diff --git a/cf/pthreads.m4 b/cf/pthreads.m4 index f08a9fe1f..3b36047b5 100644 --- a/cf/pthreads.m4 +++ b/cf/pthreads.m4 @@ -13,43 +13,48 @@ case "$host" in native_pthread_support=yes if test "$GCC" = yes; then PTHREADS_CFLAGS=-pthreads - PTHREADS_LIBS=-pthreads + PTHREAD_LIBADD=-pthreads else PTHREADS_CFLAGS=-mt - PTHREADS_LIBS=-mt + PTHREAD_LDADD=-mt + PTHREAD_LIBADD=-mt fi ;; -*-*-netbsd[12]*) +*-*-netbsd[[12]]*) native_pthread_support="if running netbsd 1.6T or newer" dnl heim_threads.h knows this - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; -*-*-netbsd[3456789]*) +*-*-netbsd[[3456789]]*) native_pthread_support="netbsd 3 uses explict pthread" dnl heim_threads.h knows this - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; -*-*-freebsd5*) +*-*-freebsd[[56]]*) native_pthread_support=yes ;; +*-*-freebsd[[789]]*) + native_pthread_support=yes + PTHREADS_LIBADD="-lpthread" + ;; *-*-openbsd*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_LIBADD=-pthread ;; *-*-linux* | *-*-linux-gnu) case `uname -r` in 2.*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_LIBADD=-pthread ;; esac ;; *-*-kfreebsd*-gnu*) native_pthread_support=yes PTHREADS_CFLAGS=-pthread - PTHREADS_LIBS=-pthread + PTHREAD_LIBADD=-pthread ;; *-*-aix*) dnl AIX is disabled since we don't handle the utmp/utmpx @@ -58,7 +63,7 @@ case "$host" in ;; mips-sgi-irix6.[[5-9]]) # maybe works for earlier versions too native_pthread_support=yes - PTHREADS_LIBS="-lpthread" + PTHREAD_LIBADD="-lpthread" ;; *-*-darwin*) native_pthread_support=yes @@ -77,14 +82,16 @@ if test "$enable_pthread_support" != no; then [Define if you want have a thread safe libraries]) dnl This sucks, but libtool doesn't save the depenecy on -pthread dnl for libraries. - LIBS="$PTHREADS_LIBS $LIBS" + LIBS="$PTHREAD_LIBADD $LIBS" else PTHREADS_CFLAGS="" - PTHREADS_LIBS="" + PTHREAD_LIBADD="" + PTHREADS_LIBADD="" fi AC_SUBST(PTHREADS_CFLAGS) -AC_SUBST(PTHREADS_LIBS) +AC_SUBST(PTHREAD_LDADD) +AC_SUBST(PTHREADS_LIBADD) AC_MSG_RESULT($enable_pthread_support) ]) diff --git a/cf/roken-frag.m4 b/cf/roken-frag.m4 index ae78e7e91..ab63a0904 100644 --- a/cf/roken-frag.m4 +++ b/cf/roken-frag.m4 @@ -311,7 +311,6 @@ case "$host_os" in AC_BROKEN([daemon]) ;; esac - AC_BROKEN([ \ chown \ copyhostent \ @@ -357,7 +356,6 @@ AC_BROKEN([ \ strcasecmp \ strdup \ strerror \ - strerror_r \ strftime \ strlcat \ strlcpy \ @@ -502,6 +500,19 @@ AC_REQUIRE([rk_BROKEN_REALLOC])dnl dnl AC_KRB_FUNC_GETCWD_BROKEN +dnl strerror_r is great fun, on linux it exists before sus catched up, +dnl so the return type is diffrent, lets check for both + +AC_PROTO_COMPAT([ +#include +#include +], +strerror_r, int strerror_r(int, char *, size_t)) + +AC_CHECK_FUNC([strerror_r], + [AC_DEFINE_UNQUOTED(HAVE_STRERROR_R, 1, + [Define if you have the function strerror_r.])]) + dnl dnl Checks for prototypes and declarations dnl diff --git a/configure.ac b/configure.ac index 33631f4cc..d4a7c9e61 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ AC_CONFIG_SRCDIR([kuser/kinit.c]) AC_CONFIG_HEADERS(include/config.h) AC_CONFIG_MACRO_DIR([cf]) -AM_INIT_AUTOMAKE([foreign 1.10]) +AM_INIT_AUTOMAKE([foreign 1.10.3]) AM_MAINTAINER_MODE dnl Checks for programs. @@ -628,8 +628,11 @@ dnl This is the release version name-number[beta] dnl cat > include/newversion.h.in <auth_context, - &seq_number); + krb5_auth_con_getremoteseqnumber (context, + ctx->auth_context, + &seq_number); _gsskrb5i_is_cfx(context, ctx, 1); is_cfx = (ctx->more_flags & IS_CFX); @@ -669,9 +669,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, return GSS_S_FAILURE; } - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; @@ -749,9 +749,9 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status, { int32_t tmp_r_seq_number, tmp_l_seq_number; - kret = krb5_auth_getremoteseqnumber(context, - ctx->auth_context, - &tmp_r_seq_number); + kret = krb5_auth_con_getremoteseqnumber(context, + ctx->auth_context, + &tmp_r_seq_number); if (kret) { *minor_status = kret; return GSS_S_FAILURE; diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index 696171dcf..7e448dcfb 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred if (desired_name != GSS_C_NO_NAME) { - ret = _gsskrb5_canon_name(minor_status, context, 0, NULL, + ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, desired_name, &handle->principal); if (ret) { HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 7f84efe35..fd9934a9e 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -255,7 +255,7 @@ gsskrb5_initiator_ready( krb5_cc_close(context, ctx->ccache); ctx->ccache = NULL; - krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); + krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number); _gsskrb5i_is_cfx(context, ctx, 0); is_cfx = (ctx->more_flags & IS_CFX); @@ -782,7 +782,7 @@ repl_mutual * for the gss_wrap calls. */ - krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq); + krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq); krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); diff --git a/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/lib/gssapi/krb5/inquire_sec_context_by_oid.c index ce01e666f..e0b555392 100644 --- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -302,9 +302,9 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status, if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); if (ret) goto out; - krb5_auth_getremoteseqnumber (context, - context_handle->auth_context, - &number); + krb5_auth_con_getremoteseqnumber (context, + context_handle->auth_context, + &number); ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ if (ret) goto out; ret = krb5_store_uint32(sp, (uint32_t)number); diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index d060badfe..5fc41d995 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech) if (mech == NULL) return 0; - m = malloc(sizeof(*m)); + m = calloc(1, sizeof(*m)); if (m == NULL) - return 1; + return ENOMEM; m->gm_so = NULL; m->gm_mech = *mech; m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ @@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech) /* pick up the oid sets of names */ - if (m->gm_mech.gm_inquire_names_for_mech) { + if (m->gm_mech.gm_inquire_names_for_mech) (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, &m->gm_mech.gm_mech_oid, &m->gm_name_types); - } else { + + if (m->gm_name_types == NULL) gss_create_empty_oid_set(&minor_status, &m->gm_name_types); - } SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); return 0; @@ -211,6 +211,8 @@ _gss_load_mech(void) char *name, *oid, *lib, *kobj; struct _gss_mech_switch *m; void *so; + gss_OID_desc mech_oid; + int found; HEIMDAL_MUTEX_lock(&_gss_mech_mutex); @@ -253,6 +255,23 @@ _gss_load_mech(void) if (!name || !oid || !lib || !kobj) continue; + if (_gss_string_to_oid(oid, &mech_oid)) + continue; + + /* + * Check for duplicates, already loaded mechs. + */ + found = 0; + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) { + found = 1; + free(mech_oid.elements); + break; + } + } + if (found) + continue; + #ifndef RTLD_LOCAL #define RTLD_LOCAL 0 #endif @@ -260,17 +279,17 @@ _gss_load_mech(void) so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); if (!so) { /* fprintf(stderr, "dlopen: %s\n", dlerror()); */ + free(mech_oid.elements); continue; } m = malloc(sizeof(*m)); - if (!m) + if (!m) { + free(mech_oid.elements); break; - m->gm_so = so; - if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) { - free(m); - continue; } + m->gm_so = so; + m->gm_mech.gm_mech_oid = mech_oid; m->gm_mech.gm_flags = 0; major_status = gss_add_oid_set_member(&minor_status, diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index 633c4bb48..cdfccce60 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -43,6 +43,7 @@ static char *type_string; static char *mech_string; static char *ret_mech_string; +static char *client_name; static int dns_canon_flag = -1; static int mutual_auth_flag = 0; static int dce_style_flag = 0; @@ -58,10 +59,14 @@ static char *session_enctype_string = NULL; static int client_time_offset = 0; static int server_time_offset = 0; static int max_loops = 0; +static char *limit_enctype_string = NULL; static int version_flag = 0; static int verbose_flag = 0; static int help_flag = 0; +static krb5_context context; +static krb5_enctype limit_enctype = 0; + static struct { const char *name; gss_OID *oid; @@ -452,6 +457,8 @@ static struct getargs args[] = { {"dns-canonicalize",0,arg_negative_flag, &dns_canon_flag, "use dns to canonicalize", NULL }, {"mutual-auth",0, arg_flag, &mutual_auth_flag,"mutual auth", NULL }, + {"client-name", 0, arg_string, &client_name, "client name", NULL }, + {"limit-enctype",0, arg_string, &limit_enctype_string, "enctype", NULL }, {"dce-style",0, arg_flag, &dce_style_flag, "dce-style", NULL }, {"wrapunwrap",0, arg_flag, &wrapunwrap_flag, "wrap/unwrap", NULL }, {"iov", 0, arg_flag, &iov_flag, "wrap/unwrap iov", NULL }, @@ -488,10 +495,13 @@ main(int argc, char **argv) gss_ctx_id_t cctx, sctx; void *ctx; gss_OID nameoid, mechoid, actual_mech, actual_mech2; - gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; + gss_cred_id_t client_cred = GSS_C_NO_CREDENTIAL, deleg_cred = GSS_C_NO_CREDENTIAL; setprogname(argv[0]); + if (krb5_init_context(&context)) + errx(1, "krb5_init_context"); + cctx = sctx = GSS_C_NO_CONTEXT; if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) @@ -531,7 +541,47 @@ main(int argc, char **argv) if (gsskrb5_acceptor_identity) gsskrb5_register_acceptor_identity(gsskrb5_acceptor_identity); - loop(mechoid, nameoid, argv[0], GSS_C_NO_CREDENTIAL, + if (client_name) { + gss_buffer_desc cn; + gss_name_t cname; + cn.value = client_name; + cn.length = strlen(client_name); + maj_stat = gss_import_name(&min_stat, &cn, GSS_C_NT_USER_NAME, &cname); + if (maj_stat) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + + maj_stat = gss_acquire_cred(&min_stat, cname, 0, NULL, + GSS_C_INITIATE, &client_cred, NULL, NULL); + if (GSS_ERROR(maj_stat)) + errx(1, "gss_import_name: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + gss_release_name(&min_stat, &cname); + } + + if (limit_enctype_string) { + krb5_error_code ret; + + ret = krb5_string_to_enctype(context, + limit_enctype_string, + &limit_enctype); + if (ret) + krb5_err(context, 1, ret, "krb5_string_to_enctype"); + } + + + if (limit_enctype) { + if (client_cred == NULL) + errx(1, "client_cred missing"); + + maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, client_cred, + 1, &limit_enctype); + if (maj_stat) + errx(1, "gss_krb5_set_allowable_enctypes: %s", + gssapi_err(maj_stat, min_stat, GSS_C_NO_OID)); + } + + loop(mechoid, nameoid, argv[0], client_cred, &sctx, &cctx, &actual_mech, &deleg_cred); if (verbose_flag) @@ -549,7 +599,6 @@ main(int argc, char **argv) /* XXX should be actual_mech */ if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { - krb5_context context; time_t time; gss_buffer_desc authz_data; gss_buffer_desc in, out1, out2; @@ -557,10 +606,6 @@ main(int argc, char **argv) krb5_timestamp now; krb5_error_code ret; - ret = krb5_init_context(&context); - if (ret) - errx(1, "krb5_init_context"); - ret = krb5_timeofday(context, &now); if (ret) errx(1, "krb5_timeofday failed"); @@ -624,6 +669,8 @@ main(int argc, char **argv) if (maj_stat != GSS_S_COMPLETE) keyblock = NULL; + else if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_subkey wrong enctype"); maj_stat = gsskrb5_get_subkey(&min_stat, cctx, @@ -635,6 +682,8 @@ main(int argc, char **argv) if (maj_stat != GSS_S_COMPLETE) keyblock2 = NULL; + else if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_subkey wrong enctype"); if (keyblock || keyblock2) { if (keyblock == NULL) @@ -679,8 +728,12 @@ main(int argc, char **argv) errx(1, "gsskrb5_get_initiator_subkey failed: %s", gssapi_err(maj_stat, min_stat, actual_mech)); - if (maj_stat == GSS_S_COMPLETE) + if (maj_stat == GSS_S_COMPLETE) { + + if (limit_enctype && keyblock->keytype != limit_enctype) + errx(1, "gsskrb5_get_initiator_subkey wrong enctype"); krb5_free_keyblock(context, keyblock); + } maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat, sctx, @@ -689,8 +742,6 @@ main(int argc, char **argv) if (maj_stat == GSS_S_COMPLETE) gss_release_buffer(&min_stat, &authz_data); - krb5_free_context(context); - memset(&out1, 0, sizeof(out1)); memset(&out2, 0, sizeof(out2)); @@ -866,8 +917,9 @@ main(int argc, char **argv) } - empty_release(); + + krb5_free_context(context); return 0; } diff --git a/lib/hdb/Makefile.am b/lib/hdb/Makefile.am index 2310f4c44..6925cc601 100644 --- a/lib/hdb/Makefile.am +++ b/lib/hdb/Makefile.am @@ -47,11 +47,13 @@ if OPENLDAP_MODULE ldap_so = hdb_ldap.la hdb_ldap_la_SOURCES = hdb-ldap.c -hdb_ldap_la_LDFLAGS = -module +hdb_ldap_la_LDFLAGS = -module -avoid-version +hdb_ldap_la_LIBADD = $(LIB_openldap) libhdb.la else ldap = hdb-ldap.c +ldap_lib = $(LIB_openldap) endif @@ -95,7 +97,7 @@ libhdb_la_LIBADD = \ ../asn1/libasn1.la \ $(LIB_sqlite3) \ $(LIBADD_roken) \ - $(LIB_openldap) \ + $(ldap_lib) \ $(LIB_dlopen) \ $(DBLIB) \ $(LIB_NDBM) diff --git a/lib/ipc/Makefile.am b/lib/ipc/Makefile.am index b3f3ba05f..cda1d4a5b 100644 --- a/lib/ipc/Makefile.am +++ b/lib/ipc/Makefile.am @@ -1,5 +1,3 @@ -# $Id: Makefile.am,v 1.1 2004/12/20 08:31:45 assar Exp $ - include $(top_srcdir)/Makefile.am.common noinst_LTLIBRARIES = libheim-ipcc.la libheim-ipcs.la @@ -9,19 +7,22 @@ libheim_ipcs_la_SOURCES = server.c common.c include_HEADERS = heim-ipc.h -libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 -libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 +## +## Enable when this is not a noinst_ library +## +#libheim_ipcc_la_LDFLAGS = -version-info 0:0:0 +#libheim_ipcs_la_LDFLAGS = -version-info 0:0:0 +# +#if versionscript +#libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map +#libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map +#endif libheim_ipcc_la_LIBADD = \ $(LIB_roken) libheim_ipcs_la_LIBADD = $(libheim_ipcc_la_LIBADD) -if versionscript -libheim_ipcc_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scriptc.map -libheim_ipcs_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-scripts.map -endif - TESTS = $(check_PROGRAMS) noinst_PROGRAMS = tc ts diff --git a/lib/ipc/ts.c b/lib/ipc/ts.c index c5594c221..4867eca89 100644 --- a/lib/ipc/ts.c +++ b/lib/ipc/ts.c @@ -74,7 +74,7 @@ test_service(void *ctx, const heim_idata *req, int main(int argc, char **argv) { - heim_sipc unix; + heim_sipc u; int optidx = 0; setprogname(argv[0]); @@ -98,7 +98,7 @@ main(int argc, char **argv) } #endif heim_sipc_service_unix("org.h5l.test-ipc", - test_service, NULL, &unix); + test_service, NULL, &u); heim_ipc_main(); return 0; diff --git a/lib/kadm5/Makefile.am b/lib/kadm5/Makefile.am index 6a56c0221..dd311fdc6 100644 --- a/lib/kadm5/Makefile.am +++ b/lib/kadm5/Makefile.am @@ -32,7 +32,9 @@ default_keys_SOURCES = default_keys.c kadm5includedir = $(includedir)/kadm5 buildkadm5include = $(buildinclude)/kadm5 -dist_kadm5include_HEADERS = admin.h private.h kadm5-protos.h kadm5-private.h +dist_kadm5include_HEADERS = admin.h private.h kadm5-pwcheck.h +dist_kadm5include_HEADERS += kadm5-protos.h kadm5-private.h + nodist_kadm5include_HEADERS = kadm5_err.h install-build-headers:: $(dist_kadm5include_HEADERS) $(nodist_kadm5include_HEADERS) @@ -69,7 +71,6 @@ dist_libkadm5clnt_la_SOURCES = \ randkey_c.c \ rename_c.c \ send_recv.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5clnt_la_SOURCES = \ @@ -106,7 +107,6 @@ dist_libkadm5srv_la_SOURCES = \ server_glue.c \ set_keys.c \ set_modifier.c \ - kadm5-pwcheck.h \ admin.h nodist_libkadm5srv_la_SOURCES = \ @@ -125,7 +125,6 @@ man_MANS = kadm5_pwcheck.3 iprop.8 iprop-log.8 LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ @@ -137,7 +136,6 @@ LDADD = \ iprop_log_LDADD = \ libkadm5srv.la \ $(top_builddir)/lib/hdb/libhdb.la \ - $(LIB_openldap) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_hcrypto) \ diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am index 30d1c3779..72140e247 100644 --- a/lib/krb5/Makefile.am +++ b/lib/krb5/Makefile.am @@ -67,6 +67,7 @@ libkrb5_la_LIBADD = \ ../wind/libwind.la \ $(LIB_libintl) \ $(LIBADD_roken) \ + $(PTHREAD_LIBADD) \ $(LIB_door_create) \ $(LIB_dlopen) @@ -187,7 +188,7 @@ dist_libkrb5_la_SOURCES = \ nodist_libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 25:0:0 +libkrb5_la_LDFLAGS = -version-info 26:0:0 if versionscript libkrb5_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map diff --git a/lib/krb5/acl.c b/lib/krb5/acl.c index 473ea5bbf..0e152405a 100644 --- a/lib/krb5/acl.c +++ b/lib/krb5/acl.c @@ -257,7 +257,7 @@ krb5_acl_match_file(krb5_context context, f = fopen(file, "r"); if(f == NULL) { int save_errno = errno; - strerror_r(save_errno, buf, sizeof(buf)); + rk_strerror_r(save_errno, buf, sizeof(buf)); krb5_set_error_message(context, save_errno, N_("open(%s): %s", "file, errno"), file, buf); diff --git a/lib/krb5/auth_context.c b/lib/krb5/auth_context.c index 0f1d51e21..ea59c7393 100644 --- a/lib/krb5/auth_context.c +++ b/lib/krb5/auth_context.c @@ -173,7 +173,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) { char buf[128]; ret = rk_SOCK_ERRNO; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getsockname: %s", buf); goto out; } @@ -191,7 +191,7 @@ krb5_auth_con_genaddrs(krb5_context context, if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) { char buf[128]; ret = rk_SOCK_ERRNO; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "getpeername: %s", buf); goto out; } diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index 7d51c5c1b..a962f06f5 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -603,7 +603,7 @@ change_password_loop (krb5_context context, } } -#ifndef NO_LIMIT_FD_SETSIZE +#ifndef NO_LIMIT_FD_SETSIZE if (sock >= FD_SETSIZE) { ret = ERANGE; krb5_set_error_message(context, ret, diff --git a/lib/krb5/context.c b/lib/krb5/context.c index 3cc02f561..81a5d296c 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -531,11 +531,23 @@ krb5_free_context(krb5_context context) krb5_set_ignore_addresses(context, NULL); krb5_set_send_to_kdc_func(context, NULL, NULL); +#ifdef PKINIT + hx509_context_free(&context->hx509ctx); +#endif + HEIMDAL_MUTEX_destroy(context->mutex); free(context->mutex); +<<<<<<< HEAD if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { rk_SOCK_EXIT(); } +======= +#ifdef NEED_SOCK_INIT + if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) { + SOCK_EXIT; + } +#endif +>>>>>>> h-github/master memset(context, 0, sizeof(*context)); free(context); diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 3ae43e3ff..67c4c7444 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -99,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, break; default: { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("error locking cache file %s: %s", "file, error"), filename, buf); @@ -133,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd) break; default: { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("Failed to unlock file: %s", ""), buf); break; @@ -397,7 +397,7 @@ fcc_open(krb5_context context, if(fd < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), filename, buf); return ret; @@ -461,7 +461,7 @@ fcc_initialize(krb5_context context, if (ret == 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), buf); } @@ -516,7 +516,7 @@ fcc_store_cred(krb5_context context, if (close(fd) < 0) { if (ret == 0) { char buf[128]; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); ret = errno; krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), buf); @@ -930,7 +930,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) if (ret && errno != EXDEV) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, N_("Rename of file from %s " "to %s failed: %s", ""), @@ -997,7 +997,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) close(fd); } - fcc_destroy(context, from); + fcc_close(context, from); return ret; } diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 1c8fda462..906f926eb 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -1541,6 +1541,7 @@ krb5_init_creds_set_keytab(krb5_context context, /* remove old list of etype */ if (etypes) free(etypes); + etypes = NULL; netypes = 0; kvno = entry.vno; } else if (entry.vno != kvno) diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index d1d6c534d..01ea18477 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -78,7 +78,7 @@ kcm_send_request(krb5_context context, ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc); HEIMDAL_MUTEX_unlock(&kcm_mutex); if (ret) - return ret; + return KRB5_CC_NOSUPP; ret = krb5_storage_to_data(request, &request_data); if (ret) { diff --git a/lib/krb5/kuserok.c b/lib/krb5/kuserok.c index 9fc87bfd6..954148c11 100644 --- a/lib/krb5/kuserok.c +++ b/lib/krb5/kuserok.c @@ -221,6 +221,9 @@ match_local_principals(krb5_context context, * ignored. Subdirectories are not traversed. Note that this directory * may not be checked by other Kerberos implementations. * + * If no configuration file exists, match user against local domains, + * ie luser@LOCAL-REALMS-IN-CONFIGURATION-FILES. + * * @param context Kerberos 5 context. * @param principal principal to check if allowed to login * @param luser local user id @@ -293,10 +296,9 @@ krb5_kuserok (krb5_context context, return FALSE; #else - /* On Windows, for now we always return TRUE. The .k5login file - may be on a remote profile and we don't have access to the - profile until we have a token handle for the user's - credentials. */ - return TRUE; + /* The .k5login file may be on a remote profile and we don't have + access to the profile until we have a token handle for the + user's credentials. */ + return match_local_principals(context, principal, luser); #endif } diff --git a/lib/krb5/libkrb5-exports.def.in b/lib/krb5/libkrb5-exports.def.in index 20d27f2d6..7feaad1e7 100644 --- a/lib/krb5/libkrb5-exports.def.in +++ b/lib/krb5/libkrb5-exports.def.in @@ -57,6 +57,7 @@ EXPORTS krb5_auth_con_setuserkey krb5_auth_getremoteseqnumber krb5_build_ap_req + krb5_build_authenticator krb5_build_principal krb5_build_principal_ext krb5_build_principal_va @@ -137,11 +138,13 @@ EXPORTS krb5_compare_creds krb5_config_file_free krb5_config_free_strings + krb5_config_get krb5_config_get_bool krb5_config_get_bool_default krb5_config_get_int krb5_config_get_int_default krb5_config_get_list + krb5_config_get_next krb5_config_get_string krb5_config_get_string_default krb5_config_get_strings @@ -150,11 +153,13 @@ EXPORTS krb5_config_parse_file krb5_config_parse_file_multi krb5_config_parse_string_multi + krb5_config_vget krb5_config_vget_bool krb5_config_vget_bool_default krb5_config_vget_int krb5_config_vget_int_default krb5_config_vget_list + krb5_config_vget_next krb5_config_vget_string krb5_config_vget_string_default krb5_config_vget_strings @@ -675,11 +680,12 @@ EXPORTS krb5_write_priv_message krb5_write_safe_message krb5_xfree + krb5_cccol_last_change_time krb5_cccol_cursor_new krb5_cccol_cursor_next krb5_cccol_cursor_free -; com_err error tables + ; com_err error tables initialize_krb5_error_table_r initialize_krb5_error_table initialize_krb_error_table_r @@ -689,7 +695,7 @@ EXPORTS initialize_k524_error_table_r initialize_k524_error_table -; variables + ; variables krb5_mcc_ops DATA krb5_acc_ops DATA krb5_fcc_ops DATA @@ -699,7 +705,9 @@ EXPORTS #ifdef HAVE_KCM krb5_kcm_ops DATA #endif -; krb4_fkt_ops DATA +#ifdef HAVE_KRB4 + krb4_fkt_ops DATA +#endif krb5_wrfkt_ops DATA krb5_mkt_ops DATA krb5_akf_ops DATA @@ -714,13 +722,13 @@ EXPORTS krb5_cc_type_kcm DATA krb5_cc_type_scc DATA -; Shared with GSSAPI krb5 + ; Shared with GSSAPI krb5 _krb5_crc_init_table _krb5_crc_update _krb5_get_krbtgt _krb5_build_authenticator -; V4 compat glue + ; V4 compat glue _krb5_krb_tf_setup _krb5_krb_dest_tkt _krb5_krb_life_to_time @@ -734,7 +742,7 @@ EXPORTS _krb5_krb_time_to_life _krb5_krb_cr_err_reply -; Shared with libkdc + ; Shared with libkdc _krb5_AES_string_to_default_iterator _krb5_dh_group_ok _krb5_get_host_realm_int @@ -753,12 +761,13 @@ EXPORTS _krb5_principalname2krb5_principal _krb5_put_int _krb5_s4u2self_to_checksumdata + _krb5_expand_path_tokens -; kinit helper + ; kinit helper _krb5_get_init_creds_opt_set_pkinit_user_certs _krb5_pk_enterprise_cert -; testing + ; testing ; _krb5_aes_cts_encrypt _krb5_n_fold _krb5_expand_default_cc_name diff --git a/lib/krb5/net_write.c b/lib/krb5/net_write.c index 82f699374..52d6eb457 100644 --- a/lib/krb5/net_write.c +++ b/lib/krb5/net_write.c @@ -43,7 +43,6 @@ krb5_net_write (krb5_context context, return net_write(fd, buf, len); } -KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL krb5_net_write_block(krb5_context context, void *p_fd, diff --git a/lib/krb5/replay.c b/lib/krb5/replay.c index f36e10174..f4eb9032d 100644 --- a/lib/krb5/replay.c +++ b/lib/krb5/replay.c @@ -135,7 +135,7 @@ krb5_rc_initialize(krb5_context context, if(f == NULL) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } @@ -161,7 +161,7 @@ krb5_rc_destroy(krb5_context context, if(remove(id->name) < 0) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "remove(%s): %s", id->name, buf); return ret; } @@ -212,7 +212,7 @@ krb5_rc_store(krb5_context context, if(f == NULL) { char buf[128]; ret = errno; - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf); return ret; } @@ -232,7 +232,7 @@ krb5_rc_store(krb5_context context, char buf[128]; ret = errno; fclose(f); - strerror_r(ret, buf, sizeof(buf)); + rk_strerror_r(ret, buf, sizeof(buf)); krb5_set_error_message(context, ret, "%s: %s", id->name, buf); return ret; @@ -241,7 +241,7 @@ krb5_rc_store(krb5_context context, f = fopen(id->name, "a"); if(f == NULL) { char buf[128]; - strerror_r(errno, buf, sizeof(buf)); + rk_strerror_r(errno, buf, sizeof(buf)); krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, "open(%s): %s", id->name, buf); return KRB5_RC_IO_UNKNOWN; diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index 83f27ac36..87e6fb24f 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -142,9 +142,9 @@ send_and_recv_tcp(krb5_socket_t fd, krb5_data len_data; _krb5_put_int(len, req->length, 4); - if(net_write(fd, len, sizeof(len)) < 0) + if(net_write (fd, len, sizeof(len)) < 0) return -1; - if(net_write(fd, req->data, req->length) < 0) + if(net_write (fd, req->data, req->length) < 0) return -1; if (recv_loop (fd, tmout, 0, 4, &len_data) < 0) return -1; diff --git a/lib/krb5/store_fd.c b/lib/krb5/store_fd.c index bb261be2d..bd357dbe3 100644 --- a/lib/krb5/store_fd.c +++ b/lib/krb5/store_fd.c @@ -91,7 +91,7 @@ krb5_storage_from_fd(krb5_socket_t fd_in) krb5_storage *sp; int fd; -#ifdef _WIN32 +#ifdef SOCKET_IS_NOT_AN_FD #ifdef _MSC_VER if (_get_osfhandle(fd_in) != -1) { fd = dup(fd_in); @@ -101,7 +101,7 @@ krb5_storage_from_fd(krb5_socket_t fd_in) #else #error Dont know how to deal with fd that may or may not be a socket. #endif -#else +#else /* SOCKET_IS_NOT_AN_FD */ fd = dup(fd_in); #endif diff --git a/lib/krb5/test_cc.c b/lib/krb5/test_cc.c index 1d0ddef32..8d561b691 100644 --- a/lib/krb5/test_cc.c +++ b/lib/krb5/test_cc.c @@ -77,12 +77,12 @@ test_default_name(krb5_context context) krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); p3 = estrdup(p); -#ifndef KRB5_USE_PATH_TOKENS +#ifndef KRB5_USE_PATH_TOKENS /* If we are using path tokens, we don't expect the p3 and test_cc_name to match since p3 is going to have expanded tokens. */ if (strcmp(p3, test_cc_name) != 0) - krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); #endif free(p1); diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map index fff13a41e..d06f16b9c 100644 --- a/lib/krb5/version-script.map +++ b/lib/krb5/version-script.map @@ -39,6 +39,7 @@ HEIMDAL_KRB5_2.0 { krb5_auth_con_getlocalseqnumber; krb5_auth_con_getlocalsubkey; krb5_auth_con_getrcache; + krb5_auth_con_getremoteseqnumber; krb5_auth_con_getremotesubkey; krb5_auth_con_init; krb5_auth_con_removeflags; @@ -117,7 +118,7 @@ HEIMDAL_KRB5_2.0 { krb5_cc_set_kdc_offset; krb5_cc_start_seq_get; krb5_cc_store_cred; - krb5_cc_support_switch + krb5_cc_support_switch; krb5_cc_switch; krb5_cc_set_friendly_name; krb5_change_password; diff --git a/lib/krb5/version.c b/lib/krb5/version.c index a0e750604..302854de3 100644 --- a/lib/krb5/version.c +++ b/lib/krb5/version.c @@ -35,7 +35,5 @@ /* this is just to get a version stamp in the library file */ -#define heimdal_version __heimdal_version -#define heimdal_long_version __heimdal_long_version #include "version.h" diff --git a/lib/ntlm/heimntlm.h b/lib/ntlm/heimntlm.h index c1ed23ec1..0fcc832e1 100644 --- a/lib/ntlm/heimntlm.h +++ b/lib/ntlm/heimntlm.h @@ -46,21 +46,45 @@ struct ntlm_buf { }; #define NTLM_NEG_UNICODE 0x00000001 +#define NTLM_NEG_OEM 0x00000002 #define NTLM_NEG_TARGET 0x00000004 +#define NTLM_MBZ9 0x00000008 + #define NTLM_NEG_SIGN 0x00000010 #define NTLM_NEG_SEAL 0x00000020 +#define NTLM_NEG_DATAGRAM 0x00000040 +#define NTLM_NEG_LM_KEY 0x00000080 + +#define NTLM_MBZ8 0x00000100 #define NTLM_NEG_NTLM 0x00000200 +#define NTLM_NEG_NT_ONLY 0x00000400 +#define NTLM_MBZ7 0x00000800 /* anon ? */ -#define NTLM_SUPPLIED_DOMAIN 0x00001000 -#define NTLM_SUPPLIED_WORKSTAION 0x00002000 - +#define NTLM_OEM_SUPPLIED_DOMAIN 0x00001000 +#define NTLM_OEM_SUPPLIED_WORKSTAION 0x00002000 +#define NTLM_MBZ6 0x00004000 /* local call ? */ #define NTLM_NEG_ALWAYS_SIGN 0x00008000 -#define NTLM_NEG_NTLM2_SESSION 0x00080000 #define NTLM_TARGET_DOMAIN 0x00010000 #define NTLM_TARGET_SERVER 0x00020000 +#define NTLM_TARGET_SHARE 0x00040000 +#define NTLM_NEG_NTLM2_SESSION 0x00080000 +#define NTLM_NEG_NTLM2 0x00080000 + +#define NTLM_NEG_IDENTIFY 0x00100000 +#define NTLM_MBZ5 0x00200000 +#define NTLM_NON_NT_SESSION_KEY 0x00400000 +#define NTLM_NEG_TARGET_INFO 0x00800000 + +#define NTLM_MBZ4 0x01000000 +#define NTLM_NEG_VERSION 0x02000000 +#define NTLM_MBZ3 0x04000000 +#define NTLM_MBZ2 0x08000000 + +#define NTLM_MBZ1 0x10000000 #define NTLM_ENC_128 0x20000000 #define NTLM_NEG_KEYEX 0x40000000 +#define NTLM_NEGOTIATE_56 0x80000000 /** * Struct for the NTLM target info, the strings is assumed to be in diff --git a/lib/ntlm/ntlm.c b/lib/ntlm/ntlm.c index 58eebee1e..71f96bfce 100644 --- a/lib/ntlm/ntlm.c +++ b/lib/ntlm/ntlm.c @@ -422,9 +422,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &type), 0); CHECK(type, 1); CHECK(krb5_ret_uint32(in, &data->flags), 0); - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_sec_buffer(in, &domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION) CHECK(ret_sec_buffer(in, &hostname), 0); #if 0 if (domain.offset > 32) { @@ -432,9 +432,9 @@ heim_ntlm_decode_type1(const struct ntlm_buf *buf, struct ntlm_type1 *data) CHECK(krb5_ret_uint32(in, &data->os[1]), 0); } #endif - if (data->flags & NTLM_SUPPLIED_DOMAIN) + if (data->flags & NTLM_OEM_SUPPLIED_DOMAIN) CHECK(ret_string(in, 0, &domain, &data->domain), 0); - if (data->flags & NTLM_SUPPLIED_WORKSTAION) + if (data->flags & NTLM_OEM_SUPPLIED_WORKSTAION) CHECK(ret_string(in, 0, &hostname, &data->hostname), 0); out: @@ -472,11 +472,11 @@ heim_ntlm_encode_type1(const struct ntlm_type1 *type1, struct ntlm_buf *data) if (type1->domain) { base += 8; - flags |= NTLM_SUPPLIED_DOMAIN; + flags |= NTLM_OEM_SUPPLIED_DOMAIN; } if (type1->hostname) { base += 8; - flags |= NTLM_SUPPLIED_WORKSTAION; + flags |= NTLM_OEM_SUPPLIED_WORKSTAION; } if (type1->os[0]) base += 8; diff --git a/lib/otp/Makefile.am b/lib/otp/Makefile.am index 80f99bf01..12077a189 100644 --- a/lib/otp/Makefile.am +++ b/lib/otp/Makefile.am @@ -40,6 +40,10 @@ if do_roken_rename ROKEN_SRCS = snprintf.c strcasecmp.c strncasecmp.c strlwr.c strlcpy.c strlcat.c endif +if versionscript +libotp_la_LDFLAGS += $(LDFLAGS_VERSION_SCRIPT)$(srcdir)/version-script.map +endif + $(libotp_la_OBJECTS): $(ndbm_wrap) ndbm_wrap.c: diff --git a/lib/otp/version-script.map b/lib/otp/version-script.map new file mode 100644 index 000000000..499943f29 --- /dev/null +++ b/lib/otp/version-script.map @@ -0,0 +1,25 @@ +HEIMDAL_OTP_1.0 { + global: + otp_challenge; + otp_checksum; + otp_db_close; + otp_db_open; + otp_delete; + otp_error; + otp_find_alg; + otp_get; + otp_parse; + otp_parse_altdict; + otp_parse_hex; + otp_parse_stddict; + otp_print_hex; + otp_print_hex_extended; + otp_print_stddict; + otp_print_stddict_extended; + otp_put; + otp_simple_get; + otp_verify_user; + otp_verify_user_1; + local: + *; +}; diff --git a/lib/roken/Makefile.am b/lib/roken/Makefile.am index eb4d41a29..f4e97e7ab 100644 --- a/lib/roken/Makefile.am +++ b/lib/roken/Makefile.am @@ -100,6 +100,7 @@ libroken_la_SOURCES = \ snprintf.c \ socket.c \ strcollect.c \ + strerror_r.c \ strpool.c \ timeval.c \ tm2time.c \ diff --git a/lib/roken/getifaddrs.c b/lib/roken/getifaddrs.c index 3770ebbee..1e0583b7d 100644 --- a/lib/roken/getifaddrs.c +++ b/lib/roken/getifaddrs.c @@ -1010,12 +1010,11 @@ getifaddrs2(struct ifaddrs **ifap, #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) static int getlifaddrs2(struct ifaddrs **ifap, - int siocgifconf, int siocgifflags, + int af, int siocgifconf, int siocgifflags, size_t ifreq_sz) { int ret; - int fd_inet6; - int fd_inet; + int fd; size_t buf_size; char *buf; struct lifconf ifconf; @@ -1028,16 +1027,10 @@ getlifaddrs2(struct ifaddrs **ifap, buf = NULL; memset (&sa_zero, 0, sizeof(sa_zero)); - fd_inet6 = socket(AF_INET6, SOCK_DGRAM, 0); - if (fd_inet6 < 0) + fd = socket(af, SOCK_DGRAM, 0); + if (fd < 0) return -1; - fd_inet = socket(AF_INET, SOCK_DGRAM, 0); - if (fd_inet < 0) { - close(fd_inet6); - return -1; - } - buf_size = 8192; for (;;) { buf = calloc(1, buf_size); @@ -1046,7 +1039,7 @@ getlifaddrs2(struct ifaddrs **ifap, goto error_out; } #ifndef __hpux - ifconf.lifc_family = AF_UNSPEC; + ifconf.lifc_family = af; ifconf.lifc_flags = 0; #endif ifconf.lifc_len = buf_size; @@ -1055,7 +1048,7 @@ getlifaddrs2(struct ifaddrs **ifap, /* * Solaris returns EINVAL when the buffer is too small. */ - if (ioctl (fd_inet, siocgifconf, &ifconf) < 0 && errno != EINVAL) { + if (ioctl (fd, siocgifconf, &ifconf) < 0 && errno != EINVAL) { ret = errno; goto error_out; } @@ -1093,11 +1086,9 @@ getlifaddrs2(struct ifaddrs **ifap, memset (&ifreq, 0, sizeof(ifreq)); memcpy (ifreq.lifr_name, ifr->lifr_name, sizeof(ifr->lifr_name)); - if (ioctl(fd_inet6, siocgifflags, &ifreq) < 0) { - if (ioctl(fd_inet, siocgifflags, &ifreq) < 0) { - ret = errno; - goto error_out; - } + if (ioctl(fd, siocgifflags, &ifreq) < 0) { + ret = errno; + goto error_out; } *end = malloc(sizeof(**end)); @@ -1151,20 +1142,39 @@ getlifaddrs2(struct ifaddrs **ifap, } *ifap = start; - close(fd_inet6); - close(fd_inet); + close(fd); free(buf); return 0; error_out: rk_freeifaddrs(start); - close(fd_inet6); - close(fd_inet); + close(fd); free(buf); errno = ret; return -1; } #endif /* defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) */ +/** + * Join two struct ifaddrs lists by appending supp to base. + * Either may be NULL. The new list head (usually base) will be + * returned. + */ +static struct ifaddrs * +append_ifaddrs(struct ifaddrs *base, struct ifaddrs *supp) { + if (!base) + return supp; + + if (!supp) + return base; + + while (base->ifa_next) + base = base->ifa_next; + + base->ifa_next = supp; + + return base; +} + ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_getifaddrs(struct ifaddrs **ifap) { @@ -1176,9 +1186,43 @@ rk_getifaddrs(struct ifaddrs **ifap) sizeof(struct in6_ifreq)); #endif #if defined(HAVE_IPV6) && defined(SIOCGLIFCONF) && defined(SIOCGLIFFLAGS) - if (ret) - ret = getlifaddrs2 (ifap, SIOCGLIFCONF, SIOCGLIFFLAGS, + /* Do IPv6 and IPv4 queries separately then join the result. + * + * HP-UX only returns IPv6 addresses using SIOCGLIFCONF, + * SIOCGIFCONF has to be used for IPv4 addresses. The result is then + * merged. + * + * Solaris needs particular care, because a SIOCGLIFCONF lookup using + * AF_UNSPEC can fail in a Zone requiring an AF_INET lookup, so we just + * do them separately the same as for HP-UX. See + * http://repo.or.cz/w/heimdal.git/commitdiff/76afc31e9ba2f37e64c70adc006ade9e37e9ef73 + */ + if (ret) { + int v6err, v4err; + struct ifaddrs *v6addrs, *v4addrs; + + v6err = getlifaddrs2 (&v6addrs, AF_INET6, SIOCGLIFCONF, SIOCGLIFFLAGS, sizeof(struct lifreq)); + v4err = getifaddrs2 (&v4addrs, AF_INET, SIOCGIFCONF, SIOCGIFFLAGS, + sizeof(struct ifreq)); + if (v6err) + v6addrs = NULL; + if (v4err) + v4addrs = NULL; + + if (v6addrs) { + if (v4addrs) + *ifap = append_ifaddrs(v6addrs, v4addrs); + else + *ifap = v6addrs; + } else if (v4addrs) { + *ifap = v4addrs; + } else { + *ifap = NULL; + } + + ret = (v6err || v4err) ? -1 : 0; + } #endif #if defined(HAVE_IPV6) && defined(SIOCGIFCONF) if (ret) @@ -1193,8 +1237,6 @@ rk_getifaddrs(struct ifaddrs **ifap) return ret; } -#endif /* !AF_NETLINK */ - ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_freeifaddrs(struct ifaddrs *ifp) { @@ -1216,6 +1258,8 @@ rk_freeifaddrs(struct ifaddrs *ifp) } } +#endif /* !AF_NETLINK */ + #ifdef TEST void diff --git a/lib/roken/roken.h.in b/lib/roken/roken.h.in index c6f299a15..d495b3462 100644 --- a/lib/roken/roken.h.in +++ b/lib/roken/roken.h.in @@ -467,12 +467,12 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL getdtablesize(void); ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL strerror(int); #endif -#if !defined(HAVE_STRERROR) && !defined(strerror) -#define strerror_r rk_strerror_r -int ROKEN_LIB_FUNCTION strerror_r(int, char *, size_t); +#if !defined(HAVE_STRERROR_R) && !defined(strerror_r) && !defined(STRERROR_R_PROTO_COMPATIBLE) +int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t); +#else +#define rk_strerror_r strerror_r #endif - #if !defined(HAVE_HSTRERROR) || defined(NEED_HSTRERROR_PROTO) #ifndef HAVE_HSTRERROR #define hstrerror rk_hstrerror diff --git a/lib/roken/strerror_r.c b/lib/roken/strerror_r.c index d3ef7d6be..63dae09a7 100644 --- a/lib/roken/strerror_r.c +++ b/lib/roken/strerror_r.c @@ -33,32 +33,48 @@ #include +#if !defined(HAVE_STRERROR_R) && !defined(STRERROR_R_PROTO_COMPATIBLE) + #include #include #include #ifdef _MSC_VER -char * ROKEN_LIB_FUNCTION -strerror_r(int eno, char * strerrbuf, size_t buflen) +int ROKEN_LIB_FUNCTION +rk_strerror_r(int eno, char * strerrbuf, size_t buflen) { errno_t err; err = strerror_s(strerrbuf, buflen, eno); - if (err != 0) - sprintf_s(strerrbuf, buflen, "Error % occurred.", eno); + if (err != 0) { + int code; + code = sprintf_s(strerrbuf, buflen, "Error % occurred.", eno); + err = ((code != 0)? errno : 0); + } - return strerrbuf; + return err; } -#else +#else /* _MSC_VER */ +#ifndef HAVE_STRERROR_R extern int sys_nerr; extern char *sys_errlist[]; +#endif -char* ROKEN_LIB_FUNCTION -strerror_r(int eno, char *strerrbuf, size_t buflen) +int ROKEN_LIB_FUNCTION +rk_strerror_r(int eno, char *strerrbuf, size_t buflen) { + /* Assume is the linux broken strerror_r (returns the a buffer (char *) if the input buffer wasn't use */ +#ifdef HAVE_STRERROR_R + const char *str; + str = strerror_r(eno, strerrbuf, buflen); + if (str != strerrbuf) + if (strlcpy(strerrbuf, str, buflen) >= buflen) + return ERANGE; + return 0; +#else int ret; if(eno < 0 || eno >= sys_nerr) { snprintf(strerrbuf, buflen, "Error %d occurred.", eno); @@ -68,6 +84,9 @@ strerror_r(int eno, char *strerrbuf, size_t buflen) if (ret > buflen) return ERANGE; return 0; +#endif } +#endif /* !_MSC_VER */ + #endif diff --git a/lib/sqlite/Makefile.am b/lib/sqlite/Makefile.am index f30829a07..23d030652 100644 --- a/lib/sqlite/Makefile.am +++ b/lib/sqlite/Makefile.am @@ -7,3 +7,5 @@ lib_LTLIBRARIES = libheimsqlite.la noinst_HEADERS = sqlite3.h sqlite3ext.h libheimsqlite_la_SOURCES = sqlite3.c + +libheimsqlite_la_LIBADD = $(PTHREADS_LIBADD) diff --git a/lib/sqlite/sqlite3.c b/lib/sqlite/sqlite3.c index 5319e3be8..37964b71f 100644 --- a/lib/sqlite/sqlite3.c +++ b/lib/sqlite/sqlite3.c @@ -366,12 +366,14 @@ SQLITE_PRIVATE void sqlite3Coverage(int); ** Older versions of SQLite used an optional THREADSAFE macro. ** We support that for legacy */ -#if !defined(SQLITE_THREADSAFE) -#if defined(THREADSAFE) -# define SQLITE_THREADSAFE THREADSAFE +#ifdef ENABLE_PTHREAD_SUPPORT +#define SQLITE_THREADSAFE 1 #else -# define SQLITE_THREADSAFE 1 +#define SQLITE_THREADSAFE 0 #endif + +#if !defined(SQLITE_THREADSAFE) +# define SQLITE_THREADSAFE 1 #endif /* diff --git a/lib/vers/print_version.c b/lib/vers/print_version.c index 9d102c7dc..e89f9a124 100644 --- a/lib/vers/print_version.c +++ b/lib/vers/print_version.c @@ -34,6 +34,8 @@ #include +#define VERSION_HIDDEN static + #include "roken.h" #include "version.h" diff --git a/tests/bin/setup-env.in b/tests/bin/setup-env.in index 17b793c72..a84848285 100644 --- a/tests/bin/setup-env.in +++ b/tests/bin/setup-env.in @@ -1,5 +1,8 @@ #!/bin/sh +unset KRB5_CONFIG +unset KRB5CCNAME + top_builddir="@top_builddir@" top_srcdir="@top_srcdir@" EGREP="@EGREP@" diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index f19ad272a..06f7774f9 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -123,115 +123,116 @@ fi trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT -exitcode=0 +testfailed="echo test failed; cat messages.log; exit 1" -echo "Getting client initial tickets" -${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || exitcode=1 +echo "Getting client initial tickets" ; > messages.log +${kinit} --password-file=${objdir}/foopassword --forwardable user1@${R} || \ + { eval "$testfailed"; } -echo "======test unreadable/non existant keytab and its error message" +echo "======test unreadable/non existant keytab and its error message" ; > messages.log ${context} --mech-type=krb5 host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } mv ${keytabfile} ${keytabfile}.no -echo "checking non existant keytabfile (krb5)" +echo "checking non existant keytabfile (krb5)" ; > messages.log ${context} --mech-type=krb5 host@lucid.test.h5l.se > test_context.log 2>&1 && \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } grep ${keytabfile} test_context.log > /dev/null || \ - { exitcode=1 ; echo "string missing failed"; } -echo "checking non existant keytabfile (spengo)" + { echo "string missing failed"; cat test_context.log ; eval "$testfailed"; } +echo "checking non existant keytabfile (spengo)" ; > messages.log ${context} --mech-type=spnego host@lucid.test.h5l.se > test_context.log 2>&1 && \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } grep ${keytabfile} test_context.log > /dev/null || \ - { exitcode=1 ; echo "string missing failed"; } + { echo "string missing failed"; cat test_context.log ; eval "$testfailed"; } mv ${keytabfile}.no ${keytabfile} echo "======test naming combinations" -echo "plain" +echo "plain" ; > messages.log ${context} --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } -echo "plain (krb5)" + { eval "$testfailed"; } +echo "plain (krb5)" ; > messages.log ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \ - { exitcode=1 ; echo "test failed"; } -echo "plain (krb5 realmless)" + { eval "$testfailed"; } +echo "plain (krb5 realmless)" ; > messages.log ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon on (long name) OFF, need dns_wrapper" + { eval "$testfailed"; } +echo "dns canon on (long name) OFF, need dns_wrapper" ; > messages.log #${context} --dns-canon host@lucid.test.h5l.se || \ -# { exitcode=1 ; echo "test failed"; } -echo "dns canon off (long name)" +# { eval "$testfailed"; } +echo "dns canon off (long name)" ; > messages.log ${context} --no-dns-canon host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon off (short name)" + { eval "$testfailed"; } +echo "dns canon off (short name)" ; > messages.log ${context} --no-dns-canon host@lucid || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon off (short name, krb5)" + { eval "$testfailed"; } +echo "dns canon off (short name, krb5)" ; > messages.log ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid@${R} || \ - { exitcode=1 ; echo "test failed"; } -echo "dns canon off (short name, krb5)" + { eval "$testfailed"; } +echo "dns canon off (short name, krb5)" ; > messages.log ${context} --no-dns-canon --name-type=krb5-principal-name host/lucid || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "======test context building" for mech in krb5 krb5iov spnego spnegoiov; do - if [ "$mech" == "krb5iov" ] ; then + if [ "$mech" = "krb5iov" ] ; then mech="krb5" iov="--iov" fi - if [ "$mech" == "spnegoiov" ] ; then + if [ "$mech" = "spnegoiov" ] ; then mech="spnego" iov="--iov" fi - echo "${mech} no-mutual ${iov}" + echo "${mech} no-mutual ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech} mutual ${iov}" + echo "${mech} mutual ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --mutual \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech} delegate ${iov}" + echo "${mech} delegate ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --delegate \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech} mutual delegate ${iov}" + echo "${mech} mutual delegate ${iov}" ; > messages.log ${context} --mech-type=${mech} \ --mutual --delegate \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } done echo "======dce-style" for mech in krb5 krb5iov spnego; do iov="" - if [ "$mech" == "krb5iov" ] ; then + if [ "$mech" = "krb5iov" ] ; then mech="krb5" iov="--iov" fi - if [ "$mech" == "spnegoiov" ] ; then + if [ "$mech" = "spnegoiov" ] ; then mech="spnego" iov="--iov" fi - echo "${mech}: dce-style ${iov}" + echo "${mech}: dce-style ${iov}" ; > messages.log ${context} \ --mech-type=${mech} \ --mutual \ --dce-style \ --wrapunwrap ${iov} \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } done @@ -239,15 +240,15 @@ echo "test gsskrb5_register_acceptor_identity (both positive and negative)" cp ${keytabfile} ${keytabfile}.new for mech in krb5 spnego; do - echo "${mech}: acceptor_identity positive" + echo "${mech}: acceptor_identity positive" ; > messages.log ${context} --gsskrb5-acceptor-identity=${keytabfile}.new \ --mech-type=$mech host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } - echo "${mech}: acceptor_identity negative" + echo "${mech}: acceptor_identity negative" ; > messages.log ${context} --gsskrb5-acceptor-identity=${keytabfile}.foo \ --mech-type=$mech host@lucid.test.h5l.se 2>/dev/null && \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } done rm ${keytabfile}.new @@ -257,171 +258,187 @@ rm ${keytabfile}.new #${context} --mech-type=sasl-digest-md5 \ # --name-type=hostbased-service \ # host@lucid.test.h5l.se || \ -# { exitcode=1 ; echo "test failed"; } +# { eval "$testfailed"; } echo "====== gss-api session key check" # this will break when oneone invents a cooler enctype then aes256-cts-hmac-sha1-96 coolenctype="aes256-cts-hmac-sha1-96" +limit_enctype="des3-cbc-sha1" -echo "Getting client initial tickets" +echo "Getting client initial tickets" ; > messages.log ${kinit} --password-file=${objdir}/foopassword user1@${R} || \ - { echo "kinit failed"; exitcode=1; } + { eval "$testfailed"; } -echo "Building context on cred w/o aes, but still ${coolenctype} session key" + +echo "Building context on cred w/o aes, but still ${coolenctype} session key" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --session-enctype=${coolenctype} \ --name-type=hostbased-service host@no-aes.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } + +echo "Building context on cred, check if its limited still" ; > messages.log +${context} \ + --mech-type=krb5 \ + --client-name=user1@${R} \ + --limit-enctype="${limit_enctype}" \ + --mutual-auth \ + --name-type=hostbased-service host@no-aes.test.h5l.se || \ + { eval "$testfailed"; } + echo "====== ok-as-delegate" -echo "Getting client initial tickets" +echo "Getting client initial tickets" ; > messages.log ${kinit} --forwardable \ - --password-file=${objdir}/foopassword user1@${R} || exitcode=1 + --password-file=${objdir}/foopassword user1@${R} || \ + { eval "$testfailed"; } -echo "ok-as-delegate not used" +echo "ok-as-delegate not used" ; > messages.log ${context} \ --mech-type=krb5 \ --delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "host without ok-as-delegate with policy-delegate" +echo "host without ok-as-delegate with policy-delegate" ; > messages.log ${context} \ --mech-type=krb5 \ --policy-delegate \ --server-no-delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "ok-as-delegate used by policy" +echo "ok-as-delegate used by policy" ; > messages.log ${context} \ --mech-type=krb5 \ --policy-delegate \ --name-type=hostbased-service host@ok-delegate.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial tickets with --ok-as-delgate" +echo "Getting client initial tickets with --ok-as-delgate" ; > messages.log ${kinit} --ok-as-delegate --forwardable \ - --password-file=${objdir}/foopassword user1@${R} || exitcode=1 + --password-file=${objdir}/foopassword user1@${R} || \ + { eval "$testfailed"; } -echo "policy delegate to non delegate host" +echo "policy delegate to non delegate host" ; > messages.log ${context} \ --mech-type=krb5 \ --policy-delegate \ --server-no-delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "ok-as-delegate" +echo "ok-as-delegate" ; > messages.log ${context} \ --mech-type=krb5 \ --delegate \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "======export/import cred" -echo "export-import cred (krb5)" +echo "export-import cred (krb5)" ; > messages.log ${context} \ --mech-type=krb5 \ --delegate \ --export-import-cred \ --name-type=hostbased-service host@ok-delegate.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "export-import cred (spnego)" +echo "export-import cred (spnego)" ; > messages.log ${context} \ --mech-type=spnego \ --delegate \ --export-import-cred \ --name-type=hostbased-service host@ok-delegate.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } echo "======time diffs between client and server" -echo "Getting client initial ticket" -${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 +echo "Getting client initial ticket" ; > messages.log +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { eval "$testfailed"; } -echo "No time offset" +echo "No time offset" ; > messages.log ${context} \ --mech-type=krb5 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial ticket" -${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 +echo "Getting client initial ticket" ; > messages.log +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { eval "$testfailed"; } -echo "Server time offset" +echo "Server time offset" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --server-time-offset=3600 \ --max-loops=3 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Server time offset (cached ?)" +echo "Server time offset (cached ?)" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --server-time-offset=3600 \ --max-loops=2 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial ticket" -${kinit} --password-file=${objdir}/foopassword user1@${R} || exitcode=1 +echo "Getting client initial ticket" ; > messages.log +${kinit} --password-file=${objdir}/foopassword user1@${R} || \ + { eval "$testfailed"; } # Pre-poplute the cache since tgs-req will fail since our time is wrong -${kgetcred} host/lucid.test.h5l.se@${R} || exitcode=1 +${kgetcred} host/lucid.test.h5l.se@${R} || \ + { eval "$testfailed"; } -echo "Client time offset" +echo "Client time offset" ; > messages.log ${context} \ --mech-type=krb5 \ --mutual-auth \ --client-time-offset=3600 \ --name-type=hostbased-service host@lucid.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } -echo "Getting client initial tickets (use-referrals)" +echo "Getting client initial tickets (use-referrals)" ; > messages.log ${kinit} \ --password-file=${objdir}/foopassword \ - --use-referrals user1@${R} || exitcode=1 + --use-referrals user1@${R} || \ + { eval "$testfailed"; } # XXX these tests really need to use somethat that resolve to something ${context} \ --mech-type=krb5 \ host@short || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } ${context} \ --mech-type=krb5 \ --name-type=krb5-principal-name host/short || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } ${context} \ --mech-type=krb5 \ host@long.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } ${context} \ --mech-type=krb5 \ --name-type=krb5-principal-name \ host/long.test.h5l.se || \ - { exitcode=1 ; echo "test failed"; } + { eval "$testfailed"; } trap "" EXIT echo "killing kdc (${kdcpid})" kill ${kdcpid} 2> /dev/null -[ "$exitcode" = 0 ] && echo "all ok" - -exit $exitcode - +exit 0 diff --git a/tests/kdc/check-cc.in b/tests/kdc/check-cc.in index 05cc45a8e..0a3770387 100644 --- a/tests/kdc/check-cc.in +++ b/tests/kdc/check-cc.in @@ -36,6 +36,11 @@ objdir="@objdir@" . ${env_setup} +KRB5_CONFIG="${objdir}/krb5-cc.conf" +export KRB5_CONFIG + +unset KRB5CCNAME + testfailed="echo test failed; exit 1" # If there is no useful db support compile in, disable test @@ -56,9 +61,6 @@ cache="FILE:${objdir}/cache.krb5" keytabfile=${objdir}/server.keytab keytab="FILE:${keytabfile}" -KRB5_CONFIG="${objdir}/krb5-cc.conf" -export KRB5_CONFIG - rm -f ${keytabfile} rm -f current-db* rm -f out-* diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in index 0bb2d8ab1..0e1f9d740 100644 --- a/tests/kdc/check-kdc.in +++ b/tests/kdc/check-kdc.in @@ -35,13 +35,13 @@ top_builddir="@top_builddir@" env_setup="@env_setup@" objdir="@objdir@" +. ${env_setup} + KRB5_CONFIG="${1-${objdir}/krb5.conf}" export KRB5_CONFIG testfailed="echo test failed; cat messages.log; exit 1" -. ${env_setup} - # If there is no useful db support compile in, disable test ${have_db} || exit 77 diff --git a/tools/Makefile.am b/tools/Makefile.am index 07ea5bcc7..bdfa08ca3 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -20,6 +20,7 @@ subst = sed -e "s!@PACKAGE\@!$(PACKAGE)!g" \ -e "s!@exec_prefix\@!$(exec_prefix)!g" \ -e "s!@libdir\@!$(libdir)!g" \ -e "s!@includedir\@!$(includedir)!g" \ + -e "s!@PTHREAD_LIBADD\@!$(PTHREAD_LIBADD)!g" \ -e "s!@LIB_crypt\@!$(LIB_crypt)!g" \ -e "s!@LIB_dbopen\@!$(LIB_dbopen)!g" \ -e "s!@INCLUDE_hcrypto\@!$(INCLUDE_hcrypto)!g" \ diff --git a/tools/krb5-config.in b/tools/krb5-config.in index c52fa2500..8bbbf80b5 100644 --- a/tools/krb5-config.in +++ b/tools/krb5-config.in @@ -137,7 +137,7 @@ if test "$do_libs" = "yes"; then esac lib_flags="$lib_flags -lkrb5 @LIB_pkinit@ -lcom_err" lib_flags="$lib_flags @LIB_hcrypto_appl@ -lasn1 -lwind -lroken" - lib_flags="$lib_flags @LIB_crypt@ @LIB_dlopen@" + lib_flags="$lib_flags @LIB_crypt@ @PTHREAD_LIBADD@ @LIB_dlopen@" lib_flags="$lib_flags @LIB_door_create@ @LIBS@" echo $lib_flags fi