Merge remote branch 'h-github/master' into win32-port2

* h-github/master: (64 commits)
  refix socket wrappers with rk_
  Patch from Secure Endpoints/Asanka Herath for windows support
  unset KRB5CCNAME
  its really just LIBADD more most of them
  correct quoting
  Use -lpthread for modern freebsd instead
  clean KRB5CCNAME and KRB5_CONFIG, require test to reset them
  more up ${env_setup}
  use PTHREADS_LIBADD for freebsd6 and newer
  add PTHREAD_LIBADD
  add PTHREAD_LIBADD
  add PTHREAD_LIBADD
  switch to PTHREADS_LIBADD
  log what the error string say too
  More debug logging
  sprinkle more 'echo "test failed"'
  sprinkle 'echo "test failed"'
  use calloc(), indent more prettier
  in sh, equal compare is really = for strings, not ==
  Check for duplicates, already loaded mechs
  ...

Conflicts (resolved):
	lib/krb5/auth_context.c
	lib/krb5/changepw.c
	lib/krb5/context.c
	lib/krb5/error_string.c
	lib/krb5/kuserok.c
	lib/krb5/libkrb5-exports.def.in
	lib/krb5/net_write.c
	lib/krb5/store_fd.c
	lib/krb5/test_cc.c
	lib/roken/strerror_r.c
This commit is contained in:
Asanka Herath
2009-12-21 13:44:00 -05:00
52 changed files with 529 additions and 272 deletions

View File

@@ -13,43 +13,48 @@ case "$host" in
native_pthread_support=yes
if test "$GCC" = yes; then
PTHREADS_CFLAGS=-pthreads
PTHREADS_LIBS=-pthreads
PTHREAD_LIBADD=-pthreads
else
PTHREADS_CFLAGS=-mt
PTHREADS_LIBS=-mt
PTHREAD_LDADD=-mt
PTHREAD_LIBADD=-mt
fi
;;
*-*-netbsd[12]*)
*-*-netbsd[[12]]*)
native_pthread_support="if running netbsd 1.6T or newer"
dnl heim_threads.h knows this
PTHREADS_LIBS="-lpthread"
PTHREAD_LIBADD="-lpthread"
;;
*-*-netbsd[3456789]*)
*-*-netbsd[[3456789]]*)
native_pthread_support="netbsd 3 uses explict pthread"
dnl heim_threads.h knows this
PTHREADS_LIBS="-lpthread"
PTHREAD_LIBADD="-lpthread"
;;
*-*-freebsd5*)
*-*-freebsd[[56]]*)
native_pthread_support=yes
;;
*-*-freebsd[[789]]*)
native_pthread_support=yes
PTHREADS_LIBADD="-lpthread"
;;
*-*-openbsd*)
native_pthread_support=yes
PTHREADS_CFLAGS=-pthread
PTHREADS_LIBS=-pthread
PTHREAD_LIBADD=-pthread
;;
*-*-linux* | *-*-linux-gnu)
case `uname -r` in
2.*)
native_pthread_support=yes
PTHREADS_CFLAGS=-pthread
PTHREADS_LIBS=-pthread
PTHREAD_LIBADD=-pthread
;;
esac
;;
*-*-kfreebsd*-gnu*)
native_pthread_support=yes
PTHREADS_CFLAGS=-pthread
PTHREADS_LIBS=-pthread
PTHREAD_LIBADD=-pthread
;;
*-*-aix*)
dnl AIX is disabled since we don't handle the utmp/utmpx
@@ -58,7 +63,7 @@ case "$host" in
;;
mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too
native_pthread_support=yes
PTHREADS_LIBS="-lpthread"
PTHREAD_LIBADD="-lpthread"
;;
*-*-darwin*)
native_pthread_support=yes
@@ -77,14 +82,16 @@ if test "$enable_pthread_support" != no; then
[Define if you want have a thread safe libraries])
dnl This sucks, but libtool doesn't save the depenecy on -pthread
dnl for libraries.
LIBS="$PTHREADS_LIBS $LIBS"
LIBS="$PTHREAD_LIBADD $LIBS"
else
PTHREADS_CFLAGS=""
PTHREADS_LIBS=""
PTHREAD_LIBADD=""
PTHREADS_LIBADD=""
fi
AC_SUBST(PTHREADS_CFLAGS)
AC_SUBST(PTHREADS_LIBS)
AC_SUBST(PTHREAD_LDADD)
AC_SUBST(PTHREADS_LIBADD)
AC_MSG_RESULT($enable_pthread_support)
])

View File

@@ -311,7 +311,6 @@ case "$host_os" in
AC_BROKEN([daemon]) ;;
esac
AC_BROKEN([ \
chown \
copyhostent \
@@ -357,7 +356,6 @@ AC_BROKEN([ \
strcasecmp \
strdup \
strerror \
strerror_r \
strftime \
strlcat \
strlcpy \
@@ -502,6 +500,19 @@ AC_REQUIRE([rk_BROKEN_REALLOC])dnl
dnl AC_KRB_FUNC_GETCWD_BROKEN
dnl strerror_r is great fun, on linux it exists before sus catched up,
dnl so the return type is diffrent, lets check for both
AC_PROTO_COMPAT([
#include <stdio.h>
#include <string.h>
],
strerror_r, int strerror_r(int, char *, size_t))
AC_CHECK_FUNC([strerror_r],
[AC_DEFINE_UNQUOTED(HAVE_STRERROR_R, 1,
[Define if you have the function strerror_r.])])
dnl
dnl Checks for prototypes and declarations
dnl

View File

@@ -7,7 +7,7 @@ AC_CONFIG_SRCDIR([kuser/kinit.c])
AC_CONFIG_HEADERS(include/config.h)
AC_CONFIG_MACRO_DIR([cf])
AM_INIT_AUTOMAKE([foreign 1.10])
AM_INIT_AUTOMAKE([foreign 1.10.3])
AM_MAINTAINER_MODE
dnl Checks for programs.
@@ -628,8 +628,11 @@ dnl This is the release version name-number[beta]
dnl
cat > include/newversion.h.in <<EOF
const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
const char *heimdal_version = "AC_PACKAGE_STRING";
#ifndef VERSION_HIDDEN
#define VERSION_HIDDEN
#endif
VERSION_HIDDEN const char *heimdal_long_version = "@([#])\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$";
VERSION_HIDDEN const char *heimdal_version = "AC_PACKAGE_STRING";
EOF
if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then

View File

@@ -55,6 +55,7 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
@item Frank van der Linden
@item Guido Günther
@item Jason McIntyre
@item Jan Rekorajski
@item Johan Gadsjö
@item Johan Ihrén
@item John Center
@@ -81,6 +82,7 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
@item Roman Divacky
@item Sho Hosoda, 細田 将
@item Stefan Metzmacher
@item Ted Percival
@item Victor Guerra
@item Zeqing Xia
@item Åke Sandgren

View File

@@ -61,7 +61,6 @@ check_PROGRAMS = $(TESTS)
LDADD_common = \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \

View File

@@ -31,7 +31,6 @@ $(kcm_OBJECTS): $(srcdir)/kcm-protos.h
man_MANS = kcm.8
LDADD = $(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_krb4) \
$(LIB_hcrypto) \

View File

@@ -70,7 +70,6 @@ $(srcdir)/kdc-private.h:
hprop_LDADD = \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_kdb) $(LIB_krb4) \
$(LIB_hcrypto) \
@@ -80,7 +79,6 @@ hprop_LDADD = \
hpropd_LDADD = \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_kdb) $(LIB_krb4) \
$(LIB_hcrypto) \
@@ -95,7 +93,6 @@ endif
libkdc_la_LIBADD = \
$(LIB_pkinit) \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_kdb) $(LIB_krb4) \
$(top_builddir)/lib/ntlm/libheimntlm.la \
@@ -105,7 +102,6 @@ libkdc_la_LIBADD = \
$(DBLIB)
LDADD = $(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_krb4) \
$(LIB_hcrypto) \

View File

@@ -19,7 +19,6 @@ kpasswdd_SOURCES = kpasswdd.c kpasswd_locl.h
kpasswdd_LDADD = \
$(top_builddir)/lib/kadm5/libkadm5srv.la \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(LDADD) \
$(LIB_pidfile) \
$(LIB_dlopen) \

View File

@@ -207,9 +207,9 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
int32_t seq_number;
int is_cfx = 0;
krb5_auth_getremoteseqnumber (context,
ctx->auth_context,
&seq_number);
krb5_auth_con_getremoteseqnumber (context,
ctx->auth_context,
&seq_number);
_gsskrb5i_is_cfx(context, ctx, 1);
is_cfx = (ctx->more_flags & IS_CFX);
@@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
return GSS_S_FAILURE;
}
kret = krb5_auth_getremoteseqnumber(context,
ctx->auth_context,
&r_seq_number);
kret = krb5_auth_con_getremoteseqnumber(context,
ctx->auth_context,
&r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
@@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{
int32_t tmp_r_seq_number, tmp_l_seq_number;
kret = krb5_auth_getremoteseqnumber(context,
ctx->auth_context,
&tmp_r_seq_number);
kret = krb5_auth_con_getremoteseqnumber(context,
ctx->auth_context,
&tmp_r_seq_number);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;

View File

@@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
if (desired_name != GSS_C_NO_NAME) {
ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
desired_name, &handle->principal);
if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);

View File

@@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
krb5_cc_close(context, ctx->ccache);
ctx->ccache = NULL;
krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number);
krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
_gsskrb5i_is_cfx(context, ctx, 0);
is_cfx = (ctx->more_flags & IS_CFX);
@@ -782,7 +782,7 @@ repl_mutual
* for the gss_wrap calls.
*/
krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);

View File

@@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);
if (ret) goto out;
krb5_auth_getremoteseqnumber (context,
context_handle->auth_context,
&number);
krb5_auth_con_getremoteseqnumber (context,
context_handle->auth_context,
&number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */
if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number);

View File

@@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
if (mech == NULL)
return 0;
m = malloc(sizeof(*m));
m = calloc(1, sizeof(*m));
if (m == NULL)
return 1;
return ENOMEM;
m->gm_so = NULL;
m->gm_mech = *mech;
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
@@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
/* pick up the oid sets of names */
if (m->gm_mech.gm_inquire_names_for_mech) {
if (m->gm_mech.gm_inquire_names_for_mech)
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
&m->gm_mech.gm_mech_oid, &m->gm_name_types);
} else {
if (m->gm_name_types == NULL)
gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
}
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
return 0;
@@ -211,6 +211,8 @@ _gss_load_mech(void)
char *name, *oid, *lib, *kobj;
struct _gss_mech_switch *m;
void *so;
gss_OID_desc mech_oid;
int found;
HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
@@ -253,6 +255,23 @@ _gss_load_mech(void)
if (!name || !oid || !lib || !kobj)
continue;
if (_gss_string_to_oid(oid, &mech_oid))
continue;
/*
* Check for duplicates, already loaded mechs.
*/
found = 0;
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
found = 1;
free(mech_oid.elements);
break;
}
}
if (found)
continue;
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif
@@ -260,17 +279,17 @@ _gss_load_mech(void)
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
if (!so) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */
free(mech_oid.elements);
continue;
}
m = malloc(sizeof(*m));
if (!m)
if (!m) {
free(mech_oid.elements);
break;
m->gm_so = so;
if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
free(m);
continue;
}
m->gm_so = so;
m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0;
major_status = gss_add_oid_set_member(&minor_status,

View File

@@ -43,6 +43,7 @@
static char *type_string;
static char *mech_string;
static char *ret_mech_string;
static char *client_name;
static int dns_canon_flag = -1;
static int mutual_auth_flag = 0;
static int dce_style_flag = 0;
@@ -58,10 +59,14 @@ static char *session_enctype_string = NULL;
static int client_time_offset = 0;
static int server_time_offset = 0;
static int max_loops = 0;
static char *limit_enctype_string = NULL;
static int version_flag = 0;
static int verbose_flag = 0;
static int help_flag = 0;
static krb5_context context;
static krb5_enctype limit_enctype = 0;
static struct {
const char *name;
gss_OID *oid;
@@ -452,6 +457,8 @@ static struct getargs args[] = {
{"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag,
"use dns to canonicalize", NULL },
{"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL },
{"client-name", 0, arg_string, &client_name, "client name", NULL },
{"limit-enctype",0, arg_string, &limit_enctype_string, "enctype", NULL },
{"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL },
{"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL },
{"iov", 0, arg_flag, &iov_flag, "wrap/unwrap iov", NULL },
@@ -488,10 +495,13 @@ main(int argc, char **argv)
gss_ctx_id_t cctx, sctx;
void *ctx;
gss_OID nameoid, mechoid, actual_mech, actual_mech2;
gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL;
setprogname(argv[0]);
if (krb5_init_context(&context))
errx(1, "krb5_init_context");
cctx = sctx = GSS_C_NO_CONTEXT;
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
@@ -531,7 +541,47 @@ main(int argc, char **argv)
if (gsskrb5_acceptor_identity)
gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity);
loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL,
if (client_name) {
gss_buffer_desc cn;
gss_name_t cname;
cn.value = client_name;
cn.length = strlen(client_name);
maj_stat = gss_import_name(&min_stat, &cn, GSS_C_NT_USER_NAME, &cname);
if (maj_stat)
errx(1, "gss_import_name: %s",
gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
maj_stat = gss_acquire_cred(&min_stat, cname, 0, NULL,
GSS_C_INITIATE, &client_cred, NULL, NULL);
if (GSS_ERROR(maj_stat))
errx(1, "gss_import_name: %s",
gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
gss_release_name(&min_stat, &cname);
}
if (limit_enctype_string) {
krb5_error_code ret;
ret = krb5_string_to_enctype(context,
limit_enctype_string,
&limit_enctype);
if (ret)
krb5_err(context, 1, ret, "krb5_string_to_enctype");
}
if (limit_enctype) {
if (client_cred == NULL)
errx(1, "client_cred missing");
maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, client_cred,
1, &limit_enctype);
if (maj_stat)
errx(1, "gss_krb5_set_allowable_enctypes: %s",
gssapi_err(maj_stat, min_stat, GSS_C_NO_OID));
}
loop(mechoid, nameoid, argv[0], client_cred,
&sctx, &cctx, &actual_mech, &deleg_cred);
if (verbose_flag)
@@ -549,7 +599,6 @@ main(int argc, char **argv)
/* XXX should be actual_mech */
if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
krb5_context context;
time_t time;
gss_buffer_desc authz_data;
gss_buffer_desc in, out1, out2;
@@ -557,10 +606,6 @@ main(int argc, char **argv)
krb5_timestamp now;
krb5_error_code ret;
ret = krb5_init_context(&context);
if (ret)
errx(1, "krb5_init_context");
ret = krb5_timeofday(context, &now);
if (ret)
errx(1, "krb5_timeofday failed");
@@ -624,6 +669,8 @@ main(int argc, char **argv)
if (maj_stat != GSS_S_COMPLETE)
keyblock = NULL;
else if (limit_enctype && keyblock->keytype != limit_enctype)
errx(1, "gsskrb5_get_subkey wrong enctype");
maj_stat = gsskrb5_get_subkey(&min_stat,
cctx,
@@ -635,6 +682,8 @@ main(int argc, char **argv)
if (maj_stat != GSS_S_COMPLETE)
keyblock2 = NULL;
else if (limit_enctype && keyblock->keytype != limit_enctype)
errx(1, "gsskrb5_get_subkey wrong enctype");
if (keyblock || keyblock2) {
if (keyblock == NULL)
@@ -679,8 +728,12 @@ main(int argc, char **argv)
errx(1, "gsskrb5_get_initiator_subkey failed: %s",
gssapi_err(maj_stat, min_stat, actual_mech));
if (maj_stat == GSS_S_COMPLETE)
if (maj_stat == GSS_S_COMPLETE) {
if (limit_enctype && keyblock->keytype != limit_enctype)
errx(1, "gsskrb5_get_initiator_subkey wrong enctype");
krb5_free_keyblock(context, keyblock);
}
maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
sctx,
@@ -689,8 +742,6 @@ main(int argc, char **argv)
if (maj_stat == GSS_S_COMPLETE)
gss_release_buffer(&min_stat, &authz_data);
krb5_free_context(context);
memset(&out1, 0, sizeof(out1));
memset(&out2, 0, sizeof(out2));
@@ -866,8 +917,9 @@ main(int argc, char **argv)
}
empty_release();
krb5_free_context(context);
return 0;
}

View File

@@ -47,11 +47,13 @@ if OPENLDAP_MODULE
ldap_so = hdb_ldap.la
hdb_ldap_la_SOURCES = hdb-ldap.c
hdb_ldap_la_LDFLAGS = -module
hdb_ldap_la_LDFLAGS = -module -avoid-version
hdb_ldap_la_LIBADD = $(LIB_openldap) libhdb.la
else
ldap = hdb-ldap.c
ldap_lib = $(LIB_openldap)
endif
@@ -95,7 +97,7 @@ libhdb_la_LIBADD = \
../asn1/libasn1.la \
$(LIB_sqlite3) \
$(LIBADD_roken) \
$(LIB_openldap) \
$(ldap_lib) \
$(LIB_dlopen) \
$(DBLIB) \
$(LIB_NDBM)

View File

@@ -1,5 +1,3 @@
# $Id: Makefile.am,v 1.1 2004/12/20 08:31:45 assar Exp $
include $(top_srcdir)/Makefile.am.common
noinst_LTLIBRARIES = libheim-ipcc.la libheim-ipcs.la
@@ -9,19 +7,22 @@ libheim_ipcs_la_SOURCES = server.c common.c
include_HEADERS = heim-ipc.h
libheim_ipcc_la_LDFLAGS = -version-info 0:0:0
libheim_ipcs_la_LDFLAGS = -version-info 0:0:0
##
## Enable when this is not a noinst_ library
##
#libheim_ipcc_la_LDFLAGS = -version-info 0:0:0
#libheim_ipcs_la_LDFLAGS = -version-info 0:0:0
#
#if versionscript
#libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map
#libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map
#endif
libheim_ipcc_la_LIBADD = \
$(LIB_roken)
libheim_ipcs_la_LIBADD = $(libheim_ipcc_la_LIBADD)
if versionscript
libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map
libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map
endif
TESTS = $(check_PROGRAMS)
noinst_PROGRAMS = tc ts

View File

@@ -74,7 +74,7 @@ test_service(void *ctx, const heim_idata *req,
int
main(int argc, char **argv)
{
heim_sipc unix;
heim_sipc u;
int optidx = 0;
setprogname(argv[0]);
@@ -98,7 +98,7 @@ main(int argc, char **argv)
}
#endif
heim_sipc_service_unix("org.h5l.test-ipc",
test_service, NULL, &unix);
test_service, NULL, &u);
heim_ipc_main();
return 0;

View File

@@ -32,7 +32,9 @@ default_keys_SOURCES = default_keys.c
kadm5includedir = $(includedir)/kadm5
buildkadm5include = $(buildinclude)/kadm5
dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h
dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h
dist_kadm5include_HEADERS += kadm5-protos.h kadm5-private.h
nodist_kadm5include_HEADERS = kadm5_err.h
install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS)
@@ -69,7 +71,6 @@ dist_libkadm5clnt_la_SOURCES = \
randkey_c.c \
rename_c.c \
send_recv.c \
kadm5-pwcheck.h \
admin.h
nodist_libkadm5clnt_la_SOURCES = \
@@ -106,7 +107,6 @@ dist_libkadm5srv_la_SOURCES = \
server_glue.c \
set_keys.c \
set_modifier.c \
kadm5-pwcheck.h \
admin.h
nodist_libkadm5srv_la_SOURCES = \
@@ -125,7 +125,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8
LDADD = \
libkadm5srv.la \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_hcrypto) \
@@ -137,7 +136,6 @@ LDADD = \
iprop_log_LDADD = \
libkadm5srv.la \
$(top_builddir)/lib/hdb/libhdb.la \
$(LIB_openldap) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_hcrypto) \

View File

@@ -67,6 +67,7 @@ libkrb5_la_LIBADD = \
../wind/libwind.la \
$(LIB_libintl) \
$(LIBADD_roken) \
$(PTHREAD_LIBADD) \
$(LIB_door_create) \
$(LIB_dlopen)
@@ -187,7 +188,7 @@ dist_libkrb5_la_SOURCES = \
nodist_libkrb5_la_SOURCES = \
$(ERR_FILES)
libkrb5_la_LDFLAGS = -version-info 25:0:0
libkrb5_la_LDFLAGS = -version-info 26:0:0
if versionscript
libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map

View File

@@ -257,7 +257,7 @@ krb5_acl_match_file(krb5_context context,
f = fopen(file, "r");
if(f == NULL) {
int save_errno = errno;
strerror_r(save_errno, buf, sizeof(buf));
rk_strerror_r(save_errno, buf, sizeof(buf));
krb5_set_error_message(context, save_errno,
N_("open(%s): %s", "file, errno"),
file, buf);

View File

@@ -173,7 +173,7 @@ krb5_auth_con_genaddrs(krb5_context context,
if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
char buf[128];
ret = rk_SOCK_ERRNO;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getsockname: %s", buf);
goto out;
}
@@ -191,7 +191,7 @@ krb5_auth_con_genaddrs(krb5_context context,
if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
char buf[128];
ret = rk_SOCK_ERRNO;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getpeername: %s", buf);
goto out;
}

View File

@@ -603,7 +603,7 @@ change_password_loop (krb5_context context,
}
}
#ifndef NO_LIMIT_FD_SETSIZE
#ifndef NO_LIMIT_FD_SETSIZE
if (sock >= FD_SETSIZE) {
ret = ERANGE;
krb5_set_error_message(context, ret,

View File

@@ -531,11 +531,23 @@ krb5_free_context(krb5_context context)
krb5_set_ignore_addresses(context, NULL);
krb5_set_send_to_kdc_func(context, NULL, NULL);
#ifdef PKINIT
hx509_context_free(&context->hx509ctx);
#endif
HEIMDAL_MUTEX_destroy(context->mutex);
free(context->mutex);
<<<<<<< HEAD
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
rk_SOCK_EXIT();
}
=======
#ifdef NEED_SOCK_INIT
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
SOCK_EXIT;
}
#endif
>>>>>>> h-github/master
memset(context, 0, sizeof(*context));
free(context);

View File

@@ -99,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
break;
default: {
char buf[128];
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("error locking cache file %s: %s",
"file, error"), filename, buf);
@@ -133,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
break;
default: {
char buf[128];
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Failed to unlock file: %s", ""), buf);
break;
@@ -397,7 +397,7 @@ fcc_open(krb5_context context,
if(fd < 0) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
filename, buf);
return ret;
@@ -461,7 +461,7 @@ fcc_initialize(krb5_context context,
if (ret == 0) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
}
@@ -516,7 +516,7 @@ fcc_store_cred(krb5_context context,
if (close(fd) < 0) {
if (ret == 0) {
char buf[128];
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
ret = errno;
krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf);
@@ -930,7 +930,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
if (ret && errno != EXDEV) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret,
N_("Rename of file from %s "
"to %s failed: %s", ""),
@@ -997,7 +997,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
close(fd);
}
fcc_destroy(context, from);
fcc_close(context, from);
return ret;
}

View File

@@ -1541,6 +1541,7 @@ krb5_init_creds_set_keytab(krb5_context context,
/* remove old list of etype */
if (etypes)
free(etypes);
etypes = NULL;
netypes = 0;
kvno = entry.vno;
} else if (entry.vno != kvno)

View File

@@ -78,7 +78,7 @@ kcm_send_request(krb5_context context,
ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc);
HEIMDAL_MUTEX_unlock(&kcm_mutex);
if (ret)
return ret;
return KRB5_CC_NOSUPP;
ret = krb5_storage_to_data(request, &request_data);
if (ret) {

View File

@@ -221,6 +221,9 @@ match_local_principals(krb5_context context,
* ignored. Subdirectories are not traversed. Note that this directory
* may not be checked by other Kerberos implementations.
*
* If no configuration file exists, match user against local domains,
* ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES.
*
* @param context Kerberos 5 context.
* @param principal principal to check if allowed to login
* @param luser local user id
@@ -293,10 +296,9 @@ krb5_kuserok (krb5_context context,
return FALSE;
#else
/* On Windows, for now we always return TRUE. The .k5login file
may be on a remote profile and we don't have access to the
profile until we have a token handle for the user's
credentials. */
return TRUE;
/* The .k5login file may be on a remote profile and we don't have
access to the profile until we have a token handle for the
user's credentials. */
return match_local_principals(context, principal, luser);
#endif
}

View File

@@ -57,6 +57,7 @@ EXPORTS
krb5_auth_con_setuserkey
krb5_auth_getremoteseqnumber
krb5_build_ap_req
krb5_build_authenticator
krb5_build_principal
krb5_build_principal_ext
krb5_build_principal_va
@@ -137,11 +138,13 @@ EXPORTS
krb5_compare_creds
krb5_config_file_free
krb5_config_free_strings
krb5_config_get
krb5_config_get_bool
krb5_config_get_bool_default
krb5_config_get_int
krb5_config_get_int_default
krb5_config_get_list
krb5_config_get_next
krb5_config_get_string
krb5_config_get_string_default
krb5_config_get_strings
@@ -150,11 +153,13 @@ EXPORTS
krb5_config_parse_file
krb5_config_parse_file_multi
krb5_config_parse_string_multi
krb5_config_vget
krb5_config_vget_bool
krb5_config_vget_bool_default
krb5_config_vget_int
krb5_config_vget_int_default
krb5_config_vget_list
krb5_config_vget_next
krb5_config_vget_string
krb5_config_vget_string_default
krb5_config_vget_strings
@@ -675,11 +680,12 @@ EXPORTS
krb5_write_priv_message
krb5_write_safe_message
krb5_xfree
krb5_cccol_last_change_time
krb5_cccol_cursor_new
krb5_cccol_cursor_next
krb5_cccol_cursor_free
; com_err error tables
; com_err error tables
initialize_krb5_error_table_r
initialize_krb5_error_table
initialize_krb_error_table_r
@@ -689,7 +695,7 @@ EXPORTS
initialize_k524_error_table_r
initialize_k524_error_table
; variables
; variables
krb5_mcc_ops DATA
krb5_acc_ops DATA
krb5_fcc_ops DATA
@@ -699,7 +705,9 @@ EXPORTS
#ifdef HAVE_KCM
krb5_kcm_ops DATA
#endif
; krb4_fkt_ops DATA
#ifdef HAVE_KRB4
krb4_fkt_ops DATA
#endif
krb5_wrfkt_ops DATA
krb5_mkt_ops DATA
krb5_akf_ops DATA
@@ -714,13 +722,13 @@ EXPORTS
krb5_cc_type_kcm DATA
krb5_cc_type_scc DATA
; Shared with GSSAPI krb5
; Shared with GSSAPI krb5
_krb5_crc_init_table
_krb5_crc_update
_krb5_get_krbtgt
_krb5_build_authenticator
; V4 compat glue
; V4 compat glue
_krb5_krb_tf_setup
_krb5_krb_dest_tkt
_krb5_krb_life_to_time
@@ -734,7 +742,7 @@ EXPORTS
_krb5_krb_time_to_life
_krb5_krb_cr_err_reply
; Shared with libkdc
; Shared with libkdc
_krb5_AES_string_to_default_iterator
_krb5_dh_group_ok
_krb5_get_host_realm_int
@@ -753,12 +761,13 @@ EXPORTS
_krb5_principalname2krb5_principal
_krb5_put_int
_krb5_s4u2self_to_checksumdata
_krb5_expand_path_tokens
; kinit helper
; kinit helper
_krb5_get_init_creds_opt_set_pkinit_user_certs
_krb5_pk_enterprise_cert
; testing
; testing
; _krb5_aes_cts_encrypt
_krb5_n_fold
_krb5_expand_default_cc_name

View File

@@ -43,7 +43,6 @@ krb5_net_write (krb5_context context,
return net_write(fd, buf, len);
}
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
krb5_net_write_block(krb5_context context,
void *p_fd,

View File

@@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context,
if(f == NULL) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
@@ -161,7 +161,7 @@ krb5_rc_destroy(krb5_context context,
if(remove(id->name) < 0) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf);
return ret;
}
@@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context,
if(f == NULL) {
char buf[128];
ret = errno;
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
@@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context,
char buf[128];
ret = errno;
fclose(f);
strerror_r(ret, buf, sizeof(buf));
rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "%s: %s",
id->name, buf);
return ret;
@@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context,
f = fopen(id->name, "a");
if(f == NULL) {
char buf[128];
strerror_r(errno, buf, sizeof(buf));
rk_strerror_r(errno, buf, sizeof(buf));
krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN,
"open(%s): %s", id->name, buf);
return KRB5_RC_IO_UNKNOWN;

View File

@@ -142,9 +142,9 @@ send_and_recv_tcp(krb5_socket_t fd,
krb5_data len_data;
_krb5_put_int(len, req->length, 4);
if(net_write(fd, len, sizeof(len)) < 0)
if(net_write (fd, len, sizeof(len)) < 0)
return -1;
if(net_write(fd, req->data, req->length) < 0)
if(net_write (fd, req->data, req->length) < 0)
return -1;
if (recv_loop (fd, tmout, 0, 4, &len_data) < 0)
return -1;

View File

@@ -91,7 +91,7 @@ krb5_storage_from_fd(krb5_socket_t fd_in)
krb5_storage *sp;
int fd;
#ifdef _WIN32
#ifdef SOCKET_IS_NOT_AN_FD
#ifdef _MSC_VER
if (_get_osfhandle(fd_in) != -1) {
fd = dup(fd_in);
@@ -101,7 +101,7 @@ krb5_storage_from_fd(krb5_socket_t fd_in)
#else
#error Dont know how to deal with fd that may or may not be a socket.
#endif
#else
#else /* SOCKET_IS_NOT_AN_FD */
fd = dup(fd_in);
#endif

View File

@@ -77,12 +77,12 @@ test_default_name(krb5_context context)
krb5_errx (context, 1, "krb5_cc_default_name 2 failed");
p3 = estrdup(p);
#ifndef KRB5_USE_PATH_TOKENS
#ifndef KRB5_USE_PATH_TOKENS
/* If we are using path tokens, we don't expect the p3 and
test_cc_name to match since p3 is going to have expanded
tokens. */
if (strcmp(p3, test_cc_name) != 0)
krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed");
#endif
free(p1);

View File

@@ -39,6 +39,7 @@ HEIMDAL_KRB5_2.0 {
krb5_auth_con_getlocalseqnumber;
krb5_auth_con_getlocalsubkey;
krb5_auth_con_getrcache;
krb5_auth_con_getremoteseqnumber;
krb5_auth_con_getremotesubkey;
krb5_auth_con_init;
krb5_auth_con_removeflags;
@@ -117,7 +118,7 @@ HEIMDAL_KRB5_2.0 {
krb5_cc_set_kdc_offset;
krb5_cc_start_seq_get;
krb5_cc_store_cred;
krb5_cc_support_switch
krb5_cc_support_switch;
krb5_cc_switch;
krb5_cc_set_friendly_name;
krb5_change_password;

View File

@@ -35,7 +35,5 @@
/* this is just to get a version stamp in the library file */
#define heimdal_version __heimdal_version
#define heimdal_long_version __heimdal_long_version
#include "version.h"

View File

@@ -46,21 +46,45 @@ struct ntlm_buf {
};
#define NTLM_NEG_UNICODE 0x00000001
#define NTLM_NEG_OEM 0x00000002
#define NTLM_NEG_TARGET 0x00000004
#define NTLM_MBZ9 0x00000008
#define NTLM_NEG_SIGN 0x00000010
#define NTLM_NEG_SEAL 0x00000020
#define NTLM_NEG_DATAGRAM 0x00000040
#define NTLM_NEG_LM_KEY 0x00000080
#define NTLM_MBZ8 0x00000100
#define NTLM_NEG_NTLM 0x00000200
#define NTLM_NEG_NT_ONLY 0x00000400
#define NTLM_MBZ7 0x00000800 /* anon ? */
#define NTLM_SUPPLIED_DOMAIN 0x00001000
#define NTLM_SUPPLIED_WORKSTAION 0x00002000
#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000
#define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000
#define NTLM_MBZ6 0x00004000 /* local call ? */
#define NTLM_NEG_ALWAYS_SIGN 0x00008000
#define NTLM_NEG_NTLM2_SESSION 0x00080000
#define NTLM_TARGET_DOMAIN 0x00010000
#define NTLM_TARGET_SERVER 0x00020000
#define NTLM_TARGET_SHARE 0x00040000
#define NTLM_NEG_NTLM2_SESSION 0x00080000
#define NTLM_NEG_NTLM2 0x00080000
#define NTLM_NEG_IDENTIFY 0x00100000
#define NTLM_MBZ5 0x00200000
#define NTLM_NON_NT_SESSION_KEY 0x00400000
#define NTLM_NEG_TARGET_INFO 0x00800000
#define NTLM_MBZ4 0x01000000
#define NTLM_NEG_VERSION 0x02000000
#define NTLM_MBZ3 0x04000000
#define NTLM_MBZ2 0x08000000
#define NTLM_MBZ1 0x10000000
#define NTLM_ENC_128 0x20000000
#define NTLM_NEG_KEYEX 0x40000000
#define NTLM_NEGOTIATE_56 0x80000000
/**
* Struct for the NTLM target info, the strings is assumed to be in

View File

@@ -422,9 +422,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
CHECK(krb5_ret_uint32(in, &type), 0);
CHECK(type, 1);
CHECK(krb5_ret_uint32(in, &data->flags), 0);
if (data->flags & NTLM_SUPPLIED_DOMAIN)
if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
CHECK(ret_sec_buffer(in, &domain), 0);
if (data->flags & NTLM_SUPPLIED_WORKSTAION)
if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION)
CHECK(ret_sec_buffer(in, &hostname), 0);
#if 0
if (domain.offset > 32) {
@@ -432,9 +432,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data)
CHECK(krb5_ret_uint32(in, &data->os[1]), 0);
}
#endif
if (data->flags & NTLM_SUPPLIED_DOMAIN)
if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN)
CHECK(ret_string(in, 0, &domain, &data->domain), 0);
if (data->flags & NTLM_SUPPLIED_WORKSTAION)
if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION)
CHECK(ret_string(in, 0, &hostname, &data->hostname), 0);
out:
@@ -472,11 +472,11 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data)
if (type1->domain) {
base += 8;
flags |= NTLM_SUPPLIED_DOMAIN;
flags |= NTLM_OEM_SUPPLIED_DOMAIN;
}
if (type1->hostname) {
base += 8;
flags |= NTLM_SUPPLIED_WORKSTAION;
flags |= NTLM_OEM_SUPPLIED_WORKSTAION;
}
if (type1->os[0])
base += 8;

View File

@@ -40,6 +40,10 @@ if do_roken_rename
ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c strlcpy.c strlcat.c
endif
if versionscript
libotp_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map
endif
$(libotp_la_OBJECTS): $(ndbm_wrap)
ndbm_wrap.c:

View File

@@ -0,0 +1,25 @@
HEIMDAL_OTP_1.0 {
global:
otp_challenge;
otp_checksum;
otp_db_close;
otp_db_open;
otp_delete;
otp_error;
otp_find_alg;
otp_get;
otp_parse;
otp_parse_altdict;
otp_parse_hex;
otp_parse_stddict;
otp_print_hex;
otp_print_hex_extended;
otp_print_stddict;
otp_print_stddict_extended;
otp_put;
otp_simple_get;
otp_verify_user;
otp_verify_user_1;
local:
*;
};

View File

@@ -100,6 +100,7 @@ libroken_la_SOURCES = \
snprintf.c \
socket.c \
strcollect.c \
strerror_r.c \
strpool.c \
timeval.c \
tm2time.c \

View File

@@ -1010,12 +1010,11 @@ getifaddrs2(struct ifaddrs **ifap,
#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
static int
getlifaddrs2(struct ifaddrs **ifap,
int siocgifconf, int siocgifflags,
int af, int siocgifconf, int siocgifflags,
size_t ifreq_sz)
{
int ret;
int fd_inet6;
int fd_inet;
int fd;
size_t buf_size;
char *buf;
struct lifconf ifconf;
@@ -1028,16 +1027,10 @@ getlifaddrs2(struct ifaddrs **ifap,
buf = NULL;
memset (&sa_zero, 0, sizeof(sa_zero));
fd_inet6 = socket(AF_INET6, SOCK_DGRAM, 0);
if (fd_inet6 < 0)
fd = socket(af, SOCK_DGRAM, 0);
if (fd < 0)
return -1;
fd_inet = socket(AF_INET, SOCK_DGRAM, 0);
if (fd_inet < 0) {
close(fd_inet6);
return -1;
}
buf_size = 8192;
for (;;) {
buf = calloc(1, buf_size);
@@ -1046,7 +1039,7 @@ getlifaddrs2(struct ifaddrs **ifap,
goto error_out;
}
#ifndef __hpux
ifconf.lifc_family = AF_UNSPEC;
ifconf.lifc_family = af;
ifconf.lifc_flags = 0;
#endif
ifconf.lifc_len = buf_size;
@@ -1055,7 +1048,7 @@ getlifaddrs2(struct ifaddrs **ifap,
/*
* Solaris returns EINVAL when the buffer is too small.
*/
if (ioctl (fd_inet, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) {
ret = errno;
goto error_out;
}
@@ -1093,11 +1086,9 @@ getlifaddrs2(struct ifaddrs **ifap,
memset (&ifreq, 0, sizeof(ifreq));
memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name));
if (ioctl(fd_inet6, siocgifflags, &ifreq) < 0) {
if (ioctl(fd_inet, siocgifflags, &ifreq) < 0) {
ret = errno;
goto error_out;
}
if (ioctl(fd, siocgifflags, &ifreq) < 0) {
ret = errno;
goto error_out;
}
*end = malloc(sizeof(**end));
@@ -1151,20 +1142,39 @@ getlifaddrs2(struct ifaddrs **ifap,
}
*ifap = start;
close(fd_inet6);
close(fd_inet);
close(fd);
free(buf);
return 0;
error_out:
rk_freeifaddrs(start);
close(fd_inet6);
close(fd_inet);
close(fd);
free(buf);
errno = ret;
return -1;
}
#endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */
/**
* Join two struct ifaddrs lists by appending supp to base.
* Either may be NULL. The new list head (usually base) will be
* returned.
*/
static struct ifaddrs *
append_ifaddrs(struct ifaddrs *base, struct ifaddrs *supp) {
if (!base)
return supp;
if (!supp)
return base;
while (base->ifa_next)
base = base->ifa_next;
base->ifa_next = supp;
return base;
}
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_getifaddrs(struct ifaddrs **ifap)
{
@@ -1176,9 +1186,43 @@ rk_getifaddrs(struct ifaddrs **ifap)
sizeof(struct in6_ifreq));
#endif
#if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS)
if (ret)
ret = getlifaddrs2 (ifap, SIOCGLIFCONF, SIOCGLIFFLAGS,
/* Do IPv6 and IPv4 queries separately then join the result.
*
* HP-UX only returns IPv6 addresses using SIOCGLIFCONF,
* SIOCGIFCONF has to be used for IPv4 addresses. The result is then
* merged.
*
* Solaris needs particular care, because a SIOCGLIFCONF lookup using
* AF_UNSPEC can fail in a Zone requiring an AF_INET lookup, so we just
* do them separately the same as for HP-UX. See
* http://repo.or.cz/w/heimdal.git/commitdiff/76afc31e9ba2f37e64c70adc006ade9e37e9ef73
*/
if (ret) {
int v6err, v4err;
struct ifaddrs *v6addrs, *v4addrs;
v6err = getlifaddrs2 (&v6addrs, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS,
sizeof(struct lifreq));
v4err = getifaddrs2 (&v4addrs, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
sizeof(struct ifreq));
if (v6err)
v6addrs = NULL;
if (v4err)
v4addrs = NULL;
if (v6addrs) {
if (v4addrs)
*ifap = append_ifaddrs(v6addrs, v4addrs);
else
*ifap = v6addrs;
} else if (v4addrs) {
*ifap = v4addrs;
} else {
*ifap = NULL;
}
ret = (v6err || v4err) ? -1 : 0;
}
#endif
#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
if (ret)
@@ -1193,8 +1237,6 @@ rk_getifaddrs(struct ifaddrs **ifap)
return ret;
}
#endif /* !AF_NETLINK */
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_freeifaddrs(struct ifaddrs *ifp)
{
@@ -1216,6 +1258,8 @@ rk_freeifaddrs(struct ifaddrs *ifp)
}
}
#endif /* !AF_NETLINK */
#ifdef TEST
void

View File

@@ -467,12 +467,12 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void);
ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int);
#endif
#if !defined(HAVE_STRERROR) && !defined(strerror)
#define strerror_r rk_strerror_r
int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t);
#if !defined(HAVE_STRERROR_R) && !defined(strerror_r) && !defined(STRERROR_R_PROTO_COMPATIBLE)
int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t);
#else
#define rk_strerror_r strerror_r
#endif
#if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO)
#ifndef HAVE_HSTRERROR
#define hstrerror rk_hstrerror

View File

@@ -33,32 +33,48 @@
#include <config.h>
#if !defined(HAVE_STRERROR_R) && !defined(STRERROR_R_PROTO_COMPATIBLE)
#include <stdio.h>
#include <string.h>
#include <errno.h>
#ifdef _MSC_VER
char * ROKEN_LIB_FUNCTION
strerror_r(int eno, char * strerrbuf, size_t buflen)
int ROKEN_LIB_FUNCTION
rk_strerror_r(int eno, char * strerrbuf, size_t buflen)
{
errno_t err;
err = strerror_s(strerrbuf, buflen, eno);
if (err != 0)
sprintf_s(strerrbuf, buflen, "Error % occurred.", eno);
if (err != 0) {
int code;
code = sprintf_s(strerrbuf, buflen, "Error % occurred.", eno);
err = ((code != 0)? errno : 0);
}
return strerrbuf;
return err;
}
#else
#else /* _MSC_VER */
#ifndef HAVE_STRERROR_R
extern int sys_nerr;
extern char *sys_errlist[];
#endif
char* ROKEN_LIB_FUNCTION
strerror_r(int eno, char *strerrbuf, size_t buflen)
int ROKEN_LIB_FUNCTION
rk_strerror_r(int eno, char *strerrbuf, size_t buflen)
{
/* Assume is the linux broken strerror_r (returns the a buffer (char *) if the input buffer wasn't use */
#ifdef HAVE_STRERROR_R
const char *str;
str = strerror_r(eno, strerrbuf, buflen);
if (str != strerrbuf)
if (strlcpy(strerrbuf, str, buflen) >= buflen)
return ERANGE;
return 0;
#else
int ret;
if(eno < 0 || eno >= sys_nerr) {
snprintf(strerrbuf, buflen, "Error %d occurred.", eno);
@@ -68,6 +84,9 @@ strerror_r(int eno, char *strerrbuf, size_t buflen)
if (ret > buflen)
return ERANGE;
return 0;
#endif
}
#endif /* !_MSC_VER */
#endif

View File

@@ -7,3 +7,5 @@ lib_LTLIBRARIES = libheimsqlite.la
noinst_HEADERS = sqlite3.h sqlite3ext.h
libheimsqlite_la_SOURCES = sqlite3.c
libheimsqlite_la_LIBADD = $(PTHREADS_LIBADD)

View File

@@ -366,12 +366,14 @@ SQLITE_PRIVATE void sqlite3Coverage(int);
** Older versions of SQLite used an optional THREADSAFE macro.
** We support that for legacy
*/
#if !defined(SQLITE_THREADSAFE)
#if defined(THREADSAFE)
# define SQLITE_THREADSAFE THREADSAFE
#ifdef ENABLE_PTHREAD_SUPPORT
#define SQLITE_THREADSAFE 1
#else
# define SQLITE_THREADSAFE 1
#define SQLITE_THREADSAFE 0
#endif
#if !defined(SQLITE_THREADSAFE)
# define SQLITE_THREADSAFE 1
#endif
/*

View File

@@ -34,6 +34,8 @@
#include <config.h>
#define VERSION_HIDDEN static
#include "roken.h"
#include "version.h"

View File

@@ -1,5 +1,8 @@
#!/bin/sh
unset KRB5_CONFIG
unset KRB5CCNAME
top_builddir="@top_builddir@"
top_srcdir="@top_srcdir@"
EGREP="@EGREP@"

View File

@@ -123,115 +123,116 @@ fi
trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
exitcode=0
testfailed="echo test failed; cat messages.log; exit 1"
echo "Getting client initial tickets"
${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || exitcode=1
echo "Getting client initial tickets" ; > messages.log
${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || \
{ eval "$testfailed"; }
echo "======test unreadable/non existant keytab and its error message"
echo "======test unreadable/non existant keytab and its error message" ; > messages.log
${context} --mech-type=krb5 host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
mv ${keytabfile} ${keytabfile}.no
echo "checking non existant keytabfile (krb5)"
echo "checking non existant keytabfile (krb5)" ; > messages.log
${context} --mech-type=krb5 host@lucid.test.h5l.se > test_context.log 2>&1 && \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
grep ${keytabfile} test_context.log > /dev/null || \
{ exitcode=1 ; echo "string missing failed"; }
echo "checking non existant keytabfile (spengo)"
{ echo "string missing failed"; cat test_context.log ; eval "$testfailed"; }
echo "checking non existant keytabfile (spengo)" ; > messages.log
${context} --mech-type=spnego host@lucid.test.h5l.se > test_context.log 2>&1 && \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
grep ${keytabfile} test_context.log > /dev/null || \
{ exitcode=1 ; echo "string missing failed"; }
{ echo "string missing failed"; cat test_context.log ; eval "$testfailed"; }
mv ${keytabfile}.no ${keytabfile}
echo "======test naming combinations"
echo "plain"
echo "plain" ; > messages.log
${context} --name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "plain (krb5)"
{ eval "$testfailed"; }
echo "plain (krb5)" ; > messages.log
${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \
{ exitcode=1 ; echo "test failed"; }
echo "plain (krb5 realmless)"
{ eval "$testfailed"; }
echo "plain (krb5 realmless)" ; > messages.log
${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "dns canon on (long name) OFF, need dns_wrapper"
{ eval "$testfailed"; }
echo "dns canon on (long name) OFF, need dns_wrapper" ; > messages.log
#${context} --dns-canon host@lucid.test.h5l.se || \
# { exitcode=1 ; echo "test failed"; }
echo "dns canon off (long name)"
# { eval "$testfailed"; }
echo "dns canon off (long name)" ; > messages.log
${context} --no-dns-canon host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "dns canon off (short name)"
{ eval "$testfailed"; }
echo "dns canon off (short name)" ; > messages.log
${context} --no-dns-canon host@lucid || \
{ exitcode=1 ; echo "test failed"; }
echo "dns canon off (short name, krb5)"
{ eval "$testfailed"; }
echo "dns canon off (short name, krb5)" ; > messages.log
${context} --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \
{ exitcode=1 ; echo "test failed"; }
echo "dns canon off (short name, krb5)"
{ eval "$testfailed"; }
echo "dns canon off (short name, krb5)" ; > messages.log
${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "======test context building"
for mech in krb5 krb5iov spnego spnegoiov; do
if [ "$mech" == "krb5iov" ] ; then
if [ "$mech" = "krb5iov" ] ; then
mech="krb5"
iov="--iov"
fi
if [ "$mech" == "spnegoiov" ] ; then
if [ "$mech" = "spnegoiov" ] ; then
mech="spnego"
iov="--iov"
fi
echo "${mech} no-mutual ${iov}"
echo "${mech} no-mutual ${iov}" ; > messages.log
${context} --mech-type=${mech} \
--wrapunwrap ${iov} \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "${mech} mutual ${iov}"
echo "${mech} mutual ${iov}" ; > messages.log
${context} --mech-type=${mech} \
--mutual \
--wrapunwrap ${iov} \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "${mech} delegate ${iov}"
echo "${mech} delegate ${iov}" ; > messages.log
${context} --mech-type=${mech} \
--delegate \
--wrapunwrap ${iov} \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "${mech} mutual delegate ${iov}"
echo "${mech} mutual delegate ${iov}" ; > messages.log
${context} --mech-type=${mech} \
--mutual --delegate \
--wrapunwrap ${iov} \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
done
echo "======dce-style"
for mech in krb5 krb5iov spnego; do
iov=""
if [ "$mech" == "krb5iov" ] ; then
if [ "$mech" = "krb5iov" ] ; then
mech="krb5"
iov="--iov"
fi
if [ "$mech" == "spnegoiov" ] ; then
if [ "$mech" = "spnegoiov" ] ; then
mech="spnego"
iov="--iov"
fi
echo "${mech}: dce-style ${iov}"
echo "${mech}: dce-style ${iov}" ; > messages.log
${context} \
--mech-type=${mech} \
--mutual \
--dce-style \
--wrapunwrap ${iov} \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
done
@@ -239,15 +240,15 @@ echo "test gsskrb5_register_acceptor_identity (both positive and negative)"
cp ${keytabfile} ${keytabfile}.new
for mech in krb5 spnego; do
echo "${mech}: acceptor_identity positive"
echo "${mech}: acceptor_identity positive" ; > messages.log
${context} --gsskrb5-acceptor-identity=${keytabfile}.new \
--mech-type=$mech host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "${mech}: acceptor_identity negative"
echo "${mech}: acceptor_identity negative" ; > messages.log
${context} --gsskrb5-acceptor-identity=${keytabfile}.foo \
--mech-type=$mech host@lucid.test.h5l.se 2>/dev/null && \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
done
rm ${keytabfile}.new
@@ -257,171 +258,187 @@ rm ${keytabfile}.new
#${context} --mech-type=sasl-digest-md5 \
# --name-type=hostbased-service \
# host@lucid.test.h5l.se || \
# { exitcode=1 ; echo "test failed"; }
# { eval "$testfailed"; }
echo "====== gss-api session key check"
# this will break when oneone invents a cooler enctype then aes256-cts-hmac-sha1-96
coolenctype="aes256-cts-hmac-sha1-96"
limit_enctype="des3-cbc-sha1"
echo "Getting client initial tickets"
echo "Getting client initial tickets" ; > messages.log
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
{ echo "kinit failed"; exitcode=1; }
{ eval "$testfailed"; }
echo "Building context on cred w/o aes, but still ${coolenctype} session key"
echo "Building context on cred w/o aes, but still ${coolenctype} session key" ; > messages.log
${context} \
--mech-type=krb5 \
--mutual-auth \
--session-enctype=${coolenctype} \
--name-type=hostbased-service host@no-aes.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "Building context on cred, check if its limited still" ; > messages.log
${context} \
--mech-type=krb5 \
--client-name=user1@${R} \
--limit-enctype="${limit_enctype}" \
--mutual-auth \
--name-type=hostbased-service host@no-aes.test.h5l.se || \
{ eval "$testfailed"; }
echo "====== ok-as-delegate"
echo "Getting client initial tickets"
echo "Getting client initial tickets" ; > messages.log
${kinit} --forwardable \
--password-file=${objdir}/foopassword user1@${R} || exitcode=1
--password-file=${objdir}/foopassword user1@${R} || \
{ eval "$testfailed"; }
echo "ok-as-delegate not used"
echo "ok-as-delegate not used" ; > messages.log
${context} \
--mech-type=krb5 \
--delegate \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "host without ok-as-delegate with policy-delegate"
echo "host without ok-as-delegate with policy-delegate" ; > messages.log
${context} \
--mech-type=krb5 \
--policy-delegate \
--server-no-delegate \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "ok-as-delegate used by policy"
echo "ok-as-delegate used by policy" ; > messages.log
${context} \
--mech-type=krb5 \
--policy-delegate \
--name-type=hostbased-service host@ok-delegate.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "Getting client initial tickets with --ok-as-delgate"
echo "Getting client initial tickets with --ok-as-delgate" ; > messages.log
${kinit} --ok-as-delegate --forwardable \
--password-file=${objdir}/foopassword user1@${R} || exitcode=1
--password-file=${objdir}/foopassword user1@${R} || \
{ eval "$testfailed"; }
echo "policy delegate to non delegate host"
echo "policy delegate to non delegate host" ; > messages.log
${context} \
--mech-type=krb5 \
--policy-delegate \
--server-no-delegate \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "ok-as-delegate"
echo "ok-as-delegate" ; > messages.log
${context} \
--mech-type=krb5 \
--delegate \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "======export/import cred"
echo "export-import cred (krb5)"
echo "export-import cred (krb5)" ; > messages.log
${context} \
--mech-type=krb5 \
--delegate \
--export-import-cred \
--name-type=hostbased-service host@ok-delegate.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "export-import cred (spnego)"
echo "export-import cred (spnego)" ; > messages.log
${context} \
--mech-type=spnego \
--delegate \
--export-import-cred \
--name-type=hostbased-service host@ok-delegate.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "======time diffs between client and server"
echo "Getting client initial ticket"
${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
echo "Getting client initial ticket" ; > messages.log
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
{ eval "$testfailed"; }
echo "No time offset"
echo "No time offset" ; > messages.log
${context} \
--mech-type=krb5 \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "Getting client initial ticket"
${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
echo "Getting client initial ticket" ; > messages.log
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
{ eval "$testfailed"; }
echo "Server time offset"
echo "Server time offset" ; > messages.log
${context} \
--mech-type=krb5 \
--mutual-auth \
--server-time-offset=3600 \
--max-loops=3 \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "Server time offset (cached ?)"
echo "Server time offset (cached ?)" ; > messages.log
${context} \
--mech-type=krb5 \
--mutual-auth \
--server-time-offset=3600 \
--max-loops=2 \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "Getting client initial ticket"
${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1
echo "Getting client initial ticket" ; > messages.log
${kinit} --password-file=${objdir}/foopassword user1@${R} || \
{ eval "$testfailed"; }
# Pre-poplute the cache since tgs-req will fail since our time is wrong
${kgetcred} host/lucid.test.h5l.se@${R} || exitcode=1
${kgetcred} host/lucid.test.h5l.se@${R} || \
{ eval "$testfailed"; }
echo "Client time offset"
echo "Client time offset" ; > messages.log
${context} \
--mech-type=krb5 \
--mutual-auth \
--client-time-offset=3600 \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
echo "Getting client initial tickets (use-referrals)"
echo "Getting client initial tickets (use-referrals)" ; > messages.log
${kinit} \
--password-file=${objdir}/foopassword \
--use-referrals user1@${R} || exitcode=1
--use-referrals user1@${R} || \
{ eval "$testfailed"; }
# XXX these tests really need to use somethat that resolve to something
${context} \
--mech-type=krb5 \
host@short || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
${context} \
--mech-type=krb5 \
--name-type=krb5-principal-name host/short || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
${context} \
--mech-type=krb5 \
host@long.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
${context} \
--mech-type=krb5 \
--name-type=krb5-principal-name \
host/long.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
{ eval "$testfailed"; }
trap "" EXIT
echo "killing kdc (${kdcpid})"
kill ${kdcpid} 2> /dev/null
[ "$exitcode" = 0 ] && echo "all ok"
exit $exitcode
exit 0

View File

@@ -36,6 +36,11 @@ objdir="@objdir@"
. ${env_setup}
KRB5_CONFIG="${objdir}/krb5-cc.conf"
export KRB5_CONFIG
unset KRB5CCNAME
testfailed="echo test failed; exit 1"
# If there is no useful db support compile in, disable test
@@ -56,9 +61,6 @@ cache="FILE:${objdir}/cache.krb5"
keytabfile=${objdir}/server.keytab
keytab="FILE:${keytabfile}"
KRB5_CONFIG="${objdir}/krb5-cc.conf"
export KRB5_CONFIG
rm -f ${keytabfile}
rm -f current-db*
rm -f out-*

View File

@@ -35,13 +35,13 @@ top_builddir="@top_builddir@"
env_setup="@env_setup@"
objdir="@objdir@"
. ${env_setup}
KRB5_CONFIG="${1-${objdir}/krb5.conf}"
export KRB5_CONFIG
testfailed="echo test failed; cat messages.log; exit 1"
. ${env_setup}
# If there is no useful db support compile in, disable test
${have_db} || exit 77

View File

@@ -20,6 +20,7 @@ subst = sed -e "s!@PACKAGE\@!$(PACKAGE)!g" \
-e "s!@exec_prefix\@!$(exec_prefix)!g" \
-e "s!@libdir\@!$(libdir)!g" \
-e "s!@includedir\@!$(includedir)!g" \
-e "s!@PTHREAD_LIBADD\@!$(PTHREAD_LIBADD)!g" \
-e "s!@LIB_crypt\@!$(LIB_crypt)!g" \
-e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \
-e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \

View File

@@ -137,7 +137,7 @@ if test "$do_libs" = "yes"; then
esac
lib_flags="$lib_flags -lkrb5 @LIB_pkinit@ -lcom_err"
lib_flags="$lib_flags @LIB_hcrypto_appl@ -lasn1 -lwind -lroken"
lib_flags="$lib_flags @LIB_crypt@ @LIB_dlopen@"
lib_flags="$lib_flags @LIB_crypt@ @PTHREAD_LIBADD@ @LIB_dlopen@"
lib_flags="$lib_flags @LIB_door_create@ @LIBS@"
echo $lib_flags
fi