me:16183: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16238: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16239: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:16242: \$? = $ac_status" >&5
+ echo "$as_me:16243: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 17568 "configure"' > conftest.$ac_ext
+ echo '#line 17569 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 18406 "configure"
+#line 18407 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 18504 "configure"
+#line 18505 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
done
-for ac_header in arpa/nameser_compat.h
+
+
+
+for ac_header in arpa/nameser_compat.h stdbool.h termio.h curses.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
fi
+{ echo "$as_me:$LINENO: checking for libiconv_open in -liconv" >&5
+echo $ECHO_N "checking for libiconv_open in -liconv... $ECHO_C" >&6; }
+if test "${ac_cv_lib_iconv_libiconv_open+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-liconv $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char libiconv_open ();
+int
+main ()
+{
+return libiconv_open ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_iconv_libiconv_open=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_iconv_libiconv_open=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_iconv_libiconv_open" >&5
+echo "${ECHO_T}$ac_cv_lib_iconv_libiconv_open" >&6; }
+if test $ac_cv_lib_iconv_libiconv_open = yes; then
+ LIBICONV=-liconv;
+fi
+
{ echo "$as_me:$LINENO: checking for tgetstr in -lcurses" >&5
echo $ECHO_N "checking for tgetstr in -lcurses... $ECHO_C" >&6; }
fi
- if test "$krb5config" == yes; then
+ if test "$krb5config" = yes; then
CPPFLAGS="$CPPFLAGS $(krb5-config --cflags krb5)"
KRB5_LIBS="$(krb5-config --libs krb5)"
else
CPPFLAGS="$CPPFLAGS -I$krb5/include"
LDFLAGS="$LDFLAGS -L$krb5/lib"
fi
- { echo "$as_me:$LINENO: checking for krb5_init_context in -lkrb5" >&5
-echo $ECHO_N "checking for krb5_init_context in -lkrb5... $ECHO_C" >&6; }
-if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then
+ KRB5_LIBS="-lkrb5 -lk5crypto -lcom_err"
+ fi
+ if test "${ac_cv_header_krb5_h+set}" = set; then
+ { echo "$as_me:$LINENO: checking for krb5.h" >&5
+echo $ECHO_N "checking for krb5.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_krb5_h+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_krb5_h" >&5
+echo "${ECHO_T}$ac_cv_header_krb5_h" >&6; }
else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5 -lk5crypto -lcom_err $LIBS"
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking krb5.h usability" >&5
+echo $ECHO_N "checking krb5.h usability... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+$ac_includes_default
+#include <krb5.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking krb5.h presence" >&5
+echo $ECHO_N "checking krb5.h presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <krb5.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: krb5.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: krb5.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: krb5.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: krb5.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: krb5.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: krb5.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: krb5.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: krb5.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: krb5.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: krb5.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: krb5.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: krb5.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: krb5.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: krb5.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: krb5.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: krb5.h: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for krb5.h" >&5
+echo $ECHO_N "checking for krb5.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_krb5_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_header_krb5_h=$ac_header_preproc
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_krb5_h" >&5
+echo "${ECHO_T}$ac_cv_header_krb5_h" >&6; }
+
+fi
+if test $ac_cv_header_krb5_h = yes; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: Kerberos 5 headers not found" >&5
+echo "$as_me: error: Kerberos 5 headers not found" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+
+ local_save_LIBS=$LIBS
+ LIBS="$libs $KRB5_LIBS"
+ { echo "$as_me:$LINENO: checking for krb5_init_context" >&5
+echo $ECHO_N "checking for krb5_init_context... $ECHO_C" >&6; }
+if test "${ac_cv_func_krb5_init_context+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define krb5_init_context to an innocuous variant, in case <limits.h> declares krb5_init_context.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define krb5_init_context innocuous_krb5_init_context
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char krb5_init_context (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef krb5_init_context
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
extern "C"
#endif
char krb5_init_context ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_krb5_init_context || defined __stub___krb5_init_context
+choke me
+#endif
+
int
main ()
{
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
- ac_cv_lib_krb5_krb5_init_context=yes
+ ac_cv_func_krb5_init_context=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_lib_krb5_krb5_init_context=no
+ ac_cv_func_krb5_init_context=no
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_init_context" >&5
-echo "${ECHO_T}$ac_cv_lib_krb5_krb5_init_context" >&6; }
-if test $ac_cv_lib_krb5_krb5_init_context = yes; then
+{ echo "$as_me:$LINENO: result: $ac_cv_func_krb5_init_context" >&5
+echo "${ECHO_T}$ac_cv_func_krb5_init_context" >&6; }
+if test $ac_cv_func_krb5_init_context = yes; then
:
else
{ { echo "$as_me:$LINENO: error: Kerberos 5 libraries not found" >&5
{ (exit 1); exit 1; }; }
fi
- KRB5_LIBS="-lkrb5 -lk5crypto -lcom_err"
- fi
+ LIBS="$local_save_LIBS"
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5 1
_ACEOF
CPPFLAGS="$CPPFLAGS -I$ss/include"
LDFLAGS="$LDFLAGS -L$ss/lib"
fi
- #XXX
- #AC_CHECK_LIB(curses, initscr)
- #AC_CHECK_LIB(readline, readline)
{ echo "$as_me:$LINENO: checking for ss_perror in -lss" >&5
echo $ECHO_N "checking for ss_perror in -lss... $ECHO_C" >&6; }
if test "${ac_cv_lib_ss_ss_perror+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lss -lcom_err $LIBS"
+LIBS="-lss -lcom_err -lreadline -lcurses $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
{ echo "$as_me:$LINENO: result: $ac_cv_lib_ss_ss_perror" >&5
echo "${ECHO_T}$ac_cv_lib_ss_ss_perror" >&6; }
if test $ac_cv_lib_ss_ss_perror = yes; then
- SS_LIBS=-lss
+ SS_LIBS="-lss -lreadline -lcurses"
else
{ { echo "$as_me:$LINENO: error: ss library not found" >&5
echo "$as_me: error: ss library not found" >&2;}
done
-{ echo "$as_me:$LINENO: checking for krb5_auth_con_getauthenticator taking double pointer" >&5
-echo $ECHO_N "checking for krb5_auth_con_getauthenticator taking double pointer... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: checking krb5_auth_con_getauthenticator out argument type" >&5
+echo $ECHO_N "checking krb5_auth_con_getauthenticator out argument type... $ECHO_C" >&6; }
if test "${ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
-#define socklen_t int
-#define ssize_t int
#include <krb5.h>
krb5_error_code
krb5_auth_con_getauthenticator(krb5_context context,
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer=yes
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <krb5.h>
+krb5_error_code
+krb5_auth_con_getauthenticator(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_authenticator **authenticator);
+int
+main ()
+{
+krb5_error_code foo = krb5_auth_con_getauthenticator(0, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { { echo "$as_me:$LINENO: error: Cannot identify krb5_auth_con_getauthenticator function signature" >&5
+echo "$as_me: error: Cannot identify krb5_auth_con_getauthenticator function signature" >&2;}
+ { (exit 1); exit 1; }; }
+
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
CPPFLAGS="${local_save_CPPFLAGS}"
+
+fi
+
+krb5_authent_type='krb5_authenticator *'
if test "$ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer" = yes; then
cat >>confdefs.h <<\_ACEOF
#define KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER 1
_ACEOF
+ krb5_authent_type='krb5_authenticator **'
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer" >&5
-echo "${ECHO_T}$ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer" >&6; }
+{ echo "$as_me:$LINENO: result: $krb5_authent_type" >&5
+echo "${ECHO_T}$krb5_authent_type" >&6; }
{ echo "$as_me:$LINENO: checking for enc_part2 in struct krb5_ticket" >&5
echo $ECHO_N "checking for enc_part2 in struct krb5_ticket... $ECHO_C" >&6; }
X_EXTRA_LIBS!$X_EXTRA_LIBS$ac_delim
XCLIENTS!$XCLIENTS$ac_delim
ZWGC_LIBX11!$ZWGC_LIBX11$ac_delim
+LIBICONV!$LIBICONV$ac_delim
TLIB!$TLIB$ac_delim
RLIB!$RLIB$ac_delim
SLIB!$SLIB$ac_delim
krb5config!$krb5config$ac_delim
KRB5_LIBS!$KRB5_LIBS$ac_delim
LIBZEPHYR_LIBS!$LIBZEPHYR_LIBS$ac_delim
-HESIOD_LIBS!$HESIOD_LIBS$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
+HESIOD_LIBS!$HESIOD_LIBS$ac_delim
REGEX_LIBS!$REGEX_LIBS$ac_delim
SS_LIBS!$SS_LIBS$ac_delim
ARES_LIBS!$ARES_LIBS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 5; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 6; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
AC_CHECK_HEADERS(fcntl.h paths.h sgtty.h unistd.h malloc.h term.h)
AC_CHECK_HEADERS(sys/filio.h sys/ioctl.h sys/time.h sys/file.h sys/utsname.h)
AC_CHECK_HEADERS(sys/select.h sys/msgbuf.h sys/cdefs.h krb5_err.h termcap.h)
-AC_CHECK_HEADERS(arpa/nameser_compat.h)
+AC_CHECK_HEADERS(arpa/nameser_compat.h stdbool.h termio.h curses.h)
if test "$no_x" != "yes"; then
ZWGC_LIBX11=-lX11
AC_CHECK_LIB(44bsd, strerror)
+AC_CHECK_LIB(iconv, libiconv_open, [LIBICONV=-liconv; AC_SUBST(LIBICONV)])
AC_CHECK_LIB(curses, tgetstr, [TLIB=-lcurses], [TLIB=-ltermcap])
AC_CHECK_LIB(src, srcsrpy, [SLIB=-lsrc; AC_DEFINE(HAVE_SRC)])
PATH="$PATH:$krb5/bin"
fi
AC_CHECK_PROG(krb5config, krb5-config,yes)
- if test "$krb5config" == yes; then
+ if test "$krb5config" = yes; then
CPPFLAGS="$CPPFLAGS $(krb5-config --cflags krb5)"
KRB5_LIBS="$(krb5-config --libs krb5)"
else
CPPFLAGS="$CPPFLAGS -I$krb5/include"
LDFLAGS="$LDFLAGS -L$krb5/lib"
fi
- AC_CHECK_LIB(krb5, krb5_init_context, :,
- [AC_MSG_ERROR(Kerberos 5 libraries not found)],
- -lk5crypto -lcom_err)
KRB5_LIBS="-lkrb5 -lk5crypto -lcom_err"
fi
+ AC_CHECK_HEADER(krb5.h, :, [AC_MSG_ERROR(Kerberos 5 headers not found)])
+ local_save_LIBS=$LIBS
+ LIBS="$libs $KRB5_LIBS"
+ AC_CHECK_FUNC(krb5_init_context, :,
+ [AC_MSG_ERROR(Kerberos 5 libraries not found)])
+ LIBS="$local_save_LIBS"
AC_DEFINE(HAVE_KRB5)
LIBZEPHYR_LIBS="$LIBZEPHYR_LIBS $KRB5_LIBS"
# the zephyr library needs -lresolv if it's built with krb5
CPPFLAGS="$CPPFLAGS -I$ss/include"
LDFLAGS="$LDFLAGS -L$ss/lib"
fi
- #XXX
- #AC_CHECK_LIB(curses, initscr)
- #AC_CHECK_LIB(readline, readline)
- AC_CHECK_LIB(ss, ss_perror, SS_LIBS=-lss,
- [AC_MSG_ERROR(ss library not found)], -lcom_err)
+ AC_CHECK_LIB(ss, ss_perror, SS_LIBS="-lss -lreadline -lcurses",
+ [AC_MSG_ERROR(ss library not found)], -lcom_err -lreadline -lcurses)
AC_SUBST(SS_LIBS)
else
AC_MSG_ERROR(This package requires ss.)
AC_CHECK_FUNCS(krb5_free_data krb5_c_make_checksum krb5_cc_set_default_name)
AC_CHECK_FUNCS(krb5_crypto_init krb5_c_decrypt)
-AC_MSG_CHECKING(for krb5_auth_con_getauthenticator taking double pointer)
+AC_MSG_CHECKING(krb5_auth_con_getauthenticator out argument type)
AC_CACHE_VAL(ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer, [
local_save_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="${CPPFLAGS} ${KRB5_INC_FLAGS}"
AC_TRY_COMPILE(
-[#define socklen_t int
-#define ssize_t int
-#include <krb5.h>
+[#include <krb5.h>
krb5_error_code
krb5_auth_con_getauthenticator(krb5_context context,
krb5_auth_context auth_context,
krb5_authenticator *authenticator);],
[krb5_error_code foo = krb5_auth_con_getauthenticator(0, 0, 0);],
ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer=no,
-ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer=yes)
-])
+[AC_TRY_COMPILE(
+[#include <krb5.h>
+krb5_error_code
+krb5_auth_con_getauthenticator(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_authenticator **authenticator);],
+[krb5_error_code foo = krb5_auth_con_getauthenticator(0, 0, 0);],
+ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer=yes,
+[AC_MSG_ERROR([Cannot identify krb5_auth_con_getauthenticator function signature])]
+)])
CPPFLAGS="${local_save_CPPFLAGS}"
+])
+krb5_authent_type='krb5_authenticator *'
if test "$ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer" = yes; then
AC_DEFINE(KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER)dnl
+ krb5_authent_type='krb5_authenticator **'
fi
-AC_MSG_RESULT($ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer)
+AC_MSG_RESULT($krb5_authent_type)
AC_MSG_CHECKING(for enc_part2 in struct krb5_ticket)
AC_CACHE_VAL(ac_cv_have_krb5_ticket_enc_part2, [
+zephyr (3.0~rc.2544-1) notyet; urgency=low
+
+ * New upstream.
+
+ -- Karl Ramm <kcr@1ts.org> Thu, 27 Aug 2009 14:50:04 -0400
+
zephyr (3.0~beta.2483-2) unstable; urgency=low
* check for the extant ares_getnameinfo rather than the nonexistant
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
+/* Define to 1 if you have the <stdbool.h> header file. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <curses.h> header file. */
+#undef HAVE_CURSES_H
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
/* Define to 1 if you have the `vprintf' function. */
#undef HAVE_VPRINTF
Code_t Z_NewFormatHeader (ZNotice_t *, char *, int, int *, Z_AuthProc);
Code_t Z_NewFormatAuthHeader (ZNotice_t *, char *, int, int *, Z_AuthProc);
-Code_t Z_NewFormatRawHeader (ZNotice_t *, char *, int, int *, char **,
+Code_t Z_NewFormatRawHeader (ZNotice_t *, char *, int, int *, char **,
int *, char **, char **);
-Code_t Z_AsciiFormatRawHeader (ZNotice_t *, char *, int, int *, char **,
+Code_t Z_AsciiFormatRawHeader (ZNotice_t *, char *, int, int *, char **,
int *, char **, char **);
void Z_gettimeofday(struct _ZTimeval *ztv, struct timezone *tz);
int ZGetCreds(krb5_creds **creds_out);
int ZGetCredsRealm(krb5_creds **creds_out, char *realm);
Code_t Z_Checksum(krb5_data *cksumbuf, krb5_keyblock *keyblock,
- krb5_cksumtype cksumtype, char **asn1_data,
- unsigned int *asn1_len);
+ krb5_cksumtype cksumtype, krb5_keyusage cksumusage,
+ char **asn1_data, unsigned int *asn1_len);
Code_t Z_ExtractEncCksum(krb5_keyblock *keyblock, krb5_enctype *enctype,
krb5_cksumtype *cksumtype);
int Z_krb5_verify_cksum(krb5_keyblock *keyblock, krb5_data *cksumbuf,
- krb5_cksumtype cksumtype, unsigned char *asn1_data,
- int asn1_len);
-Code_t Z_InsertZcodeChecksum(krb5_keyblock *keyblock, ZNotice_t *notice,
+ krb5_cksumtype cksumtype, krb5_keyusage cksumusage,
+ unsigned char *asn1_data, int asn1_len);
+Code_t Z_InsertZcodeChecksum(krb5_keyblock *keyblock, ZNotice_t *notice,
char *buffer,
- char *cksum_start, int cksum_len,
+ char *cksum_start, int cksum_len,
char *cstart, char *cend, int buffer_len,
- int *length_ajdust);
+ int *length_ajdust, int from_server);
unsigned long z_quad_cksum(const unsigned char *, uint32_t *, long,
int, unsigned char *);
+Code_t ZFormatAuthenticNoticeV5(ZNotice_t*, char*, int, int*, krb5_keyblock *);
#endif
#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
#endif
#endif /* __INTERNAL_H__ */
-
*
* Created by: Greg Hudson
*
- * $Id: sysdep.h 2423 2009-04-15 15:19:08Z kcr@ATHENA.MIT.EDU $
+ * $Id: sysdep.h 2526 2009-08-09 18:42:31Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1988,1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <signal.h>
#include <syslog.h>
#ifdef HAVE_UNISTD_H
+#ifndef __USE_XOPEN_EXTENDED
#ifdef HAVE_GETSID
#define __USE_XOPEN_EXTENDED
#endif
#ifdef __USE_XOPEN_EXTENDED
#undef __USE_XOPEN_EXTENDED
#endif
+#else
+#include <unistd.h>
+#endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
*
* Created by: Robert French
*
- * $Id: zephyr.h 2429 2009-04-17 18:18:39Z kcr@ATHENA.MIT.EDU $
+ * $Id: zephyr.h 2523 2009-08-08 17:48:37Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
* Technology. For copying and distribution information, see the
#define ZVERSIONMINOR 2
#define Z_MAXPKTLEN 1024
-#define Z_MAXHEADERLEN 800
+#define Z_MAXHEADERLEN 832
#define Z_MAXOTHERFIELDS 10 /* Max unknown fields in ZNotice_t */
#define Z_NUMFIELDS 19
ALL_CFLAGS=${CFLAGS} -DSYSCONFDIR=\"${sysconfdir}\" -I${top_srcdir}/h \
-I${BUILDTOP}/h ${CPPFLAGS}
LDFLAGS=@LDFLAGS@
-LIBS=@LIBZEPHYR_LIBS@ -lcom_err
+LIBS=@LIBZEPHYR_LIBS@ -lcom_err @LIBICONV@
OBJS = zephyr_err.lo ZAsyncLocate.lo ZCkAuth.lo ZCkIfNot.lo ZClosePort.lo \
ZCmpUID.lo ZCmpUIDP.lo ZFlsLocs.lo ZFlsSubs.lo ZFmtAuth.lo \
${LIBTOOL} --mode=compile ${CC} -c -o $@ ${ALL_CFLAGS} $<
check:
- python $(srcdir)/zephyr_tests.py --builddir=$(BUILDTOP)
- $(srcdir)/zephyr_run_doctests --builddir=$(BUILDTOP)
+ PYTHONPATH=${top_srcdir}/python python $(srcdir)/zephyr_tests.py --builddir=$(BUILDTOP)
+ PYTHONPATH=${top_srcdir}/python $(srcdir)/zephyr_run_doctests --builddir=$(BUILDTOP)
install: libzephyr.la
${LIBTOOL} --mode=install ${INSTALL} -m 644 libzephyr.la \
*
* Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
/* $Header$ */
*/
Code_t ZCheckZcodeAuthentication(ZNotice_t *notice,
struct sockaddr_in *from)
-{
+{
#ifdef HAVE_KRB5
krb5_error_code result;
krb5_creds *creds;
unsigned char *asn1_data, *key_data;
int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0;
#endif
-
+
/* If the value is already known, return it. */
if (notice->z_checked_auth != ZAUTH_UNSET)
return (notice->z_checked_auth);
#ifdef HAVE_KRB5
result = ZGetCreds(&creds);
-
+
if (result)
return (ZAUTH_NO);
/* HOLDING: creds */
-
+
/* Figure out what checksum type to use */
keyblock = Z_credskey(creds);
key_data = Z_keydata(keyblock);
return (ZAUTH_FAILED);
}
/* HOLDING: creds */
-
+
/* Assemble the things to be checksummed */
/* first part is from start of packet through z_default_format:
* - z_version
}
cksum1_len = x + strlen(x) + 1 - cksum1_base; /* charset / extra field */
}
-
+
/* last part is the message body */
cksum2_base = notice->z_message;
cksum2_len = notice->z_message_len;
-
+
/* The following code checks for old-style checksums, which will go
away once Kerberos 4 does. */
if ((!notice->z_ascii_checksum || *notice->z_ascii_checksum != 'Z') &&
enctype == ENCTYPE_DES_CBC_MD4 ||
enctype == ENCTYPE_DES_CBC_MD5)) {
/* try old-format checksum (covers cksum0 only) */
-
+
ZChecksum_t our_checksum;
-
+
our_checksum = z_quad_cksum((unsigned char *)cksum0_base, NULL, cksum0_len, 0,
key_data);
if (our_checksum == notice->z_checksum) {
}
}
/* HOLDING: creds */
-
+
cksumbuf.length = cksum0_len + cksum1_len + cksum2_len;
cksumbuf.data = malloc(cksumbuf.length);
if (!cksumbuf.data) {
return ZAUTH_NO;
}
/* HOLDING: creds, cksumbuf.data */
-
+
memcpy(cksumbuf.data, cksum0_base, cksum0_len);
if (cksum1_len)
memcpy(cksumbuf.data + cksum0_len, cksum1_base, cksum1_len);
memcpy(cksumbuf.data + cksum0_len + cksum1_len,
cksum2_base, cksum2_len);
-
+
/* decode zcoded checksum */
/* The encoded form is always longer than the original */
asn1_len = strlen(notice->z_ascii_checksum) + 1;
return ZAUTH_FAILED;
}
/* HOLDING: creds, asn1_data, cksumbuf.data */
-
+
valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype,
- asn1_data, asn1_len);
-
+ Z_KEYUSAGE_SRV_CKSUM, asn1_data, asn1_len);
+
free(asn1_data);
krb5_free_creds(Z_krb5_ctx, creds);
free(cksumbuf.data);
-
+
if (valid)
return ZAUTH_YES;
else
*
* Created by: Robert French
*
- * $Id: ZFmtAuth.c 2162 2008-07-18 20:37:47Z kcr $
+ * $Id: ZFmtAuth.c 2502 2009-07-26 21:25:27Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
#ifndef lint
-static const char rcsid_ZFormatAuthenticNotice_c[] = "$Id: ZFmtAuth.c 2162 2008-07-18 20:37:47Z kcr $";
+static const char rcsid_ZFormatAuthenticNotice_c[] = "$Id: ZFmtAuth.c 2502 2009-07-26 21:25:27Z kcr@ATHENA.MIT.EDU $";
#endif
#include <internal.h>
int key_len;
char *cksum_start, *cstart, *cend;
int cksum_len;
-
+
key_len = Z_keylen(keyblock);
retval = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
if (retval)
- return (ZAUTH_FAILED);
+ return (ZAUTH_FAILED);
#ifdef HAVE_KRB4
- if (key_len == 8 && (enctype == ENCTYPE_DES_CBC_CRC ||
+ if (key_len == 8 && (enctype == ENCTYPE_DES_CBC_CRC ||
enctype == ENCTYPE_DES_CBC_MD4 ||
enctype == ENCTYPE_DES_CBC_MD5)) {
C_Block tmp;
tmp);
}
#endif
-
+
newnotice = *notice;
newnotice.z_auth = 1;
newnotice.z_authent_len = 0;
newnotice.z_ascii_authent = "";
if ((retval = Z_NewFormatRawHeader(&newnotice, buffer, buffer_len,
- &hdrlen,
- &cksum_start, &cksum_len, &cstart,
+ &hdrlen,
+ &cksum_start, &cksum_len, &cstart,
&cend)) != ZERR_NONE)
return (retval);
-
- retval = Z_InsertZcodeChecksum(keyblock, &newnotice, buffer,
- cksum_start, cksum_len, cstart, cend,
- buffer_len, &hdr_adj);
- if (retval)
- return retval;
-
- hdrlen += hdr_adj;
-
- ptr = buffer+hdrlen;
-
- if (newnotice.z_message_len+hdrlen > buffer_len)
- return (ZERR_PKTLEN);
-
- (void) memcpy(ptr, newnotice.z_message, newnotice.z_message_len);
-
- *len = hdrlen+newnotice.z_message_len;
-
- if (*len > Z_MAXPKTLEN)
- return (ZERR_PKTLEN);
-
- return (ZERR_NONE);
+
+ /* we know this is only called by the server */
+ retval = Z_InsertZcodeChecksum(keyblock, &newnotice, buffer,
+ cksum_start, cksum_len, cstart, cend,
+ buffer_len, &hdr_adj, 1);
+ if (retval)
+ return retval;
+
+ hdrlen += hdr_adj;
+
+ ptr = buffer+hdrlen;
+
+ if (newnotice.z_message_len+hdrlen > buffer_len)
+ return (ZERR_PKTLEN);
+
+ (void) memcpy(ptr, newnotice.z_message, newnotice.z_message_len);
+
+ *len = hdrlen+newnotice.z_message_len;
+
+ if (*len > Z_MAXPKTLEN)
+ return (ZERR_PKTLEN);
+
+ return (ZERR_NONE);
}
#endif
*
* Created by: Robert French
*
- * $Id: ZLocations.c 2422 2009-04-14 12:57:11Z kcr@ATHENA.MIT.EDU $
+ * $Id: ZLocations.c 2531 2009-08-11 17:21:43Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#ifndef lint
static const char rcsid_ZLocations_c[] =
- "$Id: ZLocations.c 2422 2009-04-14 12:57:11Z kcr@ATHENA.MIT.EDU $";
+ "$Id: ZLocations.c 2531 2009-08-11 17:21:43Z kcr@ATHENA.MIT.EDU $";
#endif
#include <internal.h>
static int
wait_for_srvack(ZNotice_t *notice, void *uid)
{
- return (notice->z_kind == SERVACK && ZCompareUID(¬ice->z_uid, (ZUnique_Id_t *)uid));
+ return ((notice->z_kind == SERVACK || notice->z_kind == SERVNAK)
+ && ZCompareUID(¬ice->z_uid, (ZUnique_Id_t *)uid));
}
Code_t
*
* Created by: Robert French
*
- * $Id: ZMkAuth.c 2385 2009-04-03 05:30:57Z kcr@ATHENA.MIT.EDU $
+ * $Id: ZMkAuth.c 2502 2009-07-26 21:25:27Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <internal.h>
#ifndef lint
-static const char rcsid_ZMakeAuthentication_c[] = "$Id: ZMkAuth.c 2385 2009-04-03 05:30:57Z kcr@ATHENA.MIT.EDU $";
+static const char rcsid_ZMakeAuthentication_c[] = "$Id: ZMkAuth.c 2502 2009-07-26 21:25:27Z kcr@ATHENA.MIT.EDU $";
#endif
#ifdef HAVE_KRB4
#endif
}
+/* only used by server? */
Code_t
ZMakeZcodeAuthentication(register ZNotice_t *notice,
char *buffer,
Code_t
ZMakeZcodeRealmAuthentication(register ZNotice_t *notice,
- char *buffer,
- int buffer_len,
- int *phdr_len,
- char *realm)
+ char *buffer,
+ int buffer_len,
+ int *phdr_len,
+ char *realm)
{
#ifdef HAVE_KRB5
krb5_error_code result;
}
result = Z_InsertZcodeChecksum(keyblock, notice, buffer, cksum_start,
cksum_len, cstart, cend, buffer_len,
- &phdr_adj);
+ &phdr_adj, 0);
krb5_free_creds(Z_krb5_ctx, creds);
if (result) {
return result;
return result;
}
-#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
- creds_in.keyblock.enctype = ENCTYPE_DES_CBC_CRC; /* XXX? */
-#else
- creds_in.session.keytype = KEYTYPE_DES; /* XXX? */
-#endif
-
result = krb5_get_credentials(Z_krb5_ctx, 0, ccache, &creds_in, creds_out);
krb5_cc_close(Z_krb5_ctx, ccache);
krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* I also hope this is ok */
*
* Created by: Robert French
*
- * $Id: ZParseNot.c 2422 2009-04-14 12:57:11Z kcr@ATHENA.MIT.EDU $
+ * $Id: ZParseNot.c 2500 2009-07-26 16:32:53Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#ifndef lint
static const char rcsid_ZParseNotice_c[] =
- "$Id: ZParseNot.c 2422 2009-04-14 12:57:11Z kcr@ATHENA.MIT.EDU $";
+ "$Id: ZParseNot.c 2500 2009-07-26 16:32:53Z kcr@ATHENA.MIT.EDU $";
#endif
#include <internal.h>
+#include <syslog.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+inline static int
+_bad_packet(int line, char *where, ZNotice_t *notice, char *what) {
+ if (__Zephyr_server) {
+ syslog(LOG_ERR, "ZParseNotice: bad packet (%s) from %s.%d at line %d",
+ what, inet_ntoa(notice->z_uid.zuid_addr), notice->z_port, line);
+ } else {
+#ifdef Z_DEBUG
+ Z_debug("ZParseNotice: bad packet (%s) from %s.%d at line %d",
+ what, inet_ntoa(notice->z_uid.zuid_addr), notice->z_port, line);
+#endif
+ }
+
+ return ZERR_BADPKT;
+}
/* Skip to the next NUL-terminated field in the packet. */
-static char *
+inline static char *
next_field(char *ptr,
char *end)
{
unsigned long temp;
int maj, numfields, i;
-#ifdef __LINE__
- int lineno;
- /* Note: This definition of BAD eliminates lint and compiler
- * complains about the "while (0)", but require that the macro not
- * be used as the "then" part of an "if" statement that also has
- * an "else" clause.
- */
-#define BAD_PACKET {lineno=__LINE__;goto badpkt;}
- /* This one gets lint/compiler complaints. */
-/*#define BAD do{lineno=__LINE__;goto badpkt;}while(0)*/
-#else
-#define BAD_PACKET goto badpkt
+#ifndef __LINE__
+#define __LINE__ -1
#endif
+#define BAD_PACKET(what) return _bad_packet(__LINE__, ptr, notice, what)
(void) memset((char *)notice, 0, sizeof(ZNotice_t));
if (strncmp(ptr, ZVERSIONHDR, sizeof(ZVERSIONHDR) - 1))
return (ZERR_VERS);
ptr += sizeof(ZVERSIONHDR) - 1;
- if (!*ptr) {
-#ifdef Z_DEBUG
- Z_debug ("ZParseNotice: null version string");
-#endif
- return ZERR_BADPKT;
- }
+ if (!*ptr)
+ BAD_PACKET("null version string");
+
maj = atoi(ptr);
if (maj != ZVERSIONMAJOR)
return (ZERR_VERS);
ptr = next_field(ptr, end);
if (ZReadAscii32(ptr, end-ptr, &temp) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing num_hdr_fields");
numfields = temp;
notice->z_num_hdr_fields = numfields;
ptr = next_field(ptr, end);
/*XXX 3 */
numfields -= 2; /* numfields, version, and checksum */
- if (numfields < 0) {
-#ifdef __LINE__
- lineno = __LINE__;
- badpkt:
-#ifdef Z_DEBUG
- Z_debug ("ZParseNotice: bad packet from %s/%d (line %d)",
- inet_ntoa (notice->z_uid.zuid_addr.s_addr),
- notice->z_port, lineno);
-#endif
-#else
- badpkt:
-#ifdef Z_DEBUG
- Z_debug ("ZParseNotice: bad packet from %s/%d",
- inet_ntoa (notice->z_uid.zuid_addr.s_addr),
- notice->z_port);
-#endif
-#endif
- return ZERR_BADPKT;
- }
+ if (numfields < 0)
+ BAD_PACKET("no header fields");
if (numfields && ptr < end) {
if (ZReadAscii32(ptr, end-ptr, &temp) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing kind");
notice->z_kind = (ZNotice_Kind_t)temp;
numfields--;
ptr = next_field(ptr, end);
}
else
- BAD_PACKET;
+ BAD_PACKET("missing kind");
if (numfields && ptr < end) {
if (ZReadAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
sizeof(ZUnique_Id_t)) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing uid");
notice->z_time.tv_sec = ntohl((u_long) notice->z_uid.tv.tv_sec);
notice->z_time.tv_usec = ntohl((u_long) notice->z_uid.tv.tv_usec);
numfields--;
ptr = next_field(ptr, end);
}
else
- BAD_PACKET;
+ BAD_PACKET("missing uid");
if (numfields && ptr < end) {
if (ZReadAscii16(ptr, end-ptr, ¬ice->z_port) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing port");
notice->z_port = htons(notice->z_port);
numfields--;
ptr = next_field(ptr, end);
}
else
- BAD_PACKET;
+ BAD_PACKET("missing port");
if (numfields && ptr < end) {
if (ZReadAscii32(ptr, end-ptr, &temp) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing auth");
notice->z_auth = temp;
numfields--;
ptr = next_field(ptr, end);
}
else
- BAD_PACKET;
+ BAD_PACKET("missing auth");
notice->z_checked_auth = ZAUTH_UNSET;
if (numfields && ptr < end) {
if (ZReadAscii32(ptr, end-ptr, &temp) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing authenticator length");
notice->z_authent_len = temp;
numfields--;
ptr = next_field(ptr, end);
}
else
- BAD_PACKET;
+ BAD_PACKET("missing authenticator length");
if (numfields && ptr < end) {
notice->z_ascii_authent = ptr;
ptr = next_field(ptr, end);
}
else
- BAD_PACKET;
+ BAD_PACKET("missing authenticator field");
if (numfields && ptr < end) {
notice->z_class = ptr;
if (numfields && ptr < end) {
if (ZReadAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
sizeof(ZUnique_Id_t)) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing multiuid");
notice->z_time.tv_sec = ntohl((u_long) notice->z_multiuid.tv.tv_sec);
notice->z_time.tv_usec = ntohl((u_long) notice->z_multiuid.tv.tv_usec);
numfields--;
unsigned char addrbuf[sizeof(notice->z_sender_sockaddr.ip6.sin6_addr)];
int len;
- /* because we're paranoid about naughtily misformated packets */
+ /* because we're paranoid about naughtily misformatted packets */
if (memchr(ptr, '\0', end - ptr) == NULL)
- BAD_PACKET;
+ BAD_PACKET("unterminated address field");
if (*ptr == 'Z') {
if (ZReadZcode((unsigned char *)ptr, addrbuf,
sizeof(addrbuf), &len) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing Zcode address");
} else {
len = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
if (ZReadAscii(ptr, end - ptr, (unsigned char *)addrbuf,
len) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing NetASCII address");
}
if (len == sizeof(notice->z_sender_sockaddr.ip6.sin6_addr)) {
notice->z_sender_sockaddr.ip4.sin_family = AF_INET;
memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, addrbuf, len);
} else
- BAD_PACKET;
+ BAD_PACKET("address claims to be neither IPv4 or IPv6");
numfields--;
ptr = next_field(ptr, end);
if (numfields && ptr < end) {
if (ZReadAscii16(ptr, end-ptr, ¬ice->z_charset) == ZERR_BADFIELD)
- BAD_PACKET;
+ BAD_PACKET("parsing charset");
notice->z_charset = htons(notice->z_charset);
numfields--;
ptr = next_field(ptr, end);
if (numfields || *(ptr - 1) != '\0')
- BAD_PACKET;
+ BAD_PACKET("end of headers");
notice->z_message = (caddr_t) ptr;
notice->z_message_len = len-(ptr-buffer);
*
* Created by: Robert French
*
- * $Id: Zinternal.c 2343 2009-03-23 13:50:35Z kcr $
+ * $Id: Zinternal.c 2502 2009-07-26 21:25:27Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988,1991 by the Massachusetts Institute of
* Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
#include <internal.h>
#ifndef lint
static const char rcsid_Zinternal_c[] =
- "$Id: Zinternal.c 2343 2009-03-23 13:50:35Z kcr $";
+ "$Id: Zinternal.c 2502 2009-07-26 21:25:27Z kcr@ATHENA.MIT.EDU $";
static const char copyright[] =
"Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.";
#endif
{ ENCTYPE_DES_CBC_MD4, CKSUMTYPE_RSA_MD4_DES },
{ ENCTYPE_DES_CBC_MD5, CKSUMTYPE_RSA_MD5_DES },
- /*
+ /*
* The implementors hate us, and are inconsistent with names for
* most things defined after RFC1510. Note that des3-cbc-sha1
- * and des3-cbc-sha1-kd are listed by number to avoid confusion
+ * and des3-cbc-sha1-kd are listed by number to avoid confusion
* caused by inconsistency between the names used in the specs
* and those used by implementations.
* -- jhutz, 30-Nov-2002
static int Z_AddField(char **ptr, char *field, char *end);
static int find_or_insert_uid(ZUnique_Id_t *uid, ZNotice_Kind_t kind);
-static Code_t Z_ZcodeFormatRawHeader(ZNotice_t *, char *, int, int *, char **,
+static Code_t Z_ZcodeFormatRawHeader(ZNotice_t *, char *, int, int *, char **,
int *, char **, char **, int cksumtype);
/* Find or insert uid in the old uids buffer. The buffer is a sorted
FD_ZERO(&read);
FD_SET(ZGetFD(), &read);
return (select(ZGetFD() + 1, &read, NULL, NULL, &tv));
-}
+}
/* Wait for a complete notice to become available */
if (ZGetFD() < 0)
return (ZERR_NOPORT);
-
+
while (Z_PacketWaiting())
if ((retval = Z_ReadWait()) != ZERR_NONE)
return (retval);
if (ZGetFD() < 0)
return (ZERR_NOPORT);
-
+
FD_ZERO(&fds);
FD_SET(ZGetFD(), &fds);
tv.tv_sec = 60;
from_len = sizeof(struct sockaddr_in);
- packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
+ packet_len = recvfrom(ZGetFD(), packet, sizeof(packet), 0,
(struct sockaddr *)&from, &from_len);
if (packet_len < 0)
if (packet_len < zvlen || memcmp(packet, ZVERSIONHDR, zvlen) != 0) {
Z_discarded_packets++;
return (ZERR_NONE);
- }
+ }
/* Parse the notice */
if ((retval = ZParseNotice(packet, packet_len, ¬ice)) != ZERR_NONE)
if (!__Q_Head)
__Q_Head = qptr;
-
+
/* Copy the from field, multiuid, kind, and checked authentication. */
qptr->from = from;
qptr->uid = notice.z_multiuid;
qptr->kind = notice.z_kind;
qptr->auth = notice.z_checked_auth;
-
+
/*
* If this is the first part of the notice, we take the header
* from it. We only take it if this is the first fragment so that
(void) gettimeofday(&tv, (struct timezone *)0);
qptr->timep = tv.tv_sec;
-
+
last = part+notice->z_message_len-1;
hole = qptr->holelist;
(void) memcpy(qptr->packet+qptr->header_len, qptr->msg,
qptr->msg_len);
}
-
+
return (ZERR_NONE);
}
}
notice->z_multinotice = "";
-
+
(void) Z_gettimeofday(¬ice->z_uid.tv, (struct timezone *)0);
notice->z_uid.tv.tv_sec = htonl((u_long) notice->z_uid.tv.tv_sec);
notice->z_uid.tv.tv_usec = htonl((u_long) notice->z_uid.tv.tv_usec);
-
+
(void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
if (notice->z_sender_sockaddr.ip4.sin_family == 0) {
notice->z_sender_sockaddr.ip4.sin_port = notice->z_port;
(void) memcpy(¬ice->z_sender_sockaddr.ip4.sin_addr, &__My_addr, sizeof(__My_addr));
}
-
+
notice->z_multiuid = notice->z_uid;
if (!version[0])
}
notice->z_multinotice = "";
-
+
(void) gettimeofday(&tv, (struct timezone *)0);
notice->z_uid.tv.tv_sec = htonl((u_long) tv.tv_sec);
notice->z_uid.tv.tv_usec = htonl((u_long) tv.tv_usec);
-
+
(void) memcpy(¬ice->z_uid.zuid_addr, &__My_addr, sizeof(__My_addr));
(void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
return (Z_FormatRawHeader(notice, buffer, buffer_len,
len, NULL, NULL));
}
-
+
return ((*cert_routine)(notice, buffer, buffer_len, len));
}
return (Z_FormatRawHeader(notice, buffer, buffer_len,
len, NULL, NULL));
}
-
+
return ((*cert_routine)(notice, buffer, buffer_len, len));
-}
-
+}
+
Code_t
Z_NewFormatRawHeader(ZNotice_t *notice,
char *buffer,
return (ZERR_HEADERLEN);
if (ZMakeAscii32(ptr, end-ptr,
- Z_NUMFIELDS + notice->z_num_other_fields)
+ (notice->z_num_hdr_fields ? (notice->z_num_hdr_fields - notice->z_num_other_fields) : Z_NUMFIELDS) + notice->z_num_other_fields)
== ZERR_FIELDLEN)
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
- if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
+ if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
(void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
if (Z_AddField(&ptr, newrecip, end))
return (ZERR_HEADERLEN);
- }
+ }
if (Z_AddField(&ptr, notice->z_default_format, end))
return (ZERR_HEADERLEN);
if (Z_AddField(&ptr, notice->z_multinotice, end))
return (ZERR_HEADERLEN);
- if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
+ if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
-
- if (notice->z_sender_sockaddr.sa.sa_family == AF_INET) {
- addrlen = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
- addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip4.sin_addr;
- } else if (notice->z_sender_sockaddr.sa.sa_family == AF_INET6) {
- addrlen = sizeof(notice->z_sender_sockaddr.ip6.sin6_addr);
- addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip6.sin6_addr;
+
+ if (!notice->z_num_hdr_fields || notice->z_num_hdr_fields > 17) {
+ if (notice->z_sender_sockaddr.sa.sa_family == AF_INET) {
+ addrlen = sizeof(notice->z_sender_sockaddr.ip4.sin_addr);
+ addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip4.sin_addr;
+ } else if (notice->z_sender_sockaddr.sa.sa_family == AF_INET6) {
+ addrlen = sizeof(notice->z_sender_sockaddr.ip6.sin6_addr);
+ addraddr = (unsigned char *)¬ice->z_sender_sockaddr.ip6.sin6_addr;
+ }
+
+ if (ZMakeZcode(ptr, end-ptr, addraddr, addrlen) == ZERR_FIELDLEN)
+ return ZERR_HEADERLEN;
+ ptr += strlen(ptr) + 1;
}
- if (ZMakeZcode(ptr, end-ptr, addraddr, addrlen) == ZERR_FIELDLEN)
- return ZERR_HEADERLEN;
- ptr += strlen(ptr) + 1;
+ if (!notice->z_num_hdr_fields || notice->z_num_hdr_fields > 18) {
+ if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
+ return ZERR_HEADERLEN;
+ ptr += strlen(ptr) + 1;
+ }
- if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
- return ZERR_HEADERLEN;
- ptr += strlen(ptr) + 1;
-
for (i=0;i<notice->z_num_other_fields;i++)
if (Z_AddField(&ptr, notice->z_other_fields[i], end))
return (ZERR_HEADERLEN);
-
+
if (cksum_len)
*cksum_len = ptr-*cksum_start;
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
- if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
+ if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_uid,
sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
(void) sprintf(newrecip, "%s@%s", notice->z_recipient, __Zephyr_realm);
if (Z_AddField(&ptr, newrecip, end))
return (ZERR_HEADERLEN);
- }
+ }
if (Z_AddField(&ptr, notice->z_default_format, end))
return (ZERR_HEADERLEN);
if (Z_AddField(&ptr, notice->z_multinotice, end))
return (ZERR_HEADERLEN);
- if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
+ if (ZMakeAscii(ptr, end-ptr, (unsigned char *)¬ice->z_multiuid,
sizeof(ZUnique_Id_t)) == ZERR_FIELDLEN)
return (ZERR_HEADERLEN);
ptr += strlen(ptr)+1;
if (ZMakeAscii16(ptr, end-ptr, ntohs(notice->z_charset)) == ZERR_FIELDLEN)
return ZERR_HEADERLEN;
ptr += strlen(ptr) + 1;
-
+
for (i=0;i<notice->z_num_other_fields;i++)
if (Z_AddField(&ptr, notice->z_other_fields[i], end))
return (ZERR_HEADERLEN);
-
+
*len = ptr-buffer;
-
+
return (ZERR_NONE);
}
Z_RemQueue(struct _Z_InputQ *qptr)
{
struct _Z_Hole *hole, *nexthole;
-
+
if (qptr->complete)
__Q_CompleteLength--;
__Q_Size -= qptr->msg_len;
-
+
if (qptr->header)
free(qptr->header);
if (qptr->msg)
free(qptr->msg);
if (qptr->packet)
free(qptr->packet);
-
+
hole = qptr->holelist;
while (hole) {
nexthole = hole->next;
free((char *)hole);
hole = nexthole;
}
-
+
if (qptr == __Q_Head && __Q_Head == __Q_Tail) {
free ((char *)qptr);
__Q_Head = (struct _Z_InputQ *)0;
__Q_Tail = (struct _Z_InputQ *)0;
return;
}
-
+
if (qptr == __Q_Head) {
__Q_Head = qptr->next;
__Q_Head->prev = (struct _Z_InputQ *)0;
free ((char *)qptr);
return;
- }
+ }
if (qptr == __Q_Tail) {
__Q_Tail = qptr->prev;
__Q_Tail->next = (struct _Z_InputQ *)0;
char multi[64];
int offset, hdrsize, fragsize, ret_len, message_len, waitforack;
Code_t retval;
-
+
hdrsize = len-notice->z_message_len;
fragsize = Z_MAXPKTLEN-hdrsize-Z_FRAGFUDGE;
-
+
offset = 0;
waitforack = ((notice->z_kind == UNACKED || notice->z_kind == ACKED)
&& !__Zephyr_server);
-
+
partnotice = *notice;
while (offset < notice->z_message_len || !notice->z_message_len) {
htonl((u_long) partnotice.z_uid.tv.tv_sec);
partnotice.z_uid.tv.tv_usec =
htonl((u_long) partnotice.z_uid.tv.tv_usec);
- (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
+ (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
sizeof(__My_addr));
(void) memset(¬ice->z_sender_sockaddr, 0, sizeof(notice->z_sender_sockaddr));
notice->z_sender_sockaddr.ip4.sin_family = AF_INET; /*XXX*/
#ifdef HAVE_KRB5
Code_t
Z_Checksum(krb5_data *cksumbuf,
- krb5_keyblock *keyblock,
- krb5_cksumtype cksumtype,
+ krb5_keyblock *keyblock,
+ krb5_cksumtype cksumtype,
+ krb5_keyusage cksumusage,
char **asn1_data,
unsigned int *asn1_len)
{
Checksum checksum;
krb5_crypto cryptctx;
#endif
-
+
#ifndef HAVE_KRB5_CRYPTO_INIT
/* Create the checksum -- MIT crypto API */
result = krb5_c_make_checksum(Z_krb5_ctx, cksumtype,
- keyblock, Z_KEYUSAGE_CLT_CKSUM,
+ keyblock, cksumusage,
cksumbuf, &checksum);
if (result)
return result;
len = checksum.length;
#else
/* Create the checksum -- heimdal crypto API */
- result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype,
+ result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype,
&cryptctx);
if (result)
return result;
/* HOLDING: cryptctx */
result = krb5_create_checksum(Z_krb5_ctx, cryptctx,
- Z_KEYUSAGE_CLT_CKSUM, cksumtype,
+ cksumusage, cksumtype,
cksumbuf->data, cksumbuf->length,
&checksum);
krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
Code_t
Z_InsertZcodeChecksum(krb5_keyblock *keyblock,
- ZNotice_t *notice,
+ ZNotice_t *notice,
char *buffer,
char *cksum_start,
- int cksum_len,
+ int cksum_len,
char *cstart,
char *cend,
- int buffer_len,
- int *length_adjust)
+ int buffer_len,
+ int *length_adjust,
+ int from_server)
{
int plain_len; /* length of part not to be checksummed */
int cksum0_len; /* length of part before checksum */
krb5_enctype enctype;
krb5_cksumtype cksumtype;
Code_t result;
-
+
key_data = Z_keydata(keyblock);
key_len = Z_keylen(keyblock);
result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
if (result)
return (ZAUTH_FAILED);
-
+
/* Assemble the things to be checksummed */
plain_len = cksum_start - buffer;
cksum0_len = cstart - cksum_start;
memcpy(cksumbuf.data + cksum0_len + cksum1_len,
notice->z_message, notice->z_message_len);
/* compute the checksum */
- result = Z_Checksum(&cksumbuf, keyblock, cksumtype,
+ result = Z_Checksum(&cksumbuf, keyblock, cksumtype,
+ from_server ? Z_KEYUSAGE_SRV_CKSUM
+ : Z_KEYUSAGE_CLT_CKSUM,
(char **)&cksum.data, &cksum.length);
if (result) {
free(cksumbuf.data);
return result;
}
-
+
/*
* OK.... we can zcode to a space starting at 'cstart',
* with a length of buffer_len - (plain_len + cksum_len).
* Then we tack on the end part, which is located at
* cksumbuf.data + cksum0_len and has length cksum1_len
*/
-
+
result = ZMakeZcode(cstart, buffer_len - (plain_len + cksum_len),
(unsigned char *)cksum.data, cksum.length);
free(cksum.data);
Code_t
Z_ExtractEncCksum(krb5_keyblock *keyblock,
- krb5_enctype *enctype,
+ krb5_enctype *enctype,
krb5_cksumtype *cksumtype)
{
- *enctype = Z_enctype(keyblock);
- return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
+ *enctype = Z_enctype(keyblock);
+ return Z_krb5_lookup_cksumtype(*enctype, cksumtype);
}
#endif
/* returns 0 if invalid or losing, 1 if valid, *sigh* */
int
Z_krb5_verify_cksum(krb5_keyblock *keyblock,
- krb5_data *cksumbuf,
+ krb5_data *cksumbuf,
krb5_cksumtype cksumtype,
- unsigned char *asn1_data,
+ krb5_keyusage cksumusage,
+ unsigned char *asn1_data,
int asn1_len)
{
krb5_error_code result;
checksum.contents = asn1_data;
checksum.checksum_type = cksumtype;
result = krb5_c_verify_checksum(Z_krb5_ctx,
- keyblock, Z_KEYUSAGE_SRV_CKSUM,
+ keyblock, cksumusage,
cksumbuf, &checksum, &valid);
if (!result && valid)
return 1;
result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx);
if (result)
return result;
-
+
/* HOLDING: cryptctx */
- result = krb5_verify_checksum(Z_krb5_ctx, cryptctx,
- Z_KEYUSAGE_SRV_CKSUM,
+ result = krb5_verify_checksum(Z_krb5_ctx, cryptctx, cksumusage,
cksumbuf->data, cksumbuf->length,
&checksum);
krb5_crypto_destroy(Z_krb5_ctx, cryptctx);
#!/usr/bin/python
-import doctest
+import sys, doctest
+
+failures, tests = doctest.testfile("zephyr_tests.txt")
+
+print failures, 'failures out of', tests, 'tests.'
+if failures:
+ sys.exit(1)
+
-print doctest.testfile("zephyr_tests.txt")
import optparse
import os
import socket
-import struct
import ctypes
import ctypes.util
import time
-from ctypes import c_int, c_uint, c_ushort, c_char, c_ubyte
-from ctypes import c_uint16, c_uint32
-from ctypes import POINTER, c_void_p, c_char_p
-from ctypes import Structure, Union, sizeof
+from ctypes import c_int, c_char, POINTER, c_char_p, sizeof
-__revision__ = "$Id: zephyr_tests.py 2450 2009-05-02 23:46:15Z eichin@THOK.ORG $"
+from zephyr import *
+
+__revision__ = "$Id: zephyr_tests.py 2514 2009-08-01 19:55:14Z kcr@ATHENA.MIT.EDU $"
try:
__version__ = "%s/%s" % (__revision__.split()[3], __revision__.split()[2])
except IndexError:
__version__ = "unknown"
-def print_line_or_lines(results, indent):
- """short values on same line, multi-line on later ones..."""
- if len(results) == 1:
- print results[0]
- else:
- print
- for result in results:
- print indent + result
-
-def ctypes_pprint(cstruct, indent=""):
- """pretty print a ctypes Structure or Union"""
-
- for field_name, field_ctype in cstruct._fields_:
- field_value = getattr(cstruct, field_name)
- print indent + field_name,
- next_indent = indent + " "
- pprint_name = "pprint_%s" % field_name
- pformat_name = "pformat_%s" % field_name
- if hasattr(cstruct, pprint_name):
- # no longer used
- getattr(cstruct, pprint_name)(next_indent)
- elif hasattr(cstruct, pformat_name):
- # counted-array and other common cases
- print_line_or_lines(getattr(cstruct, pformat_name)(), next_indent)
- elif hasattr(field_value, "pformat"):
- # common for small compound types
- print_line_or_lines(field_value.pformat(), next_indent)
- elif hasattr(field_value, "pprint"):
- # useful for Union selectors
- field_value.pprint(next_indent)
- elif hasattr(field_value, "_fields_"):
- # generic recursion
- print
- ctypes_pprint(field_value, next_indent)
- else:
- # generic simple (or unknown/uninteresting) value
- print field_value
-
-class Enum(c_int):
- def pformat(self):
- try:
- return ["%s(%d)" % (self._values_[self.value], self.value)]
- except IndexError:
- return ["unknown enum value(%d)" % (self.value)]
-
-def populate_enum(cls):
- """make members for each of the enum values"""
- for value, tag in enumerate(cls._values_):
- setattr(cls, tag, cls(value))
-
-# not really an enum, but we get a richer effect by treating it as one
-class Enum_u16(c_uint16):
- def pformat(self):
- try:
- return ["%s(%d)" % (self._values_[self.value], self.value)]
- except IndexError:
- return ["unknown enum value(%d)" % (self.value)]
-
-
# TODO: pick some real framework later, we're just poking around for now
class TestSuite(object):
"""test collection and runner"""
class TestFailure(Exception):
pass
-# POSIX socket types...
-class in_addr(Structure):
- _fields_ = [
- ("s_addr", c_uint32),
- ]
- def pformat(self):
- return [socket.inet_ntoa(struct.pack("<I", self.s_addr))]
-
-class _U_in6_u(Union):
- _fields_ = [
- ("u6_addr8", c_ubyte * 16),
- ("u6_addr16", c_uint16 * 8),
- ("u6_addr32", c_uint32 * 4),
- ]
-
-class in6_addr(Structure):
- _fields_ = [
- ("in6_u", _U_in6_u),
- ]
-
-class AF_(Enum_u16):
- _socket_af = dict([(v,n) for n,v in socket.__dict__.items() if n.startswith("AF_")])
- _values_ = [_socket_af.get(k, "unknown address family") for k in range(min(_socket_af), max(_socket_af)+1)]
-
-populate_enum(AF_)
-
-class sockaddr(Structure):
- _fields_ = [
- ("sa_family", AF_),
- ("sa_data", c_char * 14),
- ]
-
-class sockaddr_in(Structure):
- _fields_ = [
- ("sin_family", AF_),
- ("sin_port", c_uint16),
- ("sin_addr", in_addr),
- # hack from linux - do we actually need it?
- ("sin_zero", c_ubyte * (sizeof(sockaddr)-sizeof(c_uint16)-sizeof(c_uint16)-sizeof(in_addr))),
- ]
- def pformat_sin_zero(self):
- return ["[ignored]"]
-
-# RFC2553...
-class sockaddr_in6(Structure):
- _fields_ = [
- ("sin6_family", AF_),
- ("sin6_port", c_uint16),
- ("sin6_flowinfo", c_uint32),
- ("sin6_addr", in6_addr),
- ("sin6_scope_id", c_uint32),
- ]
-
-# zephyr/zephyr.h
-#define Z_MAXOTHERFIELDS 10 /* Max unknown fields in ZNotice_t */
-Z_MAXOTHERFIELDS = 10
-#define ZAUTH (ZMakeAuthentication)
-#define ZCAUTH (ZMakeZcodeAuthentication)
-#define ZNOAUTH ((Z_AuthProc)0)
-ZNOAUTH = 0
-
-# typedef enum {
-# UNSAFE, UNACKED, ACKED, HMACK, HMCTL, SERVACK, SERVNAK, CLIENTACK, STAT
-# } ZNotice_Kind_t;
-# extern const char *ZNoticeKinds[9];
-
-class ZNotice_Kind_t(Enum):
- _values_ = [
- "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK", "CLIENTACK", "STAT",
- ]
-populate_enum(ZNotice_Kind_t)
-
-def pformat_timeval(tv_sec, tv_usec):
- """format timeval parts as seconds and human-readable time"""
- try:
- timestr = time.ctime(tv_sec)
- except ValueError:
- timestr = "invalid unix time"
- if tv_usec >= 1000000 or tv_usec < 0:
- # invalid usec, still treat as numbers
- return ["%dsec, %dusec (bad) (%s)" % (tv_sec, tv_usec, timestr)]
- return ["%d.%06dsec (%s)" % (tv_sec, tv_usec, timestr)]
-
-# struct _ZTimeval {
-class _ZTimeval(Structure):
- _fields_ = [
-# int tv_sec;
- ("tv_sec", c_int),
-# int tv_usec;
- ("tv_usec", c_int),
-# };
- ]
- def pformat(self):
- return pformat_timeval(self.tv_sec, self.tv_usec)
-
-
-class _ZTimeval_Net(_ZTimeval):
- """When _ZTimeval is used in a ZUnique_Id_t, the time parts are
- stored in network byte order. Handle this by faking up a different type."""
- def pformat(self):
- return pformat_timeval(socket.ntohl(self.tv_sec), socket.ntohl(self.tv_usec))
-
-# typedef struct _ZUnique_Id_t {
-class ZUnique_Id_t(Structure):
- _fields_ = [
- # struct in_addr zuid_addr;
- ("zuid_addr", in_addr),
- # struct _ZTimeval tv;
- ("tv", _ZTimeval_Net),
- # } ZUnique_Id_t;
- ]
-
-# union {
-class _U_z_sender_sockaddr(Union):
- _fields_ = [
- # struct sockaddr sa;
- ("sa", sockaddr),
- # struct sockaddr_in ip4;
- ("ip4", sockaddr_in),
- # struct sockaddr_in6 ip6;
- ("ip6", sockaddr_in6),
- # } z_sender_sockaddr;
- ]
- def pprint(self, indent):
- print
- if self.sa.sa_family.value == socket.AF_INET:
- ctypes_pprint(self.ip4, indent + ".ip4:")
- elif self.sa.sa_family.value == socket.AF_INET6:
- ctypes_pprint(self.ip6, indent + ".ip6:")
- else:
- ctypes_pprint(self.sa, indent + ".sa:")
-
-# typedef struct _ZNotice_t {
-class ZNotice_t(Structure):
- _fields_ = [
- # char *z_packet;
- ("z_packet", c_char_p),
- # char *z_version;
- ("z_version", c_char_p),
- # ZNotice_Kind_t z_kind;
- ("z_kind", ZNotice_Kind_t),
- # ZUnique_Id_t z_uid;
- ("z_uid", ZUnique_Id_t),
- # union {
- # struct sockaddr sa;
- # struct sockaddr_in ip4;
- # struct sockaddr_in6 ip6;
- # } z_sender_sockaddr;
- ("z_sender_sockaddr", _U_z_sender_sockaddr),
-
- # /* heavily deprecated: */
- # #define z_sender_addr z_sender_sockaddr.ip4.sin_addr
- # /* probably a bad idea?: */
- # struct _ZTimeval z_time;
- ("z_time", _ZTimeval),
- # unsigned short z_port;
- ("z_port", c_ushort),
- # unsigned short z_charset;
- ("z_charset", c_ushort),
- # int z_auth;
- ("z_auth", c_int),
- # int z_checked_auth;
- # TODO: fake enum, for display
- ("z_checked_auth", c_int),
- # int z_authent_len;
- ("z_authent_len", c_int),
- # char *z_ascii_authent;
- ("z_ascii_authent", c_char_p),
- # char *z_class;
- ("z_class", c_char_p),
- # char *z_class_inst;
- ("z_class_inst", c_char_p),
- # char *z_opcode;
- ("z_opcode", c_char_p),
- # char *z_sender;
- ("z_sender", c_char_p),
- # char *z_recipient;
- ("z_recipient", c_char_p),
- # char *z_default_format;
- ("z_default_format", c_char_p),
- # char *z_multinotice;
- ("z_multinotice", c_char_p),
- # ZUnique_Id_t z_multiuid;
- ("z_multiuid", ZUnique_Id_t),
- # ZChecksum_t z_checksum;
- ("z_checksum", c_uint),
- # char *z_ascii_checksum;
- ("z_ascii_checksum", c_char_p),
- # int z_num_other_fields;
- ("z_num_other_fields", c_int),
- # char *z_other_fields[Z_MAXOTHERFIELDS];
- ("z_other_fields", c_char_p * Z_MAXOTHERFIELDS),
- # caddr_t z_message;
- ("z_message", c_char_p), # not 1980
- # int z_message_len;
- ("z_message_len", c_int),
- # int z_num_hdr_fields;
- ("z_num_hdr_fields", c_int),
- # char **z_hdr_fields;
- ("z_hdr_fields", POINTER(c_char_p)),
- # } ZNotice_t;
- ]
- def pformat_z_other_fields(self):
- return ["%d: %s" % (n, self.z_other_fields[n])
- for n in range(Z_MAXOTHERFIELDS)]
- def pformat_z_hdr_fields(self):
- if not self.z_hdr_fields:
- return ["NULL"]
- return ["%d: %s" % (n, self.z_hdr_fields[n])
- for n in range(self.z_num_hdr_fields)]
-
-class libZephyr(object):
- """wrappers for functions in libZephyr"""
- testable_funcs = [
- "ZInitialize",
- "ZGetFD",
- "ZGetRealm",
- "ZGetSender",
- "Z_FormatRawHeader",
- "ZParseNotice",
- "ZFormatNotice",
- "ZCompareUID",
- "ZExpandRealm",
- "ZGetCharsetString",
- "ZGetCharset",
- "ZCharsetToString",
- "ZTransliterate",
- "ZOpenPort",
- "ZClosePort",
- "ZMakeAscii",
- "ZMakeZcode",
- "ZGetDestAddr",
- "ZSetFD",
- "ZPending",
- ]
- def __init__(self, library_path=None):
- """connect to the library and build the wrappers"""
- if not library_path:
- library_path = ctypes.util.find_library("zephyr")
- self._lib = ctypes.cdll.LoadLibrary(library_path)
-
- # grab the Zauthtype variable
- self.Zauthtype = ctypes.c_int.in_dll(self._lib, 'Zauthtype').value
-
- # generic bindings?
- for funcname in self.testable_funcs:
- setattr(self, funcname, getattr(self._lib, funcname))
-
- # TODO: fix return types, caller types in a more generic way later
- # (perhaps by parsing the headers or code)
- # perhaps metaprogramming or decorators...
- self.ZGetRealm.restype = ctypes.c_char_p
- self.ZGetSender.restype = ctypes.c_char_p
-
- # Code_t
- # Z_FormatRawHeader(ZNotice_t *notice,
- # char *buffer,
- # int buffer_len,
- # int *len,
- # char **cstart,
- # char **cend)
- # This stuffs a notice into a buffer; cstart/cend point into the checksum in buffer
- self.Z_FormatRawHeader.argtypes = [
- c_void_p, # *notice
- c_char_p, # *buffer
- c_int, # buffer_len
- POINTER(c_int), # *len
- POINTER(c_char_p), # **cstart
- POINTER(c_char_p), # **cend
- ]
-
- # Code_t
- # ZParseNotice(char *buffer,
- # int len,
- # ZNotice_t *notice)
- self.ZParseNotice.argtypes = [
- c_char_p, # *buffer
- c_int, # len
- POINTER(ZNotice_t), # *notice
- ]
-
- # Code_t
- # ZFormatNotice(register ZNotice_t *notice,
- # char **buffer,
- # int *ret_len,
- # Z_AuthProc cert_routine)
- self.ZFormatNotice.argtypes = [
- POINTER(ZNotice_t), # *notice
- POINTER(c_char_p), # **buffer
- POINTER(c_int), # *ret_len
- c_void_p, # cert_routine
- ]
-
- # int
- # ZCompareUID(ZUnique_Id_t *uid1,
- # ZUnique_Id_t *uid2)
- self.ZCompareUID.argtypes = [
- POINTER(ZUnique_Id_t), # *uid1
- POINTER(ZUnique_Id_t), # *uid2
- ]
-
- # char *
- # ZExpandRealm(realm)
- # char *realm; # mmm 80's
- self.ZExpandRealm.restype = c_char_p
- self.ZExpandRealm.argtypes = [
- c_char_p, # realm
- ]
-
- # unsigned short
- # ZGetCharset(char *charset)
- self.ZGetCharset.restype = c_ushort
- self.ZGetCharset.argtypes = [
- c_char_p, # charset
- ]
-
- # const char *
- # ZCharsetToString(unsigned short charset)
- self.ZCharsetToString.restype = c_char_p
- self.ZCharsetToString.argtypes = [
- c_ushort, # charset
- ]
-
- # Code_t
- # ZTransliterate(char *in,
- # int inlen,
- # char *inset,
- # char *outset,
- # char **out,
- # int *outlen)
- self.ZTransliterate.argtypes = [
- c_char_p, # in
- c_int, # inlnet,
- c_char_p, # inset
- c_char_p, # outset
- POINTER(c_char_p), # out
- POINTER(c_int), # outlen
- ]
-
- # Code_t ZOpenPort(u_short *port)
- self.ZOpenPort.argtypes = [
- POINTER(c_ushort), # port
- ]
-
- # const char *
- # ZGetCharsetString(char *charset)
- self.ZGetCharsetString.restype = c_char_p
- self.ZGetCharsetString.argtypes = [
- c_char_p, # charset
- ]
-
- # Code_t
- # ZMakeAscii(register char *ptr,
- # int len,
- # unsigned char *field,
- # int num)
- self.ZMakeAscii.argtypes = [
- c_char_p, # ptr
- c_int, # len
- c_char_p, # field; c_uchar_p?
- c_int, # num
- ]
-
- # Code_t
- # ZMakeZcode(register char *ptr,
- # int len,
- # unsigned char *field,
- # int num)
- self.ZMakeZcode.argtypes = [
- c_char_p, # ptr
- c_int, # len
- c_char_p, # field; c_uchar_p?
- c_int, # num
- ]
-
- # struct sockaddr_in ZGetDestAddr (void) {
- self.ZGetDestAddr.restype = sockaddr_in
-
- # library-specific setup...
- self.ZInitialize()
-
def py_make_ascii(input):
"""reference ZMakeAscii expressed as python..."""
hexes = ["%02X" % ord(ch) for ch in input]
"""reference ZMakeZcode expressed as python..."""
return "Z" + input.replace("\xff", "\xff\xf1").replace("\0", "\xff\xf0")
+def find_libzephyr(builddir='.'):
+ # find the library
+ libzephyr_paths = ['libzephyr.so', 'libzephyr.dylib']
+ libzephyr_paths += [os.path.join('.libs', i) for i in libzephyr_paths]
+ libzephyr_paths = [os.path.join(builddir, i) for i in libzephyr_paths]
+ libzephyr_paths = [i for i in libzephyr_paths if os.path.exists(i)]
+ return libzephyr_paths[0]
class ZephyrTestSuite(TestSuite):
"""Tests for libzephyr"""
def setup(self):
- # find the library
- libzephyr_path = os.path.join(self.builddir, "libzephyr.so.4.0.0")
- # check for libtool...
- if not os.path.exists(libzephyr_path):
- libzephyr_path = os.path.join(self.builddir, ".libs", "libzephyr.so.4.0.0")
- self._libzephyr = libZephyr(libzephyr_path)
+ self._libzephyr = libZephyr(find_libzephyr(self.builddir))
def cleanup(self):
# no cleanup needed yet
assert self._libzephyr.ZExpandRealm("bitsy.mit.edu") == "ATHENA.MIT.EDU"
else:
assert self._libzephyr.ZExpandRealm("") == ""
- assert self._libzephyr.ZExpandRealm("localhost") == "LOCALHOST"
+ assert self._libzephyr.ZExpandRealm("localhost") == socket.getfqdn("localhost").upper()
assert self._libzephyr.ZExpandRealm("bitsy.mit.edu") == "BITSY.MIT.EDU"
def find_buildpath():
Generic library setup that should be moved into zephyr_tests.py:
- >>> import os
+ >>> import os, socket
>>> import zephyr_tests
>>> buildpath = zephyr_tests.find_buildpath()
- >>> libzephyr_path = os.path.join(buildpath, ".libs", "libzephyr.so.4.0.0")
+ >>> libzephyr_path = zephyr_tests.find_libzephyr()
>>> _z = zephyr_tests.libZephyr(libzephyr_path)
ZInit() got run by libZephyr, internally. Make sure other things
>>> assert _z.ZExpandRealm("") == ""
>>> if Zauthtype: assert _z.ZExpandRealm("localhost") == ""
>>> if Zauthtype: assert _z.ZExpandRealm("bitsy.mit.edu") == "ATHENA.MIT.EDU"
- >>> if not Zauthtype: assert _z.ZExpandRealm("localhost") == "LOCALHOST"
+ >>> if not Zauthtype: assert _z.ZExpandRealm("localhost") == socket.getfqdn("localhost").upper()
>>> if not Zauthtype: assert _z.ZExpandRealm("bitsy.mit.edu") == "BITSY.MIT.EDU"
ZGetCharsetString is a utility function for clients that need to know the
--- /dev/null
+#!/usr/bin/python
+
+"""rough bindings for libzephyr"""
+
+import socket
+import struct
+import ctypes
+import ctypes.util
+import time
+from ctypes import c_int, c_uint, c_ushort, c_char, c_ubyte
+from ctypes import c_uint16, c_uint32
+from ctypes import POINTER, c_void_p, c_char_p
+from ctypes import Structure, Union, sizeof
+
+__revision__ = "$Id: zephyr.py 2516 2009-08-03 04:55:57Z kcr@ATHENA.MIT.EDU $"
+try:
+ __version__ = "%s/%s" % (__revision__.split()[3], __revision__.split()[2])
+except IndexError:
+ __version__ = "unknown"
+
+def print_line_or_lines(results, indent):
+ """short values on same line, multi-line on later ones..."""
+ if len(results) == 1:
+ print results[0]
+ else:
+ print
+ for result in results:
+ print indent + result
+
+def ctypes_pprint(cstruct, indent=""):
+ """pretty print a ctypes Structure or Union"""
+
+ for field_name, field_ctype in cstruct._fields_:
+ field_value = getattr(cstruct, field_name)
+ print indent + field_name,
+ next_indent = indent + " "
+ pprint_name = "pprint_%s" % field_name
+ pformat_name = "pformat_%s" % field_name
+ if hasattr(cstruct, pprint_name):
+ # no longer used
+ getattr(cstruct, pprint_name)(next_indent)
+ elif hasattr(cstruct, pformat_name):
+ # counted-array and other common cases
+ print_line_or_lines(getattr(cstruct, pformat_name)(), next_indent)
+ elif hasattr(field_value, "pformat"):
+ # common for small compound types
+ print_line_or_lines(field_value.pformat(), next_indent)
+ elif hasattr(field_value, "pprint"):
+ # useful for Union selectors
+ field_value.pprint(next_indent)
+ elif hasattr(field_value, "_fields_"):
+ # generic recursion
+ print
+ ctypes_pprint(field_value, next_indent)
+ else:
+ # generic simple (or unknown/uninteresting) value
+ print field_value
+
+class Enum(c_int):
+ def pformat(self):
+ try:
+ return ["%s(%d)" % (self._values_[self.value], self.value)]
+ except IndexError:
+ return ["unknown enum value(%d)" % (self.value)]
+
+def populate_enum(cls):
+ """make members for each of the enum values"""
+ for value, tag in enumerate(cls._values_):
+ setattr(cls, tag, cls(value))
+
+# not really an enum, but we get a richer effect by treating it as one
+class Enum_u16(c_uint16):
+ def pformat(self):
+ try:
+ return ["%s(%d)" % (self._values_[self.value], self.value)]
+ except IndexError:
+ return ["unknown enum value(%d)" % (self.value)]
+
+# POSIX socket types...
+class in_addr(Structure):
+ _fields_ = [
+ ("s_addr", c_uint32),
+ ]
+ def pformat(self):
+ return [socket.inet_ntoa(struct.pack("<I", self.s_addr))]
+
+class _U_in6_u(Union):
+ _fields_ = [
+ ("u6_addr8", c_ubyte * 16),
+ ("u6_addr16", c_uint16 * 8),
+ ("u6_addr32", c_uint32 * 4),
+ ]
+
+class in6_addr(Structure):
+ _fields_ = [
+ ("in6_u", _U_in6_u),
+ ]
+
+class AF_(Enum_u16):
+ _socket_af = dict([(v,n) for n,v in socket.__dict__.items() if n.startswith("AF_")])
+ _values_ = [_socket_af.get(k, "unknown address family") for k in range(min(_socket_af), max(_socket_af)+1)]
+
+populate_enum(AF_)
+
+class sockaddr(Structure):
+ _fields_ = [
+ ("sa_family", AF_),
+ ("sa_data", c_char * 14),
+ ]
+
+class sockaddr_in(Structure):
+ _fields_ = [
+ ("sin_family", AF_),
+ ("sin_port", c_uint16),
+ ("sin_addr", in_addr),
+ # hack from linux - do we actually need it?
+ ("sin_zero", c_ubyte * (sizeof(sockaddr)-sizeof(c_uint16)-sizeof(c_uint16)-sizeof(in_addr))),
+ ]
+ def pformat_sin_zero(self):
+ return ["[ignored]"]
+
+# RFC2553...
+class sockaddr_in6(Structure):
+ _fields_ = [
+ ("sin6_family", AF_),
+ ("sin6_port", c_uint16),
+ ("sin6_flowinfo", c_uint32),
+ ("sin6_addr", in6_addr),
+ ("sin6_scope_id", c_uint32),
+ ]
+
+# zephyr/zephyr.h
+#define Z_MAXOTHERFIELDS 10 /* Max unknown fields in ZNotice_t */
+Z_MAXOTHERFIELDS = 10
+#define ZAUTH (ZMakeAuthentication)
+#define ZCAUTH (ZMakeZcodeAuthentication)
+#define ZNOAUTH ((Z_AuthProc)0)
+ZNOAUTH = 0
+
+# typedef enum {
+# UNSAFE, UNACKED, ACKED, HMACK, HMCTL, SERVACK, SERVNAK, CLIENTACK, STAT
+# } ZNotice_Kind_t;
+# extern const char *ZNoticeKinds[9];
+
+class ZNotice_Kind_t(Enum):
+ _values_ = [
+ "UNSAFE", "UNACKED", "ACKED", "HMACK", "HMCTL", "SERVACK", "SERVNAK", "CLIENTACK", "STAT",
+ ]
+populate_enum(ZNotice_Kind_t)
+
+def pformat_timeval(tv_sec, tv_usec):
+ """format timeval parts as seconds and human-readable time"""
+ try:
+ timestr = time.ctime(tv_sec)
+ except ValueError:
+ timestr = "invalid unix time"
+ if tv_usec >= 1000000 or tv_usec < 0:
+ # invalid usec, still treat as numbers
+ return ["%dsec, %dusec (bad) (%s)" % (tv_sec, tv_usec, timestr)]
+ return ["%d.%06dsec (%s)" % (tv_sec, tv_usec, timestr)]
+
+# struct _ZTimeval {
+class _ZTimeval(Structure):
+ _fields_ = [
+# int tv_sec;
+ ("tv_sec", c_int),
+# int tv_usec;
+ ("tv_usec", c_int),
+# };
+ ]
+ def pformat(self):
+ return pformat_timeval(self.tv_sec, self.tv_usec)
+
+
+class _ZTimeval_Net(_ZTimeval):
+ """When _ZTimeval is used in a ZUnique_Id_t, the time parts are
+ stored in network byte order. Handle this by faking up a different type."""
+ def pformat(self):
+ return pformat_timeval(socket.ntohl(self.tv_sec & 0xffffffff), socket.ntohl(self.tv_usec & 0xffffffff))
+
+# typedef struct _ZUnique_Id_t {
+class ZUnique_Id_t(Structure):
+ _fields_ = [
+ # struct in_addr zuid_addr;
+ ("zuid_addr", in_addr),
+ # struct _ZTimeval tv;
+ ("tv", _ZTimeval_Net),
+ # } ZUnique_Id_t;
+ ]
+
+# union {
+class _U_z_sender_sockaddr(Union):
+ _fields_ = [
+ # struct sockaddr sa;
+ ("sa", sockaddr),
+ # struct sockaddr_in ip4;
+ ("ip4", sockaddr_in),
+ # struct sockaddr_in6 ip6;
+ ("ip6", sockaddr_in6),
+ # } z_sender_sockaddr;
+ ]
+ def pprint(self, indent):
+ print
+ if self.sa.sa_family.value == socket.AF_INET:
+ ctypes_pprint(self.ip4, indent + ".ip4:")
+ elif self.sa.sa_family.value == socket.AF_INET6:
+ ctypes_pprint(self.ip6, indent + ".ip6:")
+ else:
+ ctypes_pprint(self.sa, indent + ".sa:")
+
+# typedef struct _ZNotice_t {
+class ZNotice_t(Structure):
+ _fields_ = [
+ # char *z_packet;
+ ("z_packet", c_char_p),
+ # char *z_version;
+ ("z_version", c_char_p),
+ # ZNotice_Kind_t z_kind;
+ ("z_kind", ZNotice_Kind_t),
+ # ZUnique_Id_t z_uid;
+ ("z_uid", ZUnique_Id_t),
+ # union {
+ # struct sockaddr sa;
+ # struct sockaddr_in ip4;
+ # struct sockaddr_in6 ip6;
+ # } z_sender_sockaddr;
+ ("z_sender_sockaddr", _U_z_sender_sockaddr),
+
+ # /* heavily deprecated: */
+ # #define z_sender_addr z_sender_sockaddr.ip4.sin_addr
+ # /* probably a bad idea?: */
+ # struct _ZTimeval z_time;
+ ("z_time", _ZTimeval),
+ # unsigned short z_port;
+ ("z_port", c_ushort),
+ # unsigned short z_charset;
+ ("z_charset", c_ushort),
+ # int z_auth;
+ ("z_auth", c_int),
+ # int z_checked_auth;
+ # TODO: fake enum, for display
+ ("z_checked_auth", c_int),
+ # int z_authent_len;
+ ("z_authent_len", c_int),
+ # char *z_ascii_authent;
+ ("z_ascii_authent", c_char_p),
+ # char *z_class;
+ ("z_class", c_char_p),
+ # char *z_class_inst;
+ ("z_class_inst", c_char_p),
+ # char *z_opcode;
+ ("z_opcode", c_char_p),
+ # char *z_sender;
+ ("z_sender", c_char_p),
+ # char *z_recipient;
+ ("z_recipient", c_char_p),
+ # char *z_default_format;
+ ("z_default_format", c_char_p),
+ # char *z_multinotice;
+ ("z_multinotice", c_char_p),
+ # ZUnique_Id_t z_multiuid;
+ ("z_multiuid", ZUnique_Id_t),
+ # ZChecksum_t z_checksum;
+ ("z_checksum", c_uint),
+ # char *z_ascii_checksum;
+ ("z_ascii_checksum", c_char_p),
+ # int z_num_other_fields;
+ ("z_num_other_fields", c_int),
+ # char *z_other_fields[Z_MAXOTHERFIELDS];
+ ("z_other_fields", c_char_p * Z_MAXOTHERFIELDS),
+ # caddr_t z_message;
+ ("z_message", c_char_p), # not 1980
+ # int z_message_len;
+ ("z_message_len", c_int),
+ # int z_num_hdr_fields;
+ ("z_num_hdr_fields", c_int),
+ # char **z_hdr_fields;
+ ("z_hdr_fields", POINTER(c_char_p)),
+ # } ZNotice_t;
+ ]
+ def pformat_z_other_fields(self):
+ return ["%d: %s" % (n, self.z_other_fields[n])
+ for n in range(Z_MAXOTHERFIELDS)]
+ def pformat_z_hdr_fields(self):
+ if not self.z_hdr_fields:
+ return ["NULL"]
+ return ["%d: %s" % (n, self.z_hdr_fields[n])
+ for n in range(self.z_num_hdr_fields)]
+
+class libZephyr(object):
+ """wrappers for functions in libZephyr"""
+ testable_funcs = [
+ "ZInitialize",
+ "ZGetFD",
+ "ZGetRealm",
+ "ZGetSender",
+ "Z_FormatRawHeader",
+ "ZParseNotice",
+ "ZFormatNotice",
+ "ZCompareUID",
+ "ZExpandRealm",
+ "ZGetCharsetString",
+ "ZGetCharset",
+ "ZCharsetToString",
+ "ZTransliterate",
+ "ZOpenPort",
+ "ZClosePort",
+ "ZMakeAscii",
+ "ZMakeZcode",
+ "ZGetDestAddr",
+ "ZSetFD",
+ "ZPending",
+ ]
+ def __init__(self, library_path=None):
+ """connect to the library and build the wrappers"""
+ if not library_path:
+ library_path = ctypes.util.find_library("zephyr")
+ self._lib = ctypes.cdll.LoadLibrary(library_path)
+
+ # grab the Zauthtype variable
+ self.Zauthtype = ctypes.c_int.in_dll(self._lib, 'Zauthtype').value
+
+ # generic bindings?
+ for funcname in self.testable_funcs:
+ setattr(self, funcname, getattr(self._lib, funcname))
+
+ # TODO: fix return types, caller types in a more generic way later
+ # (perhaps by parsing the headers or code)
+ # perhaps metaprogramming or decorators...
+ self.ZGetRealm.restype = ctypes.c_char_p
+ self.ZGetSender.restype = ctypes.c_char_p
+
+ # Code_t
+ # Z_FormatRawHeader(ZNotice_t *notice,
+ # char *buffer,
+ # int buffer_len,
+ # int *len,
+ # char **cstart,
+ # char **cend)
+ # This stuffs a notice into a buffer; cstart/cend point into the checksum in buffer
+ self.Z_FormatRawHeader.argtypes = [
+ c_void_p, # *notice
+ c_char_p, # *buffer
+ c_int, # buffer_len
+ POINTER(c_int), # *len
+ POINTER(c_char_p), # **cstart
+ POINTER(c_char_p), # **cend
+ ]
+
+ # Code_t
+ # ZParseNotice(char *buffer,
+ # int len,
+ # ZNotice_t *notice)
+ self.ZParseNotice.argtypes = [
+ c_char_p, # *buffer
+ c_int, # len
+ POINTER(ZNotice_t), # *notice
+ ]
+
+ # Code_t
+ # ZFormatNotice(register ZNotice_t *notice,
+ # char **buffer,
+ # int *ret_len,
+ # Z_AuthProc cert_routine)
+ self.ZFormatNotice.argtypes = [
+ POINTER(ZNotice_t), # *notice
+ POINTER(c_char_p), # **buffer
+ POINTER(c_int), # *ret_len
+ c_void_p, # cert_routine
+ ]
+
+ # int
+ # ZCompareUID(ZUnique_Id_t *uid1,
+ # ZUnique_Id_t *uid2)
+ self.ZCompareUID.argtypes = [
+ POINTER(ZUnique_Id_t), # *uid1
+ POINTER(ZUnique_Id_t), # *uid2
+ ]
+
+ # char *
+ # ZExpandRealm(realm)
+ # char *realm; # mmm 80's
+ self.ZExpandRealm.restype = c_char_p
+ self.ZExpandRealm.argtypes = [
+ c_char_p, # realm
+ ]
+
+ # unsigned short
+ # ZGetCharset(char *charset)
+ self.ZGetCharset.restype = c_ushort
+ self.ZGetCharset.argtypes = [
+ c_char_p, # charset
+ ]
+
+ # const char *
+ # ZCharsetToString(unsigned short charset)
+ self.ZCharsetToString.restype = c_char_p
+ self.ZCharsetToString.argtypes = [
+ c_ushort, # charset
+ ]
+
+ # Code_t
+ # ZTransliterate(char *in,
+ # int inlen,
+ # char *inset,
+ # char *outset,
+ # char **out,
+ # int *outlen)
+ self.ZTransliterate.argtypes = [
+ c_char_p, # in
+ c_int, # inlnet,
+ c_char_p, # inset
+ c_char_p, # outset
+ POINTER(c_char_p), # out
+ POINTER(c_int), # outlen
+ ]
+
+ # Code_t ZOpenPort(u_short *port)
+ self.ZOpenPort.argtypes = [
+ POINTER(c_ushort), # port
+ ]
+
+ # const char *
+ # ZGetCharsetString(char *charset)
+ self.ZGetCharsetString.restype = c_char_p
+ self.ZGetCharsetString.argtypes = [
+ c_char_p, # charset
+ ]
+
+ # Code_t
+ # ZMakeAscii(register char *ptr,
+ # int len,
+ # unsigned char *field,
+ # int num)
+ self.ZMakeAscii.argtypes = [
+ c_char_p, # ptr
+ c_int, # len
+ c_char_p, # field; c_uchar_p?
+ c_int, # num
+ ]
+
+ # Code_t
+ # ZMakeZcode(register char *ptr,
+ # int len,
+ # unsigned char *field,
+ # int num)
+ self.ZMakeZcode.argtypes = [
+ c_char_p, # ptr
+ c_int, # len
+ c_char_p, # field; c_uchar_p?
+ c_int, # num
+ ]
+
+ # struct sockaddr_in ZGetDestAddr (void) {
+ self.ZGetDestAddr.restype = sockaddr_in
+
+ # library-specific setup...
+ self.ZInitialize()
*
* Created by: John T. Kohl
*
- * $Id: access.c 2150 2008-01-21 19:50:52Z kcr $
+ * $Id: access.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <zephyr/mit-copyright.h>
#include "zserver.h"
-#include <com_err.h>
#if !defined (lint) && !defined (SABER)
static const char rcsid_access_c[] =
- "$Id: access.c 2150 2008-01-21 19:50:52Z kcr $";
+ "$Id: access.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $";
#endif
/*
#define ACL_IWS 4
#define ACL_IUI 8
-static void check_acl __P((Acl *acl));
-static void check_acl_type __P((Acl *acl, Access accesstype, int typeflag));
-static void access_setup __P((int first));
+static void check_acl(Acl *acl);
+static void check_acl_type(Acl *acl, Access accesstype, int typeflag);
+static void access_setup(int first);
/*
* check access. return 1 if ok, 0 if not ok.
*
* Created by Ken Raeburn.
*
- * $Id: access.h 2091 2007-12-20 01:17:23Z kcr $
+ * $Id: access.h 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1990 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
} Acl;
/* found in access.c */
-void access_init __P((void));
-void access_reinit __P((void));
+void access_init(void);
+void access_reinit(void);
/* found in acl_files.c */
-int acl_load __P((char *));
+int acl_load(char *);
/* external data relevant */
extern int zdebug;
*
* Created by: John T. Kohl
*
- * $Id: acl.h 2091 2007-12-20 01:17:23Z kcr $
+ * $Id: acl.h 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#ifndef __ACL__
#define __ACL__
-int acl_add __P((char *, char *));
-int acl_check __P((char *, char *));
-int acl_delete __P((char *, char *));
-int acl_initialize __P((char *, int));
-void acl_cache_reset __P((void));
+int acl_add(char *, char *);
+int acl_check(char *, char *);
+int acl_delete(char *, char *);
+int acl_initialize(char *, int);
+void acl_cache_reset(void);
#endif /* __ACL__ */
* Created by: John T. Kohl
*
* $Source: /afs/dev.mit.edu/source/repository/athena/lib/zephyr/server/bdump.c,v $
- * $Id: bdump.c 2449 2009-04-30 17:08:38Z kcr@ATHENA.MIT.EDU $
+ * $Id: bdump.c 2544 2009-08-27 15:19:01Z kcr@ATHENA.MIT.EDU $
* $Author: kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.
#include <zephyr/mit-copyright.h>
#include "zserver.h"
#include <sys/socket.h>
-#include <com_err.h>
#ifndef lint
-static const char rcsid_bdump_c[] = "$Id: bdump.c 2449 2009-04-30 17:08:38Z kcr@ATHENA.MIT.EDU $";
+static const char rcsid_bdump_c[] = "$Id: bdump.c 2544 2009-08-27 15:19:01Z kcr@ATHENA.MIT.EDU $";
#endif /* lint */
+#ifndef MIN
+#define MIN(x, y) ((x) < (y) ? (x) : (y))
+#endif
+
/*
* External functions are:
*
* int num;
*/
-#if defined(HAVE_KRB5) && 0
-int krb5_init_keyblock(krb5_context context,
- krb5_enctype type,
- size_t size,
- krb5_keyblock **akey)
-{
-krb5_error_code ret;
-size_t len;
-krb5_keyblock *key;
-
-*akey=NULL;
-key=malloc(sizeof(*key));
-memset(key, 0, sizeof(*key));
-ret = krb5_enctype_keysize(context, type, &len);
-if (ret)
-return ret;
-
-if (len != size) {
-krb5_set_error_string(context, "Encryption key %d is %lu bytes "
-"long, %lu was passed in",
-type, (unsigned long)len, (unsigned long)size);
-return KRB5_PROG_ETYPE_NOSUPP;
-}
-
-ret = krb5_data_alloc(&key->keyvalue, len);
-if(ret) {
-krb5_set_error_string(context, "malloc failed: %lu",
-(unsigned long)len);
-return ret;
-}
-key->keytype = type;
-*akey=key;
-return 0;
-}
-#endif
-
-
static void close_bdump(void* arg);
static Code_t bdump_send_loop(Server *server);
static Code_t bdump_recv_loop(Server *server);
SERVER_KRB5_SERVICE, SERVER_INSTANCE,
NULL);
if (retval) {
- krb5_free_principal(Z_krb5_ctx, principal);
- return(1);
+ syslog(LOG_ERR, "get_tgt: krb5_build_principal: %s",
+ error_message(retval));
+ return 1;
}
krb5_get_init_creds_opt_init (&opt);
krb5_get_init_creds_opt_set_tkt_life (&opt, TKT5LIFETIME);
retval = krb5_kt_resolve(Z_krb5_ctx, keytab_file, &kt);
- if (retval) return(1);
+ if (retval) {
+ syslog(LOG_ERR, "get_tgt: krb5_kt_resolve: %s",
+ error_message(retval));
+ krb5_free_principal(Z_krb5_ctx, principal);
+ return 1;
+ }
retval = krb5_get_init_creds_keytab (Z_krb5_ctx,
&cred,
0,
NULL,
&opt);
-#ifndef HAVE_KRB4
if (retval) {
+ syslog(LOG_ERR, "get_tgt: krb5_get_init_creds_keytab: %s",
+ error_message(retval));
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
- return(1);
+ return 1;
}
+#ifndef HAVE_KRB4
for (i = 0; enctypes[i]; i++) {
retval = krb5_kt_get_entry(Z_krb5_ctx, kt, principal,
0, enctypes[i], &kt_ent);
retval = krb5_copy_keyblock(Z_krb5_ctx, &kt_ent.key, &server_key);
#endif
if (retval) {
+ syslog(LOG_ERR, "get_tgt: krb5_copy_keyblock: %s",
+ error_message(retval));
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
- return(1);
+ return 1;
}
got_des = 1;
}
-#endif
+#endif /* HAVE_KRB4 */
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
-#ifndef HAVE_KRB4
- if (retval) return(1);
-#endif
retval = krb5_cc_initialize (Z_krb5_ctx, Z_krb5_ccache, cred.client);
- if (retval) return(1);
+ if (retval) {
+ syslog(LOG_ERR, "get_tgt: krb5_cc_initialize: %s",
+ error_message(retval));
+ return 1;
+ }
retval = krb5_cc_store_cred (Z_krb5_ctx, Z_krb5_ccache, &cred);
- if (retval) return(1);
+ if (retval) {
+ syslog(LOG_ERR, "get_tgt: krb5_cc_store_cred: %s",
+ error_message(retval));
+ return 1;
+ }
ticket5_time = NOW;
krb5_free_cred_contents (Z_krb5_ctx, &cred);
}
#endif
- return(0);
+ return 0;
}
#endif /* HAVE_KRB4 */
static int des_service_decrypt(unsigned char *in, unsigned char *out) {
#ifndef HAVE_KRB4
krb5_data dout;
+#ifdef HAVE_KRB5_C_DECRYPT
krb5_enc_data din;
-#ifdef HAVE_KRB5_C_DECRYPT
dout.length = 8;
dout.data = (char *)out; /*What*/
* Created by: John T. Kohl
*
* $Source: /afs/dev.mit.edu/source/repository/athena/lib/zephyr/server/class.c,v $
- * $Author: kcr $
+ * $Author: kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#if !defined (lint) && !defined (SABER)
static const char rcsid_class_c[] =
-"$Id: class.c 2150 2008-01-21 19:50:52Z kcr $";
+"$Id: class.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $";
#endif
/*
static Triplet *triplet_bucket[HASHSIZE]; /* the hash table of pointers */
-static Code_t remove_client __P((Triplet *triplet, Client *client,
- ZRealm *realm));
-static Code_t insert_client __P((Triplet *triplet, Client *client,
- ZRealm *realm));
-static Triplet *triplet_alloc __P((String *classname, String *inst,
- String *recipient));
-static void free_triplet __P((Triplet *));
+static Code_t remove_client(Triplet *triplet, Client *client, ZRealm *realm);
+static Code_t insert_client(Triplet *triplet, Client *client, ZRealm *realm);
+static Triplet *triplet_alloc(String *classname, String *inst,
+ String *recipient);
+static void free_triplet(Triplet *);
/* public routines */
*
* Created by: John T. Kohl
*
- * $Id: common.c 2131 2008-01-21 03:11:00Z kcr $
+ * $Id: common.c 2507 2009-07-29 14:53:39Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#ifndef lint
#ifndef SABER
static const char rcsid_common_c[] =
- "$Id: common.c 2131 2008-01-21 03:11:00Z kcr $";
+ "$Id: common.c 2507 2009-07-29 14:53:39Z kcr@ATHENA.MIT.EDU $";
#endif /* SABER */
#endif /* lint */
}
/* Output a name, replacing newlines with \n and single quotes with \q. */
-void dump_quote(char *p, FILE *fp)
+void
+dump_quote(char *p, FILE *fp)
{
for (; *p; p++) {
if (*p == '\'') {
}
}
+/* Pull the address out of the packet for dispatching. Doesn't do anything
+ * special, and will need to change signatures when ipv6 support happens. But
+ * it'll be in one place....
+ */
+void
+notice_extract_address(ZNotice_t *notice, struct sockaddr_in *addr)
+{
+ /*
+ * We get the address out of the uid rather than the
+ * Hopefully by the time a server will actually be speaking ipv6, it won't have
+ * to worry about talking to other <3.0 realms
+ */
+ memset(addr, 0, sizeof(*addr));
+ addr->sin_addr.s_addr = notice->z_uid.zuid_addr.s_addr;
+ addr->sin_port = notice->z_port;
+ addr->sin_family = AF_INET;
+}
*
* Copyright (c) 1987, 1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
#include <zephyr/mit-copyright.h>
#include "zserver.h"
#include <sys/socket.h>
-#include <com_err.h>
#ifndef lint
#ifndef SABER
static const char rcsid_dispatch_c[] =
-"$Id: dispatch.c 2433 2009-04-19 04:55:11Z kcr@ATHENA.MIT.EDU $";
+"$Id: dispatch.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $";
#endif
#endif
int rexmit_times[] = REXMIT_TIMES;
-static void nack_cancel __P((ZNotice_t *, struct sockaddr_in *));
-static void dispatch __P((ZNotice_t *, int, struct sockaddr_in *, int));
-static int send_to_dest __P((ZNotice_t *, int, Destination *dest, int, int));
-static void hostm_deathgram __P((struct sockaddr_in *, Server *));
-static char *hm_recipient __P((void));
+static void nack_cancel(ZNotice_t *, struct sockaddr_in *);
+static void dispatch(ZNotice_t *, int, struct sockaddr_in *, int);
+static int send_to_dest(ZNotice_t *, int, Destination *dest, int, int);
+static void hostm_deathgram(struct sockaddr_in *, Server *);
+static char *hm_recipient(void);
Statistic realm_notices = {0, "inter-realm notices"};
Statistic interserver_notices = {0, "inter-server notices"};
Pending *pending; /* pending packet */
int from_server; /* packet is from another server */
ZRealm *realm; /* foreign realm ptr */
+ struct sockaddr_in *whence; /* pointer to actual origin */
#ifdef DEBUG
static int first_time = 1;
#endif
return;
}
- /*
+ /*
* nothing in internal queue, go to the external library
* queue/socket
*/
inet_ntoa(whoisit.sin_addr), error_message(status));
return;
}
+
if (server_which_server(&whoisit)) {
/* we need to parse twice--once to get
the source addr, second to check
authentication */
- memset(&input_sin, 0, sizeof(input_sin));
- input_sin.sin_addr.s_addr = new_notice.z_sender_addr.s_addr;
- input_sin.sin_port = new_notice.z_port;
- input_sin.sin_family = AF_INET;
- /* Should check to see if packet is from another realm's server,
+ notice_extract_address(&new_notice, &input_sin);
+ /* Should check to see if packet is from another realm's server,
or a client */
- /* Clients don't check auth of acks, nor do we make it so they
- can in general, so this is safe. */
- if (new_notice.z_kind == SERVACK || new_notice.z_kind == SERVNAK) {
- authentic = ZAUTH_YES;
- } else {
- realm = realm_which_realm(&input_sin);
- if (realm) {
- authentic = ZCheckRealmAuthentication(&new_notice,
- &input_sin,
- realm->name);
- } else
- authentic = ZCheckAuthentication(&new_notice, &input_sin);
- }
from_server = 1;
+ whence = &input_sin;
} else {
from_server = 0;
- /* Clients don't check auth of acks, nor do we make it so they
- can in general, so this is safe. */
- if (new_notice.z_kind == SERVACK || new_notice.z_kind == SERVNAK) {
- authentic = ZAUTH_YES;
- } else {
- realm = realm_which_realm(&whoisit);
- if (realm) {
- authentic = ZCheckRealmAuthentication(&new_notice,
- &whoisit,
- realm->name);
- } else
- authentic = ZCheckAuthentication(&new_notice, &whoisit);
- }
+ whence = &whoisit;
+ }
+
+ /* Clients don't check auth of acks, nor do we make it so they
+ can in general, so this is safe. */
+ if (new_notice.z_kind == SERVACK || new_notice.z_kind == SERVNAK) {
+ authentic = ZAUTH_YES;
+ } else {
+ realm = realm_which_realm(whence);
+ authentic = ZCheckSrvAuthentication(&new_notice, whence, realm ? realm->name : NULL);
}
message_notices.val++;
/* Send to clients subscribed to the triplet itself. */
dest.classname = class;
dest.inst = make_string(notice->z_class_inst, 1);
- if (realm_bound_for_realm(ZGetRealm(), notice->z_recipient) &&
- *notice->z_recipient == '@')
+ if (realm_bound_for_realm(ZGetRealm(), notice->z_recipient) &&
+ *notice->z_recipient == '@')
dest.recip = make_string("", 0);
else {
strncpy(recipbuf, notice->z_recipient, sizeof(recipbuf));
syslog(LOG_ERR, "xmit malloc");
return; /* DON'T put on nack list */
}
-
+
packlen = sizeof(ZPacket_t);
if (auth && client) { /*
notice->z_authent_len = 0;
notice->z_ascii_authent = (char *)"";
retval = ZFormatSmallRawNotice(notice, noticepack, &packlen);
- /* This code is needed because a Zephyr can "grow" when a remote
+ /* This code is needed because a Zephyr can "grow" when a remote
* realm name is inserted into the Zephyr before being resent out
* locally. It essentially matches the code in realm.c to do the
* same thing with authentic Zephyrs.
}
partnotice = *notice;
-
+
partnotice.z_auth = 0;
partnotice.z_authent_len = 0;
partnotice.z_ascii_authent = (char *)"";
}
buffer_len = sizeof(ZPacket_t);
- retval = Z_FormatRawHeader(&partnotice, buffer, buffer_len,
+ retval = Z_FormatRawHeader(&partnotice, buffer, buffer_len,
&hdrlen, NULL, NULL);
if (retval != ZERR_NONE) {
syslog(LOG_ERR, "xmit unauth refrag fmt: failed");
if (notice->z_multinotice && strcmp(notice->z_multinotice, ""))
if (sscanf(notice->z_multinotice, "%d/%d", &origoffset, &origlen)
- != 2)
+ != 2)
{
syslog(LOG_WARNING, "xmit unauth refrag: parse failed");
free(buffer);
message_len = min(notice->z_message_len-offset, fragsize);
partnotice.z_message_len = message_len;
- retval = Z_FormatRawHeader(&partnotice, buffer, buffer_len,
+ retval = Z_FormatRawHeader(&partnotice, buffer, buffer_len,
&hdrlen, &ptr, NULL);
if (retval != ZERR_NONE) {
syslog(LOG_WARNING, "xmit unauth refrag raw: %s",
ptr = buffer+hdrlen;
(void) memcpy(ptr, partnotice.z_message, partnotice.z_message_len);
-
+
buffer_len = hdrlen+partnotice.z_message_len;
xmit_frag(&partnotice, buffer, buffer_len, 0);
retval = ZFormatSmallRawNotice(&acknotice, ackpack, &packlen);
if (retval == ZERR_HEADERLEN) {
- /* Since an ack header can be larger than a message header... (crock) */
+ /* Since an ack header can be larger than a message header... (crock) */
acknotice.z_opcode = "";
acknotice.z_class = "";
acknotice.z_class_inst = "";
zdbug((LOG_DEBUG, "ctl_disp: opc=%s", opcode));
- newwho.sin_addr.s_addr = notice->z_sender_addr.s_addr;
- newwho.sin_port = notice->z_port;
+ notice_extract_address(notice, &newwho);
realm = realm_which_realm(&newwho);
if (realm)
return(realm_control_dispatch(notice, auth, who, server, realm));
retval = krb5_copy_keyblock_contents(Z_krb5_ctx, ZGetSession(),
client->session_keyblock);
} else {
- retval = krb5_copy_keyblock(Z_krb5_ctx, ZGetSession(),
+ retval = krb5_copy_keyblock(Z_krb5_ctx, ZGetSession(),
&client->session_keyblock);
}
if (retval) {
/* don't flush locations here, let him do it explicitly */
client_deregister(client, 0);
} else {
- syslog(LOG_WARNING, "unknown ctl opcode %s", opcode);
+ syslog(LOG_WARNING, "unknown ctl opcode %s", opcode);
if (server == me_server) {
if (strcmp(notice->z_class_inst, ZEPHYR_CTL_REALM) != 0)
nack(notice, who);
*
* Copyright (c) 1988 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
/*
* $Source: /afs/dev.mit.edu/source/repository/athena/lib/zephyr/server/kstuff.c,v $
#ifndef lint
#ifndef SABER
-static const char rcsid_kstuff_c[] = "$Id: kstuff.c 2405 2009-04-10 00:15:29Z kcr@ATHENA.MIT.EDU $";
+static const char rcsid_kstuff_c[] = "$Id: kstuff.c 2542 2009-08-27 14:42:48Z kcr@ATHENA.MIT.EDU $";
#endif
#endif
#if defined(HAVE_KRB4) && defined(HAVE_KRB5)
-static ZChecksum_t compute_checksum(ZNotice_t *, C_Block);
static Code_t ZCheckAuthentication4(ZNotice_t *notice, struct sockaddr_in *from);
#endif
#ifdef HAVE_KRB5
+static ZChecksum_t compute_checksum(ZNotice_t *, unsigned char *);
static ZChecksum_t compute_rlm_checksum(ZNotice_t *, unsigned char *);
#endif
/*
* SendKerberosData
- *
+ *
* create and transmit a ticket over the file descriptor for service.host
* return failure codes if appropriate, or 0 if we
* get the ticket and write it to the file descriptor
KTEXT ticket, /* where to put ticket (return) */
char *service, /* service name, foreign host */
char *host)
-
+
{
int rem;
char p[32];
syslog(LOG_WARNING, "ReadKerberosData: failure allocating %d bytes: %m", len);
return errno;
}
-
+
dst=*data;
for (i=0; i < len; i++) {
if (read(fd, dst++, 1) != 1) {
size_to_write = strlen (p);
if (size_to_write != (written = write(fd, p, size_to_write)) ||
data->length != (written = write(fd, data->data, data->length))) {
- return (written < 0) ? errno : ZSRV_PKSHORT;
- }
+ return (written < 0) ? errno : ZSRV_PKSHORT;
+ }
return 0;
}
#endif
Code_t
-ZCheckRealmAuthentication(ZNotice_t *notice,
- struct sockaddr_in *from,
- char *realm)
-{
-#ifdef HAVE_KRB5
- char *authbuf;
- char rlmprincipal[MAX_PRINCIPAL_SIZE];
- krb5_principal princ;
- krb5_data packet;
- krb5_ticket *tkt;
- char *name;
- krb5_error_code result;
- krb5_principal server;
- krb5_keytab keytabid = 0;
- krb5_auth_context authctx;
- krb5_keyblock *keyblock;
- krb5_enctype enctype;
- krb5_cksumtype cksumtype;
- krb5_data cksumbuf;
- int valid;
- char *cksum0_base, *cksum1_base = NULL, *cksum2_base;
- char *x;
- unsigned char *asn1_data;
- unsigned char *key_data;
- int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0;
- krb5_flags acflags;
-#ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER
- krb5_authenticator *authenticator;
-#define KRB5AUTHENT authenticator
-#else
- krb5_authenticator authenticator;
-#define KRB5AUTHENT &authenticator
-#endif
- int len;
-
- if (!notice->z_auth)
- return ZAUTH_NO;
-
- /* Check for bogus authentication data length. */
- if (notice->z_authent_len <= 0)
- return ZAUTH_FAILED;
-
- len = strlen(notice->z_ascii_authent)+1;
- authbuf = malloc(len);
-
- /* Read in the authentication data. */
- if (ZReadZcode((unsigned char *)notice->z_ascii_authent,
- (unsigned char *)authbuf,
- len, &len) == ZERR_BADFIELD) {
- return ZAUTH_FAILED;
- }
-
- (void) snprintf(rlmprincipal, MAX_PRINCIPAL_SIZE, "%s/%s@%s", SERVER_SERVICE,
- SERVER_INSTANCE, realm);
-
- packet.length = len;
- packet.data = authbuf;
-
- result = krb5_kt_resolve(Z_krb5_ctx,
- keytab_file, &keytabid);
- if (result) {
- free(authbuf);
- return (result);
- }
-
- /* HOLDING: authbuf, keytabid */
- /* Create the auth context */
- result = krb5_auth_con_init(Z_krb5_ctx, &authctx);
- if (result) {
- krb5_kt_close(Z_krb5_ctx, keytabid);
- free(authbuf);
- return (result);
- }
-
- result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags);
- if (result) {
- krb5_kt_close(Z_krb5_ctx, keytabid);
- free(authbuf);
- return (result);
- }
-
- acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME;
-
- result = krb5_auth_con_setflags(Z_krb5_ctx, authctx, acflags);
- if (result) {
- krb5_kt_close(Z_krb5_ctx, keytabid);
- free(authbuf);
- return (result);
- }
-
- /* HOLDING: authbuf, authctx */
- result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm),
- __Zephyr_realm, SERVER_SERVICE,
- SERVER_INSTANCE, NULL);
- if (!result) {
- result = krb5_rd_req(Z_krb5_ctx, &authctx, &packet, server,
- keytabid, NULL, &tkt);
- krb5_free_principal(Z_krb5_ctx, server);
- }
- krb5_kt_close(Z_krb5_ctx, keytabid);
-
- if (result) {
- if (result == KRB5KRB_AP_ERR_REPEAT) {
- syslog(LOG_DEBUG, "ZCheckRealmAuthentication: k5 auth failed: %s",
- error_message(result));
- } else {
- syslog(LOG_WARNING,"ZCheckRealmAuthentication: k5 auth failed: %s",
- error_message(result));
- }
- free(authbuf);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- return ZAUTH_FAILED;
- }
-
- /* HOLDING: authbuf, authctx, tkt */
-
- if (tkt == 0 || !Z_tktprincp(tkt)) {
- if (tkt)
- krb5_free_ticket(Z_krb5_ctx, tkt);
- free(authbuf);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- return ZAUTH_FAILED;
- }
-
- princ = Z_tktprinc(tkt);
-
- if (princ == 0) {
- krb5_free_ticket(Z_krb5_ctx, tkt);
- free(authbuf);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- return ZAUTH_FAILED;
- }
-
- /* HOLDING: authbuf, authctx, tkt */
- result = krb5_unparse_name(Z_krb5_ctx, princ, &name);
- if (result) {
- syslog(LOG_WARNING, "k5 unparse_name failed: %s",
- error_message(result));
- free(authbuf);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_ticket(Z_krb5_ctx, tkt);
- return ZAUTH_FAILED;
- }
-
- krb5_free_ticket(Z_krb5_ctx, tkt);
-
- /* HOLDING: authbuf, authctx, name */
- if (strcmp(name, rlmprincipal)) {
- syslog(LOG_WARNING, "k5 name mismatch: '%s' vs '%s'",
- name, rlmprincipal);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- free(name);
- free(authbuf);
- return ZAUTH_FAILED;
- }
- free(name);
- free(authbuf);
-
- /* HOLDING: authctx */
- /* Get an authenticator so we can get the keyblock */
- result = krb5_auth_con_getauthenticator (Z_krb5_ctx, authctx,
- &authenticator);
- if(result) {
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- return result;
- }
-
- /* HOLDING: authctx, authenticator */
- result = krb5_auth_con_getkey(Z_krb5_ctx, authctx, &keyblock);
- if (result) {
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- return (ZAUTH_FAILED);
- }
-
- /* HOLDING: authctx, authenticator, keyblock */
- /* Figure out what checksum type to use */
- key_data = Z_keydata(keyblock);
- key_len = Z_keylen(keyblock);
- result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
- if (result) {
- krb5_free_keyblock(Z_krb5_ctx, keyblock);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- return (ZAUTH_FAILED);
- }
- /* HOLDING: authctx, authenticator, keyblock */
-
- /* Assemble the things to be checksummed */
- /* first part is from start of packet through z_default_format:
- * - z_version
- * - z_num_other_fields
- * - z_kind
- * - z_uid
- * - z_port
- * - z_auth
- * - z_authent_len
- * - z_ascii_authent
- * - z_class
- * - z_class_inst
- * - z_opcode
- * - z_sender
- * - z_recipient
- * - z_default_format
- */
- cksum0_base = notice->z_packet;
- x = notice->z_default_format;
- cksum0_len = x + strlen(x) + 1 - cksum0_base;
- /* second part is from z_multinotice through other fields:
- * - z_multinotice
- * - z_multiuid
- * - z_sender_(sock)addr
- * - z_charset
- * - z_other_fields[]
- */
- if (notice->z_num_hdr_fields > 15 ) {
- cksum1_base = notice->z_multinotice;
- if (notice->z_num_other_fields)
- x = notice->z_other_fields[notice->z_num_other_fields - 1];
- else {
- /* see also ZCheckAuthentication and
- lib/ZCkZaut.c:ZCheckZcodeAuthentication */
- /* XXXXXXXXXXXXXXXXXXXXXXX */
- if (notice->z_num_hdr_fields > 16)
- x = cksum1_base + strlen(cksum1_base) + 1; /* multinotice */
- if (notice->z_num_hdr_fields > 17)
- x = x + strlen(x) + 1; /* multiuid */
- if (notice->z_num_hdr_fields > 18)
- x = x + strlen(x) + 1; /* sender */
- }
- cksum1_len = x + strlen(x) + 1 - cksum1_base; /* charset / extra field */
- }
-
- /* last part is the message body */
- cksum2_base = notice->z_message;
- cksum2_len = notice->z_message_len;
-
- if ((!notice->z_ascii_checksum || *notice->z_ascii_checksum != 'Z') &&
- key_len == 8 &&
- (enctype == ENCTYPE_DES_CBC_CRC ||
- enctype == ENCTYPE_DES_CBC_MD4 ||
- enctype == ENCTYPE_DES_CBC_MD5)) {
- /* try old-format checksum (covers cksum0 only) */
-
- ZChecksum_t our_checksum;
-
- our_checksum = compute_rlm_checksum(notice, key_data);
-
- krb5_free_keyblock(Z_krb5_ctx, keyblock);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
-
- if (our_checksum == notice->z_checksum) {
- return ZAUTH_YES;
- } else
- return ZAUTH_FAILED;
- }
-
- /* HOLDING: authctx, authenticator */
-
- cksumbuf.length = cksum0_len + cksum1_len + cksum2_len;
- cksumbuf.data = malloc(cksumbuf.length);
- if (!cksumbuf.data) {
- krb5_free_keyblock(Z_krb5_ctx, keyblock);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- return ZAUTH_FAILED;
- }
- /* HOLDING: authctx, authenticator, cksumbuf.data */
-
- memcpy(cksumbuf.data, cksum0_base, cksum0_len);
- if (cksum1_len)
- memcpy(cksumbuf.data + cksum0_len, cksum1_base, cksum1_len);
- memcpy(cksumbuf.data + cksum0_len + cksum1_len,
- cksum2_base, cksum2_len);
-
- /* decode zcoded checksum */
- /* The encoded form is always longer than the original */
- asn1_len = strlen(notice->z_ascii_checksum) + 1;
- asn1_data = malloc(asn1_len);
- if (!asn1_data) {
- krb5_free_keyblock(Z_krb5_ctx, keyblock);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- free(cksumbuf.data);
- return ZAUTH_FAILED;
- }
- /* HOLDING: authctx, authenticator, cksumbuf.data, asn1_data */
- result = ZReadZcode((unsigned char *)notice->z_ascii_checksum,
- asn1_data, asn1_len, &asn1_len);
- if (result != ZERR_NONE) {
- krb5_free_keyblock(Z_krb5_ctx, keyblock);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- free(asn1_data);
- free(cksumbuf.data);
- return ZAUTH_FAILED;
- }
- /* HOLDING: asn1_data, cksumbuf.data */
-
- valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype, asn1_data, asn1_len);
-
- free(asn1_data);
- krb5_auth_con_free(Z_krb5_ctx, authctx);
- krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- krb5_free_keyblock(Z_krb5_ctx, keyblock);
- free(cksumbuf.data);
-
- if (valid)
- return (ZAUTH_YES);
- else
- return (ZAUTH_FAILED);
-#else
- return (notice->z_auth) ? ZAUTH_YES : ZAUTH_NO;
-#endif
-}
-
-Code_t
-ZCheckAuthentication(ZNotice_t *notice,
- struct sockaddr_in *from)
-{
+ZCheckSrvAuthentication(ZNotice_t *notice,
+ struct sockaddr_in *from,
+ char *realm)
+{
#ifdef HAVE_KRB5
unsigned char *authbuf;
krb5_principal princ;
krb5_principal server;
krb5_keytab keytabid = 0;
krb5_auth_context authctx;
- krb5_keyblock *keyblock;
- krb5_enctype enctype;
- krb5_cksumtype cksumtype;
+ krb5_keyblock *keyblock;
+ krb5_enctype enctype;
+ krb5_cksumtype cksumtype;
krb5_data cksumbuf;
int valid;
- char *cksum0_base, *cksum1_base = NULL, *cksum2_base;
- char *x;
- unsigned char *asn1_data, *key_data;
+ char *cksum0_base, *cksum1_base = NULL, *cksum2_base;
+ char *x;
+ unsigned char *asn1_data, *key_data;
int asn1_len, key_len, cksum0_len = 0, cksum1_len = 0, cksum2_len = 0;
krb5_flags acflags;
#ifdef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER
#define KRB5AUTHENT &authenticator
#endif
int len;
+ char *sender;
+ char rlmprincipal[MAX_PRINCIPAL_SIZE];
if (!notice->z_auth)
return ZAUTH_NO;
/* Check for bogus authentication data length. */
- if (notice->z_authent_len <= 1)
+ if (notice->z_authent_len <= 0)
return ZAUTH_FAILED;
#ifdef HAVE_KRB4
- if (notice->z_ascii_authent[0] != 'Z')
+ if (notice->z_ascii_authent[0] != 'Z' && realm == NULL)
return ZCheckAuthentication4(notice, from);
#endif
-
+
len = strlen(notice->z_ascii_authent)+1;
authbuf = malloc(len);
/* Read in the authentication data. */
- if (ZReadZcode((unsigned char *)notice->z_ascii_authent,
+ if (ZReadZcode((unsigned char *)notice->z_ascii_authent,
authbuf,
len, &len) == ZERR_BADFIELD) {
return ZAUTH_FAILED;
}
+ if (realm == NULL) {
+ sender = notice->z_sender;
+ } else {
+ (void) snprintf(rlmprincipal, MAX_PRINCIPAL_SIZE, "%s/%s@%s", SERVER_SERVICE,
+ SERVER_INSTANCE, realm);
+ sender = rlmprincipal;
+ }
+
packet.length = len;
packet.data = (char *)authbuf;
- result = krb5_kt_resolve(Z_krb5_ctx,
+ result = krb5_kt_resolve(Z_krb5_ctx,
keytab_file, &keytabid);
if (result) {
free(authbuf);
- return (result);
+ return ZAUTH_FAILED;
}
/* HOLDING: authbuf, keytabid */
if (result) {
krb5_kt_close(Z_krb5_ctx, keytabid);
free(authbuf);
- return (result);
+ return ZAUTH_FAILED;
}
result = krb5_auth_con_getflags(Z_krb5_ctx, authctx, &acflags);
if (result) {
krb5_kt_close(Z_krb5_ctx, keytabid);
free(authbuf);
- return (result);
+ return ZAUTH_FAILED;
}
acflags &= ~KRB5_AUTH_CONTEXT_DO_TIME;
if (result) {
krb5_kt_close(Z_krb5_ctx, keytabid);
free(authbuf);
- return (result);
+ return ZAUTH_FAILED;
}
/* HOLDING: authbuf, authctx */
- result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm),
- __Zephyr_realm, SERVER_SERVICE,
+ result = krb5_build_principal(Z_krb5_ctx, &server, strlen(__Zephyr_realm),
+ __Zephyr_realm, SERVER_SERVICE,
SERVER_INSTANCE, NULL);
if (!result) {
- result = krb5_rd_req(Z_krb5_ctx, &authctx, &packet, server,
+ result = krb5_rd_req(Z_krb5_ctx, &authctx, &packet, server,
keytabid, NULL, &tkt);
krb5_free_principal(Z_krb5_ctx, server);
}
if (result) {
if (result == KRB5KRB_AP_ERR_REPEAT)
- syslog(LOG_DEBUG, "ZCheckAuthentication: k5 auth failed: %s",
+ syslog(LOG_DEBUG, "ZCheckSrvAuthentication: k5 auth failed: %s",
error_message(result));
else
- syslog(LOG_WARNING,"ZCheckAuthentication: k5 auth failed: %s",
+ syslog(LOG_WARNING,"ZCheckSrvAuthentication: k5 auth failed: %s",
error_message(result));
free(authbuf);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_auth_con_free(Z_krb5_ctx, authctx);
return ZAUTH_FAILED;
}
+
princ = Z_tktprinc(tkt);
if (princ == 0) {
krb5_free_ticket(Z_krb5_ctx, tkt);
/* HOLDING: authbuf, authctx, name */
- if (strcmp(name, notice->z_sender)) {
+ if (strcmp(name, sender)) {
syslog(LOG_WARNING, "k5 name mismatch: '%s' vs '%s'",
- name, notice->z_sender);
+ name, sender);
krb5_auth_con_free(Z_krb5_ctx, authctx);
free(name);
free(authbuf);
&authenticator);
if(result) {
krb5_auth_con_free(Z_krb5_ctx, authctx);
- return result;
+ return ZAUTH_FAILED;
}
/* HOLDING: authctx, authenticator */
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
return (ZAUTH_FAILED);
}
-
+
/* HOLDING: authctx, authenticator, keyblock */
/* Figure out what checksum type to use */
key_data = Z_keydata(keyblock);
key_len = Z_keylen(keyblock);
result = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
- if (result) {
+ if (result) {
krb5_free_keyblock(Z_krb5_ctx, keyblock);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- return (ZAUTH_FAILED);
- }
+ return (ZAUTH_FAILED);
+ }
/* HOLDING: authctx, authenticator, keyblock */
- ZSetSession(keyblock);
-
- /* Assemble the things to be checksummed */
- /* first part is from start of packet through z_default_format:
- * - z_version
- * - z_num_other_fields
- * - z_kind
- * - z_uid
- * - z_port
- * - z_auth
- * - z_authent_len
- * - z_ascii_authent
- * - z_class
- * - z_class_inst
- * - z_opcode
- * - z_sender
- * - z_recipient
- * - z_default_format
- */
- cksum0_base = notice->z_packet;
- x = notice->z_default_format;
- cksum0_len = x + strlen(x) + 1 - cksum0_base;
- /* second part is from z_multinotice through other fields:
- * - z_multinotice
- * - z_multiuid
- * - z_other_fields[]
- */
+ if (realm == NULL)
+ ZSetSession(keyblock);
+
+ /* Assemble the things to be checksummed */
+ /* first part is from start of packet through z_default_format:
+ * - z_version
+ * - z_num_other_fields
+ * - z_kind
+ * - z_uid
+ * - z_port
+ * - z_auth
+ * - z_authent_len
+ * - z_ascii_authent
+ * - z_class
+ * - z_class_inst
+ * - z_opcode
+ * - z_sender
+ * - z_recipient
+ * - z_default_format
+ */
+ cksum0_base = notice->z_packet;
+ x = notice->z_default_format;
+ cksum0_len = x + strlen(x) + 1 - cksum0_base;
+ /* second part is from z_multinotice through other fields:
+ * - z_multinotice
+ * - z_multiuid
+ * - z_sender_(sock)addr
+ * - z_charset
+ * - z_other_fields[]
+ */
if (notice->z_num_hdr_fields > 15 ) {
- cksum1_base = notice->z_multinotice;
- if (notice->z_num_other_fields)
- x = notice->z_other_fields[notice->z_num_other_fields - 1];
+ cksum1_base = notice->z_multinotice;
+ if (notice->z_num_other_fields)
+ x = notice->z_other_fields[notice->z_num_other_fields - 1];
else {
/* see also ZCheckRealmAuthentication
and lib/ZCkZaut.c:ZCheckZcodeAuthentication */
}
cksum1_len = x + strlen(x) + 1 - cksum1_base; /* charset / extra field */
}
-
- /* last part is the message body */
- cksum2_base = notice->z_message;
+
+ /* last part is the message body */
+ cksum2_base = notice->z_message;
cksum2_len = notice->z_message_len;
-#ifdef HAVE_KRB4 /*XXX*/
- if ((!notice->z_ascii_checksum || *notice->z_ascii_checksum != 'Z') &&
- key_len == 8 &&
- (enctype == ENCTYPE_DES_CBC_CRC ||
- enctype == ENCTYPE_DES_CBC_MD4 ||
- enctype == ENCTYPE_DES_CBC_MD5)) {
- /* try old-format checksum (covers cksum0 only) */
-
- ZChecksum_t our_checksum;
-
- our_checksum = compute_checksum(notice, key_data);
-
+ /*XXX we may wish to ditch this code someday?*/
+ if ((!notice->z_ascii_checksum || *notice->z_ascii_checksum != 'Z') &&
+ key_len == 8 &&
+ (enctype == ENCTYPE_DES_CBC_CRC ||
+ enctype == ENCTYPE_DES_CBC_MD4 ||
+ enctype == ENCTYPE_DES_CBC_MD5)) {
+ /* try old-format checksum (covers cksum0 only) */
+
+ ZChecksum_t our_checksum;
+
+ if (realm == NULL)
+ our_checksum = compute_checksum(notice, key_data);
+ else
+ our_checksum = compute_rlm_checksum(notice, key_data);
+
krb5_free_keyblock(Z_krb5_ctx, keyblock);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
if (our_checksum == notice->z_checksum)
- return ZAUTH_YES;
+ return ZAUTH_YES;
else
return ZAUTH_FAILED;
}
-#endif
/* HOLDING: authctx, authenticator */
-
- cksumbuf.length = cksum0_len + cksum1_len + cksum2_len;
- cksumbuf.data = malloc(cksumbuf.length);
- if (!cksumbuf.data) {
+
+ cksumbuf.length = cksum0_len + cksum1_len + cksum2_len;
+ cksumbuf.data = malloc(cksumbuf.length);
+ if (!cksumbuf.data) {
krb5_free_keyblock(Z_krb5_ctx, keyblock);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- return ZAUTH_FAILED;
- }
- /* HOLDING: authctx, authenticator, cksumbuf.data */
-
+ return ZAUTH_FAILED;
+ }
+ /* HOLDING: authctx, authenticator, cksumbuf.data */
+
memcpy(cksumbuf.data, cksum0_base, cksum0_len);
if (cksum1_len)
- memcpy(cksumbuf.data + cksum0_len, cksum1_base, cksum1_len);
- memcpy(cksumbuf.data + cksum0_len + cksum1_len,
- cksum2_base, cksum2_len);
-
- /* decode zcoded checksum */
- /* The encoded form is always longer than the original */
- asn1_len = strlen(notice->z_ascii_checksum) + 1;
- asn1_data = malloc(asn1_len);
- if (!asn1_data) {
+ memcpy(cksumbuf.data + cksum0_len, cksum1_base, cksum1_len);
+ memcpy(cksumbuf.data + cksum0_len + cksum1_len,
+ cksum2_base, cksum2_len);
+
+ /* decode zcoded checksum */
+ /* The encoded form is always longer than the original */
+ asn1_len = strlen(notice->z_ascii_checksum) + 1;
+ asn1_data = malloc(asn1_len);
+ if (!asn1_data) {
krb5_free_keyblock(Z_krb5_ctx, keyblock);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- free(cksumbuf.data);
- return ZAUTH_FAILED;
- }
- /* HOLDING: authctx, authenticator, cksumbuf.data, asn1_data */
- result = ZReadZcode((unsigned char *)notice->z_ascii_checksum,
- asn1_data, asn1_len, &asn1_len);
- if (result != ZERR_NONE) {
+ free(cksumbuf.data);
+ return ZAUTH_FAILED;
+ }
+ /* HOLDING: authctx, authenticator, cksumbuf.data, asn1_data */
+ result = ZReadZcode((unsigned char *)notice->z_ascii_checksum,
+ asn1_data, asn1_len, &asn1_len);
+ if (result != ZERR_NONE) {
krb5_free_keyblock(Z_krb5_ctx, keyblock);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
- free(asn1_data);
- free(cksumbuf.data);
- return ZAUTH_FAILED;
- }
- /* HOLDING: asn1_data, cksumbuf.data, authctx, authenticator */
+ free(asn1_data);
+ free(cksumbuf.data);
+ return ZAUTH_FAILED;
+ }
+ /* HOLDING: asn1_data, cksumbuf.data, authctx, authenticator */
+
+ valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype,
+ Z_KEYUSAGE_CLT_CKSUM,
+ asn1_data, asn1_len);
- valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype, asn1_data, asn1_len);
+ /* XXX compatibility with unreleased interrealm krb5; drop in 3.1 */
+ if (!valid && realm)
+ valid = Z_krb5_verify_cksum(keyblock, &cksumbuf, cksumtype,
+ Z_KEYUSAGE_SRV_CKSUM,
+ asn1_data, asn1_len);
- free(asn1_data);
+ free(asn1_data);
krb5_auth_con_free(Z_krb5_ctx, authctx);
krb5_free_authenticator(Z_krb5_ctx, KRB5AUTHENT);
krb5_free_keyblock(Z_krb5_ctx, keyblock);
- free(cksumbuf.data);
-
- if (valid)
- return (ZAUTH_YES);
- else
- return (ZAUTH_FAILED);
+ free(cksumbuf.data);
+
+ if (valid)
+ return (ZAUTH_YES);
+ else
+ return (ZAUTH_FAILED);
#else
return (notice->z_auth) ? ZAUTH_YES : ZAUTH_NO;
#endif
static Code_t
ZCheckAuthentication4(ZNotice_t *notice,
struct sockaddr_in *from)
-{
+{
int result;
char srcprincipal[ANAME_SZ+INST_SZ+REALM_SZ+4];
KTEXT_ST authent;
return ZAUTH_FAILED;
/* Read in the authentication data. */
- if (ZReadAscii(notice->z_ascii_authent,
- strlen(notice->z_ascii_authent)+1,
- (unsigned char *)authent.dat,
+ if (ZReadAscii(notice->z_ascii_authent,
+ strlen(notice->z_ascii_authent)+1,
+ (unsigned char *)authent.dat,
notice->z_authent_len) == ZERR_BADFIELD) {
return ZAUTH_FAILED;
}
#endif
-#if defined(HAVE_KRB4) && defined(HAVE_KRB5)
+#ifdef HAVE_KRB5
static ZChecksum_t
compute_checksum(ZNotice_t *notice,
- C_Block session_key)
+ unsigned char *session_key)
{
ZChecksum_t checksum;
char *cstart, *cend, *hstart = notice->z_packet, *hend = notice->z_message;
cstart = notice->z_default_format + strlen(notice->z_default_format) + 1;
cend = cstart + strlen(cstart) + 1;
- checksum = des_quad_cksum((unsigned char *)hstart, NULL, cstart - hstart, 0, (C_Block *)session_key);
- checksum ^= des_quad_cksum((unsigned char *)cend, NULL, hend - cend, 0, (C_Block *)session_key);
- checksum ^= des_quad_cksum((unsigned char *)notice->z_message, NULL, notice->z_message_len,
- 0, (C_Block *)session_key);
+ checksum = z_quad_cksum((unsigned char *)hstart, NULL, cstart - hstart, 0, session_key);
+ checksum ^= z_quad_cksum((unsigned char *)cend, NULL, hend - cend, 0, session_key);
+ checksum ^= z_quad_cksum((unsigned char *)notice->z_message, NULL, notice->z_message_len,
+ 0, session_key);
return checksum;
}
-#endif
-#ifdef HAVE_KRB5
static ZChecksum_t compute_rlm_checksum(ZNotice_t *notice,
unsigned char *session_key)
{
#endif
#ifdef HAVE_KRB5
-krb5_error_code
+krb5_error_code
Z_krb5_init_keyblock(krb5_context context,
krb5_enctype type,
size_t size,
} else {
result = krb5_copy_keyblock(Z_krb5_ctx, keyblock, &__Zephyr_keyblock);
}
-
+
if (result) /*XXX we're out of memory? */
;
}
krb5_free_keyblock(Z_krb5_ctx, __Zephyr_keyblock);
__Zephyr_keyblock=NULL;
}
- result = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC,
+ result = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC,
sizeof(C_Block),
&__Zephyr_keyblock);
if (result) /*XXX we're out of memory? */
*
* int realm_sender_in_realm(char *realm, char *sender)
* figures out if sender is in realm
- *
+ *
* ZRealm *realm_get_realm_by_name(char *name)
* finds a realm struct from the realm array by name, tries expansion
*
*
* void realm_init()
* sets up the realm module
- *
+ *
* void realm_deathgram()
* tells other realms this server is going down
- *
+ *
* void realm_wakeup()
* tells other realms to resend their idea of their subs to us
*
for (addr = realm->addrs, b = 0; b < realm->count; b++, addr++)
if (addr->sin_addr.s_addr == who->sin_addr.s_addr)
return(b);
-
+
return 0;
}
for (realm = otherrealms, a = 0; a < nrealms; a++, realm++)
if (realm->child_pid == pid)
return(realm);
-
+
return 0;
}
for (realm = otherrealms, a = 0; a < nrealms; a++, realm++)
if (realm->child_pid != 0)
kill(realm->child_pid, 9);
-
+
return;
}
FILE *fp;
char buf[REALM_SZ + MAXHOSTNAMELEN + 1]; /* one for newline */
char realm[REALM_SZ], server[MAXHOSTNAMELEN + 1];
-
+
nused = 0;
if (!(fp = fopen(file, "r")))
return((ZRealmname *)0);
-
+
/* start with 16, realloc if necessary */
ntotal = 16;
rlm_list = (ZRealmname *)malloc(ntotal * sizeof(ZRealmname));
rlm = &rlm_list[ii];
if (rlm->nused +1 >= rlm->nservers) {
/* make more space */
- rlm->servers = (char **)realloc((char *)rlm->servers,
- (unsigned)rlm->nservers * 2 *
+ rlm->servers = (char **)realloc((char *)rlm->servers,
+ (unsigned)rlm->nservers * 2 *
sizeof(char *));
if (!rlm->servers) {
syslog(LOG_CRIT, "get_realm_lists realloc");
if (nused + 1 >= ntotal) {
/* make more space */
rlm_list = (ZRealmname *)realloc((char *)rlm_list,
- (unsigned)ntotal * 2 *
+ (unsigned)ntotal * 2 *
sizeof(ZRealmname));
if (!rlm_list) {
syslog(LOG_CRIT, "get_realm_lists realloc");
}
if (nused + 1 >= ntotal) {
rlm_list = (ZRealmname *)realloc((char *)rlm_list,
- (unsigned)(ntotal + 1) *
+ (unsigned)(ntotal + 1) *
sizeof(ZRealmname));
if (!rlm_list) {
syslog(LOG_CRIT, "get_realm_lists realloc");
}
}
*rlm_list[nused].name = '\0';
-
+
fclose(fp);
return(rlm_list);
}
-Code_t
+Code_t
realm_send_realms(void)
{
int cnt, retval;
{
char *rlm = NULL;
int remote = strcmp(ZGetRealm(), realm);
-
+
if (recip)
rlm = strchr(recip, '@');
-
- if (!rlm && !remote)
+
+ if (!rlm && !remote)
return 1;
if (rlm && strcmp(realm_expand_realm(rlm + 1), realm) == 0)
for (addr = realm->addrs, b = 0; b < realm->count; b++, addr++)
if (addr->sin_addr.s_addr == who->sin_addr.s_addr)
return(realm);
-
+
return 0;
}
{
register ZRealm *which = realm_which_realm(who);
register Unacked *nacked;
-
+
zdbug((LOG_DEBUG, "rlm_nack_cancel: %s:%08X,%08X",
inet_ntoa(notice->z_uid.zuid_addr),
notice->z_uid.tv.tv_sec, notice->z_uid.tv.tv_usec));
which->state = REALM_UP;
if (ZCompareUID(&nacked->uid, ¬ice->z_uid)) {
timer_reset(nacked->timer);
-
+
if (nacked->ack_addr.sin_addr.s_addr)
rlm_ack(notice, nacked);
-
+
/* free the data */
free(nacked->packet);
Unacked_delete(nacked);
ZPacket_t ackpack;
int packlen;
Code_t retval;
-
+
/* tell the original sender the result */
acknotice = *notice;
acknotice.z_message_len = strlen(acknotice.z_message) + 1;
-
+
packlen = sizeof(ackpack);
-
- if ((retval = ZFormatSmallRawNotice(&acknotice, ackpack, &packlen))
+
+ if ((retval = ZFormatSmallRawNotice(&acknotice, ackpack, &packlen))
!= ZERR_NONE) {
syslog(LOG_ERR, "rlm_ack format: %s",
error_message(retval));
Server *server)
{
ZRealm *realm;
- struct sockaddr_in newwho;
Code_t status = ZERR_NONE;
char rlm_recipient[REALM_SZ + 1];
int external = 0;
rlm_nack_cancel(notice, who);
return(ZERR_NONE);
}
- /* set up a who for the real origin */
- memset((caddr_t) &newwho, 0, sizeof(newwho));
- newwho.sin_family = AF_INET;
- newwho.sin_addr.s_addr = notice->z_sender_addr.s_addr;
- newwho.sin_port = hm_port;
-
+
/* check if it's a control message */
realm = realm_which_realm(who);
notice_class = make_string(notice->z_class,1);
-
+
if (class_is_admin(notice_class)) {
syslog(LOG_WARNING, "%s sending admin opcode %s",
realm->name, notice->z_opcode);
notice->z_recipient = rlm_recipient;
external = 0;
} else if (realm_bound_for_realm(ZGetRealm(), notice->z_recipient)
- && *notice->z_recipient == '@')
+ && *notice->z_recipient == '@')
{
/* we're responsible for getting this message out */
external = 1;
notice->z_recipient = "";
}
-
+
/* otherwise, send to local subscribers */
sendit(notice, auth, who, external);
}
-
+
return(status);
}
nrealms = 0;
return;
}
-
+
for (nrealms = 0; *rlmnames[nrealms].name; nrealms++);
-
+
otherrealms = (ZRealm *)malloc(nrealms * sizeof(ZRealm));
if (!otherrealms) {
syslog(LOG_CRIT, "malloc failed in realm_init");
for (ii = 0; ii < nrealms; ii++) {
rlm = &otherrealms[ii];
strcpy(rlm->name, rlmnames[ii].name);
-
- addresses = (struct in_addr *)malloc(rlmnames[ii].nused *
+
+ addresses = (struct in_addr *)malloc(rlmnames[ii].nused *
sizeof(struct in_addr));
if (!addresses) {
syslog(LOG_CRIT, "malloc failed in realm_init");
for (jj = 0; jj < rlmnames[ii].nused; jj++) {
hp = gethostbyname(rlmnames[ii].servers[jj]);
if (hp) {
- memmove((caddr_t) &addresses[found], (caddr_t)hp->h_addr,
+ memmove((caddr_t) &addresses[found], (caddr_t)hp->h_addr,
sizeof(struct in_addr));
found++;
} else
- syslog(LOG_WARNING, "hostname failed, %s",
+ syslog(LOG_WARNING, "hostname failed, %s",
rlmnames[ii].servers[jj]);
/* free the hostname */
free(rlmnames[ii].servers[jj]);
}
rlm->count = found;
- rlm->addrs = (struct sockaddr_in *)malloc(found *
+ rlm->addrs = (struct sockaddr_in *)malloc(found *
sizeof (struct sockaddr_in));
if (!rlm->addrs) {
syslog(LOG_CRIT, "malloc failed in realm_init");
memset(&client->session_key, 0, sizeof(client->session_key));
#endif
#endif
- snprintf(rlmprinc, MAX_PRINCIPAL_SIZE, "%s.%s@%s", SERVER_SERVICE, SERVER_INSTANCE,
+ snprintf(rlmprinc, MAX_PRINCIPAL_SIZE, "%s.%s@%s", SERVER_SERVICE, SERVER_INSTANCE,
rlm->name);
client->principal = make_string(rlmprinc, 0);
client->last_send = 0;
client->addr.sin_family = 0;
client->addr.sin_port = 0;
client->addr.sin_addr.s_addr = 0;
-
+
rlm->client = client;
rlm->idx = (rlm->count) ? random() % rlm->count : 0;
rlm->subs = NULL;
char *pack;
char rlm_recipient[REALM_SZ + 1];
int packlen, retval;
-
+
memset (&snotice, 0, sizeof (snotice));
snotice.z_kind = ACKED;
snotice.z_message = (server) ? server->addr_str : NULL;
snotice.z_message_len = (server) ? strlen(server->addr_str) + 1 : 0;
- zdbug((LOG_DEBUG, "rlm_deathgram: suggesting %s to %s",
+ zdbug((LOG_DEBUG, "rlm_deathgram: suggesting %s to %s",
(server) ? server->addr_str : "nothing", realm->name));
#ifdef HAVE_KRB5
if (!ticket_lookup(realm->name))
if ((retval = ticket_retrieve(realm)) != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_deathgram failed: %s",
+ syslog(LOG_WARNING, "rlm_deathgram failed: %s",
error_message(retval));
return;
}
#endif
- if ((retval = ZFormatNotice(&snotice, &pack, &packlen, ZCAUTH))
- != ZERR_NONE)
+ if ((retval = ZFormatNotice(&snotice, &pack, &packlen, ZCAUTH))
+ != ZERR_NONE)
{
syslog(LOG_WARNING, "rlm_deathgram format: %s",
error_message(retval));
{
int jj, found = 0;
ZRealm *realm;
-
+
for (jj = 1; jj < nservers; jj++) { /* skip limbo server */
if (jj != me_server_idx && otherservers[jj].state == SERV_UP)
found++;
}
-
+
if (nservers < 2 || !found) {
- /* if we're the only server up, send a REALM_BOOT to one of their
+ /* if we're the only server up, send a REALM_BOOT to one of their
servers here */
for (realm = otherrealms, jj = 0; jj < nrealms; jj++, realm++) {
ZNotice_t snotice;
char *pack;
char rlm_recipient[REALM_SZ + 1];
int packlen, retval;
-
+
memset (&snotice, 0, sizeof (snotice));
snotice.z_opcode = REALM_BOOT;
#ifdef HAVE_KRB5
if (!ticket_lookup(realm->name))
if ((retval = ticket_retrieve(realm)) != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_wakeup failed: %s",
+ syslog(LOG_WARNING, "rlm_wakeup failed: %s",
error_message(retval));
continue;
}
#endif
- if ((retval = ZFormatNotice(&snotice, &pack, &packlen, ZAUTH))
- != ZERR_NONE)
+ if ((retval = ZFormatNotice(&snotice, &pack, &packlen, ZAUTH))
+ != ZERR_NONE)
{
syslog(LOG_WARNING, "rlm_wakeup format: %s",
error_message(retval));
return;
}
- if ((retval = ZParseNotice(pack, packlen, &snotice))
+ if ((retval = ZParseNotice(pack, packlen, &snotice))
!= ZERR_NONE) {
syslog(LOG_WARNING, "rlm_wakeup parse: %s",
error_message(retval));
realm_handoff(&snotice, 1, NULL, realm, 0);
free(pack);
- }
+ }
}
}
ZRealm *realm)
{
register char *opcode = notice->z_opcode;
-
+
if (!auth) {
syslog(LOG_WARNING, "unauth locate msg from %s (%s/%s/%s)",
- inet_ntoa(who->sin_addr),
- notice->z_class, notice->z_class_inst,
+ inet_ntoa(who->sin_addr),
+ notice->z_class, notice->z_class_inst,
notice->z_opcode); /* XXX */
clt_ack(notice, who, AUTH_FAILED);
return(ZERR_NONE);
}
-
+
if (!strcmp(opcode, REALM_REQ_LOCATE)) {
ack(notice, who);
ulogin_realm_locate(notice, who, realm);
realm->name, opcode);
nack(notice, who);
}
-
+
return(ZERR_NONE);
}
if (!auth) {
syslog(LOG_WARNING, "unauth ctl msg from %s (%s/%s/%s)",
- inet_ntoa(who->sin_addr),
- notice->z_class, notice->z_class_inst,
+ inet_ntoa(who->sin_addr),
+ notice->z_class, notice->z_class_inst,
notice->z_opcode); /* XXX */
if (server == me_server)
clt_ack(notice, who, AUTH_FAILED);
return ZSRV_NORLM;
srvidx = realm_get_idx_by_addr(realm, sin);
- zdbug((LOG_DEBUG, "rlm_new_srv: message from %d in %s (%s)",
+ zdbug((LOG_DEBUG, "rlm_new_srv: message from %d in %s (%s)",
srvidx, realm->name, inet_ntoa(sin->sin_addr)));
if (realm->idx == srvidx) {
if (notice->z_message_len) {
realm->idx = realm_get_idx_by_addr(realm, &sinaddr);
} else {
realm->idx = (realm->idx + 1) % realm->count;
- }
+ }
zdbug((LOG_DEBUG, "rlm_new_srv: switched servers (%s)", inet_ntoa((realm->addrs[realm->idx]).sin_addr)));
} else {
zdbug((LOG_DEBUG, "rlm_new_srv: not switching servers (%s)", inet_ntoa((realm->addrs[realm->idx]).sin_addr)));
Code_t retval;
if (!auth) {
- zdbug((LOG_DEBUG, "realm_sendit unauthentic to realm %s",
+ zdbug((LOG_DEBUG, "realm_sendit unauthentic to realm %s",
realm->name));
realm_sendit(notice, who, auth, realm, ack_to_sender);
return;
}
-
+
if (!ticket_lookup(realm->name))
if ((retval = ticket_retrieve(realm)) != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_handoff failed: %s",
+ syslog(LOG_WARNING, "rlm_handoff failed: %s",
error_message(retval));
realm_sendit(notice, who, auth, realm, ack_to_sender);
return;
}
-
- zdbug((LOG_DEBUG, "realm_sendit to realm %s auth %d", realm->name, auth));
+
+ zdbug((LOG_DEBUG, "realm_sendit to realm %s auth %d", realm->name, auth));
/* valid ticket available now, send the message */
retval = realm_sendit_auth(notice, who, auth, realm, ack_to_sender);
#else /* HAVE_KRB4 */
Unacked *nacked;
notice->z_auth = auth;
-
+
/* format the notice */
if ((retval = ZFormatRawNotice(notice, &pack, &packlen)) != ZERR_NONE) {
syslog(LOG_WARNING, "rlm_sendit format: %s",
error_message(retval));
return;
}
-
+
/* now send */
if ((retval = ZSetDestAddr(&realm->addrs[realm->idx])) != ZERR_NONE) {
syslog(LOG_WARNING, "rlm_sendit set addr: %s",
free(pack);
return;
}
-
+
/* now we've sent it, mark it as not ack'ed */
-
+
if (!(nacked = (Unacked *)malloc(sizeof(Unacked)))) {
/* no space: just punt */
syslog(LOG_ERR, "rlm_sendit nack malloc");
/* give a server ack that the packet is lost/realm dead */
packet_ctl_nack(nackpacket);
Unacked_delete(nackpacket);
-
+
zdbug((LOG_DEBUG, "rlm_rexmit: %s appears dead", realm->name));
realm->state = REALM_DEAD;
}
/* if we've reached our limit, move on to the next server */
- if ((realm->state == REALM_TARDY) ||
- (nackpacket->rexmits &&
- !((nackpacket->rexmits+1) % (NUM_REXMIT_TIMES/3))))
+ if ((realm->state == REALM_TARDY) ||
+ (nackpacket->rexmits &&
+ !((nackpacket->rexmits+1) % (NUM_REXMIT_TIMES/3))))
{
realm->idx = (realm->idx + 1) % realm->count;
- zdbug((LOG_DEBUG, "rlm_rexmit: %s switching servers:%d (%s)",
- realm->name, realm->idx,
+ zdbug((LOG_DEBUG, "rlm_rexmit: %s switching servers:%d (%s)",
+ realm->name, realm->idx,
inet_ntoa((realm->addrs[realm->idx]).sin_addr)));
}
/* throttle back if it looks like the realm is down */
- if ((realm->state != REALM_DEAD) ||
+ if ((realm->state != REALM_DEAD) ||
((nackpacket->rexmits % (realm->count+1)) == 1)) {
/* do the retransmit */
retval = ZSetDestAddr(&realm->addrs[realm->idx]);
if (retval != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_rexmit set addr: %s",
+ syslog(LOG_WARNING, "rlm_rexmit set addr: %s",
error_message(retval));
} else {
retval = ZSendPacket(nackpacket->packet, nackpacket->packsz, 0);
/* reset the timer */
nackpacket->rexmits++;
- nackpacket->timer =
- timer_set_rel(rexmit_times[nackpacket->rexmits%NUM_REXMIT_TIMES],
+ nackpacket->timer =
+ timer_set_rel(rexmit_times[nackpacket->rexmits%NUM_REXMIT_TIMES],
rlm_rexmit, nackpacket);
if (rexmit_times[nackpacket->rexmits%NUM_REXMIT_TIMES] == -1)
- zdbug((LOG_DEBUG, "rlm_rexmit(%s): would send at -1 to %s",
+ zdbug((LOG_DEBUG, "rlm_rexmit(%s): would send at -1 to %s",
realm->name, inet_ntoa((realm->addrs[realm->idx]).sin_addr)));
-
+
return;
}
realm_dump_realms(FILE *fp)
{
register int ii, jj;
-
+
for (ii = 0; ii < nrealms; ii++) {
(void) fprintf(fp, "%d:%s\n", ii, otherrealms[ii].name);
for (jj = 0; jj < otherrealms[ii].count; jj++) {
retval = ZMakeZcodeRealmAuthentication(&newnotice, buffer, buffer_len,
&hdrlen, realm->name);
if (retval != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_sendit_auth make zcksum: %s",
+ syslog(LOG_WARNING, "rlm_sendit_auth make zcksum: %s",
error_message(retval));
return (retval);
}
/* set the dest addr */
retval = ZSetDestAddr(&realm->addrs[realm->idx]);
if (retval != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_sendit_auth set addr: %s",
+ syslog(LOG_WARNING, "rlm_sendit_auth set addr: %s",
error_message(retval));
return (retval);
}
-
- /* This is not terribly pretty, but it does do its job.
+
+ /* This is not terribly pretty, but it does do its job.
* If a packet we get that needs to get sent off to another realm is
* too big after we slap on our authent, we refragment it further,
* a la Z_SendFragmentedNotice. This obviates the need for what
* used to be done in ZFormatAuthenticRealmNotice, as we do it here.
* At some point it should be pulled back out into its own function,
* but only the server uses it.
- */
+ */
- if ((notice->z_message_len+hdrlen > buffer_len) ||
+ if ((notice->z_message_len+hdrlen > buffer_len) ||
(notice->z_message_len+hdrlen > Z_MAXPKTLEN)) {
/* Reallocate buffers inside the refragmenter */
origlen = notice->z_message_len;
if (notice->z_multinotice && strcmp(notice->z_multinotice, ""))
- if (sscanf(notice->z_multinotice, "%d/%d", &origoffset,
+ if (sscanf(notice->z_multinotice, "%d/%d", &origoffset,
&origlen) != 2) {
syslog(LOG_WARNING, "rlm_sendit_auth frag: parse failed");
return ZERR_BADFIELD;
(void) sprintf(multi, "%d/%d", offset+origoffset, origlen);
partnotice.z_multinotice = multi;
if (offset > 0) {
- (void) Z_gettimeofday(&partnotice.z_uid.tv,
+ (void) Z_gettimeofday(&partnotice.z_uid.tv,
(struct timezone *)0);
- partnotice.z_uid.tv.tv_sec = htonl((u_long)
+ partnotice.z_uid.tv.tv_sec = htonl((u_long)
partnotice.z_uid.tv.tv_sec);
- partnotice.z_uid.tv.tv_usec =
+ partnotice.z_uid.tv.tv_usec =
htonl((u_long) partnotice.z_uid.tv.tv_usec);
- (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
+ (void) memcpy((char *)&partnotice.z_uid.zuid_addr, &__My_addr,
sizeof(__My_addr));
partnotice.z_sender_sockaddr.ip4.sin_family = AF_INET; /* XXX */
(void) memcpy((char *)&partnotice.z_sender_sockaddr.ip4.sin_addr,
}
buffer_len = sizeof(ZPacket_t);
-
- retval = ZMakeZcodeRealmAuthentication(&partnotice, buffer,
- buffer_len, &hdrlen,
+
+ retval = ZMakeZcodeRealmAuthentication(&partnotice, buffer,
+ buffer_len, &hdrlen,
realm->name);
if (retval != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_sendit_auth set addr: %s",
+ syslog(LOG_WARNING, "rlm_sendit_auth set addr: %s",
error_message(retval));
free(buffer);
return (retval);
/* now send */
if ((retval = ZSendPacket(buffer, buffer_len, 0)) != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_sendit_auth xmit: %s",
+ syslog(LOG_WARNING, "rlm_sendit_auth xmit: %s",
error_message(retval));
free(buffer);
return(retval);
Unacked_insert(&rlm_nacklist, nacked);
offset += fragsize;
-
+
if (!notice->z_message_len)
break;
}
(void) memcpy(ptr, newnotice.z_message, newnotice.z_message_len);
buffer_len = hdrlen+newnotice.z_message_len;
-
+
/* now send */
if ((retval = ZSendPacket(buffer, buffer_len, 0)) != ZERR_NONE) {
- syslog(LOG_WARNING, "rlm_sendit_auth xmit: %s",
+ syslog(LOG_WARNING, "rlm_sendit_auth xmit: %s",
error_message(retval));
free(buffer);
return(retval);
}
/* now we've sent it, mark it as not ack'ed */
-
+
if (!(nacked = (Unacked *)malloc(sizeof(Unacked)))) {
/* no space: just punt */
syslog(LOG_ERR, "rlm_sendit_auth nack malloc");
nacked->dest.rlm.rlm_srv_idx = realm->idx;
nacked->packsz = buffer_len;
nacked->uid = notice->z_uid;
-
+
/* Do the ack for the last frag, below */
if (ack_to_sender)
nacked->ack_addr = *who;
else
nacked->ack_addr.sin_addr.s_addr = 0;
-
+
/* set a timer to retransmit */
nacked->timer = timer_set_rel(rexmit_times[0], rlm_rexmit, nacked);
/* chain in */
{
krb5_error_code result;
krb5_timestamp sec;
- krb5_ccache ccache;
- krb5_creds creds_in, *creds;
+ krb5_ccache ccache;
+ krb5_creds creds_in, *creds;
- result = krb5_cc_default(Z_krb5_ctx, &ccache);
- if (result)
+ result = krb5_cc_default(Z_krb5_ctx, &ccache);
+ if (result)
return 0;
- memset(&creds_in, 0, sizeof(creds_in));
-
- result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client);
+ memset(&creds_in, 0, sizeof(creds_in));
+
+ result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client);
if (result) {
krb5_cc_close(Z_krb5_ctx, ccache);
return 0;
}
- result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
- strlen(realm),
- realm,
+ result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
+ strlen(realm),
+ realm,
SERVER_KRB5_SERVICE, SERVER_INSTANCE,
- NULL);
+ NULL);
if (result) {
krb5_cc_close(Z_krb5_ctx, ccache);
return 0;
}
- result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
- &creds_in, &creds);
+ result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
+ &creds_in, &creds);
krb5_cc_close(Z_krb5_ctx, ccache);
/* good ticket? */
krb5_timeofday (Z_krb5_ctx, &sec);
- krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
+ krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
if ((result == 0) && (sec < creds->times.endtime)) {
krb5_free_creds(Z_krb5_ctx, creds);
return (1);
{
int pid;
krb5_ccache ccache;
- krb5_error_code result;
- krb5_creds creds_in, *creds;
-
+ krb5_error_code result;
+ krb5_creds creds_in, *creds;
+
get_tgt();
- if (realm->child_pid)
+ if (realm->child_pid)
/* Right idea. Basically, we haven't gotten it yet */
return KRB5KRB_AP_ERR_TKT_EXPIRED;
if (realm->have_tkt) {
- /* Get a pointer to the default ccache. We don't need to free this. */
- result = krb5_cc_default(Z_krb5_ctx, &ccache);
-
- /* GRRR. There's no allocator or constructor for krb5_creds */
- /* GRRR. It would be nice if this API were documented at all */
- memset(&creds_in, 0, sizeof(creds_in));
-
- if (!result)
- result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client);
- /* construct the service principal */
- if (!result)
- result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
- strlen(realm->name), realm->name,
- SERVER_KRB5_SERVICE, SERVER_INSTANCE,
- NULL);
-
- /* HOLDING: creds_in.server */
-
- /* look up or get the credentials we need */
- if (!result)
- result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
- &creds_in, &creds);
+ /* Get a pointer to the default ccache. We don't need to free this. */
+ result = krb5_cc_default(Z_krb5_ctx, &ccache);
+
+ /* GRRR. There's no allocator or constructor for krb5_creds */
+ /* GRRR. It would be nice if this API were documented at all */
+ memset(&creds_in, 0, sizeof(creds_in));
+
+ if (!result)
+ result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client);
+ /* construct the service principal */
+ if (!result)
+ result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
+ strlen(realm->name), realm->name,
+ SERVER_KRB5_SERVICE, SERVER_INSTANCE,
+ NULL);
+
+ /* HOLDING: creds_in.server */
+
+ /* look up or get the credentials we need */
+ if (!result)
+ result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
+ &creds_in, &creds);
krb5_cc_close(Z_krb5_ctx, ccache);
- krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
+ krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
if (!result) {
- krb5_free_creds(Z_krb5_ctx, creds);
- return 0;
+ krb5_free_creds(Z_krb5_ctx, creds);
+ return 0;
}
} else {
syslog(LOG_ERR, "tkt_rtrv: don't have ticket, but have no child");
result = KRB5KRB_AP_ERR_TKT_EXPIRED;
}
-
+
pid = fork();
if (pid < 0) {
syslog(LOG_ERR, "tkt_rtrv: can't fork");
syslog(LOG_INFO, "tkt_rtrv running for %s", realm->name);
while (1) {
/* Get a pointer to the default ccache.
- We don't need to free this. */
- result = krb5_cc_default(Z_krb5_ctx, &ccache);
-
- /* GRRR. There's no allocator or constructor for krb5_creds */
- /* GRRR. It would be nice if this API were documented at all */
- memset(&creds_in, 0, sizeof(creds_in));
-
- if (!result)
+ We don't need to free this. */
+ result = krb5_cc_default(Z_krb5_ctx, &ccache);
+
+ /* GRRR. There's no allocator or constructor for krb5_creds */
+ /* GRRR. It would be nice if this API were documented at all */
+ memset(&creds_in, 0, sizeof(creds_in));
+
+ if (!result)
result = krb5_cc_get_principal(Z_krb5_ctx, ccache,
- &creds_in.client);
- /* construct the service principal */
- if (!result)
- result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
- strlen(realm->name), realm->name,
+ &creds_in.client);
+ /* construct the service principal */
+ if (!result)
+ result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
+ strlen(realm->name), realm->name,
SERVER_KRB5_SERVICE,
- SERVER_INSTANCE,
- NULL);
-
- /* HOLDING: creds_in.server */
-
- /* look up or get the credentials we need */
- if (!result)
- result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
- &creds_in, &creds);
+ SERVER_INSTANCE,
+ NULL);
+
+ /* HOLDING: creds_in.server */
+
+ /* look up or get the credentials we need */
+ if (!result)
+ result = krb5_get_credentials(Z_krb5_ctx, 0 /* flags */, ccache,
+ &creds_in, &creds);
krb5_cc_close(Z_krb5_ctx, ccache);
- krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
+ krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* hope this is OK */
if (!result) {
- krb5_free_creds(Z_krb5_ctx, creds);
+ krb5_free_creds(Z_krb5_ctx, creds);
syslog(LOG_INFO, "tkt_rtrv succeeded for %s", realm->name);
exit(0);
}
-
+
/* Sleep a little while before retrying */
sleep(30);
}
}
}
#endif /* HAVE_KRB5 */
-
*
* Copyright (c) 1987, 1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
#include <zephyr/mit-copyright.h>
#ifndef lint
#ifndef SABER
-static const char rcsid_server_c[] = "$Id: server.c 2407 2009-04-10 01:17:18Z kcr@ATHENA.MIT.EDU $";
+static const char rcsid_server_c[] = "$Id: server.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $";
#endif
#endif
* void server_reset();
*/
-static void server_flush __P((Server *));
-static void hello_respond __P((struct sockaddr_in *, int, int));
-static void srv_responded __P((struct sockaddr_in *));
-static void send_msg __P((struct sockaddr_in *, char *, int));
-static void send_msg_list __P((struct sockaddr_in *, char *, char **, int,
- int));
-static void srv_nack_cancel __P((ZNotice_t *, struct sockaddr_in *));
-static void srv_nack_release __P((Server *));
-static void srv_nack_renumber __P((int *));
-static void send_stats __P((struct sockaddr_in *));
-static void server_queue __P((Server *, int, void *, int,
- struct sockaddr_in *));
-static void server_hello __P((Server *, int));
-static void setup_server __P((Server *, struct in_addr *));
-static void srv_rexmit __P((void *));
-static void server_forw_reliable __P((Server *, caddr_t, int, ZNotice_t *));
-static Code_t admin_dispatch __P((ZNotice_t *, int, struct sockaddr_in *,
- Server *));
-static Code_t kill_clt __P((ZNotice_t *, Server *));
-static Code_t extract_addr __P((ZNotice_t *, struct sockaddr_in *));
-
-static struct in_addr *get_server_addrs __P((int *number));
-static char **get_server_list __P((char *file));
-static char **get_single_server __P((void));
-static void free_server_list __P((char **list));
+static void server_flush(Server *);
+static void hello_respond(struct sockaddr_in *, int, int);
+static void srv_responded(struct sockaddr_in *);
+static void send_msg(struct sockaddr_in *, char *, int);
+static void send_msg_list(struct sockaddr_in *, char *, char **, int,
+ int);
+static void srv_nack_cancel(ZNotice_t *, struct sockaddr_in *);
+static void srv_nack_release(Server *);
+static void srv_nack_renumber (int *);
+static void send_stats(struct sockaddr_in *);
+static void server_queue(Server *, int, void *, int,
+ struct sockaddr_in *);
+static void server_hello(Server *, int);
+static void setup_server(Server *, struct in_addr *);
+static void srv_rexmit(void *);
+static void server_forw_reliable(Server *, caddr_t, int, ZNotice_t *);
+static Code_t admin_dispatch(ZNotice_t *, int, struct sockaddr_in *,
+ Server *);
+static Code_t kill_clt(ZNotice_t *, Server *);
+static Code_t extract_addr(ZNotice_t *, struct sockaddr_in *);
+
+static struct in_addr *get_server_addrs(int *number);
+static char **get_server_list(char *file);
+static char **get_single_server(void);
+static void free_server_list(char **list);
static Unacked *srv_nacktab[SRV_NACKTAB_HASHSIZE];
Server *otherservers; /* points to an array of the known
memset(ok_list_old, 0, nservers * sizeof(int));
memset(ok_list_new, 0, num_servers * sizeof(int));
-
+
/* reset timers--pointers will move */
for (j = 1; j < nservers; j++) { /* skip limbo */
if (j == me_server_idx)
"REALM_STARTING"
};
-/*
+/*
* A server timout has expired. If enough hello's have been unanswered,
* change state and act accordingly. Send a "hello" and reset the timer,
* incrementing the number of hello's sent.
*
* See the FSM in the Zephyr document for a better picture of what's
- * happening here.
+ * happening here.
*/
void
return ZERR_NONE;
}
/* set up a who for the real origin */
- memset(&newwho, 0, sizeof(newwho));
- newwho.sin_family = AF_INET;
- newwho.sin_addr.s_addr = notice->z_sender_addr.s_addr;
- newwho.sin_port = notice->z_port;
+ notice_extract_address(notice, &newwho);
server = server_which_server(who);
pnotice = ¬ice;
memset (¬ice, 0, sizeof(notice));
-
+
pnotice->z_kind = ACKED;
pnotice->z_port = srv_addr.sin_port;
}
#endif /* NEW_COMPAT */
for (realm = otherrealms, i = 0; i < nrealms ; i++, realm++) {
- sprintf(buf, "%s(%s)/%s", realm->name,
+ sprintf(buf, "%s(%s)/%s", realm->name,
inet_ntoa((realm->addrs[realm->idx]).sin_addr),
rlm_states[(int) realm->state]);
responses[num_resp++] = strsave(buf);
i = 0;
for (cpp = server_hosts; *cpp; cpp++)
i++;
-
+
addrs = (struct in_addr *) malloc(i * sizeof(struct in_addr));
/* Convert to in_addr's */
return ret_list;
}
-/*
+/*
* free storage allocated by get_server_list
*/
static void
default:
break;
}
-}
+}
/*
* return the server descriptor for server at who
syslog(LOG_WARNING, "srv_fwd xmit: %s", error_message(retval));
free(pack);
return;
- }
+ }
/* now we've sent it, mark it as not ack'ed */
-
+
nacked = (Unacked *) malloc(sizeof(Unacked));
if (!nacked) {
/* no space: just punt */
Unacked *packet = (Unacked *) arg;
Code_t retval;
/* retransmit the packet */
-
+
if (otherservers[packet->dest.srv_idx].state == SERV_DEAD) {
Unacked_delete(packet);
free(packet->packet);
server_dequeue(Server *server)
{
Pending *pending;
-
+
if (!server->queue)
return NULL;
pending = server->queue;
otherservers[i].dumping ? " (DUMPING)" : "");
}
}
-
* Created by: John T. Kohl
* Derived from timer_manager_.h by Ken Raeburn
*
- * $Id: timer.h 2091 2007-12-20 01:17:23Z kcr $
+ * $Id: timer.h 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $
*
*/
void *arg;
} Timer;
-Timer *timer_set_rel __P((long, timer_proc, void *));
-Timer *timer_set_abs __P((long, timer_proc, void *));
-void timer_reset __P((Timer *));
-void timer_process __P((void));
-struct timeval *timer_timeout __P((struct timeval *tvbuf));
+Timer *timer_set_rel(long, timer_proc, void *);
+Timer *timer_set_abs(long, timer_proc, void *);
+void timer_reset(Timer *);
+void timer_process(void);
+struct timeval *timer_timeout(struct timeval *tvbuf);
#endif /* __TIMER_H */
*
* Created by: John T. Kohl
*
- * $Id: uloc.c 2144 2008-01-21 07:57:32Z kcr $
+ * $Id: uloc.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
#include <zephyr/mit-copyright.h>
#ifndef lint
#ifndef SABER
static const char rcsid_uloc_c[] =
-"$Id: uloc.c 2144 2008-01-21 07:57:32Z kcr $";
+"$Id: uloc.c 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $";
#endif /* SABER */
#endif /* lint */
/* WARNING: make sure this is the same as the number of strings you */
/* plan to hand back to the user in response to a locate request, */
-/* else you will lose. See ulogin_locate() and uloc_send_locations() */
+/* else you will lose. See ulogin_locate() and uloc_send_locations() */
#define NUM_FIELDS 3
typedef enum _Exposure_type {
#define QUIET -1
#define UNAUTH -2
-static void ulogin_locate __P((ZNotice_t *notice, struct sockaddr_in *who,
- int auth)),
-ulogin_flush_user __P((ZNotice_t *notice));
-static Location *ulogin_find __P((char *user, struct in_addr *host,
- unsigned int port));
-static Location *ulogin_find_user __P((char *user));
-static int ulogin_setup __P((ZNotice_t *notice, Location *locs,
- Exposure_type exposure, struct sockaddr_in *who)),
-ulogin_add_user __P((ZNotice_t *notice, Exposure_type exposure,
- struct sockaddr_in *who)),
-ulogin_parse __P((ZNotice_t *notice, Location *locs));
-static Exposure_type ulogin_remove_user __P((ZNotice_t *notice,
- struct sockaddr_in *who,
- int *err_return));
-static void login_sendit __P((ZNotice_t *notice, int auth,
- struct sockaddr_in *who, int external));
-static char **ulogin_marshal_locs __P((ZNotice_t *notice, int *found,
- int auth));
-
-static void free_loc __P((Location *loc));
-static void ulogin_locate_forward __P((ZNotice_t *notice,
- struct sockaddr_in *who, ZRealm *realm));
+static void ulogin_locate(ZNotice_t *notice, struct sockaddr_in *who,
+ int auth);
+static void ulogin_flush_user(ZNotice_t *notice);
+static Location *ulogin_find(char *user, struct in_addr *host,
+ unsigned int port);
+static Location *ulogin_find_user(char *user);
+static int ulogin_setup(ZNotice_t *notice, Location *locs,
+ Exposure_type exposure, struct sockaddr_in *who);
+static int ulogin_add_user(ZNotice_t *notice, Exposure_type exposure,
+ struct sockaddr_in *who);
+static int ulogin_parse(ZNotice_t *notice, Location *locs);
+static Exposure_type ulogin_remove_user(ZNotice_t *notice,
+ struct sockaddr_in *who,
+ int *err_return);
+static void login_sendit(ZNotice_t *notice, int auth,
+ struct sockaddr_in *who, int external);
+static char **ulogin_marshal_locs(ZNotice_t *notice, int *found, int auth);
+
+static void free_loc(Location *loc);
+static void ulogin_locate_forward(ZNotice_t *notice, struct sockaddr_in *who,
+ ZRealm *realm);
static Location *locations = NULL; /* ptr to first in array */
static int num_locs = 0; /* number in array */
if (server == me_server)
clt_ack(notice, who, NOT_FOUND);
return ZERR_NONE;
- }
+ }
syslog(LOG_ERR,"bogus location exposure NONE, %s",
notice->z_sender);
break;
server_forward(notice, auth, who);
return ZERR_NONE;
}
- if (!bdumping &&
+ if (!bdumping &&
(!auth || strcmp(notice->z_sender, notice->z_class_inst) != 0)) {
zdbug((LOG_DEBUG,"unauthentic ulogin: %d %s %s", auth,
notice->z_sender, notice->z_class_inst));
}
} else {
if (!strcmp(notice->z_opcode, LOGIN_USER_LOGIN)) {
- zdbug((LOG_DEBUG, "ulog opcode from unknown foreign realm %s",
+ zdbug((LOG_DEBUG, "ulog opcode from unknown foreign realm %s",
notice->z_opcode));
} else {
syslog(LOG_ERR, "unknown ulog opcode %s", notice->z_opcode);
/*
* Set up the location locs with the information in the notice.
- */
+ */
static int
ulogin_setup(ZNotice_t *notice,
locs->tty = make_string(cp, 0);
return 0;
-}
+}
static Location *
loc[i] = locations[i];
i++;
}
-
+
for(j = 0; j < num_match; j++) {
free_loc(&locations[i]);
i++;
static char **
ulogin_marshal_locs(ZNotice_t *notice,
int *found,
- int auth)
+ int auth)
{
Location **matches = (Location **) 0;
Location *loc;
/* OK, now we have a list of user@host's to return to the client
in matches */
-
-
+
+
#ifdef DEBUG
if (zdebug) {
for (i = 0; i < *found ; i++)
matches[i]->user->string));
}
#endif
-
+
/* coalesce the location information into a list of char *'s */
answer = (char **) malloc((*found) * NUM_FIELDS * sizeof(char *));
if (!answer) {
answer[i * NUM_FIELDS + 1] = matches[i]->time;
answer[i * NUM_FIELDS + 2] = matches[i]->tty->string;
}
-
+
if (matches)
free(matches);
return answer;
lnotice = *notice;
lnotice.z_opcode = REALM_REQ_LOCATE;
-
+
realm_handoff(&lnotice, 1, who, realm, 0);
}
ZNotice_t lnotice;
char *pack;
int packlen;
-
+
#ifdef DEBUG
if (zdebug)
zdbug((LOG_DEBUG, "ulogin_realm_locate"));
#endif
-
+
answer = ulogin_marshal_locs(notice, &found, 0/*AUTH*/);
-
+
lnotice = *notice;
lnotice.z_opcode = REALM_ANS_LOCATE;
-
+
if ((retval = ZFormatRawNoticeList(&lnotice, answer, found * NUM_FIELDS, &pack, &packlen)) != ZERR_NONE) {
syslog(LOG_WARNING, "ulog_rlm_loc format: %s",
error_message(retval));
-
+
if (answer)
free(answer);
return;
}
if (answer)
free(answer);
-
+
if ((retval = ZParseNotice(pack, packlen, &lnotice)) != ZERR_NONE) {
syslog(LOG_WARNING, "subscr_rlm_sendit parse: %s",
error_message(retval));
free(pack);
return;
}
-
+
realm_handoff(&lnotice, 1, who, realm, 0);
free(pack);
-
+
return;
}
struct sockaddr_in newwho;
char *pack;
int packlen;
-
- newwho.sin_addr.s_addr = notice->z_sender_addr.s_addr;
- newwho.sin_port = notice->z_port;
- newwho.sin_family = AF_INET;
-
+
+ notice_extract_address(notice, &newwho);
+
if ((retval = ZSetDestAddr(&newwho)) != ZERR_NONE) {
syslog(LOG_WARNING, "uloc_relay_loc set addr: %s",
error_message(retval));
return;
}
-
+
lnotice = *notice;
lnotice.z_opcode = LOCATE_LOCATE;
lnotice.z_kind = ACKED;
lnotice.z_ascii_authent = "";
lnotice.z_checksum = 0;
lnotice.z_ascii_checksum = "";
-
+
if ((retval = ZFormatRawNotice(&lnotice, &pack, &packlen)) != ZERR_NONE) {
syslog(LOG_WARNING, "ulog_relay_loc format: %s",
error_message(retval));
return;
}
-
+
if ((retval = ZSendPacket(pack, packlen, 0)) != ZERR_NONE) {
syslog(LOG_WARNING, "ulog_relay_loc xmit: %s",
error_message(retval));
}
free(pack);
}
-
#include <stdlib.h>
+#ifdef HAVE_STDBOOL_H
#include <stdbool.h>
+#else
+typedef enum {false = 0, true = 1} bool;
+#endif
#include <sys/types.h>
#include <inttypes.h>
#include <limits.h>
*
* Created by: John T. Kohl
*
- * $Id: zserver.h 2422 2009-04-14 12:57:11Z kcr@ATHENA.MIT.EDU $
+ * $Id: zserver.h 2525 2009-08-09 18:42:31Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1987,1988,1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
- * "mit-copyright.h".
+ * "mit-copyright.h".
*/
#include <zephyr/mit-copyright.h>
#include <internal.h>
-#include <com_err.h>
-
#include <arpa/inet.h>
#include "zsrv_err.h"
extern krb5_keyblock *__Zephyr_keyblock;
#define ZGetSession() (__Zephyr_keyblock)
void ZSetSession(krb5_keyblock *keyblock);
-Code_t ZFormatAuthenticNoticeV5(ZNotice_t*, char*, int, int*, krb5_keyblock *);
krb5_error_code Z_krb5_init_keyblock(krb5_context, krb5_enctype, size_t,
krb5_keyblock **);
#endif
int idx; /* which server we are connected to */
Destlist *subs; /* what their clients sub to */
Destlist *remsubs; /* our subs on their end */
- Client *client;
+ Client *client;
int child_pid;
int have_tkt;
ZRealm_state state;
(*head) = (elem); \
(elem)->prev_p = (head); \
}
-
+
#define MAKE_LIST_DELETE(type) inline static void type##_delete(type *elem) \
{\
*(elem)->prev_p = (elem)->next; \
MAKE_LIST_INSERT(Destlist);
MAKE_LIST_DELETE(Destlist);
-MAKE_LIST_INSERT(Client);
-MAKE_LIST_DELETE(Client);
-MAKE_LIST_INSERT(Triplet);
-MAKE_LIST_DELETE(Triplet);
+MAKE_LIST_INSERT(Client);
+MAKE_LIST_DELETE(Client);
+MAKE_LIST_INSERT(Triplet);
+MAKE_LIST_DELETE(Triplet);
MAKE_LIST_INSERT(Unacked);
MAKE_LIST_DELETE(Unacked);
Code_t triplet_register(Client *client, Destination *dest, ZRealm *realm);
Code_t triplet_deregister(Client *client, Destination *dest,
ZRealm *realm);
-Code_t class_restrict(char *class, Acl *acl);
-Code_t class_setup_restricted(char *class, Acl *acl);
+Code_t class_restrict(char *class_name, Acl *acl);
+Code_t class_setup_restricted(char *class_name, Acl *acl);
Client **triplet_lookup(Destination *dest);
-Acl *class_get_acl(String *class);
+Acl *class_get_acl(String *class_name);
int dest_eq(Destination *d1, Destination *d2);
int order_dest_strings(Destination *d1, Destination *d2);
void triplet_dump_subs(FILE *fp);
char *strsave(const char *str);
unsigned long hash (const char *);
void dump_quote(char *p, FILE *fp);
+void notice_extract_address(ZNotice_t *notice, struct sockaddr_in *addr);
/* found in dispatch.c */
void handle_packet(void);
void hostm_shutdown(void);
/* found in kstuff.c */
-Code_t ZCheckRealmAuthentication(ZNotice_t *, struct sockaddr_in *, char *);
+Code_t ZCheckSrvAuthentication(ZNotice_t *notice, struct sockaddr_in *from, char *realm);
#if defined(HAVE_KRB4) || defined(HAVE_KRB5)
Code_t ReadKerberosData(int, int *, char **, int *);
void sweep_ticket_hash_table(void *);
Code_t SendKrb5Data(int, krb5_data *);
Code_t GetKrb5Data(int, krb5_data *);
#endif
-
+
/* found in server.c */
void server_timo(void *which);
void server_dump_servers(FILE *fp);
*
* Created by: Lucien W. Van Elsen
*
- * $Id: zstring.c 2286 2009-03-02 03:14:23Z kcr $
+ * $Id: zstring.c 2540 2009-08-22 23:39:24Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#ifndef lint
#ifndef SABER
static const char rcsid_zstring_c[] =
-"$Id: zstring.c 2286 2009-03-02 03:14:23Z kcr $";
+"$Id: zstring.c 2540 2009-08-22 23:39:24Z kcr@ATHENA.MIT.EDU $";
#endif
#endif
int valid_utf8_p(const char* s)
{
- int len;
- ssize_t uc;
+ ssize_t len;
+ int32_t uc;
while ((len = utf8proc_iterate((const unsigned char *)s, -1, &uc))) {
if (len <=0) return 0; /* Not valid UTF-8 encoding. */
* Copyright (C) 1991 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file "mit-copyright.h".
*
- * $Id: zstring.h 2091 2007-12-20 01:17:23Z kcr $
+ * $Id: zstring.h 2527 2009-08-09 18:42:32Z kcr@ATHENA.MIT.EDU $
*/
#include <zephyr/mit-copyright.h>
struct _String *next, *prev; /* for linking in hash table */
} String;
-String *make_string __P((char *s, int downcase));
-void free_string __P((String *z));
-String *find_string __P((char *s, int downcase));
-String *dup_string __P((String *z));
-int comp_string __P((String *a, String *b));
-void print_string_table __P((FILE *f));
+String *make_string(char *s, int downcase);
+void free_string(String *z);
+String *find_string(char *s, int downcase);
+String *dup_string(String *z);
+int comp_string(String *a, String *b);
+void print_string_table(FILE *f);
#endif /* __zstring_h */
*
* Created by: Marc Horowitz <marc@athena.mit.edu>
*
- * $Id: error.h 2091 2007-12-20 01:17:23Z kcr $
+ * $Id: error.h 2493 2009-07-13 05:17:23Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1989 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <stdio.h>
#include <errno.h>
-#include <com_err.h>
+#include <zephyr/zephyr.h>
extern int error_code;
*
* Created by: Marc Horowitz <marc@athena.mit.edu>
*
- * $Id: main.c 2437 2009-04-21 04:11:03Z kcr@ATHENA.MIT.EDU $
+ * $Id: main.c 2501 2009-07-26 16:32:54Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1989 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#endif
#if (!defined(lint) && !defined(SABER))
-static const char rcsid_main_c[] = "$Id: main.c 2437 2009-04-21 04:11:03Z kcr@ATHENA.MIT.EDU $";
+static const char rcsid_main_c[] = "$Id: main.c 2501 2009-07-26 16:32:54Z kcr@ATHENA.MIT.EDU $";
#endif
#include <netdb.h>
void
notice_handler(ZNotice_t *notice)
{
+#ifndef HAVE_ARES
char node[MAXDNAME];
+#endif
#if defined(CMU_ZWGCPLUS)
list_add_notice(notice);
extern void plus_queue_notice(ZNotice_t *notice);
extern long plus_timequeue_events(void);
+void plus_set_hname(ZNotice_t *notice, char *hname);
*
* Created by: Marc Horowitz <marc@athena.mit.edu>
*
- * $Id: tty_filter.c 2432 2009-04-18 18:30:45Z kcr@ATHENA.MIT.EDU $
+ * $Id: tty_filter.c 2529 2009-08-09 20:43:14Z kcr@ATHENA.MIT.EDU $
*
* Copyright (c) 1989 by the Massachusetts Institute of Technology.
* For copying and distribution information, see the file
#include <sysdep.h>
#if (!defined(lint) && !defined(SABER))
-static const char rcsid_tty_filter_c[] = "$Id: tty_filter.c 2432 2009-04-18 18:30:45Z kcr@ATHENA.MIT.EDU $";
+static const char rcsid_tty_filter_c[] = "$Id: tty_filter.c 2529 2009-08-09 20:43:14Z kcr@ATHENA.MIT.EDU $";
#endif
#include <zephyr/mit-copyright.h>
#include <termcap.h>
#else
#ifdef HAVE_TERM_H
+#ifdef HAVE_TERMIO_H
+/* I blame Solaris. Solaris to blame. */
+#include <termio.h>
+#endif
+#ifdef HAVE_CURSES_H
+#include <curses.h>
+#endif
#include <term.h>
#endif
#endif
string_dictionary_binding *b;
b = string_dictionary_Lookup(termcap_dict,"B.bell");
if (b) {
- temp->str = b->value;
+ temp->str = strdup(b->value);
temp->len = string_Length(temp->str);
} else
/* shouldn't get here! */