svn rev #21544: trunk/src/ config/ include/ kadmin/dbutil/ lib/ lib/crypto/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Dec 18 13:31:20 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21544
Commit By: ghudson
Log Message:
ticket: 6303
Remove krb524, lib/des425, lib/krb4, and include/kerberosIV.
Remove krb4 build system references and conditionals.
Move des425 header stuff referenced by des_int.h into des_int.h.
Remove krb4 test cases.
Changed Files:
U trunk/src/Makefile.in
U trunk/src/aclocal.m4
U trunk/src/config/pre.in
U trunk/src/configure.in
U trunk/src/include/Makefile.in
D trunk/src/include/kerberosIV/
U trunk/src/kadmin/dbutil/Makefile.in
U trunk/src/krb5-config.M
U trunk/src/krb5-config.in
D trunk/src/krb524/
U trunk/src/lib/Makefile.in
U trunk/src/lib/crypto/Makefile.in
U trunk/src/lib/crypto/des/Makefile.in
U trunk/src/lib/crypto/des/des_int.h
U trunk/src/lib/crypto/enc_provider/Makefile.in
U trunk/src/lib/crypto/keyhash_provider/Makefile.in
U trunk/src/lib/crypto/old/Makefile.in
D trunk/src/lib/des425/
D trunk/src/lib/krb4/
U trunk/src/lib/krb5/krb/t_kerb.c
U trunk/src/tests/dejagnu/Makefile.in
U trunk/src/tests/dejagnu/config/default.exp
U trunk/src/tests/dejagnu/krb-root/telnet.exp
U trunk/src/tests/dejagnu/krb-standalone/standalone.exp
D trunk/src/tests/dejagnu/krb-standalone/v4gssftp.exp
D trunk/src/tests/dejagnu/krb-standalone/v4krb524d.exp
D trunk/src/tests/dejagnu/krb-standalone/v4standalone.exp
U trunk/src/util/depfix.pl
U trunk/src/util/ss/Makefile.in
Modified: trunk/src/Makefile.in
===================================================================
--- trunk/src/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -9,7 +9,7 @@
# plugins/preauth/wpse
# plugins/preauth/cksum_body
# plugins/authdata/greet
-SUBDIRS=util include lib @krb524@ kdc kadmin @ldap_plugin_dir@ slave clients \
+SUBDIRS=util include lib kdc kadmin @ldap_plugin_dir@ slave clients \
plugins/kdb/db2 \
plugins/preauth/pkinit \
appl tests \
@@ -195,7 +195,6 @@
clients\kpasswd\Makefile clients\kvno\Makefile \
clients\kcpytkt\Makefile clients\kdeltkt\Makefile \
include\Makefile \
- krb524\Makefile \
lib\Makefile lib\crypto\Makefile \
lib\crypto\crc32\Makefile lib\crypto\des\Makefile \
lib\crypto\dk\Makefile lib\crypto\enc_provider\Makefile \
@@ -205,11 +204,10 @@
lib\crypto\sha1\Makefile lib\crypto\arcfour\Makefile \
lib\crypto\md4\Makefile lib\crypto\md5\Makefile \
lib\crypto\yarrow\Makefile lib\crypto\aes\Makefile \
- lib\des425\Makefile \
lib\gssapi\Makefile lib\gssapi\generic\Makefile \
lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \
lib\gssapi\spnego\Makefile \
- lib\krb4\Makefile lib\krb5\Makefile \
+ lib\krb5\Makefile \
lib\krb5\asn.1\Makefile lib\krb5\ccache\Makefile \
lib\krb5\ccache\ccapi\Makefile \
lib\krb5\error_tables\Makefile \
@@ -260,8 +258,6 @@
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##include\Makefile: include\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##krb524\Makefile: krb524\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\Makefile: lib\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\Makefile: lib\crypto\Makefile.in $(MKFDEP)
@@ -294,8 +290,6 @@
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\crypto\raw\Makefile: lib\crypto\raw\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\des425\Makefile: lib\des425\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\Makefile: lib\gssapi\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\generic\Makefile: lib\gssapi\generic\Makefile.in $(MKFDEP)
@@ -306,8 +300,6 @@
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
-##DOS##lib\krb4\Makefile: lib\krb4\Makefile.in $(MKFDEP)
-##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP)
##DOS## $(WCONFIG) config < $@.in > $@
##DOS##lib\krb5\asn.1\Makefile: lib\krb5\asn.1\Makefile.in $(MKFDEP)
@@ -395,14 +387,14 @@
clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \
clients/kpasswd/* clients/kcpytkt/* clients/kdeltkt/* \
config/* include/* include/kerberosIV/* \
- include/krb5/* include/krb5/stock/* include/sys/* krb524/* lib/* \
+ include/krb5/* include/krb5/stock/* include/sys/* lib/* \
lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \
lib/crypto/enc_provider/* lib/crypto/hash_provider/* \
lib/crypto/keyhash_provider/* lib/crypto/old/* lib/crypto/raw/* \
lib/crypto/sha1/* lib/crypto/arcfour/* lib/crypto/md4/* \
lib/crypto/md5/* lib/crypto/yarrow/* \
- lib/des425/* lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
- lib/gssapi/mechglue/* lib/gssapi/spnego/* lib/krb4/* \
+ lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \
+ lib/gssapi/mechglue/* lib/gssapi/spnego/* \
lib/krb5/* lib/krb5/asn.1/* lib/krb5/krb/* \
lib/krb5/ccache/* lib/krb5/ccache/ccapi/* \
lib/krb5/error_tables/* \
@@ -442,12 +434,9 @@
$(INC)krb5_err.h $(ET)krb5_err.c \
$(INC)kv5m_err.h $(ET)kv5m_err.c \
$(INC)krb524_err.h $(ET)krb524_err.c \
- $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \
- $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \
$(PR)prof_err.h $(PR)prof_err.c \
$(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \
- $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \
- lib/krb4/krb_err_txt.c
+ $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c
HOUT = $(INC)krb5\krb5.h $(GG)gssapi.h $(PR)profile.h
@@ -502,10 +491,6 @@
$(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et
$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et
$(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et
-$(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et
- $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et
-$(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et
- $(AWK) -f $(AH) outfile=$@ lib/krb4/krb_err.et
$(PR)prof_err.h: $(AH) $(PR)prof_err.et
$(AWK) -f $(AH) outfile=$@ $(PR)prof_err.et
$(GG)gssapi_err_generic.h: $(AH) $(GG)gssapi_err_generic.et
@@ -527,10 +512,6 @@
$(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et
$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et
$(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et
-lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et
- $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et
-lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et
- $(AWK) -f $(AC) outfile=$@ lib/krb4/krb_err.et
$(PR)prof_err.c: $(AC) $(PR)prof_err.et
$(AWK) -f $(AC) outfile=$@ $(PR)prof_err.et
$(GG)gssapi_err_generic.c: $(AC) $(GG)gssapi_err_generic.et
@@ -542,10 +523,6 @@
$(CE)test2.c: $(AC) $(CE)test2.et
$(AWK) -f $(AC) outfile=$@ $(CE)test2.et
-lib/krb4/krb_err_txt.c: lib/krb4/krb_err.et
- $(AWK) -f lib/krb4/et_errtxt.awk outfile=$@ \
- lib/krb4/krb_err.et
-
KRBHDEP = $(INC)krb5\krb5.hin $(INC)krb5_err.h $(INC)kdb5_err.h \
$(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h
@@ -616,8 +593,6 @@
$(CP) clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\."
$(CP) clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\."
$(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\."
- @if exist "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" del "$(KRB_INSTALL_DIR)\bin\krb4_32.dll"
- @if exist "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" del "$(KRB_INSTALL_DIR)\lib\krb4_32.lib"
install-unix::
$(INSTALL_SCRIPT) krb5-config \
Modified: trunk/src/aclocal.m4
===================================================================
--- trunk/src/aclocal.m4 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/aclocal.m4 2008-12-18 18:31:16 UTC (rev 21544)
@@ -74,7 +74,6 @@
if test -z "$LD" ; then LD=$CC; fi
AC_ARG_VAR(LD,[linker command [CC]])
AC_SUBST(LDFLAGS) dnl
-WITH_KRB4 dnl
KRB5_AC_CHOOSE_ET dnl
KRB5_AC_CHOOSE_SS dnl
KRB5_AC_CHOOSE_DB dnl
@@ -502,61 +501,6 @@
AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl
done
])
-dnl
-dnl set $(KRB4) from --with-krb4=value -- WITH_KRB4
-dnl
-AC_DEFUN(WITH_KRB4,[
-AC_ARG_WITH([krb4],
-[ --without-krb4 omit Kerberos V4 backwards compatibility (default)
- --with-krb4 use V4 libraries included with V5
- --with-krb4=KRB4DIR use preinstalled V4 libraries],
-,
-withval=no
-)dnl
-if test $withval = no; then
- AC_MSG_NOTICE(no krb4 support)
- KRB4_LIB=
- KRB4_DEPLIB=
- KRB4_INCLUDES=
- KRB4_LIBPATH=
- KRB_ERR_H_DEP=
- krb5_cv_build_krb4_libs=no
- krb5_cv_krb4_libdir=
-else
- AC_DEFINE([KRB5_KRB4_COMPAT], 1, [Define this if building with krb4 compat])
- if test $withval = yes; then
- AC_MSG_NOTICE(enabling built in krb4 support)
- KRB4_DEPLIB='$(TOPLIBD)/libkrb4$(DEPLIBEXT)'
- KRB4_LIB=-lkrb4
- KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV'
- KRB4_LIBPATH=
- KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h'
- krb5_cv_build_krb4_libs=yes
- krb5_cv_krb4_libdir=
- else
- AC_MSG_NOTICE(using preinstalled krb4 in $withval)
- KRB4_LIB="-lkrb"
-dnl DEPKRB4_LIB="$withval/lib/libkrb.a"
- KRB4_INCLUDES="-I$withval/include"
- KRB4_LIBPATH="-L$withval/lib"
- KRB_ERR_H_DEP=
- krb5_cv_build_krb4_libs=no
- krb5_cv_krb4_libdir="$withval/lib"
- fi
-fi
-AC_SUBST(KRB4_INCLUDES)
-AC_SUBST(KRB4_LIBPATH)
-AC_SUBST(KRB4_LIB)
-AC_SUBST(KRB4_DEPLIB)
-AC_SUBST(KRB_ERR_H_DEP)
-dnl We always compile the des425 library
-DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)'
-DES425_LIB=-ldes425
-AC_SUBST(DES425_DEPLIB)
-AC_SUBST(DES425_LIB)
-])dnl
-dnl
-dnl
AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[
AC_BEFORE([$0],[AC_PROG_CC])
AC_BEFORE([$0],[AC_PROG_CXX])
Modified: trunk/src/config/pre.in
===================================================================
--- trunk/src/config/pre.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/config/pre.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -327,8 +327,6 @@
KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT)
GSSRPC_DEPLIB = $(TOPLIBD)/libgssrpc$(DEPLIBEXT)
GSS_DEPLIB = $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT)
-KRB4_DEPLIB = @KRB4_DEPLIB@ # $(TOPLIBD)/libkrb4$(DEPLIBEXT)
-DES425_DEPLIB = @DES425_DEPLIB@ # $(TOPLIBD)/libdes425$(DEPLIBEXT)
KRB5_DEPLIB = $(TOPLIBD)/libkrb5$(DEPLIBEXT)
CRYPTO_DEPLIB = $(TOPLIBD)/libk5crypto$(DEPLIBEXT)
COM_ERR_DEPLIB = $(COM_ERR_DEPLIB- at COM_ERR_VERSION@)
@@ -346,7 +344,6 @@
APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a
KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
-KRB4COMPAT_DEPLIBS = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS)
KDB5_DEPLIBS = $(KDB5_DEPLIB)
GSS_DEPLIBS = $(GSS_DEPLIB)
GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
@@ -367,11 +364,6 @@
SS_DEPS-sys =
SS_DEPS-k5 = $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h
-# Header file dependencies that might depend on whether krb4 support
-# is compiled.
-
-KRB_ERR_H_DEP = @KRB_ERR_H_DEP@
-
# LIBS gets substituted in... e.g. -lnsl -lsocket
# GEN_LIB is -lgen if needed for regexp
@@ -390,19 +382,10 @@
GSS_KRB5_LIB = -lgssapi_krb5
SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
-# KRB4_LIB is -lkrb4 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-KRB4_LIB = @KRB4_LIB@
-
-# DES425_LIB is -ldes425 if building --with-krb4
-# needs fixing if ever used on Mac OS X!
-DES425_LIB = @DES425_LIB@
-
# HESIOD_LIBS is -lhesiod...
HESIOD_LIBS = @HESIOD_LIBS@
KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
-KRB4COMPAT_LIBS = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS)
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X!
@@ -423,11 +406,6 @@
APPUTILS_LIB = -lapputils
#
-# some more stuff for --with-krb4
-KRB4_LIBPATH = @KRB4_LIBPATH@
-KRB4_INCLUDES = @KRB4_INCLUDES@
-
-#
# variables for --with-tcl=
TCL_LIBS = @TCL_LIBS@
TCL_LIBPATH = @TCL_LIBPATH@
Modified: trunk/src/configure.in
===================================================================
--- trunk/src/configure.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/configure.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -55,20 +55,6 @@
AC_ARG_ENABLE([athena],
[ --enable-athena build with MIT Project Athena configuration],,)
dnl
-if test -z "$KRB4_LIB"; then
-kadminv4=""
-krb524=""
-libkrb4=""
-KRB4=""
-else
-kadminv4=kadmin.v4
-krb524=krb524
-libkrb4=lib/krb4
-KRB4=krb4
-fi
-AC_SUBST(KRB4)
-AC_SUBST(krb524)
-dnl
dnl Begin autoconf tests for the Makefiles generated out of the top-level
dnl configure.in...
dnl
@@ -168,7 +154,6 @@
AC_SUBST(FAKEKA)
KRB5_RUN_FLAGS
dnl
-dnl for krb524
AC_TYPE_SIGNAL
dnl
dnl from old include/configure.in
@@ -586,15 +571,6 @@
[ --enable-athena build with MIT Project Athena configuration],
AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
-if test "$KRB4_LIB" = ''; then
- AC_MSG_NOTICE(No Kerberos 4 compatibility)
- maybe_kerberosIV=
-else
- AC_MSG_NOTICE(Kerberos 4 compatibility enabled)
- maybe_kerberosIV=kerberosIV
- AC_DEFINE(KRB5_KRB4_COMPAT,1,[Define if Kerberos V4 backwards compatibility should be supported])
-fi
-AC_SUBST(maybe_kerberosIV)
dnl
AC_C_INLINE
AH_TOP([
@@ -700,11 +676,6 @@
fi
AC_SUBST(DO_TEST)
dnl
-DO_V4_TEST=
-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then
- DO_V4_TEST=ok
-fi
-AC_SUBST(DO_V4_TEST)
dnl The following are substituted into kadmin/testing/scripts/env-setup.sh
RBUILD=`pwd`
AC_SUBST(RBUILD)
@@ -726,25 +697,6 @@
AC_CHECK_PROG(RUNTEST,runtest,runtest)
AC_CHECK_PROG(PERL,perl,perl)
dnl
-dnl
-dnl for lib/krb4
-case $krb5_cv_host in
- *-apple-darwin*)
- KRB_ERR_TXT=
- KRB_ERR=
- KRB_ERR_C=krb_err.c
- ;;
- *)
- KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)'
- KRB_ERR_TXT=krb_err_txt.c
- KRB_ERR_C=
- ;;
-esac
-AC_SUBST([KRB_ERR_TXT])
-AC_SUBST([KRB_ERR])
-AC_SUBST([KRB_ERR_C])
-dnl
-dnl
dnl lib/gssapi
AC_CHECK_HEADER(stdint.h,[
include_stdint='awk '\''END{printf("%cinclude <stdint.h>\n", 35);}'\'' < /dev/null'],
@@ -970,13 +922,6 @@
HAVE_RUNTEST=no
fi
AC_SUBST(HAVE_RUNTEST)
-if test "$KRB4_LIB" = ''; then
- KRB4_DEJAGNU_TEST="KRBIV=0"
-else
- AC_MSG_RESULT(Kerberos 4 testing enabled)
- KRB4_DEJAGNU_TEST="KRBIV=1"
-fi
-AC_SUBST(KRB4_DEJAGNU_TEST)
dnl for plugins/kdb/db2
dnl
@@ -1052,9 +997,6 @@
if test "$SS_VERSION" = k5 ; then
K5_GEN_MAKEFILE(util/ss)
fi
-if test -n "$KRB4_LIB"; then
- K5_GEN_MAKEFILE(lib/krb4)
-fi
dnl
dnl
ldap_plugin_dir=""
@@ -1109,7 +1051,7 @@
util util/support util/profile util/send-pr
- lib lib/des425 lib/kdb
+ lib lib/kdb
lib/crypto lib/crypto/crc32 lib/crypto/des lib/crypto/dk
lib/crypto/enc_provider lib/crypto/hash_provider
@@ -1129,8 +1071,7 @@
lib/apputils
- kdc slave krb524 config-files gen-manpages include
- include/kerberosIV
+ kdc slave config-files gen-manpages include
plugins/locate/python
plugins/kdb/db2
Modified: trunk/src/include/Makefile.in
===================================================================
--- trunk/src/include/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/include/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -1,7 +1,6 @@
thisconfigdir=..
myfulldir=include
mydir=include
-SUBDIRS=@maybe_kerberosIV@
BUILDTOP=$(REL)..
KRB5RCTMPDIR= @KRB5_RCTMPDIR@
##DOSBUILDTOP = ..
Modified: trunk/src/kadmin/dbutil/Makefile.in
===================================================================
--- trunk/src/kadmin/dbutil/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/kadmin/dbutil/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -2,10 +2,9 @@
myfulldir=kadmin/dbutil
mydir=kadmin/dbutil
BUILDTOP=$(REL)..$(S)..
-DEFINES = -DKDB4_DISABLE
DEFS=
-LOCALINCLUDES = -I. @KRB4_INCLUDES@
-PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
+LOCALINCLUDES = -I.
+PROG_LIBPATH=-L$(TOPLIBD) $(KRB5_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
@@ -17,8 +16,8 @@
all:: $(PROG)
-$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
import_err.c import_err.h: $(srcdir)/import_err.et
Modified: trunk/src/krb5-config.M
===================================================================
--- trunk/src/krb5-config.M 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/krb5-config.M 2008-12-18 18:31:16 UTC (rev 21544)
@@ -64,7 +64,6 @@
.in +.5i
krb5 Kerberos 5 application
gssapi GSSAPI application with Kerberos 5 bindings
-krb4 Kerberos 4 application
kadm-client Kadmin client
kadm-server Kadmin server
kdb Application that accesses the kerberos database
Modified: trunk/src/krb5-config.in
===================================================================
--- trunk/src/krb5-config.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/krb5-config.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -32,8 +32,6 @@
includedir=@includedir@
libdir=@libdir@
CC_LINK='@CC_LINK@'
-KRB4_LIB=@KRB4_LIB@
-DES425_LIB=@DES425_LIB@
KDB5_DB_LIB=@KDB5_DB_LIB@
LDFLAGS='@LDFLAGS@'
RPATH_FLAG='@RPATH_FLAG@'
@@ -87,9 +85,6 @@
gssapi)
library=gssapi
;;
- krb4)
- library=krb4
- ;;
kadm-client)
library=kadm_client
;;
@@ -126,7 +121,6 @@
echo "Libraries:"
echo " krb5 Kerberos 5 application"
echo " gssapi GSSAPI application with Kerberos 5 bindings"
- echo " krb4 Kerberos 4 application"
echo " kadm-client Kadmin client"
echo " kadm-server Kadmin server"
echo " kdb Application that accesses the kerberos database"
@@ -219,11 +213,6 @@
library=krb5
fi
- if test $library = 'krb4'; then
- lib_flags="$lib_flags $KRB4_LIB $DES425_LIB"
- library=krb5
- fi
-
if test $library = 'krb5'; then
lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
fi
Modified: trunk/src/lib/Makefile.in
===================================================================
--- trunk/src/lib/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -1,15 +1,14 @@
thisconfigdir=./..
myfulldir=lib
mydir=lib
-SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils
+SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils
BUILDTOP=$(REL)..
all-unix::
-CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libdes425.a \
- libkrb425.a libkadm.a libkrb4.a libcom_err.a libpty.a \
- libss.a libgssapi.a libapputils.a \
- libkrb5.so libcrypto.so libkrb4.so libdes425.so
+CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libkadm.a \
+ libcom_err.a libpty.a ibss.a libgssapi.a libapputils.a libkrb5.so \
+ libcrypto.so
clean-unix::
Modified: trunk/src/lib/crypto/Makefile.in
===================================================================
--- trunk/src/lib/crypto/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/crypto/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -501,7 +501,7 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- decrypt.c etypes.h
+ aead.h decrypt.c etypes.h
decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -522,7 +522,7 @@
$(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
$(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- encrypt.c etypes.h
+ aead.h encrypt.c etypes.h
encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -542,7 +542,8 @@
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h encrypt_length.c etypes.h
+ $(SRCTOP)/include/socket-utils.h aead.h encrypt_length.c \
+ etypes.h
enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: trunk/src/lib/crypto/des/Makefile.in
===================================================================
--- trunk/src/lib/crypto/des/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/crypto/des/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -108,32 +108,29 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- afsstring2key.c des_int.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h afsstring2key.c des_int.h
d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h d3_cbc.c des_int.h \
- f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ d3_cbc.c des_int.h f_tables.h
d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- d3_aead.c des_int.h f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../aead.h d3_aead.c des_int.h f_tables.h
d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -141,32 +138,29 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- d3_kysched.c des_int.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h d3_kysched.c des_int.h
f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h des_int.h f_cbc.c \
- f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ des_int.h f_cbc.c f_tables.h
f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h des_int.h f_cksum.c \
- f_tables.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ des_int.h f_cksum.c f_tables.h
f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -174,20 +168,19 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h f_parity.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h f_parity.c
f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h des_int.h f_sched.c
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ des_int.h f_sched.c
f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -195,10 +188,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h f_tables.c f_tables.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h f_tables.c \
+ f_tables.h
key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -206,10 +199,9 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h key_sched.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h key_sched.c
weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -217,10 +209,9 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h weak_key.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h weak_key.c
string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -228,7 +219,6 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- des_int.h string2key.c
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h des_int.h string2key.c
Modified: trunk/src/lib/crypto/des/des_int.h
===================================================================
--- trunk/src/lib/crypto/des/des_int.h 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/crypto/des/des_int.h 2008-12-18 18:31:16 UTC (rev 21544)
@@ -64,10 +64,57 @@
#ifndef KRB5_MIT_DES__
#define KRB5_MIT_DES__
-#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */
-#include "kerberosIV/des.h" /* for des_key_schedule, etc. */
-#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+#if TARGET_RT_MAC_CFM
+#error "Use KfM 4.0 SDK headers for CFM compilation."
+#endif
+#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
+#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
+#endif
+#endif /* defined(__MACH__) && defined(__APPLE__) */
+/* Macro to add deprecated attribute to DES types and functions */
+/* Currently only defined on Mac OS X 10.5 and later. */
+#ifndef KRB5INT_DES_DEPRECATED
+#define KRB5INT_DES_DEPRECATED
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8] /* crypto-block size */
+KRB5INT_DES_DEPRECATED;
+
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct {
+ * union { DES_INT32 pad; des_cblock _;} __;
+ * } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 were ever more than 4
+ * bytes. The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions. We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16]
+KRB5INT_DES_DEPRECATED;
+
typedef des_cblock mit_des_cblock;
typedef des_key_schedule mit_des_key_schedule;
Modified: trunk/src/lib/crypto/enc_provider/Makefile.in
===================================================================
--- trunk/src/lib/crypto/enc_provider/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/crypto/enc_provider/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -51,22 +51,20 @@
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
- des.c enc_provider.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../des/des_int.h des.c enc_provider.h
des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
- $(srcdir)/../des/des_int.h des3.c
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des3.c
aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
Modified: trunk/src/lib/crypto/keyhash_provider/Makefile.in
===================================================================
--- trunk/src/lib/crypto/keyhash_provider/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/crypto/keyhash_provider/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -65,11 +65,10 @@
$(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
$(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
- $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \
- $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
- $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
- $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
- descbc.c keyhash_provider.h
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(srcdir)/../des/des_int.h descbc.c keyhash_provider.h
k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -77,11 +76,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h $(srcdir)/../md4/rsa-md4.h \
- k5_md4des.c keyhash_provider.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ $(srcdir)/../md4/rsa-md4.h k5_md4des.c keyhash_provider.h
k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
@@ -89,11 +87,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h $(srcdir)/../md5/rsa-md5.h \
- k5_md5des.c keyhash_provider.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ $(srcdir)/../md5/rsa-md5.h k5_md5des.c keyhash_provider.h
hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: trunk/src/lib/crypto/old/Makefile.in
===================================================================
--- trunk/src/lib/crypto/old/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/crypto/old/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -45,10 +45,10 @@
$(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
$(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
- $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \
- $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
- $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
- $(srcdir)/../des/des_int.h des_stringtokey.c old.h
+ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
+ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
+ $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
+ des_stringtokey.c old.h
old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
Modified: trunk/src/lib/krb5/krb/t_kerb.c
===================================================================
--- trunk/src/lib/krb5/krb/t_kerb.c 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/lib/krb5/krb/t_kerb.c 2008-12-18 18:31:16 UTC (rev 21544)
@@ -5,9 +5,6 @@
#include "krb5.h"
#include "autoconf.h"
-#ifdef KRB5_KRB4_COMPAT
-#include "kerberosIV/krb.h"
-#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -68,11 +65,9 @@
{
krb5_principal princ = 0;
krb5_error_code retval;
-#ifndef KRB5_KRB4_COMPAT
#define ANAME_SZ 40
#define INST_SZ 40
#define REALM_SZ 40
-#endif
char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1];
aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
Modified: trunk/src/tests/dejagnu/Makefile.in
===================================================================
--- trunk/src/tests/dejagnu/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -7,7 +7,6 @@
KRB5_RUN_ENV= @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-KRB4_RUNTESTFLAGS=@KRB4_DEJAGNU_TEST@
SRCS=$(srcdir)/t_inetd.c
@@ -47,7 +46,6 @@
sed -e 's%=\.%='`pwd`'/.%g' > site.exp
echo "set KRB5_DB_MODULE_DIR {$(KRB5_DB_MODULE_DIR)}" >> site.exp
echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp
- echo set $(KRB4_RUNTESTFLAGS) | sed -e 's/=/ /' >> site.exp
# +++ Dependency line eater +++
#
Modified: trunk/src/tests/dejagnu/config/default.exp
===================================================================
--- trunk/src/tests/dejagnu/config/default.exp 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/config/default.exp 2008-12-18 18:31:16 UTC (rev 21544)
@@ -821,7 +821,6 @@
# kadmind +4
# kpasswd +5
# (nothing) +6
-# krb524 +7
# application servers (krlogind, telnetd, krshd, ftpd, etc) +8
# iprop +9 (if enabled)
# kpropd +10
@@ -1039,7 +1038,6 @@
}
puts $conffile " krb4_config = $tmppwd/krb.conf"
puts $conffile " krb4_realms = $tmppwd/krb.realms"
- puts $conffile " krb4_srvtab = $tmppwd/v4srvtab"
if { $mode == "tcp" } {
puts $conffile " udp_preference_limit = 1"
}
@@ -1058,7 +1056,6 @@
puts $conffile " admin_server = $hostname:[expr 4 + $portbase]"
puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]"
puts $conffile " default_domain = $domain"
- puts $conffile " krb524_server = $hostname:[expr 7 + $portbase]"
puts $conffile " database_module = foo_db2"
puts $conffile " \}"
puts $conffile ""
@@ -1131,10 +1128,6 @@
set env(KRB5CCNAME) $tmppwd/tkt
verbose "KRB5CCNAME=$env(KRB5CCNAME)"
- # Direct the Kerberos programs at a local ticket file.
- set env(KRBTKFILE) $tmppwd/tktv4
- verbose "KRBTKFILE=$env(KRBTKFILE)"
-
# Direct the Kerberos server at a cache file stored in the
# temporary directory.
set env(KRB5RCACHEDIR) $tmppwd
@@ -1762,7 +1755,7 @@
envstack_push
setup_kerberos_env kdc
- spawn $KRB5KDC -r $REALMNAME -n -4 full
+ spawn $KRB5KDC -r $REALMNAME -n full
envstack_pop
set kdc_pid [exp_pid]
set kdc_spawn_id $spawn_id
@@ -2439,171 +2432,6 @@
}
}
-# kinit
-# Use kinit to get a ticket. If the argument is non-zero, call pass
-# at relevant points. Returns 1 on success, 0 on failure.
-
-proc v4kinit { name pass standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
- global des3_krbtgt
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distiguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -4 $name@$REALMNAME
- expect {
- "Password for $name@$REALMNAME:" {
- verbose "v4kinit started"
- }
- timeout {
- fail "v4kinit"
- return 0
- }
- eof {
- fail "v4kinit"
- return 0
- }
- }
- send "$pass\r"
- expect eof
- if {$des3_krbtgt == 0} {
- if ![check_exit_status v4kinit] {
- return 0
- }
- } else {
- # Fail if kinit is successful with a des3 TGT.
- set status_list [wait -i $spawn_id]
- set testname v4kinit
- verbose "wait -i $spawn_id returned $status_list ($testname)"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
- verbose -log "exit status: $status_list"
- fail "$testname (exit status)"
- }
- }
- if {$standalone} {
- pass "v4kinit"
- }
-
- return 1
-}
-
-proc v4kinit_kt { name keytab standalone } {
- global REALMNAME
- global KINIT
- global spawn_id
-
- # Use kinit to get a ticket.
- #
- # For now always get forwardable tickets. Later when we need to make
- # tests that distiguish between forwardable tickets and otherwise
- # we should but another option to this proc. --proven
- #
- spawn $KINIT -4 -k -t $keytab $name@$REALMNAME
- expect {
- timeout {
- fail "v4kinit"
- return 0
- }
- eof { }
- }
- if ![check_exit_status kinit] {
- return 0
- }
-
- if {$standalone} {
- pass "v4kinit"
- }
-
- return 1
-}
-
-# List v4 tickets.
-# Client and server are regular expressions.
-proc v4klist { client server testname } {
- global KLIST
- global tmppwd
-
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$client.*$server\r\n" {
- verbose "klist started"
- }
- timeout {
- fail $testname
- return 0
- }
- eof {
- fail $testname
- return 0
- }
- }
-
- expect eof
-
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-# Destroy tickets.
-proc v4kdestroy { testname } {
- global KDESTROY
- spawn $KDESTROY -4
- if ![check_exit_status $testname] {
- return 0
- }
- pass $testname
- return 1
-}
-
-# Try to list the krb4 tickets -- there shouldn't be any ticket file.
-proc v4klist_none { testname } {
- global KLIST
- global tmppwd
-
- # Double check that the ticket was destroyed.
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*klist: You have no tickets cached.*\r\n" {
- verbose "v4klist started"
- pass "$testname (output)"
- }
- timeout {
- fail "$testname (output)"
- # Skip the 'wait' below, if it's taking too long.
- untested "$testname (exit status)"
- return 0
- }
- eof {
- fail "$testname (output)"
- }
- }
- # We can't use check_exit_status, because we expect an exit status
- # of 1.
- expect eof
- set status_list [wait -i $spawn_id]
- verbose "wait -i $spawn_id returned $status_list (v4klist)"
- if { [lindex $status_list 2] != 0 } {
- fail "$testname (exit status)"
- return 0
- } else {
- if { [lindex $status_list 3] != 1 } {
- fail "$testname (exit status)"
- return 0
- } else {
- pass "$testname (exit status)"
- }
- }
- return 1
-}
-
# Set up a root shell using rlogin $hostname -l root. This is used
# when testing the daemons that must be run as root, such as telnetd
# or rlogind. This sets the global variables rlogin_spawn_id and
Modified: trunk/src/tests/dejagnu/krb-root/telnet.exp
===================================================================
--- trunk/src/tests/dejagnu/krb-root/telnet.exp 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/krb-root/telnet.exp 2008-12-18 18:31:16 UTC (rev 21544)
@@ -47,7 +47,7 @@
# we don't need to use inetd. The portbase+8 is the port to listen at.
# Note that tmppwd here is a shell variable, which is set in
# setup_root_shell, not a TCL variable.
- send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r"
+ send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r"
expect {
-i $rlogin_spawn_id
-re "$ROOT_PROMPT" { }
Modified: trunk/src/tests/dejagnu/krb-standalone/standalone.exp
===================================================================
--- trunk/src/tests/dejagnu/krb-standalone/standalone.exp 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/krb-standalone/standalone.exp 2008-12-18 18:31:16 UTC (rev 21544)
@@ -175,47 +175,6 @@
kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno"
do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno"
do_kdestroy "kdestroy foo/bar vno $vno"
-
- if {[info exists KRBIV] && $KRBIV &&
- [regexp {des-cbc-[a-z0-9-]*:v4} [lindex $supported_enctypes 0]]} {
- catch "exec rm -f $tmppwd/foosrvtab"
- spawn $KTUTIL
- expect_after {
- timeout { fail "ktutil converting keytab to srvtab" ; set ok 0 }
- eof { fail "ktutil converting keytab to srvtab" ; set ok 0 }
- }
- expect "ktutil: "
- send "rkt $tmppwd/fookeytab\r"
- expect -ex "rkt $tmppwd/fookeytab\r"
- expect "ktutil: "
-# for debugging, just log this
-# send "list\r"
-# expect "ktutil: "
- #
- send "wst $tmppwd/foosrvtab\r"
- expect -ex "wst $tmppwd/foosrvtab\r"
- expect "ktutil: "
-# for debugging, just log this
-# send "clear\r"
-# expect "ktutil: "
-# send "rst $tmppwd/foosrvtab\r"
-# expect "ktutil: "
-# send "list\r"
-# expect "ktutil: "
- # okay, now quit and finish testing
- send "quit\r"
- expect eof
- catch expect_after
- if [check_exit_status "ktutil converting keytab to srvtab (vno $vno)"] {
- pass "ktutil converting keytab to srvtab (vno $vno)"
- do_klist_kt $tmppwd/fookeytab "klist srvtab foo/bar vno $vno"
- kinit_kt "foo/bar" "SRVTAB:$tmppwd/foosrvtab" 1 "st kvno $vno"
- do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist st foo/bar vno $vno"
- do_kdestroy "kdestroy st foo/bar vno $vno"
- }
- } else {
- verbose "skipping v5kinit/srvtab tests because of non-v4 enctype"
- }
}
catch "exec rm -f $keytab"
# Check that kadmin.local can actually read the correct kvno, even
Deleted: trunk/src/tests/dejagnu/krb-standalone/v4gssftp.exp
===================================================================
--- trunk/src/tests/dejagnu/krb-standalone/v4gssftp.exp 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/krb-standalone/v4gssftp.exp 2008-12-18 18:31:16 UTC (rev 21544)
@@ -1,508 +0,0 @@
-# Kerberos ftp test.
-# This is a DejaGnu test script.
-# This script tests Kerberos ftp.
-# Originally written by Ian Lance Taylor, Cygnus Support, <ian at cygnus.com>.
-# Modified bye Ezra Peisach for GSSAPI support.
-
-# Find the programs we need. We use the binaries from the build tree
-# if they exist. If they do not, then they must be in PATH. We
-# expect $objdir to be .../kerberos/build/tests/dejagnu
-
-if ![info exists FTP] {
- set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp]
-}
-
-if ![info exists FTPD] {
- set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd]
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# A procedure to start up the ftp daemon.
-
-proc start_ftp_daemon { } {
- global FTPD
- global tmppwd
- global ftpd_spawn_id
- global ftpd_pid
- global portbase
-
- # The -p argument tells it to accept a single connection, so we
- # don't need to use inetd. Portbase+8 is the port to listen at.
- # We rely on KRB5_KTNAME being set to the proper keyfile as there is
- # no way to cleanly set it with the gssapi API.
- # The -U argument tells it to use an alternate ftpusers file (using
- # /dev/null will allow root to login regardless of /etc/ftpusers).
- # The -a argument requires authorization, to mitigate any
- # vulnerability introduced by circumventing ftpusers.
- spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb.conf
- set ftpd_spawn_id $spawn_id
- set ftpd_pid [exp_pid]
-
- # Give the ftp daemon a few seconds to get set up.
- sleep 2
-}
-
-# A procedure to stop the ftp daemon.
-
-proc stop_ftp_daemon { } {
- global ftpd_spawn_id
- global ftpd_pid
-
- if [info exists ftpd_pid] {
- catch "close -i $ftpd_spawn_id"
- catch "exec kill $ftpd_pid"
- catch "wait -i $ftpd_spawn_id"
- unset ftpd_pid
- }
-}
-
-# Test that a file was copied correctly.
-proc check_file { filename {bigfile 0}} {
- if ![file exists $filename] {
- verbose "$filename does not exist"
- send_log "$filename does not exist\n"
- return 0
- }
-
- set file [open $filename r]
- if { [gets $file line] == -1 } {
- verbose "$filename is empty"
- send_log "$filename is empty\n"
- close $file
- return 0
- }
-
- if ![string match "This file is used for ftp testing." $line] {
- verbose "$filename contains $line"
- send_log "$filename contains $line\n"
- close $file
- return 0
- }
-
- if {$bigfile} {
- # + 1 for the newline
- seek $file 1048577 current
- if { [gets $file line] == -1 } {
- verbose "$filename is truncated"
- send_log "$filename is truncated\n"
- close $file
- return 0
- }
-
- if ![string match "This file is used for ftp testing." $line] {
- verbose "$filename contains $line"
- send_log "$filename contains $line\n"
- close $file
- return 0
- }
- }
-
- if { [gets $file line] != -1} {
- verbose "$filename is too long ($line)"
- send_log "$filename is too long ($line)\n"
- close $file
- return 0
- }
-
- close $file
-
- return 1
-}
-
-#
-# Restore environment variables possibly set.
-#
-proc ftp_restore_env { } {
- global env
- global ftp_save_ktname
- global ftp_save_ccname
-
- catch "unset env(KRB5_KTNAME)"
- if [info exists ftp_save_ktname] {
- set env(KRB5_KTNAME) $ftp_save_ktname
- unset ftp_save_ktname
- }
-
- catch "unset env(KRB5CCNAME)"
- if [info exists ftp_save_ccname] {
- set env(KRB5CCNAME) $ftp_save_ccname
- unset ftp_save_ccname
- }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc v4ftp_test { } {
- global FTP
- global KEY
- global REALMNAME
- global hostname
- global localhostname
- global env
- global ftpd_spawn_id
- global ftpd_pid
- global spawn_id
- global tmppwd
- global ftp_save_ktname
- global ftp_save_ccname
- global des3_krbtgt
- global portbase
-
- if {$des3_krbtgt} {
- return
- }
- # Start up the kerberos and kadmind daemons and get a srvtab and a
- # ticket file.
- if {![start_kerberos_daemons 0] \
- || ![add_random_key ftp/$hostname 0] \
- || ![setup_srvtab 0 ftp] \
- || ![add_kerberos_key $env(USER) 0] \
- || ![v4kinit $env(USER) $env(USER)$KEY 0]} {
- return
- }
-
- #
- # Save settings of KRB5_KTNAME
- #
- if [info exists env(KRB5_KTNAME)] {
- set ftp_save_ktname $env(KRB5_KTNAME)
- }
-
- #
- # set KRB5_KTNAME
- #
- set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
- verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
- #
- # Save settings of KRB5CCNAME
- # These tests fail if the krb5 cache happens to have a valid credential
- # which can result from running the gssftp.exp test immediately
- # preceeding these tests.
- #
- if [info exists env(KRB5CCNAME)] {
- set ftp_save_ccname $env(KRB5CCNAME)
- }
-
- #
- # set KRB5_KTNAME
- #
- set env(KRB5CCNAME) FILE:$tmppwd/non-existant-cache
- verbose "KRB5CCNAME=$env(KRB5CCNAME)"
-
- # Start the ftp daemon.
- start_ftp_daemon
-
- # Make an ftp client connection to it.
- spawn $FTP $hostname [expr 8 + $portbase]
-
- expect_after {
- timeout {
- fail "$testname (timeout)"
- catch "expect_after"
- return
- }
- eof {
- fail "$testname (eof)"
- catch "expect_after"
- return
- }
- }
-
- set testname "ftp connection(v4)"
- expect -nocase "connected to $hostname"
- expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready."
- expect -re "Using authentication type GSSAPI; ADAT must follow"
- expect "GSSAPI accepted as authentication type"
- expect -re "GSSAPI error major: (Unspecified GSS|Miscellaneous) failure"
- expect {
- "GSSAPI error minor: Unsupported credentials cache format version number" {}
- "GSSAPI error minor: No credentials cache found" {}
- -re "GSSAPI error minor: Credentials cache file '.*' not found" {}
- "GSSAPI error minor: Decrypt integrity check failed" {}
- }
- expect "GSSAPI error: initializing context"
- expect "GSSAPI authentication failed"
- expect -re "Using authentication type KERBEROS_V4; ADAT must follow"
- expect {
- "Kerberos V4 authentication succeeded" { pass "ftp authentication" }
- eof { fail "ftp authentication" ; catch "expect_after" ; return }
- -re "Kerberos V4 .* failed.*\r" {
- fail "ftp authentication";
- send "quit\r"; catch "expect_after";
- return
- }
- }
- expect -nocase "name ($hostname:$env(USER)): "
- send "$env(USER)\r"
- expect "Kerberos user $env(USER)@$REALMNAME is authorized as $env(USER)"
- expect "Remote system type is UNIX."
- expect "Using binary mode to transfer files."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "binary(v4)"
- send "binary\r"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "status(v4)"
- send "status\r"
- expect -nocase "connected to $hostname."
- expect "Authentication type: KERBEROS_V4"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "ls(v4)"
- send "ls $tmppwd/ftp-test\r"
- expect -re "Opening ASCII mode data connection for .*ls."
- expect -re ".* $tmppwd/ftp-test"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "nlist(v4)"
- send "nlist $tmppwd/ftp-test\r"
- expect -re "Opening ASCII mode data connection for file list."
- expect -re "$tmppwd/ftp-test"
- expect -re ".* Transfer complete."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "ls missing(v4)"
- send "ls $tmppwd/ftp-testmiss\r"
- expect -re "Opening ASCII mode data connection for .*ls."
- expect {
- -re "$tmppwd/ftp-testmiss not found" {}
- -re "$tmppwd/ftp-testmiss: No such file or directory"
- }
- expect "ftp> " {
- pass $testname
- }
-
-
- set testname "get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get $tmppwd/ftp-test $tmppwd/copy\r"
- expect "Opening BINARY mode data connection for $tmppwd/ftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "put(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "put $tmppwd/ftp-test $tmppwd/copy\r"
- expect "Opening BINARY mode data connection for $tmppwd/copy"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "cd(v4)"
- send "cd $tmppwd\r"
- expect "CWD command successful."
- expect "ftp> " {
- pass $testname
- }
-
- set testname "lcd(v4)"
- send "lcd $tmppwd\r"
- expect "Local directory now $tmppwd"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "local get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get ftp-test copy\r"
- expect "Opening BINARY mode data connection for ftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "big local get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get bigftp-test copy\r"
- expect "Opening BINARY mode data connection for bigftp-test"
- expect "Transfer complete"
- expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
- expect "ftp> "
- if [check_file $tmppwd/copy 1] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "start encryption(v4)"
- send "private\r"
- expect "Data channel protection level set to private"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "status(v4)"
- send "status\r"
- expect "Protection Level: private"
- expect "ftp> " {
- pass $testname
- }
-
- set testname "encrypted get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get ftp-test copy\r"
- expect "Opening BINARY mode data connection for ftp-test"
- expect "Transfer complete"
- expect {
- -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" {}
- -re "krb_rd_priv failed for KERBEROS_V4" {
- fail $testname
- send "quit\r"
- catch "expect_after"
- return
- }
- }
- expect "ftp> "
- if [check_file $tmppwd/copy] {
- pass $testname
- } else {
- fail $testname
- }
-
-
- # Test a large file that will overflow PBSZ size
- set testname "big encrypted get(v4)"
- catch "exec rm -f $tmppwd/copy"
- send "get bigftp-test copy\r"
- expect "Opening BINARY mode data connection for bigftp-test"
- expect "Transfer complete"
- expect {
- -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds" {}
- -re "krb_rd_priv failed for KERBEROS_V4" {
- fail $testname
- send "quit\r"
- catch "expect_after"
- return
- }
- }
- expect "ftp> "
- if [check_file $tmppwd/copy 1] {
- pass $testname
- } else {
- fail $testname
- }
-
- set testname "close(v4)"
- send "close\r"
- expect "Goodbye."
- expect "ftp> "
- set status_list [wait -i $ftpd_spawn_id]
- verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)"
- catch "close -i $ftpd_spawn_id"
- if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
- send_log "exit status: $status_list\n"
- verbose "exit status: $status_list"
- fail $testname
- } else {
- pass $testname
- unset ftpd_pid
- }
-
- set testname "quit(v4)"
- send "quit\r"
- expect_after
- expect eof
- if [check_exit_status $testname] {
- pass $testname
- }
-
-}
-
-run_once v4gssftp {
- # Make sure .klogin is reasonable.
- if ![check_k5login ftp] {
- return
- }
-
- if ![check_klogin ftp] {
- return
- }
-
- # Set up the kerberos database.
- if {![get_hostname] \
- || ![setup_kerberos_files] \
- || ![setup_kerberos_env] \
- || ![setup_kerberos_db 0]} {
- return
- }
-
- # Create a file to use for ftp testing.
- set file [open $tmppwd/ftp-test w]
- puts $file "This file is used for ftp testing."
- close $file
-
- # Create a large file to use for ftp testing. File needs to be
- # larger that 2^20 or 1MB for PBSZ testing.
- set file [open $tmppwd/bigftp-test w]
- puts $file "This file is used for ftp testing.\n"
- seek $file 1048576 current
- puts $file "This file is used for ftp testing."
- close $file
-
- # The ftp client will look in $HOME/.netrc for the user name to use.
- # To avoid confusing the testsuite, point $HOME at a directory where
- # we know there is no .netrc file.
- if [info exists env(HOME)] {
- set home $env(HOME)
- } elseif [info exists home] {
- unset home
- }
- set env(HOME) $tmppwd
-
- # Run the test. Logging in sometimes takes a while, so increase the
- # timeout.
- set oldtimeout $timeout
- set timeout 60
- set status [catch v4ftp_test msg]
- set timeout $oldtimeout
-
- # Shut down the kerberos daemons and the ftp daemon.
- stop_kerberos_daemons
-
- stop_ftp_daemon
-
- ftp_restore_env
-
- # Reset $HOME, for safety in case we are going to run more tests.
- if [info exists home] {
- set env(HOME) $home
- } else {
- unset env(HOME)
- }
-
- if { $status != 0 } {
- perror "error in v4gssftp.exp: $msg"
- }
-}
Deleted: trunk/src/tests/dejagnu/krb-standalone/v4krb524d.exp
===================================================================
--- trunk/src/tests/dejagnu/krb-standalone/v4krb524d.exp 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/krb-standalone/v4krb524d.exp 2008-12-18 18:31:16 UTC (rev 21544)
@@ -1,168 +0,0 @@
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-if ![info exists K524INIT] {
- set K524INIT [findfile $objdir/../../krb524/k524init]
-}
-
-if ![info exists KRB524D] {
- set KRB524D [findfile $objdir/../../krb524/krb524d]
-}
-
-if ![info exists KLIST] {
- set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-if ![info exists KDESTROY] {
- set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
-}
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# A procedure to stop the krb524 daemon.
-proc start_k524_daemon { } {
- global KRB524D
- global k524d_spawn_id
- global k524d_pid
- global REALMNAME
- global portbase
-
- spawn $KRB524D -m -p [expr 7 + $portbase] -r $REALMNAME -nofork
- set k524d_spawn_id $spawn_id
- set k524d_pid [exp_pid]
-
- # Give the krb524d daemon a few seconds to get set up.
- sleep 2
-}
-
-# A procedure to stop the krb524 daemon.
-proc stop_k524_daemon { } {
- global k524d_spawn_id
- global k524d_pid
-
- if [info exists k524d_pid] {
- catch "close -i $k524d_spawn_id"
- catch "exec kill $k524d_pid"
- catch "wait -i $k524d_spawn_id"
- unset k524d_pid
- }
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc doit { } {
- global env
- global KEY
- global K524INIT
- # To pass spawn_id to the wait process
- global spawn_id
- global KLIST
- global KDESTROY
- global tmppwd
- global REALMNAME
- global des3_krbtgt
-
- if {$des3_krbtgt} {
- return
- }
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Add a user key and get a V5 ticket
- if {![add_kerberos_key $env(USER) 0] \
- || ![kinit $env(USER) $env(USER)$KEY 0]} {
- return
- }
-
- # Start the krb524d daemon.
- start_k524_daemon
-
- # The k524init program does not advertise anything on success -
- #only failure.
- spawn $K524INIT
- expect {
- -timeout 10
- -re "k524init: .*\r" {
- fail "k524init"
- return
- }
- eof {}
- timeout {}
- }
-
-
- if ![check_exit_status "k524init"] {
- return
- }
- pass "k524init"
-
- # Make sure that klist can see the ticket.
- spawn $KLIST -4
- expect {
- -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$env(USER)@$REALMNAME.*krbtgt\.$REALMNAME@$REALMNAME\r\n" {
- verbose "klist started"
- }
- timeout {
- fail "v4klist"
- return
- }
- eof {
- fail "v4klist"
- return
- }
- }
-
- expect {
- "\r" { }
- eof { }
- }
-
- if ![check_exit_status "klist"] {
- return
- }
- pass "krb524d: v4klist"
-
- # Destroy the ticket.
- spawn $KDESTROY -4
- if ![check_exit_status "kdestroy"] {
- return
- }
- pass "krb524d: v4kdestroy"
-
- pass "krb524d: krb524d"
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-stop_k524_daemon
-
-if { $status != 0 } {
- send_error "ERROR: error in v4krb524d.exp\n"
- send_error "$msg\n"
- exit 1
-}
-
-
Deleted: trunk/src/tests/dejagnu/krb-standalone/v4standalone.exp
===================================================================
--- trunk/src/tests/dejagnu/krb-standalone/v4standalone.exp 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/tests/dejagnu/krb-standalone/v4standalone.exp 2008-12-18 18:31:16 UTC (rev 21544)
@@ -1,95 +0,0 @@
-# Standalone Kerberos test.
-# This is a DejaGnu test script.
-# This script tests that the Kerberos tools can talk to each other.
-
-# This mostly just calls procedures in testsuite/config/default.exp.
-
-# Set up the Kerberos files and environment.
-if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
- return
-}
-
-# If we do not have what is for a V4 test - return
-if ![v4_compatible_enctype] {
- return
-}
-
-# Initialize the Kerberos database. The argument tells
-# setup_kerberos_db that it is being called from here.
-if ![setup_kerberos_db 1] {
- return
-}
-
-# We are about to start up a couple of daemon processes. We do all
-# the rest of the tests inside a proc, so that we can easily kill the
-# processes when the procedure ends.
-
-proc check_and_destroy_v4_tix { client server } {
- global REALMNAME
- global des3_krbtgt
-
- # Skip this if we're using a des3 TGT, since that's supposed to fail.
- if {$des3_krbtgt} {
- return
- }
- # Make sure that klist can see the ticket.
- if ![v4klist "$client" "$server" "v4klist"] {
- return
- }
-
- # Destroy the ticket.
- if ![v4kdestroy "v4kdestroy"] {
- return
- }
-
- if ![v4klist_none "v4klist no tix 1"] {
- return
- }
-}
-
-proc doit { } {
- global REALMNAME
- global KLIST
- global KDESTROY
- global KEY
- global hostname
- global spawn_id
- global tmppwd
-
- # Start up the kerberos and kadmind daemons.
- if ![start_kerberos_daemons 1] {
- return
- }
-
- # Use kadmin to add an host key.
- if ![add_random_key host/$hostname 1] {
- return
- }
-
- # Use ksrvutil to create a srvtab entry.
- if ![setup_srvtab 1] {
- return
- }
-
- # Use kinit to get a ticket.
- if [v4kinit krbtest.admin adminpass$KEY 1] {
- check_and_destroy_v4_tix krbtest.admin@$REALMNAME krbtgt.$REALMNAME@$REALMNAME
- }
-
- # Use kinit with srvtab to get a ticket.
- # XXX - Currently kinit doesn't support "-4 -k"!
-# set shorthost [string range $hostname 0 [expr [string first . $hostname] - 1]]
-# if [v4kinit_kt host.$shorthost SRVTAB:$tmppwd/srvtab 1] {
-# check_and_destroy_v4_tix host.$shorthost@$REALMNAME krbtgt.$REALMNAME@$REALMNAME
-# }
-}
-
-set status [catch doit msg]
-
-stop_kerberos_daemons
-
-if { $status != 0 } {
- send_error "ERROR: error in v4standalone.exp\n"
- send_error "$msg\n"
- exit 1
-}
Modified: trunk/src/util/depfix.pl
===================================================================
--- trunk/src/util/depfix.pl 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/util/depfix.pl 2008-12-18 18:31:16 UTC (rev 21544)
@@ -162,10 +162,6 @@
$_ = &uniquify($_);
- # Some krb4 dependencies should only be present if building with krb4
- # enabled.
- s;\$\(BUILDTOP\)/include/kerberosIV/krb_err.h ;\$(KRB_ERR_H_DEP) ;g;
-
# Delete trailing whitespace.
s; *$;;g;
Modified: trunk/src/util/ss/Makefile.in
===================================================================
--- trunk/src/util/ss/Makefile.in 2008-12-18 16:21:10 UTC (rev 21543)
+++ trunk/src/util/ss/Makefile.in 2008-12-18 18:31:16 UTC (rev 21544)
@@ -233,7 +233,7 @@
utils.c
options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
$(COM_ERR_DEPS) copyright.h options.c ss.h
-cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
+cmd_tbl.lex.o: cmd_tbl.lex.c
ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \
ct.tab.c ss.h
ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \
More information about the cvs-krb5
mailing list