RLIB
SLIB
KRB4_LIBS
+krb5config
KRB5_LIBS
HESIOD_LIBS
REGEX_LIBS
both]
--with-tags[=TAGS] include additional configurations [automatic]
--with-x use the X Window System
- --with-openssl=PREFIX Use OpenSSL crypto
--with-krb4=PREFIX Use Kerberos 4
--with-krb5=PREFIX Use Kerberos 5
--with-hesiod=PREFIX Use Hesiod
-# Check whether --with-openssl was given.
-if test "${with_openssl+set}" = set; then
- withval=$with_openssl; openssl="$withval"
-else
- openssl=no
-fi
-
-if test "$openssl" != no; then
- { echo "$as_me:$LINENO: checking for DES_ecb_encrypt in -lcrypto" >&5
-echo $ECHO_N "checking for DES_ecb_encrypt in -lcrypto... $ECHO_C" >&6; }
-if test "${ac_cv_lib_crypto_DES_ecb_encrypt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypto $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DES_ecb_encrypt ();
-int
-main ()
-{
-return DES_ecb_encrypt ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_lib_crypto_DES_ecb_encrypt=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_crypto_DES_ecb_encrypt=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_DES_ecb_encrypt" >&5
-echo "${ECHO_T}$ac_cv_lib_crypto_DES_ecb_encrypt" >&6; }
-if test $ac_cv_lib_crypto_DES_ecb_encrypt = yes; then
- OPENSSL_LIBS=-lcrypto
- cat >>confdefs.h <<\_ACEOF
-#define HAVE_OPENSSL 1
-_ACEOF
-
-else
- { { echo "$as_me:$LINENO: error: Openssl requested but not found" >&5
-echo "$as_me: error: Openssl requested but not found" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-fi
-
-
# Check whether --with-krb4 was given.
if test "${with_krb4+set}" = set; then
withval=$with_krb4; krb4="$withval"
fi
+
+# Check whether --with-krb5 was given.
+if test "${with_krb5+set}" = set; then
+ withval=$with_krb5; krb5="$withval"
+else
+ krb5=no
+fi
+
+if test "$krb5" != no; then
+ { echo "$as_me:$LINENO: checking for library containing gethostbyname" >&5
+echo $ECHO_N "checking for library containing gethostbyname... $ECHO_C" >&6; }
+if test "${ac_cv_search_gethostbyname+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' nsl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_search_gethostbyname=$ac_res
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext
+ if test "${ac_cv_search_gethostbyname+set}" = set; then
+ break
+fi
+done
+if test "${ac_cv_search_gethostbyname+set}" = set; then
+ :
+else
+ ac_cv_search_gethostbyname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_search_gethostbyname" >&5
+echo "${ECHO_T}$ac_cv_search_gethostbyname" >&6; }
+ac_res=$ac_cv_search_gethostbyname
+if test "$ac_res" != no; then
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { echo "$as_me:$LINENO: checking for library containing socket" >&5
+echo $ECHO_N "checking for library containing socket... $ECHO_C" >&6; }
+if test "${ac_cv_search_socket+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' socket; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_search_socket=$ac_res
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext
+ if test "${ac_cv_search_socket+set}" = set; then
+ break
+fi
+done
+if test "${ac_cv_search_socket+set}" = set; then
+ :
+else
+ ac_cv_search_socket=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_search_socket" >&5
+echo "${ECHO_T}$ac_cv_search_socket" >&6; }
+ac_res=$ac_cv_search_socket
+if test "$ac_res" != no; then
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for compile in -lgen" >&5
+echo $ECHO_N "checking for compile in -lgen... $ECHO_C" >&6; }
+if test "${ac_cv_lib_gen_compile+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char compile ();
+int
+main ()
+{
+return compile ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_gen_compile=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_gen_compile=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gen_compile" >&5
+echo "${ECHO_T}$ac_cv_lib_gen_compile" >&6; }
+if test $ac_cv_lib_gen_compile = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGEN 1
+_ACEOF
+
+ LIBS="-lgen $LIBS"
+
+fi
+
+ if test "$krb5" != yes; then
+ PATH="$PATH:$krb5/bin"
+ fi
+ # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_krb5config+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ if test -n "$krb5config"; then
+ ac_cv_prog_krb5config="$krb5config" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_krb5config="yes"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+krb5config=$ac_cv_prog_krb5config
+if test -n "$krb5config"; then
+ { echo "$as_me:$LINENO: result: $krb5config" >&5
+echo "${ECHO_T}$krb5config" >&6; }
+else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+ if test "$krb5config" == yes; then
+ CPPFLAGS="$CPPFLAGS $(krb5-config --cflags krb5)"
+ KRB5_LIBS="$(krb5-config --libs krb5)"
+ else
+ if test "$krb5" != yes; then
+ CPPFLAGS="$CPPFLAGS -I$krb5/include"
+ LDFLAGS="$LDFLAGS -L$krb5/lib"
+ fi
+ { echo "$as_me:$LINENO: checking for krb5_init_context in -lkrb5" >&5
+echo $ECHO_N "checking for krb5_init_context in -lkrb5... $ECHO_C" >&6; }
+if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5 -lk5crypto -lcom_err $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5_init_context ();
+int
+main ()
+{
+return krb5_init_context ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_krb5_krb5_init_context=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_krb5_krb5_init_context=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_krb5_krb5_init_context" >&5
+echo "${ECHO_T}$ac_cv_lib_krb5_krb5_init_context" >&6; }
+if test $ac_cv_lib_krb5_krb5_init_context = yes; then
+ :
+else
+ { { echo "$as_me:$LINENO: error: Kerberos 5 libraries not found" >&5
+echo "$as_me: error: Kerberos 5 libraries not found" >&2;}
+ { (exit 1); exit 1; }; }
+fi
+
+ KRB5_LIBS="-lkrb5 -l5crypto -lcom_err"
+ fi
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5 1
+_ACEOF
+
+fi
+
+
+
# Check whether --with-krb5 was given.
if test "${with_krb5+set}" = set; then
withval=$with_krb5; krb5="$withval"
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5 -lk5crypto -lcom_err $LIBS"
+LIBS="-lkrb5 $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
{ (exit 1); exit 1; }; }
fi
- KRB5_LIBS="-lkrb5 -lk5crypto -lcom_err"
+ KRB5_LIBS="-lkrb5"
cat >>confdefs.h <<\_ACEOF
#define HAVE_KRB5 1
_ACEOF
echo "$as_me: error: This package requires ss." >&2;}
{ (exit 1); exit 1; }; }
fi
-LIBS="$OPENSSL_LIBS $KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS"
+LIBS="$KRB5_LIBS $KRB4_LIBS $HESIOD_LIBS $LIBS"
if test $ac_cv_c_compiler_gnu = yes; then
{ echo "$as_me:$LINENO: checking whether $CC needs -traditional" >&5
done
+for ac_func in krb5_crypto_init
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
{ echo "$as_me:$LINENO: checking for krb5_auth_con_getauthenticator taking double pointer" >&5
echo $ECHO_N "checking for krb5_auth_con_getauthenticator taking double pointer... $ECHO_C" >&6; }
if test "${ac_cv_krb5_auth_con_getauthenticator_takes_double_pointer+set}" = set; then
RLIB!$RLIB$ac_delim
SLIB!$SLIB$ac_delim
KRB4_LIBS!$KRB4_LIBS$ac_delim
+krb5config!$krb5config$ac_delim
KRB5_LIBS!$KRB5_LIBS$ac_delim
HESIOD_LIBS!$HESIOD_LIBS$ac_delim
REGEX_LIBS!$REGEX_LIBS$ac_delim
-ARES_LIBS!$ARES_LIBS$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
+ARES_LIBS!$ARES_LIBS$ac_delim
LIBOBJS!$LIBOBJS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 2; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 3; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
static void shutdown_file_pointers(void);
static void cleanup(Server *server);
+#if defined(HAVE_KRB4) || defined(HAVE_KRB5)
+static int des_service_decrypt(unsigned char *in, unsigned char *out);
+#endif
#ifdef HAVE_KRB5
static long ticket5_time;
#define TKT5LIFETIME 8*60*60
#endif /* HAVE_KRB4 */
-#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL)
+#if defined(HAVE_KRB4)
extern C_Block serv_key;
extern Sched serv_ksched;
#endif
+#if defined(HAVE_KRB5) && !defined(HAVE_KRB4)
+krb5_keyblock *server_key;
+#endif
static Timer *bdump_timer;
static int live_socket = -1;
unsigned int enctypes[] = {ENCTYPE_DES_CBC_CRC,
ENCTYPE_DES_CBC_MD4,
ENCTYPE_DES_CBC_MD5,
+#ifdef ENCTYPE_DES_CBC_RAW
ENCTYPE_DES_CBC_RAW,
+#endif
0};
#endif
0,
NULL,
&opt);
-#if defined(HAVE_OPENSSL) && !defined(HAVE_KRB4)
+#ifndef HAVE_KRB4
if (retval) {
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
break;
}
if (!retval) {
- retval = krb5_copy_keyblock(Z_krb5_ctx, &kt_ent.key, &serv_key);
+#ifdef HAVE_KRB5_CRYPTO_INIT
+ retval = krb5_copy_keyblock(Z_krb5_ctx, &kt_ent.keyblock,
+ &server_key);
+#else
+ retval = krb5_copy_keyblock(Z_krb5_ctx, &kt_ent.key, &server_key);
+#endif
if (retval) {
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
return(1);
}
- des_key_sched(serv_key, serv_ksched.s);
-
got_des = 1;
}
#endif
krb5_free_principal(Z_krb5_ctx, principal);
krb5_kt_close(Z_krb5_ctx, kt);
-#if defined(HAVE_OPENSSL) && !defined(HAVE_KRB4)
+#ifndef HAVE_KRB4
if (retval) return(1);
#endif
#endif
#if defined(HAVE_KRB4) || defined(HAVE_KRB5)
char *cp;
+#ifndef HAVE_KRB4
+ unsigned char cblock[8];
+#else
C_Block cblock;
+#endif
#endif
ZRealm *realm = NULL;
if (*notice.z_class_inst) {
/* check out this session key I found */
cp = notice.z_message + strlen(notice.z_message) + 1;
- switch (*cp) {
-#if defined(HAVE_KRB4) || defined(HAVE_OPENSSL)
- if (got_des) {
- /* ****ing netascii; this is an encrypted DES keyblock
- XXX this code should be conditionalized for server
- transitions */
- retval = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC,
- sizeof(C_Block),
- &client->session_keyblock);
+ if (*cp == '0' && got_des) {
+ /* ****ing netascii; this is an encrypted DES keyblock
+ XXX this code should be conditionalized for server
+ transitions */
+ retval = Z_krb5_init_keyblock(Z_krb5_ctx, ENCTYPE_DES_CBC_CRC,
+ sizeof(cblock),
+ &client->session_keyblock);
+ if (retval) {
+ syslog(LOG_ERR, "brl failed to allocate DES keyblock: %s",
+ error_message(retval));
+ return retval;
+ }
+ retval = ZReadAscii(cp, strlen(cp), cblock, sizeof(cblock));
+ if (retval != ZERR_NONE) {
+ syslog(LOG_ERR,"brl bad cblk read: %s (%s)",
+ error_message(retval), cp);
+ } else {
+ retval = des_service_decrypt(cblock, Z_keydata(client->session_keyblock));
if (retval) {
- syslog(LOG_ERR, "brl failed to allocate DES keyblock: %s",
+ syslog(LOG_ERR, "brl failed to decyrpt DES session key: %s",
error_message(retval));
return retval;
}
- retval = ZReadAscii(cp, strlen(cp), cblock, sizeof(C_Block));
- if (retval != ZERR_NONE) {
- syslog(LOG_ERR,"brl bad cblk read: %s (%s)",
- error_message(retval), cp);
- } else {
- des_ecb_encrypt((C_Block *)cblock, (C_Block *)Z_keydata(client->session_keyblock),
- serv_ksched.s, DES_DECRYPT);
- }
}
- break;
-#endif
- case 'Z':
+ } else if (*cp == 'Z') {
/* Zcode! Long live the new flesh! */
retval = ZReadZcode((unsigned char *)cp, buf, sizeof(buf), &blen);
if (retval != ZERR_NONE) {
memcpy(Z_keydata(client->session_keyblock), &buf[8],
Z_keylen(client->session_keyblock));
}
- break;
}
}
#else
return 0;
}
+
+#ifdef HAVE_KRB5
+static int des_service_decrypt(unsigned char *in, unsigned char *out) {
+#ifndef HAVE_KRB4
+ krb5_data dout;
+ krb5_enc_data din;
+
+ dout.length = 8;
+ dout.data = out;
+
+ din.ciphertext.length = 8;
+ din.ciphertext.data = in;
+ din.enctype = Z_enctype(server_key);
+
+#ifdef HAVE_KRB5_CRYPTO_INIT
+ return krb5_c_decrypt(Z_krb5_ctx, *server_key, 0, 0, &din, &dout);
+#else
+ return krb5_c_decrypt(Z_krb5_ctx, server_key, 0, 0, &din, &dout);
+#endif
+#else
+ des_ecb_encrypt((C_Block *)in, (C_Block *)out, serv_ksched.s, DES_DECRYPT);
+ return 0; /* sigh */
+#endif
+}
+#endif