both]
--with-tags[=TAGS] include additional configurations [automatic]
--with-x use the X Window System
+ --with-openssl=PREFIX Use OpenSSL crypto
--with-krb4=PREFIX Use Kerberos 4
--with-krb5=PREFIX Use Kerberos 5
--with-hesiod=PREFIX Use Hesiod
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 4144 "configure"' > conftest.$ac_ext
+ echo '#line 4145 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6710: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6711: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6714: \$? = $ac_status" >&5
+ echo "$as_me:6715: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6943: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6944: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6947: \$? = $ac_status" >&5
+ echo "$as_me:6948: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7003: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7004: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:7007: \$? = $ac_status" >&5
+ echo "$as_me:7008: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 8333 "configure"' > conftest.$ac_ext
+ echo '#line 8334 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9171 "configure"
+#line 9172 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9269 "configure"
+#line 9270 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11448: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11449: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:11452: \$? = $ac_status" >&5
+ echo "$as_me:11453: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11508: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11509: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:11512: \$? = $ac_status" >&5
+ echo "$as_me:11513: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 12019 "configure"' > conftest.$ac_ext
+ echo '#line 12020 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 12857 "configure"
+#line 12858 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 12955 "configure"
+#line 12956 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13782: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13783: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:13786: \$? = $ac_status" >&5
+ echo "$as_me:13787: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13842: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13843: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:13846: \$? = $ac_status" >&5
+ echo "$as_me:13847: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 15152 "configure"' > conftest.$ac_ext
+ echo '#line 15153 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15896: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15897: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15900: \$? = $ac_status" >&5
+ echo "$as_me:15901: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16129: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16130: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:16133: \$? = $ac_status" >&5
+ echo "$as_me:16134: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
-e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:16189: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:16190: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:16193: \$? = $ac_status" >&5
+ echo "$as_me:16194: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
libsuff=
case "$host_cpu" in
x86_64*|s390x*|powerpc64*)
- echo '#line 17519 "configure"' > conftest.$ac_ext
+ echo '#line 17520 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 18357 "configure"
+#line 18358 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 18455 "configure"
+#line 18456 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
+# Check whether --with-openssl was given.
+if test "${with_openssl+set}" = set; then
+ withval=$with_openssl; openssl="$withval"
+else
+ openssl=no
+fi
+
+if test "$openssl" != no; then
+ { echo "$as_me:$LINENO: checking for DES_ecb_encrypt in -lcrypto" >&5
+echo $ECHO_N "checking for DES_ecb_encrypt in -lcrypto... $ECHO_C" >&6; }
+if test "${ac_cv_lib_crypto_DES_ecb_encrypt+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char DES_ecb_encrypt ();
+int
+main ()
+{
+return DES_ecb_encrypt ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_crypto_DES_ecb_encrypt=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_crypto_DES_ecb_encrypt=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_DES_ecb_encrypt" >&5
+echo "${ECHO_T}$ac_cv_lib_crypto_DES_ecb_encrypt" >&6; }
+if test $ac_cv_lib_crypto_DES_ecb_encrypt = yes; then
+ OPENSSL_LIBS=-lcrypto
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_OPENSSL 1
+_ACEOF
+
+else
+ { { echo "$as_me:$LINENO: error: Openssl requested but not found" >&5
+echo "$as_me: error: Openssl requested but not found" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+fi
+
+
# Check whether --with-krb4 was given.
if test "${with_krb4+set}" = set; then
withval=$with_krb4; krb4="$withval"
echo "$as_me: error: This package requires ss." >&2;}
{ (exit 1); exit 1; }; }
fi
-LIBS="$KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS"
+LIBS="$OPENSSL_LIBS $KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS"
if test $ac_cv_c_compiler_gnu = yes; then
{ echo "$as_me:$LINENO: checking whether $CC needs -traditional" >&5
#define TKTLIFETIME 120
#define tkt_lifetime(val) ((long) val * 5L * 60L)
+#endif /* HAVE_KRB4 */
+
+#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL)
extern C_Block serv_key;
extern Sched serv_ksched;
-#endif /* HAVE_KRB4 */
+#endif
static Timer *bdump_timer;
static int live_socket = -1;
}
#if defined(HAVE_KRB4) || defined(HAVE_KRB5)
+
+int got_des = 0;
+
+#ifndef HAVE_KRB4
+unsigned int enctypes[] = {ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD4,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_RAW,
+ 0};
+#endif
+
+
int
get_tgt(void)
{
int retval = 0;
+#ifndef HAVE_KRB4
+ int i;
+ krb5_keytab_entry kt_ent;
+#endif
#ifdef HAVE_KRB4
/* MIT Kerberos 4 get_svc_in_tkt() requires instance to be writable and
* at least INST_SZ bytes long. */
return 1;
}
des_key_sched(serv_key, serv_ksched.s);
+ got_des = 1;
}
#endif
#ifdef HAVE_KRB5
0,
NULL,
&opt);
+#if defined(HAVE_OPENSSL) && !defined(HAVE_KRB4)
+ if (retval) {
+ krb5_free_principal(Z_krb5_ctx, principal);
+ krb5_kt_close(Z_krb5_ctx, kt);
+ return(1);
+ }
+
+ for (i = 0; enctypes[i]; i++) {
+ retval = krb5_kt_get_entry(Z_krb5_ctx, kt, principal,
+ 0, enctypes[i], &kt_ent);
+ if (!retval)
+ break;
+ }
+ if (!retval) {
+ retval = krb5_copy_keyblock(Z_krb5_ctx, &kt_ent.key, &serv_key);
+ if (retval) {
+ krb5_free_principal(Z_krb5_ctx, principal);
+ krb5_kt_close(Z_krb5_ctx, kt);
+ return(1);
+ }
+
+ des_key_sched(serv_key, serv_ksched.s);
+
+ got_des = 1;
+ }
+#endif
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
+#if defined(HAVE_OPENSSL) && !defined(HAVE_KRB4)
if (retval) return(1);
+#endif
retval = krb5_cc_initialize (Z_krb5_ctx, Z_krb5_ccache, cred.client);
if (retval) return(1);
#endif
#if defined(HAVE_KRB4) || defined(HAVE_KRB5)
char *cp;
-#endif
-#ifdef HAVE_KRB4
C_Block cblock;
-#endif /* HAVE_KRB4 */
+#endif
ZRealm *realm = NULL;
zdbug((LOG_DEBUG, "bdump recv loop"));
/* check out this session key I found */
cp = notice.z_message + strlen(notice.z_message) + 1;
switch (*cp) {
-#ifdef HAVE_KRB4
- case '0':
- /* ****ing netascii; this is an encrypted DES keyblock
- XXX this code should be conditionalized for server
- transitions */
- retval = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC,
- sizeof(C_Block),
- &client->session_keyblock);
- if (retval) {
- syslog(LOG_ERR, "brl failed to allocate DES keyblock: %s",
- error_message(retval));
- return retval;
- }
- retval = ZReadAscii(cp, strlen(cp), cblock, sizeof(C_Block));
- if (retval != ZERR_NONE) {
- syslog(LOG_ERR,"brl bad cblk read: %s (%s)",
+#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL)
+ if (got_des) {
+ /* ****ing netascii; this is an encrypted DES keyblock
+ XXX this code should be conditionalized for server
+ transitions */
+ retval = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC,
+ sizeof(C_Block),
+ &client->session_keyblock);
+ if (retval) {
+ syslog(LOG_ERR, "brl failed to allocate DES keyblock: %s",
+ error_message(retval));
+ return retval;
+ }
+ retval = ZReadAscii(cp, strlen(cp), cblock, sizeof(C_Block));
+ if (retval != ZERR_NONE) {
+ syslog(LOG_ERR,"brl bad cblk read: %s (%s)",
error_message(retval), cp);
- } else {
- des_ecb_encrypt((C_Block *)cblock, (C_Block *)Z_keydata(client->session_keyblock),
- serv_ksched.s, DES_DECRYPT);
+ } else {
+ des_ecb_encrypt((C_Block *)cblock, (C_Block *)Z_keydata(client->session_keyblock),
+ serv_ksched.s, DES_DECRYPT);
+ }
}
break;
#endif