aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRuss Allbery <rra@stanford.edu>2013-03-27 15:19:46 -0700
committerRuss Allbery <rra@stanford.edu>2013-03-27 15:19:46 -0700
commit6871bae8e26beadaff5035de56b4f70a78961dc9 (patch)
tree366943055e3db5c26a9415d1d2ea1486054e8177
parent61c348a8cc08e90c73993e09dc175b44c5a65681 (diff)
parent06c44c9eb5efb00bb9368ed3709106c91b0b36b5 (diff)
Imported Upstream version 1.0
Diffstat
-rw-r--r--.gitignore10
-rw-r--r--LICENSE369
-rw-r--r--Makefile.am177
-rw-r--r--Makefile.in699
-rw-r--r--NEWS81
-rw-r--r--README154
-rw-r--r--TODO299
-rw-r--r--aclocal.m4113
-rwxr-xr-xautogen24
-rwxr-xr-xbuild-aux/compile228
-rwxr-xr-xbuild-aux/depcomp190
-rwxr-xr-xbuild-aux/install-sh29
-rwxr-xr-xbuild-aux/missing53
-rw-r--r--client/file.c8
-rw-r--r--client/internal.h3
-rw-r--r--client/keytab.c20
-rw-r--r--client/krb5.c5
-rw-r--r--client/options.c2
-rw-r--r--client/remctl.c3
-rw-r--r--client/srvtab.c3
-rw-r--r--client/wallet-rekey.119
-rw-r--r--client/wallet-rekey.c3
-rw-r--r--client/wallet-rekey.pod18
-rw-r--r--client/wallet.158
-rw-r--r--client/wallet.c2
-rw-r--r--client/wallet.pod69
-rw-r--r--config.h.in24
-rw-r--r--config/wallet2
-rwxr-xr-xconfigure3669
-rw-r--r--configure.ac45
-rwxr-xr-xcontrib/convert-srvtab-db3
-rwxr-xr-xcontrib/used-principals6
-rwxr-xr-xcontrib/wallet-contacts6
-rwxr-xr-xcontrib/wallet-summary33
-rw-r--r--contrib/wallet-summary.826
-rwxr-xr-xcontrib/wallet-unknown-hosts107
-rw-r--r--contrib/wallet-unknown-hosts.8214
-rw-r--r--docs/design16
-rw-r--r--docs/design-acl10
-rw-r--r--docs/design-api10
-rw-r--r--docs/netdb-role-api10
-rw-r--r--docs/notes22
-rw-r--r--docs/objects-and-schemes100
-rw-r--r--docs/setup12
-rw-r--r--docs/stanford-naming217
-rw-r--r--examples/stanford.conf3
-rw-r--r--m4/gssapi.m4114
-rw-r--r--m4/krb5-config.m4101
-rw-r--r--m4/krb5.m4206
-rw-r--r--m4/lib-depends.m49
-rw-r--r--m4/lib-pathname.m410
-rw-r--r--m4/remctl.m494
-rw-r--r--m4/snprintf.m49
-rw-r--r--m4/vamacros.m49
-rw-r--r--perl/Wallet/ACL.pm217
-rw-r--r--perl/Wallet/ACL/Base.pm5
-rw-r--r--perl/Wallet/ACL/Krb5.pm5
-rw-r--r--perl/Wallet/ACL/Krb5/Regex.pm5
-rw-r--r--perl/Wallet/ACL/LDAP/Attribute.pm262
-rw-r--r--perl/Wallet/ACL/NetDB.pm5
-rw-r--r--perl/Wallet/ACL/NetDB/Root.pm5
-rw-r--r--perl/Wallet/Admin.pm153
-rw-r--r--perl/Wallet/Config.pm156
-rw-r--r--perl/Wallet/Database.pm28
-rw-r--r--perl/Wallet/Kadmin.pm3
-rw-r--r--perl/Wallet/Kadmin/Heimdal.pm5
-rw-r--r--perl/Wallet/Kadmin/MIT.pm3
-rw-r--r--perl/Wallet/Object/Base.pm378
-rw-r--r--perl/Wallet/Object/File.pm5
-rw-r--r--perl/Wallet/Object/Keytab.pm137
-rw-r--r--perl/Wallet/Object/WAKeyring.pm370
-rw-r--r--perl/Wallet/Policy/Stanford.pm413
-rw-r--r--perl/Wallet/Report.pm315
-rw-r--r--perl/Wallet/Schema.pm234
-rw-r--r--perl/Wallet/Schema/Result/Acl.pm110
-rw-r--r--perl/Wallet/Schema/Result/AclEntry.pm74
-rw-r--r--perl/Wallet/Schema/Result/AclHistory.pm112
-rw-r--r--perl/Wallet/Schema/Result/AclScheme.pm84
-rw-r--r--perl/Wallet/Schema/Result/Enctype.pm45
-rw-r--r--perl/Wallet/Schema/Result/Flag.pm62
-rw-r--r--perl/Wallet/Schema/Result/KeytabEnctype.pm53
-rw-r--r--perl/Wallet/Schema/Result/KeytabSync.pm53
-rw-r--r--perl/Wallet/Schema/Result/Object.pm266
-rw-r--r--perl/Wallet/Schema/Result/ObjectHistory.pm135
-rw-r--r--perl/Wallet/Schema/Result/SyncTarget.pm48
-rw-r--r--perl/Wallet/Schema/Result/Type.pm75
-rw-r--r--perl/Wallet/Server.pm167
-rwxr-xr-xperl/create-ddl100
-rw-r--r--perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql7
-rw-r--r--perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql6
-rw-r--r--perl/sql/Wallet-Schema-0.07-MySQL.sql233
-rw-r--r--perl/sql/Wallet-Schema-0.07-SQLite.sql241
-rw-r--r--perl/sql/Wallet-Schema-0.08-MySQL.sql215
-rw-r--r--perl/sql/Wallet-Schema-0.08-PostgreSQL.sql223
-rw-r--r--perl/sql/Wallet-Schema-0.08-SQLite.sql223
-rwxr-xr-xperl/t/acl.t29
-rwxr-xr-xperl/t/admin.t24
-rwxr-xr-xperl/t/config.t3
-rw-r--r--perl/t/data/README10
-rwxr-xr-xperl/t/file.t17
-rwxr-xr-xperl/t/init.t9
-rwxr-xr-xperl/t/kadmin.t9
-rwxr-xr-xperl/t/keytab.t70
-rw-r--r--perl/t/lib/Util.pm9
-rwxr-xr-xperl/t/object.t52
-rwxr-xr-xperl/t/pod.t3
-rwxr-xr-xperl/t/report.t5
-rwxr-xr-xperl/t/schema.t73
-rwxr-xr-xperl/t/server.t86
-rwxr-xr-xperl/t/stanford-naming.t257
-rwxr-xr-xperl/t/verifier-ldap-attr.t73
-rwxr-xr-xperl/t/verifier-netdb.t3
-rwxr-xr-xperl/t/verifier.t3
-rwxr-xr-xperl/t/wa-keyring.t175
-rw-r--r--portable/asprintf.c12
-rw-r--r--portable/dummy.c12
-rw-r--r--portable/krb5-extra.c12
-rw-r--r--portable/krb5.h20
-rw-r--r--portable/macros.h35
-rw-r--r--portable/mkstemp.c14
-rw-r--r--portable/setenv.c19
-rw-r--r--portable/snprintf.c3
-rw-r--r--portable/stdbool.h20
-rw-r--r--portable/strlcat.c12
-rw-r--r--portable/strlcpy.c12
-rw-r--r--portable/system.h75
-rw-r--r--portable/uio.h12
-rwxr-xr-xserver/keytab-backend41
-rw-r--r--server/keytab-backend.832
-rwxr-xr-xserver/wallet-admin53
-rw-r--r--server/wallet-admin.836
-rwxr-xr-xserver/wallet-backend103
-rw-r--r--server/wallet-backend.871
-rwxr-xr-xserver/wallet-report40
-rw-r--r--server/wallet-report.832
-rw-r--r--tests/HOWTO248
-rw-r--r--tests/TESTS1
-rw-r--r--tests/client/basic-t.in2
-rw-r--r--tests/client/full-t.in11
-rw-r--r--tests/client/prompt-t.in15
-rw-r--r--tests/client/rekey-t.in2
-rw-r--r--tests/config/README43
-rw-r--r--tests/data/README33
-rwxr-xr-xtests/data/cmd-fake4
-rwxr-xr-xtests/data/fake-kadmin3
-rw-r--r--tests/data/perl.conf6
-rw-r--r--tests/data/wallet.conf3
-rwxr-xr-xtests/docs/pod-spelling-t108
-rwxr-xr-xtests/docs/pod-t52
-rw-r--r--tests/portable/asprintf-t.c13
-rw-r--r--tests/portable/mkstemp-t.c13
-rw-r--r--tests/portable/setenv-t.c16
-rw-r--r--tests/portable/snprintf-t.c21
-rw-r--r--tests/portable/strlcat-t.c16
-rw-r--r--tests/portable/strlcpy-t.c16
-rw-r--r--tests/runtests.c165
-rwxr-xr-xtests/server/admin-t22
-rwxr-xr-xtests/server/backend-t58
-rwxr-xr-xtests/server/keytab-t3
-rwxr-xr-xtests/server/report-t3
-rw-r--r--tests/tap/basic.c239
-rw-r--r--tests/tap/basic.h81
-rw-r--r--tests/tap/kerberos.c499
-rw-r--r--tests/tap/kerberos.h115
-rw-r--r--tests/tap/kerberos.sh64
-rw-r--r--tests/tap/libtap.sh192
-rw-r--r--tests/tap/macros.h88
-rw-r--r--tests/tap/messages.c49
-rw-r--r--tests/tap/messages.h30
-rw-r--r--tests/tap/perl/Test/RRA.pm222
-rw-r--r--tests/tap/perl/Test/RRA/Automake.pm362
-rw-r--r--tests/tap/perl/Test/RRA/Config.pm200
-rw-r--r--tests/tap/process.c125
-rw-r--r--tests/tap/process.h52
-rw-r--r--tests/tap/remctl.sh61
-rw-r--r--tests/tap/string.c65
-rw-r--r--tests/tap/string.h49
-rw-r--r--tests/util/concat-t.c46
-rw-r--r--tests/util/messages-krb5-t.c41
-rw-r--r--tests/util/messages-t.c126
-rwxr-xr-xtests/util/xmalloc-t130
-rw-r--r--tests/util/xmalloc.c78
-rw-r--r--util/concat.c85
-rw-r--r--util/concat.h36
-rw-r--r--util/macros.h21
-rw-r--r--util/messages-krb5.c50
-rw-r--r--util/messages-krb5.h23
-rw-r--r--util/messages.c26
-rw-r--r--util/messages.h37
-rw-r--r--util/xmalloc.c62
-rw-r--r--util/xmalloc.h27
191 files changed, 14863 insertions, 3833 deletions
diff --git a/.gitignore b/.gitignore
index 576e160..21fba4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,7 @@
/config.log
/config.status
/configure
+/perl/MYMETA.yml
/perl/Makefile.PL
/perl/Makefile.old
/perl/blib/
@@ -21,11 +22,9 @@
/tests/client/full-t
/tests/client/prompt-t
/tests/client/rekey-t
-/tests/data/.placeholder
-/tests/data/test.keytab
-/tests/data/test.password
-/tests/data/test.principal
-/tests/data/test.krbtype
+/tests/config/keytab
+/tests/config/password
+/tests/config/principal
/tests/portable/asprintf-t
/tests/portable/mkstemp-t
/tests/portable/setenv-t
@@ -33,7 +32,6 @@
/tests/portable/strlcat-t
/tests/portable/strlcpy-t
/tests/runtests
-/tests/util/concat-t
/tests/util/messages-krb5-t
/tests/util/messages-t
/tests/util/xmalloc
diff --git a/LICENSE b/LICENSE
index de9ab39..c02eec9 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,191 +1,180 @@
-The wallet package as a whole is:
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Comment: This file documents the copyright statements and licenses for
+ every file in this package in a machine-readable format. For a less
+ detailed, higher-level overview, see README.
+ .
+ For any copyright year range specified as YYYY-ZZZZ in this file, the
+ range specifies every single year in that closed interval.
+Copyright: 2006-2010, 2012-2013
+ The Board of Trustees of the Leland Stanford Junior University
+License: Expat
+
+Files: *
+Copyright: 2000-2002, 2004-2012 Russ Allbery <rra@stanford.edu>
+ 2001-2013 The Board of Trustees of the Leland Stanford Junior University
+License: Expat
+
+Files: Makefile.in
+Copyright: 1994-2011 Free Software Foundation, Inc.
+ 2006-2008, 2010, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+License: FSF-unlimited and Expat
+
+Files: aclocal.m4
+Copyright: 1996-2012 Free Software Foundation, Inc.
+License: FSF-unlimited
+
+Files: build-aux/compile build-aux/depcomp build-aux/missing
+Copyright: 1996-1997, 1999-2000, 2002-2012 Free Software Foundation, Inc.
+License: GPL-2+ with Autoconf exception or Expat
+
+Files: build-aux/install-sh
+Copyright: 1994 X Consortium
+License: X11
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to permit
+ persons to whom the Software is furnished to do so, subject to the
+ following conditions:
+ .
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ OTHER DEALINGS IN THE SOFTWARE.
+ .
+ Except as contained in this notice, the name of the X Consortium shall
+ not be used in advertising or otherwise to promote the sale, use or other
+ dealings in this Software without prior written authorization from the X
+ Consortium.
+
+Files: client/wallet-rekey.1 client/wallet-rekey.pod client/wallet.1
+ client/wallet.pod docs/design docs/design-acl docs/design-api
+ docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup
+ docs/stanford-naming perl/t/data/README tests/HOWTO tests/config/README
+Copyright: 2006-2013
+ The Board of Trustees of the Leland Stanford Junior University
+ 2010 Russ Allbery <rra@stanford.edu>
+License: all-permissive
+ Copying and distribution of this file, with or without modification, are
+ permitted in any medium without royalty provided the copyright notice and
+ this notice are preserved. This file is offered as-is, without any
+ warranty.
+
+Files: configure
+Copyright: 1992-1996, 1998-2012 Free Software Foundation, Inc.
+License: FSF-configure
+ This script is free software; the Free Software Foundation gives unlimited
+ permission to copy, distribute and modify it.
+
+Files: m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4 m4/lib-depends.m4
+ m4/lib-pathname.m4 m4/remctl.m4 m4/snprintf.m4 m4/vamacros.m4
+Copyright: 2005-2012
+ The Board of Trustees of the Leland Stanford Junior University
+License: unlimited
+ This file is free software; the authors give unlimited permission to copy
+ and/or distribute it, with or without modifications, as long as this
+ notice is preserved.
+
+Files: portable/asprintf.c portable/dummy.c portable/krb5-extra.c
+ portable/krb5.h portable/macros.h portable/mkstemp.c portable/setenv.c
+ portable/stdbool.h portable/strlcat.c portable/strlcpy.c portable/system.h
+ portable/uio.h tests/portable/asprintf-t.c tests/portable/mkstemp-t.c
+ tests/portable/setenv-t.c tests/portable/strlcat-t.c
+ tests/portable/strlcpy-t.c util/macros.h
+Copyright: no copyright notice, see License
+License: rra-public-domain
+ The authors hereby relinquish any claim to any copyright that they may
+ have in this work, whether granted under contract or by operation of law
+ or international treaty, and hereby commit to the public, at large, that
+ they shall not, at any time in the future, seek to enforce any copyright
+ in this work against any person or entity, or prevent any person or
+ entity from copying, publishing, distributing or creating derivative
+ works of this work.
+
+Files: portable/snprintf.c tests/portable/snprintf-t.c
+Copyright: 1995 Patrick Powell
+ 2000-2006 Russ Allbery <rra@stanford.edu>
+ 2001 Hrvoje Niksic
+ 2009-2010 The Board of Trustees of the Leland Stanford Junior University
+License: Powell-snprintf
+ This code is based on code written by Patrick Powell (papowell@astart.com)
+ It may be used for any purpose as long as this notice remains intact
+ on all source code distributions
+
+Files: util/messages.c util/messages.h util/xmalloc.c util/xmalloc.h
+Copyright: 1991, 1994-2003 The Internet Software Consortium and Rich Salz
+ 2004-2006 Internet Systems Consortium, Inc.
+ 2008-2010, 2012
+ The Board of Trustees of the Leland Stanford Junior University
+License: ISC
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY
+ SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to permit
+ persons to whom the Software is furnished to do so, subject to the
+ following conditions:
+ .
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+License: FSF-unlimited
+ This file is free software; the Free Software Foundation gives unlimited
+ permission to copy and/or distribute it, with or without modifications, as
+ long as this notice is preserved.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+License: GPL-2+ with Autoconf exception
+ This file is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+ Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ As a special exception to the GNU General Public License, if you
+ distribute this file as part of a program that contains a configuration
+ script generated by Autoconf, you may include it under the same
+ distribution terms that you use for the rest of that program.
+Comment: The option described in the license has been accepted and these
+ files are distributed under the same terms as the package as a whole, as
+ described at the top of this file.
- Copyright 2006, 2007, 2008, 2009, 2010 Board of Trustees, Leland
- Stanford Jr. University. All rights reserved.
-
-and released under the following license:
-
- Permission to use, copy, modify, and distribute this software and its
- documentation for any purpose and without fee is hereby granted,
- provided that the above copyright notice appear in all copies and that
- both that copyright notice and this permission notice appear in
- supporting documentation, and that the name of Stanford University not
- be used in advertising or publicity pertaining to distribution of the
- software without specific, written prior permission. Stanford
- University makes no representations about the suitability of this
- software for any purpose. It is provided "as is" without express or
- implied warranty.
-
- THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
- WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
-All individual files with no other license statement are released under
-this license. Some files have additional copyright dates from earlier
-releases or may be owned by other copyright holders as noted in those
-files.
-
-Collected copyright notices for the entire package:
-
- Copyright 1994, 1998, 1999, 2000, 2002, 2003, 2004, 2005, 2006, 2007,
- 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
- Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009
- Russ Allbery <rra@stanford.edu>
- Copyright 2004, 2005, 2006, 2007, 2008, 2009
- by Internet Systems Consortium, Inc. ("ISC")
- Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- 2002, 2003 by The Internet Software Consortium and Rich Salz
- Copyright 1995 Patrick Powell
- Copyright 1996, 1997 Brandon Long <blong@fiction.net>
- Copyright 1998 Thomas Roessler <roessler@guug.de>
- Copyright 1998 Michael Elkins <me@cs.hmc.edu>
- Copyright 1998 Andrew Tridgell <tridge@samba.org>
- Copyright 2000, 2005 Hrvoje Niksic <hniksic@xemacs.org>
- Copyright 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
- Free Software Foundation, Inc.
- Copyright 1994 X Consortium
-
-The files portable/asprintf.c, portable/dummy.c, portable/macros.h,
-portable/stdbool.h, portable/strlcat.c, portable/strlcpy.c,
-portable/uio.h, and util/concat.c have been placed in the public domain by
-their author.
-
-The files tests/libtest.c, tests/libtest.h, tests/portable/snprintf-t.c,
-tests/portable/strlcat-t.c, tests/portable/strlcpy-t.c,
-tests/util/concat-t.c, tests/util/messages-t.c, tests/util/xmalloc-t, and
-tests/util/xmalloc.c are released under the following copyright and
-license:
-
- Copyright 2009 Russ Allbery <rra@stanford.edu>
- Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
- Board of Trustees, Leland Stanford Jr. University
- Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009
- by Internet Systems Consortium, Inc. ("ISC")
- Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- 2002, 2003 by The Internet Software Consortium and Rich Salz
-
- This code is derived from software contributed to the Internet Software
- Consortium by Rich Salz.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY
- SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-The file portable/snprintf.c is released under the following license:
-
- This code is based on code written by Patrick Powell (papowell@astart.com)
- It may be used for any purpose as long as this notice remains intact
- on all source code distributions
-
-The file tests/runtests.c is released under the following copyright and
-license:
-
- Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009
- Russ Allbery <rra@stanford.edu>
-
- Permission is hereby granted, free of charge, to any person obtaining a
- copy of this software and associated documentation files (the
- "Software"), to deal in the Software without restriction, including
- without limitation the rights to use, copy, modify, merge, publish,
- distribute, sublicense, and/or sell copies of the Software, and to
- permit persons to whom the Software is furnished to do so, subject to
- the following conditions:
-
- The above copyright notice and this permission notice shall be included
- in all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-The files Makefile.in and aclocal.m4 are generated by GNU Automake and
-released under the following copyright and license:
-
- Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
- 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
- This file is free software; the Free Software Foundation
- gives unlimited permission to copy and/or distribute it,
- with or without modifications, as long as this notice is preserved.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY, to the extent permitted by law; without
- even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
-
-The file configure is generated by GNU Autoconf and is released under the
-following copyright and license:
-
- Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
- 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
- Inc. This configure script is free software; the Free Software
- Foundation gives unlimited permission to copy, distribute and modify it.
-
-The files build-aux/compile, build-aux/depcomp, and build-aux/missing are
-taken from GNU Automake and are released under the following copyright and
-license:
-
- Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
- 2007, 2008, 2009 Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 2, or (at your option) any
- later version.
-
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- As a special exception to the GNU General Public License, if you
- distribute this file as part of a program that contains a configuration
- script generated by Autoconf, you may include it under the same
- distribution terms that you use for the rest of that program.
-
-For the wallet distribution, the option described in the last paragraph
-has been accepted and these files are distributed under the same terms as
-the wallet package as a whole, as described at the top of this file.
-
-The file build-aux/install-sh is released under the following copyright
-and license:
-
- Copyright (C) 1994 X Consortium
-
- Permission is hereby granted, free of charge, to any person obtaining a
- copy of this software and associated documentation files (the
- "Software"), to deal in the Software without restriction, including
- without limitation the rights to use, copy, modify, merge, publish,
- distribute, sublicense, and/or sell copies of the Software, and to
- permit persons to whom the Software is furnished to do so, subject to
- the following conditions:
-
- The above copyright notice and this permission notice shall be included
- in all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- IN NO EVENT SHALL THE X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR
- OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
- ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- OTHER DEALINGS IN THE SOFTWARE.
-
- Except as contained in this notice, the name of the X Consortium shall
- not be used in advertising or otherwise to promote the sale, use or
- other dealings in this Software without prior written authorization
- from the X Consortium.
-
- FSF changes to this file are in the public domain.
diff --git a/Makefile.am b/Makefile.am
index 444df0b..2e1a986 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,8 +1,8 @@
# Automake makefile for wallet.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# Copyright 2006, 2007, 2008, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -10,43 +10,68 @@
# and are not generated or touched by configure. They're listed here to be
# added to EXTRA_DIST and so that they can be copied over properly for
# builddir != srcdir builds.
-PERL_FILES = perl/Wallet/ACL.pm perl/Wallet/ACL/Base.pm \
- perl/Wallet/ACL/Krb5.pm perl/Wallet/ACL/Krb5/Regex.pm \
- perl/Wallet/ACL/NetDB.pm perl/Wallet/ACL/NetDB/Root.pm \
- perl/Wallet/Admin.pm perl/Wallet/Config.pm perl/Wallet/Database.pm \
- perl/Wallet/Kadmin.pm perl/Wallet/Kadmin/Heimdal.pm \
- perl/Wallet/Kadmin/MIT.pm perl/Wallet/Object/Base.pm \
- perl/Wallet/Object/File.pm perl/Wallet/Object/Keytab.pm \
- perl/Wallet/Report.pm perl/Wallet/Schema.pm perl/Wallet/Server.pm \
- perl/t/acl.t perl/t/admin.t perl/t/config.t perl/t/data/README \
- perl/t/data/keytab-fake perl/t/data/keytab.conf \
- perl/t/data/netdb.conf perl/t/data/netdb-fake perl/t/file.t \
- perl/t/init.t perl/t/kadmin.t perl/t/keytab.t perl/t/lib/Util.pm \
- perl/t/object.t perl/t/pod-spelling.t perl/t/pod.t perl/t/report.t \
- perl/t/schema.t perl/t/server.t perl/t/verifier-netdb.t \
- perl/t/verifier.t
-
-AUTOMAKE_OPTIONS = foreign subdir-objects
+PERL_FILES = perl/Wallet/ACL.pm perl/Wallet/ACL/Base.pm \
+ perl/Wallet/ACL/Krb5.pm perl/Wallet/ACL/Krb5/Regex.pm \
+ perl/Wallet/ACL/LDAP/Attribute.pm perl/Wallet/ACL/NetDB.pm \
+ perl/Wallet/ACL/NetDB/Root.pm perl/Wallet/Admin.pm \
+ perl/Wallet/Config.pm perl/Wallet/Database.pm perl/Wallet/Kadmin.pm \
+ perl/Wallet/Kadmin/Heimdal.pm perl/Wallet/Kadmin/MIT.pm \
+ perl/Wallet/Object/Base.pm perl/Wallet/Object/File.pm \
+ perl/Wallet/Object/Keytab.pm perl/Wallet/Object/WAKeyring.pm \
+ perl/Wallet/Policy/Stanford.pm perl/Wallet/Report.pm \
+ perl/Wallet/Schema.pm perl/Wallet/Server.pm \
+ perl/Wallet/Schema/Result/Acl.pm \
+ perl/Wallet/Schema/Result/AclEntry.pm \
+ perl/Wallet/Schema/Result/AclHistory.pm \
+ perl/Wallet/Schema/Result/AclScheme.pm \
+ perl/Wallet/Schema/Result/Enctype.pm \
+ perl/Wallet/Schema/Result/Flag.pm \
+ perl/Wallet/Schema/Result/KeytabEnctype.pm \
+ perl/Wallet/Schema/Result/KeytabSync.pm \
+ perl/Wallet/Schema/Result/Object.pm \
+ perl/Wallet/Schema/Result/ObjectHistory.pm \
+ perl/Wallet/Schema/Result/SyncTarget.pm \
+ perl/Wallet/Schema/Result/Type.pm \
+ perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql \
+ perl/sql/Wallet-Schema-0.07-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-SQLite.sql \
+ perl/sql/Wallet-Schema-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.08-PostgreSQL.sql \
+ perl/sql/Wallet-Schema-0.08-SQLite.sql perl/t/acl.t perl/t/admin.t \
+ perl/t/config.t perl/t/data/README perl/t/data/keytab-fake \
+ perl/t/data/keytab.conf perl/t/data/netdb.conf \
+ perl/t/data/netdb-fake perl/t/file.t perl/t/init.t perl/t/kadmin.t \
+ perl/t/keytab.t perl/t/lib/Util.pm perl/t/object.t \
+ perl/t/pod-spelling.t perl/t/pod.t perl/t/report.t perl/t/server.t \
+ perl/t/stanford-naming.t perl/t/verifier-ldap-attr.t \
+ perl/t/verifier-netdb.t perl/t/verifier.t perl/t/wa-keyring.t
+
ACLOCAL_AMFLAGS = -I m4
-EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod \
- client/wallet-rekey.pod config/allow-extract config/keytab \
- config/keytab.acl config/wallet config/wallet-report.acl docs/design \
- contrib/README contrib/convert-srvtab-db contrib/used-principals \
- contrib/wallet-contacts contrib/wallet-summary \
- contrib/wallet-summary.8 contrib/wallet-unknown-hosts \
- docs/design-acl docs/design-api docs/netdb-role-api docs/notes \
- docs/setup docs/stanford-naming examples/stanford.conf tests/TESTS \
- tests/data/README tests/data/allow-extract tests/data/basic.conf \
- tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \
- tests/data/fake-kadmin tests/data/fake-keytab \
- tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
- tests/data/fake-keytab-merge tests/data/fake-keytab-old \
- tests/data/fake-keytab-partial tests/data/fake-keytab-partial-result \
- tests/data/fake-keytab-rekey tests/data/fake-keytab-unknown \
- tests/data/fake-srvtab tests/data/full.conf tests/data/wallet.conf \
- tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t \
- tests/server/backend-t tests/server/keytab-t tests/server/report-t \
- tests/tap/kerberos.sh tests/tap/libtap.sh tests/tap/remctl.sh \
+EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod \
+ client/wallet-rekey.pod config/allow-extract config/keytab \
+ config/keytab.acl config/wallet config/wallet-report.acl \
+ docs/design contrib/README contrib/convert-srvtab-db \
+ contrib/used-principals contrib/wallet-contacts \
+ contrib/wallet-summary contrib/wallet-summary.8 \
+ contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8 \
+ docs/design-acl docs/design-api docs/netdb-role-api docs/notes \
+ docs/objects-and-schemes docs/setup docs/stanford-naming \
+ examples/stanford.conf perl/create-ddl tests/HOWTO tests/TESTS \
+ tests/config/README tests/data/allow-extract tests/data/basic.conf \
+ tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \
+ tests/data/fake-kadmin tests/data/fake-keytab \
+ tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
+ tests/data/fake-keytab-merge tests/data/fake-keytab-old \
+ tests/data/fake-keytab-partial \
+ tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
+ tests/data/fake-keytab-unknown tests/data/fake-srvtab \
+ tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \
+ tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t \
+ tests/server/backend-t tests/server/keytab-t tests/server/report-t \
+ tests/tap/kerberos.sh tests/tap/libtap.sh \
+ tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \
+ tests/tap/perl/Test/RRA/Config.pm tests/tap/remctl.sh \
tests/util/xmalloc-t $(PERL_FILES)
noinst_LIBRARIES = portable/libportable.a util/libutil.a
@@ -55,9 +80,9 @@ portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c \
portable/system.h portable/uio.h
portable_libportable_a_CPPFLAGS = $(KRB5_CPPFLAGS)
portable_libportable_a_LIBADD = $(LIBOBJS)
-util_libutil_a_SOURCES = util/concat.c util/concat.h util/macros.h \
- util/messages-krb5.c util/messages-krb5.h util/messages.c \
- util/messages.h util/xmalloc.c util/xmalloc.h
+util_libutil_a_SOURCES = util/macros.h util/messages-krb5.c \
+ util/messages-krb5.h util/messages.c util/messages.h util/xmalloc.c \
+ util/xmalloc.h
util_libutil_a_CPPFLAGS = $(KRB5_CPPFLAGS)
noinst_LIBRARIES += client/libwallet.a
@@ -80,24 +105,37 @@ client_wallet_rekey_LDADD = client/libwallet.a util/libutil.a \
dist_man_MANS = client/wallet.1 client/wallet-rekey.1 server/keytab-backend.8 \
server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8
+# Install the SQL files that are used by the server code to do upgrades.
+dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql \
+ perl/sql/Wallet-Schema-0.07-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-SQLite.sql \
+ perl/sql/Wallet-Schema-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.08-PostgreSQL.sql \
+ perl/sql/Wallet-Schema-0.08-SQLite.sql
+
# A set of flags for warnings. Add -O because gcc won't find some warnings
# without optimization turned on. Desirable warnings that can't be turned
# on due to other problems:
#
# -Wconversion http://bugs.debian.org/488884 (htons warnings)
#
-# Last checked against gcc 4.4 (2010-08-15).
-WARNINGS = -g -O -Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self \
- -Wswitch-enum -Wdeclaration-after-statement -Wshadow -Wpointer-arith \
- -Wbad-function-cast -Wwrite-strings -Wstrict-prototypes \
- -Wmissing-prototypes -Wnested-externs -Werror
+# Last checked against gcc 4.6.1 (2011-05-04). -D_FORTIFY_SOURCE=2 enables
+# warn_unused_result attribute markings on glibc functions on Linux, which
+# catches a few more issues.
+WARNINGS = -g -O -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wendif-labels \
+ -Wformat=2 -Winit-self -Wswitch-enum -Wdeclaration-after-statement \
+ -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align \
+ -Wwrite-strings -Wjump-misses-init -Wlogical-op \
+ -Wstrict-prototypes -Wmissing-prototypes -Wredundant-decls \
+ -Wnested-externs -Werror
warnings:
$(MAKE) V=0 CFLAGS='$(WARNINGS)'
$(MAKE) V=0 CFLAGS='$(WARNINGS)' $(check_PROGRAMS)
# Remove some additional files.
-DISTCLEANFILES = perl/Makefile tests/data/.placeholder
+DISTCLEANFILES = perl/Makefile
MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \
build-aux/depcomp build-aux/install-sh build-aux/missing \
client/wallet.1 config.h.in config.h.in~ configure \
@@ -111,22 +149,24 @@ MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \
all-local: perl/blib/lib/Wallet/Config.pm
perl/blib/lib/Wallet/Config.pm:
- set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
- mkdir perl/Wallet perl/Wallet/ACL perl/Wallet/ACL/Krb5 \
- perl/Wallet/ACL/NetDB perl/Wallet/Kadmin perl/Wallet/Object \
- perl/t perl/t/data perl/t/lib 2>/dev/null || true ; \
- for f in $(PERL_FILES) ; do \
- cp "$(srcdir)/$$f" "$(builddir)/$$f" ; \
- done \
+ set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
+ mkdir perl/Wallet perl/Wallet/ACL perl/Wallet/ACL/Krb5 \
+ perl/Wallet/ACL/LDAP perl/Wallet/ACL/NetDB \
+ perl/Wallet/Kadmin perl/Wallet/Object perl/Wallet/Policy \
+ perl/Wallet/Schema perl/Wallet/Schema/Result perl/sql perl/t \
+ perl/t/data perl/t/lib 2>/dev/null || true ; \
+ for f in $(PERL_FILES) ; do \
+ cp "$(srcdir)/$$f" "$(builddir)/$$f" ; \
+ done \
fi
cd perl && perl Makefile.PL
cd perl && $(MAKE)
install-data-local:
- if [ x"$(DESTDIR)" != x ] ; then \
- cd perl && $(MAKE) install DESTDIR=$(DESTDIR)/ ; \
- else \
- cd perl && $(MAKE) install ; \
+ if [ x"$(DESTDIR)" != x ] ; then \
+ cd perl && $(MAKE) install DESTDIR=$(DESTDIR)/ ; \
+ else \
+ cd perl && $(MAKE) install ; \
fi
# ExtUtils::MakeMaker really likes moving the Makefile aside.
@@ -136,23 +176,24 @@ clean-local:
# Remove the files that we copy over if and only if builddir != srcdir.
distclean-local:
- set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
- rm -f $(PERL_FILES) ; \
+ set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
+ rm -f $(PERL_FILES) ; \
fi
# The bits below are for the test suite, not for the main package.
-check_PROGRAMS = tests/runtests tests/portable/asprintf-t \
- tests/portable/mkstemp-t tests/portable/setenv-t \
- tests/portable/snprintf-t tests/portable/strlcat-t \
- tests/portable/strlcpy-t tests/util/concat-t \
- tests/util/messages-krb5-t tests/util/messages-t tests/util/xmalloc
+check_PROGRAMS = tests/runtests tests/portable/asprintf-t \
+ tests/portable/mkstemp-t tests/portable/setenv-t \
+ tests/portable/snprintf-t tests/portable/strlcat-t \
+ tests/portable/strlcpy-t tests/util/messages-krb5-t \
+ tests/util/messages-t tests/util/xmalloc
tests_runtests_CPPFLAGS = -DSOURCE='"$(abs_top_srcdir)/tests"' \
-DBUILD='"$(abs_top_builddir)/tests"'
check_LIBRARIES = tests/tap/libtap.a
tests_tap_libtap_a_CPPFLAGS = -I$(abs_top_srcdir)/tests $(KRB5_CPPFLAGS)
tests_tap_libtap_a_SOURCES = tests/tap/basic.c tests/tap/basic.h \
- tests/tap/kerberos.c tests/tap/kerberos.h tests/tap/messages.c \
- tests/tap/messages.h tests/tap/process.c tests/tap/process.h
+ tests/tap/kerberos.c tests/tap/kerberos.h tests/tap/macros.h \
+ tests/tap/messages.c tests/tap/messages.h tests/tap/process.c \
+ tests/tap/process.h tests/tap/string.c tests/tap/string.h
# All of the test programs.
tests_portable_asprintf_t_SOURCES = tests/portable/asprintf-t.c \
@@ -173,8 +214,6 @@ tests_portable_strlcat_t_LDADD = tests/tap/libtap.a portable/libportable.a
tests_portable_strlcpy_t_SOURCES = tests/portable/strlcpy-t.c \
tests/portable/strlcpy.c
tests_portable_strlcpy_t_LDADD = tests/tap/libtap.a portable/libportable.a
-tests_util_concat_t_LDADD = tests/tap/libtap.a util/libutil.a \
- portable/libportable.a
tests_util_messages_krb5_t_CPPFLAGS = $(KRB5_CPPFLAGS)
tests_util_messages_krb5_t_LDFLAGS = $(KRB5_LDFLAGS)
tests_util_messages_krb5_t_LDADD = tests/tap/libtap.a util/libutil.a \
diff --git a/Makefile.in b/Makefile.in
index 5e2331f..f902d6b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -18,14 +18,32 @@
# Automake makefile for wallet.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# Copyright 2006, 2007, 2008, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
+
VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -49,14 +67,15 @@ check_PROGRAMS = tests/runtests$(EXEEXT) \
tests/portable/setenv-t$(EXEEXT) \
tests/portable/snprintf-t$(EXEEXT) \
tests/portable/strlcat-t$(EXEEXT) \
- tests/portable/strlcpy-t$(EXEEXT) tests/util/concat-t$(EXEEXT) \
+ tests/portable/strlcpy-t$(EXEEXT) \
tests/util/messages-krb5-t$(EXEEXT) \
tests/util/messages-t$(EXEEXT) tests/util/xmalloc$(EXEEXT)
subdir = .
DIST_COMMON = README $(am__configure_deps) $(dist_man_MANS) \
- $(dist_sbin_SCRIPTS) $(srcdir)/Makefile.am \
- $(srcdir)/Makefile.in $(srcdir)/config.h.in \
- $(top_srcdir)/configure $(top_srcdir)/perl/Makefile.PL.in \
+ $(dist_pkgdata_DATA) $(dist_sbin_SCRIPTS) \
+ $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/config.h.in $(top_srcdir)/configure \
+ $(top_srcdir)/perl/Makefile.PL.in \
$(top_srcdir)/tests/client/basic-t.in \
$(top_srcdir)/tests/client/full-t.in \
$(top_srcdir)/tests/client/prompt-t.in \
@@ -67,7 +86,8 @@ DIST_COMMON = README $(am__configure_deps) $(dist_man_MANS) \
portable/strlcpy.c
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gssapi.m4 \
- $(top_srcdir)/m4/krb5.m4 $(top_srcdir)/m4/lib-depends.m4 \
+ $(top_srcdir)/m4/krb5-config.m4 $(top_srcdir)/m4/krb5.m4 \
+ $(top_srcdir)/m4/lib-depends.m4 \
$(top_srcdir)/m4/lib-pathname.m4 $(top_srcdir)/m4/remctl.m4 \
$(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/vamacros.m4 \
$(top_srcdir)/configure.ac
@@ -83,11 +103,11 @@ CONFIG_CLEAN_VPATH_FILES =
LIBRARIES = $(noinst_LIBRARIES)
AR = ar
ARFLAGS = cru
-AM_V_AR = $(am__v_AR_$(V))
-am__v_AR_ = $(am__v_AR_$(AM_DEFAULT_VERBOSITY))
+AM_V_AR = $(am__v_AR_@AM_V@)
+am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)
am__v_AR_0 = @echo " AR " $@;
-AM_V_at = $(am__v_at_$(V))
-am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
client_libwallet_a_AR = $(AR) $(ARFLAGS)
client_libwallet_a_LIBADD =
@@ -113,17 +133,19 @@ am_tests_tap_libtap_a_OBJECTS = \
tests/tap/tests_tap_libtap_a-basic.$(OBJEXT) \
tests/tap/tests_tap_libtap_a-kerberos.$(OBJEXT) \
tests/tap/tests_tap_libtap_a-messages.$(OBJEXT) \
- tests/tap/tests_tap_libtap_a-process.$(OBJEXT)
+ tests/tap/tests_tap_libtap_a-process.$(OBJEXT) \
+ tests/tap/tests_tap_libtap_a-string.$(OBJEXT)
tests_tap_libtap_a_OBJECTS = $(am_tests_tap_libtap_a_OBJECTS)
util_libutil_a_AR = $(AR) $(ARFLAGS)
util_libutil_a_LIBADD =
-am_util_libutil_a_OBJECTS = util/util_libutil_a-concat.$(OBJEXT) \
+am_util_libutil_a_OBJECTS = \
util/util_libutil_a-messages-krb5.$(OBJEXT) \
util/util_libutil_a-messages.$(OBJEXT) \
util/util_libutil_a-xmalloc.$(OBJEXT)
util_libutil_a_OBJECTS = $(am_util_libutil_a_OBJECTS)
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
- "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"
+ "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" \
+ "$(DESTDIR)$(pkgdatadir)"
PROGRAMS = $(bin_PROGRAMS)
client_wallet_SOURCES = client/wallet.c
client_wallet_OBJECTS = client/client_wallet-wallet.$(OBJEXT)
@@ -186,10 +208,6 @@ tests_portable_strlcpy_t_DEPENDENCIES = tests/tap/libtap.a \
tests_runtests_SOURCES = tests/runtests.c
tests_runtests_OBJECTS = tests/tests_runtests-runtests.$(OBJEXT)
tests_runtests_LDADD = $(LDADD)
-tests_util_concat_t_SOURCES = tests/util/concat-t.c
-tests_util_concat_t_OBJECTS = tests/util/concat-t.$(OBJEXT)
-tests_util_concat_t_DEPENDENCIES = tests/tap/libtap.a util/libutil.a \
- portable/libportable.a
tests_util_messages_krb5_t_SOURCES = tests/util/messages-krb5-t.c
tests_util_messages_krb5_t_OBJECTS = tests/util/tests_util_messages_krb5_t-messages-krb5-t.$(OBJEXT)
tests_util_messages_krb5_t_DEPENDENCIES = tests/tap/libtap.a \
@@ -225,26 +243,32 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
SCRIPTS = $(dist_sbin_SCRIPTS)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
-AM_V_lt = $(am__v_lt_$(V))
-am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_$(V))
-am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
CCLD = $(CC)
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_$(V))
-am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
-AM_V_GEN = $(am__v_GEN_$(V))
-am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(client_libwallet_a_SOURCES) \
$(portable_libportable_a_SOURCES) \
@@ -256,8 +280,8 @@ SOURCES = $(client_libwallet_a_SOURCES) \
$(tests_portable_snprintf_t_SOURCES) \
$(tests_portable_strlcat_t_SOURCES) \
$(tests_portable_strlcpy_t_SOURCES) tests/runtests.c \
- tests/util/concat-t.c tests/util/messages-krb5-t.c \
- tests/util/messages-t.c tests/util/xmalloc.c
+ tests/util/messages-krb5-t.c tests/util/messages-t.c \
+ tests/util/xmalloc.c
DIST_SOURCES = $(client_libwallet_a_SOURCES) \
$(portable_libportable_a_SOURCES) \
$(tests_tap_libtap_a_SOURCES) $(util_libutil_a_SOURCES) \
@@ -268,24 +292,34 @@ DIST_SOURCES = $(client_libwallet_a_SOURCES) \
$(tests_portable_snprintf_t_SOURCES) \
$(tests_portable_strlcat_t_SOURCES) \
$(tests_portable_strlcpy_t_SOURCES) tests/runtests.c \
- tests/util/concat-t.c tests/util/messages-krb5-t.c \
- tests/util/messages-t.c tests/util/xmalloc.c
+ tests/util/messages-krb5-t.c tests/util/messages-t.c \
+ tests/util/xmalloc.c
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
man1dir = $(mandir)/man1
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(dist_man_MANS)
+DATA = $(dist_pkgdata_DATA)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
- { test ! -d "$(distdir)" \
- || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
- && rm -fr "$(distdir)"; }; }
-DIST_ARCHIVES = $(distdir).tar.gz
+ if test -d "$(distdir)"; then \
+ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -rf "$(distdir)" \
+ || { sleep 5 && rm -rf "$(distdir)"; }; \
+ else :; fi
+DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.xz
GZIP_ENV = --best
distuninstallcheck_listfiles = find . -type f -print
+am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
+ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -316,7 +350,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-KRB5_CONFIG = @KRB5_CONFIG@
KRB5_CPPFLAGS = @KRB5_CPPFLAGS@
KRB5_LDFLAGS = @KRB5_LDFLAGS@
KRB5_LIBS = @KRB5_LIBS@
@@ -335,6 +368,7 @@ PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_KRB5_CONFIG = @PATH_KRB5_CONFIG@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
REMCTLD = @REMCTLD@
@@ -392,43 +426,68 @@ top_srcdir = @top_srcdir@
# and are not generated or touched by configure. They're listed here to be
# added to EXTRA_DIST and so that they can be copied over properly for
# builddir != srcdir builds.
-PERL_FILES = perl/Wallet/ACL.pm perl/Wallet/ACL/Base.pm \
- perl/Wallet/ACL/Krb5.pm perl/Wallet/ACL/Krb5/Regex.pm \
- perl/Wallet/ACL/NetDB.pm perl/Wallet/ACL/NetDB/Root.pm \
- perl/Wallet/Admin.pm perl/Wallet/Config.pm perl/Wallet/Database.pm \
- perl/Wallet/Kadmin.pm perl/Wallet/Kadmin/Heimdal.pm \
- perl/Wallet/Kadmin/MIT.pm perl/Wallet/Object/Base.pm \
- perl/Wallet/Object/File.pm perl/Wallet/Object/Keytab.pm \
- perl/Wallet/Report.pm perl/Wallet/Schema.pm perl/Wallet/Server.pm \
- perl/t/acl.t perl/t/admin.t perl/t/config.t perl/t/data/README \
- perl/t/data/keytab-fake perl/t/data/keytab.conf \
- perl/t/data/netdb.conf perl/t/data/netdb-fake perl/t/file.t \
- perl/t/init.t perl/t/kadmin.t perl/t/keytab.t perl/t/lib/Util.pm \
- perl/t/object.t perl/t/pod-spelling.t perl/t/pod.t perl/t/report.t \
- perl/t/schema.t perl/t/server.t perl/t/verifier-netdb.t \
- perl/t/verifier.t
-
-AUTOMAKE_OPTIONS = foreign subdir-objects
+PERL_FILES = perl/Wallet/ACL.pm perl/Wallet/ACL/Base.pm \
+ perl/Wallet/ACL/Krb5.pm perl/Wallet/ACL/Krb5/Regex.pm \
+ perl/Wallet/ACL/LDAP/Attribute.pm perl/Wallet/ACL/NetDB.pm \
+ perl/Wallet/ACL/NetDB/Root.pm perl/Wallet/Admin.pm \
+ perl/Wallet/Config.pm perl/Wallet/Database.pm perl/Wallet/Kadmin.pm \
+ perl/Wallet/Kadmin/Heimdal.pm perl/Wallet/Kadmin/MIT.pm \
+ perl/Wallet/Object/Base.pm perl/Wallet/Object/File.pm \
+ perl/Wallet/Object/Keytab.pm perl/Wallet/Object/WAKeyring.pm \
+ perl/Wallet/Policy/Stanford.pm perl/Wallet/Report.pm \
+ perl/Wallet/Schema.pm perl/Wallet/Server.pm \
+ perl/Wallet/Schema/Result/Acl.pm \
+ perl/Wallet/Schema/Result/AclEntry.pm \
+ perl/Wallet/Schema/Result/AclHistory.pm \
+ perl/Wallet/Schema/Result/AclScheme.pm \
+ perl/Wallet/Schema/Result/Enctype.pm \
+ perl/Wallet/Schema/Result/Flag.pm \
+ perl/Wallet/Schema/Result/KeytabEnctype.pm \
+ perl/Wallet/Schema/Result/KeytabSync.pm \
+ perl/Wallet/Schema/Result/Object.pm \
+ perl/Wallet/Schema/Result/ObjectHistory.pm \
+ perl/Wallet/Schema/Result/SyncTarget.pm \
+ perl/Wallet/Schema/Result/Type.pm \
+ perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql \
+ perl/sql/Wallet-Schema-0.07-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-SQLite.sql \
+ perl/sql/Wallet-Schema-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.08-PostgreSQL.sql \
+ perl/sql/Wallet-Schema-0.08-SQLite.sql perl/t/acl.t perl/t/admin.t \
+ perl/t/config.t perl/t/data/README perl/t/data/keytab-fake \
+ perl/t/data/keytab.conf perl/t/data/netdb.conf \
+ perl/t/data/netdb-fake perl/t/file.t perl/t/init.t perl/t/kadmin.t \
+ perl/t/keytab.t perl/t/lib/Util.pm perl/t/object.t \
+ perl/t/pod-spelling.t perl/t/pod.t perl/t/report.t perl/t/server.t \
+ perl/t/stanford-naming.t perl/t/verifier-ldap-attr.t \
+ perl/t/verifier-netdb.t perl/t/verifier.t perl/t/wa-keyring.t
+
ACLOCAL_AMFLAGS = -I m4
-EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod \
- client/wallet-rekey.pod config/allow-extract config/keytab \
- config/keytab.acl config/wallet config/wallet-report.acl docs/design \
- contrib/README contrib/convert-srvtab-db contrib/used-principals \
- contrib/wallet-contacts contrib/wallet-summary \
- contrib/wallet-summary.8 contrib/wallet-unknown-hosts \
- docs/design-acl docs/design-api docs/netdb-role-api docs/notes \
- docs/setup docs/stanford-naming examples/stanford.conf tests/TESTS \
- tests/data/README tests/data/allow-extract tests/data/basic.conf \
- tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \
- tests/data/fake-kadmin tests/data/fake-keytab \
- tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
- tests/data/fake-keytab-merge tests/data/fake-keytab-old \
- tests/data/fake-keytab-partial tests/data/fake-keytab-partial-result \
- tests/data/fake-keytab-rekey tests/data/fake-keytab-unknown \
- tests/data/fake-srvtab tests/data/full.conf tests/data/wallet.conf \
- tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t \
- tests/server/backend-t tests/server/keytab-t tests/server/report-t \
- tests/tap/kerberos.sh tests/tap/libtap.sh tests/tap/remctl.sh \
+EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod \
+ client/wallet-rekey.pod config/allow-extract config/keytab \
+ config/keytab.acl config/wallet config/wallet-report.acl \
+ docs/design contrib/README contrib/convert-srvtab-db \
+ contrib/used-principals contrib/wallet-contacts \
+ contrib/wallet-summary contrib/wallet-summary.8 \
+ contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8 \
+ docs/design-acl docs/design-api docs/netdb-role-api docs/notes \
+ docs/objects-and-schemes docs/setup docs/stanford-naming \
+ examples/stanford.conf perl/create-ddl tests/HOWTO tests/TESTS \
+ tests/config/README tests/data/allow-extract tests/data/basic.conf \
+ tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data \
+ tests/data/fake-kadmin tests/data/fake-keytab \
+ tests/data/fake-keytab-2 tests/data/fake-keytab-foreign \
+ tests/data/fake-keytab-merge tests/data/fake-keytab-old \
+ tests/data/fake-keytab-partial \
+ tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
+ tests/data/fake-keytab-unknown tests/data/fake-srvtab \
+ tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf \
+ tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t \
+ tests/server/backend-t tests/server/keytab-t tests/server/report-t \
+ tests/tap/kerberos.sh tests/tap/libtap.sh \
+ tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm \
+ tests/tap/perl/Test/RRA/Config.pm tests/tap/remctl.sh \
tests/util/xmalloc-t $(PERL_FILES)
noinst_LIBRARIES = portable/libportable.a util/libutil.a \
@@ -439,9 +498,9 @@ portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c \
portable_libportable_a_CPPFLAGS = $(KRB5_CPPFLAGS)
portable_libportable_a_LIBADD = $(LIBOBJS)
-util_libutil_a_SOURCES = util/concat.c util/concat.h util/macros.h \
- util/messages-krb5.c util/messages-krb5.h util/messages.c \
- util/messages.h util/xmalloc.c util/xmalloc.h
+util_libutil_a_SOURCES = util/macros.h util/messages-krb5.c \
+ util/messages-krb5.h util/messages.c util/messages.h util/xmalloc.c \
+ util/xmalloc.h
util_libutil_a_CPPFLAGS = $(KRB5_CPPFLAGS)
client_libwallet_a_SOURCES = client/file.c client/internal.h client/keytab.c \
@@ -465,21 +524,35 @@ dist_man_MANS = client/wallet.1 client/wallet-rekey.1 server/keytab-backend.8 \
server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8
+# Install the SQL files that are used by the server code to do upgrades.
+dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql \
+ perl/sql/Wallet-Schema-0.07-MySQL.sql \
+ perl/sql/Wallet-Schema-0.07-SQLite.sql \
+ perl/sql/Wallet-Schema-0.08-MySQL.sql \
+ perl/sql/Wallet-Schema-0.08-PostgreSQL.sql \
+ perl/sql/Wallet-Schema-0.08-SQLite.sql
+
+
# A set of flags for warnings. Add -O because gcc won't find some warnings
# without optimization turned on. Desirable warnings that can't be turned
# on due to other problems:
#
# -Wconversion http://bugs.debian.org/488884 (htons warnings)
#
-# Last checked against gcc 4.4 (2010-08-15).
-WARNINGS = -g -O -Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self \
- -Wswitch-enum -Wdeclaration-after-statement -Wshadow -Wpointer-arith \
- -Wbad-function-cast -Wwrite-strings -Wstrict-prototypes \
- -Wmissing-prototypes -Wnested-externs -Werror
+# Last checked against gcc 4.6.1 (2011-05-04). -D_FORTIFY_SOURCE=2 enables
+# warn_unused_result attribute markings on glibc functions on Linux, which
+# catches a few more issues.
+WARNINGS = -g -O -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wendif-labels \
+ -Wformat=2 -Winit-self -Wswitch-enum -Wdeclaration-after-statement \
+ -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align \
+ -Wwrite-strings -Wjump-misses-init -Wlogical-op \
+ -Wstrict-prototypes -Wmissing-prototypes -Wredundant-decls \
+ -Wnested-externs -Werror
# Remove some additional files.
-DISTCLEANFILES = perl/Makefile tests/data/.placeholder
+DISTCLEANFILES = perl/Makefile
MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile \
build-aux/depcomp build-aux/install-sh build-aux/missing \
client/wallet.1 config.h.in config.h.in~ configure \
@@ -492,8 +565,9 @@ tests_runtests_CPPFLAGS = -DSOURCE='"$(abs_top_srcdir)/tests"' \
check_LIBRARIES = tests/tap/libtap.a
tests_tap_libtap_a_CPPFLAGS = -I$(abs_top_srcdir)/tests $(KRB5_CPPFLAGS)
tests_tap_libtap_a_SOURCES = tests/tap/basic.c tests/tap/basic.h \
- tests/tap/kerberos.c tests/tap/kerberos.h tests/tap/messages.c \
- tests/tap/messages.h tests/tap/process.c tests/tap/process.h
+ tests/tap/kerberos.c tests/tap/kerberos.h tests/tap/macros.h \
+ tests/tap/messages.c tests/tap/messages.h tests/tap/process.c \
+ tests/tap/process.h tests/tap/string.c tests/tap/string.h
# All of the test programs.
@@ -521,9 +595,6 @@ tests_portable_strlcpy_t_SOURCES = tests/portable/strlcpy-t.c \
tests/portable/strlcpy.c
tests_portable_strlcpy_t_LDADD = tests/tap/libtap.a portable/libportable.a
-tests_util_concat_t_LDADD = tests/tap/libtap.a util/libutil.a \
- portable/libportable.a
-
tests_util_messages_krb5_t_CPPFLAGS = $(KRB5_CPPFLAGS)
tests_util_messages_krb5_t_LDFLAGS = $(KRB5_LDFLAGS)
tests_util_messages_krb5_t_LDADD = tests/tap/libtap.a util/libutil.a \
@@ -538,7 +609,7 @@ all: config.h
.SUFFIXES:
.SUFFIXES: .c .o .obj
-am--refresh:
+am--refresh: Makefile
@:
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
@@ -574,10 +645,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
config.h: stamp-h1
- @if test ! -f $@; then \
- rm -f stamp-h1; \
- $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
- else :; fi
+ @if test ! -f $@; then rm -f stamp-h1; else :; fi
+ @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
@@ -623,7 +692,7 @@ client/client_libwallet_a-remctl.$(OBJEXT): client/$(am__dirstamp) \
client/$(DEPDIR)/$(am__dirstamp)
client/client_libwallet_a-srvtab.$(OBJEXT): client/$(am__dirstamp) \
client/$(DEPDIR)/$(am__dirstamp)
-client/libwallet.a: $(client_libwallet_a_OBJECTS) $(client_libwallet_a_DEPENDENCIES) client/$(am__dirstamp)
+client/libwallet.a: $(client_libwallet_a_OBJECTS) $(client_libwallet_a_DEPENDENCIES) $(EXTRA_client_libwallet_a_DEPENDENCIES) client/$(am__dirstamp)
$(AM_V_at)-rm -f client/libwallet.a
$(AM_V_AR)$(client_libwallet_a_AR) client/libwallet.a $(client_libwallet_a_OBJECTS) $(client_libwallet_a_LIBADD)
$(AM_V_at)$(RANLIB) client/libwallet.a
@@ -637,7 +706,7 @@ portable/portable_libportable_a-dummy.$(OBJEXT): \
portable/$(am__dirstamp) portable/$(DEPDIR)/$(am__dirstamp)
portable/portable_libportable_a-krb5-extra.$(OBJEXT): \
portable/$(am__dirstamp) portable/$(DEPDIR)/$(am__dirstamp)
-portable/libportable.a: $(portable_libportable_a_OBJECTS) $(portable_libportable_a_DEPENDENCIES) portable/$(am__dirstamp)
+portable/libportable.a: $(portable_libportable_a_OBJECTS) $(portable_libportable_a_DEPENDENCIES) $(EXTRA_portable_libportable_a_DEPENDENCIES) portable/$(am__dirstamp)
$(AM_V_at)-rm -f portable/libportable.a
$(AM_V_AR)$(portable_libportable_a_AR) portable/libportable.a $(portable_libportable_a_OBJECTS) $(portable_libportable_a_LIBADD)
$(AM_V_at)$(RANLIB) portable/libportable.a
@@ -655,7 +724,9 @@ tests/tap/tests_tap_libtap_a-messages.$(OBJEXT): \
tests/tap/$(am__dirstamp) tests/tap/$(DEPDIR)/$(am__dirstamp)
tests/tap/tests_tap_libtap_a-process.$(OBJEXT): \
tests/tap/$(am__dirstamp) tests/tap/$(DEPDIR)/$(am__dirstamp)
-tests/tap/libtap.a: $(tests_tap_libtap_a_OBJECTS) $(tests_tap_libtap_a_DEPENDENCIES) tests/tap/$(am__dirstamp)
+tests/tap/tests_tap_libtap_a-string.$(OBJEXT): \
+ tests/tap/$(am__dirstamp) tests/tap/$(DEPDIR)/$(am__dirstamp)
+tests/tap/libtap.a: $(tests_tap_libtap_a_OBJECTS) $(tests_tap_libtap_a_DEPENDENCIES) $(EXTRA_tests_tap_libtap_a_DEPENDENCIES) tests/tap/$(am__dirstamp)
$(AM_V_at)-rm -f tests/tap/libtap.a
$(AM_V_AR)$(tests_tap_libtap_a_AR) tests/tap/libtap.a $(tests_tap_libtap_a_OBJECTS) $(tests_tap_libtap_a_LIBADD)
$(AM_V_at)$(RANLIB) tests/tap/libtap.a
@@ -665,22 +736,23 @@ util/$(am__dirstamp):
util/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) util/$(DEPDIR)
@: > util/$(DEPDIR)/$(am__dirstamp)
-util/util_libutil_a-concat.$(OBJEXT): util/$(am__dirstamp) \
- util/$(DEPDIR)/$(am__dirstamp)
util/util_libutil_a-messages-krb5.$(OBJEXT): util/$(am__dirstamp) \
util/$(DEPDIR)/$(am__dirstamp)
util/util_libutil_a-messages.$(OBJEXT): util/$(am__dirstamp) \
util/$(DEPDIR)/$(am__dirstamp)
util/util_libutil_a-xmalloc.$(OBJEXT): util/$(am__dirstamp) \
util/$(DEPDIR)/$(am__dirstamp)
-util/libutil.a: $(util_libutil_a_OBJECTS) $(util_libutil_a_DEPENDENCIES) util/$(am__dirstamp)
+util/libutil.a: $(util_libutil_a_OBJECTS) $(util_libutil_a_DEPENDENCIES) $(EXTRA_util_libutil_a_DEPENDENCIES) util/$(am__dirstamp)
$(AM_V_at)-rm -f util/libutil.a
$(AM_V_AR)$(util_libutil_a_AR) util/libutil.a $(util_libutil_a_OBJECTS) $(util_libutil_a_LIBADD)
$(AM_V_at)$(RANLIB) util/libutil.a
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+ fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
while read p p1; do if test -f $$p; \
@@ -719,12 +791,12 @@ clean-checkPROGRAMS:
-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
client/client_wallet-wallet.$(OBJEXT): client/$(am__dirstamp) \
client/$(DEPDIR)/$(am__dirstamp)
-client/wallet$(EXEEXT): $(client_wallet_OBJECTS) $(client_wallet_DEPENDENCIES) client/$(am__dirstamp)
+client/wallet$(EXEEXT): $(client_wallet_OBJECTS) $(client_wallet_DEPENDENCIES) $(EXTRA_client_wallet_DEPENDENCIES) client/$(am__dirstamp)
@rm -f client/wallet$(EXEEXT)
$(AM_V_CCLD)$(client_wallet_LINK) $(client_wallet_OBJECTS) $(client_wallet_LDADD) $(LIBS)
client/client_wallet_rekey-wallet-rekey.$(OBJEXT): \
client/$(am__dirstamp) client/$(DEPDIR)/$(am__dirstamp)
-client/wallet-rekey$(EXEEXT): $(client_wallet_rekey_OBJECTS) $(client_wallet_rekey_DEPENDENCIES) client/$(am__dirstamp)
+client/wallet-rekey$(EXEEXT): $(client_wallet_rekey_OBJECTS) $(client_wallet_rekey_DEPENDENCIES) $(EXTRA_client_wallet_rekey_DEPENDENCIES) client/$(am__dirstamp)
@rm -f client/wallet-rekey$(EXEEXT)
$(AM_V_CCLD)$(client_wallet_rekey_LINK) $(client_wallet_rekey_OBJECTS) $(client_wallet_rekey_LDADD) $(LIBS)
tests/portable/$(am__dirstamp):
@@ -737,42 +809,42 @@ tests/portable/asprintf-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
tests/portable/asprintf.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
-tests/portable/asprintf-t$(EXEEXT): $(tests_portable_asprintf_t_OBJECTS) $(tests_portable_asprintf_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
+tests/portable/asprintf-t$(EXEEXT): $(tests_portable_asprintf_t_OBJECTS) $(tests_portable_asprintf_t_DEPENDENCIES) $(EXTRA_tests_portable_asprintf_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
@rm -f tests/portable/asprintf-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_portable_asprintf_t_OBJECTS) $(tests_portable_asprintf_t_LDADD) $(LIBS)
tests/portable/mkstemp-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
tests/portable/mkstemp.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
-tests/portable/mkstemp-t$(EXEEXT): $(tests_portable_mkstemp_t_OBJECTS) $(tests_portable_mkstemp_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
+tests/portable/mkstemp-t$(EXEEXT): $(tests_portable_mkstemp_t_OBJECTS) $(tests_portable_mkstemp_t_DEPENDENCIES) $(EXTRA_tests_portable_mkstemp_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
@rm -f tests/portable/mkstemp-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_portable_mkstemp_t_OBJECTS) $(tests_portable_mkstemp_t_LDADD) $(LIBS)
tests/portable/setenv-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
tests/portable/setenv.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
-tests/portable/setenv-t$(EXEEXT): $(tests_portable_setenv_t_OBJECTS) $(tests_portable_setenv_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
+tests/portable/setenv-t$(EXEEXT): $(tests_portable_setenv_t_OBJECTS) $(tests_portable_setenv_t_DEPENDENCIES) $(EXTRA_tests_portable_setenv_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
@rm -f tests/portable/setenv-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_portable_setenv_t_OBJECTS) $(tests_portable_setenv_t_LDADD) $(LIBS)
tests/portable/snprintf-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
tests/portable/snprintf.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
-tests/portable/snprintf-t$(EXEEXT): $(tests_portable_snprintf_t_OBJECTS) $(tests_portable_snprintf_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
+tests/portable/snprintf-t$(EXEEXT): $(tests_portable_snprintf_t_OBJECTS) $(tests_portable_snprintf_t_DEPENDENCIES) $(EXTRA_tests_portable_snprintf_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
@rm -f tests/portable/snprintf-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_portable_snprintf_t_OBJECTS) $(tests_portable_snprintf_t_LDADD) $(LIBS)
tests/portable/strlcat-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
tests/portable/strlcat.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
-tests/portable/strlcat-t$(EXEEXT): $(tests_portable_strlcat_t_OBJECTS) $(tests_portable_strlcat_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
+tests/portable/strlcat-t$(EXEEXT): $(tests_portable_strlcat_t_OBJECTS) $(tests_portable_strlcat_t_DEPENDENCIES) $(EXTRA_tests_portable_strlcat_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
@rm -f tests/portable/strlcat-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_portable_strlcat_t_OBJECTS) $(tests_portable_strlcat_t_LDADD) $(LIBS)
tests/portable/strlcpy-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
tests/portable/strlcpy.$(OBJEXT): tests/portable/$(am__dirstamp) \
tests/portable/$(DEPDIR)/$(am__dirstamp)
-tests/portable/strlcpy-t$(EXEEXT): $(tests_portable_strlcpy_t_OBJECTS) $(tests_portable_strlcpy_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
+tests/portable/strlcpy-t$(EXEEXT): $(tests_portable_strlcpy_t_OBJECTS) $(tests_portable_strlcpy_t_DEPENDENCIES) $(EXTRA_tests_portable_strlcpy_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
@rm -f tests/portable/strlcpy-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_portable_strlcpy_t_OBJECTS) $(tests_portable_strlcpy_t_LDADD) $(LIBS)
tests/$(am__dirstamp):
@@ -783,7 +855,7 @@ tests/$(DEPDIR)/$(am__dirstamp):
@: > tests/$(DEPDIR)/$(am__dirstamp)
tests/tests_runtests-runtests.$(OBJEXT): tests/$(am__dirstamp) \
tests/$(DEPDIR)/$(am__dirstamp)
-tests/runtests$(EXEEXT): $(tests_runtests_OBJECTS) $(tests_runtests_DEPENDENCIES) tests/$(am__dirstamp)
+tests/runtests$(EXEEXT): $(tests_runtests_OBJECTS) $(tests_runtests_DEPENDENCIES) $(EXTRA_tests_runtests_DEPENDENCIES) tests/$(am__dirstamp)
@rm -f tests/runtests$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_runtests_OBJECTS) $(tests_runtests_LDADD) $(LIBS)
tests/util/$(am__dirstamp):
@@ -792,31 +864,29 @@ tests/util/$(am__dirstamp):
tests/util/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) tests/util/$(DEPDIR)
@: > tests/util/$(DEPDIR)/$(am__dirstamp)
-tests/util/concat-t.$(OBJEXT): tests/util/$(am__dirstamp) \
- tests/util/$(DEPDIR)/$(am__dirstamp)
-tests/util/concat-t$(EXEEXT): $(tests_util_concat_t_OBJECTS) $(tests_util_concat_t_DEPENDENCIES) tests/util/$(am__dirstamp)
- @rm -f tests/util/concat-t$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(tests_util_concat_t_OBJECTS) $(tests_util_concat_t_LDADD) $(LIBS)
tests/util/tests_util_messages_krb5_t-messages-krb5-t.$(OBJEXT): \
tests/util/$(am__dirstamp) \
tests/util/$(DEPDIR)/$(am__dirstamp)
-tests/util/messages-krb5-t$(EXEEXT): $(tests_util_messages_krb5_t_OBJECTS) $(tests_util_messages_krb5_t_DEPENDENCIES) tests/util/$(am__dirstamp)
+tests/util/messages-krb5-t$(EXEEXT): $(tests_util_messages_krb5_t_OBJECTS) $(tests_util_messages_krb5_t_DEPENDENCIES) $(EXTRA_tests_util_messages_krb5_t_DEPENDENCIES) tests/util/$(am__dirstamp)
@rm -f tests/util/messages-krb5-t$(EXEEXT)
$(AM_V_CCLD)$(tests_util_messages_krb5_t_LINK) $(tests_util_messages_krb5_t_OBJECTS) $(tests_util_messages_krb5_t_LDADD) $(LIBS)
tests/util/messages-t.$(OBJEXT): tests/util/$(am__dirstamp) \
tests/util/$(DEPDIR)/$(am__dirstamp)
-tests/util/messages-t$(EXEEXT): $(tests_util_messages_t_OBJECTS) $(tests_util_messages_t_DEPENDENCIES) tests/util/$(am__dirstamp)
+tests/util/messages-t$(EXEEXT): $(tests_util_messages_t_OBJECTS) $(tests_util_messages_t_DEPENDENCIES) $(EXTRA_tests_util_messages_t_DEPENDENCIES) tests/util/$(am__dirstamp)
@rm -f tests/util/messages-t$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_util_messages_t_OBJECTS) $(tests_util_messages_t_LDADD) $(LIBS)
tests/util/xmalloc.$(OBJEXT): tests/util/$(am__dirstamp) \
tests/util/$(DEPDIR)/$(am__dirstamp)
-tests/util/xmalloc$(EXEEXT): $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_DEPENDENCIES) tests/util/$(am__dirstamp)
+tests/util/xmalloc$(EXEEXT): $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_DEPENDENCIES) $(EXTRA_tests_util_xmalloc_DEPENDENCIES) tests/util/$(am__dirstamp)
@rm -f tests/util/xmalloc$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_LDADD) $(LIBS)
install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS)
@$(NORMAL_INSTALL)
- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
@list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
@@ -844,9 +914,7 @@ uninstall-dist_sbinSCRIPTS:
@list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+ dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -876,12 +944,11 @@ mostlyclean-compile:
-rm -f tests/tap/tests_tap_libtap_a-kerberos.$(OBJEXT)
-rm -f tests/tap/tests_tap_libtap_a-messages.$(OBJEXT)
-rm -f tests/tap/tests_tap_libtap_a-process.$(OBJEXT)
+ -rm -f tests/tap/tests_tap_libtap_a-string.$(OBJEXT)
-rm -f tests/tests_runtests-runtests.$(OBJEXT)
- -rm -f tests/util/concat-t.$(OBJEXT)
-rm -f tests/util/messages-t.$(OBJEXT)
-rm -f tests/util/tests_util_messages_krb5_t-messages-krb5-t.$(OBJEXT)
-rm -f tests/util/xmalloc.$(OBJEXT)
- -rm -f util/util_libutil_a-concat.$(OBJEXT)
-rm -f util/util_libutil_a-messages-krb5.$(OBJEXT)
-rm -f util/util_libutil_a-messages.$(OBJEXT)
-rm -f util/util_libutil_a-xmalloc.$(OBJEXT)
@@ -922,11 +989,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tests/util/$(DEPDIR)/concat-t.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tests/util/$(DEPDIR)/messages-t.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tests/util/$(DEPDIR)/xmalloc.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@util/$(DEPDIR)/util_libutil_a-concat.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@util/$(DEPDIR)/util_libutil_a-messages-krb5.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@util/$(DEPDIR)/util_libutil_a-messages.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@util/$(DEPDIR)/util_libutil_a-xmalloc.Po@am__quote@
@@ -935,346 +1001,311 @@ distclean-compile:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
client/client_libwallet_a-file.o: client/file.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-file.o -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-file.Tpo -c -o client/client_libwallet_a-file.o `test -f 'client/file.c' || echo '$(srcdir)/'`client/file.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-file.Tpo client/$(DEPDIR)/client_libwallet_a-file.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/file.c' object='client/client_libwallet_a-file.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/file.c' object='client/client_libwallet_a-file.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-file.o `test -f 'client/file.c' || echo '$(srcdir)/'`client/file.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-file.o `test -f 'client/file.c' || echo '$(srcdir)/'`client/file.c
client/client_libwallet_a-file.obj: client/file.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-file.obj -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-file.Tpo -c -o client/client_libwallet_a-file.obj `if test -f 'client/file.c'; then $(CYGPATH_W) 'client/file.c'; else $(CYGPATH_W) '$(srcdir)/client/file.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-file.Tpo client/$(DEPDIR)/client_libwallet_a-file.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/file.c' object='client/client_libwallet_a-file.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/file.c' object='client/client_libwallet_a-file.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-file.obj `if test -f 'client/file.c'; then $(CYGPATH_W) 'client/file.c'; else $(CYGPATH_W) '$(srcdir)/client/file.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-file.obj `if test -f 'client/file.c'; then $(CYGPATH_W) 'client/file.c'; else $(CYGPATH_W) '$(srcdir)/client/file.c'; fi`
client/client_libwallet_a-keytab.o: client/keytab.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-keytab.o -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-keytab.Tpo -c -o client/client_libwallet_a-keytab.o `test -f 'client/keytab.c' || echo '$(srcdir)/'`client/keytab.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-keytab.Tpo client/$(DEPDIR)/client_libwallet_a-keytab.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/keytab.c' object='client/client_libwallet_a-keytab.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/keytab.c' object='client/client_libwallet_a-keytab.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-keytab.o `test -f 'client/keytab.c' || echo '$(srcdir)/'`client/keytab.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-keytab.o `test -f 'client/keytab.c' || echo '$(srcdir)/'`client/keytab.c
client/client_libwallet_a-keytab.obj: client/keytab.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-keytab.obj -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-keytab.Tpo -c -o client/client_libwallet_a-keytab.obj `if test -f 'client/keytab.c'; then $(CYGPATH_W) 'client/keytab.c'; else $(CYGPATH_W) '$(srcdir)/client/keytab.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-keytab.Tpo client/$(DEPDIR)/client_libwallet_a-keytab.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/keytab.c' object='client/client_libwallet_a-keytab.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/keytab.c' object='client/client_libwallet_a-keytab.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-keytab.obj `if test -f 'client/keytab.c'; then $(CYGPATH_W) 'client/keytab.c'; else $(CYGPATH_W) '$(srcdir)/client/keytab.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-keytab.obj `if test -f 'client/keytab.c'; then $(CYGPATH_W) 'client/keytab.c'; else $(CYGPATH_W) '$(srcdir)/client/keytab.c'; fi`
client/client_libwallet_a-krb5.o: client/krb5.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-krb5.o -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-krb5.Tpo -c -o client/client_libwallet_a-krb5.o `test -f 'client/krb5.c' || echo '$(srcdir)/'`client/krb5.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-krb5.Tpo client/$(DEPDIR)/client_libwallet_a-krb5.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/krb5.c' object='client/client_libwallet_a-krb5.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/krb5.c' object='client/client_libwallet_a-krb5.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-krb5.o `test -f 'client/krb5.c' || echo '$(srcdir)/'`client/krb5.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-krb5.o `test -f 'client/krb5.c' || echo '$(srcdir)/'`client/krb5.c
client/client_libwallet_a-krb5.obj: client/krb5.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-krb5.obj -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-krb5.Tpo -c -o client/client_libwallet_a-krb5.obj `if test -f 'client/krb5.c'; then $(CYGPATH_W) 'client/krb5.c'; else $(CYGPATH_W) '$(srcdir)/client/krb5.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-krb5.Tpo client/$(DEPDIR)/client_libwallet_a-krb5.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/krb5.c' object='client/client_libwallet_a-krb5.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/krb5.c' object='client/client_libwallet_a-krb5.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-krb5.obj `if test -f 'client/krb5.c'; then $(CYGPATH_W) 'client/krb5.c'; else $(CYGPATH_W) '$(srcdir)/client/krb5.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-krb5.obj `if test -f 'client/krb5.c'; then $(CYGPATH_W) 'client/krb5.c'; else $(CYGPATH_W) '$(srcdir)/client/krb5.c'; fi`
client/client_libwallet_a-options.o: client/options.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-options.o -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-options.Tpo -c -o client/client_libwallet_a-options.o `test -f 'client/options.c' || echo '$(srcdir)/'`client/options.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-options.Tpo client/$(DEPDIR)/client_libwallet_a-options.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/options.c' object='client/client_libwallet_a-options.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/options.c' object='client/client_libwallet_a-options.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-options.o `test -f 'client/options.c' || echo '$(srcdir)/'`client/options.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-options.o `test -f 'client/options.c' || echo '$(srcdir)/'`client/options.c
client/client_libwallet_a-options.obj: client/options.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-options.obj -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-options.Tpo -c -o client/client_libwallet_a-options.obj `if test -f 'client/options.c'; then $(CYGPATH_W) 'client/options.c'; else $(CYGPATH_W) '$(srcdir)/client/options.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-options.Tpo client/$(DEPDIR)/client_libwallet_a-options.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/options.c' object='client/client_libwallet_a-options.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/options.c' object='client/client_libwallet_a-options.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-options.obj `if test -f 'client/options.c'; then $(CYGPATH_W) 'client/options.c'; else $(CYGPATH_W) '$(srcdir)/client/options.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-options.obj `if test -f 'client/options.c'; then $(CYGPATH_W) 'client/options.c'; else $(CYGPATH_W) '$(srcdir)/client/options.c'; fi`
client/client_libwallet_a-remctl.o: client/remctl.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-remctl.o -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-remctl.Tpo -c -o client/client_libwallet_a-remctl.o `test -f 'client/remctl.c' || echo '$(srcdir)/'`client/remctl.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-remctl.Tpo client/$(DEPDIR)/client_libwallet_a-remctl.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/remctl.c' object='client/client_libwallet_a-remctl.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/remctl.c' object='client/client_libwallet_a-remctl.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-remctl.o `test -f 'client/remctl.c' || echo '$(srcdir)/'`client/remctl.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-remctl.o `test -f 'client/remctl.c' || echo '$(srcdir)/'`client/remctl.c
client/client_libwallet_a-remctl.obj: client/remctl.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-remctl.obj -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-remctl.Tpo -c -o client/client_libwallet_a-remctl.obj `if test -f 'client/remctl.c'; then $(CYGPATH_W) 'client/remctl.c'; else $(CYGPATH_W) '$(srcdir)/client/remctl.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-remctl.Tpo client/$(DEPDIR)/client_libwallet_a-remctl.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/remctl.c' object='client/client_libwallet_a-remctl.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/remctl.c' object='client/client_libwallet_a-remctl.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-remctl.obj `if test -f 'client/remctl.c'; then $(CYGPATH_W) 'client/remctl.c'; else $(CYGPATH_W) '$(srcdir)/client/remctl.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-remctl.obj `if test -f 'client/remctl.c'; then $(CYGPATH_W) 'client/remctl.c'; else $(CYGPATH_W) '$(srcdir)/client/remctl.c'; fi`
client/client_libwallet_a-srvtab.o: client/srvtab.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-srvtab.o -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-srvtab.Tpo -c -o client/client_libwallet_a-srvtab.o `test -f 'client/srvtab.c' || echo '$(srcdir)/'`client/srvtab.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-srvtab.Tpo client/$(DEPDIR)/client_libwallet_a-srvtab.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/srvtab.c' object='client/client_libwallet_a-srvtab.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/srvtab.c' object='client/client_libwallet_a-srvtab.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-srvtab.o `test -f 'client/srvtab.c' || echo '$(srcdir)/'`client/srvtab.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-srvtab.o `test -f 'client/srvtab.c' || echo '$(srcdir)/'`client/srvtab.c
client/client_libwallet_a-srvtab.obj: client/srvtab.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_libwallet_a-srvtab.obj -MD -MP -MF client/$(DEPDIR)/client_libwallet_a-srvtab.Tpo -c -o client/client_libwallet_a-srvtab.obj `if test -f 'client/srvtab.c'; then $(CYGPATH_W) 'client/srvtab.c'; else $(CYGPATH_W) '$(srcdir)/client/srvtab.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_libwallet_a-srvtab.Tpo client/$(DEPDIR)/client_libwallet_a-srvtab.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/srvtab.c' object='client/client_libwallet_a-srvtab.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/srvtab.c' object='client/client_libwallet_a-srvtab.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-srvtab.obj `if test -f 'client/srvtab.c'; then $(CYGPATH_W) 'client/srvtab.c'; else $(CYGPATH_W) '$(srcdir)/client/srvtab.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_libwallet_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_libwallet_a-srvtab.obj `if test -f 'client/srvtab.c'; then $(CYGPATH_W) 'client/srvtab.c'; else $(CYGPATH_W) '$(srcdir)/client/srvtab.c'; fi`
portable/portable_libportable_a-dummy.o: portable/dummy.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portable/portable_libportable_a-dummy.o -MD -MP -MF portable/$(DEPDIR)/portable_libportable_a-dummy.Tpo -c -o portable/portable_libportable_a-dummy.o `test -f 'portable/dummy.c' || echo '$(srcdir)/'`portable/dummy.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) portable/$(DEPDIR)/portable_libportable_a-dummy.Tpo portable/$(DEPDIR)/portable_libportable_a-dummy.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='portable/dummy.c' object='portable/portable_libportable_a-dummy.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='portable/dummy.c' object='portable/portable_libportable_a-dummy.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-dummy.o `test -f 'portable/dummy.c' || echo '$(srcdir)/'`portable/dummy.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-dummy.o `test -f 'portable/dummy.c' || echo '$(srcdir)/'`portable/dummy.c
portable/portable_libportable_a-dummy.obj: portable/dummy.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portable/portable_libportable_a-dummy.obj -MD -MP -MF portable/$(DEPDIR)/portable_libportable_a-dummy.Tpo -c -o portable/portable_libportable_a-dummy.obj `if test -f 'portable/dummy.c'; then $(CYGPATH_W) 'portable/dummy.c'; else $(CYGPATH_W) '$(srcdir)/portable/dummy.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) portable/$(DEPDIR)/portable_libportable_a-dummy.Tpo portable/$(DEPDIR)/portable_libportable_a-dummy.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='portable/dummy.c' object='portable/portable_libportable_a-dummy.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='portable/dummy.c' object='portable/portable_libportable_a-dummy.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-dummy.obj `if test -f 'portable/dummy.c'; then $(CYGPATH_W) 'portable/dummy.c'; else $(CYGPATH_W) '$(srcdir)/portable/dummy.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-dummy.obj `if test -f 'portable/dummy.c'; then $(CYGPATH_W) 'portable/dummy.c'; else $(CYGPATH_W) '$(srcdir)/portable/dummy.c'; fi`
portable/portable_libportable_a-krb5-extra.o: portable/krb5-extra.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portable/portable_libportable_a-krb5-extra.o -MD -MP -MF portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo -c -o portable/portable_libportable_a-krb5-extra.o `test -f 'portable/krb5-extra.c' || echo '$(srcdir)/'`portable/krb5-extra.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='portable/krb5-extra.c' object='portable/portable_libportable_a-krb5-extra.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='portable/krb5-extra.c' object='portable/portable_libportable_a-krb5-extra.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-krb5-extra.o `test -f 'portable/krb5-extra.c' || echo '$(srcdir)/'`portable/krb5-extra.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-krb5-extra.o `test -f 'portable/krb5-extra.c' || echo '$(srcdir)/'`portable/krb5-extra.c
portable/portable_libportable_a-krb5-extra.obj: portable/krb5-extra.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portable/portable_libportable_a-krb5-extra.obj -MD -MP -MF portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo -c -o portable/portable_libportable_a-krb5-extra.obj `if test -f 'portable/krb5-extra.c'; then $(CYGPATH_W) 'portable/krb5-extra.c'; else $(CYGPATH_W) '$(srcdir)/portable/krb5-extra.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Tpo portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='portable/krb5-extra.c' object='portable/portable_libportable_a-krb5-extra.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='portable/krb5-extra.c' object='portable/portable_libportable_a-krb5-extra.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-krb5-extra.obj `if test -f 'portable/krb5-extra.c'; then $(CYGPATH_W) 'portable/krb5-extra.c'; else $(CYGPATH_W) '$(srcdir)/portable/krb5-extra.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portable_libportable_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portable/portable_libportable_a-krb5-extra.obj `if test -f 'portable/krb5-extra.c'; then $(CYGPATH_W) 'portable/krb5-extra.c'; else $(CYGPATH_W) '$(srcdir)/portable/krb5-extra.c'; fi`
tests/tap/tests_tap_libtap_a-basic.o: tests/tap/basic.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-basic.o -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Tpo -c -o tests/tap/tests_tap_libtap_a-basic.o `test -f 'tests/tap/basic.c' || echo '$(srcdir)/'`tests/tap/basic.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/basic.c' object='tests/tap/tests_tap_libtap_a-basic.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/basic.c' object='tests/tap/tests_tap_libtap_a-basic.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-basic.o `test -f 'tests/tap/basic.c' || echo '$(srcdir)/'`tests/tap/basic.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-basic.o `test -f 'tests/tap/basic.c' || echo '$(srcdir)/'`tests/tap/basic.c
tests/tap/tests_tap_libtap_a-basic.obj: tests/tap/basic.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-basic.obj -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Tpo -c -o tests/tap/tests_tap_libtap_a-basic.obj `if test -f 'tests/tap/basic.c'; then $(CYGPATH_W) 'tests/tap/basic.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/basic.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-basic.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/basic.c' object='tests/tap/tests_tap_libtap_a-basic.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/basic.c' object='tests/tap/tests_tap_libtap_a-basic.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-basic.obj `if test -f 'tests/tap/basic.c'; then $(CYGPATH_W) 'tests/tap/basic.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/basic.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-basic.obj `if test -f 'tests/tap/basic.c'; then $(CYGPATH_W) 'tests/tap/basic.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/basic.c'; fi`
tests/tap/tests_tap_libtap_a-kerberos.o: tests/tap/kerberos.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-kerberos.o -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Tpo -c -o tests/tap/tests_tap_libtap_a-kerberos.o `test -f 'tests/tap/kerberos.c' || echo '$(srcdir)/'`tests/tap/kerberos.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/kerberos.c' object='tests/tap/tests_tap_libtap_a-kerberos.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/kerberos.c' object='tests/tap/tests_tap_libtap_a-kerberos.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-kerberos.o `test -f 'tests/tap/kerberos.c' || echo '$(srcdir)/'`tests/tap/kerberos.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-kerberos.o `test -f 'tests/tap/kerberos.c' || echo '$(srcdir)/'`tests/tap/kerberos.c
tests/tap/tests_tap_libtap_a-kerberos.obj: tests/tap/kerberos.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-kerberos.obj -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Tpo -c -o tests/tap/tests_tap_libtap_a-kerberos.obj `if test -f 'tests/tap/kerberos.c'; then $(CYGPATH_W) 'tests/tap/kerberos.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/kerberos.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-kerberos.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/kerberos.c' object='tests/tap/tests_tap_libtap_a-kerberos.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/kerberos.c' object='tests/tap/tests_tap_libtap_a-kerberos.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-kerberos.obj `if test -f 'tests/tap/kerberos.c'; then $(CYGPATH_W) 'tests/tap/kerberos.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/kerberos.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-kerberos.obj `if test -f 'tests/tap/kerberos.c'; then $(CYGPATH_W) 'tests/tap/kerberos.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/kerberos.c'; fi`
tests/tap/tests_tap_libtap_a-messages.o: tests/tap/messages.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-messages.o -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Tpo -c -o tests/tap/tests_tap_libtap_a-messages.o `test -f 'tests/tap/messages.c' || echo '$(srcdir)/'`tests/tap/messages.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/messages.c' object='tests/tap/tests_tap_libtap_a-messages.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/messages.c' object='tests/tap/tests_tap_libtap_a-messages.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-messages.o `test -f 'tests/tap/messages.c' || echo '$(srcdir)/'`tests/tap/messages.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-messages.o `test -f 'tests/tap/messages.c' || echo '$(srcdir)/'`tests/tap/messages.c
tests/tap/tests_tap_libtap_a-messages.obj: tests/tap/messages.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-messages.obj -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Tpo -c -o tests/tap/tests_tap_libtap_a-messages.obj `if test -f 'tests/tap/messages.c'; then $(CYGPATH_W) 'tests/tap/messages.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/messages.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-messages.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/messages.c' object='tests/tap/tests_tap_libtap_a-messages.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/messages.c' object='tests/tap/tests_tap_libtap_a-messages.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-messages.obj `if test -f 'tests/tap/messages.c'; then $(CYGPATH_W) 'tests/tap/messages.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/messages.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-messages.obj `if test -f 'tests/tap/messages.c'; then $(CYGPATH_W) 'tests/tap/messages.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/messages.c'; fi`
tests/tap/tests_tap_libtap_a-process.o: tests/tap/process.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-process.o -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Tpo -c -o tests/tap/tests_tap_libtap_a-process.o `test -f 'tests/tap/process.c' || echo '$(srcdir)/'`tests/tap/process.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/process.c' object='tests/tap/tests_tap_libtap_a-process.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/process.c' object='tests/tap/tests_tap_libtap_a-process.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-process.o `test -f 'tests/tap/process.c' || echo '$(srcdir)/'`tests/tap/process.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-process.o `test -f 'tests/tap/process.c' || echo '$(srcdir)/'`tests/tap/process.c
tests/tap/tests_tap_libtap_a-process.obj: tests/tap/process.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-process.obj -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Tpo -c -o tests/tap/tests_tap_libtap_a-process.obj `if test -f 'tests/tap/process.c'; then $(CYGPATH_W) 'tests/tap/process.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/process.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-process.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/tap/process.c' object='tests/tap/tests_tap_libtap_a-process.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/process.c' object='tests/tap/tests_tap_libtap_a-process.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-process.obj `if test -f 'tests/tap/process.c'; then $(CYGPATH_W) 'tests/tap/process.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/process.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-process.obj `if test -f 'tests/tap/process.c'; then $(CYGPATH_W) 'tests/tap/process.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/process.c'; fi`
-util/util_libutil_a-concat.o: util/concat.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-concat.o -MD -MP -MF util/$(DEPDIR)/util_libutil_a-concat.Tpo -c -o util/util_libutil_a-concat.o `test -f 'util/concat.c' || echo '$(srcdir)/'`util/concat.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-concat.Tpo util/$(DEPDIR)/util_libutil_a-concat.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/concat.c' object='util/util_libutil_a-concat.o' libtool=no @AMDEPBACKSLASH@
+tests/tap/tests_tap_libtap_a-string.o: tests/tap/string.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-string.o -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Tpo -c -o tests/tap/tests_tap_libtap_a-string.o `test -f 'tests/tap/string.c' || echo '$(srcdir)/'`tests/tap/string.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/string.c' object='tests/tap/tests_tap_libtap_a-string.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-concat.o `test -f 'util/concat.c' || echo '$(srcdir)/'`util/concat.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-string.o `test -f 'tests/tap/string.c' || echo '$(srcdir)/'`tests/tap/string.c
-util/util_libutil_a-concat.obj: util/concat.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-concat.obj -MD -MP -MF util/$(DEPDIR)/util_libutil_a-concat.Tpo -c -o util/util_libutil_a-concat.obj `if test -f 'util/concat.c'; then $(CYGPATH_W) 'util/concat.c'; else $(CYGPATH_W) '$(srcdir)/util/concat.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-concat.Tpo util/$(DEPDIR)/util_libutil_a-concat.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/concat.c' object='util/util_libutil_a-concat.obj' libtool=no @AMDEPBACKSLASH@
+tests/tap/tests_tap_libtap_a-string.obj: tests/tap/string.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tap/tests_tap_libtap_a-string.obj -MD -MP -MF tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Tpo -c -o tests/tap/tests_tap_libtap_a-string.obj `if test -f 'tests/tap/string.c'; then $(CYGPATH_W) 'tests/tap/string.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/string.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Tpo tests/tap/$(DEPDIR)/tests_tap_libtap_a-string.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/tap/string.c' object='tests/tap/tests_tap_libtap_a-string.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-concat.obj `if test -f 'util/concat.c'; then $(CYGPATH_W) 'util/concat.c'; else $(CYGPATH_W) '$(srcdir)/util/concat.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_tap_libtap_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tap/tests_tap_libtap_a-string.obj `if test -f 'tests/tap/string.c'; then $(CYGPATH_W) 'tests/tap/string.c'; else $(CYGPATH_W) '$(srcdir)/tests/tap/string.c'; fi`
util/util_libutil_a-messages-krb5.o: util/messages-krb5.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-messages-krb5.o -MD -MP -MF util/$(DEPDIR)/util_libutil_a-messages-krb5.Tpo -c -o util/util_libutil_a-messages-krb5.o `test -f 'util/messages-krb5.c' || echo '$(srcdir)/'`util/messages-krb5.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-messages-krb5.Tpo util/$(DEPDIR)/util_libutil_a-messages-krb5.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/messages-krb5.c' object='util/util_libutil_a-messages-krb5.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util/messages-krb5.c' object='util/util_libutil_a-messages-krb5.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages-krb5.o `test -f 'util/messages-krb5.c' || echo '$(srcdir)/'`util/messages-krb5.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages-krb5.o `test -f 'util/messages-krb5.c' || echo '$(srcdir)/'`util/messages-krb5.c
util/util_libutil_a-messages-krb5.obj: util/messages-krb5.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-messages-krb5.obj -MD -MP -MF util/$(DEPDIR)/util_libutil_a-messages-krb5.Tpo -c -o util/util_libutil_a-messages-krb5.obj `if test -f 'util/messages-krb5.c'; then $(CYGPATH_W) 'util/messages-krb5.c'; else $(CYGPATH_W) '$(srcdir)/util/messages-krb5.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-messages-krb5.Tpo util/$(DEPDIR)/util_libutil_a-messages-krb5.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/messages-krb5.c' object='util/util_libutil_a-messages-krb5.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util/messages-krb5.c' object='util/util_libutil_a-messages-krb5.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages-krb5.obj `if test -f 'util/messages-krb5.c'; then $(CYGPATH_W) 'util/messages-krb5.c'; else $(CYGPATH_W) '$(srcdir)/util/messages-krb5.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages-krb5.obj `if test -f 'util/messages-krb5.c'; then $(CYGPATH_W) 'util/messages-krb5.c'; else $(CYGPATH_W) '$(srcdir)/util/messages-krb5.c'; fi`
util/util_libutil_a-messages.o: util/messages.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-messages.o -MD -MP -MF util/$(DEPDIR)/util_libutil_a-messages.Tpo -c -o util/util_libutil_a-messages.o `test -f 'util/messages.c' || echo '$(srcdir)/'`util/messages.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-messages.Tpo util/$(DEPDIR)/util_libutil_a-messages.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/messages.c' object='util/util_libutil_a-messages.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util/messages.c' object='util/util_libutil_a-messages.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages.o `test -f 'util/messages.c' || echo '$(srcdir)/'`util/messages.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages.o `test -f 'util/messages.c' || echo '$(srcdir)/'`util/messages.c
util/util_libutil_a-messages.obj: util/messages.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-messages.obj -MD -MP -MF util/$(DEPDIR)/util_libutil_a-messages.Tpo -c -o util/util_libutil_a-messages.obj `if test -f 'util/messages.c'; then $(CYGPATH_W) 'util/messages.c'; else $(CYGPATH_W) '$(srcdir)/util/messages.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-messages.Tpo util/$(DEPDIR)/util_libutil_a-messages.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/messages.c' object='util/util_libutil_a-messages.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util/messages.c' object='util/util_libutil_a-messages.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages.obj `if test -f 'util/messages.c'; then $(CYGPATH_W) 'util/messages.c'; else $(CYGPATH_W) '$(srcdir)/util/messages.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-messages.obj `if test -f 'util/messages.c'; then $(CYGPATH_W) 'util/messages.c'; else $(CYGPATH_W) '$(srcdir)/util/messages.c'; fi`
util/util_libutil_a-xmalloc.o: util/xmalloc.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-xmalloc.o -MD -MP -MF util/$(DEPDIR)/util_libutil_a-xmalloc.Tpo -c -o util/util_libutil_a-xmalloc.o `test -f 'util/xmalloc.c' || echo '$(srcdir)/'`util/xmalloc.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-xmalloc.Tpo util/$(DEPDIR)/util_libutil_a-xmalloc.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/xmalloc.c' object='util/util_libutil_a-xmalloc.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util/xmalloc.c' object='util/util_libutil_a-xmalloc.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-xmalloc.o `test -f 'util/xmalloc.c' || echo '$(srcdir)/'`util/xmalloc.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-xmalloc.o `test -f 'util/xmalloc.c' || echo '$(srcdir)/'`util/xmalloc.c
util/util_libutil_a-xmalloc.obj: util/xmalloc.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT util/util_libutil_a-xmalloc.obj -MD -MP -MF util/$(DEPDIR)/util_libutil_a-xmalloc.Tpo -c -o util/util_libutil_a-xmalloc.obj `if test -f 'util/xmalloc.c'; then $(CYGPATH_W) 'util/xmalloc.c'; else $(CYGPATH_W) '$(srcdir)/util/xmalloc.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) util/$(DEPDIR)/util_libutil_a-xmalloc.Tpo util/$(DEPDIR)/util_libutil_a-xmalloc.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='util/xmalloc.c' object='util/util_libutil_a-xmalloc.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='util/xmalloc.c' object='util/util_libutil_a-xmalloc.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-xmalloc.obj `if test -f 'util/xmalloc.c'; then $(CYGPATH_W) 'util/xmalloc.c'; else $(CYGPATH_W) '$(srcdir)/util/xmalloc.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(util_libutil_a_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o util/util_libutil_a-xmalloc.obj `if test -f 'util/xmalloc.c'; then $(CYGPATH_W) 'util/xmalloc.c'; else $(CYGPATH_W) '$(srcdir)/util/xmalloc.c'; fi`
client/client_wallet-wallet.o: client/wallet.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_wallet-wallet.o -MD -MP -MF client/$(DEPDIR)/client_wallet-wallet.Tpo -c -o client/client_wallet-wallet.o `test -f 'client/wallet.c' || echo '$(srcdir)/'`client/wallet.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_wallet-wallet.Tpo client/$(DEPDIR)/client_wallet-wallet.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/wallet.c' object='client/client_wallet-wallet.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/wallet.c' object='client/client_wallet-wallet.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet-wallet.o `test -f 'client/wallet.c' || echo '$(srcdir)/'`client/wallet.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet-wallet.o `test -f 'client/wallet.c' || echo '$(srcdir)/'`client/wallet.c
client/client_wallet-wallet.obj: client/wallet.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_wallet-wallet.obj -MD -MP -MF client/$(DEPDIR)/client_wallet-wallet.Tpo -c -o client/client_wallet-wallet.obj `if test -f 'client/wallet.c'; then $(CYGPATH_W) 'client/wallet.c'; else $(CYGPATH_W) '$(srcdir)/client/wallet.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_wallet-wallet.Tpo client/$(DEPDIR)/client_wallet-wallet.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/wallet.c' object='client/client_wallet-wallet.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/wallet.c' object='client/client_wallet-wallet.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet-wallet.obj `if test -f 'client/wallet.c'; then $(CYGPATH_W) 'client/wallet.c'; else $(CYGPATH_W) '$(srcdir)/client/wallet.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet-wallet.obj `if test -f 'client/wallet.c'; then $(CYGPATH_W) 'client/wallet.c'; else $(CYGPATH_W) '$(srcdir)/client/wallet.c'; fi`
client/client_wallet_rekey-wallet-rekey.o: client/wallet-rekey.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_rekey_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_wallet_rekey-wallet-rekey.o -MD -MP -MF client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Tpo -c -o client/client_wallet_rekey-wallet-rekey.o `test -f 'client/wallet-rekey.c' || echo '$(srcdir)/'`client/wallet-rekey.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Tpo client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/wallet-rekey.c' object='client/client_wallet_rekey-wallet-rekey.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/wallet-rekey.c' object='client/client_wallet_rekey-wallet-rekey.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_rekey_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet_rekey-wallet-rekey.o `test -f 'client/wallet-rekey.c' || echo '$(srcdir)/'`client/wallet-rekey.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_rekey_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet_rekey-wallet-rekey.o `test -f 'client/wallet-rekey.c' || echo '$(srcdir)/'`client/wallet-rekey.c
client/client_wallet_rekey-wallet-rekey.obj: client/wallet-rekey.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_rekey_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT client/client_wallet_rekey-wallet-rekey.obj -MD -MP -MF client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Tpo -c -o client/client_wallet_rekey-wallet-rekey.obj `if test -f 'client/wallet-rekey.c'; then $(CYGPATH_W) 'client/wallet-rekey.c'; else $(CYGPATH_W) '$(srcdir)/client/wallet-rekey.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Tpo client/$(DEPDIR)/client_wallet_rekey-wallet-rekey.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='client/wallet-rekey.c' object='client/client_wallet_rekey-wallet-rekey.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='client/wallet-rekey.c' object='client/client_wallet_rekey-wallet-rekey.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_rekey_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet_rekey-wallet-rekey.obj `if test -f 'client/wallet-rekey.c'; then $(CYGPATH_W) 'client/wallet-rekey.c'; else $(CYGPATH_W) '$(srcdir)/client/wallet-rekey.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(client_wallet_rekey_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o client/client_wallet_rekey-wallet-rekey.obj `if test -f 'client/wallet-rekey.c'; then $(CYGPATH_W) 'client/wallet-rekey.c'; else $(CYGPATH_W) '$(srcdir)/client/wallet-rekey.c'; fi`
tests/tests_runtests-runtests.o: tests/runtests.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_runtests_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tests_runtests-runtests.o -MD -MP -MF tests/$(DEPDIR)/tests_runtests-runtests.Tpo -c -o tests/tests_runtests-runtests.o `test -f 'tests/runtests.c' || echo '$(srcdir)/'`tests/runtests.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/$(DEPDIR)/tests_runtests-runtests.Tpo tests/$(DEPDIR)/tests_runtests-runtests.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/runtests.c' object='tests/tests_runtests-runtests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/runtests.c' object='tests/tests_runtests-runtests.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_runtests_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tests_runtests-runtests.o `test -f 'tests/runtests.c' || echo '$(srcdir)/'`tests/runtests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_runtests_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tests_runtests-runtests.o `test -f 'tests/runtests.c' || echo '$(srcdir)/'`tests/runtests.c
tests/tests_runtests-runtests.obj: tests/runtests.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_runtests_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/tests_runtests-runtests.obj -MD -MP -MF tests/$(DEPDIR)/tests_runtests-runtests.Tpo -c -o tests/tests_runtests-runtests.obj `if test -f 'tests/runtests.c'; then $(CYGPATH_W) 'tests/runtests.c'; else $(CYGPATH_W) '$(srcdir)/tests/runtests.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/$(DEPDIR)/tests_runtests-runtests.Tpo tests/$(DEPDIR)/tests_runtests-runtests.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/runtests.c' object='tests/tests_runtests-runtests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/runtests.c' object='tests/tests_runtests-runtests.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_runtests_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tests_runtests-runtests.obj `if test -f 'tests/runtests.c'; then $(CYGPATH_W) 'tests/runtests.c'; else $(CYGPATH_W) '$(srcdir)/tests/runtests.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_runtests_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/tests_runtests-runtests.obj `if test -f 'tests/runtests.c'; then $(CYGPATH_W) 'tests/runtests.c'; else $(CYGPATH_W) '$(srcdir)/tests/runtests.c'; fi`
tests/util/tests_util_messages_krb5_t-messages-krb5-t.o: tests/util/messages-krb5-t.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_util_messages_krb5_t_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/util/tests_util_messages_krb5_t-messages-krb5-t.o -MD -MP -MF tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Tpo -c -o tests/util/tests_util_messages_krb5_t-messages-krb5-t.o `test -f 'tests/util/messages-krb5-t.c' || echo '$(srcdir)/'`tests/util/messages-krb5-t.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Tpo tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/util/messages-krb5-t.c' object='tests/util/tests_util_messages_krb5_t-messages-krb5-t.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/util/messages-krb5-t.c' object='tests/util/tests_util_messages_krb5_t-messages-krb5-t.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_util_messages_krb5_t_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/util/tests_util_messages_krb5_t-messages-krb5-t.o `test -f 'tests/util/messages-krb5-t.c' || echo '$(srcdir)/'`tests/util/messages-krb5-t.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_util_messages_krb5_t_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/util/tests_util_messages_krb5_t-messages-krb5-t.o `test -f 'tests/util/messages-krb5-t.c' || echo '$(srcdir)/'`tests/util/messages-krb5-t.c
tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj: tests/util/messages-krb5-t.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_util_messages_krb5_t_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj -MD -MP -MF tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Tpo -c -o tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj `if test -f 'tests/util/messages-krb5-t.c'; then $(CYGPATH_W) 'tests/util/messages-krb5-t.c'; else $(CYGPATH_W) '$(srcdir)/tests/util/messages-krb5-t.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Tpo tests/util/$(DEPDIR)/tests_util_messages_krb5_t-messages-krb5-t.Po
-@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/util/messages-krb5-t.c' object='tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests/util/messages-krb5-t.c' object='tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_util_messages_krb5_t_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj `if test -f 'tests/util/messages-krb5-t.c'; then $(CYGPATH_W) 'tests/util/messages-krb5-t.c'; else $(CYGPATH_W) '$(srcdir)/tests/util/messages-krb5-t.c'; fi`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tests_util_messages_krb5_t_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tests/util/tests_util_messages_krb5_t-messages-krb5-t.obj `if test -f 'tests/util/messages-krb5-t.c'; then $(CYGPATH_W) 'tests/util/messages-krb5-t.c'; else $(CYGPATH_W) '$(srcdir)/tests/util/messages-krb5-t.c'; fi`
install-man1: $(dist_man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
- @list=''; test -n "$(man1dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.1[a-z]*$$/p'; \
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@@ -1303,16 +1334,21 @@ uninstall-man1:
sed -n '/\.1[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man1dir)" && rm -f $$files; }
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list=''; test -n "$(man8dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
@@ -1341,9 +1377,28 @@ uninstall-man8:
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+install-dist_pkgdataDATA: $(dist_pkgdata_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgdatadir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgdatadir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgdatadir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgdatadir)" || exit $$?; \
+ done
+
+uninstall-dist_pkgdataDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_pkgdata_DATA)'; test -n "$(pkgdatadir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgdatadir)'; $(am__uninstall_files_from_dir)
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
@@ -1460,15 +1515,18 @@ dist-gzip: distdir
$(am__remove_distdir)
dist-bzip2: distdir
- tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzip: distdir
+ tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
$(am__remove_distdir)
dist-lzma: distdir
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
$(am__remove_distdir)
-
dist-xz: distdir
- tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__remove_distdir)
dist-tarZ: distdir
@@ -1486,6 +1544,7 @@ dist-zip: distdir
dist dist-all: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__remove_distdir)
# This target untars the dist file and tries a VPATH configuration. Then
@@ -1499,6 +1558,8 @@ distcheck: dist
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.lz*) \
+ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
*.tar.xz*) \
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
@@ -1508,7 +1569,7 @@ distcheck: dist
*.zip*) \
unzip $(distdir).zip ;;\
esac
- chmod -R a-w $(distdir); chmod a+w $(distdir)
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod a-w $(distdir)
@@ -1518,6 +1579,7 @@ distcheck: dist
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
@@ -1558,10 +1620,10 @@ check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) $(check_LIBRARIES) $(check_PROGRAMS)
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
-all-am: Makefile $(LIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) config.h \
- all-local
+all-am: Makefile $(LIBRARIES) $(PROGRAMS) $(SCRIPTS) $(MANS) $(DATA) \
+ config.h all-local
installdirs:
- for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgdatadir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -1574,10 +1636,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
-test -z "$(LIBOBJS)" || rm -f $(LIBOBJS)
@@ -1630,7 +1697,8 @@ info: info-am
info-am:
-install-data-am: install-data-local install-man
+install-data-am: install-data-local install-dist_pkgdataDATA \
+ install-man
install-dvi: install-dvi-am
@@ -1677,8 +1745,8 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-binPROGRAMS uninstall-dist_sbinSCRIPTS \
- uninstall-man
+uninstall-am: uninstall-binPROGRAMS uninstall-dist_pkgdataDATA \
+ uninstall-dist_sbinSCRIPTS uninstall-man
uninstall-man: uninstall-man1 uninstall-man8
@@ -1688,20 +1756,21 @@ uninstall-man: uninstall-man1 uninstall-man8
check-local clean clean-binPROGRAMS clean-checkLIBRARIES \
clean-checkPROGRAMS clean-generic clean-local \
clean-noinstLIBRARIES ctags dist dist-all dist-bzip2 dist-gzip \
- dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
- distclean distclean-compile distclean-generic distclean-hdr \
- distclean-local distclean-tags distcleancheck distdir \
- distuninstallcheck dvi dvi-am html html-am info info-am \
- install install-am install-binPROGRAMS install-data \
- install-data-am install-data-local install-dist_sbinSCRIPTS \
- install-dvi install-dvi-am install-exec install-exec-am \
- install-html install-html-am install-info install-info-am \
- install-man install-man1 install-man8 install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
- uninstall-am uninstall-binPROGRAMS uninstall-dist_sbinSCRIPTS \
+ dist-lzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \
+ distcheck distclean distclean-compile distclean-generic \
+ distclean-hdr distclean-local distclean-tags distcleancheck \
+ distdir distuninstallcheck dvi dvi-am html html-am info \
+ info-am install install-am install-binPROGRAMS install-data \
+ install-data-am install-data-local install-dist_pkgdataDATA \
+ install-dist_sbinSCRIPTS install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-man1 \
+ install-man8 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-dist_pkgdataDATA uninstall-dist_sbinSCRIPTS \
uninstall-man uninstall-man1 uninstall-man8
@@ -1716,22 +1785,24 @@ warnings:
all-local: perl/blib/lib/Wallet/Config.pm
perl/blib/lib/Wallet/Config.pm:
- set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
- mkdir perl/Wallet perl/Wallet/ACL perl/Wallet/ACL/Krb5 \
- perl/Wallet/ACL/NetDB perl/Wallet/Kadmin perl/Wallet/Object \
- perl/t perl/t/data perl/t/lib 2>/dev/null || true ; \
- for f in $(PERL_FILES) ; do \
- cp "$(srcdir)/$$f" "$(builddir)/$$f" ; \
- done \
+ set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
+ mkdir perl/Wallet perl/Wallet/ACL perl/Wallet/ACL/Krb5 \
+ perl/Wallet/ACL/LDAP perl/Wallet/ACL/NetDB \
+ perl/Wallet/Kadmin perl/Wallet/Object perl/Wallet/Policy \
+ perl/Wallet/Schema perl/Wallet/Schema/Result perl/sql perl/t \
+ perl/t/data perl/t/lib 2>/dev/null || true ; \
+ for f in $(PERL_FILES) ; do \
+ cp "$(srcdir)/$$f" "$(builddir)/$$f" ; \
+ done \
fi
cd perl && perl Makefile.PL
cd perl && $(MAKE)
install-data-local:
- if [ x"$(DESTDIR)" != x ] ; then \
- cd perl && $(MAKE) install DESTDIR=$(DESTDIR)/ ; \
- else \
- cd perl && $(MAKE) install ; \
+ if [ x"$(DESTDIR)" != x ] ; then \
+ cd perl && $(MAKE) install DESTDIR=$(DESTDIR)/ ; \
+ else \
+ cd perl && $(MAKE) install ; \
fi
# ExtUtils::MakeMaker really likes moving the Makefile aside.
@@ -1741,8 +1812,8 @@ clean-local:
# Remove the files that we copy over if and only if builddir != srcdir.
distclean-local:
- set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
- rm -f $(PERL_FILES) ; \
+ set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then \
+ rm -f $(PERL_FILES) ; \
fi
check-local: $(check_PROGRAMS)
diff --git a/NEWS b/NEWS
index c11bff9..7371780 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,86 @@
User-Visible wallet Changes
+wallet 1.0 (2013-03-27)
+
+ Owners of wallet objects are now allowed to destroy them. In previous
+ versions, a special destroy ACL had to be set and the owner ACL wasn't
+ used for destroy actions, but operational experience at Stanford has
+ shown that letting owners destroy their own objects is a better model.
+
+ wallet-admin has a new sub-command, upgrade, which upgrades the wallet
+ database to the latest schema version. This command should be run
+ when deploying any new version of the wallet server.
+
+ A new ACL type, ldap-attr (Wallet::ACL::LDAP::Attribute), is now
+ supported. This ACL type grants access if the LDAP entry
+ corresponding to the principal contains the attribute name and value
+ specified in the ACL. The Net::LDAP and Authen::SASL Perl modules are
+ required to use this ACL type. New configuration settings are
+ required as well; see Wallet::Config for more information. To enable
+ this ACL type for an existing wallet database, use wallet-admin to
+ register the new verifier.
+
+ Add a new acl check command which, given an ACL ID, prints yes if that
+ ACL already exists and no otherwise. This is parallel to the check
+ command for objects.
+
+ Add a comment field to objects and corresponding commands to
+ wallet-backend and wallet to set and retrieve it. The comment field
+ can only be set by the owner or wallet administrators but can be seen
+ by anyone on the show ACL.
+
+ The wallet server backend now uses DBIx::Class for the database layer,
+ which means that DBIx::Class and SQL::Translator and all of their
+ dependencies now have to be installed for the server to work. If the
+ database in use is SQLite 3, DateTime::Format::SQLite should also be
+ installed.
+
+ Add docs/objects-and-schemes, which provides a brief summary of the
+ current supported object types and ACL schemes.
+
+ Update to rra-c-util 4.8:
+
+ * Look for krb5-config in /usr/kerberos/bin after the user's PATH.
+ * Kerberos library probing fixes without transitive shared libraries.
+ * Fix Autoconf warnings when probing for AIX's bundled Kerberos.
+ * Avoid using krb5-config if --with-{krb5,gssapi}-{include,lib} given.
+ * Correctly remove -I/usr/include from Kerberos and GSS-API flags.
+ * Build on systems where krb5/krb5.h exists but krb5.h does not.
+ * Pass --deps to krb5-config unless --enable-reduced-depends was used.
+ * Do not use krb5-config results unless gssapi is supported.
+ * Fix probing for Heimdal's libroken to work with older versions.
+ * Update warning flags for GCC 4.6.1.
+ * Update utility library and test suite for newer GCC warnings.
+ * Fix broken GCC attribute markers causing compilation problems.
+ * Suppress warnings on compilers that support gcc's __attribute__.
+ * Add notices to all files copied over from rra-c-util.
+ * Fix warnings when reporting memory allocation failure in messages.c.
+ * Fix message utility library compiler warnings on 64-bit systems.
+ * Include strings.h for additional POSIX functions where found.
+ * Use an atexit handler to clean up after Kerberos tests.
+ * Kerberos test configuration now goes in tests/config.
+ * The principal of the test keytab is determined automatically.
+ * Simplify the test suite calls for Kerberos and remctl tests.
+ * Check for a missing ssize_t.
+ * Improve the xstrndup utility function.
+ * Checked asprintf variants are now void functions and cannot fail.
+ * Fix use of long long in portable/mkstemp.c.
+ * Fix test suite portability to Solaris.
+ * Substantial improvements to the POD syntax and spelling checks.
+
+ Update to C TAP Harness 1.12:
+
+ * Fix compliation of runtests with more aggressive warnings.
+ * Add a more complete usage message and a -h command-line flag.
+ * Flush stderr before printing output from tests.
+ * Better handle running shell tests without BUILD and SOURCE set.
+ * Fix runtests to honor -s even if BUILD and -b aren't given.
+ * runtests now frees all allocated resources on exit.
+ * Only use feature-test macros when requested or built with gcc -ansi.
+ * Drop is_double from the C TAP library to avoid requiring -lm.
+ * Avoid using local in the shell libtap.sh library.
+ * Suppress warnings on compilers that support gcc's __attribute__.
+
wallet 0.12 (2010-08-25)
New client program wallet-rekey that, given a list of keytabs on the
diff --git a/README b/README
index 5eae7fd..a199516 100644
--- a/README
+++ b/README
@@ -1,12 +1,12 @@
- wallet release 0.12
+ wallet release 1.0
(secure data management system)
Written by Russ Allbery <rra@stanford.edu>
- Copyright 2006, 2007, 2008, 2009, 2010 Board of Trustees, Leland
- Stanford Jr. University. This software is distributed under a BSD-style
- license. Please see the file LICENSE in the distribution for more
- information.
+ Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013 The Board of Trustees
+ of the Leland Stanford Junior University. This software is distributed
+ under a BSD-style license. Please see the section LICENSE below for
+ more information.
BLURB
@@ -42,16 +42,16 @@ DESCRIPTION
infrastructure. Currently, the only ACL type supported matches a single
Kerberos principal name, but this will be extended in future releases.
- Currently, the object types supported are simple files and Kerberos
- keytabs. By default, whenever a Kerberos keytab object is retrieved
- from the wallet, the key is changed in the Kerberos KDC and the wallet
- returns a keytab for the new key. However, a keytab object can also be
- configured to preserve the existing keys when retrieved. Included in
- the wallet distribution is a script that can be run via remctl on an MIT
- Kerberos KDC to extract the existing key for a principal, and the wallet
- system will use that interface to retrieve the current key if the
- unchanging flag is set on a Kerberos keytab object for MIT Kerberos.
- (Heimdal doesn't require any special support.)
+ Currently, the object types supported are simple files, Kerberos
+ keytabs, and WebAuth keyrings. By default, whenever a Kerberos keytab
+ object is retrieved from the wallet, the key is changed in the Kerberos
+ KDC and the wallet returns a keytab for the new key. However, a keytab
+ object can also be configured to preserve the existing keys when
+ retrieved. Included in the wallet distribution is a script that can be
+ run via remctl on an MIT Kerberos KDC to extract the existing key for a
+ principal, and the wallet system will use that interface to retrieve the
+ current key if the unchanging flag is set on a Kerberos keytab object
+ for MIT Kerberos. (Heimdal doesn't require any special support.)
REQUIREMENTS
@@ -64,11 +64,17 @@ REQUIREMENTS
The wallet client will build with either MIT Kerberos or Heimdal.
The wallet server is written in Perl and requires Perl 5.6.0 or later.
- It uses the Perl DBI layer to talk to a database, and therefore the DBI
- module and a DBD module for the database it will use must be installed.
- Currently, the server has only been tested against SQLite 3 and MySQL 5
- and will probably not work fully with other database backends. Porting
- is welcome.
+ It uses DBIx::Class and DBI to talk to a database, and therefore the
+ DBIx::Class and DBI modules (and their dependencies) and a DBD module
+ for the database it will use must be installed. The SQL::Translator
+ Perl module is also required for schema deployment and database
+ upgrades. If the wallet server is used with a SQLite 3 database, the
+ Perl module DateTime::Format::SQLite should also be installed.
+
+ Currently, the server has only been tested against SQLite 3, MySQL 5,
+ and PostgreSQL, and prebuilt SQL files (for database upgrades) are only
+ provided for those servers. It will probably not work fully with other
+ database backends. Porting is welcome.
The wallet server is intended to be run under remctld and use remctld to
do authentication. It can be ported to any other front-end, but doing
@@ -95,27 +101,24 @@ REQUIREMENTS
binary that supports the -norandkey option to ktadd. This option is
included in MIT Kerberos 1.7 and later.
+ To support the LDAP attribute ACL verifier, the Authen::SASL and
+ Net::LDAP Perl modules must be installed on the server. This verifier
+ only works with LDAP servers that support GSS-API binds.
+
To support the NetDB ACL verifier (only of interest at sites using NetDB
to manage DNS), the Net::Remctl Perl module must be installed on the
server.
- To run the test suite, you must have Perl 5.8 or later and the Perl DBI
- module installed. You will also need a DBD module installed for the
- database backend you want to use (currently, either DBD::SQLite or
- DBD::mysql). The other modules are available from CPAN and may be
- available as part of your OS (many Linux distributions have them as
- packages, for example).
-
- To run the full test suite, additionally all of the above software
- requirements must be met. Tests requiring some bit of software that's
- not installed should be skipped, but not all the permutations have been
- checked. The full test suite also requires the Test::Pod Perl module
- (available from CPAN), that remctld be installed and available on the
- user's path or in /usr/local/sbin or /usr/sbin, that test cases can run
- services on and connect to port 14373 on 127.0.0.1, and that kinit and
- either kvno or kgetcred (which come with Kerberos) be installed and
- available on the user's path. The full test suite also requires a local
- keytab and some additional configuration.
+ To run the full test suite, all of the above software requirements must
+ be met. Tests requiring some bit of software that's not installed
+ should be skipped, but not all the permutations have been checked. The
+ full test suite also requires the Test::Pod Perl module (available from
+ CPAN), that remctld be installed and available on the user's path or in
+ /usr/local/sbin or /usr/sbin, that test cases can run services on and
+ connect to port 14373 on 127.0.0.1, and that kinit and either kvno or
+ kgetcred (which come with Kerberos) be installed and available on the
+ user's path. The full test suite also requires a local keytab and some
+ additional configuration.
To bootstrap from a Git checkout, or if you change the Automake files
and need to regenerate Makefile.in, you will need Automake 1.11 or
@@ -131,6 +134,10 @@ BUILD AND INSTALLATION
make
make install
+ If you are upgrading the wallet server from an earlier installed
+ version, run wallet-admin upgrade after installation to upgrade the
+ database schema. See the wallet-admin manual page for more information.
+
Pass --enable-silent-rules to configure for a quieter build (similar to
the Linux kernel). Use make warnings instead of make to build with full
GCC compiler warnings (requires a relatively current version of GCC).
@@ -215,7 +222,7 @@ TESTING
support in the server, however, you will need to do some preparatory
work before running the test suite. Review the files:
- tests/data/README
+ tests/config/README
perl/t/data/README
and follow the instructions in those files to enable the full test
@@ -244,7 +251,7 @@ CONFIGURATION
remctld to run the wallet-backend program.
Before setting up the wallet server, review the Wallet::Config
- docuemntation (with man Wallet::Config or perldoc Wallet::Config).
+ documentation (with man Wallet::Config or perldoc Wallet::Config).
There are many customization options, some of which must be set. You
may also need to create a Kerberos keytab for the keytab object backend
and give it appropriate ACLs, and set up keytab-backend and its remctld
@@ -254,6 +261,38 @@ CONFIGURATION
system krb5.conf file. For more information, see the CONFIGURATION
section of the wallet client man page (man wallet).
+SUPPORT
+
+ The wallet web page at:
+
+ http://www.eyrie.org/~eagle/software/wallet/
+
+ will always have the current version of this package, the current
+ documentation, and pointers to any additional resources.
+
+ New releases of the wallet are announced on the kerberos@mit.edu mailing
+ list and discussion of the wallet (particularly the keytab components)
+ are welcome there.
+
+ I welcome bug reports and patches for this package at rra@stanford.edu.
+ However, please be aware that I tend to be extremely busy and work
+ projects often take priority. I'll save your mail and get to it as soon
+ as I can, but it may take me a couple of months.
+
+SOURCE REPOSITORY
+
+ The wallet is maintained using Git. You can access the current source
+ by cloning the repository at:
+
+ git://git.eyrie.org/kerberos/wallet.git
+
+ or view the repository on the web at:
+
+ http://git.eyrie.org/?p=kerberos/wallet.git
+
+ When contributing modifications, patches (possibly generated by
+ git-format-patch) are preferred to Git pull requests.
+
THANKS
To Roland Schemers for the original idea that kicked off this project
@@ -274,3 +313,40 @@ THANKS
To Jon Robertson for the refactoring of Wallet::Kadmin, Heimdal support,
many of the wallet server-side reports, and the initial wallet-rekey
implementation.
+
+LICENSE
+
+ The wallet distribution as a whole is covered by the following copyright
+ statement and license:
+
+ Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+ All individual files without an explicit exception below are released
+ under this license. Some files may have additional copyright holders as
+ noted in those files. There is detailed information about the licensing
+ of each file in the LICENSE file in this distribution.
+
+ Some files in this distribution are individually released under
+ different licenses, all of which are compatible with the above general
+ package license but which may require preservation of additional
+ notices. All required notices are preserved in the LICENSE file.
diff --git a/TODO b/TODO
index 20b75fd..cd95736 100644
--- a/TODO
+++ b/TODO
@@ -2,206 +2,241 @@
Client:
- * Handle duplicate kvnos in a newly returned keytab and an existing
- keytab (such as when downloading an unchanging keytab and merging it
- into an existing one) in some reasonable fashion.
+ * WALLET-5: Handle duplicate kvnos in a newly returned keytab and an
+ existing keytab (such as when downloading an unchanging keytab and
+ merging it into an existing one) in some reasonable fashion.
- * Support removing old kvnos from a merged keytab (similar to kadmin
- ktremove old).
+ * WALLET-6: Support removing old kvnos from a merged keytab (similar to
+ kadmin ktremove old).
- * When reading configuration from krb5.conf, we should first try to
- determine our principal from any existing K5 ticket cache (after
- obtaining tickets if -u was given) and extract the realm from that
- principal, using it as the default realm when reading configuration
- information.
+ * WALLET-7: When reading configuration from krb5.conf, we should first
+ try to determine our principal from any existing Kerberos ticket cache
+ (after obtaining tickets if -u was given) and extract the realm from
+ that principal, using it as the default realm when reading
+ configuration information.
- * Add readline support to the wallet client to make it easier to issue
- multiple commands.
+ * WALLET-8: Add readline support to the wallet client to make it easier
+ to issue multiple commands.
- * Support authenticating with a keytab.
+ * WALLET-9: Support authenticating with a keytab.
- * Allow store data to contain nuls. Requires rewriting the command
- processing for store to use iovecs.
+ * WALLET-10: When obtaining tickets in the wallet client with -u,
+ directly obtain the service ticket we're going to use for remctl.
- * When obtaining tickets in the wallet client with -u, should we get a
- TGT as we do now or just directly obtain the service ticket we're going
- to use for remctl?
+ * WALLET-11: Provide a way to refresh a file object if and only if what's
+ stored on the server is different than what's on disk. This will
+ require server support as well for returning the checksum of a file.
Server Interface:
- * Provide a way to get history for deleted objects and ACLs.
+ * WALLET-13: Provide a way to get history for deleted objects and ACLs.
- * Provide an interface to mass-change all instances of one ACL to another.
+ * WALLET-14: Provide an interface to mass-change all instances of one ACL
+ to another.
- * Add help functions to wallet-backend, wallet-report, and wallet-admin
- listing the commands.
+ * WALLET-15: Add help functions to wallet-backend, wallet-report, and
+ wallet-admin listing the commands.
- * Catch exceptions on object creation in wallet-backend so that we can
- log those as well.
+ * WALLET-16: Catch exceptions on object creation in wallet-backend so
+ that we can log those as well.
- * Provide a way to list all objects for which the connecting user has
- ACLs.
+ * WALLET-17: Provide a way to list all objects for which the connecting
+ user has ACLs.
- * Support limiting returned history information by timestamp.
+ * WALLET-18: Support limiting returned history information by timestamp.
- * Add a comment field for objects that can be set by the owner.
+ * WALLET-19: Provide a REST implementation of the wallet server.
- * Provide a REST implementation of the wallet server.
+ * WALLET-20: Provide a CGI implementation of the wallet server.
- * Provide a CGI implementation of the wallet server.
+ * WALLET-21: Support setting flags and attributes on autocreate. In
+ general, work out a Wallet::Object::Template Perl object that I can
+ return that specifies things other than just the ACL.
- * Support setting flags and attributes on autocreate. In general, work
- out a Wallet::Object::Template Perl object that I can return that
- specifies things other than just the ACL.
+ * WALLET-22: Remove the hard-coded ADMIN ACL in the server with something
+ more configurable, perhaps a global ACL table or something.
- * Remove the hard-coded ADMIN ACL in the server with something more
- configurable, perhaps a global ACL table or something.
+ * WALLET-63: Support leap-of-faith keying of systems by registering an
+ object for one-time download (ideally from a specific IP address) and
+ then allowing that object to be downloaded anonymously from that IP.
+ Relies on support for Kerberos anonymous authentication.
+
+ * WALLET-64: Split "get" and "update" in semantics, and only do keytab
+ rekeying on update. "get" would not be permitted unless the keytab was
+ flagged as unchanging, and update would still change even an unchanging
+ keytab (maybe). Or, alternately, maybe we allow get of any keytab?
+ Requires more thought.
ACLs:
- * Error messages from ACL operations should refer to the ACLs by name
- instead of by ID.
+ * WALLET-23: Error messages from ACL operations should refer to the ACLs
+ by name instead of by ID.
- * Write the LDAP entitlement ACL verifier.
+ * WALLET-24: Write the PTS ACL verifier.
- * Write the PTS ACL verifier.
+ * WALLET-25: Rename Wallet::ACL::* to Wallet::Verifier::*. Add
+ Wallet::ACL as a generic interface with Wallet::ACL::Database and
+ Wallet::ACL::List implementations (or some similar name) so that we can
+ create and check an ACL without having to write it into the database.
+ Redo default ACL creation using that functionality.
- * Rename Wallet::ACL::* to Wallet::Verifier::*. Add Wallet::ACL as a
- generic interface with Wallet::ACL::Database and Wallet::ACL::List
- implementations (or some similar name) so that we can create and check
- an ACL without having to write it into the database. Redo default ACL
- creation using that functionality.
+ * WALLET-26: Pass a reference to the object for which the ACL is
+ interpreted to the ACL API so that ACL APIs can make more complex
+ decisions.
- * Pass a reference to the object for which the ACL is interpreted to the
- ACL API so that ACL APIs can make more complex decisions.
+ * WALLET-27: A group-in-groups ACL schema.
- * Support for pattern matching in ACLs.
+ * WALLET-28: Provide an API for verifiers to syntax-check the values
+ before an ACL is set and implement syntax checking for the krb5 and
+ ldap-attr verifiers.
- * A group-in-groups ACL schema.
+ * WALLET-29: Investigate how best to support client authentication using
+ anonymous PKINIT for things like initial system keying.
- * Provide an API for verifiers to syntax-check the values before an ACL
- is set and implement syntax checking for the Krb5 verifier.
+Database:
- * Investigate how best to support client authentication using anonymous
- PKINIT for things like initial system keying.
+ * WALLET-30: Fix case-insensitivity bug in unique keys with MySQL for
+ objects.
-Database:
+ * WALLET-31: On upgrades, support adding new object types and ACL
+ verifiers to the class tables.
- * Fix case-insensitivity bug in unique keys with MySQL for objects.
+Objects:
- * Add the database schema version to a global table so that we can use it
- to support schema upgrades in the future.
+ * WALLET-32: Check whether we can just drop the realm restriction on
+ keytabs and allow the name to contain the realm if the Kerberos type is
+ Heimdal.
- * On upgrades, support adding new object types and ACL verifiers to the
- class tables.
+ * WALLET-4: Write a WebAuth keyring object store. It should support
+ attributes saying how long to keep old keys and how far in advance to
+ create new keys and update the keyring as needed on object download.
-Objects:
+ * WALLET-33: Use the Perl Authen::Krb5::Admin module instead of rolling
+ our own kadmin code with Expect now that MIT Kerberos has made the
+ kadmin API public.
- * Check whether we can just drop the realm restriction on keytabs and
- allow the name to contain the realm if the Kerberos type is Heimdal.
+ * WALLET-34: Implement an ssh keypair wallet object. The server can run
+ ssh-keygen to generate a public/private key pair and return both to the
+ client, which would split them apart. Used primarily for host keys.
+ May need a side table to store key types, or a naming convention.
- * Write a WebAuth keyring object store. It should support attributes
- saying how long to keep old keys and how far in advance to create new
- keys and update the keyring as needed on object download.
+ * WALLET-35: Implement an X.509 certificate object. I expect this would
+ store the public and private key as a single file in the same format
+ that Apache can read for combined public and private keys. There were
+ requests for storing the CSR, but I don't see why you'd want to do
+ that. Start with store support. The file code is mostly sufficient
+ here, but it would be nice to automatically support object expiration
+ based on the expiration time for the certificate.
- * Use the Perl Authen::Krb5::Admin module instead of rolling our own
- kadmin code with Expect now that MIT Kerberos has made the kadmin API
- public.
+ * WALLET-36: Implement an X.509 CA so that you can get certificate
+ objects without storing them first. Need to resolve naming conventions
+ if you want to run multiple CAs on the same wallet server (but why?).
+ Should this be a different type than stored certificates?
- * Implement an ssh keypair wallet object. The server can run ssh-keygen
- to generate a public/private key pair and return both to the client,
- which would split them apart. Used primarily for host keys. May need
- a side table to store key types, or a naming convention.
+ * WALLET-37: Support returning the checksum of a file object stored in
+ wallet so that one can determine whether the version stored on disk is
+ identical.
- * Implement an X.509 certificate object. I expect this would store the
- public and private key as a single file in the same format that Apache
- can read for combined public and private keys. There were requests for
- storing the CSR, but I don't see why you'd want to do that. Start with
- store support. The file code is mostly sufficient here, but it would
- be nice to automatically support object expiration based on the
- expiration time for the certificate.
+ * WALLET-60: Implement new password wallet object, which is like file
+ except that it generates a random, strong password when retrieved the
+ first time without being stored.
- * Implement an X.509 CA so that you can get certificate objects without
- storing them first. Need to resolve naming conventions if you want to
- run multiple CAs on the same wallet server (but why?). Should this be
- a different type than stored certificates?
+ * WALLET-61: Support interrogating objects to find all host-based objects
+ for a particular host, allowing cleanup of all of those host's objects
+ after retiring the host.
Reports:
- * Add audit for references to unknown ACLs, possibly introduced by
- previous versions before ACL deletion was checked with database
- backends that don't do referential integrity.
+ * WALLET-38: Add audit for references to unknown ACLs, possibly
+ introduced by previous versions before ACL deletion was checked with
+ database backends that don't do referential integrity.
- * Add report for all objects that have never been stored.
+ * WALLET-39: Add report for all objects that have never been stored.
- * Add report of all ACLs with identical contents.
+ * WALLET-40: For objects tied to hostnames, report on objects referring
+ to hosts which do not exist. For the initial pass, this is probably
+ only keytab objects with names containing a slash where the part after
+ the slash looks like a hostname. This may need some configuration
+ help.
- * For objects tied to hostnames, report on objects referring to hosts
- which do not exist. For the initial pass, this is probably only keytab
- objects with names containing a slash where the part after the slash
- looks like a hostname. This may need some configuration help.
+ * WALLET-41: Make contrib/wallet-summary generic and include it in
+ wallet-report, with additional configuration in Wallet::Config.
+ Enhance it to report on any sort of object, not just on keytabs, and to
+ give numbers on downloaded versus not downloaded objects.
- * Make contrib/wallet-summary generic and include it in wallet-report,
- with additional configuration in Wallet::Config. Enhance it to report
- on any sort of object, not just on keytabs, and to give numbers on
- downloaded versus not downloaded objects.
+ * WALLET-62: Write a tool to mail the owners of wallet objects, taking
+ the list of objects and the mail message to send as inputs. This could
+ possibly use the notification service, although a version that sends
+ mail directly would be useful external to Stanford.
Administrative Interface:
- * Add a function to wallet-admin to purge expired entries. Possibly also
- check expiration before allowing anyone to get or store objects.
+ * WALLET-42: Add a function to wallet-admin to purge expired entries.
+ Possibly also check expiration before allowing anyone to get or store
+ objects.
+
+ * WALLET-3: Add a function or separate script to automate removal of
+ DNS-based objects for which the hosts no longer exist. Will need to
+ support a site-specific callout to determine whether the host exists.
+
+ * WALLET-66: Database creation appears not to work without the SQL files,
+ but it's supposed to work directly from the classes. Double-check
+ this.
Documentation:
- * Write a conventions document for ACL naming, object naming, and similar
- issues.
+ * WALLET-43: Write a conventions document for ACL naming, object naming,
+ and similar issues.
- * Write a future design and roadmap document to collect notes about how
- unimplemented features should be handled.
+ * WALLET-44: Write a future design and roadmap document to collect notes
+ about how unimplemented features should be handled.
- * Document using the wallet system over something other than remctl.
+ * WALLET-45: Document using the wallet system over something other than
+ remctl.
- * Document all diagnostics for all wallet APIs.
+ * WALLET-46: Document all diagnostics for all wallet APIs.
Code Style and Cleanup:
- * There is a lot of duplicate code in wallet-backend. Convert that to
- use some sort of data-driven model with argument count and flags so
- that the method calls can be written only once. Convert wallet-admin
- to use the same code.
-
- * There's a lot of code duplication in the dispatch functions in the
- Wallet::Server class. Find a way to rewrite that so that the dispatch
- doesn't duplicate the same code patterns.
+ * WALLET-47: There is a lot of duplicate code in wallet-backend. Convert
+ that to use some sort of data-driven model with argument count and
+ flags so that the method calls can be written only once. Convert
+ wallet-admin to use the same code.
- * The wallet-backend and wallet documentation share the COMMANDS section.
- Work out some means to assemble the documentation without duplicating
- content.
+ * WALLET-48: There's a lot of code duplication in the dispatch functions
+ in the Wallet::Server class. Find a way to rewrite that so that the
+ dispatch doesn't duplicate the same code patterns.
- * The Wallet::Config class is very ugly and could use some better
- internal API to reference the variables in it.
+ * WALLET-49: The wallet-backend and wallet documentation share the
+ COMMANDS section. Work out some means to assemble the documentation
+ without duplicating content.
- * Use Class::DBI and Class::Trigger to handle the data access layer
- rather than writing SQL directly, and implement the logging
- requirements with triggers rather than explicit SQL. This may also
- replace Wallet::Schema.
+ * WALLET-50: The Wallet::Config class is very ugly and could use some
+ better internal API to reference the variables in it.
- * Consider using Class::Accessor to get rid of the scaffolding code to
- access object data, and a Wallet::Base class to handle things like the
- error() method common to many classes.
+ * WALLET-52: Consider using Class::Accessor to get rid of the scaffolding
+ code to access object data, and a Wallet::Base class to handle things
+ like the error() method common to many classes.
Test Suite:
- * Add POD coverage testing using Test::POD::Coverage for the server
- modules.
+ * WALLET-53: The ldap-attr verifier test case is awful and completely
+ specific to people with admin access to the Stanford LDAP tree. Write
+ a real test.
+
+ * WALLET-54: Rename the tests to use a subdirectory organization.
+
+ * WALLET-55: Add POD coverage testing using Test::POD::Coverage for the
+ server modules.
- * Rewrite the client test suite to use Perl and to make better use of
- shared code so that it can be broken into function components.
+ * WALLET-56: Rewrite the client test suite to use Perl and to make better
+ use of shared code so that it can be broken into function components.
- * Refactor the test suite for the wallet backend to try to reduce the
- duplicated code.
+ * WALLET-57: Refactor the test suite for the wallet backend to try to
+ reduce the duplicated code.
- * Pull common test suite code into a Perl library that can be reused.
+ * WALLET-58: Pull common test suite code into a Perl library that can be
+ reused.
- * Write a test suite to scan all wallet code looking for diagnostics that
- aren't in the documentation and warn about them.
+ * WALLET-59: Write a test suite to scan all wallet code looking for
+ diagnostics that aren't in the documentation and warn about them.
diff --git a/aclocal.m4 b/aclocal.m4
index 3a8190f..b048709 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,7 +1,8 @@
-# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.11.6 -*- Autoconf -*-
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
+# Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -13,8 +14,8 @@
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
-[m4_warning([this file was generated for autoconf 2.67.
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
+[m4_warning([this file was generated for autoconf 2.69.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically `autoreconf'.])])
@@ -126,12 +127,15 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
| (ullmax / ull) | (ullmax % ull));]])
])
-# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software
+# Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_AUTOMAKE_VERSION(VERSION)
# ----------------------------
# Automake X.Y traces this macro to ensure aclocal.m4 has been
@@ -141,7 +145,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.11'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.11.1], [],
+m4_if([$1], [1.11.6], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -157,19 +161,21 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.11.1])dnl
+[AM_AUTOMAKE_VERSION([1.11.6])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
@@ -251,14 +257,14 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
-# Free Software Foundation, Inc.
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009,
+# 2010, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 10
+# serial 12
# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
# written in clear, in which case automake, when reading aclocal.m4,
@@ -298,6 +304,7 @@ AC_CACHE_CHECK([dependency style of $depcc],
# instance it was reported that on HP-UX the gcc test will end up
# making a dummy file named `D' -- because `-MD' means `put the output
# in D'.
+ rm -rf conftest.dir
mkdir conftest.dir
# Copy depcomp to subdir because otherwise we won't find it if we're
# using a relative directory.
@@ -362,7 +369,7 @@ AC_CACHE_CHECK([dependency style of $depcc],
break
fi
;;
- msvisualcpp | msvcmsys)
+ msvc7 | msvc7msys | msvisualcpp | msvcmsys)
# This compiler won't grok `-c -o', but also, the minuso test has
# not run yet. These depmodes are late enough in the game, and
# so weak that their functioning should not be impacted.
@@ -427,10 +434,13 @@ AC_DEFUN([AM_DEP_TRACK],
if test "x$enable_dependency_tracking" != xno; then
am_depcomp="$ac_aux_dir/depcomp"
AMDEPBACKSLASH='\'
+ am__nodep='_no'
fi
AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
AC_SUBST([AMDEPBACKSLASH])dnl
_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+AC_SUBST([am__nodep])dnl
+_AM_SUBST_NOTMAKE([am__nodep])dnl
])
# Generate code to set up dependency tracking. -*- Autoconf -*-
@@ -652,12 +662,15 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation,
+# Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_PROG_INSTALL_SH
# ------------------
# Define $install_sh.
@@ -697,8 +710,8 @@ AC_SUBST([am__leading_dot])])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering
-# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008
-# Free Software Foundation, Inc.
+# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008,
+# 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -718,7 +731,7 @@ AC_DEFUN([AM_MAINTAINER_MODE],
[disable], [m4_define([am_maintainer_other], [enable])],
[m4_define([am_maintainer_other], [enable])
m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
-AC_MSG_CHECKING([whether to am_maintainer_other maintainer-specific portions of Makefiles])
+AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
dnl maintainer-mode's default is 'disable' unless 'enable' is passed
AC_ARG_ENABLE([maintainer-mode],
[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful
@@ -864,12 +877,15 @@ else
fi
])
-# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation,
+# Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_PROG_MKDIR_P
# ---------------
# Check for `mkdir -p'.
@@ -892,13 +908,14 @@ esac
# Helper functions for option handling. -*- Autoconf -*-
-# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software
+# Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 4
+# serial 5
# _AM_MANGLE_OPTION(NAME)
# -----------------------
@@ -906,13 +923,13 @@ AC_DEFUN([_AM_MANGLE_OPTION],
[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
# _AM_SET_OPTION(NAME)
-# ------------------------------
+# --------------------
# Set option NAME. Presently that only means defining a flag for this option.
AC_DEFUN([_AM_SET_OPTION],
[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
# _AM_SET_OPTIONS(OPTIONS)
-# ----------------------------------
+# ------------------------
# OPTIONS is a space-separated list of Automake options.
AC_DEFUN([_AM_SET_OPTIONS],
[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
@@ -988,13 +1005,13 @@ Check your system clock])
fi
AC_MSG_RESULT(yes)])
-# Copyright (C) 2009 Free Software Foundation, Inc.
+# Copyright (C) 2009, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 1
+# serial 2
# AM_SILENT_RULES([DEFAULT])
# --------------------------
@@ -1009,18 +1026,50 @@ yes) AM_DEFAULT_VERBOSITY=0;;
no) AM_DEFAULT_VERBOSITY=1;;
*) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
esac
+dnl
+dnl A few `make' implementations (e.g., NonStop OS and NextStep)
+dnl do not support nested variable expansions.
+dnl See automake bug#9928 and bug#10237.
+am_make=${MAKE-make}
+AC_CACHE_CHECK([whether $am_make supports nested variables],
+ [am_cv_make_support_nested_variables],
+ [if AS_ECHO([['TRUE=$(BAR$(V))
+BAR0=false
+BAR1=true
+V=1
+am__doit:
+ @$(TRUE)
+.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then
+ am_cv_make_support_nested_variables=yes
+else
+ am_cv_make_support_nested_variables=no
+fi])
+if test $am_cv_make_support_nested_variables = yes; then
+ dnl Using `$V' instead of `$(V)' breaks IRIX make.
+ AM_V='$(V)'
+ AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
+else
+ AM_V=$AM_DEFAULT_VERBOSITY
+ AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
+fi
+AC_SUBST([AM_V])dnl
+AM_SUBST_NOTMAKE([AM_V])dnl
+AC_SUBST([AM_DEFAULT_V])dnl
+AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl
AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
AM_BACKSLASH='\'
AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
-# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
+# serial 1
+
# AM_PROG_INSTALL_STRIP
# ---------------------
# One issue with vendor `install' (even GNU) is that you can't
@@ -1043,13 +1092,13 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
-# Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 2
+# serial 3
# _AM_SUBST_NOTMAKE(VARIABLE)
# ---------------------------
@@ -1058,13 +1107,13 @@ AC_SUBST([INSTALL_STRIP_PROGRAM])])
AC_DEFUN([_AM_SUBST_NOTMAKE])
# AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
+# --------------------------
# Public sister of _AM_SUBST_NOTMAKE.
AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
-# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -1086,10 +1135,11 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# a tarball read from stdin.
# $(am__untar) < result.tar
AC_DEFUN([_AM_PROG_TAR],
-[# Always define AMTAR for backward compatibility.
-AM_MISSING_PROG([AMTAR], [tar])
+[# Always define AMTAR for backward compatibility. Yes, it's still used
+# in the wild :-( We should find a proper way to deprecate it ...
+AC_SUBST([AMTAR], ['$${TAR-tar}'])
m4_if([$1], [v7],
- [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
[m4_case([$1], [ustar],, [pax],,
[m4_fatal([Unknown tar format])])
AC_MSG_CHECKING([how to create a $1 tar archive])
@@ -1159,6 +1209,7 @@ AC_SUBST([am__untar])
]) # _AM_PROG_TAR
m4_include([m4/gssapi.m4])
+m4_include([m4/krb5-config.m4])
m4_include([m4/krb5.m4])
m4_include([m4/lib-depends.m4])
m4_include([m4/lib-pathname.m4])
diff --git a/autogen b/autogen
index 4ed7e23..a34a0b4 100755
--- a/autogen
+++ b/autogen
@@ -9,17 +9,13 @@ rm -rf autom4te.cache
# Generate manual pages.
version=`grep '^wallet' NEWS | head -1 | cut -d' ' -f2`
-pod2man --release="$version" --center=wallet client/wallet.pod \
- > client/wallet.1
-pod2man --release="$version" --center=wallet client/wallet-rekey.pod \
- > client/wallet-rekey.1
-pod2man --release="$version" --center=wallet -s 8 contrib/wallet-summary \
- > contrib/wallet-summary.8
-pod2man --release="$version" --center=wallet -s 8 server/keytab-backend \
- > server/keytab-backend.8
-pod2man --release="$version" --center=wallet -s 8 server/wallet-admin \
- > server/wallet-admin.8
-pod2man --release="$version" --center=wallet -s 8 server/wallet-backend \
- > server/wallet-backend.8
-pod2man --release="$version" --center=wallet -s 8 server/wallet-report \
- > server/wallet-report.8
+for doc in client/wallet client/wallet-rekey ; do
+ pod2man --release="$version" --center=wallet \
+ --name=`basename "$doc" | tr a-z A-Z` "$doc".pod > "$doc".1
+done
+for doc in contrib/wallet-summary contrib/wallet-unknown-hosts \
+ server/keytab-backend server/wallet-admin server/wallet-backend \
+ server/wallet-report ; do
+ pod2man --release="$version" --center=wallet --section=8 \
+ --name=`basename "$doc" | tr a-z A-Z` "$doc" > "$doc".8
+done
diff --git a/build-aux/compile b/build-aux/compile
index c0096a7..862a14e 100755
--- a/build-aux/compile
+++ b/build-aux/compile
@@ -1,10 +1,10 @@
#! /bin/sh
-# Wrapper for compilers which do not understand `-c -o'.
+# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2009-10-06.20; # UTC
+scriptversion=2012-03-05.13; # UTC
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software
-# Foundation, Inc.
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free
+# Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -29,21 +29,219 @@ scriptversion=2009-10-06.20; # UTC
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
+nl='
+'
+
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent tools from complaining about whitespace usage.
+IFS=" "" $nl"
+
+file_conv=
+
+# func_file_conv build_file lazy
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts. If the determined conversion
+# type is listed in (the comma separated) LAZY, no conversion will
+# take place.
+func_file_conv ()
+{
+ file=$1
+ case $file in
+ / | /[!/]*) # absolute file, and not a UNC file
+ if test -z "$file_conv"; then
+ # lazily determine how to convert abs files
+ case `uname -s` in
+ MINGW*)
+ file_conv=mingw
+ ;;
+ CYGWIN*)
+ file_conv=cygwin
+ ;;
+ *)
+ file_conv=wine
+ ;;
+ esac
+ fi
+ case $file_conv/,$2, in
+ *,$file_conv,*)
+ ;;
+ mingw/*)
+ file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+ ;;
+ cygwin/*)
+ file=`cygpath -m "$file" || echo "$file"`
+ ;;
+ wine/*)
+ file=`winepath -w "$file" || echo "$file"`
+ ;;
+ esac
+ ;;
+ esac
+}
+
+# func_cl_dashL linkdir
+# Make cl look for libraries in LINKDIR
+func_cl_dashL ()
+{
+ func_file_conv "$1"
+ if test -z "$lib_path"; then
+ lib_path=$file
+ else
+ lib_path="$lib_path;$file"
+ fi
+ linker_opts="$linker_opts -LIBPATH:$file"
+}
+
+# func_cl_dashl library
+# Do a library search-path lookup for cl
+func_cl_dashl ()
+{
+ lib=$1
+ found=no
+ save_IFS=$IFS
+ IFS=';'
+ for dir in $lib_path $LIB
+ do
+ IFS=$save_IFS
+ if $shared && test -f "$dir/$lib.dll.lib"; then
+ found=yes
+ lib=$dir/$lib.dll.lib
+ break
+ fi
+ if test -f "$dir/$lib.lib"; then
+ found=yes
+ lib=$dir/$lib.lib
+ break
+ fi
+ done
+ IFS=$save_IFS
+
+ if test "$found" != yes; then
+ lib=$lib.lib
+ fi
+}
+
+# func_cl_wrapper cl arg...
+# Adjust compile command to suit cl
+func_cl_wrapper ()
+{
+ # Assume a capable shell
+ lib_path=
+ shared=:
+ linker_opts=
+ for arg
+ do
+ if test -n "$eat"; then
+ eat=
+ else
+ case $1 in
+ -o)
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ eat=1
+ case $2 in
+ *.o | *.[oO][bB][jJ])
+ func_file_conv "$2"
+ set x "$@" -Fo"$file"
+ shift
+ ;;
+ *)
+ func_file_conv "$2"
+ set x "$@" -Fe"$file"
+ shift
+ ;;
+ esac
+ ;;
+ -I)
+ eat=1
+ func_file_conv "$2" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -I*)
+ func_file_conv "${1#-I}" mingw
+ set x "$@" -I"$file"
+ shift
+ ;;
+ -l)
+ eat=1
+ func_cl_dashl "$2"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -l*)
+ func_cl_dashl "${1#-l}"
+ set x "$@" "$lib"
+ shift
+ ;;
+ -L)
+ eat=1
+ func_cl_dashL "$2"
+ ;;
+ -L*)
+ func_cl_dashL "${1#-L}"
+ ;;
+ -static)
+ shared=false
+ ;;
+ -Wl,*)
+ arg=${1#-Wl,}
+ save_ifs="$IFS"; IFS=','
+ for flag in $arg; do
+ IFS="$save_ifs"
+ linker_opts="$linker_opts $flag"
+ done
+ IFS="$save_ifs"
+ ;;
+ -Xlinker)
+ eat=1
+ linker_opts="$linker_opts $2"
+ ;;
+ -*)
+ set x "$@" "$1"
+ shift
+ ;;
+ *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
+ func_file_conv "$1"
+ set x "$@" -Tp"$file"
+ shift
+ ;;
+ *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
+ func_file_conv "$1" mingw
+ set x "$@" "$file"
+ shift
+ ;;
+ *)
+ set x "$@" "$1"
+ shift
+ ;;
+ esac
+ fi
+ shift
+ done
+ if test -n "$linker_opts"; then
+ linker_opts="-link$linker_opts"
+ fi
+ exec "$@" $linker_opts
+ exit 1
+}
+
+eat=
+
case $1 in
'')
- echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
-Wrapper for compilers which do not understand `-c -o'.
-Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+Wrapper for compilers which do not understand '-c -o'.
+Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
-right script to run: please start by reading the file `INSTALL'.
+right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
@@ -53,11 +251,13 @@ EOF
echo "compile $scriptversion"
exit $?
;;
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ func_cl_wrapper "$@" # Doesn't return...
+ ;;
esac
ofile=
cfile=
-eat=
for arg
do
@@ -66,8 +266,8 @@ do
else
case $1 in
-o)
- # configure might choose to run compile as `compile cc -o foo foo.c'.
- # So we strip `-o arg' only if arg is an object.
+ # configure might choose to run compile as 'compile cc -o foo foo.c'.
+ # So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
@@ -94,10 +294,10 @@ do
done
if test -z "$ofile" || test -z "$cfile"; then
- # If no `-o' option was seen then we might have been invoked from a
+ # If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
- # `.c' file was seen then we are probably linking. That is also
+ # '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
@@ -106,7 +306,7 @@ fi
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
-# Note: use `[/\\:.-]' here to ensure that we don't use the same name
+# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
diff --git a/build-aux/depcomp b/build-aux/depcomp
index df8eea7..25a39e6 100755
--- a/build-aux/depcomp
+++ b/build-aux/depcomp
@@ -1,10 +1,10 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
-scriptversion=2009-04-28.21; # UTC
+scriptversion=2012-03-27.16; # UTC
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
-# Software Foundation, Inc.
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010,
+# 2011, 2012 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ scriptversion=2009-04-28.21; # UTC
case $1 in
'')
- echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
@@ -40,11 +40,11 @@ as side-effects.
Environment variables:
depmode Dependency tracking mode.
- source Source file read by `PROGRAMS ARGS'.
- object Object file output by `PROGRAMS ARGS'.
+ source Source file read by 'PROGRAMS ARGS'.
+ object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
- tmpdepfile Temporary file to use when outputing dependencies.
+ tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
@@ -57,6 +57,12 @@ EOF
;;
esac
+# A tabulation character.
+tab=' '
+# A newline character.
+nl='
+'
+
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
@@ -90,10 +96,24 @@ if test "$depmode" = msvcmsys; then
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
- cygpath_u="sed s,\\\\\\\\,/,g"
+ cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
+if test "$depmode" = msvc7msys; then
+ # This is just like msvc7 but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u='sed s,\\\\,/,g'
+ depmode=msvc7
+fi
+
+if test "$depmode" = xlc; then
+ # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations.
+ gccflag=-qmakedep=gcc,-MF
+ depmode=gcc
+fi
+
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
@@ -148,20 +168,21 @@ gcc)
## The second -e expression handles DOS-style file names with drive letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
-## This next piece of magic avoids the `deleted header file' problem.
+## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
- tr ' ' '
-' < "$tmpdepfile" |
-## Some versions of gcc put a space before the `:'. On the theory
+ tr ' ' "$nl" < "$tmpdepfile" |
+## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
-## well.
+## well. hp depmode also adds that space, but also prefixes the VPATH
+## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
- sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
+ | sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -193,18 +214,15 @@ sgi)
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
- # the IRIX cc adds comments like `#:fec' to the end of the
+ # the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
- tr ' ' '
-' < "$tmpdepfile" \
+ tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
- tr '
-' ' ' >> "$depfile"
+ tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
- tr ' ' '
-' < "$tmpdepfile" \
+ tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> "$depfile"
else
@@ -216,10 +234,17 @@ sgi)
rm -f "$tmpdepfile"
;;
+xlc)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
- # current directory. Also, the AIX compiler puts `$object:' at the
+ # current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
@@ -249,12 +274,11 @@ aix)
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
- # Each line is of the form `foo.o: dependent.h'.
+ # Each line is of the form 'foo.o: dependent.h'.
# Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
+ # '$object: dependent.h' and one to simply 'dependent.h:'.
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
- # That's a tab and a space in the [].
- sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
@@ -265,23 +289,26 @@ aix)
;;
icc)
- # Intel's C compiler understands `-MD -MF file'. However on
- # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'.
+ # However on
+ # $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
- # which is wrong. We want:
+ # which is wrong. We want
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
# sub/foo.h:
# ICC 7.1 will output
# foo.o: sub/foo.c sub/foo.h
- # and will wrap long lines using \ :
+ # and will wrap long lines using '\':
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
-
+ # tcc 0.9.26 (FIXME still under development at the moment of writing)
+ # will emit a similar output, but also prepend the continuation lines
+ # with horizontal tabulation characters.
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
@@ -290,15 +317,21 @@ icc)
exit $stat
fi
rm -f "$depfile"
- # Each line is of the form `foo.o: dependent.h',
- # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Each line is of the form 'foo.o: dependent.h',
+ # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'.
# Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
- sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
- sed -e 's/$/ :/' >> "$depfile"
+ # '$object: dependent.h' and one to simply 'dependent.h:'.
+ sed -e "s/^[ $tab][ $tab]*/ /" -e "s,^[^:]*:,$object :," \
+ < "$tmpdepfile" > "$depfile"
+ sed '
+ s/[ '"$tab"'][ '"$tab"']*/ /g
+ s/^ *//
+ s/ *\\*$//
+ s/^[^:]*: *//
+ /^$/d
+ /:$/d
+ s/$/ :/
+ ' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
@@ -334,7 +367,7 @@ hp2)
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
- # Add `dependent.h:' lines.
+ # Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
@@ -349,9 +382,9 @@ hp2)
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
- # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
- # dependencies in `foo.d' instead, so we check for that too.
+ # dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
@@ -397,14 +430,59 @@ tru64)
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
- # That's a tab and a space in the [].
- sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
fi
rm -f "$tmpdepfile"
;;
+msvc7)
+ if test "$libtool" = yes; then
+ showIncludes=-Wc,-showIncludes
+ else
+ showIncludes=-showIncludes
+ fi
+ "$@" $showIncludes > "$tmpdepfile"
+ stat=$?
+ grep -v '^Note: including file: ' "$tmpdepfile"
+ if test "$stat" = 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ # The first sed program below extracts the file names and escapes
+ # backslashes for cygpath. The second sed program outputs the file
+ # name when reading, but also accumulates all include files in the
+ # hold buffer in order to output them again at the end. This only
+ # works with sed implementations that can handle large buffers.
+ sed < "$tmpdepfile" -n '
+/^Note: including file: *\(.*\)/ {
+ s//\1/
+ s/\\/\\\\/g
+ p
+}' | $cygpath_u | sort -u | sed -n '
+s/ /\\ /g
+s/\(.*\)/'"$tab"'\1 \\/p
+s/.\(.*\) \\/\1:/
+H
+$ {
+ s/.*/'"$tab"'/
+ G
+ p
+}' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvc7msys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
#nosideeffect)
# This comment above is used by automake to tell side-effect
# dependency tracking mechanisms from slower ones.
@@ -422,7 +500,7 @@ dashmstdout)
shift
fi
- # Remove `-o $object'.
+ # Remove '-o $object'.
IFS=" "
for arg
do
@@ -442,15 +520,14 @@ dashmstdout)
done
test -z "$dashmflag" && dashmflag=-M
- # Require at least two characters before searching for `:'
+ # Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
- # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
- sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
- tr ' ' '
-' < "$tmpdepfile" | \
+ tr ' ' "$nl" < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@@ -503,9 +580,10 @@ makedepend)
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
- cat < "$tmpdepfile" > "$depfile"
- sed '1,2d' "$tmpdepfile" | tr ' ' '
-' | \
+ # makedepend may prepend the VPATH from the source file name to the object.
+ # No need to regex-escape $object, excess matching of '.' is harmless.
+ sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
@@ -525,7 +603,7 @@ cpp)
shift
fi
- # Remove `-o $object'.
+ # Remove '-o $object'.
IFS=" "
for arg
do
@@ -594,8 +672,8 @@ msvisualcpp)
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
- sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
- echo " " >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
+ echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
diff --git a/build-aux/install-sh b/build-aux/install-sh
index 6781b98..a9244eb 100755
--- a/build-aux/install-sh
+++ b/build-aux/install-sh
@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
-scriptversion=2009-04-28.21; # UTC
+scriptversion=2011-01-19.21; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -156,6 +156,10 @@ while test $# -ne 0; do
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
+ # Protect names problematic for `test' and other utilities.
+ case $dst_arg in
+ -* | [=\(\)!]) dst_arg=./$dst_arg;;
+ esac
shift;;
-T) no_target_directory=true;;
@@ -186,6 +190,10 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
fi
shift # arg
dst_arg=$arg
+ # Protect names problematic for `test' and other utilities.
+ case $dst_arg in
+ -* | [=\(\)!]) dst_arg=./$dst_arg;;
+ esac
done
fi
@@ -200,7 +208,11 @@ if test $# -eq 0; then
fi
if test -z "$dir_arg"; then
- trap '(exit $?); exit' 1 2 13 15
+ do_exit='(exit $ret); exit $ret'
+ trap "ret=129; $do_exit" 1
+ trap "ret=130; $do_exit" 2
+ trap "ret=141; $do_exit" 13
+ trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
@@ -228,9 +240,9 @@ fi
for src
do
- # Protect names starting with `-'.
+ # Protect names problematic for `test' and other utilities.
case $src in
- -*) src=./$src;;
+ -* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
@@ -252,12 +264,7 @@ do
echo "$0: no destination specified." >&2
exit 1
fi
-
dst=$dst_arg
- # Protect names starting with `-'.
- case $dst in
- -*) dst=./$dst;;
- esac
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
@@ -385,7 +392,7 @@ do
case $dstdir in
/*) prefix='/';;
- -*) prefix='./';;
+ [-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
@@ -403,7 +410,7 @@ do
for d
do
- test -z "$d" && continue
+ test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
diff --git a/build-aux/missing b/build-aux/missing
index 28055d2..86a8fc3 100755
--- a/build-aux/missing
+++ b/build-aux/missing
@@ -1,10 +1,10 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
-scriptversion=2009-04-28.21; # UTC
+scriptversion=2012-01-06.13; # UTC
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
-# 2008, 2009 Free Software Foundation, Inc.
+# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -84,7 +84,6 @@ Supported PROGRAM values:
help2man touch the output file
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
- tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
@@ -122,15 +121,6 @@ case $1 in
# Not GNU programs, they don't have --version.
;;
- tar*)
- if test -n "$run"; then
- echo 1>&2 "ERROR: \`tar' requires --run"
- exit 1
- elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
- exit 1
- fi
- ;;
-
*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
@@ -226,7 +216,7 @@ WARNING: \`$1' $msg. You should only need it if
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if test $# -ne 1; then
- eval LASTARG="\${$#}"
+ eval LASTARG=\${$#}
case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
@@ -256,7 +246,7 @@ WARNING: \`$1' is $msg. You should only need it if
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if test $# -ne 1; then
- eval LASTARG="\${$#}"
+ eval LASTARG=\${$#}
case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
@@ -318,41 +308,6 @@ WARNING: \`$1' is $msg. You should only need it if
touch $file
;;
- tar*)
- shift
-
- # We have already tried tar in the generic part.
- # Look for gnutar/gtar before invocation to avoid ugly error
- # messages.
- if (gnutar --version > /dev/null 2>&1); then
- gnutar "$@" && exit 0
- fi
- if (gtar --version > /dev/null 2>&1); then
- gtar "$@" && exit 0
- fi
- firstarg="$1"
- if shift; then
- case $firstarg in
- *o*)
- firstarg=`echo "$firstarg" | sed s/o//`
- tar "$firstarg" "$@" && exit 0
- ;;
- esac
- case $firstarg in
- *h*)
- firstarg=`echo "$firstarg" | sed s/h//`
- tar "$firstarg" "$@" && exit 0
- ;;
- esac
- fi
-
- echo 1>&2 "\
-WARNING: I can't seem to be able to run \`tar' with the given arguments.
- You may want to install GNU tar or Free paxutils, or check the
- command line arguments."
- exit 1
- ;;
-
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and is $msg.
diff --git a/client/file.c b/client/file.c
index 861da6a..511c995 100644
--- a/client/file.c
+++ b/client/file.c
@@ -2,7 +2,8 @@
* File handling for the wallet client.
*
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2008, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
@@ -15,7 +16,6 @@
#include <sys/stat.h>
#include <client/internal.h>
-#include <util/concat.h>
#include <util/messages.h>
#include <util/xmalloc.h>
@@ -82,8 +82,8 @@ write_file(const char *name, const void *data, size_t length)
{
char *temp, *backup;
- temp = concat(name, ".new", (char *) 0);
- backup = concat(name, ".bak", (char *) 0);
+ xasprintf(&temp, "%s.new", name);
+ xasprintf(&backup, "%s.bak", name);
overwrite_file(temp, data, length);
if (access(name, F_OK) == 0) {
if (access(backup, F_OK) == 0)
diff --git a/client/internal.h b/client/internal.h
index c8e5802..24dd875 100644
--- a/client/internal.h
+++ b/client/internal.h
@@ -2,7 +2,8 @@
* Internal support functions for the wallet client.
*
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2008, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
diff --git a/client/keytab.c b/client/keytab.c
index 9a7734e..d7106e1 100644
--- a/client/keytab.c
+++ b/client/keytab.c
@@ -2,7 +2,8 @@
* Implementation of keytab handling for the wallet client.
*
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2008, 2010, 2013
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
@@ -14,7 +15,6 @@
#include <remctl.h>
#include <client/internal.h>
-#include <util/concat.h>
#include <util/messages-krb5.h>
#include <util/messages.h>
#include <util/xmalloc.h>
@@ -106,7 +106,7 @@ merge_keytab(krb5_context ctx, const char *newfile, const char *file)
krb5_error_code status;
memset(&entry, 0, sizeof(entry));
- oldfile = concat("WRFILE:", file, (char *) 0);
+ xasprintf(&oldfile, "WRFILE:%s", file);
status = krb5_kt_resolve(ctx, oldfile, &old);
if (status != 0)
die_krb5(ctx, status, "cannot open keytab %s", file);
@@ -188,7 +188,7 @@ get_keytab(struct remctl *r, krb5_context ctx, const char *type,
return 255;
}
if (access(file, F_OK) == 0) {
- tempfile = concat(file, ".new", (char *) 0);
+ xasprintf(&tempfile, "%s.new", file);
overwrite_file(tempfile, data, length);
if (srvtab != NULL)
write_srvtab(ctx, srvtab, name, tempfile);
@@ -224,7 +224,7 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
bool error = false, rekeyed = false;
struct principal_name *names, *current;
- tempfile = concat(file, ".new", (char *) 0);
+ xasprintf(&tempfile, "%s.new", file);
krb5_get_default_realm(ctx, &realm);
names = keytab_principals(ctx, file, realm);
for (current = names; current != NULL; current = current->next) {
@@ -252,12 +252,14 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
* keys. If there is an error, first make a backup of the current keytab
* file as keytab.old.
*/
- if (access(file, F_OK) != 0)
- link(tempfile, file);
- else {
+ if (access(file, F_OK) != 0) {
+ if (link(tempfile, file) < 0)
+ sysdie("rename of temporary keytab %s to %s failed", tempfile,
+ file);
+ } else {
if (error) {
data = read_file(file, &length);
- backupfile = concat(file, ".old", (char *) 0);
+ xasprintf(&backupfile, "%s.old", file);
overwrite_file(backupfile, data, length);
warn("partial failure to rekey keytab %s, old keytab left in %s",
file, backupfile);
diff --git a/client/krb5.c b/client/krb5.c
index aad39f6..dde37ed 100644
--- a/client/krb5.c
+++ b/client/krb5.c
@@ -6,7 +6,10 @@
* client.
*
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2008, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * See LICENSE for licensing terms.
*/
#include <config.h>
diff --git a/client/options.c b/client/options.c
index 2f1de70..67ecb7f 100644
--- a/client/options.c
+++ b/client/options.c
@@ -6,7 +6,7 @@
*
* Written by Russ Allbery <rra@stanford.edu>
* Copyright 2006, 2007, 2008, 2010
- * Board of Trustees, Leland Stanford Jr. University
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
diff --git a/client/remctl.c b/client/remctl.c
index 5a541d5..071e410 100644
--- a/client/remctl.c
+++ b/client/remctl.c
@@ -2,7 +2,8 @@
* remctl interface for the wallet client.
*
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
diff --git a/client/srvtab.c b/client/srvtab.c
index b26e6fc..73277e9 100644
--- a/client/srvtab.c
+++ b/client/srvtab.c
@@ -2,7 +2,8 @@
* Implementation of srvtab handling for the wallet client.
*
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2007, 2008, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
diff --git a/client/wallet-rekey.1 b/client/wallet-rekey.1
index 965a123..10bc7fa 100644
--- a/client/wallet-rekey.1
+++ b/client/wallet-rekey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET-REKEY 1"
-.TH WALLET-REKEY 1 "2010-08-25" "0.12" "wallet"
+.TH WALLET-REKEY 1 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -257,6 +257,18 @@ implementation detail and the default (\f(CW\*(C`wallet\*(C'\fR) should be fine.
sometimes be useful to use a different prefix for testing a different
version of the wallet code on the server. The \fB\-c\fR command-line option
overrides this setting.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior
+University
+.PP
+Copying and distribution of this file, with or without modification, are
+permitted in any medium without royalty provided the copyright notice and
+this notice are preserved. This file is offered as-is, without any
+warranty.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIkadmin\fR\|(8), \fIkinit\fR\|(1), \fIkrb5.conf\fR\|(5), \fIremctl\fR\|(1), \fIremctld\fR\|(8), \fIwallet\fR\|(1)
@@ -266,6 +278,3 @@ from <http://www.eyrie.org/~eagle/software/wallet/>.
.PP
\&\fBwallet-rekey\fR uses the remctl protocol. For more information about
remctl, see <http://www.eyrie.org/~eagle/software/remctl/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
diff --git a/client/wallet-rekey.c b/client/wallet-rekey.c
index 3a9687c..5007f41 100644
--- a/client/wallet-rekey.c
+++ b/client/wallet-rekey.c
@@ -3,7 +3,8 @@
*
* Written by Russ Allbery <rra@stanford.edu>
* and Jon Robertson <jonrober@stanford.edu>
- * Copyright 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2010
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
diff --git a/client/wallet-rekey.pod b/client/wallet-rekey.pod
index efe9a0b..47413ad 100644
--- a/client/wallet-rekey.pod
+++ b/client/wallet-rekey.pod
@@ -148,6 +148,20 @@ overrides this setting.
=back
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior
+University
+
+Copying and distribution of this file, with or without modification, are
+permitted in any medium without royalty provided the copyright notice and
+this notice are preserved. This file is offered as-is, without any
+warranty.
+
=head1 SEE ALSO
kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8), wallet(1)
@@ -158,8 +172,4 @@ from L<http://www.eyrie.org/~eagle/software/wallet/>.
B<wallet-rekey> uses the remctl protocol. For more information about
remctl, see L<http://www.eyrie.org/~eagle/software/remctl/>.
-=head1 AUTHOR
-
-Russ Allbery <rra@stanford.edu>
-
=cut
diff --git a/client/wallet.1 b/client/wallet.1
index 0e02fe9..959105d 100644
--- a/client/wallet.1
+++ b/client/wallet.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET 1"
-.TH WALLET 1 "2010-08-25" "0.12" "wallet"
+.TH WALLET 1 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -260,30 +260,37 @@ options and commands are ignored.
.SH "COMMANDS"
.IX Header "COMMANDS"
As mentioned above, most commands are only available to wallet
-administrators. The exceptions are \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR,
-\&\f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. All
-of those commands have their own ACLs except \f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR,
-which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`setattr\*(C'\fR, which uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0.
-If the appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has
-access. Otherwise, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, and
-\&\f(CW\*(C`history\*(C'\fR access is permitted if the user is authorized by the owner \s-1ACL\s0
-of the object.
+administrators. The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check\*(C'\fR, \f(CW\*(C`get\*(C'\fR,
+\&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
+\&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
+anyone. All of the rest of those commands have their own ACLs except
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+depending on whether one is setting or retrieving the comment. If the
+appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
+Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
+\&\f(CW\*(C`history\*(C'\fR, and \f(CW\*(C`comment\*(C'\fR access is permitted if the user is authorized
+by the owner \s-1ACL\s0 of the object.
.PP
Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
-and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`show\*(C'\fR, they must still be authorized by
+and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
.PP
If the locked flag is set on an object, no commands can be run on that
object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
command be used on that object. \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`history\*(C'\fR, \f(CW\*(C`getacl\*(C'\fR,
-\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR or \f(CW\*(C`expires\*(C'\fR without an argument can still be
-used on that object.
+\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR, \f(CW\*(C`expires\*(C'\fR, or \f(CW\*(C`comment\*(C'\fR without an argument
+can still be used on that object.
.PP
For more information on attributes, see \s-1ATTRIBUTES\s0.
.IP "acl add <id> <scheme> <identifier>" 4
.IX Item "acl add <id> <scheme> <identifier>"
-Adds an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be
+Add an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be
either the name of an \s-1ACL\s0 or its numeric identifier.
+.IP "acl check <id>" 4
+.IX Item "acl check <id>"
+Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists. If it does, prints
+\&\f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR.
.IP "acl create <name>" 4
.IX Item "acl create <name>"
Create a new, empty \s-1ACL\s0 with name <name>. When setting an \s-1ACL\s0 on an
@@ -335,6 +342,14 @@ already exist.
.IX Item "check <type> <name>"
Check whether an object of type <type> and name <name> already exists. If
it does, prints \f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR.
+.IP "comment <type> <name> [<comment>]" 4
+.IX Item "comment <type> <name> [<comment>]"
+If <comment> is not given, displays the current comment for the object
+identified by <type> and <name>, or \f(CW\*(C`No comment set\*(C'\fR if none is set.
+.Sp
+If <comment> is given, sets the comment on the object identified by
+<type> and <name> to <comment>. If <comment> is the empty string, clears
+the comment.
.IP "create <type> <name>" 4
.IX Item "create <type> <name>"
Create a new object of type <type> with name <name>. With some backends,
@@ -507,6 +522,18 @@ implementation detail and the default (\f(CW\*(C`wallet\*(C'\fR) should be fine.
sometimes be useful to use a different prefix for testing a different
version of the wallet code on the server. The \fB\-c\fR command-line option
overrides this setting.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
+Leland Stanford Junior University
+.PP
+Copying and distribution of this file, with or without modification, are
+permitted in any medium without royalty provided the copyright notice and
+this notice are preserved. This file is offered as-is, without any
+warranty.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIkadmin\fR\|(8), \fIkinit\fR\|(1), \fIkrb5.conf\fR\|(5), \fIremctl\fR\|(1), \fIremctld\fR\|(8)
@@ -516,6 +543,3 @@ from <http://www.eyrie.org/~eagle/software/wallet/>.
.PP
\&\fBwallet\fR uses the remctl protocol. For more information about remctl,
see <http://www.eyrie.org/~eagle/software/remctl/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
diff --git a/client/wallet.c b/client/wallet.c
index dc04dcd..c5a7877 100644
--- a/client/wallet.c
+++ b/client/wallet.c
@@ -3,7 +3,7 @@
*
* Written by Russ Allbery <rra@stanford.edu>
* Copyright 2006, 2007, 2008, 2010
- * Board of Trustees, Leland Stanford Jr. University
+ * The Board of Trustees of the Leland Stanford Junior University
*
* See LICENSE for licensing terms.
*/
diff --git a/client/wallet.pod b/client/wallet.pod
index 45969b2..214a157 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -1,11 +1,11 @@
-=head1 NAME
-
-wallet - Client for retrieving secure data from a central server
-
=for stopwords
-hv srvtab arg keytabs metadata keytab ACL PTS kinit klist remctl PKINIT
acl timestamp autocreate backend-specific setacl enctypes enctype ktadd
-KDC appdefaults remctld Allbery uuencode getacl backend ACL's
+KDC appdefaults remctld Allbery uuencode getacl backend ACL's DES
+
+=head1 NAME
+
+wallet - Client for retrieving secure data from a central server
=head1 SYNOPSIS
@@ -151,24 +151,27 @@ options and commands are ignored.
=head1 COMMANDS
As mentioned above, most commands are only available to wallet
-administrators. The exceptions are C<get>, C<store>, C<show>, C<destroy>,
-C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>. All
-of those commands have their own ACLs except C<getattr> and C<history>,
-which use the C<show> ACL, and C<setattr>, which uses the C<store> ACL.
-If the appropriate ACL is set, it alone is checked to see if the user has
-access. Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, and
-C<history> access is permitted if the user is authorized by the owner ACL
-of the object.
+administrators. The exceptions are C<acl check>, C<check>, C<get>,
+C<store>, C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>,
+C<setattr>, and C<history>. C<acl check> and C<check> can be run by
+anyone. All of the rest of those commands have their own ACLs except
+C<getattr> and C<history>, which use the C<show> ACL, C<setattr>, which
+uses the C<store> ACL, and C<comment>, which uses the owner or C<show> ACL
+depending on whether one is setting or retrieving the comment. If the
+appropriate ACL is set, it alone is checked to see if the user has access.
+Otherwise, C<destroy>, C<get>, C<store>, C<show>, C<getattr>, C<setattr>,
+C<history>, and C<comment> access is permitted if the user is authorized
+by the owner ACL of the object.
Administrators can run any command on any object or ACL except for C<get>
-and C<store>. For C<get> and C<show>, they must still be authorized by
+and C<store>. For C<get> and C<store>, they must still be authorized by
either the appropriate specific ACL or the owner ACL.
If the locked flag is set on an object, no commands can be run on that
object that change data except the C<flags> commands, nor can the C<get>
command be used on that object. C<show>, C<history>, C<getacl>,
-C<getattr>, and C<owner> or C<expires> without an argument can still be
-used on that object.
+C<getattr>, and C<owner>, C<expires>, or C<comment> without an argument
+can still be used on that object.
For more information on attributes, see L<ATTRIBUTES>.
@@ -176,9 +179,14 @@ For more information on attributes, see L<ATTRIBUTES>.
=item acl add <id> <scheme> <identifier>
-Adds an entry with <scheme> and <identifier> to the ACL <id>. <id> may be
+Add an entry with <scheme> and <identifier> to the ACL <id>. <id> may be
either the name of an ACL or its numeric identifier.
+=item acl check <id>
+
+Check whether an ACL with the ID <id> already exists. If it does, prints
+C<yes>; if not, prints C<no>.
+
=item acl create <name>
Create a new, empty ACL with name <name>. When setting an ACL on an
@@ -238,6 +246,15 @@ already exist.
Check whether an object of type <type> and name <name> already exists. If
it does, prints C<yes>; if not, prints C<no>.
+=item comment <type> <name> [<comment>]
+
+If <comment> is not given, displays the current comment for the object
+identified by <type> and <name>, or C<No comment set> if none is set.
+
+If <comment> is given, sets the comment on the object identified by
+<type> and <name> to <comment>. If <comment> is the empty string, clears
+the comment.
+
=item create <type> <name>
Create a new object of type <type> with name <name>. With some backends,
@@ -440,6 +457,20 @@ overrides this setting.
=back
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
+Leland Stanford Junior University
+
+Copying and distribution of this file, with or without modification, are
+permitted in any medium without royalty provided the copyright notice and
+this notice are preserved. This file is offered as-is, without any
+warranty.
+
=head1 SEE ALSO
kadmin(8), kinit(1), krb5.conf(5), remctl(1), remctld(8)
@@ -450,8 +481,4 @@ from L<http://www.eyrie.org/~eagle/software/wallet/>.
B<wallet> uses the remctl protocol. For more information about remctl,
see L<http://www.eyrie.org/~eagle/software/remctl/>.
-=head1 AUTHOR
-
-Russ Allbery <rra@stanford.edu>
-
=cut
diff --git a/config.h.in b/config.h.in
index d8c5681..b16f4ff 100644
--- a/config.h.in
+++ b/config.h.in
@@ -24,12 +24,24 @@
/* Define if the compiler supports GNU-style variadic macros. */
#undef HAVE_GNU_VAMACROS
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
+/* Define to 1 if the GSS-API library uses RFC-compliant OIDs. */
+#undef HAVE_GSS_RFC_OIDS
+
/* Define to 1 if you have the <ibm_svc/krb5_svc.h> header file. */
#undef HAVE_IBM_SVC_KRB5_SVC_H
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+/* Define to enable Kerberos features. */
+#undef HAVE_KERBEROS
+
/* Define to 1 if you have the `krb5_free_error_message' function. */
#undef HAVE_KRB5_FREE_ERROR_MESSAGE
@@ -55,9 +67,15 @@
function. */
#undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_DEFAULT_FLAGS
+/* Define to 1 if you have the <krb5.h> header file. */
+#undef HAVE_KRB5_H
+
/* Define to 1 if `keyblock' is a member of `krb5_keytab_entry'. */
#undef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
+/* Define to 1 if you have the <krb5/krb5.h> header file. */
+#undef HAVE_KRB5_KRB5_H
+
/* Define to 1 if you have the `krb5_principal_get_realm' function. */
#undef HAVE_KRB5_PRINCIPAL_GET_REALM
@@ -73,6 +91,9 @@
/* Define to 1 if you have the `mkstemp' function. */
#undef HAVE_MKSTEMP
+/* Define to enable remctl features. */
+#undef HAVE_REMCTL
+
/* Define to 1 if you have the `setenv' function. */
#undef HAVE_SETENV
@@ -82,6 +103,9 @@
/* Define if your system has a working snprintf function. */
#undef HAVE_SNPRINTF
+/* Define to 1 if the system has the type `ssize_t'. */
+#undef HAVE_SSIZE_T
+
/* Define to 1 if stdbool.h conforms to C99. */
#undef HAVE_STDBOOL_H
diff --git a/config/wallet b/config/wallet
index 19b86fa..61914a1 100644
--- a/config/wallet
+++ b/config/wallet
@@ -6,4 +6,4 @@
wallet store /usr/sbin/wallet-backend stdin=4 ANYUSER
wallet ALL /usr/sbin/wallet-backend ANYUSER
-wallet-report /usr/sbin/wallet-report /etc/remctl/acl/wallet-report
+wallet-report ALL /usr/sbin/wallet-report /etc/remctl/acl/wallet-report
diff --git a/configure b/configure
index 39b9271..db49612 100755
--- a/configure
+++ b/configure
@@ -1,13 +1,11 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.67 for wallet 0.12.
+# Generated by GNU Autoconf 2.69 for wallet 1.0.
#
# Report bugs to <rra@stanford.edu>.
#
#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
-# Foundation, Inc.
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
@@ -91,6 +89,7 @@ fi
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -135,6 +134,31 @@ export LANGUAGE
# CDPATH.
(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# Use a proper internal environment variable to ensure we don't fall
+ # into an infinite loop, continuously re-executing ourselves.
+ if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+ _as_can_reexec=no; export _as_can_reexec;
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+ fi
+ # We don't want this to propagate to other subprocesses.
+ { _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
@@ -168,7 +192,8 @@ if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
else
exitcode=1; echo positional parameters were not saved.
fi
-test x\$exitcode = x0 || exit 1"
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
@@ -213,14 +238,25 @@ IFS=$as_save_IFS
if test "x$CONFIG_SHELL" != x; then :
- # We cannot yet assume a decent shell, so we have to provide a
- # neutralization value for shells without unset; and this also
- # works around shells that cannot unset nonexistent variables.
- BASH_ENV=/dev/null
- ENV=/dev/null
- (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
fi
if test x$as_have_required = xno; then :
@@ -323,6 +359,14 @@ $as_echo X"$as_dir" |
} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
@@ -444,6 +488,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
chmod +x "$as_me.lineno" ||
{ $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+ # already done that, so ensure we don't try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensitive to this).
@@ -478,16 +526,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
+ # In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@@ -499,28 +547,8 @@ else
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -552,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='wallet'
PACKAGE_TARNAME='wallet'
-PACKAGE_VERSION='0.12'
-PACKAGE_STRING='wallet 0.12'
+PACKAGE_VERSION='1.0'
+PACKAGE_STRING='wallet 1.0'
PACKAGE_BUGREPORT='rra@stanford.edu'
PACKAGE_URL=''
@@ -604,7 +632,7 @@ KRB5_USES_COM_ERR_TRUE
KRB5_LIBS
KRB5_LDFLAGS
KRB5_CPPFLAGS
-KRB5_CONFIG
+PATH_KRB5_CONFIG
GSSAPI_LIBS
GSSAPI_LDFLAGS
GSSAPI_CPPFLAGS
@@ -618,6 +646,7 @@ CPP
am__fastdepCC_FALSE
am__fastdepCC_TRUE
CCDEPMODE
+am__nodep
AMDEPBACKSLASH
AMDEP_FALSE
AMDEP_TRUE
@@ -636,6 +665,8 @@ MAINTAINER_MODE_FALSE
MAINTAINER_MODE_TRUE
AM_BACKSLASH
AM_DEFAULT_VERBOSITY
+AM_DEFAULT_V
+AM_V
am__untar
am__tar
AMTAR
@@ -703,18 +734,18 @@ enable_option_checking
enable_silent_rules
enable_maintainer_mode
enable_dependency_tracking
-enable_reduced_depends
+with_wallet_server
+with_wallet_port
with_remctl
with_remctl_include
with_remctl_lib
+enable_reduced_depends
with_gssapi
with_gssapi_include
with_gssapi_lib
with_krb5
with_krb5_include
with_krb5_lib
-with_wallet_server
-with_wallet_port
'
ac_precious_vars='build_alias
host_alias
@@ -725,7 +756,7 @@ LDFLAGS
LIBS
CPPFLAGS
CPP
-KRB5_CONFIG
+PATH_KRB5_CONFIG
REMCTLD'
@@ -1131,7 +1162,7 @@ Try \`$0 --help' for more information"
$as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
$as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
esac
@@ -1182,8 +1213,6 @@ target=$target_alias
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
- $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used" >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
@@ -1269,7 +1298,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures wallet 0.12 to adapt to many kinds of systems.
+\`configure' configures wallet 1.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1335,7 +1364,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of wallet 0.12:";;
+ short | recursive ) echo "Configuration of wallet 1.0:";;
esac
cat <<\_ACEOF
@@ -1355,6 +1384,9 @@ Optional Features:
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-wallet-server=HOST
+ Default wallet server
+ --with-wallet-port=PORT Default wallet server port
--with-remctl=DIR Location of remctl headers and libraries
--with-remctl-include=DIR
Location of remctl headers
@@ -1363,12 +1395,9 @@ Optional Packages:
--with-gssapi-include=DIR
Location of GSS-API headers
--with-gssapi-lib=DIR Location of GSS-API libraries
- --with-krb5=DIR Location of Kerberos v5 headers and libraries
- --with-krb5-include=DIR Location of Kerberos v5 headers
- --with-krb5-lib=DIR Location of Kerberos v5 libraries
- --with-wallet-server=HOST
- Default wallet server
- --with-wallet-port=PORT Default wallet server port
+ --with-krb5=DIR Location of Kerberos headers and libraries
+ --with-krb5-include=DIR Location of Kerberos headers
+ --with-krb5-lib=DIR Location of Kerberos libraries
Some influential environment variables:
CC C compiler command
@@ -1379,7 +1408,8 @@ Some influential environment variables:
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
- KRB5_CONFIG Path to krb5-config
+ PATH_KRB5_CONFIG
+ Path to krb5-config
REMCTLD Path to the remctld binary
Use these variables to override the choices made by `configure' or to help
@@ -1448,10 +1478,10 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-wallet configure 0.12
-generated by GNU Autoconf 2.67
+wallet configure 1.0
+generated by GNU Autoconf 2.69
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@@ -1495,7 +1525,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_compile
@@ -1532,7 +1562,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_cpp
@@ -1545,10 +1575,10 @@ fi
ac_fn_c_check_header_mongrel ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval "test \"\${$3+set}\"" = set; then :
+ if eval \${$3+:} false; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
fi
eval ac_res=\$$3
@@ -1615,7 +1645,7 @@ $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
eval "$3=\$ac_header_compiler"
@@ -1624,7 +1654,7 @@ eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_mongrel
@@ -1665,7 +1695,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=$ac_status
fi
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_run
@@ -1679,7 +1709,7 @@ ac_fn_c_check_header_compile ()
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -1697,7 +1727,7 @@ fi
eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_compile
@@ -1718,7 +1748,8 @@ int
main ()
{
static int test_array [1 - 2 * !(($2) >= 0)];
-test_array [0] = 0
+test_array [0] = 0;
+return test_array [0];
;
return 0;
@@ -1734,7 +1765,8 @@ int
main ()
{
static int test_array [1 - 2 * !(($2) <= $ac_mid)];
-test_array [0] = 0
+test_array [0] = 0;
+return test_array [0];
;
return 0;
@@ -1760,7 +1792,8 @@ int
main ()
{
static int test_array [1 - 2 * !(($2) < 0)];
-test_array [0] = 0
+test_array [0] = 0;
+return test_array [0];
;
return 0;
@@ -1776,7 +1809,8 @@ int
main ()
{
static int test_array [1 - 2 * !(($2) >= $ac_mid)];
-test_array [0] = 0
+test_array [0] = 0;
+return test_array [0];
;
return 0;
@@ -1810,7 +1844,8 @@ int
main ()
{
static int test_array [1 - 2 * !(($2) <= $ac_mid)];
-test_array [0] = 0
+test_array [0] = 0;
+return test_array [0];
;
return 0;
@@ -1874,7 +1909,7 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
rm -f conftest.val
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_compute_int
@@ -1906,7 +1941,7 @@ $as_echo "$ac_try_echo"; } >&5
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
+ test -x conftest$ac_exeext
}; then :
ac_retval=0
else
@@ -1920,7 +1955,7 @@ fi
# interfere with the next link command; also delete a directory that is
# left behind by Apple's compiler. We do this before executing the actions.
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_link
@@ -1933,7 +1968,7 @@ ac_fn_c_check_func ()
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -1988,7 +2023,7 @@ fi
eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_func
@@ -2003,7 +2038,7 @@ ac_fn_c_check_decl ()
as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -2034,7 +2069,7 @@ fi
eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_decl
@@ -2047,7 +2082,7 @@ ac_fn_c_check_member ()
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
$as_echo_n "checking for $2.$3... " >&6; }
-if eval "test \"\${$4+set}\"" = set; then :
+if eval \${$4+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -2091,7 +2126,7 @@ fi
eval ac_res=\$$4
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_member
@@ -2104,7 +2139,7 @@ ac_fn_c_check_type ()
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
eval "$3=no"
@@ -2145,15 +2180,15 @@ fi
eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_type
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by wallet $as_me 0.12, which was
-generated by GNU Autoconf 2.67. Invocation command line was
+It was created by wallet $as_me 1.0, which was
+generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2411,7 +2446,7 @@ $as_echo "$as_me: loading site script $ac_site_file" >&6;}
|| { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
fi
done
@@ -2550,7 +2585,7 @@ am__api_version='1.11'
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
$as_echo_n "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then :
+if ${ac_cv_path_install+:} false; then :
$as_echo_n "(cached) " >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -2570,7 +2605,7 @@ case $as_dir/ in #((
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
@@ -2637,11 +2672,11 @@ am_lf='
'
case `pwd` in
*[\\\"\#\$\&\'\`$am_lf]*)
- as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;;
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
esac
case $srcdir in
*[\\\"\#\$\&\'\`$am_lf\ \ ]*)
- as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;;
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;;
esac
# Do `set' in a subshell so we don't clobber the current shell's
@@ -2727,7 +2762,7 @@ if test "$cross_compiling" != no; then
set dummy ${ac_tool_prefix}strip; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_STRIP+set}" = set; then :
+if ${ac_cv_prog_STRIP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$STRIP"; then
@@ -2739,7 +2774,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2767,7 +2802,7 @@ if test -z "$ac_cv_prog_STRIP"; then
set dummy strip; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_STRIP"; then
@@ -2779,7 +2814,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2820,7 +2855,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
if test -z "$MKDIR_P"; then
- if test "${ac_cv_path_mkdir+set}" = set; then :
+ if ${ac_cv_path_mkdir+:} false; then :
$as_echo_n "(cached) " >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -2830,7 +2865,7 @@ do
test -z "$as_dir" && as_dir=.
for ac_prog in mkdir gmkdir; do
for ac_exec_ext in '' $ac_executable_extensions; do
- { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
'mkdir (GNU coreutils) '* | \
'mkdir (coreutils) '* | \
@@ -2871,7 +2906,7 @@ do
set dummy $ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_AWK+set}" = set; then :
+if ${ac_cv_prog_AWK+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$AWK"; then
@@ -2883,7 +2918,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_AWK="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2911,7 +2946,7 @@ done
$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
set x ${MAKE-make}
ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then :
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
$as_echo_n "(cached) " >&6
else
cat >conftest.make <<\_ACEOF
@@ -2957,6 +2992,33 @@ yes) AM_DEFAULT_VERBOSITY=0;;
no) AM_DEFAULT_VERBOSITY=1;;
*) AM_DEFAULT_VERBOSITY=1;;
esac
+am_make=${MAKE-make}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
+$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
+if ${am_cv_make_support_nested_variables+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if $as_echo 'TRUE=$(BAR$(V))
+BAR0=false
+BAR1=true
+V=1
+am__doit:
+ @$(TRUE)
+.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
+ am_cv_make_support_nested_variables=yes
+else
+ am_cv_make_support_nested_variables=no
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
+$as_echo "$am_cv_make_support_nested_variables" >&6; }
+if test $am_cv_make_support_nested_variables = yes; then
+ AM_V='$(V)'
+ AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
+else
+ AM_V=$AM_DEFAULT_VERBOSITY
+ AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
+fi
AM_BACKSLASH='\'
if test "`cd $srcdir && pwd`" != "`pwd`"; then
@@ -2981,7 +3043,7 @@ fi
# Define the identity of the package.
PACKAGE='wallet'
- VERSION='0.12'
+ VERSION='1.0'
cat >>confdefs.h <<_ACEOF
@@ -3011,11 +3073,11 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
-# Always define AMTAR for backward compatibility.
+# Always define AMTAR for backward compatibility. Yes, it's still used
+# in the wild :-( We should find a proper way to deprecate it ...
+AMTAR='$${TAR-tar}'
-AMTAR=${AMTAR-"${am_missing_run}tar"}
-
-am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
@@ -3055,7 +3117,7 @@ if test -n "$ac_tool_prefix"; then
set dummy ${ac_tool_prefix}gcc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -3067,7 +3129,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3095,7 +3157,7 @@ if test -z "$ac_cv_prog_CC"; then
set dummy gcc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
@@ -3107,7 +3169,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3148,7 +3210,7 @@ if test -z "$CC"; then
set dummy ${ac_tool_prefix}cc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -3160,7 +3222,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3188,7 +3250,7 @@ if test -z "$CC"; then
set dummy cc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -3201,7 +3263,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
@@ -3247,7 +3309,7 @@ if test -z "$CC"; then
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -3259,7 +3321,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3291,7 +3353,7 @@ do
set dummy $ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
@@ -3303,7 +3365,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3346,7 +3408,7 @@ fi
test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
@@ -3461,7 +3523,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@@ -3504,7 +3566,7 @@ else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest conftest$ac_cv_exeext
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
@@ -3563,7 +3625,7 @@ $as_echo "$ac_try_echo"; } >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot run C compiled programs.
If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
fi
fi
fi
@@ -3574,7 +3636,7 @@ rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
ac_clean_files=$ac_clean_files_save
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
$as_echo_n "checking for suffix of object files... " >&6; }
-if test "${ac_cv_objext+set}" = set; then :
+if ${ac_cv_objext+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -3615,7 +3677,7 @@ sed 's/^/| /' conftest.$ac_ext >&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
@@ -3625,7 +3687,7 @@ OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+if ${ac_cv_c_compiler_gnu+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -3662,7 +3724,7 @@ ac_test_CFLAGS=${CFLAGS+set}
ac_save_CFLAGS=$CFLAGS
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then :
+if ${ac_cv_prog_cc_g+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_save_c_werror_flag=$ac_c_werror_flag
@@ -3740,7 +3802,7 @@ else
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then :
+if ${ac_cv_prog_cc_c89+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_cv_prog_cc_c89=no
@@ -3749,8 +3811,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+struct stat;
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@@ -3886,6 +3947,7 @@ fi
if test "x$enable_dependency_tracking" != xno; then
am_depcomp="$ac_aux_dir/depcomp"
AMDEPBACKSLASH='\'
+ am__nodep='_no'
fi
if test "x$enable_dependency_tracking" != xno; then
AMDEP_TRUE=
@@ -3901,7 +3963,7 @@ depcc="$CC" am_compiler_list=
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
$as_echo_n "checking dependency style of $depcc... " >&6; }
-if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
+if ${am_cv_CC_dependencies_compiler_type+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
@@ -3910,6 +3972,7 @@ else
# instance it was reported that on HP-UX the gcc test will end up
# making a dummy file named `D' -- because `-MD' means `put the output
# in D'.
+ rm -rf conftest.dir
mkdir conftest.dir
# Copy depcomp to subdir because otherwise we won't find it if we're
# using a relative directory.
@@ -3969,7 +4032,7 @@ else
break
fi
;;
- msvisualcpp | msvcmsys)
+ msvc7 | msvc7msys | msvisualcpp | msvcmsys)
# This compiler won't grok `-c -o', but also, the minuso test has
# not run yet. These depmodes are late enough in the game, and
# so weak that their functioning should not be impacted.
@@ -4037,7 +4100,7 @@ if test -n "$CPP" && test -d "$CPP"; then
CPP=
fi
if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then :
+ if ${ac_cv_prog_CPP+:} false; then :
$as_echo_n "(cached) " >&6
else
# Double quotes because CPP needs to be expanded
@@ -4153,7 +4216,7 @@ else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
fi
ac_ext=c
@@ -4165,7 +4228,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if test "${ac_cv_path_GREP+set}" = set; then :
+if ${ac_cv_path_GREP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -z "$GREP"; then
@@ -4179,7 +4242,7 @@ do
for ac_prog in grep ggrep; do
for ac_exec_ext in '' $ac_executable_extensions; do
ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+ as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
case `"$ac_path_GREP" --version 2>&1` in
@@ -4228,7 +4291,7 @@ $as_echo "$ac_cv_path_GREP" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
$as_echo_n "checking for egrep... " >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then :
+if ${ac_cv_path_EGREP+:} false; then :
$as_echo_n "(cached) " >&6
else
if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
@@ -4245,7 +4308,7 @@ do
for ac_prog in egrep; do
for ac_exec_ext in '' $ac_executable_extensions; do
ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+ as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
case `"$ac_path_EGREP" --version 2>&1` in
@@ -4295,7 +4358,7 @@ $as_echo "$ac_cv_path_EGREP" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
$as_echo_n "checking for ANSI C header files... " >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then :
+if ${ac_cv_header_stdc+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -4424,7 +4487,7 @@ done
ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default"
-if test "x$ac_cv_header_minix_config_h" = x""yes; then :
+if test "x$ac_cv_header_minix_config_h" = xyes; then :
MINIX=yes
else
MINIX=
@@ -4446,14 +4509,14 @@ $as_echo "#define _MINIX 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5
$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; }
-if test "${ac_cv_safe_to_define___extensions__+set}" = set; then :
+if ${ac_cv_safe_to_define___extensions__+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-# define __EXTENSIONS__ 1
- $ac_includes_default
+# define __EXTENSIONS__ 1
+ $ac_includes_default
int
main ()
{
@@ -4492,7 +4555,7 @@ $as_echo_n "checking whether cc understands -c and -o together... " >&6; }
fi
set dummy $CC; ac_cc=`$as_echo "$2" |
sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if eval "test \"\${ac_cv_prog_cc_${ac_cc}_c_o+set}\"" = set; then :
+if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -4615,7 +4678,7 @@ if test -n "$ac_tool_prefix"; then
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_RANLIB+set}" = set; then :
+if ${ac_cv_prog_RANLIB+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$RANLIB"; then
@@ -4627,7 +4690,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4655,7 +4718,7 @@ if test -z "$ac_cv_prog_RANLIB"; then
set dummy ranlib; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_RANLIB"; then
@@ -4667,7 +4730,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4703,6 +4766,31 @@ else
fi
+
+# Check whether --with-wallet-server was given.
+if test "${with_wallet_server+set}" = set; then :
+ withval=$with_wallet_server; if test x"$withval" != xno && test x"$withval" != xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define WALLET_SERVER "$withval"
+_ACEOF
+
+fi
+fi
+
+
+# Check whether --with-wallet-port was given.
+if test "${with_wallet_port+set}" = set; then :
+ withval=$with_wallet_port; if test x"$withval" != xno && test x"$withval" != xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define WALLET_PORT $withval
+_ACEOF
+
+fi
+fi
+
+
rra_reduced_depends=false
# Check whether --enable-reduced-depends was given.
if test "${enable_reduced_depends+set}" = set; then :
@@ -4718,7 +4806,7 @@ rra_lib_arch_name=lib
# This bug is HP SR number 8606223364.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
$as_echo_n "checking size of long... " >&6; }
-if test "${ac_cv_sizeof_long+set}" = set; then :
+if ${ac_cv_sizeof_long+:} false; then :
$as_echo_n "(cached) " >&6
else
if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then :
@@ -4728,7 +4816,7 @@ else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error 77 "cannot compute sizeof (long)
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
else
ac_cv_sizeof_long=0
fi
@@ -4753,9 +4841,51 @@ else
fi
fi
- rra_remctl_root=
+ # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_KRB5_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_KRB5_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_KRB5_CONFIG="$PATH_KRB5_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="${PATH}:/usr/kerberos/bin"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_PATH_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PATH_KRB5_CONFIG=$ac_cv_path_PATH_KRB5_CONFIG
+if test -n "$PATH_KRB5_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_KRB5_CONFIG" >&5
+$as_echo "$PATH_KRB5_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+rra_remctl_root=
rra_remctl_libdir=
rra_remctl_includedir=
+ rra_use_remctl=true
REMCTL_CPPFLAGS=
REMCTL_LDFLAGS=
REMCTL_LIBS=
@@ -4896,7 +5026,7 @@ fi
LIBS="$GSSAPI_LIBS $LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi_krb5" >&5
$as_echo_n "checking for gss_import_name in -lgssapi_krb5... " >&6; }
-if test "${ac_cv_lib_gssapi_krb5_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gssapi_krb5_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -4930,12 +5060,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_import_name" >&5
$as_echo "$ac_cv_lib_gssapi_krb5_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgssapi_krb5"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi" >&5
$as_echo_n "checking for gss_import_name in -lgssapi... " >&6; }
-if test "${ac_cv_lib_gssapi_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gssapi_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -4969,12 +5099,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_import_name" >&5
$as_echo "$ac_cv_lib_gssapi_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gssapi_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gssapi_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgssapi"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgss" >&5
$as_echo_n "checking for gss_import_name in -lgss... " >&6; }
-if test "${ac_cv_lib_gss_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gss_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5008,7 +5138,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_import_name" >&5
$as_echo "$ac_cv_lib_gss_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gss_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gss_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgss"
else
as_fn_error $? "cannot find usable GSS-API library" "$LINENO" 5
@@ -5022,84 +5152,74 @@ fi
LDFLAGS="$rra_gssapi_save_LDFLAGS"
LIBS="$rra_gssapi_save_LIBS"
else
+ if test x"$rra_gssapi_includedir" = x \
+ && test x"$rra_gssapi_libdir" = x; then :
- if test x"$rra_gssapi_root" != x && test -z "$KRB5_CONFIG"; then :
- if test -x "${rra_gssapi_root}/bin/krb5-config"; then :
- KRB5_CONFIG="${rra_gssapi_root}/bin/krb5-config"
-fi
+ rra_krb5_config_GSSAPI=
+ rra_krb5_config_GSSAPI_ok=
+ if test x"${rra_gssapi_root}" != x && test -x "${rra_gssapi_root}/bin/krb5-config"; then :
+ rra_krb5_config_GSSAPI="${rra_gssapi_root}/bin/krb5-config"
else
- # Extract the first word of "krb5-config", so it can be a program name with args.
-set dummy krb5-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_KRB5_CONFIG+set}" = set; then :
+ rra_krb5_config_GSSAPI="$PATH_KRB5_CONFIG"
+fi
+ if test x"$rra_krb5_config_GSSAPI" != x && test -x "$rra_krb5_config_GSSAPI"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support in krb5-config" >&5
+$as_echo_n "checking for gssapi support in krb5-config... " >&6; }
+if ${rra_cv_lib_GSSAPI_config+:} false; then :
$as_echo_n "(cached) " >&6
else
- case $KRB5_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_path_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG
-if test -n "$KRB5_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5_CONFIG" >&5
-$as_echo "$KRB5_CONFIG" >&6; }
+ if "$rra_krb5_config_GSSAPI" 2>&1 | grep gssapi >/dev/null 2>&1; then :
+ rra_cv_lib_GSSAPI_config=yes
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ rra_cv_lib_GSSAPI_config=no
fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_lib_GSSAPI_config" >&5
+$as_echo "$rra_cv_lib_GSSAPI_config" >&6; }
+ if test "$rra_cv_lib_GSSAPI_config" = yes; then :
+ GSSAPI_CPPFLAGS=`"$rra_krb5_config_GSSAPI" --cflags gssapi 2>/dev/null`
-fi
- if test x"$KRB5_CONFIG" != x && test -x "$KRB5_CONFIG"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support in krb5-config" >&5
-$as_echo_n "checking for gssapi support in krb5-config... " >&6; }
-if test "${rra_cv_lib_gssapi_config+set}" = set; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for --deps support in krb5-config" >&5
+$as_echo_n "checking for --deps support in krb5-config... " >&6; }
+if ${rra_cv_krb5_config_deps+:} false; then :
$as_echo_n "(cached) " >&6
else
- if "$KRB5_CONFIG" 2>&1 | grep gssapi >/dev/null 2>&1; then :
- rra_cv_lib_gssapi_config=yes
+ if "$rra_krb5_config_GSSAPI" 2>&1 | grep deps >/dev/null 2>&1; then :
+ rra_cv_krb5_config_deps=yes
else
- rra_cv_lib_gssapi_config=no
+ rra_cv_krb5_config_deps=no
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_lib_gssapi_config" >&5
-$as_echo "$rra_cv_lib_gssapi_config" >&6; }
- if test "$rra_cv_lib_gssapi_config" = yes; then :
- GSSAPI_CPPFLAGS=`"$KRB5_CONFIG" --cflags gssapi 2>/dev/null`
- GSSAPI_LIBS=`"$KRB5_CONFIG" --libs gssapi 2>/dev/null`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_krb5_config_deps" >&5
+$as_echo "$rra_cv_krb5_config_deps" >&6; }
+ if test x"$rra_reduced_depends" = xfalse \
+ && test x"$rra_cv_krb5_config_deps" = xyes; then :
+ GSSAPI_LIBS=`"$rra_krb5_config_GSSAPI" --deps --libs gssapi 2>/dev/null`
+else
+ GSSAPI_LIBS=`"$rra_krb5_config_GSSAPI" --libs gssapi 2>/dev/null`
+fi
+ rra_krb5_config_GSSAPI_ok=yes
else
- GSSAPI_CPPFLAGS=`"$KRB5_CONFIG" --cflags 2>/dev/null`
- GSSAPI_LIBS=`"$KRB5_CONFIG" --libs 2>/dev/null`
+ if test x"gssapi" = xkrb5; then :
+ GSSAPI_CPPFLAGS=`"$rra_krb5_config_GSSAPI" --cflags 2>/dev/null`
+ GSSAPI_LIBS=`"$rra_krb5_config_GSSAPI" --libs gssapi 2>/dev/null`
+ rra_krb5_config_GSSAPI_ok=yes
fi
- GSSAPI_CPPFLAGS=`echo "$GSSAPI_CPPFLAGS" \
- | sed 's%-I/usr/include ?%%'`
- rra_gssapi_save_CPPFLAGS="$CPPFLAGS"
+fi
+fi
+ if test x"$rra_krb5_config_GSSAPI_ok" = xyes; then :
+ GSSAPI_CPPFLAGS=`echo "$GSSAPI_CPPFLAGS" | sed 's%-I/usr/include %%'`
+ GSSAPI_CPPFLAGS=`echo "$GSSAPI_CPPFLAGS" | sed 's%-I/usr/include$%%'`
+ rra_gssapi_save_CPPFLAGS="$CPPFLAGS"
rra_gssapi_save_LDFLAGS="$LDFLAGS"
rra_gssapi_save_LIBS="$LIBS"
CPPFLAGS="$GSSAPI_CPPFLAGS $CPPFLAGS"
LDFLAGS="$GSSAPI_LDFLAGS $LDFLAGS"
LIBS="$GSSAPI_LIBS $LIBS"
ac_fn_c_check_func "$LINENO" "gss_import_name" "ac_cv_func_gss_import_name"
-if test "x$ac_cv_func_gss_import_name" = x""yes; then :
+if test "x$ac_cv_func_gss_import_name" = xyes; then :
CPPFLAGS="$rra_gssapi_save_CPPFLAGS"
LDFLAGS="$rra_gssapi_save_LDFLAGS"
LIBS="$rra_gssapi_save_LIBS"
@@ -5149,7 +5269,7 @@ fi
LIBS=
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_search" >&5
$as_echo_n "checking for library containing res_search... " >&6; }
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5183,11 +5303,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_res_search+set}" = set; then :
+ if ${ac_cv_search_res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
else
ac_cv_search_res_search=no
@@ -5204,7 +5324,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_search" >&5
$as_echo_n "checking for library containing __res_search... " >&6; }
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5238,11 +5358,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search___res_search+set}" = set; then :
+ if ${ac_cv_search___res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
else
ac_cv_search___res_search=no
@@ -5262,7 +5382,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
$as_echo_n "checking for library containing gethostbyname... " >&6; }
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5296,11 +5416,11 @@ for ac_lib in '' nsl; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_gethostbyname+set}" = set; then :
+ if ${ac_cv_search_gethostbyname+:} false; then :
break
fi
done
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
else
ac_cv_search_gethostbyname=no
@@ -5318,7 +5438,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
$as_echo_n "checking for library containing socket... " >&6; }
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5352,11 +5472,11 @@ for ac_lib in '' socket; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_socket+set}" = set; then :
+ if ${ac_cv_search_socket+:} false; then :
break
fi
done
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
else
ac_cv_search_socket=no
@@ -5373,7 +5493,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5
$as_echo_n "checking for socket in -lnsl... " >&6; }
-if test "${ac_cv_lib_nsl_socket+set}" = set; then :
+if ${ac_cv_lib_nsl_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5407,7 +5527,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5
$as_echo "$ac_cv_lib_nsl_socket" >&6; }
-if test "x$ac_cv_lib_nsl_socket" = x""yes; then :
+if test "x$ac_cv_lib_nsl_socket" = xyes; then :
LIBS="-lnsl -lsocket $LIBS"
fi
@@ -5415,7 +5535,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
$as_echo_n "checking for library containing crypt... " >&6; }
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5449,11 +5569,11 @@ for ac_lib in '' crypt; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_crypt+set}" = set; then :
+ if ${ac_cv_search_crypt+:} false; then :
break
fi
done
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
else
ac_cv_search_crypt=no
@@ -5469,15 +5589,71 @@ if test "$ac_res" != no; then :
fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing roken_concat" >&5
+$as_echo_n "checking for library containing roken_concat... " >&6; }
+if ${ac_cv_search_roken_concat+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char roken_concat ();
+int
+main ()
+{
+return roken_concat ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' roken; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_roken_concat=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_roken_concat+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_roken_concat+:} false; then :
+
+else
+ ac_cv_search_roken_concat=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_roken_concat" >&5
+$as_echo "$ac_cv_search_roken_concat" >&6; }
+ac_res=$ac_cv_search_roken_concat
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
rra_gssapi_extra="$LIBS"
LIBS="$rra_gssapi_save_LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi" >&5
$as_echo_n "checking for gss_import_name in -lgssapi... " >&6; }
-if test "${ac_cv_lib_gssapi_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gssapi_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi -lkrb5 -lasn1 -lroken -lcrypto -lcom_err $rra_gssapi_extra $LIBS"
+LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -5507,13 +5683,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_import_name" >&5
$as_echo "$ac_cv_lib_gssapi_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gssapi_gss_import_name" = x""yes; then :
- GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lroken -lcrypto -lcom_err"
- GSSAPI_LIBS="$GSSAPI_LIBS $rra_gssapi_extra"
+if test "x$ac_cv_lib_gssapi_gss_import_name" = xyes; then :
+ GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_getspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_getspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_getspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5547,12 +5722,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = xyes; then :
rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthreads" >&5
$as_echo_n "checking for pthread_setspecific in -lpthreads... " >&6; }
-if test "${ac_cv_lib_pthreads_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthreads_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5586,12 +5761,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthreads_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthreads_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthreads_pthread_setspecific" = xyes; then :
rra_gssapi_pthread="-lpthreads"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthread" >&5
$as_echo_n "checking for pthread_setspecific in -lpthread... " >&6; }
-if test "${ac_cv_lib_pthread_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthread_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5625,7 +5800,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthread_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthread_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthread_pthread_setspecific" = xyes; then :
rra_gssapi_pthread="-lpthread"
fi
@@ -5633,7 +5808,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_setspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_setspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_setspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5667,7 +5842,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_setspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_setspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = xyes; then :
rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
rra_gssapi_extra="$rra_gssapi_extra $rra_gssapi_pthread"
fi
@@ -5676,7 +5851,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5
$as_echo_n "checking for error_message in -lcom_err... " >&6; }
-if test "${ac_cv_lib_com_err_error_message+set}" = set; then :
+if ${ac_cv_lib_com_err_error_message+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5710,13 +5885,13 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_error_message" >&5
$as_echo "$ac_cv_lib_com_err_error_message" >&6; }
-if test "x$ac_cv_lib_com_err_error_message" = x""yes; then :
+if test "x$ac_cv_lib_com_err_error_message" = xyes; then :
rra_gssapi_extra="-lcom_err $rra_gssapi_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_hash_md5 in -lk5crypto" >&5
$as_echo_n "checking for krb5int_hash_md5 in -lk5crypto... " >&6; }
-if test "${ac_cv_lib_k5crypto_krb5int_hash_md5+set}" = set; then :
+if ${ac_cv_lib_k5crypto_krb5int_hash_md5+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5750,14 +5925,14 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5crypto_krb5int_hash_md5" >&5
$as_echo "$ac_cv_lib_k5crypto_krb5int_hash_md5" >&6; }
-if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = x""yes; then :
+if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = xyes; then :
rra_gssapi_extra="-lk5crypto $rra_gssapi_extra"
fi
rra_gssapi_extra="-lkrb5 $rra_gssapi_extra"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi_krb5" >&5
$as_echo_n "checking for gss_import_name in -lgssapi_krb5... " >&6; }
-if test "${ac_cv_lib_gssapi_krb5_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gssapi_krb5_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5791,12 +5966,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_import_name" >&5
$as_echo "$ac_cv_lib_gssapi_krb5_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgssapi_krb5 $rra_gssapi_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgss" >&5
$as_echo_n "checking for gss_import_name in -lgss... " >&6; }
-if test "${ac_cv_lib_gss_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gss_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5830,7 +6005,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_import_name" >&5
$as_echo "$ac_cv_lib_gss_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gss_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gss_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgss"
else
as_fn_error $? "cannot find usable GSS-API library" "$LINENO" 5
@@ -5876,7 +6051,798 @@ else
fi
fi
fi
- rra_gssapi_save_CPPFLAGS="$CPPFLAGS"
+ rra_gssapi_save_CPPFLAGS="$CPPFLAGS"
+ rra_gssapi_save_LDFLAGS="$LDFLAGS"
+ rra_gssapi_save_LIBS="$LIBS"
+ CPPFLAGS="$GSSAPI_CPPFLAGS $CPPFLAGS"
+ LDFLAGS="$GSSAPI_LDFLAGS $LDFLAGS"
+ LIBS="$GSSAPI_LIBS $LIBS"
+ rra_gssapi_extra=
+ LIBS=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_search" >&5
+$as_echo_n "checking for library containing res_search... " >&6; }
+if ${ac_cv_search_res_search+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_search ();
+int
+main ()
+{
+return res_search ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_res_search=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_res_search+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_res_search+:} false; then :
+
+else
+ ac_cv_search_res_search=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_search" >&5
+$as_echo "$ac_cv_search_res_search" >&6; }
+ac_res=$ac_cv_search_res_search
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_search" >&5
+$as_echo_n "checking for library containing __res_search... " >&6; }
+if ${ac_cv_search___res_search+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char __res_search ();
+int
+main ()
+{
+return __res_search ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search___res_search=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search___res_search+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search___res_search+:} false; then :
+
+else
+ ac_cv_search___res_search=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___res_search" >&5
+$as_echo "$ac_cv_search___res_search" >&6; }
+ac_res=$ac_cv_search___res_search
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
+$as_echo_n "checking for library containing gethostbyname... " >&6; }
+if ${ac_cv_search_gethostbyname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' nsl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_gethostbyname=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_gethostbyname+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_gethostbyname+:} false; then :
+
+else
+ ac_cv_search_gethostbyname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5
+$as_echo "$ac_cv_search_gethostbyname" >&6; }
+ac_res=$ac_cv_search_gethostbyname
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
+$as_echo_n "checking for library containing socket... " >&6; }
+if ${ac_cv_search_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' socket; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_socket=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_socket+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_socket+:} false; then :
+
+else
+ ac_cv_search_socket=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5
+$as_echo "$ac_cv_search_socket" >&6; }
+ac_res=$ac_cv_search_socket
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5
+$as_echo_n "checking for socket in -lnsl... " >&6; }
+if ${ac_cv_lib_nsl_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl -lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_socket=yes
+else
+ ac_cv_lib_nsl_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5
+$as_echo "$ac_cv_lib_nsl_socket" >&6; }
+if test "x$ac_cv_lib_nsl_socket" = xyes; then :
+ LIBS="-lnsl -lsocket $LIBS"
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
+$as_echo_n "checking for library containing crypt... " >&6; }
+if ${ac_cv_search_crypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' crypt; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_crypt=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_crypt+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_crypt+:} false; then :
+
+else
+ ac_cv_search_crypt=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5
+$as_echo "$ac_cv_search_crypt" >&6; }
+ac_res=$ac_cv_search_crypt
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing roken_concat" >&5
+$as_echo_n "checking for library containing roken_concat... " >&6; }
+if ${ac_cv_search_roken_concat+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char roken_concat ();
+int
+main ()
+{
+return roken_concat ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' roken; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_roken_concat=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_roken_concat+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_roken_concat+:} false; then :
+
+else
+ ac_cv_search_roken_concat=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_roken_concat" >&5
+$as_echo "$ac_cv_search_roken_concat" >&6; }
+ac_res=$ac_cv_search_roken_concat
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ rra_gssapi_extra="$LIBS"
+ LIBS="$rra_gssapi_save_LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi" >&5
+$as_echo_n "checking for gss_import_name in -lgssapi... " >&6; }
+if ${ac_cv_lib_gssapi_gss_import_name+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_import_name ();
+int
+main ()
+{
+return gss_import_name ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_gss_import_name=yes
+else
+ ac_cv_lib_gssapi_gss_import_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_import_name" >&5
+$as_echo "$ac_cv_lib_gssapi_gss_import_name" >&6; }
+if test "x$ac_cv_lib_gssapi_gss_import_name" = xyes; then :
+ GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_getspecific in -lkrb5support" >&5
+$as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; }
+if ${ac_cv_lib_krb5support_krb5int_getspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5support $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5int_getspecific ();
+int
+main ()
+{
+return krb5int_getspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5support_krb5int_getspecific=yes
+else
+ ac_cv_lib_krb5support_krb5int_getspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5
+$as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; }
+if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = xyes; then :
+ rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthreads" >&5
+$as_echo_n "checking for pthread_setspecific in -lpthreads... " >&6; }
+if ${ac_cv_lib_pthreads_pthread_setspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthreads $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_setspecific ();
+int
+main ()
+{
+return pthread_setspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pthreads_pthread_setspecific=yes
+else
+ ac_cv_lib_pthreads_pthread_setspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_setspecific" >&5
+$as_echo "$ac_cv_lib_pthreads_pthread_setspecific" >&6; }
+if test "x$ac_cv_lib_pthreads_pthread_setspecific" = xyes; then :
+ rra_gssapi_pthread="-lpthreads"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthread" >&5
+$as_echo_n "checking for pthread_setspecific in -lpthread... " >&6; }
+if ${ac_cv_lib_pthread_pthread_setspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthread $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_setspecific ();
+int
+main ()
+{
+return pthread_setspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pthread_pthread_setspecific=yes
+else
+ ac_cv_lib_pthread_pthread_setspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_setspecific" >&5
+$as_echo "$ac_cv_lib_pthread_pthread_setspecific" >&6; }
+if test "x$ac_cv_lib_pthread_pthread_setspecific" = xyes; then :
+ rra_gssapi_pthread="-lpthread"
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_setspecific in -lkrb5support" >&5
+$as_echo_n "checking for krb5int_setspecific in -lkrb5support... " >&6; }
+if ${ac_cv_lib_krb5support_krb5int_setspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5support $rra_gssapi_pthread $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5int_setspecific ();
+int
+main ()
+{
+return krb5int_setspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5support_krb5int_setspecific=yes
+else
+ ac_cv_lib_krb5support_krb5int_setspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_setspecific" >&5
+$as_echo "$ac_cv_lib_krb5support_krb5int_setspecific" >&6; }
+if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = xyes; then :
+ rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
+ rra_gssapi_extra="$rra_gssapi_extra $rra_gssapi_pthread"
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5
+$as_echo_n "checking for error_message in -lcom_err... " >&6; }
+if ${ac_cv_lib_com_err_error_message+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcom_err $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char error_message ();
+int
+main ()
+{
+return error_message ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_com_err_error_message=yes
+else
+ ac_cv_lib_com_err_error_message=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_error_message" >&5
+$as_echo "$ac_cv_lib_com_err_error_message" >&6; }
+if test "x$ac_cv_lib_com_err_error_message" = xyes; then :
+ rra_gssapi_extra="-lcom_err $rra_gssapi_extra"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_hash_md5 in -lk5crypto" >&5
+$as_echo_n "checking for krb5int_hash_md5 in -lk5crypto... " >&6; }
+if ${ac_cv_lib_k5crypto_krb5int_hash_md5+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lk5crypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5int_hash_md5 ();
+int
+main ()
+{
+return krb5int_hash_md5 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_k5crypto_krb5int_hash_md5=yes
+else
+ ac_cv_lib_k5crypto_krb5int_hash_md5=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5crypto_krb5int_hash_md5" >&5
+$as_echo "$ac_cv_lib_k5crypto_krb5int_hash_md5" >&6; }
+if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = xyes; then :
+ rra_gssapi_extra="-lk5crypto $rra_gssapi_extra"
+fi
+
+ rra_gssapi_extra="-lkrb5 $rra_gssapi_extra"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi_krb5" >&5
+$as_echo_n "checking for gss_import_name in -lgssapi_krb5... " >&6; }
+if ${ac_cv_lib_gssapi_krb5_gss_import_name+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi_krb5 $rra_gssapi_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_import_name ();
+int
+main ()
+{
+return gss_import_name ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_krb5_gss_import_name=yes
+else
+ ac_cv_lib_gssapi_krb5_gss_import_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_import_name" >&5
+$as_echo "$ac_cv_lib_gssapi_krb5_gss_import_name" >&6; }
+if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = xyes; then :
+ GSSAPI_LIBS="-lgssapi_krb5 $rra_gssapi_extra"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgss" >&5
+$as_echo_n "checking for gss_import_name in -lgss... " >&6; }
+if ${ac_cv_lib_gss_gss_import_name+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgss $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_import_name ();
+int
+main ()
+{
+return gss_import_name ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gss_gss_import_name=yes
+else
+ ac_cv_lib_gss_gss_import_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_import_name" >&5
+$as_echo "$ac_cv_lib_gss_gss_import_name" >&6; }
+if test "x$ac_cv_lib_gss_gss_import_name" = xyes; then :
+ GSSAPI_LIBS="-lgss"
+else
+ as_fn_error $? "cannot find usable GSS-API library" "$LINENO" 5
+fi
+
+fi
+
+fi
+
+ CPPFLAGS="$rra_gssapi_save_CPPFLAGS"
+ LDFLAGS="$rra_gssapi_save_LDFLAGS"
+ LIBS="$rra_gssapi_save_LIBS"
+fi
+else
+ if test x"$rra_gssapi_libdir" != x; then :
+ GSSAPI_LDFLAGS="-L$rra_gssapi_libdir"
+else
+ if test x"$rra_gssapi_root" != x; then :
+
+ if test -d "$rra_gssapi_root/$rra_lib_arch_name"; then :
+ if test x"" = x; then :
+ GSSAPI_LDFLAGS="$GSSAPI_LDFLAGS -L$rra_gssapi_root/${rra_lib_arch_name}"
+else
+ GSSAPI_LDFLAGS="$GSSAPI_LDFLAGS -L$rra_gssapi_root/${rra_lib_arch_name}/"
+fi
+else
+ if test x"" = x; then :
+ GSSAPI_LDFLAGS="$GSSAPI_LDFLAGS -L$rra_gssapi_root/lib"
+else
+ GSSAPI_LDFLAGS="$GSSAPI_LDFLAGS -L$rra_gssapi_root/lib/"
+fi
+fi
+ GSSAPI_LDFLAGS=`echo "$GSSAPI_LDFLAGS" | sed -e 's/^ *//'`
+fi
+fi
+ if test x"$rra_gssapi_includedir" != x; then :
+ GSSAPI_CPPFLAGS="-I$rra_gssapi_includedir"
+else
+ if test x"$rra_gssapi_root" != x; then :
+ if test x"$rra_gssapi_root" != x/usr; then :
+ GSSAPI_CPPFLAGS="-I${rra_gssapi_root}/include"
+fi
+fi
+fi
+ rra_gssapi_save_CPPFLAGS="$CPPFLAGS"
rra_gssapi_save_LDFLAGS="$LDFLAGS"
rra_gssapi_save_LIBS="$LIBS"
CPPFLAGS="$GSSAPI_CPPFLAGS $CPPFLAGS"
@@ -5886,7 +6852,7 @@ fi
LIBS=
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_search" >&5
$as_echo_n "checking for library containing res_search... " >&6; }
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5920,11 +6886,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_res_search+set}" = set; then :
+ if ${ac_cv_search_res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
else
ac_cv_search_res_search=no
@@ -5941,7 +6907,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_search" >&5
$as_echo_n "checking for library containing __res_search... " >&6; }
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -5975,11 +6941,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search___res_search+set}" = set; then :
+ if ${ac_cv_search___res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
else
ac_cv_search___res_search=no
@@ -5999,7 +6965,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
$as_echo_n "checking for library containing gethostbyname... " >&6; }
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -6033,11 +6999,11 @@ for ac_lib in '' nsl; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_gethostbyname+set}" = set; then :
+ if ${ac_cv_search_gethostbyname+:} false; then :
break
fi
done
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
else
ac_cv_search_gethostbyname=no
@@ -6055,7 +7021,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
$as_echo_n "checking for library containing socket... " >&6; }
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -6089,11 +7055,11 @@ for ac_lib in '' socket; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_socket+set}" = set; then :
+ if ${ac_cv_search_socket+:} false; then :
break
fi
done
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
else
ac_cv_search_socket=no
@@ -6110,7 +7076,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5
$as_echo_n "checking for socket in -lnsl... " >&6; }
-if test "${ac_cv_lib_nsl_socket+set}" = set; then :
+if ${ac_cv_lib_nsl_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6144,7 +7110,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5
$as_echo "$ac_cv_lib_nsl_socket" >&6; }
-if test "x$ac_cv_lib_nsl_socket" = x""yes; then :
+if test "x$ac_cv_lib_nsl_socket" = xyes; then :
LIBS="-lnsl -lsocket $LIBS"
fi
@@ -6152,7 +7118,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
$as_echo_n "checking for library containing crypt... " >&6; }
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -6186,11 +7152,11 @@ for ac_lib in '' crypt; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_crypt+set}" = set; then :
+ if ${ac_cv_search_crypt+:} false; then :
break
fi
done
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
else
ac_cv_search_crypt=no
@@ -6206,15 +7172,71 @@ if test "$ac_res" != no; then :
fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing roken_concat" >&5
+$as_echo_n "checking for library containing roken_concat... " >&6; }
+if ${ac_cv_search_roken_concat+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char roken_concat ();
+int
+main ()
+{
+return roken_concat ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' roken; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_roken_concat=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_roken_concat+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_roken_concat+:} false; then :
+
+else
+ ac_cv_search_roken_concat=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_roken_concat" >&5
+$as_echo "$ac_cv_search_roken_concat" >&6; }
+ac_res=$ac_cv_search_roken_concat
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
rra_gssapi_extra="$LIBS"
LIBS="$rra_gssapi_save_LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi" >&5
$as_echo_n "checking for gss_import_name in -lgssapi... " >&6; }
-if test "${ac_cv_lib_gssapi_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gssapi_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi -lkrb5 -lasn1 -lroken -lcrypto -lcom_err $rra_gssapi_extra $LIBS"
+LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -6244,13 +7266,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_import_name" >&5
$as_echo "$ac_cv_lib_gssapi_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gssapi_gss_import_name" = x""yes; then :
- GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lroken -lcrypto -lcom_err"
- GSSAPI_LIBS="$GSSAPI_LIBS $rra_gssapi_extra"
+if test "x$ac_cv_lib_gssapi_gss_import_name" = xyes; then :
+ GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_getspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_getspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_getspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6284,12 +7305,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = xyes; then :
rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthreads" >&5
$as_echo_n "checking for pthread_setspecific in -lpthreads... " >&6; }
-if test "${ac_cv_lib_pthreads_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthreads_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6323,12 +7344,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthreads_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthreads_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthreads_pthread_setspecific" = xyes; then :
rra_gssapi_pthread="-lpthreads"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthread" >&5
$as_echo_n "checking for pthread_setspecific in -lpthread... " >&6; }
-if test "${ac_cv_lib_pthread_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthread_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6362,7 +7383,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthread_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthread_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthread_pthread_setspecific" = xyes; then :
rra_gssapi_pthread="-lpthread"
fi
@@ -6370,7 +7391,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_setspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_setspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_setspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6404,7 +7425,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_setspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_setspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = xyes; then :
rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
rra_gssapi_extra="$rra_gssapi_extra $rra_gssapi_pthread"
fi
@@ -6413,7 +7434,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5
$as_echo_n "checking for error_message in -lcom_err... " >&6; }
-if test "${ac_cv_lib_com_err_error_message+set}" = set; then :
+if ${ac_cv_lib_com_err_error_message+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6447,13 +7468,13 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_error_message" >&5
$as_echo "$ac_cv_lib_com_err_error_message" >&6; }
-if test "x$ac_cv_lib_com_err_error_message" = x""yes; then :
+if test "x$ac_cv_lib_com_err_error_message" = xyes; then :
rra_gssapi_extra="-lcom_err $rra_gssapi_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_hash_md5 in -lk5crypto" >&5
$as_echo_n "checking for krb5int_hash_md5 in -lk5crypto... " >&6; }
-if test "${ac_cv_lib_k5crypto_krb5int_hash_md5+set}" = set; then :
+if ${ac_cv_lib_k5crypto_krb5int_hash_md5+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6487,14 +7508,14 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5crypto_krb5int_hash_md5" >&5
$as_echo "$ac_cv_lib_k5crypto_krb5int_hash_md5" >&6; }
-if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = x""yes; then :
+if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = xyes; then :
rra_gssapi_extra="-lk5crypto $rra_gssapi_extra"
fi
rra_gssapi_extra="-lkrb5 $rra_gssapi_extra"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgssapi_krb5" >&5
$as_echo_n "checking for gss_import_name in -lgssapi_krb5... " >&6; }
-if test "${ac_cv_lib_gssapi_krb5_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gssapi_krb5_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6528,12 +7549,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_import_name" >&5
$as_echo "$ac_cv_lib_gssapi_krb5_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gssapi_krb5_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgssapi_krb5 $rra_gssapi_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_import_name in -lgss" >&5
$as_echo_n "checking for gss_import_name in -lgss... " >&6; }
-if test "${ac_cv_lib_gss_gss_import_name+set}" = set; then :
+if ${ac_cv_lib_gss_gss_import_name+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6567,7 +7588,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_import_name" >&5
$as_echo "$ac_cv_lib_gss_gss_import_name" >&6; }
-if test "x$ac_cv_lib_gss_gss_import_name" = x""yes; then :
+if test "x$ac_cv_lib_gss_gss_import_name" = xyes; then :
GSSAPI_LIBS="-lgss"
else
as_fn_error $? "cannot find usable GSS-API library" "$LINENO" 5
@@ -6582,6 +7603,85 @@ fi
LIBS="$rra_gssapi_save_LIBS"
fi
fi
+
+ rra_gssapi_save_CPPFLAGS="$CPPFLAGS"
+ rra_gssapi_save_LDFLAGS="$LDFLAGS"
+ rra_gssapi_save_LIBS="$LIBS"
+ CPPFLAGS="$GSSAPI_CPPFLAGS $CPPFLAGS"
+ LDFLAGS="$GSSAPI_LDFLAGS $LDFLAGS"
+ LIBS="$GSSAPI_LIBS $LIBS"
+ rra_gssapi_incroot=
+ if test x"$rra_gssapi_includedir" != x; then :
+ rra_gssapi_incroot="$rra_gssapi_includedir"
+else
+ if test x"$rra_gssapi_root" != x; then :
+ rra_gssapi_incroot="${rra_gssapi_root}/include"
+fi
+fi
+ if test x"$rra_gssapi_incroot" = x; then :
+ for ac_header in gssapi/gssapi.h gssapi/gssapi_krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi/gssapi.h" >&5
+$as_echo_n "checking for gssapi/gssapi.h... " >&6; }
+ if test -f "${rra_gssapi_incroot}/gssapi/gssapi.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_GSSAPI_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi/gssapi_krb5.h" >&5
+$as_echo_n "checking for gssapi/gssapi_krb5.h... " >&6; }
+ if test -f "${rra_gssapi_incroot}/gssapi/gssapi_krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+fi
+ ac_fn_c_check_decl "$LINENO" "GSS_C_NT_USER_NAME" "ac_cv_have_decl_GSS_C_NT_USER_NAME" "
+#ifdef HAVE_GSSAPI_GSSAPI_H
+# include <gssapi/gssapi.h>
+#else
+# include <gssapi.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+# include <gssapi/gssapi_krb5.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_GSS_C_NT_USER_NAME" = xyes; then :
+
+$as_echo "#define HAVE_GSS_RFC_OIDS 1" >>confdefs.h
+
+fi
+
+ CPPFLAGS="$rra_gssapi_save_CPPFLAGS"
+ LDFLAGS="$rra_gssapi_save_LDFLAGS"
+ LIBS="$rra_gssapi_save_LIBS"
REMCTL_CPPFLAGS="$REMCTL_CPPFLAGS $GSSAPI_CPPFLAGS"
REMCTL_LDFLAGS="$REMCTL_LDFLAGS $GSSAPI_LDFLAGS"
REMCTL_LIBS="-lremctl $GSSAPI_LIBS"
@@ -6593,21 +7693,30 @@ fi
LDFLAGS="$REMCTL_LDFLAGS $LDFLAGS"
LIBS="$REMCTL_LIBS $LIBS"
ac_fn_c_check_func "$LINENO" "remctl_open" "ac_cv_func_remctl_open"
-if test "x$ac_cv_func_remctl_open" = x""yes; then :
+if test "x$ac_cv_func_remctl_open" = xyes; then :
else
+ if test x"true" = xtrue; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "unable to link with remctl library
-See \`config.log' for more details" "$LINENO" 5 ; }
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+ REMCTL_CPPFLAGS=
+ REMCTL_LDFLAGS=
+ REMCTL_LIBS=
fi
CPPFLAGS="$rra_remctl_save_CPPFLAGS"
LDFLAGS="$rra_remctl_save_LDFLAGS"
LIBS="$rra_remctl_save_LIBS"
+
+$as_echo "#define HAVE_REMCTL 1" >>confdefs.h
+
rra_krb5_root=
rra_krb5_libdir=
rra_krb5_includedir=
+ rra_use_kerberos=true
@@ -6637,6 +7746,14 @@ fi
fi
+ rra_krb5_incroot=
+ if test x"$rra_krb5_includedir" != x; then :
+ rra_krb5_incroot="$rra_krb5_includedir"
+else
+ if test x"$rra_krb5_root" != x; then :
+ rra_krb5_incroot="${rra_krb5_root}/include"
+fi
+fi
if test x"$rra_reduced_depends" = xtrue; then :
if test x"$rra_krb5_libdir" != x; then :
KRB5_LDFLAGS="-L$rra_krb5_libdir"
@@ -6676,7 +7793,7 @@ fi
LIBS="$KRB5_LIBS $LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_init_context in -lkrb5" >&5
$as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; }
-if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then :
+if ${ac_cv_lib_krb5_krb5_init_context+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6710,26 +7827,70 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_init_context" >&5
$as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; }
-if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then :
+if test "x$ac_cv_lib_krb5_krb5_init_context" = xyes; then :
KRB5_LIBS="-lkrb5"
else
if test x"true" = xtrue; then :
- as_fn_error $? "cannot find usable Kerberos v5 library" "$LINENO" 5
+ as_fn_error $? "cannot find usable Kerberos library" "$LINENO" 5
fi
fi
LIBS="$KRB5_LIBS $LIBS"
+ if test x"$rra_krb5_incroot" = x; then :
+ for ac_header in krb5.h krb5/krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
+$as_echo_n "checking for krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5/krb5.h" >&5
+$as_echo_n "checking for krb5/krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+fi
for ac_func in krb5_get_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message"
-if test "x$ac_cv_func_krb5_get_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
_ACEOF
for ac_func in krb5_free_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message"
-if test "x$ac_cv_func_krb5_free_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
_ACEOF
@@ -6741,7 +7902,7 @@ else
for ac_func in krb5_get_error_string
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_string" "ac_cv_func_krb5_get_error_string"
-if test "x$ac_cv_func_krb5_get_error_string" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_string" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_STRING 1
_ACEOF
@@ -6750,7 +7911,7 @@ else
for ac_func in krb5_get_err_txt
do :
ac_fn_c_check_func "$LINENO" "krb5_get_err_txt" "ac_cv_func_krb5_get_err_txt"
-if test "x$ac_cv_func_krb5_get_err_txt" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_err_txt" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERR_TXT 1
_ACEOF
@@ -6758,7 +7919,7 @@ _ACEOF
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_svc_get_msg in -lksvc" >&5
$as_echo_n "checking for krb5_svc_get_msg in -lksvc... " >&6; }
-if test "${ac_cv_lib_ksvc_krb5_svc_get_msg+set}" = set; then :
+if ${ac_cv_lib_ksvc_krb5_svc_get_msg+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6792,14 +7953,21 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ksvc_krb5_svc_get_msg" >&5
$as_echo "$ac_cv_lib_ksvc_krb5_svc_get_msg" >&6; }
-if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = x""yes; then :
+if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = xyes; then :
KRB5_LIBS="$KRB5_LIBS -lksvc"
$as_echo "#define HAVE_KRB5_SVC_GET_MSG 1" >>confdefs.h
for ac_header in ibm_svc/krb5_svc.h
do :
- ac_fn_c_check_header_mongrel "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "$ac_includes_default"
-if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = x""yes; then :
+ ac_fn_c_check_header_compile "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
+"
+if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_IBM_SVC_KRB5_SVC_H 1
_ACEOF
@@ -6811,7 +7979,7 @@ done
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err in -lcom_err" >&5
$as_echo_n "checking for com_err in -lcom_err... " >&6; }
-if test "${ac_cv_lib_com_err_com_err+set}" = set; then :
+if ${ac_cv_lib_com_err_com_err+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6845,7 +8013,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_com_err" >&5
$as_echo "$ac_cv_lib_com_err_com_err" >&6; }
-if test "x$ac_cv_lib_com_err_com_err" = x""yes; then :
+if test "x$ac_cv_lib_com_err_com_err" = xyes; then :
KRB5_LIBS="$KRB5_LIBS -lcom_err"
else
as_fn_error $? "cannot find usable com_err library" "$LINENO" 5
@@ -6854,7 +8022,7 @@ fi
for ac_header in et/com_err.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "et/com_err.h" "ac_cv_header_et_com_err_h" "$ac_includes_default"
-if test "x$ac_cv_header_et_com_err_h" = x""yes; then :
+if test "x$ac_cv_header_et_com_err_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_ET_COM_ERR_H 1
_ACEOF
@@ -6878,83 +8046,73 @@ done
LDFLAGS="$rra_krb5_save_LDFLAGS"
LIBS="$rra_krb5_save_LIBS"
else
+ if test x"$rra_krb5_includedir" = x && test x"$rra_krb5_libdir" = x; then :
- if test x"$rra_krb5_root" != x && test -z "$KRB5_CONFIG"; then :
- if test -x "${rra_krb5_root}/bin/krb5-config"; then :
- KRB5_CONFIG="${rra_krb5_root}/bin/krb5-config"
-fi
+ rra_krb5_config_KRB5=
+ rra_krb5_config_KRB5_ok=
+ if test x"${rra_krb5_root}" != x && test -x "${rra_krb5_root}/bin/krb5-config"; then :
+ rra_krb5_config_KRB5="${rra_krb5_root}/bin/krb5-config"
else
- # Extract the first word of "krb5-config", so it can be a program name with args.
-set dummy krb5-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_KRB5_CONFIG+set}" = set; then :
+ rra_krb5_config_KRB5="$PATH_KRB5_CONFIG"
+fi
+ if test x"$rra_krb5_config_KRB5" != x && test -x "$rra_krb5_config_KRB5"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5 support in krb5-config" >&5
+$as_echo_n "checking for krb5 support in krb5-config... " >&6; }
+if ${rra_cv_lib_KRB5_config+:} false; then :
$as_echo_n "(cached) " >&6
else
- case $KRB5_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_path_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG
-if test -n "$KRB5_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5_CONFIG" >&5
-$as_echo "$KRB5_CONFIG" >&6; }
+ if "$rra_krb5_config_KRB5" 2>&1 | grep krb5 >/dev/null 2>&1; then :
+ rra_cv_lib_KRB5_config=yes
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ rra_cv_lib_KRB5_config=no
fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_lib_KRB5_config" >&5
+$as_echo "$rra_cv_lib_KRB5_config" >&6; }
+ if test "$rra_cv_lib_KRB5_config" = yes; then :
+ KRB5_CPPFLAGS=`"$rra_krb5_config_KRB5" --cflags krb5 2>/dev/null`
-fi
- if test x"$KRB5_CONFIG" != x && test -x "$KRB5_CONFIG"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5 support in krb5-config" >&5
-$as_echo_n "checking for krb5 support in krb5-config... " >&6; }
-if test "${rra_cv_lib_krb5_config+set}" = set; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for --deps support in krb5-config" >&5
+$as_echo_n "checking for --deps support in krb5-config... " >&6; }
+if ${rra_cv_krb5_config_deps+:} false; then :
$as_echo_n "(cached) " >&6
else
- if "$KRB5_CONFIG" 2>&1 | grep krb5 >/dev/null 2>&1; then :
- rra_cv_lib_krb5_config=yes
+ if "$rra_krb5_config_KRB5" 2>&1 | grep deps >/dev/null 2>&1; then :
+ rra_cv_krb5_config_deps=yes
else
- rra_cv_lib_krb5_config=no
+ rra_cv_krb5_config_deps=no
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_lib_krb5_config" >&5
-$as_echo "$rra_cv_lib_krb5_config" >&6; }
- if test x"$rra_cv_lib_krb5_config" = xyes; then :
- KRB5_CPPFLAGS=`"$KRB5_CONFIG" --cflags krb5 2>/dev/null`
- KRB5_LIBS=`"$KRB5_CONFIG" --libs krb5 2>/dev/null`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $rra_cv_krb5_config_deps" >&5
+$as_echo "$rra_cv_krb5_config_deps" >&6; }
+ if test x"$rra_reduced_depends" = xfalse \
+ && test x"$rra_cv_krb5_config_deps" = xyes; then :
+ KRB5_LIBS=`"$rra_krb5_config_KRB5" --deps --libs krb5 2>/dev/null`
else
- KRB5_CPPFLAGS=`"$KRB5_CONFIG" --cflags 2>/dev/null`
- KRB5_LIBS=`"$KRB5_CONFIG" --libs 2>/dev/null`
+ KRB5_LIBS=`"$rra_krb5_config_KRB5" --libs krb5 2>/dev/null`
fi
- KRB5_CPPFLAGS=`echo "$KRB5_CPPFLAGS" | sed 's%-I/usr/include ?%%'`
- rra_krb5_save_CPPFLAGS="$CPPFLAGS"
+ rra_krb5_config_KRB5_ok=yes
+else
+ if test x"krb5" = xkrb5; then :
+ KRB5_CPPFLAGS=`"$rra_krb5_config_KRB5" --cflags 2>/dev/null`
+ KRB5_LIBS=`"$rra_krb5_config_KRB5" --libs krb5 2>/dev/null`
+ rra_krb5_config_KRB5_ok=yes
+fi
+fi
+fi
+ if test x"$rra_krb5_config_KRB5_ok" = xyes; then :
+ KRB5_CPPFLAGS=`echo "$KRB5_CPPFLAGS" | sed 's%-I/usr/include %%'`
+ KRB5_CPPFLAGS=`echo "$KRB5_CPPFLAGS" | sed 's%-I/usr/include$%%'`
+ rra_krb5_save_CPPFLAGS="$CPPFLAGS"
rra_krb5_save_LDFLAGS="$LDFLAGS"
rra_krb5_save_LIBS="$LIBS"
CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS"
LDFLAGS="$KRB5_LDFLAGS $LDFLAGS"
LIBS="$KRB5_LIBS $LIBS"
ac_fn_c_check_func "$LINENO" "krb5_init_context" "ac_cv_func_krb5_init_context"
-if test "x$ac_cv_func_krb5_init_context" = x""yes; then :
+if test "x$ac_cv_func_krb5_init_context" = xyes; then :
CPPFLAGS="$rra_krb5_save_CPPFLAGS"
LDFLAGS="$rra_krb5_save_LDFLAGS"
LIBS="$rra_krb5_save_LIBS"
@@ -7004,7 +8162,7 @@ fi
LIBS=
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_search" >&5
$as_echo_n "checking for library containing res_search... " >&6; }
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -7038,11 +8196,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_res_search+set}" = set; then :
+ if ${ac_cv_search_res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
else
ac_cv_search_res_search=no
@@ -7059,7 +8217,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_search" >&5
$as_echo_n "checking for library containing __res_search... " >&6; }
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -7093,11 +8251,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search___res_search+set}" = set; then :
+ if ${ac_cv_search___res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
else
ac_cv_search___res_search=no
@@ -7117,7 +8275,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
$as_echo_n "checking for library containing gethostbyname... " >&6; }
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -7151,11 +8309,11 @@ for ac_lib in '' nsl; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_gethostbyname+set}" = set; then :
+ if ${ac_cv_search_gethostbyname+:} false; then :
break
fi
done
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
else
ac_cv_search_gethostbyname=no
@@ -7173,7 +8331,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
$as_echo_n "checking for library containing socket... " >&6; }
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -7207,11 +8365,11 @@ for ac_lib in '' socket; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_socket+set}" = set; then :
+ if ${ac_cv_search_socket+:} false; then :
break
fi
done
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
else
ac_cv_search_socket=no
@@ -7228,7 +8386,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5
$as_echo_n "checking for socket in -lnsl... " >&6; }
-if test "${ac_cv_lib_nsl_socket+set}" = set; then :
+if ${ac_cv_lib_nsl_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -7262,7 +8420,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5
$as_echo "$ac_cv_lib_nsl_socket" >&6; }
-if test "x$ac_cv_lib_nsl_socket" = x""yes; then :
+if test "x$ac_cv_lib_nsl_socket" = xyes; then :
LIBS="-lnsl -lsocket $LIBS"
fi
@@ -7270,7 +8428,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
$as_echo_n "checking for library containing crypt... " >&6; }
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -7304,11 +8462,11 @@ for ac_lib in '' crypt; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_crypt+set}" = set; then :
+ if ${ac_cv_search_crypt+:} false; then :
break
fi
done
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
else
ac_cv_search_crypt=no
@@ -7324,9 +8482,9 @@ if test "$ac_res" != no; then :
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing rk_simple_execve" >&5
-$as_echo_n "checking for library containing rk_simple_execve... " >&6; }
-if test "${ac_cv_search_rk_simple_execve+set}" = set; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing roken_concat" >&5
+$as_echo_n "checking for library containing roken_concat... " >&6; }
+if ${ac_cv_search_roken_concat+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -7339,11 +8497,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
#ifdef __cplusplus
extern "C"
#endif
-char rk_simple_execve ();
+char roken_concat ();
int
main ()
{
-return rk_simple_execve ();
+return roken_concat ();
;
return 0;
}
@@ -7356,25 +8514,25 @@ for ac_lib in '' roken; do
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_search_rk_simple_execve=$ac_res
+ ac_cv_search_roken_concat=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_rk_simple_execve+set}" = set; then :
+ if ${ac_cv_search_roken_concat+:} false; then :
break
fi
done
-if test "${ac_cv_search_rk_simple_execve+set}" = set; then :
+if ${ac_cv_search_roken_concat+:} false; then :
else
- ac_cv_search_rk_simple_execve=no
+ ac_cv_search_roken_concat=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_rk_simple_execve" >&5
-$as_echo "$ac_cv_search_rk_simple_execve" >&6; }
-ac_res=$ac_cv_search_rk_simple_execve
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_roken_concat" >&5
+$as_echo "$ac_cv_search_roken_concat" >&6; }
+ac_res=$ac_cv_search_roken_concat
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
@@ -7384,7 +8542,7 @@ fi
LIBS="$rra_krb5_save_LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_init_context in -lkrb5" >&5
$as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; }
-if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then :
+if ${ac_cv_lib_krb5_krb5_init_context+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -7418,16 +8576,16 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_init_context" >&5
$as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; }
-if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then :
+if test "x$ac_cv_lib_krb5_krb5_init_context" = xyes; then :
KRB5_LIBS="-lkrb5 -lasn1 -lcom_err -lcrypto $rra_krb5_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_getspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_getspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_getspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5support $LIBS"
+LIBS="-lkrb5support $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -7457,12 +8615,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = xyes; then :
rra_krb5_extra="-lkrb5support $rra_krb5_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthreads" >&5
$as_echo_n "checking for pthread_setspecific in -lpthreads... " >&6; }
-if test "${ac_cv_lib_pthreads_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthreads_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -7496,12 +8654,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthreads_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthreads_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthreads_pthread_setspecific" = xyes; then :
rra_krb5_pthread="-lpthreads"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthread" >&5
$as_echo_n "checking for pthread_setspecific in -lpthread... " >&6; }
-if test "${ac_cv_lib_pthread_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthread_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -7535,7 +8693,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthread_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthread_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthread_pthread_setspecific" = xyes; then :
rra_krb5_pthread="-lpthread"
fi
@@ -7543,11 +8701,11 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_setspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_setspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_setspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5support $rra_krb5_pthread $LIBS"
+LIBS="-lkrb5support $rra_krb5_pthread $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -7577,7 +8735,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_setspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_setspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = xyes; then :
rra_krb5_extra="-lkrb5support $rra_krb5_extra $rra_krb5_pthread"
fi
@@ -7585,11 +8743,11 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5
$as_echo_n "checking for error_message in -lcom_err... " >&6; }
-if test "${ac_cv_lib_com_err_error_message+set}" = set; then :
+if ${ac_cv_lib_com_err_error_message+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcom_err $LIBS"
+LIBS="-lcom_err $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -7619,17 +8777,17 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_error_message" >&5
$as_echo "$ac_cv_lib_com_err_error_message" >&6; }
-if test "x$ac_cv_lib_com_err_error_message" = x""yes; then :
+if test "x$ac_cv_lib_com_err_error_message" = xyes; then :
rra_krb5_extra="-lcom_err $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_svc_get_msg in -lksvc" >&5
$as_echo_n "checking for krb5_svc_get_msg in -lksvc... " >&6; }
-if test "${ac_cv_lib_ksvc_krb5_svc_get_msg+set}" = set; then :
+if ${ac_cv_lib_ksvc_krb5_svc_get_msg+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lksvc $LIBS"
+LIBS="-lksvc $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -7659,17 +8817,17 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ksvc_krb5_svc_get_msg" >&5
$as_echo "$ac_cv_lib_ksvc_krb5_svc_get_msg" >&6; }
-if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = x""yes; then :
+if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = xyes; then :
rra_krb5_extra="-lksvc $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_hash_md5 in -lk5crypto" >&5
$as_echo_n "checking for krb5int_hash_md5 in -lk5crypto... " >&6; }
-if test "${ac_cv_lib_k5crypto_krb5int_hash_md5+set}" = set; then :
+if ${ac_cv_lib_k5crypto_krb5int_hash_md5+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lk5crypto $LIBS"
+LIBS="-lk5crypto $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -7699,17 +8857,17 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5crypto_krb5int_hash_md5" >&5
$as_echo "$ac_cv_lib_k5crypto_krb5int_hash_md5" >&6; }
-if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = x""yes; then :
+if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = xyes; then :
rra_krb5_extra="-lk5crypto $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for profile_get_values in -lk5profile" >&5
$as_echo_n "checking for profile_get_values in -lk5profile... " >&6; }
-if test "${ac_cv_lib_k5profile_profile_get_values+set}" = set; then :
+if ${ac_cv_lib_k5profile_profile_get_values+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lk5profile $LIBS"
+LIBS="-lk5profile $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -7739,13 +8897,13 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5profile_profile_get_values" >&5
$as_echo "$ac_cv_lib_k5profile_profile_get_values" >&6; }
-if test "x$ac_cv_lib_k5profile_profile_get_values" = x""yes; then :
+if test "x$ac_cv_lib_k5profile_profile_get_values" = xyes; then :
rra_krb5_extra="-lk5profile $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_cc_default in -lkrb5" >&5
$as_echo_n "checking for krb5_cc_default in -lkrb5... " >&6; }
-if test "${ac_cv_lib_krb5_krb5_cc_default+set}" = set; then :
+if ${ac_cv_lib_krb5_krb5_cc_default+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -7779,28 +8937,72 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_cc_default" >&5
$as_echo "$ac_cv_lib_krb5_krb5_cc_default" >&6; }
-if test "x$ac_cv_lib_krb5_krb5_cc_default" = x""yes; then :
+if test "x$ac_cv_lib_krb5_krb5_cc_default" = xyes; then :
KRB5_LIBS="-lkrb5 $rra_krb5_extra"
else
if test x"true" = xtrue; then :
- as_fn_error $? "cannot find usable Kerberos v5 library" "$LINENO" 5
+ as_fn_error $? "cannot find usable Kerberos library" "$LINENO" 5
fi
fi
fi
LIBS="$KRB5_LIBS $LIBS"
+ if test x"$rra_krb5_incroot" = x; then :
+ for ac_header in krb5.h krb5/krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
+$as_echo_n "checking for krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5/krb5.h" >&5
+$as_echo_n "checking for krb5/krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+fi
for ac_func in krb5_get_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message"
-if test "x$ac_cv_func_krb5_get_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
_ACEOF
for ac_func in krb5_free_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message"
-if test "x$ac_cv_func_krb5_free_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
_ACEOF
@@ -7812,7 +9014,7 @@ else
for ac_func in krb5_get_error_string
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_string" "ac_cv_func_krb5_get_error_string"
-if test "x$ac_cv_func_krb5_get_error_string" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_string" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_STRING 1
_ACEOF
@@ -7821,7 +9023,7 @@ else
for ac_func in krb5_get_err_txt
do :
ac_fn_c_check_func "$LINENO" "krb5_get_err_txt" "ac_cv_func_krb5_get_err_txt"
-if test "x$ac_cv_func_krb5_get_err_txt" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_err_txt" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERR_TXT 1
_ACEOF
@@ -7830,14 +9032,21 @@ else
for ac_func in krb5_svc_get_msg
do :
ac_fn_c_check_func "$LINENO" "krb5_svc_get_msg" "ac_cv_func_krb5_svc_get_msg"
-if test "x$ac_cv_func_krb5_svc_get_msg" = x""yes; then :
+if test "x$ac_cv_func_krb5_svc_get_msg" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_SVC_GET_MSG 1
_ACEOF
for ac_header in ibm_svc/krb5_svc.h
do :
- ac_fn_c_check_header_mongrel "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "$ac_includes_default"
-if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = x""yes; then :
+ ac_fn_c_check_header_compile "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
+"
+if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_IBM_SVC_KRB5_SVC_H 1
_ACEOF
@@ -7850,7 +9059,7 @@ else
for ac_header in et/com_err.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "et/com_err.h" "ac_cv_header_et_com_err_h" "$ac_includes_default"
-if test "x$ac_cv_header_et_com_err_h" = x""yes; then :
+if test "x$ac_cv_header_et_com_err_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_ET_COM_ERR_H 1
_ACEOF
@@ -7876,23 +9085,67 @@ done
LIBS="$rra_krb5_save_LIBS"
fi
- rra_krb5_save_CPPFLAGS="$CPPFLAGS"
+ rra_krb5_save_CPPFLAGS="$CPPFLAGS"
rra_krb5_save_LDFLAGS="$LDFLAGS"
rra_krb5_save_LIBS="$LIBS"
CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS"
LDFLAGS="$KRB5_LDFLAGS $LDFLAGS"
LIBS="$KRB5_LIBS $LIBS"
- for ac_func in krb5_get_error_message
+ if test x"$rra_krb5_incroot" = x; then :
+ for ac_header in krb5.h krb5/krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
+$as_echo_n "checking for krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5/krb5.h" >&5
+$as_echo_n "checking for krb5/krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+fi
+ for ac_func in krb5_get_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message"
-if test "x$ac_cv_func_krb5_get_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
_ACEOF
for ac_func in krb5_free_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message"
-if test "x$ac_cv_func_krb5_free_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
_ACEOF
@@ -7904,7 +9157,7 @@ else
for ac_func in krb5_get_error_string
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_string" "ac_cv_func_krb5_get_error_string"
-if test "x$ac_cv_func_krb5_get_error_string" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_string" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_STRING 1
_ACEOF
@@ -7913,7 +9166,7 @@ else
for ac_func in krb5_get_err_txt
do :
ac_fn_c_check_func "$LINENO" "krb5_get_err_txt" "ac_cv_func_krb5_get_err_txt"
-if test "x$ac_cv_func_krb5_get_err_txt" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_err_txt" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERR_TXT 1
_ACEOF
@@ -7922,14 +9175,21 @@ else
for ac_func in krb5_svc_get_msg
do :
ac_fn_c_check_func "$LINENO" "krb5_svc_get_msg" "ac_cv_func_krb5_svc_get_msg"
-if test "x$ac_cv_func_krb5_svc_get_msg" = x""yes; then :
+if test "x$ac_cv_func_krb5_svc_get_msg" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_SVC_GET_MSG 1
_ACEOF
for ac_header in ibm_svc/krb5_svc.h
do :
- ac_fn_c_check_header_mongrel "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "$ac_includes_default"
-if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = x""yes; then :
+ ac_fn_c_check_header_compile "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
+"
+if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_IBM_SVC_KRB5_SVC_H 1
_ACEOF
@@ -7942,7 +9202,7 @@ else
for ac_header in et/com_err.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "et/com_err.h" "ac_cv_header_et_com_err_h" "$ac_includes_default"
-if test "x$ac_cv_header_et_com_err_h" = x""yes; then :
+if test "x$ac_cv_header_et_com_err_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_ET_COM_ERR_H 1
_ACEOF
@@ -7963,7 +9223,7 @@ done
fi
done
- CPPFLAGS="$rra_krb5_save_CPPFLAGS"
+ CPPFLAGS="$rra_krb5_save_CPPFLAGS"
LDFLAGS="$rra_krb5_save_LDFLAGS"
LIBS="$rra_krb5_save_LIBS"
else
@@ -7997,7 +9257,7 @@ else
fi
fi
fi
- rra_krb5_save_CPPFLAGS="$CPPFLAGS"
+ rra_krb5_save_CPPFLAGS="$CPPFLAGS"
rra_krb5_save_LDFLAGS="$LDFLAGS"
rra_krb5_save_LIBS="$LIBS"
CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS"
@@ -8007,7 +9267,7 @@ fi
LIBS=
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_search" >&5
$as_echo_n "checking for library containing res_search... " >&6; }
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -8041,11 +9301,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_res_search+set}" = set; then :
+ if ${ac_cv_search_res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search_res_search+set}" = set; then :
+if ${ac_cv_search_res_search+:} false; then :
else
ac_cv_search_res_search=no
@@ -8062,7 +9322,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_search" >&5
$as_echo_n "checking for library containing __res_search... " >&6; }
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -8096,11 +9356,11 @@ for ac_lib in '' resolv; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search___res_search+set}" = set; then :
+ if ${ac_cv_search___res_search+:} false; then :
break
fi
done
-if test "${ac_cv_search___res_search+set}" = set; then :
+if ${ac_cv_search___res_search+:} false; then :
else
ac_cv_search___res_search=no
@@ -8120,7 +9380,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
$as_echo_n "checking for library containing gethostbyname... " >&6; }
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -8154,11 +9414,11 @@ for ac_lib in '' nsl; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_gethostbyname+set}" = set; then :
+ if ${ac_cv_search_gethostbyname+:} false; then :
break
fi
done
-if test "${ac_cv_search_gethostbyname+set}" = set; then :
+if ${ac_cv_search_gethostbyname+:} false; then :
else
ac_cv_search_gethostbyname=no
@@ -8176,7 +9436,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
$as_echo_n "checking for library containing socket... " >&6; }
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -8210,11 +9470,11 @@ for ac_lib in '' socket; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_socket+set}" = set; then :
+ if ${ac_cv_search_socket+:} false; then :
break
fi
done
-if test "${ac_cv_search_socket+set}" = set; then :
+if ${ac_cv_search_socket+:} false; then :
else
ac_cv_search_socket=no
@@ -8231,7 +9491,7 @@ if test "$ac_res" != no; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5
$as_echo_n "checking for socket in -lnsl... " >&6; }
-if test "${ac_cv_lib_nsl_socket+set}" = set; then :
+if ${ac_cv_lib_nsl_socket+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -8265,7 +9525,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5
$as_echo "$ac_cv_lib_nsl_socket" >&6; }
-if test "x$ac_cv_lib_nsl_socket" = x""yes; then :
+if test "x$ac_cv_lib_nsl_socket" = xyes; then :
LIBS="-lnsl -lsocket $LIBS"
fi
@@ -8273,7 +9533,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
$as_echo_n "checking for library containing crypt... " >&6; }
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -8307,11 +9567,11 @@ for ac_lib in '' crypt; do
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_crypt+set}" = set; then :
+ if ${ac_cv_search_crypt+:} false; then :
break
fi
done
-if test "${ac_cv_search_crypt+set}" = set; then :
+if ${ac_cv_search_crypt+:} false; then :
else
ac_cv_search_crypt=no
@@ -8327,9 +9587,9 @@ if test "$ac_res" != no; then :
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing rk_simple_execve" >&5
-$as_echo_n "checking for library containing rk_simple_execve... " >&6; }
-if test "${ac_cv_search_rk_simple_execve+set}" = set; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing roken_concat" >&5
+$as_echo_n "checking for library containing roken_concat... " >&6; }
+if ${ac_cv_search_roken_concat+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -8342,11 +9602,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
#ifdef __cplusplus
extern "C"
#endif
-char rk_simple_execve ();
+char roken_concat ();
int
main ()
{
-return rk_simple_execve ();
+return roken_concat ();
;
return 0;
}
@@ -8359,25 +9619,25 @@ for ac_lib in '' roken; do
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_search_rk_simple_execve=$ac_res
+ ac_cv_search_roken_concat=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
- if test "${ac_cv_search_rk_simple_execve+set}" = set; then :
+ if ${ac_cv_search_roken_concat+:} false; then :
break
fi
done
-if test "${ac_cv_search_rk_simple_execve+set}" = set; then :
+if ${ac_cv_search_roken_concat+:} false; then :
else
- ac_cv_search_rk_simple_execve=no
+ ac_cv_search_roken_concat=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_rk_simple_execve" >&5
-$as_echo "$ac_cv_search_rk_simple_execve" >&6; }
-ac_res=$ac_cv_search_rk_simple_execve
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_roken_concat" >&5
+$as_echo "$ac_cv_search_roken_concat" >&6; }
+ac_res=$ac_cv_search_roken_concat
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
@@ -8387,7 +9647,7 @@ fi
LIBS="$rra_krb5_save_LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_init_context in -lkrb5" >&5
$as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; }
-if test "${ac_cv_lib_krb5_krb5_init_context+set}" = set; then :
+if ${ac_cv_lib_krb5_krb5_init_context+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -8421,16 +9681,16 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_init_context" >&5
$as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; }
-if test "x$ac_cv_lib_krb5_krb5_init_context" = x""yes; then :
+if test "x$ac_cv_lib_krb5_krb5_init_context" = xyes; then :
KRB5_LIBS="-lkrb5 -lasn1 -lcom_err -lcrypto $rra_krb5_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_getspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_getspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_getspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5support $LIBS"
+LIBS="-lkrb5support $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -8460,12 +9720,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = xyes; then :
rra_krb5_extra="-lkrb5support $rra_krb5_extra"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthreads" >&5
$as_echo_n "checking for pthread_setspecific in -lpthreads... " >&6; }
-if test "${ac_cv_lib_pthreads_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthreads_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -8499,12 +9759,12 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthreads_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthreads_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthreads_pthread_setspecific" = xyes; then :
rra_krb5_pthread="-lpthreads"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthread" >&5
$as_echo_n "checking for pthread_setspecific in -lpthread... " >&6; }
-if test "${ac_cv_lib_pthread_pthread_setspecific+set}" = set; then :
+if ${ac_cv_lib_pthread_pthread_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -8538,7 +9798,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_setspecific" >&5
$as_echo "$ac_cv_lib_pthread_pthread_setspecific" >&6; }
-if test "x$ac_cv_lib_pthread_pthread_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_pthread_pthread_setspecific" = xyes; then :
rra_krb5_pthread="-lpthread"
fi
@@ -8546,11 +9806,11 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_setspecific in -lkrb5support" >&5
$as_echo_n "checking for krb5int_setspecific in -lkrb5support... " >&6; }
-if test "${ac_cv_lib_krb5support_krb5int_setspecific+set}" = set; then :
+if ${ac_cv_lib_krb5support_krb5int_setspecific+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb5support $rra_krb5_pthread $LIBS"
+LIBS="-lkrb5support $rra_krb5_pthread $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -8580,7 +9840,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_setspecific" >&5
$as_echo "$ac_cv_lib_krb5support_krb5int_setspecific" >&6; }
-if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = x""yes; then :
+if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = xyes; then :
rra_krb5_extra="-lkrb5support $rra_krb5_extra $rra_krb5_pthread"
fi
@@ -8588,11 +9848,11 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5
$as_echo_n "checking for error_message in -lcom_err... " >&6; }
-if test "${ac_cv_lib_com_err_error_message+set}" = set; then :
+if ${ac_cv_lib_com_err_error_message+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcom_err $LIBS"
+LIBS="-lcom_err $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -8622,17 +9882,17 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_error_message" >&5
$as_echo "$ac_cv_lib_com_err_error_message" >&6; }
-if test "x$ac_cv_lib_com_err_error_message" = x""yes; then :
+if test "x$ac_cv_lib_com_err_error_message" = xyes; then :
rra_krb5_extra="-lcom_err $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_svc_get_msg in -lksvc" >&5
$as_echo_n "checking for krb5_svc_get_msg in -lksvc... " >&6; }
-if test "${ac_cv_lib_ksvc_krb5_svc_get_msg+set}" = set; then :
+if ${ac_cv_lib_ksvc_krb5_svc_get_msg+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lksvc $LIBS"
+LIBS="-lksvc $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -8662,17 +9922,17 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ksvc_krb5_svc_get_msg" >&5
$as_echo "$ac_cv_lib_ksvc_krb5_svc_get_msg" >&6; }
-if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = x""yes; then :
+if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = xyes; then :
rra_krb5_extra="-lksvc $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_hash_md5 in -lk5crypto" >&5
$as_echo_n "checking for krb5int_hash_md5 in -lk5crypto... " >&6; }
-if test "${ac_cv_lib_k5crypto_krb5int_hash_md5+set}" = set; then :
+if ${ac_cv_lib_k5crypto_krb5int_hash_md5+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lk5crypto $LIBS"
+LIBS="-lk5crypto $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -8702,17 +9962,17 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5crypto_krb5int_hash_md5" >&5
$as_echo "$ac_cv_lib_k5crypto_krb5int_hash_md5" >&6; }
-if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = x""yes; then :
+if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = xyes; then :
rra_krb5_extra="-lk5crypto $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for profile_get_values in -lk5profile" >&5
$as_echo_n "checking for profile_get_values in -lk5profile... " >&6; }
-if test "${ac_cv_lib_k5profile_profile_get_values+set}" = set; then :
+if ${ac_cv_lib_k5profile_profile_get_values+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lk5profile $LIBS"
+LIBS="-lk5profile $rra_krb5_extra $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -8742,13 +10002,13 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5profile_profile_get_values" >&5
$as_echo "$ac_cv_lib_k5profile_profile_get_values" >&6; }
-if test "x$ac_cv_lib_k5profile_profile_get_values" = x""yes; then :
+if test "x$ac_cv_lib_k5profile_profile_get_values" = xyes; then :
rra_krb5_extra="-lk5profile $rra_krb5_extra"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_cc_default in -lkrb5" >&5
$as_echo_n "checking for krb5_cc_default in -lkrb5... " >&6; }
-if test "${ac_cv_lib_krb5_krb5_cc_default+set}" = set; then :
+if ${ac_cv_lib_krb5_krb5_cc_default+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -8782,28 +10042,72 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_cc_default" >&5
$as_echo "$ac_cv_lib_krb5_krb5_cc_default" >&6; }
-if test "x$ac_cv_lib_krb5_krb5_cc_default" = x""yes; then :
+if test "x$ac_cv_lib_krb5_krb5_cc_default" = xyes; then :
KRB5_LIBS="-lkrb5 $rra_krb5_extra"
else
if test x"true" = xtrue; then :
- as_fn_error $? "cannot find usable Kerberos v5 library" "$LINENO" 5
+ as_fn_error $? "cannot find usable Kerberos library" "$LINENO" 5
fi
fi
fi
LIBS="$KRB5_LIBS $LIBS"
+ if test x"$rra_krb5_incroot" = x; then :
+ for ac_header in krb5.h krb5/krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
+$as_echo_n "checking for krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5/krb5.h" >&5
+$as_echo_n "checking for krb5/krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+fi
for ac_func in krb5_get_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message"
-if test "x$ac_cv_func_krb5_get_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
_ACEOF
for ac_func in krb5_free_error_message
do :
ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message"
-if test "x$ac_cv_func_krb5_free_error_message" = x""yes; then :
+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
_ACEOF
@@ -8815,7 +10119,7 @@ else
for ac_func in krb5_get_error_string
do :
ac_fn_c_check_func "$LINENO" "krb5_get_error_string" "ac_cv_func_krb5_get_error_string"
-if test "x$ac_cv_func_krb5_get_error_string" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_error_string" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERROR_STRING 1
_ACEOF
@@ -8824,7 +10128,7 @@ else
for ac_func in krb5_get_err_txt
do :
ac_fn_c_check_func "$LINENO" "krb5_get_err_txt" "ac_cv_func_krb5_get_err_txt"
-if test "x$ac_cv_func_krb5_get_err_txt" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_err_txt" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_ERR_TXT 1
_ACEOF
@@ -8833,14 +10137,21 @@ else
for ac_func in krb5_svc_get_msg
do :
ac_fn_c_check_func "$LINENO" "krb5_svc_get_msg" "ac_cv_func_krb5_svc_get_msg"
-if test "x$ac_cv_func_krb5_svc_get_msg" = x""yes; then :
+if test "x$ac_cv_func_krb5_svc_get_msg" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_SVC_GET_MSG 1
_ACEOF
for ac_header in ibm_svc/krb5_svc.h
do :
- ac_fn_c_check_header_mongrel "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "$ac_includes_default"
-if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = x""yes; then :
+ ac_fn_c_check_header_compile "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
+"
+if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_IBM_SVC_KRB5_SVC_H 1
_ACEOF
@@ -8853,7 +10164,970 @@ else
for ac_header in et/com_err.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "et/com_err.h" "ac_cv_header_et_com_err_h" "$ac_includes_default"
-if test "x$ac_cv_header_et_com_err_h" = x""yes; then :
+if test "x$ac_cv_header_et_com_err_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_ET_COM_ERR_H 1
+_ACEOF
+
+fi
+
+done
+
+fi
+done
+
+fi
+done
+
+fi
+done
+
+fi
+done
+
+ CPPFLAGS="$rra_krb5_save_CPPFLAGS"
+ LDFLAGS="$rra_krb5_save_LDFLAGS"
+ LIBS="$rra_krb5_save_LIBS"
+fi
+else
+ if test x"$rra_krb5_libdir" != x; then :
+ KRB5_LDFLAGS="-L$rra_krb5_libdir"
+else
+ if test x"$rra_krb5_root" != x; then :
+
+ if test -d "$rra_krb5_root/$rra_lib_arch_name"; then :
+ if test x"" = x; then :
+ KRB5_LDFLAGS="$KRB5_LDFLAGS -L$rra_krb5_root/${rra_lib_arch_name}"
+else
+ KRB5_LDFLAGS="$KRB5_LDFLAGS -L$rra_krb5_root/${rra_lib_arch_name}/"
+fi
+else
+ if test x"" = x; then :
+ KRB5_LDFLAGS="$KRB5_LDFLAGS -L$rra_krb5_root/lib"
+else
+ KRB5_LDFLAGS="$KRB5_LDFLAGS -L$rra_krb5_root/lib/"
+fi
+fi
+ KRB5_LDFLAGS=`echo "$KRB5_LDFLAGS" | sed -e 's/^ *//'`
+fi
+fi
+ if test x"$rra_krb5_includedir" != x; then :
+ KRB5_CPPFLAGS="-I$rra_krb5_includedir"
+else
+ if test x"$rra_krb5_root" != x; then :
+ if test x"$rra_krb5_root" != x/usr; then :
+ KRB5_CPPFLAGS="-I${rra_krb5_root}/include"
+fi
+fi
+fi
+ rra_krb5_save_CPPFLAGS="$CPPFLAGS"
+ rra_krb5_save_LDFLAGS="$LDFLAGS"
+ rra_krb5_save_LIBS="$LIBS"
+ CPPFLAGS="$KRB5_CPPFLAGS $CPPFLAGS"
+ LDFLAGS="$KRB5_LDFLAGS $LDFLAGS"
+ LIBS="$KRB5_LIBS $LIBS"
+ rra_krb5_extra=
+ LIBS=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_search" >&5
+$as_echo_n "checking for library containing res_search... " >&6; }
+if ${ac_cv_search_res_search+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_search ();
+int
+main ()
+{
+return res_search ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_res_search=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_res_search+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_res_search+:} false; then :
+
+else
+ ac_cv_search_res_search=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_search" >&5
+$as_echo "$ac_cv_search_res_search" >&6; }
+ac_res=$ac_cv_search_res_search
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __res_search" >&5
+$as_echo_n "checking for library containing __res_search... " >&6; }
+if ${ac_cv_search___res_search+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char __res_search ();
+int
+main ()
+{
+return __res_search ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search___res_search=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search___res_search+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search___res_search+:} false; then :
+
+else
+ ac_cv_search___res_search=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___res_search" >&5
+$as_echo "$ac_cv_search___res_search" >&6; }
+ac_res=$ac_cv_search___res_search
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5
+$as_echo_n "checking for library containing gethostbyname... " >&6; }
+if ${ac_cv_search_gethostbyname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gethostbyname ();
+int
+main ()
+{
+return gethostbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' nsl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_gethostbyname=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_gethostbyname+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_gethostbyname+:} false; then :
+
+else
+ ac_cv_search_gethostbyname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5
+$as_echo "$ac_cv_search_gethostbyname" >&6; }
+ac_res=$ac_cv_search_gethostbyname
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5
+$as_echo_n "checking for library containing socket... " >&6; }
+if ${ac_cv_search_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' socket; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_socket=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_socket+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_socket+:} false; then :
+
+else
+ ac_cv_search_socket=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5
+$as_echo "$ac_cv_search_socket" >&6; }
+ac_res=$ac_cv_search_socket
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5
+$as_echo_n "checking for socket in -lnsl... " >&6; }
+if ${ac_cv_lib_nsl_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl -lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_socket=yes
+else
+ ac_cv_lib_nsl_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5
+$as_echo "$ac_cv_lib_nsl_socket" >&6; }
+if test "x$ac_cv_lib_nsl_socket" = xyes; then :
+ LIBS="-lnsl -lsocket $LIBS"
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
+$as_echo_n "checking for library containing crypt... " >&6; }
+if ${ac_cv_search_crypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' crypt; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_crypt=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_crypt+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_crypt+:} false; then :
+
+else
+ ac_cv_search_crypt=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5
+$as_echo "$ac_cv_search_crypt" >&6; }
+ac_res=$ac_cv_search_crypt
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing roken_concat" >&5
+$as_echo_n "checking for library containing roken_concat... " >&6; }
+if ${ac_cv_search_roken_concat+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char roken_concat ();
+int
+main ()
+{
+return roken_concat ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' roken; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_roken_concat=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_roken_concat+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_roken_concat+:} false; then :
+
+else
+ ac_cv_search_roken_concat=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_roken_concat" >&5
+$as_echo "$ac_cv_search_roken_concat" >&6; }
+ac_res=$ac_cv_search_roken_concat
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ rra_krb5_extra="$LIBS"
+ LIBS="$rra_krb5_save_LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_init_context in -lkrb5" >&5
+$as_echo_n "checking for krb5_init_context in -lkrb5... " >&6; }
+if ${ac_cv_lib_krb5_krb5_init_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5 -lasn1 -lcom_err -lcrypto $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5_init_context ();
+int
+main ()
+{
+return krb5_init_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5_krb5_init_context=yes
+else
+ ac_cv_lib_krb5_krb5_init_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_init_context" >&5
+$as_echo "$ac_cv_lib_krb5_krb5_init_context" >&6; }
+if test "x$ac_cv_lib_krb5_krb5_init_context" = xyes; then :
+ KRB5_LIBS="-lkrb5 -lasn1 -lcom_err -lcrypto $rra_krb5_extra"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_getspecific in -lkrb5support" >&5
+$as_echo_n "checking for krb5int_getspecific in -lkrb5support... " >&6; }
+if ${ac_cv_lib_krb5support_krb5int_getspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5support $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5int_getspecific ();
+int
+main ()
+{
+return krb5int_getspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5support_krb5int_getspecific=yes
+else
+ ac_cv_lib_krb5support_krb5int_getspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_getspecific" >&5
+$as_echo "$ac_cv_lib_krb5support_krb5int_getspecific" >&6; }
+if test "x$ac_cv_lib_krb5support_krb5int_getspecific" = xyes; then :
+ rra_krb5_extra="-lkrb5support $rra_krb5_extra"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthreads" >&5
+$as_echo_n "checking for pthread_setspecific in -lpthreads... " >&6; }
+if ${ac_cv_lib_pthreads_pthread_setspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthreads $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_setspecific ();
+int
+main ()
+{
+return pthread_setspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pthreads_pthread_setspecific=yes
+else
+ ac_cv_lib_pthreads_pthread_setspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_setspecific" >&5
+$as_echo "$ac_cv_lib_pthreads_pthread_setspecific" >&6; }
+if test "x$ac_cv_lib_pthreads_pthread_setspecific" = xyes; then :
+ rra_krb5_pthread="-lpthreads"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_setspecific in -lpthread" >&5
+$as_echo_n "checking for pthread_setspecific in -lpthread... " >&6; }
+if ${ac_cv_lib_pthread_pthread_setspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthread $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_setspecific ();
+int
+main ()
+{
+return pthread_setspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pthread_pthread_setspecific=yes
+else
+ ac_cv_lib_pthread_pthread_setspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_setspecific" >&5
+$as_echo "$ac_cv_lib_pthread_pthread_setspecific" >&6; }
+if test "x$ac_cv_lib_pthread_pthread_setspecific" = xyes; then :
+ rra_krb5_pthread="-lpthread"
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_setspecific in -lkrb5support" >&5
+$as_echo_n "checking for krb5int_setspecific in -lkrb5support... " >&6; }
+if ${ac_cv_lib_krb5support_krb5int_setspecific+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5support $rra_krb5_pthread $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5int_setspecific ();
+int
+main ()
+{
+return krb5int_setspecific ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5support_krb5int_setspecific=yes
+else
+ ac_cv_lib_krb5support_krb5int_setspecific=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_krb5int_setspecific" >&5
+$as_echo "$ac_cv_lib_krb5support_krb5int_setspecific" >&6; }
+if test "x$ac_cv_lib_krb5support_krb5int_setspecific" = xyes; then :
+ rra_krb5_extra="-lkrb5support $rra_krb5_extra $rra_krb5_pthread"
+fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_message in -lcom_err" >&5
+$as_echo_n "checking for error_message in -lcom_err... " >&6; }
+if ${ac_cv_lib_com_err_error_message+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcom_err $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char error_message ();
+int
+main ()
+{
+return error_message ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_com_err_error_message=yes
+else
+ ac_cv_lib_com_err_error_message=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_error_message" >&5
+$as_echo "$ac_cv_lib_com_err_error_message" >&6; }
+if test "x$ac_cv_lib_com_err_error_message" = xyes; then :
+ rra_krb5_extra="-lcom_err $rra_krb5_extra"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_svc_get_msg in -lksvc" >&5
+$as_echo_n "checking for krb5_svc_get_msg in -lksvc... " >&6; }
+if ${ac_cv_lib_ksvc_krb5_svc_get_msg+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lksvc $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5_svc_get_msg ();
+int
+main ()
+{
+return krb5_svc_get_msg ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_ksvc_krb5_svc_get_msg=yes
+else
+ ac_cv_lib_ksvc_krb5_svc_get_msg=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ksvc_krb5_svc_get_msg" >&5
+$as_echo "$ac_cv_lib_ksvc_krb5_svc_get_msg" >&6; }
+if test "x$ac_cv_lib_ksvc_krb5_svc_get_msg" = xyes; then :
+ rra_krb5_extra="-lksvc $rra_krb5_extra"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5int_hash_md5 in -lk5crypto" >&5
+$as_echo_n "checking for krb5int_hash_md5 in -lk5crypto... " >&6; }
+if ${ac_cv_lib_k5crypto_krb5int_hash_md5+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lk5crypto $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5int_hash_md5 ();
+int
+main ()
+{
+return krb5int_hash_md5 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_k5crypto_krb5int_hash_md5=yes
+else
+ ac_cv_lib_k5crypto_krb5int_hash_md5=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5crypto_krb5int_hash_md5" >&5
+$as_echo "$ac_cv_lib_k5crypto_krb5int_hash_md5" >&6; }
+if test "x$ac_cv_lib_k5crypto_krb5int_hash_md5" = xyes; then :
+ rra_krb5_extra="-lk5crypto $rra_krb5_extra"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for profile_get_values in -lk5profile" >&5
+$as_echo_n "checking for profile_get_values in -lk5profile... " >&6; }
+if ${ac_cv_lib_k5profile_profile_get_values+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lk5profile $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char profile_get_values ();
+int
+main ()
+{
+return profile_get_values ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_k5profile_profile_get_values=yes
+else
+ ac_cv_lib_k5profile_profile_get_values=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_k5profile_profile_get_values" >&5
+$as_echo "$ac_cv_lib_k5profile_profile_get_values" >&6; }
+if test "x$ac_cv_lib_k5profile_profile_get_values" = xyes; then :
+ rra_krb5_extra="-lk5profile $rra_krb5_extra"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_cc_default in -lkrb5" >&5
+$as_echo_n "checking for krb5_cc_default in -lkrb5... " >&6; }
+if ${ac_cv_lib_krb5_krb5_cc_default+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5 $rra_krb5_extra $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char krb5_cc_default ();
+int
+main ()
+{
+return krb5_cc_default ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_krb5_krb5_cc_default=yes
+else
+ ac_cv_lib_krb5_krb5_cc_default=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5_krb5_cc_default" >&5
+$as_echo "$ac_cv_lib_krb5_krb5_cc_default" >&6; }
+if test "x$ac_cv_lib_krb5_krb5_cc_default" = xyes; then :
+ KRB5_LIBS="-lkrb5 $rra_krb5_extra"
+else
+ if test x"true" = xtrue; then :
+ as_fn_error $? "cannot find usable Kerberos library" "$LINENO" 5
+fi
+fi
+
+fi
+
+ LIBS="$KRB5_LIBS $LIBS"
+ if test x"$rra_krb5_incroot" = x; then :
+ for ac_header in krb5.h krb5/krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h" >&5
+$as_echo_n "checking for krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5/krb5.h" >&5
+$as_echo_n "checking for krb5/krb5.h... " >&6; }
+ if test -f "${rra_krb5_incroot}/krb5/krb5.h"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_KRB5_H 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+fi
+ for ac_func in krb5_get_error_message
+do :
+ ac_fn_c_check_func "$LINENO" "krb5_get_error_message" "ac_cv_func_krb5_get_error_message"
+if test "x$ac_cv_func_krb5_get_error_message" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_GET_ERROR_MESSAGE 1
+_ACEOF
+ for ac_func in krb5_free_error_message
+do :
+ ac_fn_c_check_func "$LINENO" "krb5_free_error_message" "ac_cv_func_krb5_free_error_message"
+if test "x$ac_cv_func_krb5_free_error_message" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
+_ACEOF
+
+fi
+done
+
+else
+ for ac_func in krb5_get_error_string
+do :
+ ac_fn_c_check_func "$LINENO" "krb5_get_error_string" "ac_cv_func_krb5_get_error_string"
+if test "x$ac_cv_func_krb5_get_error_string" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_GET_ERROR_STRING 1
+_ACEOF
+
+else
+ for ac_func in krb5_get_err_txt
+do :
+ ac_fn_c_check_func "$LINENO" "krb5_get_err_txt" "ac_cv_func_krb5_get_err_txt"
+if test "x$ac_cv_func_krb5_get_err_txt" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_GET_ERR_TXT 1
+_ACEOF
+
+else
+ for ac_func in krb5_svc_get_msg
+do :
+ ac_fn_c_check_func "$LINENO" "krb5_svc_get_msg" "ac_cv_func_krb5_svc_get_msg"
+if test "x$ac_cv_func_krb5_svc_get_msg" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_SVC_GET_MSG 1
+_ACEOF
+ for ac_header in ibm_svc/krb5_svc.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "ibm_svc/krb5_svc.h" "ac_cv_header_ibm_svc_krb5_svc_h" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
+"
+if test "x$ac_cv_header_ibm_svc_krb5_svc_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_IBM_SVC_KRB5_SVC_H 1
+_ACEOF
+
+fi
+
+done
+
+else
+ for ac_header in et/com_err.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "et/com_err.h" "ac_cv_header_et_com_err_h" "$ac_includes_default"
+if test "x$ac_cv_header_et_com_err_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_ET_COM_ERR_H 1
_ACEOF
@@ -8880,11 +11154,12 @@ done
fi
fi
rra_krb5_uses_com_err=false
- case "$LIBS" in
- *-lcom_err*)
- rra_krb5_uses_com_err=true
+ case $LIBS in #(
+ *-lcom_err*) :
+ rra_krb5_uses_com_err=true ;; #(
+ *) :
;;
- esac
+esac
if test x"$rra_krb5_uses_com_err" = xtrue; then
KRB5_USES_COM_ERR_TRUE=
KRB5_USES_COM_ERR_FALSE='#'
@@ -8893,6 +11168,9 @@ else
KRB5_USES_COM_ERR_FALSE=
fi
+
+$as_echo "#define HAVE_KERBEROS 1" >>confdefs.h
+
rra_krb5_save_CPPFLAGS="$CPPFLAGS"
rra_krb5_save_LDFLAGS="$LDFLAGS"
rra_krb5_save_LIBS="$LIBS"
@@ -8916,26 +11194,32 @@ done
for ac_func in krb5_get_init_creds_opt_free
do :
ac_fn_c_check_func "$LINENO" "krb5_get_init_creds_opt_free" "ac_cv_func_krb5_get_init_creds_opt_free"
-if test "x$ac_cv_func_krb5_get_init_creds_opt_free" = x""yes; then :
+if test "x$ac_cv_func_krb5_get_init_creds_opt_free" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE 1
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if krb5_get_init_creds_opt_free takes two arguments" >&5
$as_echo_n "checking if krb5_get_init_creds_opt_free takes two arguments... " >&6; }
-if test "${rra_cv_func_krb5_get_init_creds_opt_free_args+set}" = set; then :
+if ${rra_cv_func_krb5_get_init_creds_opt_free_args+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <krb5.h>
+
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
int
-main ()
+main(void)
{
-krb5_get_init_creds_opt *opts; krb5_context c;
- krb5_get_init_creds_opt_free(c, opts);
- ;
- return 0;
+ krb5_get_init_creds_opt *opts;
+ krb5_context c;
+ krb5_get_init_creds_opt_free(c, opts);
}
+
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
rra_cv_func_krb5_get_init_creds_opt_free_args=yes
@@ -8954,8 +11238,26 @@ fi
fi
done
+ac_fn_c_check_decl "$LINENO" "krb5_kt_free_entry" "ac_cv_have_decl_krb5_kt_free_entry" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_krb5_kt_free_entry" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_KRB5_KT_FREE_ENTRY $ac_have_decl
+_ACEOF
+
ac_fn_c_check_decl "$LINENO" "krb5_kt_free_entry" "ac_cv_have_decl_krb5_kt_free_entry" "$ac_includes_default"
-if test "x$ac_cv_have_decl_krb5_kt_free_entry" = x""yes; then :
+if test "x$ac_cv_have_decl_krb5_kt_free_entry" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
@@ -8965,9 +11267,15 @@ cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_KRB5_KT_FREE_ENTRY $ac_have_decl
_ACEOF
-ac_fn_c_check_member "$LINENO" "krb5_keytab_entry" "keyblock" "ac_cv_member_krb5_keytab_entry_keyblock" "#include <krb5.h>
+ac_fn_c_check_member "$LINENO" "krb5_keytab_entry" "keyblock" "ac_cv_member_krb5_keytab_entry_keyblock" "
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+
"
-if test "x$ac_cv_member_krb5_keytab_entry_keyblock" = x""yes; then :
+if test "x$ac_cv_member_krb5_keytab_entry_keyblock" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK 1
@@ -8982,84 +11290,66 @@ CPPFLAGS="$rra_krb5_save_CPPFLAGS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5
$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; }
-if test "${ac_cv_header_stdbool_h+set}" = set; then :
+if ${ac_cv_header_stdbool_h+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <stdbool.h>
-#ifndef bool
- "error: bool is not defined"
-#endif
-#ifndef false
- "error: false is not defined"
-#endif
-#if false
- "error: false is not 0"
-#endif
-#ifndef true
- "error: true is not defined"
-#endif
-#if true != 1
- "error: true is not 1"
-#endif
-#ifndef __bool_true_false_are_defined
- "error: __bool_true_false_are_defined is not defined"
-#endif
-
- struct s { _Bool s: 1; _Bool t; } s;
-
- char a[true == 1 ? 1 : -1];
- char b[false == 0 ? 1 : -1];
- char c[__bool_true_false_are_defined == 1 ? 1 : -1];
- char d[(bool) 0.5 == true ? 1 : -1];
- bool e = &s;
- char f[(_Bool) 0.0 == false ? 1 : -1];
- char g[true];
- char h[sizeof (_Bool)];
- char i[sizeof s.t];
- enum { j = false, k = true, l = false * true, m = true * 256 };
- /* The following fails for
- HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */
- _Bool n[m];
- char o[sizeof n == m * sizeof n[0] ? 1 : -1];
- char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1];
-# if defined __xlc__ || defined __GNUC__
- /* Catch a bug in IBM AIX xlc compiler version 6.0.0.0
- reported by James Lemley on 2005-10-05; see
- http://lists.gnu.org/archive/html/bug-coreutils/2005-10/msg00086.html
- This test is not quite right, since xlc is allowed to
- reject this program, as the initializer for xlcbug is
- not one of the forms that C requires support for.
- However, doing the test right would require a runtime
- test, and that would make cross-compilation harder.
- Let us hope that IBM fixes the xlc bug, and also adds
- support for this kind of constant expression. In the
- meantime, this test will reject xlc, which is OK, since
- our stdbool.h substitute should suffice. We also test
- this with GCC, where it should work, to detect more
- quickly whether someone messes up the test in the
- future. */
- char digs[] = "0123456789";
- int xlcbug = 1 / (&(digs + 5)[-2 + (bool) 1] == &digs[4] ? 1 : -1);
-# endif
- /* Catch a bug in an HP-UX C compiler. See
- http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html
- http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html
- */
- _Bool q = true;
- _Bool *pq = &q;
+ #include <stdbool.h>
+ #ifndef bool
+ "error: bool is not defined"
+ #endif
+ #ifndef false
+ "error: false is not defined"
+ #endif
+ #if false
+ "error: false is not 0"
+ #endif
+ #ifndef true
+ "error: true is not defined"
+ #endif
+ #if true != 1
+ "error: true is not 1"
+ #endif
+ #ifndef __bool_true_false_are_defined
+ "error: __bool_true_false_are_defined is not defined"
+ #endif
+
+ struct s { _Bool s: 1; _Bool t; } s;
+
+ char a[true == 1 ? 1 : -1];
+ char b[false == 0 ? 1 : -1];
+ char c[__bool_true_false_are_defined == 1 ? 1 : -1];
+ char d[(bool) 0.5 == true ? 1 : -1];
+ /* See body of main program for 'e'. */
+ char f[(_Bool) 0.0 == false ? 1 : -1];
+ char g[true];
+ char h[sizeof (_Bool)];
+ char i[sizeof s.t];
+ enum { j = false, k = true, l = false * true, m = true * 256 };
+ /* The following fails for
+ HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */
+ _Bool n[m];
+ char o[sizeof n == m * sizeof n[0] ? 1 : -1];
+ char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1];
+ /* Catch a bug in an HP-UX C compiler. See
+ http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html
+ http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html
+ */
+ _Bool q = true;
+ _Bool *pq = &q;
int
main ()
{
- *pq |= q;
- *pq |= ! q;
- /* Refer to every declared value, to avoid compiler optimizations. */
- return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l
- + !m + !n + !o + !p + !q + !pq);
+ bool e = &s;
+ *pq |= q;
+ *pq |= ! q;
+ /* Refer to every declared value, to avoid compiler optimizations. */
+ return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l
+ + !m + !n + !o + !p + !q + !pq);
;
return 0;
@@ -9074,8 +11364,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5
$as_echo "$ac_cv_header_stdbool_h" >&6; }
-ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default"
-if test "x$ac_cv_type__Bool" = x""yes; then :
+ ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default"
+if test "x$ac_cv_type__Bool" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE__BOOL 1
@@ -9084,6 +11374,7 @@ _ACEOF
fi
+
if test $ac_cv_header_stdbool_h = yes; then
$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h
@@ -9104,7 +11395,7 @@ fi
done
ac_fn_c_check_decl "$LINENO" "snprintf" "ac_cv_have_decl_snprintf" "$ac_includes_default"
-if test "x$ac_cv_have_decl_snprintf" = x""yes; then :
+if test "x$ac_cv_have_decl_snprintf" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
@@ -9114,7 +11405,7 @@ cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SNPRINTF $ac_have_decl
_ACEOF
ac_fn_c_check_decl "$LINENO" "vsnprintf" "ac_cv_have_decl_vsnprintf" "$ac_includes_default"
-if test "x$ac_cv_have_decl_vsnprintf" = x""yes; then :
+if test "x$ac_cv_have_decl_vsnprintf" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
@@ -9126,7 +11417,7 @@ _ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C99 variadic macros" >&5
$as_echo_n "checking for C99 variadic macros... " >&6; }
-if test "${rra_cv_c_c99_vamacros+set}" = set; then :
+if ${rra_cv_c_c99_vamacros+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -9159,7 +11450,7 @@ $as_echo "#define HAVE_C99_VAMACROS 1" >>confdefs.h
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU-style variadic macros" >&5
$as_echo_n "checking for GNU-style variadic macros... " >&6; }
-if test "${rra_cv_c_gnu_vamacros+set}" = set; then :
+if ${rra_cv_c_gnu_vamacros+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -9193,7 +11484,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
$as_echo_n "checking for long long int... " >&6; }
-if test "${ac_cv_type_long_long_int+set}" = set; then :
+if ${ac_cv_type_long_long_int+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -9281,9 +11572,20 @@ $as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
fi
+ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "#include <sys/types.h>
+"
+if test "x$ac_cv_type_ssize_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SSIZE_T 1
+_ACEOF
+
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working snprintf" >&5
$as_echo_n "checking for working snprintf... " >&6; }
-if test "${rra_cv_func_snprintf_works+set}" = set; then :
+if ${rra_cv_func_snprintf_works+:} false; then :
$as_echo_n "(cached) " >&6
else
if test "$cross_compiling" = yes; then :
@@ -9344,7 +11646,7 @@ fi
for ac_func in setrlimit
do :
ac_fn_c_check_func "$LINENO" "setrlimit" "ac_cv_func_setrlimit"
-if test "x$ac_cv_func_setrlimit" = x""yes; then :
+if test "x$ac_cv_func_setrlimit" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_SETRLIMIT 1
_ACEOF
@@ -9353,7 +11655,7 @@ fi
done
ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
-if test "x$ac_cv_func_asprintf" = x""yes; then :
+if test "x$ac_cv_func_asprintf" = xyes; then :
$as_echo "#define HAVE_ASPRINTF 1" >>confdefs.h
else
@@ -9366,7 +11668,7 @@ esac
fi
ac_fn_c_check_func "$LINENO" "mkstemp" "ac_cv_func_mkstemp"
-if test "x$ac_cv_func_mkstemp" = x""yes; then :
+if test "x$ac_cv_func_mkstemp" = xyes; then :
$as_echo "#define HAVE_MKSTEMP 1" >>confdefs.h
else
@@ -9379,7 +11681,7 @@ esac
fi
ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv"
-if test "x$ac_cv_func_setenv" = x""yes; then :
+if test "x$ac_cv_func_setenv" = xyes; then :
$as_echo "#define HAVE_SETENV 1" >>confdefs.h
else
@@ -9392,7 +11694,7 @@ esac
fi
ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat"
-if test "x$ac_cv_func_strlcat" = x""yes; then :
+if test "x$ac_cv_func_strlcat" = xyes; then :
$as_echo "#define HAVE_STRLCAT 1" >>confdefs.h
else
@@ -9405,7 +11707,7 @@ esac
fi
ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy"
-if test "x$ac_cv_func_strlcpy" = x""yes; then :
+if test "x$ac_cv_func_strlcpy" = xyes; then :
$as_echo "#define HAVE_STRLCPY 1" >>confdefs.h
else
@@ -9420,36 +11722,11 @@ fi
-# Check whether --with-wallet-server was given.
-if test "${with_wallet_server+set}" = set; then :
- withval=$with_wallet_server; if test x"$withval" != xno && test x"$withval" != xyes; then :
-
-cat >>confdefs.h <<_ACEOF
-#define WALLET_SERVER "$withval"
-_ACEOF
-
-fi
-fi
-
-
-# Check whether --with-wallet-port was given.
-if test "${with_wallet_port+set}" = set; then :
- withval=$with_wallet_port; if test x"$withval" != xno && test x"$withval" != xyes; then :
-
-cat >>confdefs.h <<_ACEOF
-#define WALLET_PORT $withval
-_ACEOF
-
-fi
-fi
-
-
-
# Extract the first word of "remctld", so it can be a program name with args.
set dummy remctld; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_REMCTLD+set}" = set; then :
+if ${ac_cv_path_REMCTLD+:} false; then :
$as_echo_n "(cached) " >&6
else
case $REMCTLD in
@@ -9464,7 +11741,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_REMCTLD="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -9494,9 +11771,6 @@ _ACEOF
fi
-ac_config_commands="$ac_config_commands tests/data/.placeholder"
-
-
ac_config_headers="$ac_config_headers config.h"
ac_config_files="$ac_config_files Makefile perl/Makefile.PL"
@@ -9509,6 +11783,8 @@ ac_config_files="$ac_config_files tests/client/prompt-t"
ac_config_files="$ac_config_files tests/client/rekey-t"
+ac_config_commands="$ac_config_commands tests/config"
+
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
@@ -9573,10 +11849,21 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
:end' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
if test -w "$cache_file"; then
- test "x$cache_file" != "x/dev/null" &&
+ if test "x$cache_file" != "x/dev/null"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
$as_echo "$as_me: updating cache $cache_file" >&6;}
- cat confcache >$cache_file
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
@@ -9632,7 +11919,7 @@ if test -z "${KRB5_USES_COM_ERR_TRUE}" && test -z "${KRB5_USES_COM_ERR_FALSE}";
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
-: ${CONFIG_STATUS=./config.status}
+: "${CONFIG_STATUS=./config.status}"
ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
@@ -9733,6 +12020,7 @@ fi
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9928,16 +12216,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
+ # In both cases, we have to default to `cp -pR'.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@@ -9997,28 +12285,16 @@ else
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -10039,8 +12315,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by wallet $as_me 0.12, which was
-generated by GNU Autoconf 2.67. Invocation command line was
+This file was extended by wallet $as_me 1.0, which was
+generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -10105,11 +12381,11 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-wallet config.status 0.12
-configured by $0, generated by GNU Autoconf 2.67,
+wallet config.status 1.0
+configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@@ -10200,7 +12476,7 @@ fi
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
- set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
shift
\$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL='$SHELL'
@@ -10235,7 +12511,6 @@ for ac_config_target in $ac_config_targets
do
case $ac_config_target in
"depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "tests/data/.placeholder") CONFIG_COMMANDS="$CONFIG_COMMANDS tests/data/.placeholder" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES perl/Makefile.PL" ;;
@@ -10243,8 +12518,9 @@ do
"tests/client/full-t") CONFIG_FILES="$CONFIG_FILES tests/client/full-t" ;;
"tests/client/prompt-t") CONFIG_FILES="$CONFIG_FILES tests/client/prompt-t" ;;
"tests/client/rekey-t") CONFIG_FILES="$CONFIG_FILES tests/client/rekey-t" ;;
+ "tests/config") CONFIG_COMMANDS="$CONFIG_COMMANDS tests/config" ;;
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;;
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
done
@@ -10267,9 +12543,10 @@ fi
# after its creation but before its name has been assigned to `$tmp'.
$debug ||
{
- tmp=
+ tmp= ac_tmp=
trap 'exit_status=$?
- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
' 0
trap 'as_fn_exit 1' 1 2 13 15
}
@@ -10277,12 +12554,13 @@ $debug ||
{
tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
+ test -d "$tmp"
} ||
{
tmp=./conf$$-$RANDOM
(umask 077 && mkdir "$tmp")
} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
# Set up the scripts for CONFIG_FILES section.
# No need to generate them if there are no CONFIG_FILES.
@@ -10304,7 +12582,7 @@ else
ac_cs_awk_cr=$ac_cr
fi
-echo 'BEGIN {' >"$tmp/subs1.awk" &&
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
_ACEOF
@@ -10332,7 +12610,7 @@ done
rm -f conf$$subs.sh
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
_ACEOF
sed -n '
h
@@ -10380,7 +12658,7 @@ t delim
rm -f conf$$subs.awk
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
_ACAWK
-cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
for (key in S) S_is_set[key] = 1
FS = ""
@@ -10412,7 +12690,7 @@ if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
else
cat
-fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
|| as_fn_error $? "could not setup config files machinery" "$LINENO" 5
_ACEOF
@@ -10446,7 +12724,7 @@ fi # test -n "$CONFIG_FILES"
# No need to generate them if there are no CONFIG_HEADERS.
# This happens for instance with `./config.status Makefile'.
if test -n "$CONFIG_HEADERS"; then
-cat >"$tmp/defines.awk" <<\_ACAWK ||
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
BEGIN {
_ACEOF
@@ -10458,8 +12736,8 @@ _ACEOF
# handling of long lines.
ac_delim='%!_!# '
for ac_last_try in false false :; do
- ac_t=`sed -n "/$ac_delim/p" confdefs.h`
- if test -z "$ac_t"; then
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
break
elif $ac_last_try; then
as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
@@ -10560,7 +12838,7 @@ do
esac
case $ac_mode$ac_tag in
:[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
:[FH]-) ac_tag=-:-;;
:[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
esac
@@ -10579,7 +12857,7 @@ do
for ac_f
do
case $ac_f in
- -) ac_f="$tmp/stdin";;
+ -) ac_f="$ac_tmp/stdin";;
*) # Look for the file first in the build tree, then in the source tree
# (if the path is not absolute). The absolute path cannot be DOS-style,
# because $ac_f cannot contain `:'.
@@ -10588,7 +12866,7 @@ do
[\\/$]*) false;;
*) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;;
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
esac
case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
as_fn_append ac_file_inputs " '$ac_f'"
@@ -10614,8 +12892,8 @@ $as_echo "$as_me: creating $ac_file" >&6;}
esac
case $ac_tag in
- *:-:* | *:-) cat >"$tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
esac
;;
esac
@@ -10751,21 +13029,22 @@ s&@INSTALL@&$ac_INSTALL&;t t
s&@MKDIR_P@&$ac_MKDIR_P&;t t
$ac_datarootdir_hack
"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&5
$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&2;}
- rm -f "$tmp/stdin"
+ rm -f "$ac_tmp/stdin"
case $ac_file in
- -) cat "$tmp/out" && rm -f "$tmp/out";;
- *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
esac \
|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
;;
@@ -10776,20 +13055,20 @@ which seems to be undefined. Please make sure it is defined" >&2;}
if test x"$ac_file" != x-; then
{
$as_echo "/* $configure_input */" \
- && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
- } >"$tmp/config.h" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
- if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
$as_echo "$as_me: $ac_file is unchanged" >&6;}
else
rm -f "$ac_file"
- mv "$tmp/config.h" "$ac_file" \
+ mv "$ac_tmp/config.h" "$ac_file" \
|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
fi
else
$as_echo "/* $configure_input */" \
- && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
|| as_fn_error $? "could not create -" "$LINENO" 5
fi
# Compute "$ac_file"'s index in $config_headers.
@@ -10930,11 +13209,11 @@ $as_echo X"$file" |
done
}
;;
- "tests/data/.placeholder":C) touch tests/data/.placeholder ;;
"tests/client/basic-t":F) chmod +x tests/client/basic-t ;;
"tests/client/full-t":F) chmod +x tests/client/full-t ;;
"tests/client/prompt-t":F) chmod +x tests/client/prompt-t ;;
"tests/client/rekey-t":F) chmod +x tests/client/rekey-t ;;
+ "tests/config":C) test -d tests/config || mkdir tests/config ;;
esac
done # for ac_tag
diff --git a/configure.ac b/configure.ac
index ffd7eeb..bb78702 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,19 +1,18 @@
dnl Autoconf configuration for wallet.
dnl
dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2006, 2007, 2008, 2010
-dnl Board of Trustees, Leland Stanford Jr. University
+dnl Copyright 2006, 2007, 2008, 2010, 2013
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
dnl See LICENSE for licensing terms.
-dnl We cannot use -Wall -Werror with AM_INIT_AUTOMAKE since we override
-dnl distuninstallcheck (not supported by Perl).
AC_PREREQ([2.64])
-AC_INIT([wallet], [0.12], [rra@stanford.edu])
+AC_INIT([wallet], [1.0], [rra@stanford.edu])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_LIBOBJ_DIR([portable])
AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE([1.11 check-news silent-rules])
+AM_INIT_AUTOMAKE([1.11 check-news dist-xz foreign silent-rules subdir-objects
+ -Wall -Wno-override -Werror])
AM_MAINTAINER_MODE
AC_PROG_CC
@@ -22,6 +21,18 @@ AM_PROG_CC_C_O
AC_PROG_INSTALL
AC_PROG_RANLIB
+AC_ARG_WITH([wallet-server],
+ [AC_HELP_STRING([--with-wallet-server=HOST], [Default wallet server])],
+ [AS_IF([test x"$withval" != xno && test x"$withval" != xyes],
+ [AC_DEFINE_UNQUOTED([WALLET_SERVER], ["$withval"],
+ [Define to the default server host name.])])])
+AC_ARG_WITH([wallet-port],
+ [AC_HELP_STRING([--with-wallet-port=PORT],
+ [Default wallet server port])],
+ [AS_IF([test x"$withval" != xno && test x"$withval" != xyes],
+ [AC_DEFINE_UNQUOTED([WALLET_PORT], [$withval],
+ [Define to the default server port.])])])
+
RRA_LIB_REMCTL
RRA_LIB_KRB5
RRA_LIB_KRB5_SWITCH
@@ -30,8 +41,9 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc \
krb5_principal_get_realm])
AC_CHECK_FUNCS([krb5_get_init_creds_opt_free],
[RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS])
+AC_CHECK_DECLS([krb5_kt_free_entry], [], [], [RRA_INCLUDES_KRB5])
AC_CHECK_DECLS([krb5_kt_free_entry])
-AC_CHECK_MEMBERS([krb5_keytab_entry.keyblock], , , [#include <krb5.h>])
+AC_CHECK_MEMBERS([krb5_keytab_entry.keyblock], [], [], [RRA_INCLUDES_KRB5])
RRA_LIB_KRB5_RESTORE
AC_HEADER_STDBOOL
@@ -40,35 +52,24 @@ AC_CHECK_DECLS([snprintf, vsnprintf])
RRA_C_C99_VAMACROS
RRA_C_GNU_VAMACROS
AC_TYPE_LONG_LONG_INT
+AC_CHECK_TYPES([ssize_t], [], [],
+ [#include <sys/types.h>])
RRA_FUNC_SNPRINTF
AC_CHECK_FUNCS([setrlimit])
AC_REPLACE_FUNCS([asprintf mkstemp setenv strlcat strlcpy])
-AC_ARG_WITH([wallet-server],
- [AC_HELP_STRING([--with-wallet-server=HOST], [Default wallet server])],
- [AS_IF([test x"$withval" != xno && test x"$withval" != xyes],
- [AC_DEFINE_UNQUOTED([WALLET_SERVER], ["$withval"],
- [Define to the default server host name.])])])
-AC_ARG_WITH([wallet-port],
- [AC_HELP_STRING([--with-wallet-port=PORT],
- [Default wallet server port])],
- [AS_IF([test x"$withval" != xno && test x"$withval" != xyes],
- [AC_DEFINE_UNQUOTED([WALLET_PORT], [$withval],
- [Define to the default server port.])])])
-
AC_ARG_VAR([REMCTLD], [Path to the remctld binary])
AC_PATH_PROG([REMCTLD], [remctld], , [$PATH:/usr/sbin:/usr/local/sbin])
AS_IF([test x"$REMCTLD" != x],
[AC_DEFINE_UNQUOTED([PATH_REMCTLD], ["$REMCTLD"],
[Define to the full path to remctld to run remctl tests.])])
-dnl Create the tests/data directory for builds outside the source directory.
-AC_CONFIG_COMMANDS([tests/data/.placeholder], [touch tests/data/.placeholder])
-
AC_CONFIG_HEADER([config.h])
AC_CONFIG_FILES([Makefile perl/Makefile.PL])
AC_CONFIG_FILES([tests/client/basic-t], [chmod +x tests/client/basic-t])
AC_CONFIG_FILES([tests/client/full-t], [chmod +x tests/client/full-t])
AC_CONFIG_FILES([tests/client/prompt-t], [chmod +x tests/client/prompt-t])
AC_CONFIG_FILES([tests/client/rekey-t], [chmod +x tests/client/rekey-t])
+AC_CONFIG_COMMANDS([tests/config],
+ [test -d tests/config || mkdir tests/config])
AC_OUTPUT
diff --git a/contrib/convert-srvtab-db b/contrib/convert-srvtab-db
index 8d3b31e..6263472 100755
--- a/contrib/convert-srvtab-db
+++ b/contrib/convert-srvtab-db
@@ -3,7 +3,8 @@
# convert-srvtab-db -- Converts a leland_srvtab database to wallet
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/contrib/used-principals b/contrib/used-principals
index c4a6c07..ca431e3 100755
--- a/contrib/used-principals
+++ b/contrib/used-principals
@@ -3,7 +3,8 @@
# used-principals -- Report which Kerberos v5 principals are in use.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -106,6 +107,9 @@ __END__
# Documentation
##############################################################################
+=for stopwords
+KDC bzip2
+
=head1 NAME
used-principals - Report which Kerberos v5 principals are in use
diff --git a/contrib/wallet-contacts b/contrib/wallet-contacts
index a7bccf3..907c161 100755
--- a/contrib/wallet-contacts
+++ b/contrib/wallet-contacts
@@ -3,7 +3,8 @@
# wallet-contacts -- Report contact addresses for matching wallet objects.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2009 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -135,6 +136,9 @@ print join ("\n", @email, '');
# Documentation
##############################################################################
+=for stopwords
+ACL NetDB SQL hostname lookup swhois whois
+
=head1 NAME
wallet-contacts - Report contact addresses for matching wallet objects
diff --git a/contrib/wallet-summary b/contrib/wallet-summary
index b782a97..4e76119 100755
--- a/contrib/wallet-summary
+++ b/contrib/wallet-summary
@@ -1,11 +1,6 @@
#!/usr/bin/perl -w
#
-# wallet-summary -- Summarize keytabs in the wallet database.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2003, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
+# Summarize keytabs in the wallet database.
##############################################################################
# Site configuration
@@ -174,6 +169,9 @@ close REPORT;
# Documentation
##############################################################################
+=for stopwords
+-hm keytab keytabs MERCHANTABILITY NONINFRINGEMENT sublicense
+
=head1 NAME
wallet-summary - Report on keytabs in the wallet database
@@ -237,4 +235,27 @@ future development.
Russ Allbery <rra@stanford.edu>
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2003, 2008, 2010, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
=cut
diff --git a/contrib/wallet-summary.8 b/contrib/wallet-summary.8
index f91211b..b632c53 100644
--- a/contrib/wallet-summary.8
+++ b/contrib/wallet-summary.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET-SUMMARY 8"
-.TH WALLET-SUMMARY 8 "2010-08-25" "0.12" "wallet"
+.TH WALLET-SUMMARY 8 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -177,3 +177,25 @@ future development.
.SH "AUTHOR"
.IX Header "AUTHOR"
Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2003, 2008, 2010, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
diff --git a/contrib/wallet-unknown-hosts b/contrib/wallet-unknown-hosts
index fec0956..1aea11f 100755
--- a/contrib/wallet-unknown-hosts
+++ b/contrib/wallet-unknown-hosts
@@ -1,11 +1,6 @@
#!/usr/bin/perl -w
#
-# wallet-unknown-hosts -- Report host keytabs in wallet for unknown hosts.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2010 Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
+# Report host keytabs in wallet for unknown hosts.
##############################################################################
# Site configuration
@@ -182,3 +177,103 @@ if ($command eq 'check') {
} else {
die "$0: unknown command $command\n";
}
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+ACL API CNAME DNS IP env keytab keytabs timestamp MERCHANTABILITY
+NONINFRINGEMENT sublicense
+
+=head1 NAME
+
+wallet-unknown-hosts - Report host keytabs in wallet for unknown hosts
+
+=head1 SYNOPSIS
+
+B<wallet-unknown-hosts> check
+
+B<wallet-unknown-hosts> report I<min> I<date>
+
+env REMOTE_USER=I<principal> B<wallet-unknown-hosts> purge I<min> I<date>
+
+=head1 DESCRIPTION
+
+B<wallet-unknown-hosts> constructs a database recording host-based keytabs
+in wallet whose corresponding hosts are not found in DNS. It records in
+that database the number of times the host wasn't found and the timestamp
+of the first time it was not found. It can then generate a report of
+host-based keytab objects that have not been found for a minimum number of
+consecutive times and which were last found longer ago than a particular
+date. Finally, it can purge from wallet all objects that meet those
+requirements.
+
+When run with the C<check> argument, B<wallet-unknown-hosts> traverses the
+wallet database looking for host-based keytabs, which it recognizes by
+looking for keytab objects for principals with at least one period (C<.>)
+after a slash (C</>). It then applies a local check followed by a DNS
+check. The DNS check is only successful (only considers the host to be
+found) if it resolves to an IP address (possibly through a CNAME).
+
+For any host that's not found, it records that host in its associated
+database. If this is the first time it wasn't found, it records the first
+missing time as the current time and the missing count as 1. If it
+previously wasn't found, it just increments the missing count.
+
+For any host that is found, it deletes any record for that keytab from the
+database.
+
+When run with the C<report> argument, B<wallet-unknown-hosts> takes two
+additional arguments: I<min> and I<date>. I<min> is the minimum number of
+times that a host must be found missing for the corresponding keytabs to
+show up on the report. I<date> is a cutoff date in seconds since epoch;
+keytabs will not be included in the report unless their first missing date
+is older than I<date>. The output will be the name component of the
+keytab objects in the wallet that correspond to unknown hosts and meet
+those thresholds.
+
+When run with the C<purge> argument, B<wallet-unknown-hosts> will build a
+list of keytab objects the same as with the C<report> argument, using the
+same additional arguments, but rather than printing them out will instead
+delete them from the wallet database. To run C<purge>, the environment
+variable REMOTE_USER must be set to a principal that's a member of the
+C<ADMIN> ACL.
+
+=head1 BUGS
+
+B<wallet-unknown-hosts> doesn't have any facility to purge from its
+database all objects that are no longer in the wallet.
+
+Having to specify an identity for purge mode is an artifact of the
+Wallet::Server API and needs to be fixed by providing some way to perform
+actions as a local administrator.
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior
+University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+=cut
diff --git a/contrib/wallet-unknown-hosts.8 b/contrib/wallet-unknown-hosts.8
new file mode 100644
index 0000000..4fa91a6
--- /dev/null
+++ b/contrib/wallet-unknown-hosts.8
@@ -0,0 +1,214 @@
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.el \{\
+. de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "WALLET-UNKNOWN-HOSTS 8"
+.TH WALLET-UNKNOWN-HOSTS 8 "2013-03-27" "1.0" "wallet"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+wallet\-unknown\-hosts \- Report host keytabs in wallet for unknown hosts
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBwallet-unknown-hosts\fR check
+.PP
+\&\fBwallet-unknown-hosts\fR report \fImin\fR \fIdate\fR
+.PP
+env REMOTE_USER=\fIprincipal\fR \fBwallet-unknown-hosts\fR purge \fImin\fR \fIdate\fR
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fBwallet-unknown-hosts\fR constructs a database recording host-based keytabs
+in wallet whose corresponding hosts are not found in \s-1DNS\s0. It records in
+that database the number of times the host wasn't found and the timestamp
+of the first time it was not found. It can then generate a report of
+host-based keytab objects that have not been found for a minimum number of
+consecutive times and which were last found longer ago than a particular
+date. Finally, it can purge from wallet all objects that meet those
+requirements.
+.PP
+When run with the \f(CW\*(C`check\*(C'\fR argument, \fBwallet-unknown-hosts\fR traverses the
+wallet database looking for host-based keytabs, which it recognizes by
+looking for keytab objects for principals with at least one period (\f(CW\*(C`.\*(C'\fR)
+after a slash (\f(CW\*(C`/\*(C'\fR). It then applies a local check followed by a \s-1DNS\s0
+check. The \s-1DNS\s0 check is only successful (only considers the host to be
+found) if it resolves to an \s-1IP\s0 address (possibly through a \s-1CNAME\s0).
+.PP
+For any host that's not found, it records that host in its associated
+database. If this is the first time it wasn't found, it records the first
+missing time as the current time and the missing count as 1. If it
+previously wasn't found, it just increments the missing count.
+.PP
+For any host that is found, it deletes any record for that keytab from the
+database.
+.PP
+When run with the \f(CW\*(C`report\*(C'\fR argument, \fBwallet-unknown-hosts\fR takes two
+additional arguments: \fImin\fR and \fIdate\fR. \fImin\fR is the minimum number of
+times that a host must be found missing for the corresponding keytabs to
+show up on the report. \fIdate\fR is a cutoff date in seconds since epoch;
+keytabs will not be included in the report unless their first missing date
+is older than \fIdate\fR. The output will be the name component of the
+keytab objects in the wallet that correspond to unknown hosts and meet
+those thresholds.
+.PP
+When run with the \f(CW\*(C`purge\*(C'\fR argument, \fBwallet-unknown-hosts\fR will build a
+list of keytab objects the same as with the \f(CW\*(C`report\*(C'\fR argument, using the
+same additional arguments, but rather than printing them out will instead
+delete them from the wallet database. To run \f(CW\*(C`purge\*(C'\fR, the environment
+variable \s-1REMOTE_USER\s0 must be set to a principal that's a member of the
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fBwallet-unknown-hosts\fR doesn't have any facility to purge from its
+database all objects that are no longer in the wallet.
+.PP
+Having to specify an identity for purge mode is an artifact of the
+Wallet::Server \s-1API\s0 and needs to be fixed by providing some way to perform
+actions as a local administrator.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior
+University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
diff --git a/docs/design b/docs/design
index f7faa55..8f4b20d 100644
--- a/docs/design
+++ b/docs/design
@@ -148,9 +148,9 @@ Server Design
* Optional ACLs for get, store, show, destroy, and flag operations.
If there is an ACL for get, store, or show, that overrides the
- normal permissions of the owner. In the absence of an ACL for
- destroy or flag, only wallet administrators can destroy an object or
- set flags on that object. This entry would need no special ACLs.
+ normal permissions of the owner. In the absence of an ACL for flag,
+ only wallet administrators can set flags on that object. This entry
+ would need no special ACLs.
* Trace fields storing the user, remote host, and timestamp for when
this object was last created, stored, and downloaded.
@@ -369,3 +369,13 @@ Security Considerations
operations on an object to allow retrieval of the complete history of
an object. Third, all wallet operations are logged to syslog and
therefore suitable for archiving, analysis, and forensics.
+
+License
+
+ Copyright 2007, 2008, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/design-acl b/docs/design-acl
index dde3395..424b3c6 100644
--- a/docs/design-acl
+++ b/docs/design-acl
@@ -79,3 +79,13 @@ ACL Schemes
(Not yet implemented.) <identifier> is the name of an AFS PTS group.
Access is granted if the principal of the user is a member of that AFS
PTS group.
+
+License
+
+ Copyright 2006, 2007, 2008, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/design-api b/docs/design-api
index 8fa2374..9a36e61 100644
--- a/docs/design-api
+++ b/docs/design-api
@@ -167,3 +167,13 @@ Registering New Implementations
where <type> or <scheme> is the object type or ACL scheme and <class>
is the Perl class which implements that object type or ACL verifier.
+
+License
+
+ Copyright 2006, 2007, 2008, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/netdb-role-api b/docs/netdb-role-api
index 6dbcfa4..c90182a 100644
--- a/docs/netdb-role-api
+++ b/docs/netdb-role-api
@@ -30,3 +30,13 @@ Wallet Issues
We'll need to get a principal registered to use it that can query
anything for any node but isn't otherwise authorized to use NetDB.
+
+License
+
+ Copyright 2006, 2007, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/notes b/docs/notes
index 97cc5bd..5a7d3bc 100644
--- a/docs/notes
+++ b/docs/notes
@@ -46,7 +46,7 @@ Server Issues
ACL Management
- Supported operations are: get, store, create (possibly triggered by a
+ Supported operations are: get, store, create (possibly triggered by a
get or store of something that didn't already exist), destroy, show,
and setting or clearing flags. Each of these need a separate ACL
potentially. Not sure if we're going to need separate ACLs for each
@@ -62,10 +62,9 @@ Server Issues
that returns a default ACL given the object type and name if the
object doesn't already exist.
- Owner rights provides get, store, and show, but not destroy or setting
- or clearing flags (not destroy because it's too destructive and we
- don't want it done accidentally). This can be overridden by more
- precise ACL settings. So the ACL logic would go like this:
+ Owner rights provides get, store, show, and destroy, but not setting
+ or clearing flags. This can be overridden by more precise ACL
+ settings. So the ACL logic would go like this:
* If the user is an administrator and the operation isn't get or
store, operation is permitted.
@@ -74,7 +73,8 @@ Server Issues
that specific ACL, apply that ACL.
* If the object exists but with no specific ACL setting and the
- operation is one of get, store, or show, apply the owner ACL.
+ operation is one of get, store, show, or destroy, apply the owner
+ ACL.
* If the object doesn't exist and the action is get, store, or
create, punt to a local policy if it exists and see if it returns a
@@ -226,3 +226,13 @@ Client Issues
There are other approaches, but the other approaches all require
changes to the server side as well, whereas this is self-contained in
the client and can be more easily dropped when we drop K4.
+
+License
+
+ Copyright 2006, 2007, 2008, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/objects-and-schemes b/docs/objects-and-schemes
new file mode 100644
index 0000000..57c2f9f
--- /dev/null
+++ b/docs/objects-and-schemes
@@ -0,0 +1,100 @@
+ Supported Object Types and ACL Schemes
+
+Introduction
+
+ This is a list of all supported wallet object types and ACL schemes in
+ the current version of wallet, with some brief information about the
+ properties of each one. For more detailed documentation, see the
+ documentation of the underlying Wallet::Object::* class or
+ Wallet::ACL::* class referenced here.
+
+Object Types
+
+ file
+
+ Stores an arbitrary file and allows retrieval of that file. The file
+ must be stored before it can be retrieved. All files are stored on
+ the local file system of the wallet server in a directory organized by
+ a hash of the name of the file object. The size of file objects is
+ limited by wallet server configuration. File contents may include nul
+ characters.
+
+ Implemented via Wallet::Object::File.
+
+ keytab
+
+ Stores a keytab representing private keys for a given Kerberos
+ principal. The object name is the Kerberos principal (without the
+ realm). On object creation, the Kerberos principal is created in the
+ underlying KDC; on object destruction, the Kerberos principal is also
+ deleted. Normally, any retrieval of the object creates new random
+ keys for all supported enctypes and then returns a new keytab
+ containing those keys. Store is not supported.
+
+ Keytab objects with the unchanging flag set will retrieve the existing
+ keys from the Kerberos KDC instead of randomizing the keys. For MIT
+ Kerberos, this requires a custom backend be installed on the KDC.
+
+ The enctypes of the returned keys can be restricted by setting the
+ enctypes attribute on the wallet object.
+
+ Implemented via Wallet::Object::Keytab.
+
+ACL Schemes
+
+ krb5
+
+ The value is a string representation of a Kerberos principal name.
+ This ACL grants access if the authenticated wallet client user (as
+ determined by remctl or whatever other protocol is used for the wallet
+ transport) equals the ACL value.
+
+ Implemented via Wallet::ACL::Krb5.
+
+ krb5-regex
+
+ Like krb5, but instead of taking the principal string, takes a regular
+ expression that is matched against the principal string. Grants
+ access if the regular expression matches the user identity.
+
+ Implemented via Wallet::ACL::Krb5::Regex.
+
+ ldap-attr
+
+ The value is an LDAP attribute, an equal sign, and the value that
+ attribute must have. The LDAP entry for the user (determined via
+ site-local customization in the wallet configuration file) is
+ retrieved, and the wallet server checks that the user's LDAP entry
+ contains that attribute with that value. If so, access is granted.
+ This effectively implements an entitlement check.
+
+ Implemented via Wallet::ACL::LDAP::Attribute.
+
+ netdb
+
+ The value is a hostname. NetDB (a system for managing DNS, DHCP, and
+ related machine information) is queried to see what roles the client
+ user has for that hostname. If the user has a role of user, admin, or
+ team, the ACL grants access.
+
+ Implemented via Wallet::ACL::NetDB.
+
+ netdb-root
+
+ Identical to netdb, except that the user identity is taken as a
+ Kerberos principal and must be in the form of <user>/root@<realm>.
+ The /root part is stripped before checking NetDB for roles. This
+ forces users to use /root instances for wallet operations instead of
+ their normal principals.
+
+ Implemented via Wallet::ACL::NetDB::Root.
+
+License
+
+ Copyright 2012, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/setup b/docs/setup
index 5a0036f..670cf57 100644
--- a/docs/setup
+++ b/docs/setup
@@ -34,7 +34,7 @@ SQLite Database Setup
SQLite is very nice in that you don't have to create the database
first. You don't even have to create the file. Just create
- /etc/wallet.conf with something like:
+ /etc/wallet/wallet.conf with something like:
$DB_DRIVER = 'SQLite';
$DB_INFO = '/path/to/database';
@@ -85,3 +85,13 @@ Wallet Configuration
acl create command, add the ACL entries that should own that object to
that ACL with acl add, and then set that ACL as the owner of the
object with the owner command.
+
+License
+
+ Copyright 2007, 2008, 2010, 2012, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/docs/stanford-naming b/docs/stanford-naming
index 7315c1e..bdf5027 100644
--- a/docs/stanford-naming
+++ b/docs/stanford-naming
@@ -62,107 +62,202 @@ Object Naming
it should get its own object type first and to agree on a naming
convention for that type of thing.
- All file object names start with a short indicator of the responsible
- group, a dash, and then either the short, unqualified hostname (if
- they're only used on a single host) or the service name for which that
- object is used.
+ There are two basic types of file objects: ones that are tied to a
+ particular system, and ones that are not. For the ones that are tied
+ to a particular system, we use a naming convention very similar to
+ host-based Kerberos principals so that we can set up default ACLs
+ based on the host. For ones that are not, we require an indication of
+ the repsonsible group in each file object, since the rest of the name
+ can often be ambiguous.
- Then, we use the following naming conventions for different types of
- objects:
+ File objects are named with two or more slash-separated components
+ (again, similar to Kerberos principals). The first is the type of
+ file being stored. The rest vary based on the file type.
- <group>-<server>-htpasswd-<app>
+ We previously instead used <group>-<server>-<type>, but that caused
+ various problems in parsing because groups, servers, and types all
+ also contained dashes. Slashes are much less ambiguous. This
+ document shows both the new and the old form.
+
+ Host-based:
+
+ htpasswd/<server>/<app>
An .htpasswd file for HTTP Basic Authentication for special-case
- web configurations that require such a thing.
+ web configurations that require such a thing. <server> is the
+ server (or group of servers) on which the file will be stored
- <group>-<server>-pam-<app>
+ (OLD: <group>-<server>-htpasswd-<app>)
+
+ password-ipmi/<server>
+
+ Stores the password for remote IPMI/iLO/ILOM access to the
+ system.
- A PAM configuration for <app> that requires secure information,
- such as a password for pam_msyql. <server> may be either a
- specific server name or a general class of servers (production and
- test) that uses that PAM configuration.
+ (OLD: <group>-<server>-password-ipmi)
- <group>-<server>-password-<account>
+ password-root/<server>
- A password for some account that isn't covered by one of the more
- specific naming conventions, such as a password used to connect to
- a remote ssh service.
+ Stores the root password for a given server.
- <group>-<server>-ssh-<type>
+ (OLD: <group>-<server>-password-root)
+
+ password-tivoli/<server>
+
+ Stores the Tivoli TSM backup password for a given server. See
+ also tivoli-key/<server>, but depending on what one wants to do
+ with the password, this may be a better representation.
+
+ (OLD: <group>-<server>-password-tivoli)
+
+ ssh-<type>/<server>
Stores the SSH private key for <server>. For shared private keys
across a pool, <server> should be the name of the pool, or
possibly some unambiguous name for the set of systems. <type> is
- the type of SSH key (RSA or DSA).
+ the type of SSH key (rsa or dsa, in lowercase).
+
+ (OLD: <group>-<server>-ssh-<type>)
- <group>-<server>-ssl-key
+ ssl-key/<server>[/<application>]
- Stores the SSL X.509 certificate private key for <server>. Use
- unix-star-ssl-key for the key for the *.stanford.edu certificate.
- The public certificate we manage external to wallet since it
- doesn't need to be protected or encrypted.
+ Stores the SSL X.509 certificate private key for <server>. Used
+ for Apache, Postfix, LDAP, and similar cases where the certificate
+ should match the host name. The public certificate we manage
+ external to wallet since it doesn't need to be protected or
+ encrypted. <server> here should be the CN of the certificate,
+ which may be different than the hostname (for hosts with multiple
+ virtual hosts, for example, or because the certificate is for a
+ load-balanced name).
- <group>-<server>-tivoli-key
+ An optional <application> component may be added if there are
+ multiple certificates with the same host name as the CN but with
+ different private keys. (This may happen if, for example,
+ multiple services are running on the same FQDN but should have
+ isolated security contexts.)
+
+ Use ssl-key/starYYYY.stanford.edu for the key for the
+ *.stanford.edu certificate, where YYYY is the expiration year.
+
+ (OLD: <group>-<server>-ssl-key)
+
+ ssl-keypair/<server>[/<application>]
+
+ Same as ssl-key except that the signed certificate is included in
+ the same file as the private key. This is used for convenience
+ with some applications that want to have both the signed
+ certificate and private key in the same file.
+
+ The meaning of <server> and <application> are the same as for
+ ssl-key.
+
+ tivoli-key/<server>
The Tivoli password or backup encryption key for this server.
Both the password and the encryption key, if used, are stored in
the same file, so both are stored together. This file is found at
/etc/adsm/TSM.PWD.
- <group>-<service>-config-<name>
+ (OLD: <group>-<server>-tivoli-key)
+
+ In all cases, <server> should be a fully-qualified domain name in the
+ new naming convention. In the old naming convention, .stanford.edu
+ was omitted, but this adds unnecessary ambiguity.
+
+ Service-based:
+
+ config/<group>/<service>/<name>
A configuration file named <name> that contains some secure
information, such as a database password. Ideally, the secure
data should be stored in a separate file and assembled into the
- configuration file, but that isn't always the path of least
- resistance. Only use this naming convention if there is not a
- more specific one below.
+ configuration file. This is reserved for configuration files that
+ hold nothing but authentication information. Only use this naming
+ convention if there is not a more specific one below.
- <group>-<service>-db-<name>
+ (OLD: <group>-<service>-config-<name>)
- Stores the database password for the database named <name>. This
- may be a file containing only the database password or a Perl
- AppConfig configuration file with the database connection
- information including the password.
+ db/<group>/<service>/<database>
- <group>-<service>-gpg-key
+ Stores the database password for <service> access to the database
+ named <database>. This may be a file containing only the database
+ password or a Perl AppConfig configuration file with the database
+ connection information including the password.
+
+ (OLD: <group>-<service>-db-<database>)
+
+ gpg-key/<group>/<service>
Stores the GnuPG private key for a service that needs to do GnuPG
signing or encryption.
- <group>-<service>-properties
+ (OLD: <group>-<service>-gpg-key)
+
+ password/<group>/<service>/<name>
+
+ A password for some account, service, keystore, or something
+ similar that is not covered by one of the more specific naming
+ conventions, such as a password used to connect to a remote ssh
+ service. <service> is the service that uses this password and
+ <name> is the thing the password is used for (such as the remote
+ account name). This may be a file containing only the password,
+ or a configuration file of some type that includes a field name
+ and the password. (However, use the db type described above for
+ database passwords.)
+
+ (OLD: <group>-<server>-password-<account>)
+
+ properties/<group>/<service>[/<name>]
The properties file for a Java application that contains some
secure data (such as SSL key passwords or database passwords).
- Ideally the secure data should be stored in separate files, but
- sometimes it's too hard to separate out chunks of a properties
- file.
+ This should only be used for a properties file that contains only
+ the password and closely-related information, such as database
+ connection information. For anything else, switch to storing the
+ password separately using the password type above and building the
+ properties file dynamically from the password and a template. The
+ optional <name> component is for when there are multiple files
+ stored for a particular service.
- <group>-<service>-puppetconf
+ (OLD: <group>-<service>-properties)
- A puppet.conf configuration file for Puppet that contains some
- secure data (such as SSL key passwords or database passwords).
- Ideally the secure data should be stored in separate files, but
- Puppet likes to use a single configuration file.
+ ssl-keystore/<group>/<service>[/<name>]
- <group>-<service>-shibboleth
+ The Java keystore file (containing both public and private key)
+ used by a service for authentication to other services. If a
+ given service uses more than one, use the optional <name>
+ component to distinguish.
- The shibboleth.xml configuration file for a service, when it
- contains some secure data (such as database passwords for shared
- sessions). Ideally, the secure data should be stored in separate
- files and assembled into a shibboleth.xml file, but that isn't
- always the path of least resistance.
+ (OLD: <group>-<service>-ssl-keystore)
- <group>-<service>-ssl-pkcs12
+ ssl-pkcs12/<group>/<service>[/<name>]
The PKCS#12 file (containing both public and private key) used by
a service for authentication to other services. If a given
- service uses more than one, include the purpose in the <service>
- part of the name.
+ service uses more than one, use the optional <name> component to
+ distinguish.
+
+ (OLD: <group>-<service>-ssl-pkcs12)
- In all cases, <server> is the server (or group of servers) on which
- the file will be stored, not the server expecting that key material
- for authentication.
+ If there are separate objects for different tiers, <service> should be
+ left unqualified for production and be qualified with a dash and the
+ tier for non-production. For example, ssl-keystore/idg/accounts would
+ be the production keystore for the Accounts application, and
+ ssl-keystore/idg/accounts-uat would be the keystore for the UAT
+ version.
+
+ We previously stored a wider variety of configuration files before
+ developing a way to dynamically substitute the password into a larger
+ configuration file during deployment. The following file types are
+ obsolete and should no longer be used; instead, the configuration file
+ should be constructed by substituting a password (usually stored as a
+ password or db type) into the configuration file.
+
+ Obsolete:
+
+ <group>-<server>-pam-<app>
+ <group>-<service>-puppetconf
+ <group>-<service>-shibboleth
ACL Naming
@@ -222,3 +317,13 @@ ACL Naming
krb5 host/example-dev.stanford.edu@stanford.edu
Such an ACL would normally be named service/example.
+
+License
+
+ Copyright 2008, 2009, 2010, 2011, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/examples/stanford.conf b/examples/stanford.conf
index becfc6e..1d14796 100644
--- a/examples/stanford.conf
+++ b/examples/stanford.conf
@@ -6,7 +6,8 @@
# ACL rules.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/m4/gssapi.m4 b/m4/gssapi.m4
index 0a657ff..c596609 100644
--- a/m4/gssapi.m4
+++ b/m4/gssapi.m4
@@ -3,7 +3,8 @@ dnl
dnl Finds the compiler and linker flags for linking with GSS-API libraries.
dnl Provides the --with-gssapi, --with-gssapi-include, and --with-gssapi-lib
dnl configure option to specify a non-standard path to the GSS-API libraries.
-dnl Uses krb5-config where available unless reduced dependencies is requested.
+dnl Uses krb5-config where available unless reduced dependencies is requested
+dnl or --with-gssapi-include or --with-gssapi-lib are given.
dnl
dnl Provides the macro RRA_LIB_GSSAPI and sets the substitution variables
dnl GSSAPI_CPPFLAGS, GSSAPI_LDFLAGS, and GSSAPI_LIBS. Also provides
@@ -11,13 +12,34 @@ dnl RRA_LIB_GSSAPI_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
dnl GSS-API libraries, saving the ecurrent values, and RRA_LIB_GSSAPI_RESTORE
dnl to restore those settings to before the last RRA_LIB_GSSAPI_SWITCH.
dnl
-dnl Depends on RRA_ENABLE_REDUCED_DEPENDS and RRA_SET_LDFLAGS.
+dnl Also provides RRA_INCLUDES_KRB5, which are the headers to include when
+dnl probing the Kerberos library properties.
+dnl
+dnl Depends on RRA_KRB5_CONFIG, RRA_ENABLE_REDUCED_DEPENDS, and
+dnl RRA_SET_LDFLAGS.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
dnl
dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2005, 2006, 2007, 2008, 2009
-dnl Board of Trustees, Leland Stanford Jr. University
+dnl Copyright 2005, 2006, 2007, 2008, 2009, 2011, 2012
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+
+dnl Headers to include when probing for Kerberos library properties.
+AC_DEFUN([RRA_INCLUDES_GSSAPI], [[
+#ifdef HAVE_GSSAPI_GSSAPI_H
+# include <gssapi/gssapi.h>
+#else
+# include <gssapi.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+# include <gssapi/gssapi_krb5.h>
+#endif
+]])
dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
dnl versions that include the GSS-API flags. Used as a wrapper, with
@@ -68,18 +90,18 @@ AC_DEFUN([_RRA_LIB_GSSAPI_MANUAL],
[RRA_LIB_GSSAPI_SWITCH
rra_gssapi_extra=
LIBS=
- AC_SEARCH_LIBS([res_search], [resolv], ,
+ AC_SEARCH_LIBS([res_search], [resolv], [],
[AC_SEARCH_LIBS([__res_search], [resolv])])
AC_SEARCH_LIBS([gethostbyname], [nsl])
- AC_SEARCH_LIBS([socket], [socket], ,
- [AC_CHECK_LIB([nsl], [socket], [LIBS="-lnsl -lsocket $LIBS"], ,
+ AC_SEARCH_LIBS([socket], [socket], [],
+ [AC_CHECK_LIB([nsl], [socket], [LIBS="-lnsl -lsocket $LIBS"], [],
[-lsocket])])
AC_SEARCH_LIBS([crypt], [crypt])
+ AC_SEARCH_LIBS([roken_concat], [roken])
rra_gssapi_extra="$LIBS"
LIBS="$rra_gssapi_save_LIBS"
AC_CHECK_LIB([gssapi], [gss_import_name],
- [GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lroken -lcrypto -lcom_err"
- GSSAPI_LIBS="$GSSAPI_LIBS $rra_gssapi_extra"],
+ [GSSAPI_LIBS="-lgssapi -lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra"],
[AC_CHECK_LIB([krb5support], [krb5int_getspecific],
[rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"],
[AC_CHECK_LIB([pthreads], [pthread_setspecific],
@@ -88,7 +110,7 @@ AC_DEFUN([_RRA_LIB_GSSAPI_MANUAL],
[rra_gssapi_pthread="-lpthread"])])
AC_CHECK_LIB([krb5support], [krb5int_setspecific],
[rra_gssapi_extra="-lkrb5support $rra_gssapi_extra"
- rra_gssapi_extra="$rra_gssapi_extra $rra_gssapi_pthread"], ,
+ rra_gssapi_extra="$rra_gssapi_extra $rra_gssapi_pthread"], [],
[$rra_gssapi_pthread])])
AC_CHECK_LIB([com_err], [error_message],
[rra_gssapi_extra="-lcom_err $rra_gssapi_extra"])
@@ -101,7 +123,7 @@ AC_DEFUN([_RRA_LIB_GSSAPI_MANUAL],
[GSSAPI_LIBS="-lgss"],
[AC_MSG_ERROR([cannot find usable GSS-API library])])],
[$rra_gssapi_extra])],
- [-lkrb5 -lasn1 -lroken -lcrypto -lcom_err $rra_gssapi_extra])
+ [-lkrb5 -lasn1 -lcrypto -lcom_err $rra_gssapi_extra])
RRA_LIB_GSSAPI_RESTORE])
dnl Sanity-check the results of krb5-config and be sure we can really link a
@@ -116,6 +138,44 @@ AC_DEFUN([_RRA_LIB_GSSAPI_CHECK],
_RRA_LIB_GSSAPI_PATHS
_RRA_LIB_GSSAPI_MANUAL])])
+dnl Determine GSS-API compiler and linker flags from krb5-config.
+AC_DEFUN([_RRA_LIB_GSSAPI_CONFIG],
+[RRA_KRB5_CONFIG([${rra_gssapi_root}], [gssapi], [GSSAPI],
+ [_RRA_LIB_GSSAPI_CHECK],
+ [_RRA_LIB_GSSAPI_PATHS
+ _RRA_LIB_GSSAPI_MANUAL])])
+
+dnl Check for a header using a file existence check rather than using
+dnl AC_CHECK_HEADERS. This is used if there were arguments to configure
+dnl specifying the GSS-API library path, since we may have one header in the
+dnl default include path and another under our explicitly-configured GSS-API
+dnl location.
+AC_DEFUN([_RRA_LIB_GSSAPI_CHECK_HEADER],
+[AC_MSG_CHECKING([for $1])
+ AS_IF([test -f "${rra_gssapi_incroot}/$1"],
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$1]), [1],
+ [Define to 1 if you have the <$1> header file.])
+ AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])])])
+
+dnl Determine the GSS-API header location and probe for some other
+dnl characteristics of the libraries. We use a file existence check rather
+dnl than letting the compiler probe for the right header location
+AC_DEFUN([_RRA_LIB_GSSAPI_EXTRA],
+[rra_gssapi_incroot=
+ AS_IF([test x"$rra_gssapi_includedir" != x],
+ [rra_gssapi_incroot="$rra_gssapi_includedir"],
+ [AS_IF([test x"$rra_gssapi_root" != x],
+ [rra_gssapi_incroot="${rra_gssapi_root}/include"])])
+ AS_IF([test x"$rra_gssapi_incroot" = x],
+ [AC_CHECK_HEADERS([gssapi/gssapi.h gssapi/gssapi_krb5.h])],
+ [_RRA_LIB_GSSAPI_CHECK_HEADER([gssapi/gssapi.h])
+ _RRA_LIB_GSSAPI_CHECK_HEADER([gssapi/gssapi_krb5.h])])
+ AC_CHECK_DECL([GSS_C_NT_USER_NAME],
+ [AC_DEFINE([HAVE_GSS_RFC_OIDS], 1,
+ [Define to 1 if the GSS-API library uses RFC-compliant OIDs.])], [],
+ [RRA_INCLUDES_GSSAPI])])
+
dnl The main macro.
AC_DEFUN([RRA_LIB_GSSAPI],
[AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
@@ -148,24 +208,12 @@ AC_DEFUN([RRA_LIB_GSSAPI],
AS_IF([test x"$rra_reduced_depends" = xtrue],
[_RRA_LIB_GSSAPI_PATHS
_RRA_LIB_GSSAPI_REDUCED],
- [AC_ARG_VAR([KRB5_CONFIG], [Path to krb5-config])
- AS_IF([test x"$rra_gssapi_root" != x && test -z "$KRB5_CONFIG"],
- [AS_IF([test -x "${rra_gssapi_root}/bin/krb5-config"],
- [KRB5_CONFIG="${rra_gssapi_root}/bin/krb5-config"])],
- [AC_PATH_PROG([KRB5_CONFIG], [krb5-config])])
- AS_IF([test x"$KRB5_CONFIG" != x && test -x "$KRB5_CONFIG"],
- [AC_CACHE_CHECK([for gssapi support in krb5-config],
- [rra_cv_lib_gssapi_config],
- [AS_IF(["$KRB5_CONFIG" 2>&1 | grep gssapi >/dev/null 2>&1],
- [rra_cv_lib_gssapi_config=yes],
- [rra_cv_lib_gssapi_config=no])])
- AS_IF([test "$rra_cv_lib_gssapi_config" = yes],
- [GSSAPI_CPPFLAGS=`"$KRB5_CONFIG" --cflags gssapi 2>/dev/null`
- GSSAPI_LIBS=`"$KRB5_CONFIG" --libs gssapi 2>/dev/null`],
- [GSSAPI_CPPFLAGS=`"$KRB5_CONFIG" --cflags 2>/dev/null`
- GSSAPI_LIBS=`"$KRB5_CONFIG" --libs 2>/dev/null`])
- GSSAPI_CPPFLAGS=`echo "$GSSAPI_CPPFLAGS" \
- | sed 's%-I/usr/include ?%%'`
- _RRA_LIB_GSSAPI_CHECK],
- [_RRA_LIB_GSSAPI_PATHS
- _RRA_LIB_GSSAPI_MANUAL])])])
+ [AS_IF([test x"$rra_gssapi_includedir" = x \
+ && test x"$rra_gssapi_libdir" = x],
+ [_RRA_LIB_GSSAPI_CONFIG],
+ [_RRA_LIB_GSSAPI_PATHS
+ _RRA_LIB_GSSAPI_MANUAL])])
+
+ RRA_LIB_GSSAPI_SWITCH
+ _RRA_LIB_GSSAPI_EXTRA
+ RRA_LIB_GSSAPI_RESTORE])
diff --git a/m4/krb5-config.m4 b/m4/krb5-config.m4
new file mode 100644
index 0000000..d73085f
--- /dev/null
+++ b/m4/krb5-config.m4
@@ -0,0 +1,101 @@
+dnl Use krb5-config to get link paths for Kerberos libraries.
+dnl
+dnl Provides one macro, RRA_KRB5_CONFIG, which attempts to get compiler and
+dnl linker flags for a library via krb5-config and sets the appropriate shell
+dnl variables. Defines the Autoconf variable PATH_KRB5_CONFIG, which can be
+dnl used to find the default path to krb5-config.
+dnl
+dnl Depends on RRA_ENABLE_REDUCED_DEPENDS.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
+dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Copyright 2011, 2012
+dnl The Board of Trustees of the Leland Stanford Junior University
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+
+dnl Check for krb5-config in the user's path and set PATH_KRB5_CONFIG. This
+dnl is moved into a separate macro so that it can be loaded via AC_REQUIRE,
+dnl meaning it will only be run once even if we link with multiple krb5-config
+dnl libraries.
+AC_DEFUN([_RRA_KRB5_CONFIG_PATH],
+[AC_ARG_VAR([PATH_KRB5_CONFIG], [Path to krb5-config])
+ AC_PATH_PROG([PATH_KRB5_CONFIG], [krb5-config], [],
+ [${PATH}:/usr/kerberos/bin])])
+
+dnl Check whether the --deps flag is supported by krb5-config. Takes the path
+dnl to krb5-config to use. Note that this path is not embedded in the cache
+dnl variable, so this macro implicitly assumes that we will always use the
+dnl same krb5-config program.
+AC_DEFUN([_RRA_KRB5_CONFIG_DEPS],
+[AC_REQUIRE([_RRA_KRB5_CONFIG_PATH])
+ AC_CACHE_CHECK([for --deps support in krb5-config],
+ [rra_cv_krb5_config_deps],
+ [AS_IF(["$1" 2>&1 | grep deps >/dev/null 2>&1],
+ [rra_cv_krb5_config_deps=yes],
+ [rra_cv_krb5_config_deps=no])])])
+
+dnl Obtain the library flags for a particular library using krb5-config.
+dnl Takes the path to the krb5-config program to use, the argument to
+dnl krb5-config to use, and the variable prefix under which to store the
+dnl library flags.
+AC_DEFUN([_RRA_KRB5_CONFIG_LIBS],
+[AC_REQUIRE([_RRA_KRB5_CONFIG_PATH])
+ AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
+ _RRA_KRB5_CONFIG_DEPS([$1])
+ AS_IF([test x"$rra_reduced_depends" = xfalse \
+ && test x"$rra_cv_krb5_config_deps" = xyes],
+ [$3[]_LIBS=`"$1" --deps --libs $2 2>/dev/null`],
+ [$3[]_LIBS=`"$1" --libs $2 2>/dev/null`])])
+
+dnl Attempt to find the flags for a library using krb5-config. Takes the
+dnl following arguments (in order):
+dnl
+dnl 1. The root directory for the library in question, generally from an
+dnl Autoconf --with flag. Used by preference as the path to krb5-config.
+dnl
+dnl 2. The argument to krb5-config to retrieve flags for this particular
+dnl library.
+dnl
+dnl 3. The variable prefix to use when setting CPPFLAGS and LIBS variables
+dnl based on the result of krb5-config.
+dnl
+dnl 4. Further actions to take if krb5-config was found and supported that
+dnl library type.
+dnl
+dnl 5. Further actions to take if krb5-config could not be used to get flags
+dnl for that library type.
+dnl
+dnl Special-case a krb5-config argument of krb5 and run krb5-config without an
+dnl argument if that option was requested and not supported. Old versions of
+dnl krb5-config didn't take an argument to specify the library type, but
+dnl always returned the flags for libkrb5.
+AC_DEFUN([RRA_KRB5_CONFIG],
+[AC_REQUIRE([_RRA_KRB5_CONFIG_PATH])
+ rra_krb5_config_$3=
+ rra_krb5_config_$3[]_ok=
+ AS_IF([test x"$1" != x && test -x "$1/bin/krb5-config"],
+ [rra_krb5_config_$3="$1/bin/krb5-config"],
+ [rra_krb5_config_$3="$PATH_KRB5_CONFIG"])
+ AS_IF([test x"$rra_krb5_config_$3" != x && test -x "$rra_krb5_config_$3"],
+ [AC_CACHE_CHECK([for $2 support in krb5-config], [rra_cv_lib_$3[]_config],
+ [AS_IF(["$rra_krb5_config_$3" 2>&1 | grep $2 >/dev/null 2>&1],
+ [rra_cv_lib_$3[]_config=yes],
+ [rra_cv_lib_$3[]_config=no])])
+ AS_IF([test "$rra_cv_lib_$3[]_config" = yes],
+ [$3[]_CPPFLAGS=`"$rra_krb5_config_$3" --cflags $2 2>/dev/null`
+ _RRA_KRB5_CONFIG_LIBS([$rra_krb5_config_$3], [$2], [$3])
+ rra_krb5_config_$3[]_ok=yes],
+ [AS_IF([test x"$2" = xkrb5],
+ [$3[]_CPPFLAGS=`"$rra_krb5_config_$3" --cflags 2>/dev/null`
+ $3[]_LIBS=`"$rra_krb5_config_$3" --libs $2 2>/dev/null`
+ rra_krb5_config_$3[]_ok=yes])])])
+ AS_IF([test x"$rra_krb5_config_$3[]_ok" = xyes],
+ [$3[]_CPPFLAGS=`echo "$$3[]_CPPFLAGS" | sed 's%-I/usr/include %%'`
+ $3[]_CPPFLAGS=`echo "$$3[]_CPPFLAGS" | sed 's%-I/usr/include$%%'`
+ $4],
+ [$5])])
diff --git a/m4/krb5.m4 b/m4/krb5.m4
index 38a050e..964023a 100644
--- a/m4/krb5.m4
+++ b/m4/krb5.m4
@@ -1,17 +1,18 @@
-dnl Find the compiler and linker flags for Kerberos v5.
+dnl Find the compiler and linker flags for Kerberos.
dnl
-dnl Finds the compiler and linker flags for linking with Kerberos v5
-dnl libraries. Provides the --with-krb5, --with-krb5-include, and
-dnl --with-krb5-lib configure options to specify non-standard paths to the
-dnl Kerberos libraries. Uses krb5-config where available unless reduced
-dnl dependencies is requested.
+dnl Finds the compiler and linker flags for linking with Kerberos libraries.
+dnl Provides the --with-krb5, --with-krb5-include, and --with-krb5-lib
+dnl configure options to specify non-standard paths to the Kerberos libraries.
+dnl Uses krb5-config where available unless reduced dependencies is requested
+dnl or --with-krb5-include or --with-krb5-lib are given.
dnl
dnl Provides the macro RRA_LIB_KRB5 and sets the substitution variables
dnl KRB5_CPPFLAGS, KRB5_LDFLAGS, and KRB5_LIBS. Also provides
dnl RRA_LIB_KRB5_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
dnl Kerberos libraries, saving the current values first, and
dnl RRA_LIB_KRB5_RESTORE to restore those settings to before the last
-dnl RRA_LIB_KRB5_SWITCH.
+dnl RRA_LIB_KRB5_SWITCH. HAVE_KERBEROS will always be defined if RRA_LIB_KRB5
+dnl is used.
dnl
dnl If KRB5_CPPFLAGS, KRB5_LDFLAGS, or KRB5_LIBS are set before calling these
dnl macros, their values will be added to whatever the macros discover.
@@ -32,14 +33,31 @@ dnl Also provides RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS, which checks
dnl whether krb5_get_init_creds_opt_free takes one argument or two. Defines
dnl HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS if it takes two arguments.
dnl
+dnl Also provides RRA_INCLUDES_KRB5, which are the headers to include when
+dnl probing the Kerberos library properties.
+dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2005, 2006, 2007, 2008, 2009, 2010
-dnl Board of Trustees, Leland Stanford Jr. University
+dnl Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+
+dnl Headers to include when probing for Kerberos library properties.
+AC_DEFUN([RRA_INCLUDES_KRB5], [[
+#if HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
+]])
dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
-dnl versions that include the Kerberos v5 flags. Used as a wrapper, with
+dnl versions that include the Kerberos flags. Used as a wrapper, with
dnl RRA_LIB_KRB5_RESTORE, around tests.
AC_DEFUN([RRA_LIB_KRB5_SWITCH],
[rra_krb5_save_CPPFLAGS="$CPPFLAGS"
@@ -69,44 +87,62 @@ AC_DEFUN([_RRA_LIB_KRB5_PATHS],
[AS_IF([test x"$rra_krb5_root" != x/usr],
[KRB5_CPPFLAGS="-I${rra_krb5_root}/include"])])])])
-dnl Does the appropriate library checks for reduced-dependency Kerberos v5
+dnl Check for a header using a file existence check rather than using
+dnl AC_CHECK_HEADERS. This is used if there were arguments to configure
+dnl specifying the Kerberos header path, since we may have one header in the
+dnl default include path and another under our explicitly-configured Kerberos
+dnl location.
+AC_DEFUN([_RRA_LIB_KRB5_CHECK_HEADER],
+[AC_MSG_CHECKING([for $1])
+ AS_IF([test -f "${rra_krb5_incroot}/$1"],
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$1]), [1],
+ [Define to 1 if you have the <$1> header file.])
+ AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])])])
+
+dnl Does the appropriate library checks for reduced-dependency Kerberos
dnl linkage. The single argument, if true, says to fail if Kerberos could not
dnl be found.
AC_DEFUN([_RRA_LIB_KRB5_REDUCED],
[RRA_LIB_KRB5_SWITCH
AC_CHECK_LIB([krb5], [krb5_init_context], [KRB5_LIBS="-lkrb5"],
[AS_IF([test x"$1" = xtrue],
- [AC_MSG_ERROR([cannot find usable Kerberos v5 library])])])
+ [AC_MSG_ERROR([cannot find usable Kerberos library])])])
LIBS="$KRB5_LIBS $LIBS"
+ AS_IF([test x"$rra_krb5_incroot" = x],
+ [AC_CHECK_HEADERS([krb5.h krb5/krb5.h])],
+ [_RRA_LIB_KRB5_CHECK_HEADER([krb5.h])
+ _RRA_LIB_KRB5_CHECK_HEADER([krb5/krb5.h])])
AC_CHECK_FUNCS([krb5_get_error_message],
[AC_CHECK_FUNCS([krb5_free_error_message])],
- [AC_CHECK_FUNCS([krb5_get_error_string], ,
- [AC_CHECK_FUNCS([krb5_get_err_txt], ,
+ [AC_CHECK_FUNCS([krb5_get_error_string], [],
+ [AC_CHECK_FUNCS([krb5_get_err_txt], [],
[AC_CHECK_LIB([ksvc], [krb5_svc_get_msg],
[KRB5_LIBS="$KRB5_LIBS -lksvc"
AC_DEFINE([HAVE_KRB5_SVC_GET_MSG], [1])
- AC_CHECK_HEADERS([ibm_svc/krb5_svc.h])],
+ AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
+ [RRA_INCLUDES_KRB5])],
[AC_CHECK_LIB([com_err], [com_err],
[KRB5_LIBS="$KRB5_LIBS -lcom_err"],
[AC_MSG_ERROR([cannot find usable com_err library])])
AC_CHECK_HEADERS([et/com_err.h])])])])])
RRA_LIB_KRB5_RESTORE])
-dnl Does the appropriate library checks for Kerberos v5 linkage when we don't
+dnl Does the appropriate library checks for Kerberos linkage when we don't
dnl have krb5-config or reduced dependencies. The single argument, if true,
dnl says to fail if Kerberos could not be found.
AC_DEFUN([_RRA_LIB_KRB5_MANUAL],
[RRA_LIB_KRB5_SWITCH
rra_krb5_extra=
LIBS=
- AC_SEARCH_LIBS([res_search], [resolv], ,
+ AC_SEARCH_LIBS([res_search], [resolv], [],
[AC_SEARCH_LIBS([__res_search], [resolv])])
AC_SEARCH_LIBS([gethostbyname], [nsl])
- AC_SEARCH_LIBS([socket], [socket], ,
- [AC_CHECK_LIB([nsl], [socket], [LIBS="-lnsl -lsocket $LIBS"], ,
+ AC_SEARCH_LIBS([socket], [socket], [],
+ [AC_CHECK_LIB([nsl], [socket], [LIBS="-lnsl -lsocket $LIBS"], [],
[-lsocket])])
AC_SEARCH_LIBS([crypt], [crypt])
- AC_SEARCH_LIBS([rk_simple_execve], [roken])
+ AC_SEARCH_LIBS([roken_concat], [roken])
rra_krb5_extra="$LIBS"
LIBS="$rra_krb5_save_LIBS"
AC_CHECK_LIB([krb5], [krb5_init_context],
@@ -119,28 +155,34 @@ AC_DEFUN([_RRA_LIB_KRB5_MANUAL],
[rra_krb5_pthread="-lpthread"])])
AC_CHECK_LIB([krb5support], [krb5int_setspecific],
[rra_krb5_extra="-lkrb5support $rra_krb5_extra $rra_krb5_pthread"],
- , [$rra_krb5_pthread])])
+ [], [$rra_krb5_pthread $rra_krb5_extra])],
+ [$rra_krb5_extra])
AC_CHECK_LIB([com_err], [error_message],
- [rra_krb5_extra="-lcom_err $rra_krb5_extra"])
+ [rra_krb5_extra="-lcom_err $rra_krb5_extra"], [], [$rra_krb5_extra])
AC_CHECK_LIB([ksvc], [krb5_svc_get_msg],
- [rra_krb5_extra="-lksvc $rra_krb5_extra"])
+ [rra_krb5_extra="-lksvc $rra_krb5_extra"], [], [$rra_krb5_extra])
AC_CHECK_LIB([k5crypto], [krb5int_hash_md5],
- [rra_krb5_extra="-lk5crypto $rra_krb5_extra"])
+ [rra_krb5_extra="-lk5crypto $rra_krb5_extra"], [], [$rra_krb5_extra])
AC_CHECK_LIB([k5profile], [profile_get_values],
- [rra_krb5_extra="-lk5profile $rra_krb5_extra"])
+ [rra_krb5_extra="-lk5profile $rra_krb5_extra"], [], [$rra_krb5_extra])
AC_CHECK_LIB([krb5], [krb5_cc_default],
[KRB5_LIBS="-lkrb5 $rra_krb5_extra"],
[AS_IF([test x"$1" = xtrue],
- [AC_MSG_ERROR([cannot find usable Kerberos v5 library])])],
+ [AC_MSG_ERROR([cannot find usable Kerberos library])])],
[$rra_krb5_extra])],
[-lasn1 -lcom_err -lcrypto $rra_krb5_extra])
LIBS="$KRB5_LIBS $LIBS"
+ AS_IF([test x"$rra_krb5_incroot" = x],
+ [AC_CHECK_HEADERS([krb5.h krb5/krb5.h])],
+ [_RRA_LIB_KRB5_CHECK_HEADER([krb5.h])
+ _RRA_LIB_KRB5_CHECK_HEADER([krb5/krb5.h])])
AC_CHECK_FUNCS([krb5_get_error_message],
[AC_CHECK_FUNCS([krb5_free_error_message])],
- [AC_CHECK_FUNCS([krb5_get_error_string], ,
- [AC_CHECK_FUNCS([krb5_get_err_txt], ,
+ [AC_CHECK_FUNCS([krb5_get_error_string], [],
+ [AC_CHECK_FUNCS([krb5_get_err_txt], [],
[AC_CHECK_FUNCS([krb5_svc_get_msg],
- [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h])],
+ [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
+ [RRA_INCLUDES_KRB5])],
[AC_CHECK_HEADERS([et/com_err.h])])])])])
RRA_LIB_KRB5_RESTORE])
@@ -158,49 +200,49 @@ AC_DEFUN([_RRA_LIB_KRB5_CHECK],
_RRA_LIB_KRB5_PATHS
_RRA_LIB_KRB5_MANUAL([$1])])])
+dnl Determine Kerberos compiler and linker flags from krb5-config. Does the
+dnl additional probing we need to do to uncover error handling features, and
+dnl falls back on the manual checks.
+AC_DEFUN([_RRA_LIB_KRB5_CONFIG],
+[RRA_KRB5_CONFIG([${rra_krb5_root}], [krb5], [KRB5],
+ [_RRA_LIB_KRB5_CHECK([$1])
+ RRA_LIB_KRB5_SWITCH
+ AS_IF([test x"$rra_krb5_incroot" = x],
+ [AC_CHECK_HEADERS([krb5.h krb5/krb5.h])],
+ [_RRA_LIB_KRB5_CHECK_HEADER([krb5.h])
+ _RRA_LIB_KRB5_CHECK_HEADER([krb5/krb5.h])])
+ AC_CHECK_FUNCS([krb5_get_error_message],
+ [AC_CHECK_FUNCS([krb5_free_error_message])],
+ [AC_CHECK_FUNCS([krb5_get_error_string], [],
+ [AC_CHECK_FUNCS([krb5_get_err_txt], [],
+ [AC_CHECK_FUNCS([krb5_svc_get_msg],
+ [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h], [], [],
+ [RRA_INCLUDES_KRB5])],
+ [AC_CHECK_HEADERS([et/com_err.h])])])])])
+ RRA_LIB_KRB5_RESTORE],
+ [_RRA_LIB_KRB5_PATHS
+ _RRA_LIB_KRB5_MANUAL([$1])])])
+
dnl The core of the library checking, shared between RRA_LIB_KRB5 and
dnl RRA_LIB_KRB5_OPTIONAL. The single argument, if "true", says to fail if
-dnl Kerberos could not be found.
+dnl Kerberos could not be found. Set up rra_krb5_incroot for later header
+dnl checking.
AC_DEFUN([_RRA_LIB_KRB5_INTERNAL],
[AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
+ rra_krb5_incroot=
+ AS_IF([test x"$rra_krb5_includedir" != x],
+ [rra_krb5_incroot="$rra_krb5_includedir"],
+ [AS_IF([test x"$rra_krb5_root" != x],
+ [rra_krb5_incroot="${rra_krb5_root}/include"])])
AS_IF([test x"$rra_reduced_depends" = xtrue],
[_RRA_LIB_KRB5_PATHS
_RRA_LIB_KRB5_REDUCED([$1])],
- [AC_ARG_VAR([KRB5_CONFIG], [Path to krb5-config])
- AS_IF([test x"$rra_krb5_root" != x && test -z "$KRB5_CONFIG"],
- [AS_IF([test -x "${rra_krb5_root}/bin/krb5-config"],
- [KRB5_CONFIG="${rra_krb5_root}/bin/krb5-config"])],
- [AC_PATH_PROG([KRB5_CONFIG], [krb5-config])])
- AS_IF([test x"$KRB5_CONFIG" != x && test -x "$KRB5_CONFIG"],
- [AC_CACHE_CHECK([for krb5 support in krb5-config],
- [rra_cv_lib_krb5_config],
- [AS_IF(["$KRB5_CONFIG" 2>&1 | grep krb5 >/dev/null 2>&1],
- [rra_cv_lib_krb5_config=yes],
- [rra_cv_lib_krb5_config=no])])
- AS_IF([test x"$rra_cv_lib_krb5_config" = xyes],
- [KRB5_CPPFLAGS=`"$KRB5_CONFIG" --cflags krb5 2>/dev/null`
- KRB5_LIBS=`"$KRB5_CONFIG" --libs krb5 2>/dev/null`],
- [KRB5_CPPFLAGS=`"$KRB5_CONFIG" --cflags 2>/dev/null`
- KRB5_LIBS=`"$KRB5_CONFIG" --libs 2>/dev/null`])
- KRB5_CPPFLAGS=`echo "$KRB5_CPPFLAGS" | sed 's%-I/usr/include ?%%'`
- _RRA_LIB_KRB5_CHECK([$1])
- RRA_LIB_KRB5_SWITCH
- AC_CHECK_FUNCS([krb5_get_error_message],
- [AC_CHECK_FUNCS([krb5_free_error_message])],
- [AC_CHECK_FUNCS([krb5_get_error_string], ,
- [AC_CHECK_FUNCS([krb5_get_err_txt], ,
- [AC_CHECK_FUNCS([krb5_svc_get_msg],
- [AC_CHECK_HEADERS([ibm_svc/krb5_svc.h])],
- [AC_CHECK_HEADERS([et/com_err.h])])])])])
- RRA_LIB_KRB5_RESTORE],
- [_RRA_LIB_KRB5_PATHS
- _RRA_LIB_KRB5_MANUAL([$1])])])
+ [AS_IF([test x"$rra_krb5_includedir" = x && test x"$rra_krb5_libdir" = x],
+ [_RRA_LIB_KRB5_CONFIG([$1])],
+ [_RRA_LIB_KRB5_PATHS
+ _RRA_LIB_KRB5_MANUAL([$1])])])
rra_krb5_uses_com_err=false
- case "$LIBS" in
- *-lcom_err*)
- rra_krb5_uses_com_err=true
- ;;
- esac
+ AS_CASE([$LIBS], [*-lcom_err*], [rra_krb5_uses_com_err=true])
AM_CONDITIONAL([KRB5_USES_COM_ERR], [test x"$rra_krb5_uses_com_err" = xtrue])])
dnl The main macro for packages with mandatory Kerberos support.
@@ -208,26 +250,28 @@ AC_DEFUN([RRA_LIB_KRB5],
[rra_krb5_root=
rra_krb5_libdir=
rra_krb5_includedir=
+ rra_use_kerberos=true
AC_SUBST([KRB5_CPPFLAGS])
AC_SUBST([KRB5_LDFLAGS])
AC_SUBST([KRB5_LIBS])
AC_ARG_WITH([krb5],
[AS_HELP_STRING([--with-krb5=DIR],
- [Location of Kerberos v5 headers and libraries])],
+ [Location of Kerberos headers and libraries])],
[AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
[rra_krb5_root="$withval"])])
AC_ARG_WITH([krb5-include],
[AS_HELP_STRING([--with-krb5-include=DIR],
- [Location of Kerberos v5 headers])],
+ [Location of Kerberos headers])],
[AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
[rra_krb5_includedir="$withval"])])
AC_ARG_WITH([krb5-lib],
[AS_HELP_STRING([--with-krb5-lib=DIR],
- [Location of Kerberos v5 libraries])],
+ [Location of Kerberos libraries])],
[AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
[rra_krb5_libdir="$withval"])])
- _RRA_LIB_KRB5_INTERNAL([true])])
+ _RRA_LIB_KRB5_INTERNAL([true])
+ AC_DEFINE([HAVE_KERBEROS], 1, [Define to enable Kerberos features.])])
dnl The main macro for packages with optional Kerberos support.
AC_DEFUN([RRA_LIB_KRB5_OPTIONAL],
@@ -241,29 +285,41 @@ AC_DEFUN([RRA_LIB_KRB5_OPTIONAL],
AC_ARG_WITH([krb5],
[AS_HELP_STRING([--with-krb5@<:@=DIR@:>@],
- [Location of Kerberos v5 headers and libraries])],
+ [Location of Kerberos headers and libraries])],
[AS_IF([test x"$withval" = xno],
[rra_use_kerberos=false],
[AS_IF([test x"$withval" != xyes], [rra_krb5_root="$withval"])
rra_use_kerberos=true])])
AC_ARG_WITH([krb5-include],
[AS_HELP_STRING([--with-krb5-include=DIR],
- [Location of Kerberos v5 headers])],
+ [Location of Kerberos headers])],
[AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
[rra_krb5_includedir="$withval"])])
AC_ARG_WITH([krb5-lib],
[AS_HELP_STRING([--with-krb5-lib=DIR],
- [Location of Kerberos v5 libraries])],
+ [Location of Kerberos libraries])],
[AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
[rra_krb5_libdir="$withval"])])
AS_IF([test x"$rra_use_kerberos" != xfalse],
[AS_IF([test x"$rra_use_kerberos" = xtrue],
[_RRA_LIB_KRB5_INTERNAL([true])],
- [_RRA_LIB_KRB5_INTERNAL([false])])])
+ [_RRA_LIB_KRB5_INTERNAL([false])])],
+ [AM_CONDITIONAL([KRB5_USES_COM_ERR], [false])])
AS_IF([test x"$KRB5_LIBS" != x],
[AC_DEFINE([HAVE_KERBEROS], 1, [Define to enable Kerberos features.])])])
+dnl Source used by RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS.
+AC_DEFUN([_RRA_FUNC_KRB5_OPT_FREE_ARGS_SOURCE], [RRA_INCLUDES_KRB5] [[
+int
+main(void)
+{
+ krb5_get_init_creds_opt *opts;
+ krb5_context c;
+ krb5_get_init_creds_opt_free(c, opts);
+}
+]])
+
dnl Check whether krb5_get_init_creds_opt_free takes one argument or two.
dnl Early Heimdal used to take a single argument. Defines
dnl HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_2_ARGS if it takes two arguments.
@@ -272,9 +328,7 @@ dnl Should be called with RRA_LIB_KRB5_SWITCH active.
AC_DEFUN([RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS],
[AC_CACHE_CHECK([if krb5_get_init_creds_opt_free takes two arguments],
[rra_cv_func_krb5_get_init_creds_opt_free_args],
- [AC_TRY_COMPILE([#include <krb5.h>],
- [krb5_get_init_creds_opt *opts; krb5_context c;
- krb5_get_init_creds_opt_free(c, opts);],
+ [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_RRA_FUNC_KRB5_OPT_FREE_ARGS_SOURCE])],
[rra_cv_func_krb5_get_init_creds_opt_free_args=yes],
[rra_cv_func_krb5_get_init_creds_opt_free_args=no])])
AS_IF([test $rra_cv_func_krb5_get_init_creds_opt_free_args = yes],
diff --git a/m4/lib-depends.m4 b/m4/lib-depends.m4
index 039e245..b5185f3 100644
--- a/m4/lib-depends.m4
+++ b/m4/lib-depends.m4
@@ -9,11 +9,16 @@ dnl
dnl This macro doesn't do much but is defined separately so that other macros
dnl can require it with AC_REQUIRE.
dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
dnl Written by Russ Allbery <rra@stanford.edu>
dnl Copyright 2005, 2006, 2007
-dnl Board of Trustees, Leland Stanford Jr. University
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
AC_DEFUN([RRA_ENABLE_REDUCED_DEPENDS],
[rra_reduced_depends=false
diff --git a/m4/lib-pathname.m4 b/m4/lib-pathname.m4
index fc326a0..fd5a5a1 100644
--- a/m4/lib-pathname.m4
+++ b/m4/lib-pathname.m4
@@ -12,10 +12,16 @@ dnl
dnl This file also provides the Autoconf macro RRA_SET_LIBDIR, which sets the
dnl libdir variable to PREFIX/lib{,32,64} as appropriate.
dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2008, 2009 Board of Trustees, Leland Stanford Jr. University
+dnl Copyright 2008, 2009
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
dnl Probe for the alternate library name that we should attempt on this
dnl architecture, given the size of an int, and set rra_lib_arch_name to that
diff --git a/m4/remctl.m4 b/m4/remctl.m4
index bb3a56f..588404f 100644
--- a/m4/remctl.m4
+++ b/m4/remctl.m4
@@ -10,15 +10,28 @@ dnl REMCTL_CPPFLAGS, REMCTL_LDFLAGS, and REMCTL_LIBS. Also provides
dnl RRA_LIB_REMCTL_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
dnl remctl libraries, saving the current values first, and
dnl RRA_LIB_REMCTL_RESTORE to restore those settings to before the last
-dnl RRA_LIB_REMCTL_SWITCH.
+dnl RRA_LIB_REMCTL_SWITCH. HAVE_REMCTL will always be defined if
+dnl RRA_LIB_REMCTL is used.
+dnl
+dnl Provides the RRA_LIB_REMCTL_OPTIONAL macro, which should be used if
+dnl Kerberos support is optional. This macro will still always est the
+dnl substitution variables, but they'll be empty unless --with-remctl is
+dnl given. HAVE_REMCTL will be defined if --with-remctl is given and
+dnl $rra_use_remctl will be set to "true".
dnl
dnl Depends on RRA_ENABLE_REDUCED_DEPENDS, RRA_SET_LDFLAGS, and
dnl RRA_LIB_GSSAPI.
dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2008, 2009 Board of Trustees, Leland Stanford Jr. University
+dnl Copyright 2008, 2009, 2011
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
dnl versions that include the remctl flags. Used as a wrapper, with
@@ -55,16 +68,34 @@ dnl Sanity-check the results of the remctl library search to be sure we can
dnl really link a remctl program.
AC_DEFUN([_RRA_LIB_REMCTL_CHECK],
[RRA_LIB_REMCTL_SWITCH
- AC_CHECK_FUNC([remctl_open], ,
- [AC_MSG_FAILURE([unable to link with remctl library])])
+ AC_CHECK_FUNC([remctl_open], [],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_FAILURE([unable to link with remctl library])])
+ REMCTL_CPPFLAGS=
+ REMCTL_LDFLAGS=
+ REMCTL_LIBS=])
RRA_LIB_REMCTL_RESTORE])
-dnl The main macro.
-AC_DEFUN([RRA_LIB_REMCTL],
+dnl The core of the library checking, shared between RRA_LIB_REMCTL and
+dnl RRA_LIB_REMCTL_OPTIONAL. The single argument, if "true", says to fail if
+dnl remctl could not be found.
+AC_DEFUN([_RRA_LIB_REMCTL_INTERNAL],
[AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
- rra_remctl_root=
+ _RRA_LIB_REMCTL_PATHS
+ AS_IF([test x"$rra_reduced_depends" = xtrue],
+ [REMCTL_LIBS="-lremctl"],
+ [RRA_LIB_GSSAPI
+ REMCTL_CPPFLAGS="$REMCTL_CPPFLAGS $GSSAPI_CPPFLAGS"
+ REMCTL_LDFLAGS="$REMCTL_LDFLAGS $GSSAPI_LDFLAGS"
+ REMCTL_LIBS="-lremctl $GSSAPI_LIBS"])
+ _RRA_LIB_REMCTL_CHECK([$1])])
+
+dnl The main macro for packages with mandatory remctl support.
+AC_DEFUN([RRA_LIB_REMCTL],
+[rra_remctl_root=
rra_remctl_libdir=
rra_remctl_includedir=
+ rra_use_remctl=true
REMCTL_CPPFLAGS=
REMCTL_LDFLAGS=
REMCTL_LIBS=
@@ -87,12 +118,43 @@ AC_DEFUN([RRA_LIB_REMCTL],
[Location of remctl libraries])],
[AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
[rra_remctl_libdir="$withval"])])
+ _RRA_LIB_REMCTL_INTERNAL([true])
+ AC_DEFINE([HAVE_REMCTL], 1, [Define to enable remctl features.])])
- _RRA_LIB_REMCTL_PATHS
- AS_IF([test x"$rra_reduced_depends" = xtrue],
- [REMCTL_LIBS="-lremctl"],
- [RRA_LIB_GSSAPI
- REMCTL_CPPFLAGS="$REMCTL_CPPFLAGS $GSSAPI_CPPFLAGS"
- REMCTL_LDFLAGS="$REMCTL_LDFLAGS $GSSAPI_LDFLAGS"
- REMCTL_LIBS="-lremctl $GSSAPI_LIBS"])
- _RRA_LIB_REMCTL_CHECK])
+dnl The main macro for packages with optional remctl support.
+AC_DEFUN([RRA_LIB_REMCTL_OPTIONAL],
+[rra_remctl_root=
+ rra_remctl_libdir=
+ rra_remctl_includedir=
+ rra_use_remctl=
+ REMCTL_CPPFLAGS=
+ REMCTL_LDFLAGS=
+ REMCTL_LIBS=
+ AC_SUBST([REMCTL_CPPFLAGS])
+ AC_SUBST([REMCTL_LDFLAGS])
+ AC_SUBST([REMCTL_LIBS])
+
+ AC_ARG_WITH([remctl],
+ [AS_HELP_STRING([--with-remctl@<:@=DIR@:>@],
+ [Location of remctl headers and libraries])],
+ [AS_IF([test x"$withval" = xno],
+ [rra_use_remctl=false],
+ [AS_IF([test x"$withval" != xyes], [rra_remctl_root="$withval"])
+ rra_use_remctl=true])])
+ AC_ARG_WITH([remctl-include],
+ [AS_HELP_STRING([--with-remctl-include=DIR],
+ [Location of remctl headers])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [rra_remctl_includedir="$withval"])])
+ AC_ARG_WITH([remctl-lib],
+ [AS_HELP_STRING([--with-remctl-lib=DIR],
+ [Location of remctl libraries])],
+ [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
+ [rra_remctl_libdir="$withval"])])
+ AS_IF([test x"$rra_use_remctl" != xfalse],
+ [AS_IF([test x"$rra_use_remctl" = xtrue],
+ [_RRA_LIB_REMCTL_INTERNAL([true])],
+ [_RRA_LIB_REMCTL_INTERNAL([false])])])
+ AS_IF([test x"$REMCTL_LIBS" != x],
+ [rra_use_remctl=true
+ AC_DEFINE([HAVE_REMCTL], 1, [Define to enable remctl features.])])])
diff --git a/m4/snprintf.m4 b/m4/snprintf.m4
index d933f55..cd585ef 100644
--- a/m4/snprintf.m4
+++ b/m4/snprintf.m4
@@ -9,11 +9,16 @@ dnl
dnl Provides RRA_FUNC_SNPRINTF, which adds snprintf.o to LIBOBJS unless a
dnl fully working snprintf is found.
dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
dnl Written by Russ Allbery <rra@stanford.edu>
dnl Copyright 2006, 2008, 2009
-dnl Board of Trustees, Leland Stanford Jr. University
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
dnl Source used by RRA_FUNC_SNPRINTF.
AC_DEFUN([_RRA_FUNC_SNPRINTF_SOURCE], [[
diff --git a/m4/vamacros.m4 b/m4/vamacros.m4
index 855bb40..af98f6a 100644
--- a/m4/vamacros.m4
+++ b/m4/vamacros.m4
@@ -13,11 +13,16 @@ dnl #define macro(args...) fprintf(stderr, args)
dnl
dnl They set HAVE_C99_VAMACROS or HAVE_GNU_VAMACROS as appropriate.
dnl
+dnl The canonical version of this file is maintained in the rra-c-util
+dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+dnl
dnl Written by Russ Allbery <rra@stanford.edu>
dnl Copyright 2006, 2008, 2009
-dnl Board of Trustees, Leland Stanford Jr. University
+dnl The Board of Trustees of the Leland Stanford Junior University
dnl
-dnl See LICENSE for licensing terms.
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
AC_DEFUN([_RRA_C_C99_VAMACROS_SOURCE], [[
#include <stdio.h>
diff --git a/perl/Wallet/ACL.pm b/perl/Wallet/ACL.pm
index 44a82b2..5d9e8f2 100644
--- a/perl/Wallet/ACL.pm
+++ b/perl/Wallet/ACL.pm
@@ -1,7 +1,8 @@
# Wallet::ACL -- Implementation of ACLs in the wallet system.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -32,27 +33,25 @@ $VERSION = '0.07';
# and the database handle to use for future operations. If the object
# doesn't exist, throws an exception.
sub new {
- my ($class, $id, $dbh) = @_;
- my ($sql, $data, $name);
+ my ($class, $id, $schema) = @_;
+ my (%search, $data, $name);
if ($id =~ /^\d+\z/) {
- $sql = 'select ac_id, ac_name from acls where ac_id = ?';
+ $search{ac_id} = $id;
} else {
- $sql = 'select ac_id, ac_name from acls where ac_name = ?';
+ $search{ac_name} = $id;
}
eval {
- ($data, $name) = $dbh->selectrow_array ($sql, undef, $id);
- $dbh->commit;
+ $data = $schema->resultset('Acl')->find (\%search);
};
if ($@) {
- $dbh->rollback;
die "cannot search for ACL $id: $@\n";
} elsif (not defined $data) {
die "ACL $id not found\n";
}
my $self = {
- dbh => $dbh,
- id => $data,
- name => $name,
+ schema => $schema,
+ id => $data->ac_id,
+ name => $data->ac_name,
};
bless ($self, $class);
return $self;
@@ -62,31 +61,40 @@ sub new {
# blessed ACL object for it. Stores the database handle to use and the ID of
# the newly created ACL in the object. On failure, throws an exception.
sub create {
- my ($class, $name, $dbh, $user, $host, $time) = @_;
+ my ($class, $name, $schema, $user, $host, $time) = @_;
if ($name =~ /^\d+\z/) {
die "ACL name may not be all numbers\n";
}
$time ||= time;
my $id;
eval {
- my $sql = 'insert into acls (ac_name) values (?)';
- $dbh->do ($sql, undef, $name);
- $id = $dbh->last_insert_id (undef, undef, 'acls', 'ac_id');
+ my $guard = $schema->txn_scope_guard;
+
+ # Create the new record.
+ my %record = (ac_name => $name);
+ my $acl = $schema->resultset('Acl')->create (\%record);
+ $id = $acl->ac_id;
die "unable to retrieve new ACL ID" unless defined $id;
+
+ # Add to the history table.
my $date = strftime ('%Y-%m-%d %T', localtime $time);
- $sql = "insert into acl_history (ah_acl, ah_action, ah_by, ah_from,
- ah_on) values (?, 'create', ?, ?, ?)";
- $dbh->do ($sql, undef, $id, $user, $host, $date);
- $dbh->commit;
+ %record = (ah_acl => $id,
+ ah_action => 'create',
+ ah_by => $user,
+ ah_from => $host,
+ ah_on => $date);
+ my $history = $schema->resultset('AclHistory')->create (\%record);
+ die "unable to create new history entry" unless defined $history;
+
+ $guard->commit;
};
if ($@) {
- $dbh->rollback;
die "cannot create ACL $name: $@\n";
}
my $self = {
- dbh => $dbh,
- id => $id,
- name => $name,
+ schema => $schema,
+ id => $id,
+ name => $name,
};
bless ($self, $class);
return $self;
@@ -126,13 +134,13 @@ sub scheme_mapping {
my ($self, $scheme) = @_;
my $class;
eval {
- my $sql = 'select as_class from acl_schemes where as_name = ?';
- ($class) = $self->{dbh}->selectrow_array ($sql, undef, $scheme);
- $self->{dbh}->commit;
+ my %search = (as_name => $scheme);
+ my $scheme_rec = $self->{schema}->resultset('AclScheme')
+ ->find (\%search);
+ $class = $scheme_rec->as_class;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
if (defined $class) {
@@ -155,11 +163,14 @@ sub log_acl {
unless ($action =~ /^(add|remove)\z/) {
die "invalid history action $action";
}
- my $date = strftime ('%Y-%m-%d %T', localtime $time);
- my $sql = 'insert into acl_history (ah_acl, ah_action, ah_scheme,
- ah_identifier, ah_by, ah_from, ah_on) values (?, ?, ?, ?, ?, ?, ?)';
- $self->{dbh}->do ($sql, undef, $self->{id}, $action, $scheme, $identifier,
- $user, $host, $date);
+ my %record = (ah_acl => $self->{id},
+ ah_action => $action,
+ ah_scheme => $scheme,
+ ah_identifier => $identifier,
+ ah_by => $user,
+ ah_from => $host,
+ ah_on => strftime ('%Y-%m-%d %T', localtime $time));
+ $self->{schema}->resultset('AclHistory')->create (\%record);
}
##############################################################################
@@ -176,13 +187,15 @@ sub rename {
return;
}
eval {
- my $sql = 'update acls set ac_name = ? where ac_id = ?';
- $self->{dbh}->do ($sql, undef, $name, $self->{id});
- $self->{dbh}->commit;
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %search = (ac_id => $self->{id});
+ my $acls = $self->{schema}->resultset('Acl')->find (\%search);
+ $acls->ac_name ($name);
+ $acls->update;
+ $guard->commit;
};
if ($@) {
$self->error ("cannot rename ACL $self->{id} to $name: $@");
- $self->{dbh}->rollback;
return;
}
$self->{name} = $name;
@@ -200,27 +213,44 @@ sub destroy {
my ($self, $user, $host, $time) = @_;
$time ||= time;
eval {
- my $sql = 'select ob_type, ob_name from objects where ob_owner = ?
- or ob_acl_get = ? or ob_acl_store = ? or ob_acl_show = ? or
- ob_acl_destroy = ? or ob_acl_flags = ?';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute (($self->{id}) x 6);
- my $entry = $sth->fetchrow_arrayref;
- if (defined $entry) {
- die "ACL in use by $entry->[0]:$entry->[1]";
+ my $guard = $self->{schema}->txn_scope_guard;
+
+ # Make certain no one is using the ACL.
+ my @search = ({ ob_owner => $self->{id} },
+ { ob_acl_get => $self->{id} },
+ { ob_acl_store => $self->{id} },
+ { ob_acl_show => $self->{id} },
+ { ob_acl_destroy => $self->{id} },
+ { ob_acl_flags => $self->{id} });
+ my @entries = $self->{schema}->resultset('Object')->search (\@search);
+ if (@entries) {
+ my ($entry) = @entries;
+ die "ACL in use by ".$entry->ob_type.":".$entry->ob_name;
}
- $sql = 'delete from acl_entries where ae_id = ?';
- $self->{dbh}->do ($sql, undef, $self->{id});
- $sql = 'delete from acls where ac_id = ?';
- $self->{dbh}->do ($sql, undef, $self->{id});
- $sql = "insert into acl_history (ah_acl, ah_action, ah_by, ah_from,
- ah_on) values (?, 'destroy', ?, ?, ?)";
- $self->{dbh}->do ($sql, undef, $self->{id}, $user, $host, $time);
- $self->{dbh}->commit;
+
+ # Delete any entries (there may or may not be any).
+ my %search = (ae_id => $self->{id});
+ @entries = $self->{schema}->resultset('AclEntry')->search(\%search);
+ for my $entry (@entries) {
+ $entry->delete;
+ }
+
+ # There should definitely be an ACL record to delete.
+ %search = (ac_id => $self->{id});
+ my $entry = $self->{schema}->resultset('Acl')->find(\%search);
+ $entry->delete if defined $entry;
+
+ # Create new history line for the deletion.
+ my %record = (ah_acl => $self->{id},
+ ah_action => 'destroy',
+ ah_by => $user,
+ ah_from => $host,
+ ah_on => $time);
+ $self->{schema}->resultset('AclHistory')->create (\%record);
+ $guard->commit;
};
if ($@) {
$self->error ("cannot destroy ACL $self->{id}: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -239,15 +269,16 @@ sub add {
return;
}
eval {
- my $sql = 'insert into acl_entries (ae_id, ae_scheme, ae_identifier)
- values (?, ?, ?)';
- $self->{dbh}->do ($sql, undef, $self->{id}, $scheme, $identifier);
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %record = (ae_id => $self->{id},
+ ae_scheme => $scheme,
+ ae_identifier => $identifier);
+ my $entry = $self->{schema}->resultset('AclEntry')->create (\%record);
$self->log_acl ('add', $scheme, $identifier, $user, $host, $time);
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ("cannot add $scheme:$identifier to $self->{id}: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -260,23 +291,21 @@ sub remove {
my ($self, $scheme, $identifier, $user, $host, $time) = @_;
$time ||= time;
eval {
- my $sql = 'select * from acl_entries where ae_id = ? and ae_scheme = ?
- and ae_identifier = ?';
- my ($data) = $self->{dbh}->selectrow_array ($sql, undef, $self->{id},
- $scheme, $identifier);
- unless (defined $data) {
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %search = (ae_id => $self->{id},
+ ae_scheme => $scheme,
+ ae_identifier => $identifier);
+ my $entry = $self->{schema}->resultset('AclEntry')->find (\%search);
+ unless (defined $entry) {
die "entry not found in ACL\n";
}
- $sql = 'delete from acl_entries where ae_id = ? and ae_scheme = ?
- and ae_identifier = ?';
- $self->{dbh}->do ($sql, undef, $self->{id}, $scheme, $identifier);
+ $entry->delete;
$self->log_acl ('remove', $scheme, $identifier, $user, $host, $time);
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
my $entry = "$scheme:$identifier";
$self->error ("cannot remove $entry from $self->{id}: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -294,19 +323,17 @@ sub list {
undef $self->{error};
my @entries;
eval {
- my $sql = 'select ae_scheme, ae_identifier from acl_entries where
- ae_id = ?';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{id});
- my $entry;
- while (defined ($entry = $sth->fetchrow_arrayref)) {
- push (@entries, [ @$entry ]);
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %search = (ae_id => $self->{id});
+ my @entry_recs = $self->{schema}->resultset('AclEntry')
+ ->search (\%search);
+ for my $entry (@entry_recs) {
+ push (@entries, [ $entry->ae_scheme, $entry->ae_identifier ]);
}
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ("cannot retrieve ACL $self->{id}: $@");
- $self->{dbh}->rollback;
return;
} else {
return @entries;
@@ -338,25 +365,27 @@ sub history {
my ($self) = @_;
my $output = '';
eval {
- my $sql = 'select ah_action, ah_scheme, ah_identifier, ah_by, ah_from,
- ah_on from acl_history where ah_acl = ? order by ah_on';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{id});
- my @data;
- while (@data = $sth->fetchrow_array) {
- $output .= "$data[5] ";
- if ($data[0] eq 'add' or $data[0] eq 'remove') {
- $output .= "$data[0] $data[1] $data[2]";
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %search = (ah_acl => $self->{id});
+ my %options = (order_by => 'ah_on');
+ my @data = $self->{schema}->resultset('AclHistory')
+ ->search (\%search, \%options);
+ for my $data (@data) {
+ $output .= sprintf ("%s %s ", $data->ah_on->ymd,
+ $data->ah_on->hms);
+ if ($data->ah_action eq 'add' || $data->ah_action eq 'remove') {
+ $output .= sprintf ("%s %s %s", $data->ah_action,
+ $data->ah_scheme, $data->ah_identifier);
} else {
- $output .= $data[0];
+ $output .= $data->ah_action;
}
- $output .= "\n by $data[3] from $data[4]\n";
+ $output .= sprintf ("\n by %s from %s\n", $data->ah_by,
+ $data->ah_from);
}
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ("cannot read history for $self->{id}: $@");
- $self->{dbh}->rollback;
return;
}
return $output;
@@ -442,7 +471,7 @@ __END__
Wallet::ACL - Implementation of ACLs in the wallet system
=for stopwords
-ACL DBH metadata HOSTNAME DATETIME timestamp Allbery
+ACL DBH metadata HOSTNAME DATETIME timestamp Allbery verifier verifiers
=head1 SYNOPSIS
@@ -484,14 +513,14 @@ references.
=over 4
-=item new(ACL, DBH)
+=item new(ACL, SCHEMA)
Instantiate a new ACL object with the given ACL ID or name. Takes the
-Wallet::Database object to use for retrieving metadata from the wallet
+Wallet::Schema object to use for retrieving metadata from the wallet
database. Returns a new ACL object if the ACL was found and throws an
exception if it wasn't or on any other error.
-=item create(NAME, DBH, PRINCIPAL, HOSTNAME [, DATETIME])
+=item create(NAME, SCHEMA, PRINCIPAL, HOSTNAME [, DATETIME])
Similar to new() in that it instantiates a new ACL object, but instead of
finding an existing one, creates a new ACL record in the database with the
diff --git a/perl/Wallet/ACL/Base.pm b/perl/Wallet/ACL/Base.pm
index 9a8a3cb..5112c2f 100644
--- a/perl/Wallet/ACL/Base.pm
+++ b/perl/Wallet/ACL/Base.pm
@@ -1,7 +1,8 @@
# Wallet::ACL::Base -- Parent class for wallet ACL verifiers.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -60,7 +61,7 @@ __END__
##############################################################################
=for stopwords
-ACL Allbery
+ACL Allbery verifier verifiers
=head1 NAME
diff --git a/perl/Wallet/ACL/Krb5.pm b/perl/Wallet/ACL/Krb5.pm
index 496fcf0..716a223 100644
--- a/perl/Wallet/ACL/Krb5.pm
+++ b/perl/Wallet/ACL/Krb5.pm
@@ -1,7 +1,8 @@
# Wallet::ACL::Krb5 -- Wallet Kerberos v5 principal ACL verifier.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -51,7 +52,7 @@ __END__
##############################################################################
=for stopwords
-ACL krb5 Allbery
+ACL krb5 Allbery verifier
=head1 NAME
diff --git a/perl/Wallet/ACL/Krb5/Regex.pm b/perl/Wallet/ACL/Krb5/Regex.pm
index 52f4bf5..ce2fe48 100644
--- a/perl/Wallet/ACL/Krb5/Regex.pm
+++ b/perl/Wallet/ACL/Krb5/Regex.pm
@@ -1,7 +1,8 @@
# Wallet::ACL::Krb5::Regex -- Wallet Kerberos v5 principal regex ACL verifier
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -56,7 +57,7 @@ __END__
##############################################################################
=for stopwords
-ACL krb5-regex Durkacz Allbery
+ACL krb5-regex Durkacz Allbery verifier
=head1 NAME
diff --git a/perl/Wallet/ACL/LDAP/Attribute.pm b/perl/Wallet/ACL/LDAP/Attribute.pm
new file mode 100644
index 0000000..802c710
--- /dev/null
+++ b/perl/Wallet/ACL/LDAP/Attribute.pm
@@ -0,0 +1,262 @@
+# Wallet::ACL::LDAP::Attribute -- Wallet LDAP attribute ACL verifier.
+#
+# Written by Russ Allbery
+# Copyright 2012
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::ACL::LDAP::Attribute;
+require 5.006;
+
+use strict;
+use vars qw(@ISA $VERSION);
+
+use Authen::SASL ();
+use Net::LDAP qw(LDAP_COMPARE_TRUE);
+use Wallet::ACL::Base;
+
+@ISA = qw(Wallet::ACL::Base);
+
+# This version should be increased on any code change to this module. Always
+# use two digits for the minor version with a leading zero if necessary so
+# that it will sort properly.
+$VERSION = '0.01';
+
+##############################################################################
+# Interface
+##############################################################################
+
+# Create a new persistant verifier. Load the Net::LDAP module and open a
+# persistant LDAP server connection that we'll use for later calls.
+sub new {
+ my $type = shift;
+ my $host = $Wallet::Config::LDAP_HOST;
+ my $base = $Wallet::Config::LDAP_BASE;
+ unless ($host and defined ($base) and $Wallet::Config::LDAP_CACHE) {
+ die "LDAP attribute ACL support not configured\n";
+ }
+
+ # Ensure the required Perl modules are available and bind to the directory
+ # server. Catch any errors with a try/catch block.
+ my $ldap;
+ eval {
+ local $ENV{KRB5CCNAME} = $Wallet::Config::LDAP_CACHE;
+ my $sasl = Authen::SASL->new (mechanism => 'GSSAPI');
+ $ldap = Net::LDAP->new ($host, onerror => 'die');
+ my $mesg = eval { $ldap->bind (undef, sasl => $sasl) };
+ };
+ if ($@) {
+ my $error = $@;
+ chomp $error;
+ 1 while ($error =~ s/ at \S+ line \d+\.?\z//);
+ die "LDAP attribute ACL support not available: $error\n";
+ }
+
+ # We successfully bound, so create our object and return it.
+ my $self = { ldap => $ldap };
+ bless ($self, $type);
+ return $self;
+}
+
+# Check whether a given principal has the required LDAP attribute. We first
+# map the principal to a DN by doing a search for that principal (and bailing
+# if we get more than one entry). Then, we do a compare to see if that DN has
+# the desired attribute and value.
+#
+# If the ldap_map_principal sub is defined in Wallet::Config, call it on the
+# principal first to map it to the value for which we'll search.
+#
+# The connection is configured to die on any error, so we do all the work in a
+# try/catch block to report errors.
+sub check {
+ my ($self, $principal, $acl) = @_;
+ undef $self->{error};
+ unless ($principal) {
+ $self->error ('no principal specified');
+ return;
+ }
+ my ($attr, $value);
+ if ($acl) {
+ ($attr, $value) = split ('=', $acl, 2);
+ }
+ unless (defined ($attr) and defined ($value)) {
+ $self->error ('malformed ldap-attr ACL');
+ return;
+ }
+ my $ldap = $self->{ldap};
+
+ # Map the principal name to an attribute value for our search if we're
+ # doing a custom mapping.
+ if (defined &Wallet::Config::ldap_map_principal) {
+ eval { $principal = Wallet::Config::ldap_map_principal ($principal) };
+ if ($@) {
+ $self->error ("mapping principal to LDAP failed: $@");
+ return;
+ }
+ }
+
+ # Now, map the user to a DN by doing a search.
+ my $entry;
+ eval {
+ my $fattr = $Wallet::Config::LDAP_FILTER_ATTR || 'krb5PrincipalName';
+ my $filter = "($fattr=$principal)";
+ my $base = $Wallet::Config::LDAP_BASE;
+ my @options = (base => $base, filter => $filter, attrs => [ 'dn' ]);
+ my $search = $ldap->search (@options);
+ if ($search->count == 1) {
+ $entry = $search->pop_entry;
+ } elsif ($search->count > 1) {
+ die $search->count . " LDAP entries found for $principal";
+ }
+ };
+ if ($@) {
+ $self->error ("cannot search for $principal in LDAP: $@");
+ return;
+ }
+ return 0 unless $entry;
+
+ # We have a user entry. We can now check whether that user has the
+ # desired attribute and value.
+ my $result;
+ eval {
+ my $mesg = $ldap->compare ($entry, attr => $attr, value => $value);
+ $result = $mesg->code;
+ };
+ if ($@) {
+ $self->error ("cannot check LDAP attribute $attr for $principal: $@");
+ return;
+ }
+ return ($result == LDAP_COMPARE_TRUE) ? 1 : 0;
+}
+
+1;
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+ACL Allbery verifier LDAP PRINCIPAL's DN ldap-attr
+
+=head1 NAME
+
+Wallet::ACL::LDAP::Attribute - Wallet ACL verifier for LDAP attribute compares
+
+=head1 SYNOPSIS
+
+ my $verifier = Wallet::ACL::LDAP::Attribute->new;
+ my $status = $verifier->check ($principal, "$attr=$value");
+ if (not defined $status) {
+ die "Something failed: ", $verifier->error, "\n";
+ } elsif ($status) {
+ print "Access granted\n";
+ } else {
+ print "Access denied\n";
+ }
+
+=head1 DESCRIPTION
+
+Wallet::ACL::LDAP::Attribute checks whether the LDAP record for the entry
+corresponding to a principal contains an attribute with a particular
+value. It is used to verify ACL lines of type C<ldap-attr>. The value of
+such an ACL is an attribute followed by an equal sign and a value, and the
+ACL grants access to a given principal if and only if the LDAP entry for
+that principal has that attribute set to that value.
+
+To use this object, several configuration parameters must be set. See
+L<Wallet::Config> for details on those configuration parameters and
+information about how to set wallet configuration.
+
+=head1 METHODS
+
+=over 4
+
+=item new()
+
+Creates a new ACL verifier. Opens and binds the connection to the LDAP
+server.
+
+=item check(PRINCIPAL, ACL)
+
+Returns true if PRINCIPAL is granted access according to ACL, false if
+not, and undef on an error (see L<"DIAGNOSTICS"> below). ACL must be an
+attribute name and a value, separated by an equal sign (with no
+whitespace). PRINCIPAL will be granted access if its LDAP entry contains
+that attribute with that value.
+
+=item error()
+
+Returns the error if check() returned undef.
+
+=back
+
+=head1 DIAGNOSTICS
+
+The new() method may fail with one of the following exceptions:
+
+=over 4
+
+=item LDAP attribute ACL support not available: %s
+
+Attempting to connect or bind to the LDAP server failed.
+
+=item LDAP attribute ACL support not configured
+
+The required configuration parameters were not set. See Wallet::Config(3)
+for the required configuration parameters and how to set them.
+
+=back
+
+Verifying an LDAP attribute ACL may fail with the following errors
+(returned by the error() method):
+
+=over 4
+
+=item cannot check LDAP attribute %s for %s: %s
+
+The LDAP compare to check for the required attribute failed. The
+attribute may have been misspelled, or there may be LDAP directory
+permission issues. This error indicates that PRINCIPAL's entry was
+located in LDAP, but the check failed during the compare to verify the
+attribute value.
+
+=item cannot search for %s in LDAP: %s
+
+Searching for PRINCIPAL (possibly after ldap_map_principal() mapping)
+failed. This is often due to LDAP directory permissions issues. This
+indicates a failure during the mapping of PRINCIPAL to an LDAP DN.
+
+=item malformed ldap-attr ACL
+
+The ACL parameter to check() was malformed. Usually this means that
+either the attribute or the value were empty or the required C<=> sign
+separating them was missing.
+
+=item mapping principal to LDAP failed: %s
+
+There was an ldap_map_principal() function defined in the wallet
+configuration, but calling it for the PRINCIPAL argument failed.
+
+=item no principal specified
+
+The PRINCIPAL parameter to check() was undefined or the empty string.
+
+=back
+
+=head1 SEE ALSO
+
+Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8)
+
+This module is part of the wallet system. The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=cut
diff --git a/perl/Wallet/ACL/NetDB.pm b/perl/Wallet/ACL/NetDB.pm
index 0fb5a2c..2d35f49 100644
--- a/perl/Wallet/ACL/NetDB.pm
+++ b/perl/Wallet/ACL/NetDB.pm
@@ -1,7 +1,8 @@
# Wallet::ACL::NetDB -- Wallet NetDB role ACL verifier.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -136,7 +137,7 @@ __END__
##############################################################################
=for stopwords
-ACL NetDB remctl DNS DHCP Allbery netdb
+ACL NetDB remctl DNS DHCP Allbery netdb verifier
=head1 NAME
diff --git a/perl/Wallet/ACL/NetDB/Root.pm b/perl/Wallet/ACL/NetDB/Root.pm
index 3aeebda..ea79d79 100644
--- a/perl/Wallet/ACL/NetDB/Root.pm
+++ b/perl/Wallet/ACL/NetDB/Root.pm
@@ -1,7 +1,8 @@
# Wallet::ACL::NetDB::Root -- Wallet NetDB role ACL verifier (root instances).
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -49,7 +50,7 @@ sub check {
##############################################################################
=for stopwords
-ACL NetDB DNS DHCP Allbery
+ACL NetDB DNS DHCP Allbery verifier
=head1 NAME
diff --git a/perl/Wallet/Admin.pm b/perl/Wallet/Admin.pm
index f208e13..97a2c15 100644
--- a/perl/Wallet/Admin.pm
+++ b/perl/Wallet/Admin.pm
@@ -1,7 +1,8 @@
# Wallet::Admin -- Wallet system administrative interface.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010, 2011, 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -16,13 +17,18 @@ use strict;
use vars qw($VERSION);
use Wallet::ACL;
-use Wallet::Database;
use Wallet::Schema;
# This version should be increased on any code change to this module. Always
# use two digits for the minor version with a leading zero if necessary so
# that it will sort properly.
-$VERSION = '0.05';
+$VERSION = '0.07';
+
+# The last non-DBIx::Class version of Wallet::Schema. If a database has no
+# DBIx::Class versioning, we artificially install this version number before
+# starting the upgrade process so that the automated DBIx::Class upgrade will
+# work properly.
+our $BASE_VERSION = '0.07';
##############################################################################
# Constructor, destructor, and accessors
@@ -33,8 +39,8 @@ $VERSION = '0.05';
# Throw an exception if anything goes wrong.
sub new {
my ($class) = @_;
- my $dbh = Wallet::Database->connect;
- my $self = { dbh => $dbh };
+ my $schema = Wallet::Schema->connect;
+ my $self = { schema => $schema };
bless ($self, $class);
return $self;
}
@@ -42,7 +48,13 @@ sub new {
# Returns the database handle (used mostly for testing).
sub dbh {
my ($self) = @_;
- return $self->{dbh};
+ return $self->{schema}->storage->dbh;
+}
+
+# Returns the DBIx::Class-based database schema object.
+sub schema {
+ my ($self) = @_;
+ return $self->{schema};
}
# Set or return the error stashed in the object.
@@ -60,7 +72,7 @@ sub error {
# Disconnect the database handle on object destruction to avoid warnings.
sub DESTROY {
my ($self) = @_;
- $self->{dbh}->disconnect unless $self->{dbh}->{InactiveDestroy};
+ $self->{schema}->storage->dbh->disconnect;
}
##############################################################################
@@ -74,17 +86,50 @@ sub DESTROY {
# true on success and false on failure, setting the object error.
sub initialize {
my ($self, $user) = @_;
- my $schema = Wallet::Schema->new;
- eval { $schema->create ($self->{dbh}) };
+
+ # Deploy the database schema from DDL files, if they exist. If not then
+ # we automatically get the database from the Schema modules.
+ $self->{schema}->deploy ({}, $Wallet::Config::DB_DDL_DIRECTORY);
if ($@) {
$self->error ($@);
return;
}
- my $acl = Wallet::ACL->create ('ADMIN', $self->{dbh}, $user, 'localhost');
+ $self->default_data;
+
+ # Create a default admin ACL.
+ my $acl = Wallet::ACL->create ('ADMIN', $self->{schema}, $user,
+ 'localhost');
unless ($acl->add ('krb5', $user, $user, 'localhost')) {
$self->error ($acl->error);
return;
}
+
+ return 1;
+}
+
+# Load default data into various tables. We'd like to do this more directly
+# in the schema definitions, but not yet seeing a good way to do that.
+sub default_data {
+ my ($self) = @_;
+
+ # acl_schemes default rows.
+ my ($r1) = $self->{schema}->resultset('AclScheme')->populate ([
+ [ qw/as_name as_class/ ],
+ [ 'krb5', 'Wallet::ACL::Krb5' ],
+ [ 'krb5-regex', 'Wallet::ACL::Krb5::Regex' ],
+ [ 'ldap-attr', 'Wallet::ACL::LDAP::Attribute' ],
+ [ 'netdb', 'Wallet::ACL::NetDB' ],
+ [ 'netdb-root', 'Wallet::ACL::NetDB::Root' ],
+ ]);
+ warn "default AclScheme not installed" unless defined $r1;
+
+ # types default rows.
+ my @record = ([ qw/ty_name ty_class/ ],
+ [ 'file', 'Wallet::Object::File' ],
+ [ 'keytab', 'Wallet::Object::Keytab' ]);
+ ($r1) = $self->{schema}->resultset('Type')->populate (\@record);
+ warn "default Type not installed" unless defined $r1;
+
return 1;
}
@@ -101,12 +146,63 @@ sub reinitialize {
# false on failure.
sub destroy {
my ($self) = @_;
- my $schema = Wallet::Schema->new;
- eval { $schema->drop ($self->{dbh}) };
+
+ # Get an actual DBI handle and use it to delete all tables.
+ my $dbh = $self->dbh;
+ my @tables = qw/acls acl_entries acl_history acl_schemes enctypes
+ flags keytab_enctypes keytab_sync objects object_history
+ sync_targets types dbix_class_schema_versions/;
+ for my $table (@tables) {
+ my $sql = "DROP TABLE IF EXISTS $table";
+ $dbh->do ($sql);
+ }
+
+ return 1;
+}
+
+# Save a DDL of the database in every supported database server. Returns
+# true on success and false on failure.
+sub backup {
+ my ($self, $oldversion) = @_;
+
+ my @dbs = qw/MySQL SQLite PostgreSQL/;
+ my $version = $Wallet::Schema::VERSION;
+ $self->{schema}->create_ddl_dir (\@dbs, $version,
+ $Wallet::Config::DB_DDL_DIRECTORY,
+ $oldversion);
+
+ return 1;
+}
+
+# Upgrade the database to the latest schema version. Returns true on success
+# and false on failure.
+sub upgrade {
+ my ($self) = @_;
+
+ # Check to see if the database is versioned. If not, install the
+ # versioning table and default version.
+ if (!$self->{schema}->get_db_version) {
+ $self->{schema}->install ($BASE_VERSION);
+ }
+
+ # Suppress warnings that actually are just informational messages.
+ local $SIG{__WARN__} = sub {
+ my ($warn) = @_;
+ return if $warn =~ m{Upgrade not necessary};
+ return if $warn =~ m{Attempting upgrade};
+ warn $warn;
+ };
+
+ # Perform the actual upgrade.
+ if ($self->{schema}->get_db_version) {
+ $self->{schema}->upgrade_directory ($Wallet::Config::DB_DDL_DIRECTORY);
+ eval { $self->{schema}->upgrade; };
+ }
if ($@) {
$self->error ($@);
return;
}
+
return 1;
}
@@ -121,13 +217,14 @@ sub destroy {
sub register_object {
my ($self, $type, $class) = @_;
eval {
- my $sql = 'insert into types (ty_name, ty_class) values (?, ?)';
- $self->{dbh}->do ($sql, undef, $type, $class);
- $self->{dbh}->commit;
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %record = (ty_name => $type,
+ ty_class => $class);
+ $self->{schema}->resultset('Type')->create (\%record);
+ $guard->commit;
};
if ($@) {
$self->error ("cannot register $class for $type: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -140,13 +237,14 @@ sub register_object {
sub register_verifier {
my ($self, $scheme, $class) = @_;
eval {
- my $sql = 'insert into acl_schemes (as_name, as_class) values (?, ?)';
- $self->{dbh}->do ($sql, undef, $scheme, $class);
- $self->{dbh}->commit;
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %record = (as_name => $scheme,
+ as_class => $class);
+ $self->{schema}->resultset('AclScheme')->create (\%record);
+ $guard->commit;
};
if ($@) {
- $self->error ("cannot registery $class for $scheme: $@");
- $self->{dbh}->rollback;
+ $self->error ("cannot register $class for $scheme: $@");
return;
}
return 1;
@@ -164,7 +262,7 @@ __DATA__
Wallet::Admin - Wallet system administrative interface
=for stopwords
-ACL hostname Allbery
+ACL hostname Allbery verifier
=head1 SYNOPSIS
@@ -204,12 +302,12 @@ failure to get the error message.
=over 4
-=item destroy()
+=item destroy ()
Destroys the database, deleting all of its data and all of the tables used
by the wallet server. Returns true on success and false on failure.
-=item error()
+=item error ()
Returns the error of the last failing operation or undef if no operations
have failed. Callers should call this function to get the error message
@@ -240,7 +338,7 @@ Register in the database a mapping from the ACL scheme SCHEME to the class
CLASS. Returns true on success and false on failure (including when the
verifier is already registered).
-=item reinitialize(PRINCIPAL)
+=item reinitialize (PRINCIPAL)
Performs the same actions as initialize(), but first drops any existing
wallet database tables from the database, allowing this function to be
@@ -249,6 +347,11 @@ be deleted and a fresh set of wallet database tables will be created.
This method is equivalent to calling destroy() followed by initialize().
Returns true on success and false on failure.
+=item upgrade ()
+
+Upgrades the database to the latest schema version, preserving data as
+much as possible. Returns true on success and false on failure.
+
=back
=head1 SEE ALSO
diff --git a/perl/Wallet/Config.pm b/perl/Wallet/Config.pm
index 23a051d..af153e7 100644
--- a/perl/Wallet/Config.pm
+++ b/perl/Wallet/Config.pm
@@ -1,7 +1,8 @@
# Wallet::Config -- Configuration handling for the wallet server.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -27,7 +28,7 @@ Wallet::Config - Configuration handling for the wallet server
DBI DSN SQLite subdirectories KEYTAB keytab kadmind KDC add-ons kadmin DNS
SRV kadmin keytabs remctl backend lowercased NETDB ACL NetDB unscoped
usernames rekey hostnames Allbery wallet-backend keytab-backend Heimdal
-rekeys
+rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API
=head1 SYNOPSIS
@@ -84,6 +85,17 @@ file.
=over 4
+=item DB_DDL_DIRECTORY
+
+Specifies the directory used to dump the database schema in formats for
+each possible database server. This also includes diffs between schema
+versions, for upgrades. The default value is F</usr/local/share/wallet>,
+which matches the default installation location.
+
+=cut
+
+our $DB_DDL_DIRECTORY = '/usr/local/share/wallet';
+
=item DB_DRIVER
Sets the Perl database driver to use for the wallet database. Common
@@ -378,6 +390,146 @@ our $KEYTAB_REMCTL_PORT;
=back
+=head1 WEBAUTH KEYRING OBJECT CONFIGURATION
+
+These configuration variables only need to be set if you intend to use the
+C<wakeyring> object type (the Wallet::Object::WAKeyring class).
+
+=over 4
+
+=item WAKEYRING_BUCKET
+
+The directory into which to store WebAuth keyring objects. WebAuth
+keyring objects will be stored in subdirectories of this directory. See
+L<Wallet::Object::WAKeyring> for the full details of the naming scheme.
+This directory must be writable by the wallet server and the wallet server
+must be able to create subdirectories of it.
+
+WAKEYRING_BUCKET must be set to use WebAuth keyring objects.
+
+=cut
+
+our $WAKEYRING_BUCKET;
+
+=item WAKEYRING_REKEY_INTERVAL
+
+The interval, in seconds, at which new keys are generated in a keyring.
+The object implementation will try to arrange for there to be keys added
+to the keyring separated by this interval.
+
+It's useful to provide some interval to install the keyring everywhere
+that it's used before the key becomes inactive. Every keyring will
+therefore normally have at least three keys: one that's currently active,
+one that becomes valid in the future but less than
+WAKEYRING_REKEY_INTERVAL from now, and one that becomes valid between one
+and two of those intervals into the future. This means that one has twice
+this interval to distribute the keyring everywhere it is used.
+
+Internally, this is implemented by adding a new key that becomes valid in
+twice this interval from the current time if the newest key becomes valid
+at or less than this interval in the future.
+
+The default value is 60 * 60 * 24 (one day).
+
+=cut
+
+our $WAKEYRING_REKEY_INTERVAL = 60 * 60 * 24;
+
+=item WAKEYRING_PURGE_INTERVAL
+
+The interval, in seconds, from the key creation date after which keys are
+removed from the keyring. This is used to clean up old keys and finish
+key rotation. Keys won't be removed unless there are more than three keys
+in the keyring to try to keep a misconfiguration from removing all valid
+keys.
+
+The default value is 60 * 60 * 24 * 90 (90 days).
+
+=cut
+
+our $WAKEYRING_PURGE_INTERVAL = 60 * 60 * 24 * 90;
+
+=back
+
+=head1 LDAP ACL CONFIGURATION
+
+These configuration variables are only needed if you intend to use the
+C<ldap-attr> ACL type (the Wallet::ACL::LDAP::Attribute class). They
+specify the LDAP server and additional connection and data model
+information required for the wallet to check for the existence of
+attributes.
+
+=over 4
+
+=item LDAP_HOST
+
+The LDAP server name to use to verify LDAP ACLs. This variable must be
+set to use LDAP ACLs.
+
+=cut
+
+our $LDAP_HOST;
+
+=item LDAP_BASE
+
+The base DN under which to search for the entry corresponding to a
+principal. Currently, the wallet always does a full subtree search under
+this base DN. This variable must be set to use LDAP ACLs.
+
+=cut
+
+our $LDAP_BASE;
+
+=item LDAP_FILTER_ATTR
+
+The attribute used to find the entry corresponding to a principal. The
+LDAP entry containing this attribute with a value equal to the principal
+will be found and checked for the required attribute and value. If this
+variable is not set, the default is C<krb5PrincipalName>.
+
+=cut
+
+our $LDAP_FILTER_ATTR;
+
+=item LDAP_CACHE
+
+Specifies the Kerberos ticket cache to use when connecting to the LDAP
+server. GSS-API authentication is always used; there is currently no
+support for any other type of bind. The ticket cache must be for a
+principal with access to verify the values of attributes that will be used
+with this ACL type. This variable must be set to use LDAP ACLs.
+
+=cut
+
+our $LDAP_CACHE;
+
+=back
+
+Finally, depending on the structure of the LDAP directory being queried,
+there may not be any attribute in the directory whose value exactly
+matches the Kerberos principal. The attribute designated by
+LDAP_FILTER_ATTR may instead hold a transformation of the principal name
+(such as the principal with the local realm stripped off, or rewritten
+into an LDAP DN form). If this is the case, define a Perl function named
+ldap_map_attribute. This function will be called whenever an LDAP
+attribute ACL is being verified. It will take one argument, the
+principal, and is expected to return the value to search for in the LDAP
+directory server.
+
+For example, if the principal name without the local realm is stored in
+the C<uid> attribute in the directory, set LDAP_FILTER_ATTR to C<uid> and
+then define ldap_map_attribute as follows:
+
+ sub ldap_map_attribute {
+ my ($principal) = @_;
+ $principal =~ s/\@EXAMPLE\.COM$//;
+ return $principal;
+ }
+
+Note that this example only removes the local realm (here, EXAMPLE.COM).
+Any principal from some other realm will be left fully qualified, and then
+presumably will not be found in the directory.
+
=head1 NETDB ACL CONFIGURATION
These configuration variables are only needed if you intend to use the
diff --git a/perl/Wallet/Database.pm b/perl/Wallet/Database.pm
index 7daab9f..61de0ba 100644
--- a/perl/Wallet/Database.pm
+++ b/perl/Wallet/Database.pm
@@ -1,12 +1,13 @@
# Wallet::Database -- Wallet system database connection management.
#
-# This module is a thin wrapper around DBI to handle determination of the
-# database driver and configuration settings automatically on connect. The
+# This module is a thin wrapper around DBIx::Class to handle determination
+# of the database configuration settings automatically on connect. The
# intention is that Wallet::Database objects can be treated in all respects
-# like DBI objects in the rest of the code.
+# like DBIx::Class objects in the rest of the code.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010, 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -14,32 +15,21 @@
# Modules and declarations
##############################################################################
-# Set up the subclasses. This is required to avoid warnings under DBI 1.40
-# and later, even though we don't actually make use of any overridden
-# statement handle or database handle methods.
-package Wallet::Database::st;
-use vars qw(@ISA);
-@ISA = qw(DBI::st);
-
-package Wallet::Database::db;
-use vars qw(@ISA);
-@ISA = qw(DBI::db);
-
package Wallet::Database;
require 5.006;
use strict;
use vars qw(@ISA $VERSION);
-use DBI;
+use Wallet::Schema;
use Wallet::Config;
-@ISA = qw(DBI);
+@ISA = qw(Wallet::Schema);
# This version should be increased on any code change to this module. Always
# use two digits for the minor version with a leading zero if necessary so
# that it will sort properly.
-$VERSION = '0.03';
+$VERSION = '0.04';
##############################################################################
# Core overrides
@@ -65,7 +55,7 @@ sub connect {
}
my $user = $Wallet::Config::DB_USER;
my $pass = $Wallet::Config::DB_PASSWORD;
- my %attrs = (PrintError => 0, RaiseError => 1, AutoCommit => 0);
+ my %attrs = (PrintError => 0, RaiseError => 1);
my $dbh = eval { $class->SUPER::connect ($dsn, $user, $pass, \%attrs) };
if ($@) {
die "cannot connect to database: $@\n";
diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm
index 074dd1e..bfff3ef 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/Wallet/Kadmin.pm
@@ -1,7 +1,8 @@
# Wallet::Kadmin -- Kerberos administration API for wallet keytab backend.
#
# Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm
index 658ac04..bb07b93 100644
--- a/perl/Wallet/Kadmin/Heimdal.pm
+++ b/perl/Wallet/Kadmin/Heimdal.pm
@@ -1,7 +1,8 @@
# Wallet::Kadmin::Heimdal -- Wallet Kerberos administration API for Heimdal.
#
# Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -234,7 +235,7 @@ __END__
##############################################################################
=for stopwords
-keytabs keytab kadmin KDC API Allbery Heimdal
+keytabs keytab kadmin KDC API Allbery Heimdal unlinked
=head1 NAME
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm
index fc4d271..b633e67 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/Wallet/Kadmin/MIT.pm
@@ -3,7 +3,7 @@
# Written by Russ Allbery <rra@stanford.edu>
# Pulled into a module by Jon Robertson <jonrober@stanford.edu>
# Copyright 2007, 2008, 2009, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -256,6 +256,7 @@ __END__
=for stopwords
rekeying rekeys remctl backend keytabs keytab kadmin KDC API Allbery
+unlinked
=head1 NAME
diff --git a/perl/Wallet/Object/Base.pm b/perl/Wallet/Object/Base.pm
index 5097729..dd128cc 100644
--- a/perl/Wallet/Object/Base.pm
+++ b/perl/Wallet/Object/Base.pm
@@ -1,7 +1,8 @@
# Wallet::Object::Base -- Parent class for any object stored in the wallet.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010, 2011
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -17,12 +18,13 @@ use vars qw($VERSION);
use DBI;
use POSIX qw(strftime);
+use Text::Wrap qw(wrap);
use Wallet::ACL;
# This version should be increased on any code change to this module. Always
# use two digits for the minor version with a leading zero if necessary so
# that it will sort properly.
-$VERSION = '0.05';
+$VERSION = '0.06';
##############################################################################
# Constructors
@@ -34,15 +36,16 @@ $VERSION = '0.05';
# type in the object. If the object doesn't exist, returns undef. This will
# probably be usable as-is by most object types.
sub new {
- my ($class, $type, $name, $dbh) = @_;
- my $sql = 'select ob_name from objects where ob_type = ? and ob_name = ?';
- my $data = $dbh->selectrow_array ($sql, undef, $type, $name);
- $dbh->commit;
- die "cannot find ${type}:${name}\n" unless ($data and $data eq $name);
+ my ($class, $type, $name, $schema) = @_;
+ my %search = (ob_type => $type,
+ ob_name => $name);
+ my $object = $schema->resultset('Object')->find (\%search);
+ die "cannot find ${type}:${name}\n"
+ unless ($object and $object->ob_name eq $name);
my $self = {
- dbh => $dbh,
- name => $name,
- type => $type,
+ schema => $schema,
+ name => $name,
+ type => $type,
};
bless ($self, $class);
return $self;
@@ -53,28 +56,37 @@ sub new {
# specified class. Stores the database handle to use, the name, and the type
# in the object. Subclasses may need to override this to do additional setup.
sub create {
- my ($class, $type, $name, $dbh, $user, $host, $time) = @_;
+ my ($class, $type, $name, $schema, $user, $host, $time) = @_;
$time ||= time;
die "invalid object type\n" unless $type;
die "invalid object name\n" unless $name;
+ my $guard = $schema->txn_scope_guard;
eval {
- my $date = strftime ('%Y-%m-%d %T', localtime $time);
- my $sql = 'insert into objects (ob_type, ob_name, ob_created_by,
- ob_created_from, ob_created_on) values (?, ?, ?, ?, ?)';
- $dbh->do ($sql, undef, $type, $name, $user, $host, $date);
- $sql = "insert into object_history (oh_type, oh_name, oh_action,
- oh_by, oh_from, oh_on) values (?, ?, 'create', ?, ?, ?)";
- $dbh->do ($sql, undef, $type, $name, $user, $host, $date);
- $dbh->commit;
+ my %record = (ob_type => $type,
+ ob_name => $name,
+ ob_created_by => $user,
+ ob_created_from => $host,
+ ob_created_on => strftime ('%Y-%m-%d %T',
+ localtime $time));
+ $schema->resultset('Object')->create (\%record);
+
+ %record = (oh_type => $type,
+ oh_name => $name,
+ oh_action => 'create',
+ oh_by => $user,
+ oh_from => $host,
+ oh_on => strftime ('%Y-%m-%d %T', localtime $time));
+ $schema->resultset('ObjectHistory')->create (\%record);
+
+ $guard->commit;
};
if ($@) {
- $dbh->rollback;
die "cannot create object ${type}:${name}: $@\n";
}
my $self = {
- dbh => $dbh,
- name => $name,
- type => $type,
+ schema => $schema,
+ name => $name,
+ type => $type,
};
bless ($self, $class);
return $self;
@@ -124,30 +136,36 @@ sub log_action {
# We have two traces to record, one in the object_history table and one in
# the object record itself. Commit both changes as a transaction. We
# assume that AutoCommit is turned off.
+ my $guard = $self->{schema}->txn_scope_guard;
eval {
- my $date = strftime ('%Y-%m-%d %T', localtime $time);
- my $sql = 'insert into object_history (oh_type, oh_name, oh_action,
- oh_by, oh_from, oh_on) values (?, ?, ?, ?, ?, ?)';
- $self->{dbh}->do ($sql, undef, $self->{type}, $self->{name}, $action,
- $user, $host, $date);
+ my %record = (oh_type => $self->{type},
+ oh_name => $self->{name},
+ oh_action => $action,
+ oh_by => $user,
+ oh_from => $host,
+ oh_on => strftime ('%Y-%m-%d %T', localtime $time));
+ $self->{schema}->resultset('ObjectHistory')->create (\%record);
+
+ my %search = (ob_type => $self->{type},
+ ob_name => $self->{name});
+ my $object = $self->{schema}->resultset('Object')->find (\%search);
if ($action eq 'get') {
- $sql = 'update objects set ob_downloaded_by = ?,
- ob_downloaded_from = ?, ob_downloaded_on = ? where
- ob_type = ? and ob_name = ?';
- $self->{dbh}->do ($sql, undef, $user, $host, $date, $self->{type},
- $self->{name});
+ $object->ob_downloaded_by ($user);
+ $object->ob_downloaded_from ($host);
+ $object->ob_downloaded_on (strftime ('%Y-%m-%d %T',
+ localtime $time));
} elsif ($action eq 'store') {
- $sql = 'update objects set ob_stored_by = ?, ob_stored_from = ?,
- ob_stored_on = ? where ob_type = ? and ob_name = ?';
- $self->{dbh}->do ($sql, undef, $user, $host, $date, $self->{type},
- $self->{name});
+ $object->ob_stored_by ($user);
+ $object->ob_stored_from ($host);
+ $object->ob_stored_on (strftime ('%Y-%m-%d %T',
+ localtime $time));
}
- $self->{dbh}->commit;
+ $object->update;
+ $guard->commit;
};
if ($@) {
my $id = $self->{type} . ':' . $self->{name};
$self->error ("cannot update history for $id: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -169,16 +187,22 @@ sub log_set {
}
my %fields = map { $_ => 1 }
qw(owner acl_get acl_store acl_show acl_destroy acl_flags expires
- flags type_data);
+ comment flags type_data);
unless ($fields{$field}) {
die "invalid history field $field";
}
- my $date = strftime ('%Y-%m-%d %T', localtime $time);
- my $sql = "insert into object_history (oh_type, oh_name, oh_action,
- oh_field, oh_type_field, oh_old, oh_new, oh_by, oh_from, oh_on)
- values (?, ?, 'set', ?, ?, ?, ?, ?, ?, ?)";
- $self->{dbh}->do ($sql, undef, $self->{type}, $self->{name}, $field,
- $type_field, $old, $new, $user, $host, $date);
+
+ my %record = (oh_type => $self->{type},
+ oh_name => $self->{name},
+ oh_action => 'set',
+ oh_field => $field,
+ oh_type_field => $type_field,
+ oh_old => $old,
+ oh_new => $new,
+ oh_by => $user,
+ oh_from => $host,
+ oh_on => strftime ('%Y-%m-%d %T', localtime $time));
+ $self->{schema}->resultset('ObjectHistory')->create (\%record);
}
##############################################################################
@@ -200,20 +224,21 @@ sub _set_internal {
$self->error ("cannot modify ${type}:${name}: object is locked");
return;
}
+
+ my $guard = $self->{schema}->txn_scope_guard;
eval {
- my $sql = "select ob_$attr from objects where ob_type = ? and
- ob_name = ?";
- my $old = $self->{dbh}->selectrow_array ($sql, undef, $type, $name);
- $sql = "update objects set ob_$attr = ? where ob_type = ? and
- ob_name = ?";
- $self->{dbh}->do ($sql, undef, $value, $type, $name);
+ my %search = (ob_type => $type,
+ ob_name => $name);
+ my $object = $self->{schema}->resultset('Object')->find (\%search);
+ my $old = $object->get_column ("ob_$attr");
+
+ $object->update ({ "ob_$attr" => $value });
$self->log_set ($attr, $old, $value, $user, $host, $time);
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
my $id = $self->{type} . ':' . $self->{name};
$self->error ("cannot set $attr on $id: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -234,14 +259,13 @@ sub _get_internal {
my $type = $self->{type};
my $value;
eval {
- my $sql = "select $attr from objects where ob_type = ? and
- ob_name = ?";
- $value = $self->{dbh}->selectrow_array ($sql, undef, $type, $name);
- $self->{dbh}->commit;
+ my %search = (ob_type => $type,
+ ob_name => $name);
+ my $object = $self->{schema}->resultset('Object')->find (\%search);
+ $value = $object->get_column ($attr);
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return $value;
@@ -258,7 +282,7 @@ sub acl {
my $attr = "acl_$type";
if ($id) {
my $acl;
- eval { $acl = Wallet::ACL->new ($id, $self->{dbh}) };
+ eval { $acl = Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -291,6 +315,19 @@ sub attr_show {
return '';
}
+# Get or set the comment value of an object. If setting it, trace information
+# must also be provided.
+sub comment {
+ my ($self, $comment, $user, $host, $time) = @_;
+ if ($comment) {
+ return $self->_set_internal ('comment', $comment, $user, $host, $time);
+ } elsif (defined $comment) {
+ return $self->_set_internal ('comment', undef, $user, $host, $time);
+ } else {
+ return $self->_get_internal ('comment');
+ }
+}
+
# Get or set the expires value of an object. Expects an expiration time in
# seconds since epoch. If setting the expiration, trace information must also
# be provided.
@@ -315,7 +352,7 @@ sub owner {
my ($self, $owner, $user, $host, $time) = @_;
if ($owner) {
my $acl;
- eval { $acl = Wallet::ACL->new ($owner, $self->{dbh}) };
+ eval { $acl = Wallet::ACL->new ($owner, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -338,17 +375,21 @@ sub flag_check {
my ($self, $flag) = @_;
my $name = $self->{name};
my $type = $self->{type};
- my $dbh = $self->{dbh};
+ my $schema = $self->{schema};
my $value;
eval {
- my $sql = 'select fl_flag from flags where fl_type = ? and fl_name = ?
- and fl_flag = ?';
- $value = $dbh->selectrow_array ($sql, undef, $type, $name, $flag);
- $dbh->commit;
+ my %search = (fl_type => $type,
+ fl_name => $name,
+ fl_flag => $flag);
+ my $flag = $schema->resultset('Flag')->find (\%search);
+ if (not defined $flag) {
+ $value = 0;
+ } else {
+ $value = $flag->fl_flag;
+ }
};
if ($@) {
$self->error ("cannot check flag $flag for ${type}:${name}: $@");
- $dbh->rollback;
return;
} else {
return ($value) ? 1 : 0;
@@ -362,23 +403,22 @@ sub flag_clear {
$time ||= time;
my $name = $self->{name};
my $type = $self->{type};
- my $dbh = $self->{dbh};
+ my $schema = $self->{schema};
+ my $guard = $schema->txn_scope_guard;
eval {
- my $sql = 'select * from flags where fl_type = ? and fl_name = ? and
- fl_flag = ?';
- my ($data) = $dbh->selectrow_array ($sql, undef, $type, $name, $flag);
- unless (defined $data) {
+ my %search = (fl_type => $type,
+ fl_name => $name,
+ fl_flag => $flag);
+ my $flag = $schema->resultset('Flag')->find (\%search);
+ unless (defined $flag) {
die "flag not set\n";
}
- $sql = 'delete from flags where fl_type = ? and fl_name = ? and
- fl_flag = ?';
- $dbh->do ($sql, undef, $type, $name, $flag);
- $self->log_set ('flags', $flag, undef, $user, $host, $time);
- $dbh->commit;
+ $flag->delete;
+ $self->log_set ('flags', $flag->fl_flag, undef, $user, $host, $time);
+ $guard->commit;
};
if ($@) {
$self->error ("cannot clear flag $flag on ${type}:${name}: $@");
- $dbh->rollback;
return;
}
return 1;
@@ -392,20 +432,18 @@ sub flag_list {
undef $self->{error};
my @flags;
eval {
- my $sql = 'select fl_flag from flags where fl_type = ? and
- fl_name = ? order by fl_flag';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{type}, $self->{name});
- my $flag;
- while (defined ($flag = $sth->fetchrow_array)) {
- push (@flags, $flag);
+ my %search = (fl_type => $self->{type},
+ fl_name => $self->{name});
+ my %attrs = (order_by => 'fl_flag');
+ my @flags_rs = $self->{schema}->resultset('Flag')->search (\%search,
+ \%attrs);
+ for my $flag (@flags_rs) {
+ push (@flags, $flag->fl_flag);
}
- $self->{dbh}->commit;
};
if ($@) {
my $id = $self->{type} . ':' . $self->{name};
$self->error ("cannot retrieve flags for $id: $@");
- $self->{dbh}->rollback;
return;
} else {
return @flags;
@@ -419,23 +457,22 @@ sub flag_set {
$time ||= time;
my $name = $self->{name};
my $type = $self->{type};
- my $dbh = $self->{dbh};
+ my $schema = $self->{schema};
+ my $guard = $schema->txn_scope_guard;
eval {
- my $sql = 'select * from flags where fl_type = ? and fl_name = ? and
- fl_flag = ?';
- my ($data) = $dbh->selectrow_array ($sql, undef, $type, $name, $flag);
- if (defined $data) {
+ my %search = (fl_type => $type,
+ fl_name => $name,
+ fl_flag => $flag);
+ my $flag = $schema->resultset('Flag')->find (\%search);
+ if (defined $flag) {
die "flag already set\n";
}
- $sql = 'insert into flags (fl_type, fl_name, fl_flag)
- values (?, ?, ?)';
- $dbh->do ($sql, undef, $type, $name, $flag);
- $self->log_set ('flags', undef, $flag, $user, $host, $time);
- $dbh->commit;
+ $flag = $schema->resultset('Flag')->create (\%search);
+ $self->log_set ('flags', undef, $flag->fl_flag, $user, $host, $time);
+ $guard->commit;
};
if ($@) {
$self->error ("cannot set flag $flag on ${type}:${name}: $@");
- $dbh->rollback;
return;
}
return 1;
@@ -451,11 +488,10 @@ sub format_acl_id {
my ($self, $id) = @_;
my $name = $id;
- my $sql = 'select ac_name from acls where ac_id = ?';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($id);
- if (my @ref = $sth->fetchrow_array) {
- $name = $ref[0] . " ($id)";
+ my %search = (ac_id => $id);
+ my $acl_rs = $self->{schema}->resultset('Acl')->find (\%search);
+ if (defined $acl_rs) {
+ $name = $acl_rs->ac_name . " ($id)";
}
return $name;
@@ -468,23 +504,29 @@ sub history {
my ($self) = @_;
my $output = '';
eval {
- my $sql = 'select oh_action, oh_field, oh_type_field, oh_old, oh_new,
- oh_by, oh_from, oh_on from object_history where oh_type = ? and
- oh_name = ? order by oh_on';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{type}, $self->{name});
- my @data;
- while (@data = $sth->fetchrow_array) {
- $output .= "$data[7] ";
- my ($old, $new) = @data[3..4];
- if ($data[0] eq 'set' and $data[1] eq 'flags') {
- if (defined ($data[4])) {
- $output .= "set flag $data[4]";
- } elsif (defined ($data[3])) {
- $output .= "clear flag $data[3]";
+ my %search = (oh_type => $self->{type},
+ oh_name => $self->{name});
+ my %attrs = (order_by => 'oh_on');
+ my @history = $self->{schema}->resultset('ObjectHistory')
+ ->search (\%search, \%attrs);
+
+ for my $history_rs (@history) {
+ $output .= sprintf ("%s %s ", $history_rs->oh_on->ymd,
+ $history_rs->oh_on->hms);
+
+ my $old = $history_rs->oh_old;
+ my $new = $history_rs->oh_new;
+ my $action = $history_rs->oh_action;
+ my $field = $history_rs->oh_field;
+
+ if ($action eq 'set' and $field eq 'flags') {
+ if (defined ($new)) {
+ $output .= "set flag $new";
+ } elsif (defined ($old)) {
+ $output .= "clear flag $old";
}
- } elsif ($data[0] eq 'set' and $data[1] eq 'type_data') {
- my $attr = $data[2];
+ } elsif ($action eq 'set' and $field eq 'type_data') {
+ my $attr = $history_rs->oh_type_field;
if (defined ($old) and defined ($new)) {
$output .= "set attribute $attr to $new (was $old)";
} elsif (defined ($old)) {
@@ -492,9 +534,8 @@ sub history {
} elsif (defined ($new)) {
$output .= "add $new to attribute $attr";
}
- } elsif ($data[0] eq 'set'
- and ($data[1] eq 'owner' or $data[1] =~ /^acl_/)) {
- my $field = $data[1];
+ } elsif ($action eq 'set'
+ and ($field eq 'owner' or $field =~ /^acl_/)) {
$old = $self->format_acl_id ($old) if defined ($old);
$new = $self->format_acl_id ($new) if defined ($new);
if (defined ($old) and defined ($new)) {
@@ -504,8 +545,7 @@ sub history {
} elsif (defined ($old)) {
$output .= "unset $field (was $old)";
}
- } elsif ($data[0] eq 'set') {
- my $field = $data[1];
+ } elsif ($action eq 'set') {
if (defined ($old) and defined ($new)) {
$output .= "set $field to $new (was $old)";
} elsif (defined ($new)) {
@@ -514,16 +554,15 @@ sub history {
$output .= "unset $field (was $old)";
}
} else {
- $output .= $data[0];
+ $output .= $action;
}
- $output .= "\n by $data[5] from $data[6]\n";
+ $output .= sprintf ("\n by %s from %s\n", $history_rs->oh_by,
+ $history_rs->oh_from);
}
- $self->{dbh}->commit;
};
if ($@) {
my $id = $self->{type} . ':' . $self->{name};
$self->error ("cannot read history for $id: $@");
- $self->{dbh}->rollback;
return;
}
return $output;
@@ -565,6 +604,7 @@ sub show {
[ ob_acl_destroy => 'Destroy ACL' ],
[ ob_acl_flags => 'Flags ACL' ],
[ ob_expires => 'Expires' ],
+ [ ob_comment => 'Comment' ],
[ ob_created_by => 'Created by' ],
[ ob_created_from => 'Created from' ],
[ ob_created_on => 'Created on' ],
@@ -576,15 +616,14 @@ sub show {
[ ob_downloaded_on => 'Downloaded on' ]);
my $fields = join (', ', map { $_->[0] } @attrs);
my @data;
+ my $object_rs;
eval {
- my $sql = "select $fields from objects where ob_type = ? and
- ob_name = ?";
- @data = $self->{dbh}->selectrow_array ($sql, undef, $type, $name);
- $self->{dbh}->commit;
+ my %search = (ob_type => $type,
+ ob_name => $name);
+ $object_rs = $self->{schema}->resultset('Object')->find (\%search);
};
if ($@) {
$self->error ("cannot retrieve data for ${type}:${name}: $@");
- $self->{dbh}->rollback;
return;
}
my $output = '';
@@ -592,8 +631,19 @@ sub show {
# Format the results. We use a hack to insert the flags before the first
# trace field since they're not a field in the object in their own right.
- for my $i (0 .. $#data) {
- if ($attrs[$i][0] eq 'ob_created_by') {
+ # The comment should be word-wrapped at 80 columns.
+ for my $i (0 .. $#attrs) {
+ my $field = $attrs[$i][0];
+ my $fieldtext = $attrs[$i][1];
+ next unless my $value = $object_rs->get_column ($field);
+
+ if ($field eq 'ob_comment' && length ($value) > 79 - 17) {
+ local $Text::Wrap::columns = 80;
+ local $Text::Wrap::unexpand = 0;
+ $value = wrap (' ' x 17, ' ' x 17, $value);
+ $value =~ s/^ {17}//;
+ }
+ if ($field eq 'ob_created_by') {
my @flags = $self->flag_list;
if (not @flags and $self->error) {
return;
@@ -607,15 +657,14 @@ sub show {
}
$output .= $attr_output;
}
- next unless defined $data[$i];
- if ($attrs[$i][0] =~ /^ob_(owner|acl_)/) {
- my $acl = eval { Wallet::ACL->new ($data[$i], $self->{dbh}) };
+ if ($field =~ /^ob_(owner|acl_)/) {
+ my $acl = eval { Wallet::ACL->new ($value, $self->{schema}) };
if ($acl and not $@) {
- $data[$i] = $acl->name || $data[$i];
- push (@acls, [ $acl, $data[$i] ]);
+ $value = $acl->name || $value;
+ push (@acls, [ $acl, $value ]);
}
}
- $output .= sprintf ("%15s: %s\n", $attrs[$i][1], $data[$i]);
+ $output .= sprintf ("%15s: %s\n", $fieldtext, $value);
}
if (@acls) {
my %seen;
@@ -639,20 +688,31 @@ sub destroy {
$self->error ("cannot destroy ${type}:${name}: object is locked");
return;
}
+ my $guard = $self->{schema}->txn_scope_guard;
eval {
- my $date = strftime ('%Y-%m-%d %T', localtime $time);
- my $sql = 'delete from flags where fl_type = ? and fl_name = ?';
- $self->{dbh}->do ($sql, undef, $type, $name);
- $sql = 'delete from objects where ob_type = ? and ob_name = ?';
- $self->{dbh}->do ($sql, undef, $type, $name);
- $sql = "insert into object_history (oh_type, oh_name, oh_action,
- oh_by, oh_from, oh_on) values (?, ?, 'destroy', ?, ?, ?)";
- $self->{dbh}->do ($sql, undef, $type, $name, $user, $host, $date);
- $self->{dbh}->commit;
+
+ # Remove any flags that may exist for the record.
+ my %search = (fl_type => $type,
+ fl_name => $name);
+ $self->{schema}->resultset('Flag')->search (\%search)->delete;
+
+ # Remove any object records
+ %search = (ob_type => $type,
+ ob_name => $name);
+ $self->{schema}->resultset('Object')->search (\%search)->delete;
+
+ # And create a new history object for the destroy action.
+ my %record = (oh_type => $type,
+ oh_name => $name,
+ oh_action => 'destroy',
+ oh_by => $user,
+ oh_from => $host,
+ oh_on => strftime ('%Y-%m-%d %T', localtime $time));
+ $self->{schema}->resultset('ObjectHistory')->create (\%record);
+ $guard->commit;
};
if ($@) {
$self->error ("cannot destroy ${type}:${name}: $@");
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -671,7 +731,7 @@ Wallet::Object::Base - Generic parent class for wallet objects
=for stopwords
DBH HOSTNAME DATETIME ACL backend metadata timestamp Allbery wallet-backend
-backend-specific
+backend-specific subclasses
=head1 SYNOPSIS
@@ -709,7 +769,7 @@ such object exits, throws an exception. Otherwise, returns an object
blessed into the class used for the new() call (so subclasses can leave
this method alone and not override it).
-Takes a Wallet::Database object, which is stored in the object and used
+Takes a Wallet::Schema object, which is stored in the object and used
for any further operations.
=item create(TYPE, NAME, DBH, PRINCIPAL, HOSTNAME [, DATETIME])
@@ -778,6 +838,18 @@ attributes set, this method should return that metadata, formatted as key:
value pairs with the keys right-aligned in the first 15 characters,
followed by a space, a colon, and the value.
+=item comment([COMMENT, PRINCIPAL, HOSTNAME [, DATETIME]])
+
+Sets or retrieves the comment associated with an object. If no arguments
+are given, returns the current comment or undef if no comment is set. If
+arguments are given, change the comment to COMMENT and return true on
+success and false on failure. Pass in the empty string for COMMENT to
+clear the comment.
+
+The other arguments are used for logging and history and should indicate
+the user and host from which the change is made and the time of the
+change.
+
=item destroy(PRINCIPAL, HOSTNAME [, DATETIME])
Destroys the object by removing all record of it from the database. The
diff --git a/perl/Wallet/Object/File.pm b/perl/Wallet/Object/File.pm
index 47c8ac2..49589f1 100644
--- a/perl/Wallet/Object/File.pm
+++ b/perl/Wallet/Object/File.pm
@@ -1,7 +1,8 @@
# Wallet::Object::File -- File object implementation for the wallet.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -143,7 +144,7 @@ API HOSTNAME DATETIME keytab remctld backend nul Allbery wallet-backend
my @name = qw(file mysql-lsdb)
my @trace = ($user, $host, time);
- my $object = Wallet::Object::Keytab->create (@name, $dbh, @trace);
+ my $object = Wallet::Object::Keytab->create (@name, $schema, @trace);
unless ($object->store ("the-password\n")) {
die $object->error, "\n";
}
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/Wallet/Object/Keytab.pm
index b7c2805..e00747b 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/Wallet/Object/Keytab.pm
@@ -1,8 +1,8 @@
# Wallet::Object::Keytab -- Keytab object implementation for the wallet.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2009, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2009, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -40,21 +40,29 @@ sub enctypes_set {
my @trace = ($user, $host, $time);
my $name = $self->{name};
my %enctypes = map { $_ => 1 } @$enctypes;
+ my $guard = $self->{schema}->txn_scope_guard;
eval {
- my $sql = 'select ke_enctype from keytab_enctypes where ke_name = ?';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($name);
- my (@current, $entry);
- while (defined ($entry = $sth->fetchrow_arrayref)) {
- push (@current, @$entry);
+
+ # Find all enctypes for the given keytab.
+ my %search = (ke_name => $name);
+ my @enctypes = $self->{schema}->resultset('KeytabEnctype')
+ ->search (\%search);
+ my (@current);
+ for my $enctype_rs (@enctypes) {
+ push (@current, $enctype_rs->ke_enctype);
}
+
+ # Use the existing enctypes and the enctypes we should have to match
+ # against ones that need to be removed, and note those that already
+ # exist.
for my $enctype (@current) {
if ($enctypes{$enctype}) {
delete $enctypes{$enctype};
} else {
- $sql = 'delete from keytab_enctypes where ke_name = ? and
- ke_enctype = ?';
- $self->{dbh}->do ($sql, undef, $name, $enctype);
+ %search = (ke_name => $name,
+ ke_enctype => $enctype);
+ $self->{schema}->resultset('KeytabEnctype')->find (\%search)
+ ->delete;
$self->log_set ('type_data enctypes', $enctype, undef, @trace);
}
}
@@ -64,21 +72,20 @@ sub enctypes_set {
# doesn't enforce integrity constraints. We do this in sorted order
# to make it easier to test.
for my $enctype (sort keys %enctypes) {
- $sql = 'select en_name from enctypes where en_name = ?';
- my $status = $self->{dbh}->selectrow_array ($sql, undef, $enctype);
- unless ($status) {
+ my %search = (en_name => $enctype);
+ my $enctype_rs = $self->{schema}->('Enctype')->find (\%search);
+ unless (defined $enctype_rs) {
die "unknown encryption type $enctype\n";
}
- $sql = 'insert into keytab_enctypes (ke_name, ke_enctype) values
- (?, ?)';
- $self->{dbh}->do ($sql, undef, $name, $enctype);
+ my %record = (ke_name => $name,
+ ke_enctype => $enctype);
+ $self->{schema}->resultset('Enctype')->create (\%record);
$self->log_set ('type_data enctypes', undef, $enctype, @trace);
}
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return 1;
@@ -92,19 +99,16 @@ sub enctypes_list {
my ($self) = @_;
my @enctypes;
eval {
- my $sql = 'select ke_enctype from keytab_enctypes where ke_name = ?
- order by ke_enctype';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{name});
- my $entry;
- while (defined ($entry = $sth->fetchrow_arrayref)) {
- push (@enctypes, @$entry);
+ my %search = (ke_name => $self->{name});
+ my %attrs = (order_by => 'ke_enctype');
+ my @enctypes_rs = $self->{schema}->resultset('KeytabEnctype')
+ ->search (\%search, \%attrs);
+ for my $enctype_rs (@enctypes_rs) {
+ push (@enctypes, $enctype_rs->ke_enctype);
}
- $self->{dbh}->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return @enctypes;
@@ -132,21 +136,21 @@ sub sync_set {
$self->error ("unsupported synchronization target $target");
return;
} else {
+ my $guard = $self->{schema}->txn_scope_guard;
eval {
- my $sql = 'select ks_target from keytab_sync where ks_name = ?';
- my $dbh = $self->{dbh};
my $name = $self->{name};
- my ($result) = $dbh->selectrow_array ($sql, undef, $name);
- if ($result) {
- my $sql = 'delete from keytab_sync where ks_name = ?';
- $self->{dbh}->do ($sql, undef, $name);
- $self->log_set ('type_data sync', $result, undef, @trace);
+ my %search = (ks_name => $name);
+ my $sync_rs = $self->{schema}->resultset('KeytabSync')
+ ->find (\%search);
+ if (defined $sync_rs) {
+ my $target = $sync_rs->ks_target;
+ $sync_rs->delete;
+ $self->log_set ('type_data sync', $target, undef, @trace);
}
- $self->{dbh}->commit;
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
}
@@ -161,19 +165,16 @@ sub sync_list {
my ($self) = @_;
my @targets;
eval {
- my $sql = 'select ks_target from keytab_sync where ks_name = ?
- order by ks_target';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($self->{name});
- my $target;
- while (defined ($target = $sth->fetchrow_array)) {
- push (@targets, $target);
+ my %search = (ks_name => $self->{name});
+ my %attrs = (order_by => 'ks_target');
+ my @syncs = $self->{schema}->resultset('KeytabSync')->search (\%search,
+ \%attrs);
+ for my $sync_rs (@syncs) {
+ push (@targets, $sync_rs->ks_target);
}
- $self->{dbh}->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
return @targets;
@@ -238,21 +239,16 @@ sub attr_show {
# Override new to start by creating a handle for the kadmin module we're
# using.
sub new {
- my ($class, $type, $name, $dbh) = @_;
+ my ($class, $type, $name, $schema) = @_;
my $self = {
- dbh => $dbh,
+ schema => $schema,
kadmin => undef,
};
bless $self, $class;
my $kadmin = Wallet::Kadmin->new ();
$self->{kadmin} = $kadmin;
- # Set a callback for things to do after a fork, specifically for the MIT
- # kadmin module which forks to kadmin.
- my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
- $kadmin->fork_callback ($callback);
-
- $self = $class->SUPER::new ($type, $name, $dbh);
+ $self = $class->SUPER::new ($type, $name, $schema);
$self->{kadmin} = $kadmin;
return $self;
}
@@ -262,24 +258,20 @@ sub new {
# great here since we don't have a way to communicate the error back to the
# caller.
sub create {
- my ($class, $type, $name, $dbh, $creator, $host, $time) = @_;
+ my ($class, $type, $name, $schema, $creator, $host, $time) = @_;
my $self = {
- dbh => $dbh,
+ schema => $schema,
kadmin => undef,
};
bless $self, $class;
my $kadmin = Wallet::Kadmin->new ();
$self->{kadmin} = $kadmin;
- # Set a callback for things to do after a fork, specifically for the MIT
- # kadmin module which forks to kadmin.
- my $callback = sub { $self->{dbh}->{InactiveDestroy} = 1 };
- $kadmin->fork_callback ($callback);
-
if (not $kadmin->create ($name)) {
die $kadmin->error, "\n";
}
- $self = $class->SUPER::create ($type, $name, $dbh, $creator, $host, $time);
+ $self = $class->SUPER::create ($type, $name, $schema, $creator, $host,
+ $time);
$self->{kadmin} = $kadmin;
return $self;
}
@@ -292,16 +284,21 @@ sub destroy {
$self->error ("cannot destroy $id: object is locked");
return;
}
+ my $schema = $self->{schema};
+ my $guard = $schema->txn_scope_guard;
eval {
- my $sql = 'delete from keytab_sync where ks_name = ?';
- $self->{dbh}->do ($sql, undef, $self->{name});
- $sql = 'delete from keytab_enctypes where ke_name = ?';
- $self->{dbh}->do ($sql, undef, $self->{name});
- $self->{dbh}->commit;
+ my %search = (ks_name => $self->{name});
+ my $sync_rs = $schema->resultset('KeytabSync')->search (\%search);
+ $sync_rs->delete_all if defined $sync_rs;
+
+ %search = (ke_name => $self->{name});
+ my $enctype_rs = $schema->resultset('KeytabEnctype')->search (\%search);
+ $enctype_rs->delete_all if defined $enctype_rs;
+
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
my $kadmin = $self->{kadmin};
@@ -347,7 +344,7 @@ __END__
=for stopwords
keytab API KDC keytabs HOSTNAME DATETIME enctypes enctype DBH metadata
-unmanaged kadmin Allbery
+unmanaged kadmin Allbery unlinked
=head1 NAME
@@ -357,7 +354,7 @@ Wallet::Object::Keytab - Keytab object implementation for wallet
my @name = qw(keytab host/shell.example.com);
my @trace = ($user, $host, time);
- my $object = Wallet::Object::Keytab->create (@name, $dbh, @trace);
+ my $object = Wallet::Object::Keytab->create (@name, $schema, @trace);
my $keytab = $object->get (@trace);
$object->destroy (@trace);
diff --git a/perl/Wallet/Object/WAKeyring.pm b/perl/Wallet/Object/WAKeyring.pm
new file mode 100644
index 0000000..f33497c
--- /dev/null
+++ b/perl/Wallet/Object/WAKeyring.pm
@@ -0,0 +1,370 @@
+# Wallet::Object::WAKeyring -- WebAuth keyring object implementation.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::Object::WAKeyring;
+require 5.006;
+
+use strict;
+use vars qw(@ISA $VERSION);
+
+use Digest::MD5 qw(md5_hex);
+use Fcntl qw(LOCK_EX);
+use Wallet::Config ();
+use Wallet::Object::Base;
+use WebAuth 3.06 qw(WA_KEY_AES WA_AES_128);
+
+@ISA = qw(Wallet::Object::Base);
+
+# This version should be increased on any code change to this module. Always
+# use two digits for the minor version with a leading zero if necessary so
+# that it will sort properly.
+$VERSION = '0.01';
+
+##############################################################################
+# File naming
+##############################################################################
+
+# Returns the path into which that keyring object will be stored or undef on
+# error. On error, sets the internal error.
+sub file_path {
+ my ($self) = @_;
+ my $name = $self->{name};
+ unless ($Wallet::Config::WAKEYRING_BUCKET) {
+ $self->error ('WebAuth keyring support not configured');
+ return;
+ }
+ unless ($name) {
+ $self->error ('WebAuth keyring objects may not have empty names');
+ return;
+ }
+ my $hash = substr (md5_hex ($name), 0, 2);
+ $name =~ s/([^\w-])/sprintf ('%%%02X', ord ($1))/ge;
+ my $parent = "$Wallet::Config::WAKEYRING_BUCKET/$hash";
+ unless (-d $parent || mkdir ($parent, 0700)) {
+ $self->error ("cannot create keyring bucket $hash: $!");
+ return;
+ }
+ return "$Wallet::Config::WAKEYRING_BUCKET/$hash/$name";
+}
+
+##############################################################################
+# Core methods
+##############################################################################
+
+# Override destroy to delete the file as well.
+sub destroy {
+ my ($self, $user, $host, $time) = @_;
+ my $id = $self->{type} . ':' . $self->{name};
+ my $path = $self->file_path;
+ if (defined ($path) && -f $path && !unlink ($path)) {
+ $self->error ("cannot delete $id: $!");
+ return;
+ }
+ return $self->SUPER::destroy ($user, $host, $time);
+}
+
+# Update the keyring if needed, and then return the contents of the current
+# keyring.
+sub get {
+ my ($self, $user, $host, $time) = @_;
+ $time ||= time;
+ my $id = $self->{type} . ':' . $self->{name};
+ if ($self->flag_check ('locked')) {
+ $self->error ("cannot get $id: object is locked");
+ return;
+ }
+ my $path = $self->file_path;
+ return unless defined $path;
+
+ # Create a WebAuth context and ensure we can load the relevant modules.
+ my $wa = eval { WebAuth->new };
+ if ($@) {
+ $self->error ("cannot initialize WebAuth: $@");
+ return;
+ }
+
+ # Check if the keyring already exists. If not, create a new one with a
+ # single key that's immediately valid and two more that will become valid
+ # in the future.
+ #
+ # If the keyring does already exist, get a lock on the file. At the end
+ # of this process, we'll do an atomic update and then drop our lock.
+ #
+ # FIXME: There are probably better ways to do this. There are some race
+ # conditions here, particularly with new keyrings.
+ unless (open (FILE, '+<', $path)) {
+ my $data;
+ eval {
+ my $key = $wa->key_create (WA_KEY_AES, WA_AES_128);
+ my $ring = $wa->keyring_new ($key);
+ $key = $wa->key_create (WA_KEY_AES, WA_AES_128);
+ my $valid = time + $Wallet::Config::WAKEYRING_REKEY_INTERVAL;
+ $ring->add (time, $valid, $key);
+ $key = $wa->key_create (WA_KEY_AES, WA_AES_128);
+ $valid += $Wallet::Config::WAKEYRING_REKEY_INTERVAL;
+ $ring->add (time, $valid, $key);
+ $data = $ring->encode;
+ $ring->write ($path);
+ };
+ if ($@) {
+ $self->error ("cannot create new keyring");
+ return;
+ };
+ $self->log_action ('get', $user, $host, $time);
+ return $data;
+ }
+ unless (flock (FILE, LOCK_EX)) {
+ $self->error ("cannot get lock on keyring: $!");
+ return;
+ }
+
+ # Read the keyring.
+ my $ring = eval { WebAuth::Keyring->read ($wa, $path) };
+ if ($@) {
+ $self->error ("cannot read keyring: $@");
+ return;
+ }
+
+ # If the most recent key has a valid-after older than now +
+ # WAKEYRING_REKEY_INTERVAL, we generate a new key with a valid_after of
+ # now + 2 * WAKEYRING_REKEY_INTERVAL.
+ my ($count, $newest) = (0, 0);
+ for my $entry ($ring->entries) {
+ $count++;
+ if ($entry->valid_after > $newest) {
+ $newest = $entry->valid_after;
+ }
+ }
+ eval {
+ if ($newest <= time + $Wallet::Config::WAKEYRING_REKEY_INTERVAL) {
+ my $valid = time + 2 * $Wallet::Config::WAKEYRING_REKEY_INTERVAL;
+ my $key = $wa->key_create (WA_KEY_AES, WA_AES_128);
+ $ring->add (time, $valid, $key);
+ }
+ };
+ if ($@) {
+ $self->error ("cannot add new key: $@");
+ return;
+ }
+
+ # If there are any keys older than the purge interval, remove them, but
+ # only do so if we have more than three keys (the one that's currently
+ # active, the one that's going to come active in the rekey interval, and
+ # the one that's going to come active after that.
+ #
+ # FIXME: Be sure that we don't remove the last currently-valid key.
+ my $cutoff = time - $Wallet::Config::WAKEYRING_PURGE_INTERVAL;
+ my $i = 0;
+ my @purge;
+ if ($count > 3) {
+ for my $entry ($ring->entries) {
+ if ($entry->creation < $cutoff) {
+ push (@purge, $i);
+ }
+ $i++;
+ }
+ }
+ if (@purge && $count - @purge >= 3) {
+ eval {
+ for my $key (reverse @purge) {
+ $ring->remove ($key);
+ }
+ };
+ if ($@) {
+ $self->error ("cannot remove old keys: $@");
+ return;
+ }
+ }
+
+ # Encode the key.
+ my $data = eval { $ring->encode };
+ if ($@) {
+ $self->error ("cannot encode keyring: $@");
+ return;
+ }
+
+ # Write the new keyring to the path.
+ eval { $ring->write ($path) };
+ if ($@) {
+ $self->error ("cannot store new keyring: $@");
+ return;
+ }
+ close FILE;
+ $self->log_action ('get', $user, $host, $time);
+ return $data;
+}
+
+# Store the file on the wallet server.
+#
+# FIXME: Check the provided keyring for validity.
+sub store {
+ my ($self, $data, $user, $host, $time) = @_;
+ $time ||= time;
+ my $id = $self->{type} . ':' . $self->{name};
+ if ($self->flag_check ('locked')) {
+ $self->error ("cannot store $id: object is locked");
+ return;
+ }
+ if ($Wallet::Config::FILE_MAX_SIZE) {
+ my $max = $Wallet::Config::FILE_MAX_SIZE;
+ if (length ($data) > $max) {
+ $self->error ("data exceeds maximum of $max bytes");
+ return;
+ }
+ }
+ my $path = $self->file_path;
+ return unless $path;
+ unless (open (FILE, '>', $path)) {
+ $self->error ("cannot store $id: $!");
+ return;
+ }
+ unless (print FILE ($data) and close FILE) {
+ $self->error ("cannot store $id: $!");
+ close FILE;
+ return;
+ }
+ $self->log_action ('store', $user, $host, $time);
+ return 1;
+}
+
+1;
+__END__
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+WebAuth keyring keyrings API HOSTNAME DATETIME keytab AES rekey Allbery
+
+=head1 NAME
+
+Wallet::Object::WAKeyring - WebAuth keyring object implementation for wallet
+
+=head1 SYNOPSIS
+
+ my ($user, $host, $time);
+ my @name = qw(wa-keyring www.stanford.edu);
+ my @trace = ($user, $host, $time);
+ my $object = Wallet::Object::WAKeyring->create (@name, $schema, $trace);
+ my $keyring = $object->get (@trace);
+ unless ($object->store ($keyring)) {
+ die $object->error, "\n";
+ }
+ $object->destroy (@trace);
+
+=head1 DESCRIPTION
+
+Wallet::Object::WAKeyring is a representation of a WebAuth keyring in the
+wallet. It implements the wallet object API and provides the necessary
+glue to store a keyring on the wallet server, retrieve it, update the
+keyring with new keys automatically as needed, purge old keys
+automatically, and delete the keyring when the object is deleted.
+
+WebAuth keyrings hold one or more keys. Each key has a creation time and
+a validity time. The key cannot be used until its validity time has been
+reached. This permits safe key rotation: a new key is added with a
+validity time in the future, and then the keyring is updated everywhere it
+needs to be before that validity time is reached. This wallet object
+automatically handles key rotation by adding keys with validity dates in
+the future and removing keys with creation dates substantially in the
+past.
+
+To use this object, various configuration options specifying where to
+store the keyrings and how to handle key rotation must be set. See
+Wallet::Config for details on these configuration parameters and
+information about how to set wallet configuration.
+
+=head1 METHODS
+
+This object mostly inherits from Wallet::Object::Base. See the
+documentation for that class for all generic methods. Below are only
+those methods that are overridden or behave specially for this
+implementation.
+
+=over 4
+
+=item destroy(PRINCIPAL, HOSTNAME [, DATETIME])
+
+Destroys a WebAuth keyring object by removing it from the database and
+deleting the corresponding file on the wallet server. Returns true on
+success and false on failure. The caller should call error() to get the
+error message after a failure. PRINCIPAL, HOSTNAME, and DATETIME are
+stored as history information. PRINCIPAL should be the user who is
+destroying the object. If DATETIME isn't given, the current time is used.
+
+=item get(PRINCIPAL, HOSTNAME [, DATETIME])
+
+Either creates a new WebAuth keyring (if this object has not bee stored or
+retrieved before) or does any necessary periodic maintenance on the
+keyring and then returns its data. The caller should call error() to get
+the error message if get() returns undef. PRINCIPAL, HOSTNAME, and
+DATETIME are stored as history information. PRINCIPAL should be the user
+who is downloading the keytab. If DATETIME isn't given, the current time
+is used.
+
+If this object has never been stored or retrieved before, a new keyring
+will be created with three 128-bit AES keys: one that is immediately
+valid, one that will become valid after the rekey interval, and one that
+will become valid after twice the rekey interval.
+
+If keyring data for this object already exists, the creation and validity
+dates for each key in the keyring will be examined. If the key with the
+validity date the farthest into the future has a date that's less than or
+equal to the current time plus the rekey interval, a new 128-bit AES key
+will be added to the keyring with a validity time of twice the rekey
+interval in the future. Finally, all keys with a creation date older than
+the configured purge interval will be removed provided that the keyring
+has at least three keys
+
+=item store(DATA, PRINCIPAL, HOSTNAME [, DATETIME])
+
+Store DATA as the current contents of the WebAuth keyring object. Note
+that this is not checked for validity, just assumed to be a valid keyring.
+Any existing data will be overwritten. Returns true on success and false
+on failure. The caller should call error() to get the error message after
+a failure. PRINCIPAL, HOSTNAME, and DATETIME are stored as history
+information. PRINCIPAL should be the user who is destroying the object.
+If DATETIME isn't given, the current time is used.
+
+If FILE_MAX_SIZE is set in the wallet configuration, a store() of DATA
+larger than that configuration setting will be rejected.
+
+=back
+
+=head1 FILES
+
+=over 4
+
+=item WAKEYRING_BUCKET/<hash>/<file>
+
+WebAuth keyrings are stored on the wallet server under the directory
+WAKEYRING_BUCKET as set in the wallet configuration. <hash> is the first
+two characters of the hex-encoded MD5 hash of the wallet file object name,
+used to not put too many files in the same directory. <file> is the name
+of the file object with all characters other than alphanumerics,
+underscores, and dashes replaced by "%" and the hex code of the character.
+
+=back
+
+=head1 SEE ALSO
+
+Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8), WebAuth(3)
+
+This module is part of the wallet system. The current version is available
+from <http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=cut
diff --git a/perl/Wallet/Policy/Stanford.pm b/perl/Wallet/Policy/Stanford.pm
new file mode 100644
index 0000000..5e04b4f
--- /dev/null
+++ b/perl/Wallet/Policy/Stanford.pm
@@ -0,0 +1,413 @@
+# Wallet::Policy::Stanford -- Stanford's wallet naming and ownership policy.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::Policy::Stanford;
+
+use 5.008;
+use strict;
+use warnings;
+
+use base qw(Exporter);
+
+# Declare variables that should be set in BEGIN for robustness.
+our (@EXPORT_OK, $VERSION);
+
+# Set $VERSION and everything export-related in a BEGIN block for robustness
+# against circular module loading (not that we load any modules, but
+# consistency is good).
+BEGIN {
+ $VERSION = '1.00';
+ @EXPORT_OK = qw(default_owner verify_name);
+}
+
+##############################################################################
+# Configuration
+##############################################################################
+
+# These variables are all declared as globals so that they can be overridden
+# from wallet.conf if desirable.
+
+# The domain to append to hostnames to fully-qualify them.
+our $DOMAIN = 'stanford.edu';
+
+# Groups for file object naming, each mapped to the ACL to use for
+# non-host-based objects owned by that group. This default is entirely
+# Stanford-specific, even more so than the rest of this file.
+our %ACL_FOR_GROUP = (
+ 'its-apps' => 'group/sharedapps',
+ 'its-crc-sg' => 'group/crcsg',
+ 'its-idg' => 'group/its-idg',
+ 'its-rc' => 'group/its-rc',
+ 'its-sa-core' => 'group/its-sa-core',
+);
+
+# Legacy group names for older file objects.
+our @GROUPS_LEGACY = qw(apps crcsg gsb idg sysadmin sulair vast);
+
+# File object types. Each type can have one or more parameters: whether it is
+# host-based (host), whether it takes a qualifier after the host or service
+# (extra), and whether that qualifier is mandatory (need_extra).
+our %FILE_TYPE = (
+ config => { extra => 1, need_extra => 1 },
+ db => { extra => 1, need_extra => 1 },
+ 'gpg-key' => { },
+ htpasswd => { host => 1, extra => 1, need_extra => 1 },
+ password => { extra => 1, need_extra => 1 },
+ 'password-ipmi' => { host => 1 },
+ 'password-root' => { host => 1 },
+ 'password-tivoli' => { host => 1 },
+ properties => { extra => 1 },
+ 'ssh-dsa' => { host => 1 },
+ 'ssh-rsa' => { host => 1 },
+ 'ssl-key' => { host => 1, extra => 1 },
+ 'ssl-keypair' => { host => 1, extra => 1 },
+ 'ssl-keystore' => { extra => 1 },
+ 'ssl-pkcs12' => { extra => 1 },
+ 'tivoli-key' => { host => 1 },
+);
+
+# Host-based file object types for the legacy file object naming scheme.
+our @FILE_HOST_LEGACY = qw(htpasswd ssh-rsa ssh-dsa ssl-key tivoli-key);
+
+# File object types for the legacy file object naming scheme.
+our @FILE_TYPES_LEGACY = qw(config db gpg-key htpasswd password properties
+ ssh-rsa ssh-dsa ssl-key ssl-keystore ssl-pkcs12 tivoli-key);
+
+# Host-based Kerberos principal prefixes.
+our @KEYTAB_HOST = qw(HTTP afpserver cifs ftp host imap ipp ldap lpr nfs pop
+ postgres sieve smtp webauth xmpp);
+
+# The Kerberos realm, used when forming principals for krb5 ACLs.
+our $REALM = 'stanford.edu';
+
+# A file listing principal names that should be required to use a root
+# instance to autocreate any objects.
+our $ROOT_REQUIRED = '/etc/remctl/acl/its-idg';
+
+##############################################################################
+# Implementation
+##############################################################################
+
+# Retrieve an existing ACL and return its members as a list.
+#
+# $name - Name of the ACL to retrieve
+#
+# Returns: Members of the ACL as a list of pairs
+# The empty list on any failure to retrieve the ACL
+sub _acl_members {
+ my ($name) = @_;
+ my $schema = eval { Wallet::Schema->connect };
+ return if (!$schema || $@);
+ my $acl = eval { Wallet::ACL->new ($name, $schema) };
+ return if (!$acl || $@);
+ return $acl->list;
+}
+
+# Retrieve an existing ACL and check whether it contains a netdb-root member.
+# This is used to check if a default ACL is already present with a netdb-root
+# member so that we can return a default owner that matches. We only ever
+# increase the ACL from netdb to netdb-root, never degrade it, so this doesn't
+# pose a security problem.
+#
+# On any failure, just return an empty ACL to use the default.
+sub _acl_has_netdb_root {
+ my ($name) = @_;
+ for my $line (_acl_members($name)) {
+ return 1 if $line->[0] eq 'netdb-root';
+ }
+ return;
+}
+
+# Map a file object name to a hostname for the legacy file object naming
+# scheme and return it. Returns undef if this file object name doesn't map to
+# a hostname.
+sub _host_for_file_legacy {
+ my ($name) = @_;
+ my %allowed = map { $_ => 1 } @FILE_HOST_LEGACY;
+ my $allowed_regex = '(?:' . join ('|', sort keys %allowed) . ')';
+ if ($name !~ /^[^-]+-(.*)-$allowed_regex(?:-.*)?$/) {
+ return;
+ }
+ my $host = $1;
+ if ($host !~ /\./) {
+ $host .= q{.} . $DOMAIN;
+ }
+ return $host;
+}
+
+# Map a file object name to a hostname. Returns undef if this file object
+# name doesn't map to a hostname.
+sub _host_for_file {
+ my ($name) = @_;
+
+ # If $name doesn't contain /, defer to the legacy naming scheme.
+ if ($name !~ m{ / }xms) {
+ return _host_for_file_legacy($name);
+ }
+
+ # Parse the name and check whether this is a host-based object.
+ my ($type, $host) = split('/', $name);
+ return if !$FILE_TYPE{$type}{host};
+ return $host;
+}
+
+# Map a keytab object name to a hostname and return it. Returns undef if this
+# keytab principal name doesn't map to a hostname.
+sub _host_for_keytab {
+ my ($name) = @_;
+ my %allowed = map { $_ => 1 } @KEYTAB_HOST;
+ return unless $name =~ m,/,;
+ my ($service, $host) = split ('/', $name, 2);
+ return unless $allowed{$service};
+ if ($host !~ /\./) {
+ $host .= q{.} . $DOMAIN;
+ }
+ return $host;
+}
+
+# The default owner of host-based objects should be the host keytab and the
+# NetDB ACL for that host, with one twist. If the creator of a new node is
+# using a root instance, we want to require everyone managing that node be
+# using root instances by default.
+sub default_owner {
+ my ($type, $name) = @_;
+
+ # How to determine the host for host-based objects.
+ my %host_for = (
+ keytab => \&_host_for_keytab,
+ file => \&_host_for_file,
+ );
+
+ # If we have a possible host mapping, see if we can use that.
+ if (defined($host_for{$type})) {
+ my $host = $host_for{$type}->($name);
+ if ($host) {
+ my $acl_name = "host/$host";
+ my @acl;
+ if ($ENV{REMOTE_USER} =~ m,/root,
+ || _acl_has_netdb_root ($acl_name)) {
+ @acl = ([ 'netdb-root', $host ],
+ [ 'krb5', "host/$host\@$REALM" ]);
+ } else {
+ @acl = ([ 'netdb', $host ],
+ [ 'krb5', "host/$host\@$REALM" ]);
+ }
+ return ($acl_name, @acl);
+ }
+ }
+
+ # We have no open if this is not a file object.
+ return if $type ne 'file';
+
+ # Parse the name of the file object only far enough to get type and group
+ # (if there is a group).
+ my ($file_type, $group) = split('/', $name);
+
+ # Host-based file objects should be caught by the above. We certainly
+ # can't do anything about them here.
+ return if $FILE_TYPE{$file_type}{host};
+
+ # If we have a mapping for this group, retrieve the ACL contents. We
+ # would like to just return the ACL name, but wallet currently requires we
+ # return the whole ACL.
+ my $acl = $ACL_FOR_GROUP{$group};
+ return if !defined($acl);
+ my @members = _acl_members($acl);
+ return if @members == 0;
+ return ($acl, @members);
+}
+
+# Enforce a naming policy. Host-based keytabs must have fully-qualified
+# hostnames, limit the acceptable characters for service/* keytabs, and
+# enforce our naming constraints on */cgi principals.
+#
+# Also use this function to require that IDG staff always do implicit object
+# creation using a */root instance.
+sub verify_name {
+ my ($type, $name, $user) = @_;
+ my %staff;
+ if (open (STAFF, '<', $ROOT_REQUIRED)) {
+ local $_;
+ while (<STAFF>) {
+ s/^\s+//;
+ s/\s+$//;
+ next if m,/root\@,;
+ $staff{$_} = 1;
+ }
+ close STAFF;
+ }
+
+ # Check for a staff member not using their root instance.
+ if (defined ($user) && $staff{$user}) {
+ return 'use a */root instance for wallet object creation';
+ }
+
+ # Check keytab naming conventions.
+ if ($type eq 'keytab') {
+ my %host = map { $_ => 1 } @KEYTAB_HOST;
+ if ($name !~ m,^[a-zA-Z0-9_-]+/[a-z0-9.-]+$,) {
+ return "invalid principal name $name";
+ }
+ my ($principal, $instance)
+ = ($name =~ m,^([a-zA-Z0-9_-]+)/([a-z0-9.-]+)$,);
+ unless (defined ($principal) && defined ($instance)) {
+ return "invalid principal name $name";
+ }
+ if ($host{$principal} and $principal ne 'http') {
+ if ($instance !~ /^[a-z0-9-]+\.[a-z0-9.-]+$/) {
+ return "host name $instance is not fully qualified";
+ }
+ } elsif ($principal eq 'service') {
+ if ($instance !~ /^[a-z0-9-]+$/) {
+ return "invalid service principal name $name";
+ }
+ } elsif ($instance eq 'cgi') {
+ if ($principal !~ /^[a-z][a-z0-9]{1,7}$/
+ and $principal !~ /^(class|dept|group)-[a-z0-9_-]+$/) {
+ return "invalid CGI principal name $name";
+ }
+ } else {
+ return "unknown principal type $principal";
+ }
+ }
+
+ # Check file object naming conventions.
+ if ($type eq 'file') {
+ if ($name =~ m{ / }xms) {
+ my @name = split('/', $name);
+
+ # Names have between two and four components and all must be
+ # non-empty.
+ if (@name > 4) {
+ return "too many components in $name";
+ }
+ if (@name < 2) {
+ return "too few components in $name";
+ }
+ if (grep { $_ eq q{} } @name) {
+ return "empty component in $name";
+ }
+
+ # All objects start with the type. First check if this is a
+ # host-based type.
+ my $type = shift @name;
+ if ($FILE_TYPE{$type} && $FILE_TYPE{$type}{host}) {
+ my ($host, $extra) = @name;
+ if ($host !~ m{ [.] }xms) {
+ return "host name $host is not fully qualified";
+ }
+ if (defined($extra) && !$FILE_TYPE{$type}{extra}) {
+ return "extraneous component at end of $name";
+ }
+ if (!defined($extra) && $FILE_TYPE{$type}{need_extra}) {
+ return "missing component in $name";
+ }
+ return;
+ }
+
+ # Otherwise, the name is group-based. There be at least two
+ # remaining components.
+ if (@name < 2) {
+ return "too few components in $name";
+ }
+ my ($group, $service, $extra) = @name;
+
+ # Check the group.
+ if (!$ACL_FOR_GROUP{$group}) {
+ return "unknown group $group";
+ }
+
+ # Check the type. Be sure it's not host-based.
+ if (!$FILE_TYPE{$type}) {
+ return "unknown type $type";
+ }
+ if ($FILE_TYPE{$type}{host}) {
+ return "bad name for host-based file type $type";
+ }
+
+ # Check the extra data.
+ if (defined($extra) && !$FILE_TYPE{$type}{extra}) {
+ return "extraneous component at end of $name";
+ }
+ if (!defined($extra) && $FILE_TYPE{$type}{need_extra}) {
+ return "missing component in $name";
+ }
+ return;
+ } else {
+ # Legacy naming scheme.
+ my %groups = map { $_ => 1 } @GROUPS_LEGACY;
+ my %types = map { $_ => 1 } @FILE_TYPES_LEGACY;
+ if ($name !~ m,^[a-zA-Z0-9_.-]+$,) {
+ return "invalid file object $name";
+ }
+ my $group_regex = '(?:' . join ('|', sort keys %groups) . ')';
+ my $type_regex = '(?:' . join ('|', sort keys %types) . ')';
+ if ($name !~ /^$group_regex-/) {
+ return "no recognized owning group in $name";
+ } elsif ($name !~ /^$group_regex-.*-$type_regex(-.*)?$/) {
+ return "invalid file object name $name";
+ }
+ }
+ }
+
+ # Success.
+ return;
+}
+
+1;
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+Allbery
+
+=head1 NAME
+
+Wallet::Policy::Stanford - Stanford's wallet naming and ownership policy
+
+=head1 SYNOPSIS
+
+ use Wallet::Policy::Stanford;
+ my ($type, $name, $user) = @_;
+
+ my $error = valid_name($type, $name, $user);
+ my ($name, @acl) = default_owner($type, $name);
+
+=head1 DESCRIPTION
+
+Wallet::Policy::Stanford implements Stanford's wallet naming and ownership
+policy as described in F<docs/stanford-naming> in the wallet distribution.
+It is primarily intended as an example for other sites, but it is used at
+Stanford to implement that policy.
+
+This module provides the default_owner() and verify_name() functions that
+are part of the wallet configuration interface (as documented in
+L<Wallet::Config>). They can be imported directly into a wallet
+configuration file from this module or wrapped to apply additional rules.
+
+=head1 SEE ALSO
+
+Wallet::Config(3)
+
+The L<Stanford policy|http://www.eyrie.org/~eagle/software/wallet/naming.html>
+implemented by this module.
+
+This module is part of the wallet system. The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=cut
diff --git a/perl/Wallet/Report.pm b/perl/Wallet/Report.pm
index 5a8dc52..b27a998 100644
--- a/perl/Wallet/Report.pm
+++ b/perl/Wallet/Report.pm
@@ -1,7 +1,8 @@
# Wallet::Report -- Wallet system reporting interface.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -16,12 +17,12 @@ use strict;
use vars qw($VERSION);
use Wallet::ACL;
-use Wallet::Database;
+use Wallet::Schema;
# This version should be increased on any code change to this module. Always
# use two digits for the minor version with a leading zero if necessary so
# that it will sort properly.
-$VERSION = '0.03';
+$VERSION = '0.04';
##############################################################################
# Constructor, destructor, and accessors
@@ -32,8 +33,8 @@ $VERSION = '0.03';
# exception if anything goes wrong.
sub new {
my ($class) = @_;
- my $dbh = Wallet::Database->connect;
- my $self = { dbh => $dbh };
+ my $schema = Wallet::Schema->connect;
+ my $self = { schema => $schema };
bless ($self, $class);
return $self;
}
@@ -41,7 +42,13 @@ sub new {
# Returns the database handle (used mostly for testing).
sub dbh {
my ($self) = @_;
- return $self->{dbh};
+ return $self->{schema}->storage->dbh;
+}
+
+# Returns the DBIx::Class-based database schema object.
+sub schema {
+ my ($self) = @_;
+ return $self->{schema};
}
# Set or return the error stashed in the object.
@@ -59,7 +66,7 @@ sub error {
# Disconnect the database handle on object destruction to avoid warnings.
sub DESTROY {
my ($self) = @_;
- $self->{dbh}->disconnect unless $self->{dbh}->{InactiveDestroy};
+ $self->{schema}->storage->dbh->disconnect;
}
##############################################################################
@@ -69,18 +76,26 @@ sub DESTROY {
# Return the SQL statement to find every object in the database.
sub objects_all {
my ($self) = @_;
- my $sql = 'select ob_type, ob_name from objects order by ob_type,
- ob_name';
- return $sql;
+ my @objects;
+
+ my %search = ();
+ my %options = (order_by => [ qw/ob_type ob_name/ ],
+ select => [ qw/ob_type ob_name/ ]);
+
+ return (\%search, \%options);
}
# Return the SQL statement and the search field required to find all objects
# matching a specific type.
sub objects_type {
my ($self, $type) = @_;
- my $sql = 'select ob_type, ob_name from objects where ob_type=? order
- by ob_type, ob_name';
- return ($sql, $type);
+ my @objects;
+
+ my %search = (ob_type => $type);
+ my %options = (order_by => [ qw/ob_type ob_name/ ],
+ select => [ qw/ob_type ob_name/ ]);
+
+ return (\%search, \%options);
}
# Return the SQL statement and search field required to find all objects owned
@@ -89,28 +104,36 @@ sub objects_type {
# match any ACLs, set an error and return undef.
sub objects_owner {
my ($self, $owner) = @_;
- my ($sth);
+ my @objects;
+
+ my %search;
+ my %options = (order_by => [ qw/ob_type ob_name/ ],
+ select => [ qw/ob_type ob_name/ ]);
+
if (lc ($owner) eq 'null') {
- my $sql = 'select ob_type, ob_name from objects where ob_owner is null
- order by objects.ob_type, objects.ob_name';
- return ($sql);
+ %search = (ob_owner => undef);
} else {
- my $acl = eval { Wallet::ACL->new ($owner, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($owner, $self->{schema}) };
return unless $acl;
- my $sql = 'select ob_type, ob_name from objects where ob_owner = ?
- order by objects.ob_type, objects.ob_name';
- return ($sql, $acl->id);
+ %search = (ob_owner => $acl->id);
}
+
+ return (\%search, \%options);
}
# Return the SQL statement and search field required to find all objects that
# have a specific flag set.
sub objects_flag {
my ($self, $flag) = @_;
- my $sql = 'select ob_type, ob_name from objects left join flags on
- (objects.ob_type = flags.fl_type and objects.ob_name = flags.fl_name)
- where flags.fl_flag = ? order by objects.ob_type, objects.ob_name';
- return ($sql, $flag);
+ my @objects;
+
+ my %search = ('flags.fl_flag' => $flag);
+ my %options = (join => 'flags',
+ prefetch => 'flags',
+ order_by => [ qw/ob_type ob_name/ ],
+ select => [ qw/ob_type ob_name/ ]);
+
+ return (\%search, \%options);
}
# Return the SQL statement and search field required to find all objects that
@@ -120,22 +143,35 @@ sub objects_flag {
# set an error and return the empty string.
sub objects_acl {
my ($self, $search) = @_;
- my $acl = eval { Wallet::ACL->new ($search, $self->{dbh}) };
+ my @objects;
+
+ my $schema = $self->{schema};
+ my $acl = eval { Wallet::ACL->new ($search, $schema) };
return unless $acl;
- my $sql = 'select ob_type, ob_name from objects where ob_owner = ? or
- ob_acl_get = ? or ob_acl_store = ? or ob_acl_show = ? or
- ob_acl_destroy = ? or ob_acl_flags = ? order by objects.ob_type,
- objects.ob_name';
- return ($sql, ($acl->id) x 6);
+
+ my @search = ({ ob_owner => $acl->id },
+ { ob_acl_get => $acl->id },
+ { ob_acl_store => $acl->id },
+ { ob_acl_show => $acl->id },
+ { ob_acl_destroy => $acl->id },
+ { ob_acl_flags => $acl->id });
+ my %options = (order_by => [ qw/ob_type ob_name/ ],
+ select => [ qw/ob_type ob_name/ ]);
+
+ return (\@search, \%options);
}
# Return the SQL statement to find all objects that have been created but
# have never been retrieved (via get).
sub objects_unused {
my ($self) = @_;
- my $sql = 'select ob_type, ob_name from objects where ob_downloaded_on
- is null order by objects.ob_type, objects.ob_name';
- return ($sql);
+ my @objects;
+
+ my %search = (ob_downloaded_on => undef);
+ my %options = (order_by => [ qw/ob_type ob_name/ ],
+ select => [ qw/ob_type ob_name/ ]);
+
+ return (\%search, \%options);
}
# Returns a list of all objects stored in the wallet database in the form of
@@ -148,46 +184,44 @@ sub objects {
my ($self, $type, @args) = @_;
undef $self->{error};
- # Find the SQL statement and the arguments to use.
- my $sql = '';
- my @search = ();
+ # Get the search and options array refs from specific functions.
+ my ($search_ref, $options_ref);
if (!defined $type || $type eq '') {
- ($sql) = $self->objects_all;
+ ($search_ref, $options_ref) = $self->objects_all;
} else {
if ($type ne 'unused' && @args != 1) {
$self->error ("object searches require one argument to search");
} elsif ($type eq 'type') {
- ($sql, @search) = $self->objects_type (@args);
+ ($search_ref, $options_ref) = $self->objects_type (@args);
} elsif ($type eq 'owner') {
- ($sql, @search) = $self->objects_owner (@args);
+ ($search_ref, $options_ref) = $self->objects_owner (@args);
} elsif ($type eq 'flag') {
- ($sql, @search) = $self->objects_flag (@args);
+ ($search_ref, $options_ref) = $self->objects_flag (@args);
} elsif ($type eq 'acl') {
- ($sql, @search) = $self->objects_acl (@args);
+ ($search_ref, $options_ref) = $self->objects_acl (@args);
} elsif ($type eq 'unused') {
- ($sql) = $self->objects_unused (@args);
+ ($search_ref, $options_ref) = $self->objects_unused (@args);
} else {
$self->error ("do not know search type: $type");
}
- return unless $sql;
+ return unless $search_ref;
}
- # Do the search.
+ # Perform the search and return on any errors.
my @objects;
+ my $schema = $self->{schema};
eval {
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute (@search);
- my $object;
- while (defined ($object = $sth->fetchrow_arrayref)) {
- push (@objects, [ @$object ]);
+ my @objects_rs = $schema->resultset('Object')->search ($search_ref,
+ $options_ref);
+ for my $object_rs (@objects_rs) {
+ push (@objects, [ $object_rs->ob_type, $object_rs->ob_name ]);
}
- $self->{dbh}->commit;
};
if ($@) {
$self->error ("cannot list objects: $@");
- $self->{dbh}->rollback;
return;
}
+
return @objects;
}
@@ -199,17 +233,51 @@ sub objects {
# database.
sub acls_all {
my ($self) = @_;
- my $sql = 'select ac_id, ac_name from acls order by ac_id';
- return ($sql);
+ my @acls;
+
+ my $schema = $self->{schema};
+ my %search = ();
+ my %options = (order_by => [ qw/ac_id/ ],
+ select => [ qw/ac_id ac_name/ ]);
+
+ eval {
+ my @acls_rs = $schema->resultset('Acl')->search (\%search, \%options);
+ for my $acl_rs (@acls_rs) {
+ push (@acls, [ $acl_rs->ac_id, $acl_rs->ac_name ]);
+ }
+ };
+
+ if ($@) {
+ $self->error ("cannot list ACLs: $@");
+ return;
+ }
+ return (@acls);
}
# Returns the SQL statement required to find all empty ACLs in the database.
sub acls_empty {
my ($self) = @_;
- my $sql = 'select ac_id, ac_name from acls left join acl_entries
- on (acls.ac_id = acl_entries.ae_id) where ae_id is null order by
- ac_id';
- return ($sql);
+ my @acls;
+
+ my $schema = $self->{schema};
+ my %search = (ae_id => undef);
+ my %options = (join => 'acl_entries',
+ prefetch => 'acl_entries',
+ order_by => [ qw/ac_id/ ],
+ select => [ qw/ac_id ac_name/ ]);
+
+ eval {
+ my @acls_rs = $schema->resultset('Acl')->search (\%search, \%options);
+ for my $acl_rs (@acls_rs) {
+ push (@acls, [ $acl_rs->ac_id, $acl_rs->ac_name ]);
+ }
+ };
+
+ if ($@) {
+ $self->error ("cannot list ACLs: $@");
+ return;
+ }
+ return (@acls);
}
# Returns the SQL statement and the field required to find ACLs containing the
@@ -217,29 +285,76 @@ sub acls_empty {
# do a substring search.
sub acls_entry {
my ($self, $type, $identifier) = @_;
- my $sql = 'select distinct ac_id, ac_name from acl_entries left join acls
- on (ae_id = ac_id) where ae_scheme = ? and ae_identifier like ? order
- by ac_id';
- return ($sql, $type, '%' . $identifier . '%');
+ my @acls;
+
+ my $schema = $self->{schema};
+ my %search = (ae_scheme => $type,
+ ae_identifier => { like => '%'.$identifier.'%' });
+ my %options = (join => 'acl_entries',
+ prefetch => 'acl_entries',
+ order_by => [ qw/ac_id/ ],
+ select => [ qw/ac_id ac_name/ ],
+ distinct => 1);
+
+ eval {
+ my @acls_rs = $schema->resultset('Acl')->search (\%search, \%options);
+ for my $acl_rs (@acls_rs) {
+ push (@acls, [ $acl_rs->ac_id, $acl_rs->ac_name ]);
+ }
+ };
+
+ if ($@) {
+ $self->error ("cannot list ACLs: $@");
+ return;
+ }
+ return (@acls);
}
# Returns the SQL statement required to find unused ACLs.
sub acls_unused {
my ($self) = @_;
- my $sql = 'select ac_id, ac_name from acls where not ac_id in (select
- ob_owner from objects where ob_owner = ac_id)';
- for my $acl (qw/get store show destroy flags/) {
- $sql .= " and not ac_id in (select ob_acl_$acl from objects where
- ob_acl_$acl = ac_id)";
+ my @acls;
+
+ my $schema = $self->{schema};
+ my %search = (
+ #'acls_owner.ob_owner' => undef,
+ #'acls_get.ob_owner' => undef,
+ #'acls_store.ob_owner' => undef,
+ #'acls_show.ob_owner' => undef,
+ #'acls_destroy.ob_owner' => undef,
+ #'acls_flags.ob_owner' => undef,
+ );
+ my %options = (#join => [ qw/acls_owner acls_get acls_store acls_show acls_destroy acls_flags/ ],
+ order_by => [ qw/ac_id/ ],
+ select => [ qw/ac_id ac_name/ ]);
+
+ eval {
+ my @acls_rs = $schema->resultset('Acl')->search (\%search, \%options);
+
+ # FIXME: Almost certainly a way of doing this with the search itself.
+ for my $acl_rs (@acls_rs) {
+ next if $acl_rs->acls_owner->first;
+ next if $acl_rs->acls_get->first;
+ next if $acl_rs->acls_store->first;
+ next if $acl_rs->acls_show->first;
+ next if $acl_rs->acls_destroy->first;
+ next if $acl_rs->acls_flags->first;
+ push (@acls, [ $acl_rs->ac_id, $acl_rs->ac_name ]);
+ }
+ };
+
+ if ($@) {
+ $self->error ("cannot list ACLs: $@");
+ return;
}
- return ($sql);
+ return (@acls);
}
# Obtain a textual representation of the membership of an ACL, returning undef
# on error and setting the internal error.
sub acl_membership {
my ($self, $id) = @_;
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -290,11 +405,10 @@ sub acls {
my ($self, $type, @args) = @_;
undef $self->{error};
- # Find the SQL statement and the arguments to use.
- my $sql;
- my @search = ();
+ # Find the ACLs for any given search.
+ my @acls;
if (!defined $type || $type eq '') {
- ($sql) = $self->acls_all;
+ @acls = $self->acls_all;
} else {
if ($type eq 'duplicate') {
return $self->acls_duplicate;
@@ -303,34 +417,17 @@ sub acls {
$self->error ('ACL searches require an argument to search');
return;
} else {
- ($sql, @search) = $self->acls_entry (@args);
+ @acls = $self->acls_entry (@args);
}
} elsif ($type eq 'empty') {
- ($sql) = $self->acls_empty;
+ @acls = $self->acls_empty;
} elsif ($type eq 'unused') {
- ($sql) = $self->acls_unused;
+ @acls = $self->acls_unused;
} else {
$self->error ("unknown search type: $type");
return;
}
}
-
- # Do the search.
- my @acls;
- eval {
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute (@search);
- my $object;
- while (defined ($object = $sth->fetchrow_arrayref)) {
- push (@acls, [ @$object ]);
- }
- $self->{dbh}->commit;
- };
- if ($@) {
- $self->error ("cannot list ACLs: $@");
- $self->{dbh}->rollback;
- return;
- }
return @acls;
}
@@ -343,26 +440,32 @@ sub acls {
sub owners {
my ($self, $type, $name) = @_;
undef $self->{error};
- my @lines;
+ my $schema = $self->{schema};
+
+ my @owners;
eval {
- my $sql = 'select distinct ae_scheme, ae_identifier from acl_entries,
- acls, objects where ae_id = ac_id and ac_id = ob_owner and
- ob_type like ? and ob_name like ? order by ae_scheme,
- ae_identifier';
- my $sth = $self->{dbh}->prepare ($sql);
- $sth->execute ($type, $name);
- my $object;
- while (defined ($object = $sth->fetchrow_arrayref)) {
- push (@lines, [ @$object ]);
+ my %search = (
+ 'acls_owner.ob_type' => { like => $type },
+ 'acls_owner.ob_name' => { like => $name });
+ my %options = (
+ join => { 'acls' => 'acls_owner' },
+ order_by => [ qw/ae_scheme ae_identifier/ ],
+ distinct => 1,
+ );
+
+ my @acls_rs = $schema->resultset('AclEntry')->search (\%search,
+ \%options);
+ for my $acl_rs (@acls_rs) {
+ my $scheme = $acl_rs->ae_scheme;
+ my $identifier = $acl_rs->ae_identifier;
+ push (@owners, [ $scheme, $identifier ]);
}
- $self->{dbh}->commit;
};
if ($@) {
$self->error ("cannot report on owners: $@");
- $self->{dbh}->rollback;
return;
}
- return @lines;
+ return @owners;
}
##############################################################################
diff --git a/perl/Wallet/Schema.pm b/perl/Wallet/Schema.pm
index 25d48cf..fc63447 100644
--- a/perl/Wallet/Schema.pm
+++ b/perl/Wallet/Schema.pm
@@ -1,207 +1,97 @@
-# Wallet::Schema -- Database schema for the wallet system.
+# Database schema and connector for the wallet system.
#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
-##############################################################################
-# Modules and declarations
-##############################################################################
-
package Wallet::Schema;
-require 5.006;
use strict;
-use vars qw(@SQL @TABLES $VERSION);
+use warnings;
-use DBI;
+use Wallet::Config;
+
+use base 'DBIx::Class::Schema';
# This version should be increased on any code change to this module. Always
# use two digits for the minor version with a leading zero if necessary so
# that it will sort properly.
-$VERSION = '0.06';
+our $VERSION = '0.08';
+
+__PACKAGE__->load_namespaces;
+__PACKAGE__->load_components (qw/Schema::Versioned/);
##############################################################################
-# Data manipulation
+# Core overrides
##############################################################################
-# Create a new Wallet::Schema object, parse the SQL out of the documentation,
-# and store it in the object. We have to store the SQL in a static variable,
-# since we can't read DATA multiple times.
-sub new {
+# Override DBI::connect to supply our own connect string, username, and
+# password and to set some standard options. Takes no arguments other than
+# the implicit class argument.
+sub connect {
my ($class) = @_;
- unless (@SQL) {
- local $_;
- my $found;
- my $command = '';
- while (<DATA>) {
- if (not $found and /^=head1 SCHEMA/) {
- $found = 1;
- } elsif ($found and /^=head1 /) {
- last;
- } elsif ($found and /^ /) {
- s/^ //;
- $command .= $_;
- if (/;$/) {
- push (@SQL, $command);
- $command = '';
- }
- }
- }
- close DATA;
+ unless ($Wallet::Config::DB_DRIVER
+ and (defined ($Wallet::Config::DB_INFO)
+ or defined ($Wallet::Config::DB_NAME))) {
+ die "database connection information not configured\n";
}
- my $self = { sql => [ @SQL ] };
- bless ($self, $class);
- return $self;
-}
-
-# Returns the SQL as a list of commands.
-sub sql {
- my ($self) = @_;
- return @{ $self->{sql} };
-}
-
-##############################################################################
-# Initialization and cleanup
-##############################################################################
-
-# Given a database handle, try to create our database by running the SQL. Do
-# this in a transaction regardless of the database settings and throw an
-# exception if this fails. We have to do a bit of fiddling to get syntax that
-# works with both MySQL and SQLite.
-sub create {
- my ($self, $dbh) = @_;
- my $driver = $dbh->{Driver}->{Name};
- eval {
- $dbh->begin_work if $dbh->{AutoCommit};
- my @sql = @{ $self->{sql} };
- for my $sql (@sql) {
- if ($driver eq 'SQLite') {
- $sql =~ s{auto_increment primary key}
- {primary key autoincrement};
- } elsif ($driver eq 'mysql' and $sql =~ /^\s*create\s+table\s/) {
- $sql =~ s/;$/ engine=InnoDB;/;
- }
- $dbh->do ($sql, { RaiseError => 1, PrintError => 0 });
- }
- $dbh->commit;
- };
- if ($@) {
- $dbh->rollback;
- die "$@\n";
+ my $dsn = "DBI:$Wallet::Config::DB_DRIVER:";
+ if (defined $Wallet::Config::DB_INFO) {
+ $dsn .= $Wallet::Config::DB_INFO;
+ } else {
+ $dsn .= "database=$Wallet::Config::DB_NAME";
+ $dsn .= ";host=$Wallet::Config::DB_HOST" if $Wallet::Config::DB_HOST;
+ $dsn .= ";port=$Wallet::Config::DB_PORT" if $Wallet::Config::DB_PORT;
}
-}
-
-# Given a database handle, try to remove the wallet database tables by
-# reversing the SQL. Do this in a transaction regardless of the database
-# settings and throw an exception if this fails.
-sub drop {
- my ($self, $dbh) = @_;
- my @drop = map {
- if (/^\s*create\s+table\s+(\S+)/i) {
- "drop table if exists $1;";
- } else {
- ();
- }
- } reverse @{ $self->{sql} };
- eval {
- $dbh->begin_work if $dbh->{AutoCommit};
- for my $sql (@drop) {
- $dbh->do ($sql, { RaiseError => 1, PrintError => 0 });
- }
- $dbh->commit;
- };
+ my $user = $Wallet::Config::DB_USER;
+ my $pass = $Wallet::Config::DB_PASSWORD;
+ my %attrs = (PrintError => 0, RaiseError => 1);
+ my $schema = eval { $class->SUPER::connect ($dsn, $user, $pass, \%attrs) };
if ($@) {
- $dbh->rollback;
- die "$@\n";
+ die "cannot connect to database: $@\n";
}
+ return $schema;
}
+__END__
+
+1;
+
##############################################################################
-# Schema
+# Documentation
##############################################################################
-# The following POD is also parsed by the code to extract SQL blocks. Don't
-# add any verbatim blocks to this documentation in the SCHEMA section that
-# aren't intended to be SQL.
-
-1;
-__DATA__
+=for stopwords
+RaiseError PrintError AutoCommit ACL verifier API APIs enums keytab backend
+enctypes DBI Allbery
=head1 NAME
-Wallet::Schema - Database schema for the wallet system
-
-=for stopwords
-SQL ACL API APIs enums Enums Keytab Backend keytab backend enctypes
-enctype Allbery
+Wallet::Schema - Database schema and connector for the wallet system
=head1 SYNOPSIS
use Wallet::Schema;
- my $schema = Wallet::Schema->new;
- my @sql = $schema->sql;
- $schema->create ($dbh);
+ my $schema = Wallet::Schema->connect;
=head1 DESCRIPTION
This class encapsulates the database schema for the wallet system. The
-documentation you're reading explains and comments the schema. The Perl
-object extracts the schema from the documentation and can either return it
-as a list of SQL commands to run or run those commands given a connected
-database handle.
-
-This schema attempts to be portable SQL, but it is designed for use with
-MySQL and may require some modifications for other databases.
+documentation you're reading explains and comments the schema. The
+class runs using the DBIx::Class module.
-=head1 METHODS
-
-=over 4
-
-=item new()
-
-Instantiates a new Wallet::Schema object. This parses the documentation
-and extracts the schema, but otherwise doesn't do anything.
-
-=item create(DBH)
-
-Given a connected database handle, runs the SQL commands necessary to
-create the wallet database in an otherwise empty database. This method
-will not drop any existing tables and will therefore fail if a wallet
-database has already been created. On any error, this method will throw a
-database exception.
-
-=item drop(DBH)
-
-Given a connected database handle, drop all of the wallet tables from that
-database if any of those tables exist. This method will only remove
-tables that are part of the current schema or one of the previous known
-schema and won't remove other tables. On any error, this method will
-throw a database exception.
-
-=item sql()
-
-Returns the schema and the population of the normalization tables as a
-list of SQL commands to run to create the wallet database in an otherwise
-empty database.
-
-=back
+connect() will obtain the database connection information from the wallet
+configuration; see L<Wallet::Config> for more details. It will also
+automatically set the RaiseError attribute to true and the PrintError and
+AutoCommit attributes to false, matching the assumptions made by the
+wallet database code.
=head1 SCHEMA
=head2 Normalization Tables
-The following are normalization tables used to constrain the values in
-other tables.
-
-Holds the supported flag names:
-
- create table flag_names
- (fn_name varchar(32) primary key);
- insert into flag_names (fn_name) values ('locked');
- insert into flag_names (fn_name) values ('unchanging');
-
Holds the supported object types and their corresponding Perl classes:
create table types
@@ -222,6 +112,8 @@ Holds the supported ACL schemes and their corresponding Perl classes:
insert into acl_schemes (as_name, as_class)
values ('krb5-regex', 'Wallet::ACL::Krb5::Regex');
insert into acl_schemes (as_name, as_class)
+ values ('ldap-attr', 'Wallet::ACL::LDAP::Attribute');
+ insert into acl_schemes (as_name, as_class)
values ('netdb', 'Wallet::ACL::NetDB');
insert into acl_schemes (as_name, as_class)
values ('netdb-root', 'Wallet::ACL::NetDB::Root');
@@ -314,6 +206,7 @@ table:
ob_downloaded_by varchar(255) default null,
ob_downloaded_from varchar(255) default null,
ob_downloaded_on datetime default null,
+ ob_comment varchar(255) default null,
primary key (ob_name, ob_type));
create index ob_owner on objects (ob_owner);
create index ob_expires on objects (ob_expires);
@@ -332,8 +225,8 @@ object may have zero or more flags associated with it:
not null references objects(ob_type),
fl_name varchar(255)
not null references objects(ob_name),
- fl_flag varchar(32)
- not null references flag_names(fn_name),
+ fl_flag enum('locked', 'unchanging')
+ not null,
primary key (fl_type, fl_name, fl_flag));
create index fl_object on flags (fl_type, fl_name);
@@ -419,9 +312,22 @@ To use this functionality, you will need to populate the enctypes table
with the enctypes that a keytab may be restricted to. Currently, there is
no automated mechanism to do this.
+=head1 CLASS METHODS
+
+=over 4
+
+=item connect()
+
+Opens a new database connection and returns the database object. On any
+failure, throws an exception. Unlike the DBI method, connect() takes no
+arguments; all database connection information is derived from the wallet
+configuration.
+
+=back
+
=head1 SEE ALSO
-wallet-backend(8)
+wallet-backend(8), Wallet::Config(3)
This module is part of the wallet system. The current version is
available from L<http://www.eyrie.org/~eagle/software/wallet/>.
diff --git a/perl/Wallet/Schema/Result/Acl.pm b/perl/Wallet/Schema/Result/Acl.pm
new file mode 100644
index 0000000..226738a
--- /dev/null
+++ b/perl/Wallet/Schema/Result/Acl.pm
@@ -0,0 +1,110 @@
+# Wallet schema for an ACL.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::Acl;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+ACL
+
+=head1 NAME
+
+Wallet::Schema::Result::Acl - Wallet schema for an ACL
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("acls");
+
+=head1 ACCESSORS
+
+=head2 ac_id
+
+ data_type: 'integer'
+ is_auto_increment: 1
+ is_nullable: 0
+
+=head2 ac_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ac_id",
+ { data_type => "integer", is_auto_increment => 1, is_nullable => 0 },
+ "ac_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("ac_id");
+__PACKAGE__->add_unique_constraint("ac_name", ["ac_name"]);
+
+__PACKAGE__->has_one(
+ 'acl_entries',
+ 'Wallet::Schema::Result::AclEntry',
+ { 'foreign.ae_id' => 'self.ac_id' },
+ { cascade_copy => 0, cascade_delete => 0 },
+ );
+__PACKAGE__->has_many(
+ 'acl_history',
+ 'Wallet::Schema::Result::AclHistory',
+ { 'foreign.ah_id' => 'self.ac_id' },
+ { cascade_copy => 0, cascade_delete => 0 },
+ );
+
+# References for all of the various potential ACLs in owners.
+__PACKAGE__->has_many(
+ 'acls_owner',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_owner' => 'self.ac_id' },
+ );
+__PACKAGE__->has_many(
+ 'acls_get',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_acl_get' => 'self.ac_id' },
+ );
+__PACKAGE__->has_many(
+ 'acls_store',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_acl_store' => 'self.ac_id' },
+ );
+__PACKAGE__->has_many(
+ 'acls_show',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_acl_show' => 'self.ac_id' },
+ );
+__PACKAGE__->has_many(
+ 'acls_destroy',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_acl_destroy' => 'self.ac_id' },
+ );
+__PACKAGE__->has_many(
+ 'acls_flags',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_acl_flags' => 'self.ac_id' },
+ );
+
+# Override the insert method so that we can automatically create history
+# items.
+#sub insert {
+# my ($self, @args) = @_;
+# my $ret = $self->next::method (@args);
+# print "ID: ".$self->ac_id."\n";
+# use Data::Dumper; print Dumper (@args);
+
+# return $self;
+#}
+
+1;
diff --git a/perl/Wallet/Schema/Result/AclEntry.pm b/perl/Wallet/Schema/Result/AclEntry.pm
new file mode 100644
index 0000000..a33a98c
--- /dev/null
+++ b/perl/Wallet/Schema/Result/AclEntry.pm
@@ -0,0 +1,74 @@
+# Wallet schema for an entry in an ACL.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::AclEntry;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+ACL
+
+=head1 NAME
+
+Wallet::Schema::Result::AclEntry - Wallet schema for an entry in an ACL
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("acl_entries");
+
+=head1 ACCESSORS
+
+=head2 ae_id
+
+ data_type: 'integer'
+ is_nullable: 0
+
+=head2 ae_scheme
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 32
+
+=head2 ae_identifier
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ae_id",
+ { data_type => "integer", is_nullable => 0 },
+ "ae_scheme",
+ { data_type => "varchar", is_nullable => 0, size => 32 },
+ "ae_identifier",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("ae_id", "ae_scheme", "ae_identifier");
+
+__PACKAGE__->belongs_to(
+ 'acls',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ae_id' },
+ { is_deferrable => 1, on_delete => 'CASCADE',
+ on_update => 'CASCADE' },
+ );
+
+__PACKAGE__->has_one(
+ 'acl_scheme',
+ 'Wallet::Schema::Result::AclScheme',
+ { 'foreign.as_name' => 'self.ae_scheme' },
+ { cascade_delete => 0 },
+ );
+1;
diff --git a/perl/Wallet/Schema/Result/AclHistory.pm b/perl/Wallet/Schema/Result/AclHistory.pm
new file mode 100644
index 0000000..d3ef901
--- /dev/null
+++ b/perl/Wallet/Schema/Result/AclHistory.pm
@@ -0,0 +1,112 @@
+# Wallet schema for ACL history.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::AclHistory;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+__PACKAGE__->load_components("InflateColumn::DateTime");
+
+=for stopwords
+ACL
+
+=head1 NAME
+
+Wallet::Schema::Result::AclHistory - Wallet schema for ACL history
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("acl_history");
+
+=head1 ACCESSORS
+
+=head2 ah_id
+
+ data_type: 'integer'
+ is_auto_increment: 1
+ is_nullable: 0
+
+=head2 ah_acl
+
+ data_type: 'integer'
+ is_nullable: 0
+
+=head2 ah_action
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 16
+
+=head2 ah_scheme
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 32
+
+=head2 ah_identifier
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 ah_by
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ah_from
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ah_on
+
+ data_type: 'datetime'
+ datetime_undef_if_invalid: 1
+ is_nullable: 0
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ah_id",
+ { data_type => "integer", is_auto_increment => 1, is_nullable => 0 },
+ "ah_acl",
+ { data_type => "integer", is_nullable => 0 },
+ "ah_action",
+ { data_type => "varchar", is_nullable => 0, size => 16 },
+ "ah_scheme",
+ { data_type => "varchar", is_nullable => 1, size => 32 },
+ "ah_identifier",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "ah_by",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ah_from",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ah_on",
+ {
+ data_type => "datetime",
+ datetime_undef_if_invalid => 1,
+ is_nullable => 0,
+ },
+);
+__PACKAGE__->set_primary_key("ah_id");
+
+__PACKAGE__->might_have(
+ 'acls',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ah_id' },
+ );
+
+1;
diff --git a/perl/Wallet/Schema/Result/AclScheme.pm b/perl/Wallet/Schema/Result/AclScheme.pm
new file mode 100644
index 0000000..91a58b2
--- /dev/null
+++ b/perl/Wallet/Schema/Result/AclScheme.pm
@@ -0,0 +1,84 @@
+# Wallet schema for ACL scheme.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::AclScheme;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+__PACKAGE__->load_components (qw//);
+
+=for stopwords
+ACL verifier APIs
+
+=head1 NAME
+
+Wallet::Schema::Result::AclScheme - Wallet schema for ACL scheme
+
+=head1 DESCRIPTION
+
+This is a normalization table used to constrain the values in other
+tables. It contains the types of ACL schemes that Wallet will
+recognize, and the modules that govern each of those schemes.
+
+By default it contains the following entries:
+
+ insert into acl_schemes (as_name, as_class)
+ values ('krb5', 'Wallet::ACL::Krb5');
+ insert into acl_schemes (as_name, as_class)
+ values ('krb5-regex', 'Wallet::ACL::Krb5::Regex');
+ insert into acl_schemes (as_name, as_class)
+ values ('ldap-attr', 'Wallet::ACL::LDAP::Attribute');
+ insert into acl_schemes (as_name, as_class)
+ values ('netdb', 'Wallet::ACL::NetDB');
+ insert into acl_schemes (as_name, as_class)
+ values ('netdb-root', 'Wallet::ACL::NetDB::Root');
+
+If you have extended the wallet to support additional ACL schemes, you
+will want to add additional rows to this table mapping those schemes
+to Perl classes that implement the ACL verifier APIs.
+
+=cut
+
+__PACKAGE__->table("acl_schemes");
+
+=head1 ACCESSORS
+
+=head2 as_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 32
+
+=head2 as_class
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 64
+
+=cut
+
+__PACKAGE__->add_columns(
+ "as_name",
+ { data_type => "varchar", is_nullable => 0, size => 32 },
+ "as_class",
+ { data_type => "varchar", is_nullable => 1, size => 64 },
+);
+__PACKAGE__->set_primary_key("as_name");
+
+#__PACKAGE__->resultset->populate ([
+# [ qw/as_name as_class/ ],
+# [ 'krb5', 'Wallet::ACL::Krb5' ],
+# [ 'krb5-regex', 'Wallet::ACL::Krb5::Regex' ],
+# [ 'ldap-attr', 'Wallet::ACL::LDAP::Attribute' ],
+# [ 'netdb', 'Wallet::ACL::NetDB' ],
+# [ 'netdb-root', 'Wallet::ACL::NetDB::Root' ],
+# ]);
+
+1;
diff --git a/perl/Wallet/Schema/Result/Enctype.pm b/perl/Wallet/Schema/Result/Enctype.pm
new file mode 100644
index 0000000..5733669
--- /dev/null
+++ b/perl/Wallet/Schema/Result/Enctype.pm
@@ -0,0 +1,45 @@
+# Wallet schema for Kerberos encryption type.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::Enctype;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+Kerberos
+
+=head1 NAME
+
+Wallet::Schema::Result::Enctype - Wallet schema for Kerberos encryption type
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("enctypes");
+
+=head1 ACCESSORS
+
+=head2 en_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "en_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("en_name");
+
+1;
diff --git a/perl/Wallet/Schema/Result/Flag.pm b/perl/Wallet/Schema/Result/Flag.pm
new file mode 100644
index 0000000..e223ff8
--- /dev/null
+++ b/perl/Wallet/Schema/Result/Flag.pm
@@ -0,0 +1,62 @@
+# Wallet schema for object flags.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::Flag;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=head1 NAME
+
+Wallet::Schema::Result::Flag - Wallet schema for object flags
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("flags");
+
+=head1 ACCESSORS
+
+=head2 fl_type
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 16
+
+=head2 fl_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 fl_flag
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 32
+
+=cut
+
+__PACKAGE__->add_columns(
+ "fl_type" =>
+ { data_type => "varchar", is_nullable => 0, size => 16 },
+ "fl_name" =>
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "fl_flag" => {
+ data_type => 'enum',
+ is_enum => 1,
+ extra => { list => [qw/locked unchanging/] },
+ },
+);
+__PACKAGE__->set_primary_key("fl_type", "fl_name", "fl_flag");
+
+
+1;
diff --git a/perl/Wallet/Schema/Result/KeytabEnctype.pm b/perl/Wallet/Schema/Result/KeytabEnctype.pm
new file mode 100644
index 0000000..daea724
--- /dev/null
+++ b/perl/Wallet/Schema/Result/KeytabEnctype.pm
@@ -0,0 +1,53 @@
+# Wallet schema for keytab enctype.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::KeytabEnctype;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+keytab enctype
+
+=head1 NAME
+
+Wallet::Schema::Result::KeytabEnctype - Wallet schema for keytab enctype
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("keytab_enctypes");
+
+=head1 ACCESSORS
+
+=head2 ke_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ke_enctype
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ke_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ke_enctype",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("ke_name", "ke_enctype");
+
+1;
diff --git a/perl/Wallet/Schema/Result/KeytabSync.pm b/perl/Wallet/Schema/Result/KeytabSync.pm
new file mode 100644
index 0000000..ca84277
--- /dev/null
+++ b/perl/Wallet/Schema/Result/KeytabSync.pm
@@ -0,0 +1,53 @@
+# Wallet schema for keytab synchronization.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::KeytabSync;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+keytab
+
+=head1 NAME
+
+Wallet::Schema::Result::KeytabSync - Wallet schema for keytab synchronization
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("keytab_sync");
+
+=head1 ACCESSORS
+
+=head2 ks_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ks_target
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ks_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ks_target",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("ks_name", "ks_target");
+
+1;
diff --git a/perl/Wallet/Schema/Result/Object.pm b/perl/Wallet/Schema/Result/Object.pm
new file mode 100644
index 0000000..fd64e1b
--- /dev/null
+++ b/perl/Wallet/Schema/Result/Object.pm
@@ -0,0 +1,266 @@
+# Wallet schema for an object.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::Object;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+__PACKAGE__->load_components("InflateColumn::DateTime");
+
+=head1 NAME
+
+Wallet::Schema::Result::Object - Wallet schema for an object
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("objects");
+
+=head1 ACCESSORS
+
+=head2 ob_type
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 16
+
+=head2 ob_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ob_owner
+
+ data_type: 'integer'
+ is_nullable: 1
+
+=head2 ob_acl_get
+
+ data_type: 'integer'
+ is_nullable: 1
+
+=head2 ob_acl_store
+
+ data_type: 'integer'
+ is_nullable: 1
+
+=head2 ob_acl_show
+
+ data_type: 'integer'
+ is_nullable: 1
+
+=head2 ob_acl_destroy
+
+ data_type: 'integer'
+ is_nullable: 1
+
+=head2 ob_acl_flags
+
+ data_type: 'integer'
+ is_nullable: 1
+
+=head2 ob_expires
+
+ data_type: 'datetime'
+ datetime_undef_if_invalid: 1
+ is_nullable: 1
+
+=head2 ob_created_by
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ob_created_from
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 ob_created_on
+
+ data_type: 'datetime'
+ datetime_undef_if_invalid: 1
+ is_nullable: 0
+
+=head2 ob_stored_by
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 ob_stored_from
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 ob_stored_on
+
+ data_type: 'datetime'
+ datetime_undef_if_invalid: 1
+ is_nullable: 1
+
+=head2 ob_downloaded_by
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 ob_downloaded_from
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 ob_downloaded_on
+
+ data_type: 'datetime'
+ datetime_undef_if_invalid: 1
+ is_nullable: 1
+
+=head2 ob_comment
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ob_type",
+ { data_type => "varchar", is_nullable => 0, size => 16 },
+ "ob_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ob_owner",
+ { data_type => "integer", is_nullable => 1 },
+ "ob_acl_get",
+ { data_type => "integer", is_nullable => 1 },
+ "ob_acl_store",
+ { data_type => "integer", is_nullable => 1 },
+ "ob_acl_show",
+ { data_type => "integer", is_nullable => 1 },
+ "ob_acl_destroy",
+ { data_type => "integer", is_nullable => 1 },
+ "ob_acl_flags",
+ { data_type => "integer", is_nullable => 1 },
+ "ob_expires",
+ {
+ data_type => "datetime",
+ datetime_undef_if_invalid => 1,
+ is_nullable => 1,
+ },
+ "ob_created_by",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ob_created_from",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "ob_created_on",
+ {
+ data_type => "datetime",
+ datetime_undef_if_invalid => 1,
+ is_nullable => 0,
+ },
+ "ob_stored_by",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "ob_stored_from",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "ob_stored_on",
+ {
+ data_type => "datetime",
+ datetime_undef_if_invalid => 1,
+ is_nullable => 1,
+ },
+ "ob_downloaded_by",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "ob_downloaded_from",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "ob_downloaded_on",
+ {
+ data_type => "datetime",
+ datetime_undef_if_invalid => 1,
+ is_nullable => 1,
+ },
+ "ob_comment",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+);
+__PACKAGE__->set_primary_key("ob_name", "ob_type");
+
+__PACKAGE__->has_one(
+ 'types',
+ 'Wallet::Schema::Result::Type',
+ { 'foreign.ty_name' => 'self.ob_type' },
+ );
+
+__PACKAGE__->has_many(
+ 'flags',
+ 'Wallet::Schema::Result::Flag',
+ { 'foreign.fl_type' => 'self.ob_type',
+ 'foreign.fl_name' => 'self.ob_name' },
+ { cascade_copy => 0, cascade_delete => 0 },
+ );
+
+__PACKAGE__->has_many(
+ 'object_history',
+ 'Wallet::Schema::Result::ObjectHistory',
+ { 'foreign.oh_type' => 'self.ob_type',
+ 'foreign.oh_name' => 'self.ob_name' },
+ { cascade_copy => 0, cascade_delete => 0 },
+ );
+
+__PACKAGE__->has_many(
+ 'keytab_enctypes',
+ 'Wallet::Schema::Result::KeytabEnctype',
+ { 'foreign.ke_name' => 'self.ob_name' },
+ { cascade_copy => 0, cascade_delete => 0 },
+ );
+
+__PACKAGE__->has_many(
+ 'keytab_sync',
+ 'Wallet::Schema::Result::KeytabSync',
+ { 'foreign.ks_name' => 'self.ob_name' },
+ { cascade_copy => 0, cascade_delete => 0 },
+ );
+
+# References for all of the various potential ACLs.
+__PACKAGE__->belongs_to(
+ 'acls_owner',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ob_owner' },
+ );
+__PACKAGE__->belongs_to(
+ 'acls_get',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ob_acl_get' },
+ );
+__PACKAGE__->belongs_to(
+ 'acls_store',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ob_acl_store' },
+ );
+__PACKAGE__->belongs_to(
+ 'acls_show',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ob_acl_show' },
+ );
+__PACKAGE__->belongs_to(
+ 'acls_destroy',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ob_acl_destroy' },
+ );
+__PACKAGE__->belongs_to(
+ 'acls_flags',
+ 'Wallet::Schema::Result::Acl',
+ { 'foreign.ac_id' => 'self.ob_acl_flags' },
+ );
+
+1;
diff --git a/perl/Wallet/Schema/Result/ObjectHistory.pm b/perl/Wallet/Schema/Result/ObjectHistory.pm
new file mode 100644
index 0000000..9cbb159
--- /dev/null
+++ b/perl/Wallet/Schema/Result/ObjectHistory.pm
@@ -0,0 +1,135 @@
+# Wallet schema for object history.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::ObjectHistory;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+__PACKAGE__->load_components("InflateColumn::DateTime");
+
+=head1 NAME
+
+Wallet::Schema::Result::ObjectHistory - Wallet schema for object history
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("object_history");
+
+=head1 ACCESSORS
+
+=head2 oh_id
+
+ data_type: 'integer'
+ is_auto_increment: 1
+ is_nullable: 0
+
+=head2 oh_type
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 16
+
+=head2 oh_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 oh_action
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 16
+
+=head2 oh_field
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 16
+
+=head2 oh_type_field
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 oh_old
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 oh_new
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 255
+
+=head2 oh_by
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 oh_from
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=head2 oh_on
+
+ data_type: 'datetime'
+ datetime_undef_if_invalid: 1
+ is_nullable: 0
+
+=cut
+
+__PACKAGE__->add_columns(
+ "oh_id",
+ { data_type => "integer", is_auto_increment => 1, is_nullable => 0 },
+ "oh_type",
+ { data_type => "varchar", is_nullable => 0, size => 16 },
+ "oh_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "oh_action",
+ { data_type => "varchar", is_nullable => 0, size => 16 },
+ "oh_field",
+ { data_type => "varchar", is_nullable => 1, size => 16 },
+ "oh_type_field",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "oh_old",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "oh_new",
+ { data_type => "varchar", is_nullable => 1, size => 255 },
+ "oh_by",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "oh_from",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+ "oh_on",
+ {
+ data_type => "datetime",
+ datetime_undef_if_invalid => 1,
+ is_nullable => 0,
+ },
+);
+__PACKAGE__->set_primary_key("oh_id");
+
+__PACKAGE__->might_have(
+ 'objects',
+ 'Wallet::Schema::Result::Object',
+ { 'foreign.ob_type' => 'self.oh_type',
+ 'foreign.ob_name' => 'self.oh_name' },
+ );
+
+1;
diff --git a/perl/Wallet/Schema/Result/SyncTarget.pm b/perl/Wallet/Schema/Result/SyncTarget.pm
new file mode 100644
index 0000000..4300a54
--- /dev/null
+++ b/perl/Wallet/Schema/Result/SyncTarget.pm
@@ -0,0 +1,48 @@
+# Wallet schema for synchronization targets.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::SyncTarget;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=head1 NAME
+
+Wallet::Schema::Result::SyncTarget - Wallet schema for synchronization targets
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("sync_targets");
+
+=head1 ACCESSORS
+
+=head2 st_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+ "st_name",
+ { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("st_name");
+
+#__PACKAGE__->has_many(
+# 'keytab_sync',
+# 'Wallet::Schema::Result::KeytabSync',
+# { 'foreign.ks_target' => 'self.st_name' },
+# { cascade_copy => 0, cascade_delete => 0 },
+# );
+1;
diff --git a/perl/Wallet/Schema/Result/Type.pm b/perl/Wallet/Schema/Result/Type.pm
new file mode 100644
index 0000000..748a8a8
--- /dev/null
+++ b/perl/Wallet/Schema/Result/Type.pm
@@ -0,0 +1,75 @@
+# Wallet schema for object types.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::Type;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+APIs
+
+=head1 NAME
+
+Wallet::Schema::Result::Type - Wallet schema for object types
+
+=head1 DESCRIPTION
+
+This is a normalization table used to constrain the values in other
+tables. It contains the types of wallet objects that are considered
+valid, and the modules that govern each.
+
+By default it contains the following entries:
+
+ insert into types (ty_name, ty_class)
+ values ('file', 'Wallet::Object::File');
+ insert into types (ty_name, ty_class)
+ values ('keytab', 'Wallet::Object::Keytab');
+
+If you have extended the wallet to support additional object types ,
+you will want to add additional rows to this table mapping those types
+to Perl classes that implement the object APIs.
+
+=cut
+
+__PACKAGE__->table("types");
+
+=head1 ACCESSORS
+
+=head2 ty_name
+
+ data_type: 'varchar'
+ is_nullable: 0
+ size: 16
+
+=head2 ty_class
+
+ data_type: 'varchar'
+ is_nullable: 1
+ size: 64
+
+=cut
+
+__PACKAGE__->add_columns(
+ "ty_name",
+ { data_type => "varchar", is_nullable => 0, size => 16 },
+ "ty_class",
+ { data_type => "varchar", is_nullable => 1, size => 64 },
+);
+__PACKAGE__->set_primary_key("ty_name");
+
+#__PACKAGE__->has_many(
+# 'objects',
+# 'Wallet::Schema::Result::Object',
+# { 'foreign.ob_type' => 'self.ty_name' },
+# { cascade_copy => 0, cascade_delete => 0 },
+# );
+
+1;
diff --git a/perl/Wallet/Server.pm b/perl/Wallet/Server.pm
index 185bf23..6d67e17 100644
--- a/perl/Wallet/Server.pm
+++ b/perl/Wallet/Server.pm
@@ -1,7 +1,8 @@
# Wallet::Server -- Wallet system server implementation.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010, 2011, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -17,13 +18,12 @@ use vars qw(%MAPPING $VERSION);
use Wallet::ACL;
use Wallet::Config;
-use Wallet::Database;
use Wallet::Schema;
# This version should be increased on any code change to this module. Always
# use two digits for the minor version with a leading zero if necessary so
# that it will sort properly.
-$VERSION = '0.09';
+$VERSION = '0.11';
##############################################################################
# Utility methods
@@ -37,13 +37,13 @@ $VERSION = '0.09';
# for various things. Throw an exception if anything goes wrong.
sub new {
my ($class, $user, $host) = @_;
- my $dbh = Wallet::Database->connect;
- my $acl = Wallet::ACL->new ('ADMIN', $dbh);
+ my $schema = Wallet::Schema->connect;
+ my $acl = Wallet::ACL->new ('ADMIN', $schema);
my $self = {
- dbh => $dbh,
- user => $user,
- host => $host,
- admin => $acl,
+ schema => $schema,
+ user => $user,
+ host => $host,
+ admin => $acl,
};
bless ($self, $class);
return $self;
@@ -52,7 +52,13 @@ sub new {
# Returns the database handle (used mostly for testing).
sub dbh {
my ($self) = @_;
- return $self->{dbh};
+ return $self->{schema}->storage->dbh;
+}
+
+# Returns the DBIx::Class-based database schema object.
+sub schema {
+ my ($self) = @_;
+ return $self->{schema};
}
# Set or return the error stashed in the object.
@@ -70,8 +76,9 @@ sub error {
# Disconnect the database handle on object destruction to avoid warnings.
sub DESTROY {
my ($self) = @_;
- if ($self->{dbh} and not $self->{dbh}->{InactiveDestroy}) {
- $self->{dbh}->disconnect;
+
+ if ($self->{schema}) {
+ $self->{schema}->storage->dbh->disconnect;
}
}
@@ -85,13 +92,14 @@ sub type_mapping {
my ($self, $type) = @_;
my $class;
eval {
- my $sql = 'select ty_class from types where ty_name = ?';
- ($class) = $self->{dbh}->selectrow_array ($sql, undef, $type);
- $self->{dbh}->commit;
+ my $guard = $self->{schema}->txn_scope_guard;
+ my %search = (ty_name => $type);
+ my $type_rec = $self->{schema}->resultset('Type')->find (\%search);
+ $class = $type_rec->ty_class;
+ $guard->commit;
};
if ($@) {
$self->error ($@);
- $self->{dbh}->rollback;
return;
}
if (defined $class) {
@@ -116,7 +124,7 @@ sub create_check {
my ($self, $type, $name) = @_;
my $user = $self->{user};
my $host = $self->{host};
- my $dbh = $self->{dbh};
+ my $schema = $self->{schema};
unless (defined (&Wallet::Config::default_owner)) {
$self->error ("$user not authorized to create ${type}:${name}");
return;
@@ -126,9 +134,9 @@ sub create_check {
$self->error ("$user not authorized to create ${type}:${name}");
return;
}
- my $acl = eval { Wallet::ACL->new ($aname, $dbh) };
+ my $acl = eval { Wallet::ACL->new ($aname, $schema) };
if ($@) {
- $acl = eval { Wallet::ACL->create ($aname, $dbh, $user, $host) };
+ $acl = eval { Wallet::ACL->create ($aname, $schema, $user, $host) };
if ($@) {
$self->error ($@);
return;
@@ -179,10 +187,10 @@ sub create_object {
$self->error ("unknown object type $type");
return;
}
- my $dbh = $self->{dbh};
+ my $schema = $self->{schema};
my $user = $self->{user};
my $host = $self->{host};
- my $object = eval { $class->create ($type, $name, $dbh, $user, $host) };
+ my $object = eval { $class->create ($type, $name, $schema, $user, $host) };
if ($@) {
$self->error ($@);
return;
@@ -244,7 +252,7 @@ sub retrieve {
$self->error ("unknown object type $type");
return;
}
- my $object = eval { $class->new ($type, $name, $self->{dbh}) };
+ my $object = eval { $class->new ($type, $name, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -274,9 +282,11 @@ sub object_error {
# the internal error message. Note that we do not allow any special access to
# admins for get and store; if they want to do that with objects, they need to
# set the ACL accordingly.
-sub acl_check {
+sub acl_verify {
my ($self, $object, $action) = @_;
- unless ($action =~ /^(get|store|show|destroy|flags|setattr|getattr)\z/) {
+ my %actions = map { $_ => 1 }
+ qw(get store show destroy flags setattr getattr comment);
+ unless ($actions{$action}) {
$self->error ("unknown action $action");
return;
}
@@ -288,17 +298,17 @@ sub acl_check {
$id = $object->acl ('show');
} elsif ($action eq 'setattr') {
$id = $object->acl ('store');
- } else {
+ } elsif ($action ne 'comment') {
$id = $object->acl ($action);
}
- if (! defined ($id) and $action =~ /^(get|(get|set)attr|store|show)\z/) {
+ if (! defined ($id) and $action ne 'flags') {
$id = $object->owner;
}
unless (defined $id) {
$self->object_error ($object, $action);
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -346,7 +356,7 @@ sub attr {
my $user = $self->{user};
my $host = $self->{host};
if (@values) {
- return unless $self->acl_check ($object, 'setattr');
+ return unless $self->acl_verify ($object, 'setattr');
if (@values == 1 and $values[0] eq '') {
@values = ();
}
@@ -354,7 +364,7 @@ sub attr {
$self->error ($object->error) unless $result;
return $result;
} else {
- return unless $self->acl_check ($object, 'getattr');
+ return unless $self->acl_verify ($object, 'getattr');
my @result = $object->attr ($attr);
if (not @result and $object->error) {
$self->error ($object->error);
@@ -365,6 +375,26 @@ sub attr {
}
}
+# Retrieves or sets the comment of an object.
+sub comment {
+ my ($self, $type, $name, $comment) = @_;
+ undef $self->{error};
+ my $object = $self->retrieve ($type, $name);
+ return unless defined $object;
+ my $result;
+ if (defined $comment) {
+ return unless $self->acl_verify ($object, 'comment');
+ $result = $object->comment ($comment, $self->{user}, $self->{host});
+ } else {
+ return unless $self->acl_verify ($object, 'show');
+ $result = $object->comment;
+ }
+ if (not defined ($result) and $object->error) {
+ $self->error ($object->error);
+ }
+ return $result;
+}
+
# Retrieves or sets the expiration of an object.
sub expires {
my ($self, $type, $name, $expires) = @_;
@@ -433,7 +463,7 @@ sub get {
my ($self, $type, $name) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'get');
+ return unless $self->acl_verify ($object, 'get');
my $result = $object->get ($self->{user}, $self->{host});
$self->error ($object->error) unless defined $result;
return $result;
@@ -448,7 +478,7 @@ sub store {
my ($self, $type, $name, $data) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'store');
+ return unless $self->acl_verify ($object, 'store');
if (not defined ($data)) {
$self->{error} = "no data supplied to store";
return;
@@ -465,7 +495,7 @@ sub show {
my ($self, $type, $name) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'show');
+ return unless $self->acl_verify ($object, 'show');
my $result = $object->show;
$self->error ($object->error) unless defined $result;
return $result;
@@ -478,7 +508,7 @@ sub history {
my ($self, $type, $name) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'show');
+ return unless $self->acl_verify ($object, 'show');
my $result = $object->history;
$self->error ($object->error) unless defined $result;
return $result;
@@ -490,7 +520,7 @@ sub destroy {
my ($self, $type, $name) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'destroy');
+ return unless $self->acl_verify ($object, 'destroy');
my $result = $object->destroy ($self->{user}, $self->{host});
$self->error ($object->error) unless defined $result;
return $result;
@@ -506,7 +536,7 @@ sub flag_clear {
my ($self, $type, $name, $flag) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'flags');
+ return unless $self->acl_verify ($object, 'flags');
my $result = $object->flag_clear ($flag, $self->{user}, $self->{host});
$self->error ($object->error) unless defined $result;
return $result;
@@ -518,7 +548,7 @@ sub flag_set {
my ($self, $type, $name, $flag) = @_;
my $object = $self->retrieve ($type, $name);
return unless defined $object;
- return unless $self->acl_check ($object, 'flags');
+ return unless $self->acl_verify ($object, 'flags');
my $result = $object->flag_set ($flag, $self->{user}, $self->{host});
$self->error ($object->error) unless defined $result;
return $result;
@@ -528,6 +558,22 @@ sub flag_set {
# ACL methods
##############################################################################
+# Checks for the existence of an ACL. Returns 1 if it does, 0 if it doesn't,
+# and undef if there was an error in checking the existence of the object.
+sub acl_check {
+ my ($self, $id) = @_;
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
+ if ($@) {
+ if ($@ =~ /^ACL .* not found/) {
+ return 0;
+ } else {
+ $self->error ($@);
+ return;
+ }
+ }
+ return 1;
+}
+
# Create a new empty ACL in the database. Returns true on success and undef
# on failure, setting the internal error.
sub acl_create {
@@ -545,8 +591,8 @@ sub acl_create {
return;
}
}
- my $dbh = $self->{dbh};
- my $acl = eval { Wallet::ACL->create ($name, $dbh, $user, $host) };
+ my $schema = $self->{schema};
+ my $acl = eval { Wallet::ACL->create ($name, $schema, $user, $host) };
if ($@) {
$self->error ($@);
return;
@@ -577,7 +623,7 @@ sub acl_history {
$self->acl_error ($id, 'history');
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -597,7 +643,7 @@ sub acl_show {
$self->acl_error ($id, 'show');
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -618,7 +664,7 @@ sub acl_rename {
$self->acl_error ($id, 'rename');
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -649,7 +695,7 @@ sub acl_destroy {
$self->acl_error ($id, 'destroy');
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -673,7 +719,7 @@ sub acl_add {
$self->acl_error ($id, 'add');
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -693,7 +739,7 @@ sub acl_remove {
$self->acl_error ($id, 'remove');
return;
}
- my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+ my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
if ($@) {
$self->error ($@);
return;
@@ -730,7 +776,7 @@ Wallet::Server - Wallet system server implementation
=for stopwords
keytabs metadata backend HOSTNAME ACL timestamp ACL's nul Allbery
-backend-specific wallet-backend
+backend-specific wallet-backend verifier
=head1 SYNOPSIS
@@ -895,6 +941,20 @@ Check whether an object of type TYPE and name NAME exists. Returns 1 if
it does, 0 if it doesn't, and undef if some error occurred while checking
for the existence of the object.
+=item comment(TYPE, NAME, [COMMENT])
+
+Gets or sets the comment for the object identified by TYPE and NAME. If
+COMMENT is not given, returns the current comment or undef if no comment
+is set or on an error. To distinguish between an expiration that isn't
+set and a failure to retrieve the expiration, the caller should call
+error() after an undef return. If error() also returns undef, no comment
+was set; otherwise, error() will return the error message.
+
+If COMMENT is given, sets the comment to COMMENT. Pass in the empty
+string for COMMENT to clear the comment. To set a comment, the current
+user must be the object owner or be on the ADMIN ACL. Returns true for
+success and false for failure.
+
=item create(TYPE, NAME)
Creates a new object of type TYPE and name NAME. TYPE must be a
@@ -910,9 +970,10 @@ owner as determined by the wallet configuration.
Destroys the object identified by TYPE and NAME. This destroys any data
that the wallet had saved about the object, may remove the underlying
object from other external systems, and destroys the wallet database entry
-for the object. To destroy an object, the current user must be authorized
-by the ADMIN ACL or the destroy ACL on the object; the owner ACL is not
-sufficient. Returns true on success and false on failure.
+for the object. To destroy an object, the current user must be a member
+of the ADMIN ACL, authorized by the destroy ACL, or authorized by the
+owner ACL; however, if the destroy ACL is set, the owner ACL will not be
+checked. Returns true on success and false on failure.
=item dbh()
@@ -933,12 +994,12 @@ Gets or sets the expiration for the object identified by TYPE and NAME.
If EXPIRES is not given, returns the current expiration or undef if no
expiration is set or on an error. To distinguish between an expiration
that isn't set and a failure to retrieve the expiration, the caller should
-call error() after an undef return. If error() also returns undef, that
-ACL wasn't set; otherwise, error() will return the error message.
+call error() after an undef return. If error() also returns undef, the
+expiration wasn't set; otherwise, error() will return the error message.
If EXPIRES is given, sets the expiration to EXPIRES. EXPIRES must be in
the format C<YYYY-MM-DD +HH:MM:SS>, although the time portion may be
-omitted. Pass in the empty +string for EXPIRES to clear the expiration
+omitted. Pass in the empty string for EXPIRES to clear the expiration
date. To set an expiration, the current user must be authorized by the
ADMIN ACL. Returns true for success and false for failure.
@@ -994,6 +1055,10 @@ The owner of an object is permitted to get, store, and show that object,
but cannot destroy or set flags on that object without being listed on
those ACLs as well.
+=item schema()
+
+Returns the DBIx::Class schema object.
+
=item show(TYPE, NAME)
Returns (as a string) a human-readable representation of the metadata
diff --git a/perl/create-ddl b/perl/create-ddl
new file mode 100755
index 0000000..09225fa
--- /dev/null
+++ b/perl/create-ddl
@@ -0,0 +1,100 @@
+#!/usr/bin/perl -w
+#
+# create-ddl - Create DDL files for Wallet
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2012
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+#############################################################################
+# Modules and declarations
+#############################################################################
+
+use strict;
+use vars qw();
+
+use Getopt::Long;
+use Wallet::Admin;
+
+#############################################################################
+# Main routine
+#############################################################################
+
+# Get errors and output in the same order.
+$| = 0;
+
+# Clean up the path name.
+my $fullpath = $0;
+$0 =~ s%^.*/%%;
+
+# Parse command-line options.
+my ($help);
+my $oldversion = '';
+Getopt::Long::config ('bundling');
+GetOptions ('h|help' => \$help,
+ 'o|oldversion=s' => \$oldversion) or exit 1;
+if ($help) {
+ print "Feeding myself to perldoc, please wait....\n";
+ exec ('perldoc', '-t', $fullpath);
+}
+
+# Default wallet settings, for Wallet::Admin.
+$Wallet::Config::DB_DDL_DIRECTORY = 'sql/';
+$Wallet::Config::DB_DRIVER = 'SQLite';
+$Wallet::Config::DB_INFO = 'wallet-db';
+
+# Create a Wallet::Admin object and run the backup.
+my $admin = Wallet::Admin->new;
+$admin->backup ($oldversion);
+
+exit(0);
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=head1 NAME
+
+create-ddl - Create DDL files for Wallet
+
+=head1 SYNOPSIS
+
+B<create-ddl> [B<--help>] [B<--oldversion>=I<version>]
+
+=head1 DESCRIPTION
+
+create-ddl is used to create DDL files for the various DBIx::Class
+Wallet::Schema modules. It simply is an interface for the backup command
+in Wallet::Admin, which does the work via DBIx::Class. The end result
+is a number of files that can be used to load the database for each
+supported database server.
+
+These files can be modified after creation to customize the database
+load, though should only be done when necessary to prevent confusion
+for the schema modules not matching the actual table definitions. This
+is currently only done in the case of SQLite databases, due to the
+SQLite parser creating keys without AUTOINCREMENT.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--help>
+
+Prints the perldoc information (this document) for the script.
+
+=item B<--oldversion>=I<version>
+
+The version number of the previous version. If there are existing DDL
+files for this version, then we will also create diff files to upgrade
+a database from the old version to the current.
+
+=back
+
+=head1 AUTHORS
+
+Jon Robertson <jonrober@stanford.edu>
+
+=cut
diff --git a/perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql b/perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql
new file mode 100644
index 0000000..ed0bde1
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql
@@ -0,0 +1,7 @@
+BEGIN;
+ALTER TABLE flags MODIFY `fl_flag` enum('locked', 'unchanging') NOT NULL;
+DROP TABLE IF EXISTS flag_names;
+DROP TABLE IF EXISTS metadata;
+ALTER TABLE objects ADD ob_comment varchar(255) default null;
+COMMIT;
+
diff --git a/perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql b/perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql
new file mode 100644
index 0000000..3e600b0
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql
@@ -0,0 +1,6 @@
+BEGIN;
+DROP TABLE IF EXISTS flag_names;
+DROP TABLE IF EXISTS metadata;
+ALTER TABLE objects ADD ob_comment varchar(255) default null;
+COMMIT;
+
diff --git a/perl/sql/Wallet-Schema-0.07-MySQL.sql b/perl/sql/Wallet-Schema-0.07-MySQL.sql
new file mode 100644
index 0000000..71a9bc6
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.07-MySQL.sql
@@ -0,0 +1,233 @@
+--
+-- Created by SQL::Translator::Producer::MySQL
+-- Created on Fri Jan 25 14:12:02 2013
+--
+-- Copyright 2012, 2013
+-- The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+SET foreign_key_checks=0;
+
+DROP TABLE IF EXISTS `acl_history`;
+
+--
+-- Table: `acl_history`
+--
+CREATE TABLE `acl_history` (
+ `ah_id` integer NOT NULL auto_increment,
+ `ah_acl` integer NOT NULL,
+ `ah_action` varchar(16) NOT NULL,
+ `ah_scheme` varchar(32),
+ `ah_identifier` varchar(255),
+ `ah_by` varchar(255) NOT NULL,
+ `ah_from` varchar(255) NOT NULL,
+ `ah_on` datetime NOT NULL,
+ PRIMARY KEY (`ah_id`)
+);
+
+DROP TABLE IF EXISTS `acl_schemes`;
+
+--
+-- Table: `acl_schemes`
+--
+CREATE TABLE `acl_schemes` (
+ `as_name` varchar(32) NOT NULL,
+ `as_class` varchar(64),
+ PRIMARY KEY (`as_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `acls`;
+
+--
+-- Table: `acls`
+--
+CREATE TABLE `acls` (
+ `ac_id` integer NOT NULL auto_increment,
+ `ac_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`ac_id`),
+ UNIQUE `ac_name` (`ac_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `enctypes`;
+
+--
+-- Table: `enctypes`
+--
+CREATE TABLE `enctypes` (
+ `en_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`en_name`)
+);
+
+DROP TABLE IF EXISTS `flags`;
+
+--
+-- Table: `flags`
+--
+CREATE TABLE `flag_names` (
+ `fn_name` varchar(32) NOT NULL,
+ PRIMARY KEY (`fn_name`)
+);
+
+DROP TABLE IF EXISTS `flags`;
+
+--
+-- Table: `flags`
+--
+CREATE TABLE `flags` (
+ `fl_type` varchar(16) NOT NULL,
+ `fl_name` varchar(255) NOT NULL,
+ `fl_flag` varchar(32) NOT NULL,
+ PRIMARY KEY (`fl_type`, `fl_name`, `fl_flag`)
+);
+
+DROP TABLE IF EXISTS `keytab_enctypes`;
+
+--
+-- Table: `keytab_enctypes`
+--
+CREATE TABLE `keytab_enctypes` (
+ `ke_name` varchar(255) NOT NULL,
+ `ke_enctype` varchar(255) NOT NULL,
+ PRIMARY KEY (`ke_name`, `ke_enctype`)
+);
+
+DROP TABLE IF EXISTS `keytab_sync`;
+
+--
+-- Table: `keytab_sync`
+--
+CREATE TABLE `keytab_sync` (
+ `ks_name` varchar(255) NOT NULL,
+ `ks_target` varchar(255) NOT NULL,
+ PRIMARY KEY (`ks_name`, `ks_target`)
+);
+
+DROP TABLE IF EXISTS `metadata`;
+
+--
+-- Table: `metadata`
+--
+CREATE TABLE `metadata` (
+ `md_version` integer
+);
+
+DROP TABLE IF EXISTS `sync_targets`;
+
+--
+-- Table: `sync_targets`
+--
+CREATE TABLE `sync_targets` (
+ `st_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`st_name`)
+);
+
+DROP TABLE IF EXISTS `types`;
+
+--
+-- Table: `types`
+--
+CREATE TABLE `types` (
+ `ty_name` varchar(16) NOT NULL,
+ `ty_class` varchar(64),
+ PRIMARY KEY (`ty_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `acl_entries`;
+
+--
+-- Table: `acl_entries`
+--
+CREATE TABLE `acl_entries` (
+ `ae_id` integer NOT NULL,
+ `ae_scheme` varchar(32) NOT NULL,
+ `ae_identifier` varchar(255) NOT NULL,
+ INDEX `acl_entries_idx_ae_scheme` (`ae_scheme`),
+ INDEX `acl_entries_idx_ae_id` (`ae_id`),
+ PRIMARY KEY (`ae_id`, `ae_scheme`, `ae_identifier`),
+ CONSTRAINT `acl_entries_fk_ae_scheme` FOREIGN KEY (`ae_scheme`) REFERENCES `acl_schemes` (`as_name`),
+ CONSTRAINT `acl_entries_fk_ae_id` FOREIGN KEY (`ae_id`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `objects`;
+
+--
+-- Table: `objects`
+--
+CREATE TABLE `objects` (
+ `ob_type` varchar(16) NOT NULL,
+ `ob_name` varchar(255) NOT NULL,
+ `ob_owner` integer,
+ `ob_acl_get` integer,
+ `ob_acl_store` integer,
+ `ob_acl_show` integer,
+ `ob_acl_destroy` integer,
+ `ob_acl_flags` integer,
+ `ob_expires` datetime,
+ `ob_created_by` varchar(255) NOT NULL,
+ `ob_created_from` varchar(255) NOT NULL,
+ `ob_created_on` datetime NOT NULL,
+ `ob_stored_by` varchar(255),
+ `ob_stored_from` varchar(255),
+ `ob_stored_on` datetime,
+ `ob_downloaded_by` varchar(255),
+ `ob_downloaded_from` varchar(255),
+ `ob_downloaded_on` datetime,
+ INDEX `objects_idx_ob_acl_destroy` (`ob_acl_destroy`),
+ INDEX `objects_idx_ob_acl_flags` (`ob_acl_flags`),
+ INDEX `objects_idx_ob_acl_get` (`ob_acl_get`),
+ INDEX `objects_idx_ob_owner` (`ob_owner`),
+ INDEX `objects_idx_ob_acl_show` (`ob_acl_show`),
+ INDEX `objects_idx_ob_acl_store` (`ob_acl_store`),
+ INDEX `objects_idx_ob_type` (`ob_type`),
+ PRIMARY KEY (`ob_name`, `ob_type`),
+ CONSTRAINT `objects_fk_ob_acl_destroy` FOREIGN KEY (`ob_acl_destroy`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_flags` FOREIGN KEY (`ob_acl_flags`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_get` FOREIGN KEY (`ob_acl_get`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_owner` FOREIGN KEY (`ob_owner`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_show` FOREIGN KEY (`ob_acl_show`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_store` FOREIGN KEY (`ob_acl_store`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_type` FOREIGN KEY (`ob_type`) REFERENCES `types` (`ty_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `object_history`;
+
+--
+-- Table: `object_history`
+--
+CREATE TABLE `object_history` (
+ `oh_id` integer NOT NULL auto_increment,
+ `oh_type` varchar(16) NOT NULL,
+ `oh_name` varchar(255) NOT NULL,
+ `oh_action` varchar(16) NOT NULL,
+ `oh_field` varchar(16),
+ `oh_type_field` varchar(255),
+ `oh_old` varchar(255),
+ `oh_new` varchar(255),
+ `oh_by` varchar(255) NOT NULL,
+ `oh_from` varchar(255) NOT NULL,
+ `oh_on` datetime NOT NULL,
+ INDEX `object_history_idx_oh_type_oh_name` (`oh_type`, `oh_name`),
+ PRIMARY KEY (`oh_id`),
+ CONSTRAINT `object_history_fk_oh_type_oh_name` FOREIGN KEY (`oh_type`, `oh_name`) REFERENCES `objects` (`ob_type`, `ob_name`)
+) ENGINE=InnoDB;
+
+SET foreign_key_checks=1;
+
diff --git a/perl/sql/Wallet-Schema-0.07-SQLite.sql b/perl/sql/Wallet-Schema-0.07-SQLite.sql
new file mode 100644
index 0000000..f14d168
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.07-SQLite.sql
@@ -0,0 +1,241 @@
+--
+-- Created by SQL::Translator::Producer::SQLite
+-- Created on Fri Jan 25 14:12:02 2013
+--
+-- Copyright 2012, 2013
+-- The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+
+BEGIN TRANSACTION;
+
+--
+-- Table: acl_history
+--
+DROP TABLE IF EXISTS acl_history;
+
+CREATE TABLE acl_history (
+ ah_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ ah_acl integer NOT NULL,
+ ah_action varchar(16) NOT NULL,
+ ah_scheme varchar(32),
+ ah_identifier varchar(255),
+ ah_by varchar(255) NOT NULL,
+ ah_from varchar(255) NOT NULL,
+ ah_on datetime NOT NULL
+);
+
+--
+-- Table: acl_schemes
+--
+DROP TABLE IF EXISTS acl_schemes;
+
+CREATE TABLE acl_schemes (
+ as_name varchar(32) NOT NULL,
+ as_class varchar(64),
+ PRIMARY KEY (as_name)
+);
+
+--
+-- Table: acls
+--
+DROP TABLE IF EXISTS acls;
+
+CREATE TABLE acls (
+ ac_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ ac_name varchar(255) NOT NULL
+);
+
+CREATE UNIQUE INDEX ac_name ON acls (ac_name);
+
+--
+-- Table: enctypes
+--
+DROP TABLE IF EXISTS enctypes;
+
+CREATE TABLE enctypes (
+ en_name varchar(255) NOT NULL,
+ PRIMARY KEY (en_name)
+);
+
+--
+-- Table: flags
+--
+DROP TABLE IF EXISTS flag_names;
+
+CREATE TABLE flag_names (
+ fn_name varchar(32) NOT NULL,
+ PRIMARY KEY (fn_name)
+);
+
+--
+-- Table: flags
+--
+DROP TABLE IF EXISTS flags;
+
+CREATE TABLE flags (
+ fl_type varchar(16) NOT NULL,
+ fl_name varchar(255) NOT NULL,
+ fl_flag varchar(32) NOT NULL,
+ PRIMARY KEY (fl_type, fl_name, fl_flag)
+);
+
+--
+-- Table: keytab_enctypes
+--
+DROP TABLE IF EXISTS keytab_enctypes;
+
+CREATE TABLE keytab_enctypes (
+ ke_name varchar(255) NOT NULL,
+ ke_enctype varchar(255) NOT NULL,
+ PRIMARY KEY (ke_name, ke_enctype)
+);
+
+--
+-- Table: keytab_sync
+--
+DROP TABLE IF EXISTS keytab_sync;
+
+CREATE TABLE keytab_sync (
+ ks_name varchar(255) NOT NULL,
+ ks_target varchar(255) NOT NULL,
+ PRIMARY KEY (ks_name, ks_target)
+);
+
+--
+-- Table: metadata
+--
+DROP TABLE IF EXISTS metadata;
+
+CREATE TABLE metadata (
+ md_version integer
+);
+
+--
+-- Table: sync_targets
+--
+DROP TABLE IF EXISTS sync_targets;
+
+CREATE TABLE sync_targets (
+ st_name varchar(255) NOT NULL,
+ PRIMARY KEY (st_name)
+);
+
+--
+-- Table: types
+--
+DROP TABLE IF EXISTS types;
+
+CREATE TABLE types (
+ ty_name varchar(16) NOT NULL,
+ ty_class varchar(64),
+ PRIMARY KEY (ty_name)
+);
+
+--
+-- Table: acl_entries
+--
+DROP TABLE IF EXISTS acl_entries;
+
+CREATE TABLE acl_entries (
+ ae_id integer NOT NULL,
+ ae_scheme varchar(32) NOT NULL,
+ ae_identifier varchar(255) NOT NULL,
+ PRIMARY KEY (ae_id, ae_scheme, ae_identifier),
+ FOREIGN KEY(ae_scheme) REFERENCES acl_schemes(as_name),
+ FOREIGN KEY(ae_id) REFERENCES acls(ac_id)
+);
+
+CREATE INDEX acl_entries_idx_ae_scheme ON acl_entries (ae_scheme);
+
+CREATE INDEX acl_entries_idx_ae_id ON acl_entries (ae_id);
+
+--
+-- Table: objects
+--
+DROP TABLE IF EXISTS objects;
+
+CREATE TABLE objects (
+ ob_type varchar(16) NOT NULL,
+ ob_name varchar(255) NOT NULL,
+ ob_owner integer,
+ ob_acl_get integer,
+ ob_acl_store integer,
+ ob_acl_show integer,
+ ob_acl_destroy integer,
+ ob_acl_flags integer,
+ ob_expires datetime,
+ ob_created_by varchar(255) NOT NULL,
+ ob_created_from varchar(255) NOT NULL,
+ ob_created_on datetime NOT NULL,
+ ob_stored_by varchar(255),
+ ob_stored_from varchar(255),
+ ob_stored_on datetime,
+ ob_downloaded_by varchar(255),
+ ob_downloaded_from varchar(255),
+ ob_downloaded_on datetime,
+ PRIMARY KEY (ob_name, ob_type),
+ FOREIGN KEY(ob_acl_destroy) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_flags) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_get) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_owner) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_show) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_store) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_type) REFERENCES types(ty_name)
+);
+
+CREATE INDEX objects_idx_ob_acl_destroy ON objects (ob_acl_destroy);
+
+CREATE INDEX objects_idx_ob_acl_flags ON objects (ob_acl_flags);
+
+CREATE INDEX objects_idx_ob_acl_get ON objects (ob_acl_get);
+
+CREATE INDEX objects_idx_ob_owner ON objects (ob_owner);
+
+CREATE INDEX objects_idx_ob_acl_show ON objects (ob_acl_show);
+
+CREATE INDEX objects_idx_ob_acl_store ON objects (ob_acl_store);
+
+CREATE INDEX objects_idx_ob_type ON objects (ob_type);
+
+--
+-- Table: object_history
+--
+DROP TABLE IF EXISTS object_history;
+
+CREATE TABLE object_history (
+ oh_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ oh_type varchar(16) NOT NULL,
+ oh_name varchar(255) NOT NULL,
+ oh_action varchar(16) NOT NULL,
+ oh_field varchar(16),
+ oh_type_field varchar(255),
+ oh_old varchar(255),
+ oh_new varchar(255),
+ oh_by varchar(255) NOT NULL,
+ oh_from varchar(255) NOT NULL,
+ oh_on datetime NOT NULL,
+ FOREIGN KEY(oh_type) REFERENCES objects(ob_type)
+);
+
+CREATE INDEX object_history_idx_oh_type_oh_name ON object_history (oh_type, oh_name);
+
+COMMIT;
diff --git a/perl/sql/Wallet-Schema-0.08-MySQL.sql b/perl/sql/Wallet-Schema-0.08-MySQL.sql
new file mode 100644
index 0000000..2deca3c
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.08-MySQL.sql
@@ -0,0 +1,215 @@
+--
+-- Created by SQL::Translator::Producer::MySQL
+-- Created on Fri Jan 25 14:12:02 2013
+--
+-- Copyright 2012, 2013
+-- The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+SET foreign_key_checks=0;
+
+DROP TABLE IF EXISTS `acl_history`;
+
+--
+-- Table: `acl_history`
+--
+CREATE TABLE `acl_history` (
+ `ah_id` integer NOT NULL auto_increment,
+ `ah_acl` integer NOT NULL,
+ `ah_action` varchar(16) NOT NULL,
+ `ah_scheme` varchar(32),
+ `ah_identifier` varchar(255),
+ `ah_by` varchar(255) NOT NULL,
+ `ah_from` varchar(255) NOT NULL,
+ `ah_on` datetime NOT NULL,
+ PRIMARY KEY (`ah_id`)
+);
+
+DROP TABLE IF EXISTS `acl_schemes`;
+
+--
+-- Table: `acl_schemes`
+--
+CREATE TABLE `acl_schemes` (
+ `as_name` varchar(32) NOT NULL,
+ `as_class` varchar(64),
+ PRIMARY KEY (`as_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `acls`;
+
+--
+-- Table: `acls`
+--
+CREATE TABLE `acls` (
+ `ac_id` integer NOT NULL auto_increment,
+ `ac_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`ac_id`),
+ UNIQUE `ac_name` (`ac_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `enctypes`;
+
+--
+-- Table: `enctypes`
+--
+CREATE TABLE `enctypes` (
+ `en_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`en_name`)
+);
+
+DROP TABLE IF EXISTS `flags`;
+
+--
+-- Table: `flags`
+--
+CREATE TABLE `flags` (
+ `fl_type` varchar(16) NOT NULL,
+ `fl_name` varchar(255) NOT NULL,
+ `fl_flag` enum('locked', 'unchanging') NOT NULL,
+ PRIMARY KEY (`fl_type`, `fl_name`, `fl_flag`)
+);
+
+DROP TABLE IF EXISTS `keytab_enctypes`;
+
+--
+-- Table: `keytab_enctypes`
+--
+CREATE TABLE `keytab_enctypes` (
+ `ke_name` varchar(255) NOT NULL,
+ `ke_enctype` varchar(255) NOT NULL,
+ PRIMARY KEY (`ke_name`, `ke_enctype`)
+);
+
+DROP TABLE IF EXISTS `keytab_sync`;
+
+--
+-- Table: `keytab_sync`
+--
+CREATE TABLE `keytab_sync` (
+ `ks_name` varchar(255) NOT NULL,
+ `ks_target` varchar(255) NOT NULL,
+ PRIMARY KEY (`ks_name`, `ks_target`)
+);
+
+DROP TABLE IF EXISTS `sync_targets`;
+
+--
+-- Table: `sync_targets`
+--
+CREATE TABLE `sync_targets` (
+ `st_name` varchar(255) NOT NULL,
+ PRIMARY KEY (`st_name`)
+);
+
+DROP TABLE IF EXISTS `types`;
+
+--
+-- Table: `types`
+--
+CREATE TABLE `types` (
+ `ty_name` varchar(16) NOT NULL,
+ `ty_class` varchar(64),
+ PRIMARY KEY (`ty_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `acl_entries`;
+
+--
+-- Table: `acl_entries`
+--
+CREATE TABLE `acl_entries` (
+ `ae_id` integer NOT NULL,
+ `ae_scheme` varchar(32) NOT NULL,
+ `ae_identifier` varchar(255) NOT NULL,
+ INDEX `acl_entries_idx_ae_scheme` (`ae_scheme`),
+ INDEX `acl_entries_idx_ae_id` (`ae_id`),
+ PRIMARY KEY (`ae_id`, `ae_scheme`, `ae_identifier`),
+ CONSTRAINT `acl_entries_fk_ae_scheme` FOREIGN KEY (`ae_scheme`) REFERENCES `acl_schemes` (`as_name`),
+ CONSTRAINT `acl_entries_fk_ae_id` FOREIGN KEY (`ae_id`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `objects`;
+
+--
+-- Table: `objects`
+--
+CREATE TABLE `objects` (
+ `ob_type` varchar(16) NOT NULL,
+ `ob_name` varchar(255) NOT NULL,
+ `ob_owner` integer,
+ `ob_acl_get` integer,
+ `ob_acl_store` integer,
+ `ob_acl_show` integer,
+ `ob_acl_destroy` integer,
+ `ob_acl_flags` integer,
+ `ob_expires` datetime,
+ `ob_created_by` varchar(255) NOT NULL,
+ `ob_created_from` varchar(255) NOT NULL,
+ `ob_created_on` datetime NOT NULL,
+ `ob_stored_by` varchar(255),
+ `ob_stored_from` varchar(255),
+ `ob_stored_on` datetime,
+ `ob_downloaded_by` varchar(255),
+ `ob_downloaded_from` varchar(255),
+ `ob_downloaded_on` datetime,
+ `ob_comment` varchar(255),
+ INDEX `objects_idx_ob_acl_destroy` (`ob_acl_destroy`),
+ INDEX `objects_idx_ob_acl_flags` (`ob_acl_flags`),
+ INDEX `objects_idx_ob_acl_get` (`ob_acl_get`),
+ INDEX `objects_idx_ob_owner` (`ob_owner`),
+ INDEX `objects_idx_ob_acl_show` (`ob_acl_show`),
+ INDEX `objects_idx_ob_acl_store` (`ob_acl_store`),
+ INDEX `objects_idx_ob_type` (`ob_type`),
+ PRIMARY KEY (`ob_name`, `ob_type`),
+ CONSTRAINT `objects_fk_ob_acl_destroy` FOREIGN KEY (`ob_acl_destroy`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_flags` FOREIGN KEY (`ob_acl_flags`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_get` FOREIGN KEY (`ob_acl_get`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_owner` FOREIGN KEY (`ob_owner`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_show` FOREIGN KEY (`ob_acl_show`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_acl_store` FOREIGN KEY (`ob_acl_store`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `objects_fk_ob_type` FOREIGN KEY (`ob_type`) REFERENCES `types` (`ty_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `object_history`;
+
+--
+-- Table: `object_history`
+--
+CREATE TABLE `object_history` (
+ `oh_id` integer NOT NULL auto_increment,
+ `oh_type` varchar(16) NOT NULL,
+ `oh_name` varchar(255) NOT NULL,
+ `oh_action` varchar(16) NOT NULL,
+ `oh_field` varchar(16),
+ `oh_type_field` varchar(255),
+ `oh_old` varchar(255),
+ `oh_new` varchar(255),
+ `oh_by` varchar(255) NOT NULL,
+ `oh_from` varchar(255) NOT NULL,
+ `oh_on` datetime NOT NULL,
+ INDEX `object_history_idx_oh_type_oh_name` (`oh_type`, `oh_name`),
+ PRIMARY KEY (`oh_id`),
+ CONSTRAINT `object_history_fk_oh_type_oh_name` FOREIGN KEY (`oh_type`, `oh_name`) REFERENCES `objects` (`ob_type`, `ob_name`)
+) ENGINE=InnoDB;
+
+SET foreign_key_checks=1;
+
diff --git a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
new file mode 100644
index 0000000..a5de23d
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
@@ -0,0 +1,223 @@
+--
+-- Created by SQL::Translator::Producer::PostgreSQL
+-- Created on Fri Jan 25 14:12:02 2013
+--
+-- Copyright 2012, 2013
+-- The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+--
+-- Table: acl_history
+--
+DROP TABLE "acl_history" CASCADE;
+CREATE TABLE "acl_history" (
+ "ah_id" serial NOT NULL,
+ "ah_acl" integer NOT NULL,
+ "ah_action" character varying(16) NOT NULL,
+ "ah_scheme" character varying(32),
+ "ah_identifier" character varying(255),
+ "ah_by" character varying(255) NOT NULL,
+ "ah_from" character varying(255) NOT NULL,
+ "ah_on" timestamp NOT NULL,
+ PRIMARY KEY ("ah_id")
+);
+
+--
+-- Table: acl_schemes
+--
+DROP TABLE "acl_schemes" CASCADE;
+CREATE TABLE "acl_schemes" (
+ "as_name" character varying(32) NOT NULL,
+ "as_class" character varying(64),
+ PRIMARY KEY ("as_name")
+);
+
+--
+-- Table: acls
+--
+DROP TABLE "acls" CASCADE;
+CREATE TABLE "acls" (
+ "ac_id" serial NOT NULL,
+ "ac_name" character varying(255) NOT NULL,
+ PRIMARY KEY ("ac_id"),
+ CONSTRAINT "ac_name" UNIQUE ("ac_name")
+);
+
+--
+-- Table: enctypes
+--
+DROP TABLE "enctypes" CASCADE;
+CREATE TABLE "enctypes" (
+ "en_name" character varying(255) NOT NULL,
+ PRIMARY KEY ("en_name")
+);
+
+--
+-- Table: flags
+--
+DROP TABLE "flags" CASCADE;
+CREATE TABLE "flags" (
+ "fl_type" character varying(16) NOT NULL,
+ "fl_name" character varying(255) NOT NULL,
+ "fl_flag" character varying NOT NULL,
+ PRIMARY KEY ("fl_type", "fl_name", "fl_flag")
+);
+
+--
+-- Table: keytab_enctypes
+--
+DROP TABLE "keytab_enctypes" CASCADE;
+CREATE TABLE "keytab_enctypes" (
+ "ke_name" character varying(255) NOT NULL,
+ "ke_enctype" character varying(255) NOT NULL,
+ PRIMARY KEY ("ke_name", "ke_enctype")
+);
+
+--
+-- Table: keytab_sync
+--
+DROP TABLE "keytab_sync" CASCADE;
+CREATE TABLE "keytab_sync" (
+ "ks_name" character varying(255) NOT NULL,
+ "ks_target" character varying(255) NOT NULL,
+ PRIMARY KEY ("ks_name", "ks_target")
+);
+
+--
+-- Table: sync_targets
+--
+DROP TABLE "sync_targets" CASCADE;
+CREATE TABLE "sync_targets" (
+ "st_name" character varying(255) NOT NULL,
+ PRIMARY KEY ("st_name")
+);
+
+--
+-- Table: types
+--
+DROP TABLE "types" CASCADE;
+CREATE TABLE "types" (
+ "ty_name" character varying(16) NOT NULL,
+ "ty_class" character varying(64),
+ PRIMARY KEY ("ty_name")
+);
+
+--
+-- Table: acl_entries
+--
+DROP TABLE "acl_entries" CASCADE;
+CREATE TABLE "acl_entries" (
+ "ae_id" integer NOT NULL,
+ "ae_scheme" character varying(32) NOT NULL,
+ "ae_identifier" character varying(255) NOT NULL,
+ PRIMARY KEY ("ae_id", "ae_scheme", "ae_identifier")
+);
+CREATE INDEX "acl_entries_idx_ae_scheme" on "acl_entries" ("ae_scheme");
+CREATE INDEX "acl_entries_idx_ae_id" on "acl_entries" ("ae_id");
+
+--
+-- Table: objects
+--
+DROP TABLE "objects" CASCADE;
+CREATE TABLE "objects" (
+ "ob_type" character varying(16) NOT NULL,
+ "ob_name" character varying(255) NOT NULL,
+ "ob_owner" integer,
+ "ob_acl_get" integer,
+ "ob_acl_store" integer,
+ "ob_acl_show" integer,
+ "ob_acl_destroy" integer,
+ "ob_acl_flags" integer,
+ "ob_expires" timestamp,
+ "ob_created_by" character varying(255) NOT NULL,
+ "ob_created_from" character varying(255) NOT NULL,
+ "ob_created_on" timestamp NOT NULL,
+ "ob_stored_by" character varying(255),
+ "ob_stored_from" character varying(255),
+ "ob_stored_on" timestamp,
+ "ob_downloaded_by" character varying(255),
+ "ob_downloaded_from" character varying(255),
+ "ob_downloaded_on" timestamp,
+ "ob_comment" character varying(255),
+ PRIMARY KEY ("ob_name", "ob_type")
+);
+CREATE INDEX "objects_idx_ob_acl_destroy" on "objects" ("ob_acl_destroy");
+CREATE INDEX "objects_idx_ob_acl_flags" on "objects" ("ob_acl_flags");
+CREATE INDEX "objects_idx_ob_acl_get" on "objects" ("ob_acl_get");
+CREATE INDEX "objects_idx_ob_owner" on "objects" ("ob_owner");
+CREATE INDEX "objects_idx_ob_acl_show" on "objects" ("ob_acl_show");
+CREATE INDEX "objects_idx_ob_acl_store" on "objects" ("ob_acl_store");
+CREATE INDEX "objects_idx_ob_type" on "objects" ("ob_type");
+
+--
+-- Table: object_history
+--
+DROP TABLE "object_history" CASCADE;
+CREATE TABLE "object_history" (
+ "oh_id" serial NOT NULL,
+ "oh_type" character varying(16) NOT NULL,
+ "oh_name" character varying(255) NOT NULL,
+ "oh_action" character varying(16) NOT NULL,
+ "oh_field" character varying(16),
+ "oh_type_field" character varying(255),
+ "oh_old" character varying(255),
+ "oh_new" character varying(255),
+ "oh_by" character varying(255) NOT NULL,
+ "oh_from" character varying(255) NOT NULL,
+ "oh_on" timestamp NOT NULL,
+ PRIMARY KEY ("oh_id")
+);
+CREATE INDEX "object_history_idx_oh_type_oh_name" on "object_history" ("oh_type", "oh_name");
+
+--
+-- Foreign Key Definitions
+--
+
+ALTER TABLE "acl_entries" ADD FOREIGN KEY ("ae_scheme")
+ REFERENCES "acl_schemes" ("as_name") DEFERRABLE;
+
+ALTER TABLE "acl_entries" ADD FOREIGN KEY ("ae_id")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_acl_destroy")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_acl_flags")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_acl_get")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_owner")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_acl_show")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_acl_store")
+ REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD FOREIGN KEY ("ob_type")
+ REFERENCES "types" ("ty_name") DEFERRABLE;
+
+ALTER TABLE "object_history" ADD FOREIGN KEY ("oh_type", "oh_name")
+ REFERENCES "objects" ("ob_type", "ob_name") DEFERRABLE;
+
diff --git a/perl/sql/Wallet-Schema-0.08-SQLite.sql b/perl/sql/Wallet-Schema-0.08-SQLite.sql
new file mode 100644
index 0000000..f581a4c
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.08-SQLite.sql
@@ -0,0 +1,223 @@
+--
+-- Created by SQL::Translator::Producer::SQLite
+-- Created on Fri Jan 25 14:12:02 2013
+--
+-- Copyright 2012, 2013
+-- The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+
+BEGIN TRANSACTION;
+
+--
+-- Table: acl_history
+--
+DROP TABLE IF EXISTS acl_history;
+
+CREATE TABLE acl_history (
+ ah_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ ah_acl integer NOT NULL,
+ ah_action varchar(16) NOT NULL,
+ ah_scheme varchar(32),
+ ah_identifier varchar(255),
+ ah_by varchar(255) NOT NULL,
+ ah_from varchar(255) NOT NULL,
+ ah_on datetime NOT NULL
+);
+
+--
+-- Table: acl_schemes
+--
+DROP TABLE IF EXISTS acl_schemes;
+
+CREATE TABLE acl_schemes (
+ as_name varchar(32) NOT NULL,
+ as_class varchar(64),
+ PRIMARY KEY (as_name)
+);
+
+--
+-- Table: acls
+--
+DROP TABLE IF EXISTS acls;
+
+CREATE TABLE acls (
+ ac_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ ac_name varchar(255) NOT NULL
+);
+
+CREATE UNIQUE INDEX ac_name ON acls (ac_name);
+
+--
+-- Table: enctypes
+--
+DROP TABLE IF EXISTS enctypes;
+
+CREATE TABLE enctypes (
+ en_name varchar(255) NOT NULL,
+ PRIMARY KEY (en_name)
+);
+
+--
+-- Table: flags
+--
+DROP TABLE IF EXISTS flags;
+
+CREATE TABLE flags (
+ fl_type varchar(16) NOT NULL,
+ fl_name varchar(255) NOT NULL,
+ fl_flag varchar(32) NOT NULL,
+ PRIMARY KEY (fl_type, fl_name, fl_flag)
+);
+
+--
+-- Table: keytab_enctypes
+--
+DROP TABLE IF EXISTS keytab_enctypes;
+
+CREATE TABLE keytab_enctypes (
+ ke_name varchar(255) NOT NULL,
+ ke_enctype varchar(255) NOT NULL,
+ PRIMARY KEY (ke_name, ke_enctype)
+);
+
+--
+-- Table: keytab_sync
+--
+DROP TABLE IF EXISTS keytab_sync;
+
+CREATE TABLE keytab_sync (
+ ks_name varchar(255) NOT NULL,
+ ks_target varchar(255) NOT NULL,
+ PRIMARY KEY (ks_name, ks_target)
+);
+
+--
+-- Table: sync_targets
+--
+DROP TABLE IF EXISTS sync_targets;
+
+CREATE TABLE sync_targets (
+ st_name varchar(255) NOT NULL,
+ PRIMARY KEY (st_name)
+);
+
+--
+-- Table: types
+--
+DROP TABLE IF EXISTS types;
+
+CREATE TABLE types (
+ ty_name varchar(16) NOT NULL,
+ ty_class varchar(64),
+ PRIMARY KEY (ty_name)
+);
+
+--
+-- Table: acl_entries
+--
+DROP TABLE IF EXISTS acl_entries;
+
+CREATE TABLE acl_entries (
+ ae_id integer NOT NULL,
+ ae_scheme varchar(32) NOT NULL,
+ ae_identifier varchar(255) NOT NULL,
+ PRIMARY KEY (ae_id, ae_scheme, ae_identifier),
+ FOREIGN KEY(ae_scheme) REFERENCES acl_schemes(as_name),
+ FOREIGN KEY(ae_id) REFERENCES acls(ac_id)
+);
+
+CREATE INDEX acl_entries_idx_ae_scheme ON acl_entries (ae_scheme);
+
+CREATE INDEX acl_entries_idx_ae_id ON acl_entries (ae_id);
+
+--
+-- Table: objects
+--
+DROP TABLE IF EXISTS objects;
+
+CREATE TABLE objects (
+ ob_type varchar(16) NOT NULL,
+ ob_name varchar(255) NOT NULL,
+ ob_owner integer,
+ ob_acl_get integer,
+ ob_acl_store integer,
+ ob_acl_show integer,
+ ob_acl_destroy integer,
+ ob_acl_flags integer,
+ ob_expires datetime,
+ ob_created_by varchar(255) NOT NULL,
+ ob_created_from varchar(255) NOT NULL,
+ ob_created_on datetime NOT NULL,
+ ob_stored_by varchar(255),
+ ob_stored_from varchar(255),
+ ob_stored_on datetime,
+ ob_downloaded_by varchar(255),
+ ob_downloaded_from varchar(255),
+ ob_downloaded_on datetime,
+ ob_comment varchar(255),
+ PRIMARY KEY (ob_name, ob_type),
+ FOREIGN KEY(ob_acl_destroy) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_flags) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_get) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_owner) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_show) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_acl_store) REFERENCES acls(ac_id),
+ FOREIGN KEY(ob_type) REFERENCES types(ty_name)
+);
+
+CREATE INDEX objects_idx_ob_acl_destroy ON objects (ob_acl_destroy);
+
+CREATE INDEX objects_idx_ob_acl_flags ON objects (ob_acl_flags);
+
+CREATE INDEX objects_idx_ob_acl_get ON objects (ob_acl_get);
+
+CREATE INDEX objects_idx_ob_owner ON objects (ob_owner);
+
+CREATE INDEX objects_idx_ob_acl_show ON objects (ob_acl_show);
+
+CREATE INDEX objects_idx_ob_acl_store ON objects (ob_acl_store);
+
+CREATE INDEX objects_idx_ob_type ON objects (ob_type);
+
+--
+-- Table: object_history
+--
+DROP TABLE IF EXISTS object_history;
+
+CREATE TABLE object_history (
+ oh_id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+ oh_type varchar(16) NOT NULL,
+ oh_name varchar(255) NOT NULL,
+ oh_action varchar(16) NOT NULL,
+ oh_field varchar(16),
+ oh_type_field varchar(255),
+ oh_old varchar(255),
+ oh_new varchar(255),
+ oh_by varchar(255) NOT NULL,
+ oh_from varchar(255) NOT NULL,
+ oh_on datetime NOT NULL,
+ FOREIGN KEY(oh_type) REFERENCES objects(ob_type)
+);
+
+CREATE INDEX object_history_idx_oh_type_oh_name ON object_history (oh_type, oh_name);
+
+COMMIT;
diff --git a/perl/t/acl.t b/perl/t/acl.t
index f169eb5..26b4903 100755
--- a/perl/t/acl.t
+++ b/perl/t/acl.t
@@ -3,7 +3,8 @@
# Tests for the wallet ACL API.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -29,30 +30,30 @@ db_setup;
my $setup = eval { Wallet::Admin->new };
is ($@, '', 'Database connection succeeded');
is ($setup->reinitialize ($setup), 1, 'Database initialization succeeded');
-my $dbh = $setup->dbh;
+my $schema = $setup->schema;
# Test create and new.
-my $acl = eval { Wallet::ACL->create ('test', $dbh, @trace) };
+my $acl = eval { Wallet::ACL->create ('test', $schema, @trace) };
ok (defined ($acl), 'ACL creation');
is ($@, '', ' with no exceptions');
ok ($acl->isa ('Wallet::ACL'), ' and the right class');
is ($acl->name, 'test', ' and the right name');
is ($acl->id, 2, ' and the right ID');
-$acl = eval { Wallet::ACL->create (3, $dbh, @trace) };
+$acl = eval { Wallet::ACL->create (3, $schema, @trace) };
ok (!defined ($acl), 'Creating with a numeric name');
is ($@, "ACL name may not be all numbers\n", ' with the right error message');
-$acl = eval { Wallet::ACL->create ('test', $dbh, @trace) };
+$acl = eval { Wallet::ACL->create ('test', $schema, @trace) };
ok (!defined ($acl), 'Creating a duplicate object');
like ($@, qr/^cannot create ACL test: /, ' with the right error message');
-$acl = eval { Wallet::ACL->new ('test2', $dbh) };
+$acl = eval { Wallet::ACL->new ('test2', $schema) };
ok (!defined ($acl), 'Searching for a non-existent ACL');
is ($@, "ACL test2 not found\n", ' with the right error message');
-$acl = eval { Wallet::ACL->new ('test', $dbh) };
+$acl = eval { Wallet::ACL->new ('test', $schema) };
ok (defined ($acl), 'Searching for the test ACL by name');
is ($@, '', ' with no exceptions');
ok ($acl->isa ('Wallet::ACL'), ' and the right class');
is ($acl->id, 2, ' and the right ID');
-$acl = eval { Wallet::ACL->new (2, $dbh) };
+$acl = eval { Wallet::ACL->new (2, $schema) };
ok (defined ($acl), 'Searching for the test ACL by ID');
is ($@, '', ' with no exceptions');
ok ($acl->isa ('Wallet::ACL'), ' and the right class');
@@ -66,15 +67,15 @@ if ($acl->rename ('example')) {
}
is ($acl->name, 'example', ' and the new name is right');
is ($acl->id, 2, ' and the ID did not change');
-$acl = eval { Wallet::ACL->new ('test', $dbh) };
+$acl = eval { Wallet::ACL->new ('test', $schema) };
ok (!defined ($acl), ' and it cannot be found under the old name');
is ($@, "ACL test not found\n", ' with the right error message');
-$acl = eval { Wallet::ACL->new ('example', $dbh) };
+$acl = eval { Wallet::ACL->new ('example', $schema) };
ok (defined ($acl), ' and it can be found with the new name');
is ($@, '', ' with no exceptions');
is ($acl->name, 'example', ' and the right name');
is ($acl->id, 2, ' and the right ID');
-$acl = eval { Wallet::ACL->new (2, $dbh) };
+$acl = eval { Wallet::ACL->new (2, $schema) };
ok (defined ($acl), ' and it can still found by ID');
is ($@, '', ' with no exceptions');
is ($acl->name, 'example', ' and the right name');
@@ -212,13 +213,13 @@ if ($acl->destroy (@trace)) {
} else {
is ($acl->error, '', 'Destroying the ACL works');
}
-$acl = eval { Wallet::ACL->new ('example', $dbh) };
+$acl = eval { Wallet::ACL->new ('example', $schema) };
ok (!defined ($acl), ' and now cannot be found');
is ($@, "ACL example not found\n", ' with the right error message');
-$acl = eval { Wallet::ACL->new (2, $dbh) };
+$acl = eval { Wallet::ACL->new (2, $schema) };
ok (!defined ($acl), ' or by ID');
is ($@, "ACL 2 not found\n", ' with the right error message');
-$acl = eval { Wallet::ACL->create ('example', $dbh, @trace) };
+$acl = eval { Wallet::ACL->create ('example', $schema, @trace) };
ok (defined ($acl), ' and creating another with the same name works');
is ($@, '', ' with no exceptions');
is ($acl->name, 'example', ' and the right name');
diff --git a/perl/t/admin.t b/perl/t/admin.t
index 074dbc6..a11b9b2 100755
--- a/perl/t/admin.t
+++ b/perl/t/admin.t
@@ -3,16 +3,18 @@
# Tests for wallet administrative interface.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010, 2011
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
-use Test::More tests => 16;
+use Test::More tests => 23;
use Wallet::Admin;
use Wallet::Report;
use Wallet::Schema;
use Wallet::Server;
+use DBI;
use lib 't/lib';
use Util;
@@ -24,6 +26,8 @@ is ($@, '', 'Wallet::Admin creation did not die');
ok ($admin->isa ('Wallet::Admin'), ' and returned the right class');
is ($admin->initialize ('admin@EXAMPLE.COM'), 1,
' and initialization succeeds');
+is ($admin->upgrade, 1, ' and upgrade succeeds (should do nothing)');
+is ($admin->error, undef, ' and there is no error');
# We have an empty database, so we should see no objects and one ACL.
my $report = Wallet::Report->new;
@@ -53,6 +57,22 @@ is ($admin->register_verifier ('base', 'Wallet::ACL::Base'), undef,
is ($server->acl_add ('ADMIN', 'base', 'foo'), 1,
' and adding a base ACL now works');
+# Test an upgrade. Reinitialize to an older version, then test upgrade to
+# the current version.
+$Wallet::Schema::VERSION = '0.07';
+is ($admin->reinitialize ('admin@EXAMPLE.COM'), 1,
+ ' and re-initialization succeeds');
+$Wallet::Schema::VERSION = '0.08';
+my $retval = $admin->upgrade;
+is ($retval, 1, 'Performing an upgrade succeeds');
+my $dbh = $admin->dbh;
+my $sql = "select version from dbix_class_schema_versions order by version "
+ ."DESC";
+$version = $dbh->selectall_arrayref ($sql);
+is (@$version, 2, ' and versions table has correct number of rows');
+is (@{ $version->[0] }, 1, ' and correct number of columns');
+is ($version->[0][0], '0.08', ' and the schema version is correct');
+
# Clean up.
is ($admin->destroy, 1, 'Destruction succeeds');
unlink 'wallet-db';
diff --git a/perl/t/config.t b/perl/t/config.t
index 6b9f226..543e5d6 100755
--- a/perl/t/config.t
+++ b/perl/t/config.t
@@ -3,7 +3,8 @@
# Tests for the wallet server configuration.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/perl/t/data/README b/perl/t/data/README
index d250d33..4ceccff 100644
--- a/perl/t/data/README
+++ b/perl/t/data/README
@@ -58,3 +58,13 @@ also need to be configured in your local krb.conf (but not krb.realms).
The test process will create the principals wallet.one and wallet.two and
on success will clean up after itself. If the test fails, they may be
left behind in the AFS kaserver.
+
+-----
+
+Copyright 2007, 2009, 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+Copying and distribution of this file, with or without modification, are
+permitted in any medium without royalty provided the copyright notice and
+this notice are preserved. This file is offered as-is, without any
+warranty.
diff --git a/perl/t/file.t b/perl/t/file.t
index a821c4f..5cb7c35 100755
--- a/perl/t/file.t
+++ b/perl/t/file.t
@@ -3,7 +3,8 @@
# Tests for the file object implementation.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -31,7 +32,7 @@ db_setup;
my $admin = eval { Wallet::Admin->new };
is ($@, '', 'Database connection succeeded');
is ($admin->reinitialize ($user), 1, 'Database initialization succeeded');
-my $dbh = $admin->dbh;
+my $schema = $admin->schema;
# Use this to accumulate the history traces so that we can check history.
my $history = '';
@@ -39,7 +40,7 @@ my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);
# Test error handling in the absence of configuration.
$object = eval {
- Wallet::Object::File->create ('file', 'test', $dbh, @trace)
+ Wallet::Object::File->create ('file', 'test', $schema, @trace)
};
ok (defined ($object), 'Creating a basic file object succeeds');
ok ($object->isa ('Wallet::Object::File'), ' and is the right class');
@@ -55,7 +56,7 @@ $Wallet::Config::FILE_BUCKET = 'test-files';
# Okay, now we can test. First, the basic object without store.
$object = eval {
- Wallet::Object::File->create ('file', 'test', $dbh, @trace)
+ Wallet::Object::File->create ('file', 'test', $schema, @trace)
};
ok (defined ($object), 'Creating a basic file object succeeds');
ok ($object->isa ('Wallet::Object::File'), ' and is the right class');
@@ -66,7 +67,7 @@ is ($object->destroy (@trace), 1, ' but destroying the object succeeds');
# Now store something and be sure that we get something reasonable.
$object = eval {
- Wallet::Object::File->create ('file', 'test', $dbh, @trace)
+ Wallet::Object::File->create ('file', 'test', $schema, @trace)
};
ok (defined ($object), 'Recreating the object succeeds');
is ($object->store ("foo\n", @trace), 1, ' and storing data in it succeeds');
@@ -103,7 +104,7 @@ ok (! -f 'test-files/09/test', ' and the file is gone');
# Now try some aggressive names.
$object = eval {
- Wallet::Object::File->create ('file', '../foo', $dbh, @trace)
+ Wallet::Object::File->create ('file', '../foo', $schema, @trace)
};
ok (defined ($object), 'Creating ../foo succeeds');
is ($object->store ("foo\n", @trace), 1, ' and storing data in it succeeds');
@@ -115,7 +116,7 @@ is ($object->get (@trace), "foo\n", ' and get returns correctly');
is ($object->destroy (@trace), 1, 'Destroying the object works');
ok (! -f 'test-files/39/%2E%2E%2Ffoo', ' and the file is gone');
$object = eval {
- Wallet::Object::File->create ('file', "\0", $dbh, @trace)
+ Wallet::Object::File->create ('file', "\0", $schema, @trace)
};
ok (defined ($object), 'Creating nul succeeds');
is ($object->store ("foo\n", @trace), 1, ' and storing data in it succeeds');
@@ -130,7 +131,7 @@ ok (! -f 'test-files/93/%00', ' and the file is gone');
# Test error handling in the file store.
system ('rm -r test-files') == 0 or die "cannot remove test-files\n";
$object = eval {
- Wallet::Object::File->create ('file', 'test', $dbh, @trace)
+ Wallet::Object::File->create ('file', 'test', $schema, @trace)
};
ok (defined ($object), 'Recreating the object succeeds');
is ($object->store ("foo\n", @trace), undef,
diff --git a/perl/t/init.t b/perl/t/init.t
index 213aedf..142f54c 100755
--- a/perl/t/init.t
+++ b/perl/t/init.t
@@ -3,7 +3,8 @@
# Tests for database initialization.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -24,7 +25,7 @@ is ($admin->initialize ('admin@EXAMPLE.COM'), 1,
' and initialization succeeds');
# Check whether the database entries that should be created were.
-my $acl = eval { Wallet::ACL->new ('ADMIN', $admin->dbh) };
+my $acl = eval { Wallet::ACL->new ('ADMIN', $admin->schema) };
is ($@, '', 'Retrieving ADMIN ACL successful');
ok ($acl->isa ('Wallet::ACL'), ' and is the right class');
my @entries = $acl->list;
@@ -38,7 +39,7 @@ is ($admin->reinitialize ('admin@EXAMPLE.ORG'), 1,
'Reinitialization succeeded');
# Now repeat the database content checks.
-$acl = eval { Wallet::ACL->new ('ADMIN', $admin->dbh) };
+$acl = eval { Wallet::ACL->new ('ADMIN', $admin->schema) };
is ($@, '', 'Retrieving ADMIN ACL successful');
ok ($acl->isa ('Wallet::ACL'), ' and is the right class');
@entries = $acl->list;
@@ -49,7 +50,7 @@ is ($entries[0][1], 'admin@EXAMPLE.ORG', ' with the right user');
# Test cleanup.
is ($admin->destroy, 1, 'Destroying the database works');
-$acl = eval { Wallet::ACL->new ('ADMIN', $admin->dbh) };
+$acl = eval { Wallet::ACL->new ('ADMIN', $admin->schema) };
like ($@, qr/^cannot search for ACL ADMIN: /,
' and now the database is gone');
unlink 'wallet-db';
diff --git a/perl/t/kadmin.t b/perl/t/kadmin.t
index a1f2876..8eabc6b 100755
--- a/perl/t/kadmin.t
+++ b/perl/t/kadmin.t
@@ -3,12 +3,13 @@
# Tests for the kadmin object implementation.
#
# Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2010, 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
use POSIX qw(strftime);
-use Test::More tests => 32;
+use Test::More tests => 34;
BEGIN { $Wallet::Config::KEYTAB_TMP = '.' }
@@ -72,7 +73,7 @@ SKIP: {
# implementation is configured. This retests some things that are also tested
# by the keytab test, but specifically through the Wallet::Kadmin API.
SKIP: {
- skip 'no keytab configuration', 14 unless -f 't/data/test.keytab';
+ skip 'no keytab configuration', 16 unless -f 't/data/test.keytab';
# Set up our configuration.
$Wallet::Config::KEYTAB_FILE = 't/data/test.keytab';
@@ -90,10 +91,12 @@ SKIP: {
is ($@, '', ' and there is no error');
is ($kadmin->destroy ('wallet/one'), 1, 'Deleting wallet/one works');
is ($kadmin->exists ('wallet/one'), 0, ' and it does not exist');
+ is ($kadmin->error, undef, ' with no error message');
# Create the principal and check that keytab returns something. We'll
# check the details of the return in the keytab check.
is ($kadmin->create ('wallet/one'), 1, 'Creating wallet/one works');
+ is ($kadmin->error, undef, ' with no error message');
is ($kadmin->exists ('wallet/one'), 1, ' and it now exists');
my $data = $kadmin->keytab_rekey ('wallet/one');
ok (defined ($data), ' and retrieving a keytab works');
diff --git a/perl/t/keytab.t b/perl/t/keytab.t
index fabdc5b..f89b2c6 100755
--- a/perl/t/keytab.t
+++ b/perl/t/keytab.t
@@ -3,16 +3,17 @@
# Tests for the keytab object implementation.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2009, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2009, 2010, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
use POSIX qw(strftime);
-use Test::More tests => 135;
+use Test::More tests => 139;
BEGIN { $Wallet::Config::KEYTAB_TMP = '.' }
+use DBI;
use Wallet::Admin;
use Wallet::Config;
use Wallet::Kadmin;
@@ -146,6 +147,7 @@ db_setup;
my $admin = eval { Wallet::Admin->new };
is ($@, '', 'Database connection succeeded');
is ($admin->reinitialize ($user), 1, 'Database initialization succeeded');
+my $schema = $admin->schema;
my $dbh = $admin->dbh;
# Use this to accumulate the history traces so that we can check history.
@@ -173,7 +175,8 @@ SKIP: {
# Test that object creation without KEYTAB_TMP fails.
undef $Wallet::Config::KEYTAB_TMP;
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
is ($object, undef, 'Creating keytab without KEYTAB_TMP fails');
is ($@, "KEYTAB_TMP configuration variable not set\n",
@@ -182,7 +185,8 @@ SKIP: {
# Okay, now we can test. First, create.
$object = eval {
- Wallet::Object::Keytab->create ('keytab', "wallet\nf", $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', "wallet\nf", $schema,
+ @trace)
};
is ($object, undef, 'Creating malformed principal fails');
if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
@@ -192,7 +196,7 @@ SKIP: {
' with the right error');
}
$object = eval {
- Wallet::Object::Keytab->create ('keytab', '', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', '', $schema, @trace)
};
is ($object, undef, 'Creating empty principal fails');
if ($Wallet::Config::KEYTAB_KRBTYPE eq 'MIT') {
@@ -201,7 +205,8 @@ SKIP: {
like ($@, qr/^error adding principal \@/, ' with the right error');
}
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
if (defined ($object)) {
ok (defined ($object), 'Creating good principal succeeds');
@@ -212,7 +217,8 @@ SKIP: {
ok (created ('wallet/one'), ' and the principal was created');
create ('wallet/two');
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/two', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/two', $schema,
+ @trace)
};
if (defined ($object)) {
ok (defined ($object), 'Creating an existing principal succeeds');
@@ -224,13 +230,13 @@ SKIP: {
is ($object->error, undef, ' with no error message');
ok (! created ('wallet/two'), ' and now it does not exist');
my @name = qw(keytab wallet-test/one);
- $object = eval { Wallet::Object::Keytab->create (@name, $dbh, @trace) };
+ $object = eval { Wallet::Object::Keytab->create (@name, $schema, @trace) };
is ($object, undef, 'Creation without permissions fails');
like ($@, qr{^error adding principal wallet-test/one\@\Q$realm: },
' with the right error');
# Now, try retrieving the keytab.
- $object = Wallet::Object::Keytab->new ('keytab', 'wallet/one', $dbh);
+ $object = Wallet::Object::Keytab->new ('keytab', 'wallet/one', $schema);
ok (defined ($object), 'Retrieving the object works');
ok ($object->isa ('Wallet::Object::Keytab'), ' and is the right type');
is ($object->flag_set ('locked', @trace), 1, ' and setting locked works');
@@ -283,7 +289,8 @@ EOO
# Test principal deletion on object destruction.
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
ok (defined ($object), 'Creating good principal succeeds');
ok (created ('wallet/one'), ' and the principal was created');
@@ -332,7 +339,8 @@ EOO
# Test configuration errors.
undef $Wallet::Config::KEYTAB_FILE;
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
is ($object, undef, 'Creating with bad configuration fails');
is ($@, "keytab object implementation not configured\n",
@@ -340,7 +348,8 @@ EOO
$Wallet::Config::KEYTAB_FILE = 't/data/test.keytab';
undef $Wallet::Config::KEYTAB_PRINCIPAL;
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
is ($object, undef, ' likewise with another missing variable');
is ($@, "keytab object implementation not configured\n",
@@ -348,7 +357,8 @@ EOO
$Wallet::Config::KEYTAB_PRINCIPAL = contents ('t/data/test.principal');
undef $Wallet::Config::KEYTAB_REALM;
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
is ($object, undef, ' and another');
is ($@, "keytab object implementation not configured\n",
@@ -356,14 +366,16 @@ EOO
$Wallet::Config::KEYTAB_REALM = contents ('t/data/test.realm');
undef $Wallet::Config::KEYTAB_KRBTYPE;
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
is ($object, undef, ' and another');
is ($@, "keytab object implementation not configured\n",
' with the right error');
$Wallet::Config::KEYTAB_KRBTYPE = 'Active Directory';
$object = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
is ($object, undef, ' and one set to an invalid value');
is ($@, "unknown KEYTAB_KRBTYPE setting: Active Directory\n",
@@ -374,7 +386,7 @@ EOO
# Tests for unchanging support. Skip these if we don't have a keytab or if we
# can't find remctld.
SKIP: {
- skip 'no keytab configuration', 27 unless -f 't/data/test.keytab';
+ skip 'no keytab configuration', 31 unless -f 't/data/test.keytab';
# Set up our configuration.
$Wallet::Config::KEYTAB_FILE = 't/data/test.keytab';
@@ -387,27 +399,29 @@ SKIP: {
# Create the objects for testing and set the unchanging flag.
my $one = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
ok (defined ($one), 'Creating wallet/one succeeds');
is ($one->flag_set ('unchanging', @trace), 1, ' and setting unchanging');
my $two = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/two', $dbh, @trace);
+ Wallet::Object::Keytab->create ('keytab', 'wallet/two', $schema,
+ @trace);
};
ok (defined ($two), 'Creating wallet/two succeeds');
is ($two->flag_set ('unchanging', @trace), 1, ' and setting unchanging');
# Finally we can test. First the MIT Kerberos tests.
SKIP: {
- skip 'skipping MIT unchanging tests for Heimdal', 12
+ skip 'skipping MIT unchanging tests for Heimdal', 16
if (lc ($Wallet::Config::KEYTAB_KRBTYPE) eq 'heimdal');
# We need remctld and Net::Remctl.
my @path = (split (':', $ENV{PATH}), '/usr/local/sbin', '/usr/sbin');
my ($remctld) = grep { -x $_ } map { "$_/remctld" } @path;
- skip 'remctld not found', 12 unless $remctld;
+ skip 'remctld not found', 16 unless $remctld;
eval { require Net::Remctl };
- skip 'Net::Remctl not available', 12 if $@;
+ skip 'Net::Remctl not available', 16 if $@;
# Now spawn our remctld server and get a ticket cache.
remctld_spawn ($remctld, $principal, 't/data/test.keytab',
@@ -441,7 +455,7 @@ SKIP: {
' and we get the same thing the second time');
is ($one->flag_clear ('unchanging', @trace), 1,
'Clearing the unchanging flag works');
- my $data = $object->get (@trace);
+ my $data = $one->get (@trace);
ok (defined ($data), ' and getting the keytab works');
ok (keytab_valid ($data, 'wallet/one'), ' and the keytab is valid');
is ($two->get (@trace), undef, 'Get for wallet/two does not work');
@@ -451,6 +465,7 @@ SKIP: {
is ($one->destroy (@trace), 1, 'Destroying wallet/one works');
is ($two->destroy (@trace), 1, ' as does destroying wallet/two');
remctld_stop;
+ unlink 'krb5cc_good';
}
# Now Heimdal. Since the keytab contains timestamps, before testing for
@@ -506,7 +521,8 @@ SKIP: {
# Test setting synchronization attributes, which can also be done without
# configuration.
my $one = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
ok (defined ($one), 'Creating wallet/one succeeds');
my $expected = <<"EOO";
@@ -583,7 +599,8 @@ SKIP: {
# Create an object for testing and determine the enctypes we have to work
# with.
my $one = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
if (defined ($one)) {
ok (1, 'Creating wallet/one succeeds');
@@ -729,7 +746,8 @@ EOO
'Setting a single enctype works');
is ($one->destroy (@trace), 1, ' and destroying the object works');
$one = eval {
- Wallet::Object::Keytab->create ('keytab', 'wallet/one', $dbh, @trace)
+ Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
+ @trace)
};
ok (defined ($one), ' as does recreating it');
@values = $one->attr ('enctypes');
diff --git a/perl/t/lib/Util.pm b/perl/t/lib/Util.pm
index 44a4d21..3e606fe 100644
--- a/perl/t/lib/Util.pm
+++ b/perl/t/lib/Util.pm
@@ -1,7 +1,8 @@
# Utility class for wallet tests.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -45,6 +46,7 @@ sub contents {
# for testing by default, but support t/data/test.database as a configuration
# file to use another database backend.
sub db_setup {
+ $Wallet::Config::DB_DDL_DIRECTORY = 'sql/';
if (-f 't/data/test.database') {
open (DB, '<', 't/data/test.database')
or die "cannot open t/data/test.database: $!";
@@ -60,6 +62,10 @@ sub db_setup {
$Wallet::Config::DB_USER = $user if $user;
$Wallet::Config::DB_PASSWORD = $password if $password;
} else {
+
+ # If we have a new SQLite db by default, disable version checking.
+ $ENV{DBIC_NO_VERSION_CHECK} = 1;
+
$Wallet::Config::DB_DRIVER = 'SQLite';
$Wallet::Config::DB_INFO = 'wallet-db';
unlink 'wallet-db';
@@ -74,6 +80,7 @@ sub db_setup {
sub getcreds {
my ($file, $principal) = @_;
my @commands = (
+ "kinit --no-afslog -k -t $file $principal >/dev/null 2>&1 </dev/null",
"kinit -k -t $file $principal >/dev/null 2>&1 </dev/null",
"kinit -t $file $principal >/dev/null 2>&1 </dev/null",
"kinit -T /bin/true -k -K $file $principal >/dev/null 2>&1 </dev/null",
diff --git a/perl/t/object.t b/perl/t/object.t
index 3949786..5eb6941 100755
--- a/perl/t/object.t
+++ b/perl/t/object.t
@@ -3,12 +3,13 @@
# Tests for the basic object implementation.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2011
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
use POSIX qw(strftime);
-use Test::More tests => 131;
+use Test::More tests => 137;
use Wallet::ACL;
use Wallet::Admin;
@@ -29,26 +30,26 @@ db_setup;
my $admin = eval { Wallet::Admin->new };
is ($@, '', 'Database connection succeeded');
is ($admin->reinitialize ($user), 1, 'Database initialization succeeded');
-my $dbh = $admin->dbh;
+my $schema = $admin->schema;
# Okay, now we have a database. Test create and new. We make believe this is
# a keytab object; it won't matter for what we're doing.
my $object = eval {
- Wallet::Object::Base->create ('keytab', $princ, $dbh, @trace)
+ Wallet::Object::Base->create ('keytab', $princ, $schema, @trace)
};
is ($@, '', 'Object creation did not die');
ok ($object->isa ('Wallet::Object::Base'), ' and returned the right class');
my $other = eval {
- Wallet::Object::Base->create ('keytab', $princ, $dbh, @trace)
+ Wallet::Object::Base->create ('keytab', $princ, $schema, @trace)
};
like ($@, qr/^cannot create object \Qkeytab:$princ: /, 'Repeating fails');
-$other = eval { Wallet::Object::Base->create ('', $princ, $dbh, @trace) };
+$other = eval { Wallet::Object::Base->create ('', $princ, $schema, @trace) };
is ($@, "invalid object type\n", 'Using an empty type fails');
-$other = eval { Wallet::Object::Base->create ('keytab', '', $dbh, @trace) };
+$other = eval { Wallet::Object::Base->create ('keytab', '', $schema, @trace) };
is ($@, "invalid object name\n", ' as does an empty name');
-$object = eval { Wallet::Object::Base->new ('keytab', "a$princ", $dbh) };
+$object = eval { Wallet::Object::Base->new ('keytab', "a$princ", $schema) };
is ($@, "cannot find keytab:a$princ\n", 'Searching for unknown object fails');
-$object = eval { Wallet::Object::Base->new ('keytab', $princ, $dbh) };
+$object = eval { Wallet::Object::Base->new ('keytab', $princ, $schema) };
is ($@, '', 'Object new did not die');
ok ($object->isa ('Wallet::Object::Base'), ' and returned the right class');
@@ -57,7 +58,7 @@ is ($object->type, 'keytab', 'Type accessor works');
is ($object->name, $princ, 'Name accessor works');
# We'll use this for later tests.
-my $acl = Wallet::ACL->new ('ADMIN', $dbh);
+my $acl = Wallet::ACL->new ('ADMIN', $schema);
# Owner.
is ($object->owner, undef, 'Owner is not set to start');
@@ -99,6 +100,23 @@ if ($object->expires ('', @trace)) {
is ($object->expires, undef, ' at which point it is cleared');
is ($object->expires ($now, @trace), 1, ' and setting it again works');
+# Comment.
+is ($object->comment, undef, 'Comment is not set to start');
+if ($object->comment ('this is a comment', @trace)) {
+ ok (1, ' and setting it works');
+} else {
+ is ($object->error, '', ' and setting it works');
+}
+is ($object->comment, 'this is a comment', ' at which point it matches');
+if ($object->comment ('', @trace)) {
+ ok (1, ' and clearing it works');
+} else {
+ is ($object->error, '', ' and clearing it works');
+}
+is ($object->comment, undef, ' at which point it is cleared');
+is ($object->comment (join (' ', ('this is a comment') x 5), @trace), 1,
+ ' and setting it again works');
+
# ACLs.
for my $type (qw/get store show destroy flags/) {
is ($object->acl ($type), undef, "ACL $type is not set to start");
@@ -203,6 +221,8 @@ my $output = <<"EOO";
Destroy ACL: ADMIN
Flags ACL: ADMIN
Expires: $now
+ Comment: this is a comment this is a comment this is a comment this is
+ a comment this is a comment
Flags: unchanging
Created by: $user
Created from: $host
@@ -223,6 +243,8 @@ $output = <<"EOO";
Destroy ACL: ADMIN
Flags ACL: ADMIN
Expires: $now
+ Comment: this is a comment this is a comment this is a comment this is
+ a comment this is a comment
Flags: locked unchanging
Created by: $user
Created from: $host
@@ -244,12 +266,12 @@ if ($object->destroy (@trace)) {
} else {
is ($object->error, '', 'Destroy is successful');
}
-$object = eval { Wallet::Object::Base->new ('keytab', $princ, $dbh) };
+$object = eval { Wallet::Object::Base->new ('keytab', $princ, $schema) };
is ($@, "cannot find keytab:$princ\n", ' and object is all gone');
# Test history.
$object = eval {
- Wallet::Object::Base->create ('keytab', $princ, $dbh, @trace)
+ Wallet::Object::Base->create ('keytab', $princ, $schema, @trace)
};
ok (defined ($object), 'Recreating the object succeeds');
$output = <<"EOO";
@@ -267,6 +289,12 @@ $date unset expires (was $now)
by $user from $host
$date set expires to $now
by $user from $host
+$date set comment to this is a comment
+ by $user from $host
+$date unset comment (was this is a comment)
+ by $user from $host
+$date set comment to this is a comment this is a comment this is a comment this is a comment this is a comment
+ by $user from $host
$date set acl_get to ADMIN (1)
by $user from $host
$date unset acl_get (was ADMIN (1))
diff --git a/perl/t/pod.t b/perl/t/pod.t
index c467b82..dc5f468 100755
--- a/perl/t/pod.t
+++ b/perl/t/pod.t
@@ -3,7 +3,8 @@
# Test POD formatting for the wallet Perl modules.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/perl/t/report.t b/perl/t/report.t
index 363db20..a6b85df 100755
--- a/perl/t/report.t
+++ b/perl/t/report.t
@@ -3,7 +3,8 @@
# Tests for the wallet reporting interface.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -145,7 +146,7 @@ is (scalar (@lines), 1, 'Searching for objects owned by ADMIN finds one');
is ($lines[0][0], 'base', ' and it has the right type');
is ($lines[0][1], 'service/admin', ' and the right name');
@lines = $report->objects ('owner', 'null');
-is (scalar (@lines), 1, 'Searching for objects with no set ownerfinds one');
+is (scalar (@lines), 1, 'Searching for objects with no set owner finds one');
is ($lines[0][0], 'base', ' and it has the right type');
is ($lines[0][1], 'service/null', ' and the right name');
@lines = $report->objects ('acl', 'ADMIN');
diff --git a/perl/t/schema.t b/perl/t/schema.t
deleted file mode 100755
index 40759db..0000000
--- a/perl/t/schema.t
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Tests for the wallet schema class.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
-
-use Test::More tests => 8;
-
-use DBI;
-use Wallet::Config;
-use Wallet::Schema;
-
-use lib 't/lib';
-use Util;
-
-my $schema = Wallet::Schema->new;
-ok (defined $schema, 'Wallet::Schema creation');
-ok ($schema->isa ('Wallet::Schema'), ' and class verification');
-my @sql = $schema->sql;
-ok (@sql > 0, 'sql() returns something');
-is (scalar (@sql), 29, ' and returns the right number of statements');
-
-# Connect to a database and test create.
-db_setup;
-my $connect = "DBI:${Wallet::Config::DB_DRIVER}:${Wallet::Config::DB_INFO}";
-my $user = $Wallet::Config::DB_USER;
-my $password = $Wallet::Config::DB_PASSWORD;
-$dbh = DBI->connect ($connect, $user, $password);
-if (not defined $dbh) {
- die "cannot connect to database $connect: $DBI::errstr\n";
-}
-$dbh->{RaiseError} = 1;
-$dbh->{PrintError} = 0;
-eval { $schema->create ($dbh) };
-is ($@, '', "create() doesn't die");
-
-# Test dropping the database.
-eval { $schema->drop ($dbh) };
-is ($@, '', "drop() doesn't die");
-
-# Make sure all the tables are gone.
-SKIP: {
- if (lc ($Wallet::Config::DB_DRIVER) eq 'sqlite') {
- my $sql = "select name from sqlite_master where type = 'table'";
- my $sth = $dbh->prepare ($sql);
- $sth->execute;
- my ($table, @tables);
- while (defined ($table = $sth->fetchrow_array)) {
- push (@tables, $table) unless $table =~ /^sqlite_/;
- }
- is ("@tables", '', ' and there are no tables in the database');
- } elsif (lc ($Wallet::Config::DB_DRIVER) eq 'mysql') {
- my $sql = "show tables";
- my $sth = $dbh->prepare ($sql);
- $sth->execute;
- my ($table, @tables);
- while (defined ($table = $sth->fetchrow_array)) {
- push (@tables, $table);
- }
- is ("@tables", '', ' and there are no tables in the database');
- } else {
- skip 1;
- }
-}
-eval { $schema->create ($dbh) };
-is ($@, '', ' and we can run create again');
-
-# Clean up.
-eval { $schema->drop ($dbh) };
-unlink 'wallet-db';
diff --git a/perl/t/server.t b/perl/t/server.t
index ed92d6e..4afda51 100755
--- a/perl/t/server.t
+++ b/perl/t/server.t
@@ -3,11 +3,12 @@
# Tests for the wallet server API.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010, 2011, 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
-use Test::More tests => 355;
+use Test::More tests => 382;
use POSIX qw(strftime);
use Wallet::Admin;
@@ -35,8 +36,8 @@ is ($setup->reinitialize ($admin), 1, 'Database initialization succeeded');
$server = eval { Wallet::Server->new (@trace) };
is ($@, '', 'Reopening with new did not die');
ok ($server->isa ('Wallet::Server'), ' and returned the right class');
-my $dbh = $server->dbh;
-ok (defined ($dbh), ' and returns a defined database handle');
+my $schema = $server->schema;
+ok (defined ($schema), ' and returns a defined schema object');
# Allow creation of base objects for testing purposes.
$setup->register_object ('base', 'Wallet::Object::Base');
@@ -65,7 +66,9 @@ is ($result, $history, ' including by number');
is ($server->acl_create (3), undef, 'Cannot create ACL with a numeric name');
is ($server->error, 'ACL name may not be all numbers',
' and returns the right error');
+is ($server->acl_check ('user1'), 0, 'user1 ACL does not exist');
is ($server->acl_create ('user1'), 1, 'Can create regular ACL');
+is ($server->acl_check ('user1'), 1, 'user1 now exists');
is ($server->acl_show ('user1'), "Members of ACL user1 (id: 2) are:\n",
' and show works');
is ($server->acl_create ('user1'), undef, ' but not twice');
@@ -94,8 +97,10 @@ is ($server->acl_history ('test'), undef, ' and history fails');
is ($server->error, 'ACL test not found', ' and returns the right error');
is ($server->acl_destroy ('test'), undef, 'Destroying the old name fails');
is ($server->error, 'ACL test not found', ' and returns the right error');
-is ($server->acl_destroy ('test2'), 1, ' but destroying another one works');
+is ($server->acl_check ('test2'), 1, ' but the other ACL exists');
+is ($server->acl_destroy ('test2'), 1, ' and destroying it works');
is ($server->acl_destroy ('test2'), undef, ' but not twice');
+is ($server->acl_check ('test2'), 0, ' and now it does not exist');
is ($server->error, 'ACL test2 not found', ' and returns the right error');
is ($server->acl_add ('user1', 'krb4', $user1), undef,
'Adding with a bad scheme fails');
@@ -199,6 +204,24 @@ is ($server->check ('base', 'service/test'), 0,
is ($server->destroy ('base', 'service/test'), undef, ' but not twice');
is ($server->error, 'cannot find base:service/test', ' with the right error');
+# Test manipulating comments.
+is ($server->comment ('base', 'service/test'), undef,
+ 'Retrieving comment on an unknown object fails');
+is ($server->error, 'cannot find base:service/test', ' with the right error');
+is ($server->comment ('base', 'service/test', 'this is a comment'), undef,
+ ' and setting it also fails');
+is ($server->error, 'cannot find base:service/test', ' with the right error');
+is ($server->comment ('base', 'service/admin'), undef,
+ 'Retrieving comment for the right object returns undef');
+is ($server->error, undef, ' but there is no error');
+is ($server->comment ('base', 'service/admin', 'this is a comment'), 1,
+ ' and we can set it');
+is ($server->comment ('base', 'service/admin'), 'this is a comment',
+ ' and get the value back');
+is ($server->comment ('base', 'service/admin', ''), 1, ' and clear it');
+is ($server->comment ('base', 'service/admin'), undef, ' and now it is gone');
+is ($server->error, undef, ' and still no error');
+
# Test manipulating expires.
my $now = strftime ('%Y-%m-%d %T', localtime time);
is ($server->expires ('base', 'service/test'), undef,
@@ -393,6 +416,10 @@ is ($server->flag_clear ('base', 'service/admin', 'unchanging'), 1,
$history = <<"EOO";
DATE create
by $admin from $host
+DATE set comment to this is a comment
+ by $admin from $host
+DATE unset comment (was this is a comment)
+ by $admin from $host
DATE set expires to $now
by $admin from $host
DATE unset expires (was $now)
@@ -470,10 +497,6 @@ is ($server->create ('base', 'service/test'), undef,
' nor can we create objects');
is ($server->error, "$user1 not authorized to create base:service/test",
' with error');
-is ($server->destroy ('base', 'service/user1'), undef,
- ' or destroy objects');
-is ($server->error, "$user1 not authorized to destroy base:service/user1",
- ' with error');
is ($server->owner ('base', 'service/user1', 'user2'), undef,
' or set the owner');
is ($server->error,
@@ -510,12 +533,15 @@ is ($server->store ('base', 'service/user1', 'stuff'), undef,
is ($server->error,
"cannot store base:service/user1: object type is immutable",
' and the method is called');
+is ($server->comment ('base', 'service/user1', 'this is a comment'), 1,
+ ' and set a comment');
$show = $server->show ('base', 'service/user1');
$show =~ s/(Created on:) [\d-]+ [\d:]+$/$1 0/m;
$expected = <<"EOO";
Type: base
Name: service/user1
Owner: user1
+ Comment: this is a comment
Created by: $admin
Created from: $host
Created on: 0
@@ -529,6 +555,8 @@ DATE create
by $admin from $host
DATE set owner to user1 (2)
by $admin from $host
+DATE set comment to this is a comment
+ by $user1 from $host
EOO
$seen = $server->history ('base', 'service/user1');
$seen =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
@@ -566,6 +594,11 @@ is ($server->attr ('base', 'service/user2', 'foo', ''), undef,
is ($server->error,
"$user1 not authorized to set attributes for base:service/user2",
' with the right error');
+is ($server->comment ('base', 'service/user2', 'this is a comment'), undef,
+ ' and set comment');
+is ($server->error,
+ "$user1 not authorized to set comment for base:service/user2",
+ ' with the right error');
# And only some things on an object we own with some ACLs.
$result = eval { $server->get ('base', 'service/both') };
@@ -702,8 +735,27 @@ is ($server->history ('base', 'service/user1'), undef,
' or see history for it');
is ($server->error, "$user2 not authorized to show base:service/user1",
' with the right error');
+is ($server->comment ('base', 'service/user1', 'this is a comment'), undef,
+ ' or set a comment for it');
+is ($server->error,
+ "$user2 not authorized to set comment for base:service/user1",
+ ' with the right error');
-# And only some things on an object we own with some ACLs.
+# Test that setting a comment is controlled by the owner but retrieving it is
+# controlled by the show ACL.
+$result = eval { $server->get ('base', 'service/both') };
+is ($result, undef, 'We can get an object we jointly own');
+is ($@, "Do not instantiate Wallet::Object::Base directly\n",
+ ' and the method is called');
+is ($server->comment ('base', 'service/both', 'this is a comment'), 1,
+ ' and can set a comment on it');
+is ($server->error, undef, ' with no error');
+is ($server->comment ('base', 'service/both'), undef,
+ ' but cannot see the comment on it');
+is ($server->error, "$user2 not authorized to show base:service/both",
+ ' with the right error');
+
+# And can only do some things on an object we own with some ACLs.
$result = eval { $server->get ('base', 'service/both') };
is ($result, undef, 'We can get an object we jointly own');
is ($@, "Do not instantiate Wallet::Object::Base directly\n",
@@ -745,6 +797,12 @@ is ($server->store ('base', 'service/both', 'stuff'), undef,
' or store it');
is ($server->error, 'cannot find base:service/both', ' because it is gone');
+# Switch back to user1 and test destroy.
+$server = eval { Wallet::Server->new ($user1, $host) };
+is ($@, '', 'Switching users works');
+is ($server->destroy ('base', 'service/user1'), 1,
+ 'Destroy of an object we own with no destroy ACLs works');
+
# Test default ACLs on object creation.
#
# Create a default_acl sub that permits $user2 to create service/default with
@@ -780,8 +838,10 @@ sub default_owner {
}
package main;
-# We're still user2, so we should now be able to create service/default. Make
-# sure we can and that the ACLs all look good.
+# Switch back to user2, so we should now be able to create service/default.
+# Make sure we can and that the ACLs all look good.
+$server = eval { Wallet::Server->new ($user2, $host) };
+is ($@, '', 'Switching users works');
is ($server->create ('base', 'service/default'), undef,
'Creating an object with the default ACL fails');
is ($server->error, "$user2 not authorized to create base:service/default",
@@ -974,5 +1034,5 @@ is ($@, "database connection information not configured\n",
' or if DB_INFO is not set');
$Wallet::Config::DB_INFO = 't';
$server = eval { Wallet::Server->new ($user2, $host) };
-like ($@, qr/^cannot connect to database: /,
+like ($@, qr/unable to open database file/,
' or if the database connection fails');
diff --git a/perl/t/stanford-naming.t b/perl/t/stanford-naming.t
new file mode 100755
index 0000000..3b9ea60
--- /dev/null
+++ b/perl/t/stanford-naming.t
@@ -0,0 +1,257 @@
+#!/usr/bin/perl
+#
+# Tests for the Stanford naming policy.
+#
+# The naming policy code is included primarily an example for non-Stanford
+# sites, but it's used at Stanford and this test suite is used to verify
+# behavior at Stanford.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+use 5.008;
+use strict;
+use warnings;
+
+use Test::More tests => 99;
+
+use lib 't/lib';
+use Util;
+
+# Load the naming policy module.
+BEGIN {
+ use_ok('Wallet::Admin');
+ use_ok('Wallet::Policy::Stanford', qw(default_owner verify_name));
+ use_ok('Wallet::Server');
+}
+
+# Various valid keytab names.
+my @VALID_KEYTABS = qw(host/example.stanford.edu HTTP/example.stanford.edu
+ service/example example/cgi class-example01/cgi dept-01example/cgi
+ group-example-01/cgi);
+
+# Various invalid keytab names.
+my @INVALID_KEYTABS = qw(example host/example service/example.stanford.edu
+ thisistoolong/cgi not-valid/cgi unknown/example.stanford.edu);
+
+# Various valid file names.
+my @VALID_FILES = qw(htpasswd/example.stanford.edu/web
+ password-ipmi/example.stanford.edu
+ password-root/example.stanford.edu
+ password-tivoli/example.stanford.edu
+ ssh-dsa/example.stanford.edu
+ ssh-rsa/example.stanford.edu
+ ssl-key/example.stanford.edu
+ ssl-key/example.stanford.edu/mysql
+ ssl-keypair/example.stanford.edu
+ ssl-keypair/example.stanford.edu/mysql
+ tivoli-key/example.stanford.edu
+ config/its-idg/example/foo
+ db/its-idg/example/s_foo
+ gpg-key/its-idg/debian
+ password/its-idg/example/backup
+ properties/its-idg/accounts
+ properties/its-idg/accounts/sponsorship
+ ssl-keystore/its-idg/accounts
+ ssl-keystore/its-idg/accounts/sponsorship
+ ssl-pkcs12/its-idg/accounts
+ ssl-pkcs12/its-idg/accounts/sponsorship);
+
+# Various valid legacy file names.
+my @VALID_LEGACY_FILES = qw(apps-example-config-file crcsg-example-db-s_example
+ idg-debian-gpg-key idg-devnull-password-root sulair-accounts-properties
+ idg-accounts-ssl-keystore idg-accounts-ssl-pkcs12
+ crcsg-example-htpasswd-web sulair-example-password-ipmi
+ sulair-example-password-root sulair-example-password-tivoli
+ sulair-example-ssh-dsa sulair-example-ssh-rsa idg-mdm-ssl-key
+ idg-openafs-tivoli-key);
+
+# Various invalid file names.
+my @INVALID_FILES = qw(unknown foo-example-ssh-rsa idg-accounts-foo !!bad
+ htpasswd/example.stanford.edu htpasswd/example password-root/example
+ password-root/example.stanford.edu/foo ssh-foo/example.stanford.edu
+ tivoli-key/example.stanford.edu/foo tivoli-key config config/its-idg
+ config/its-idg/example db/its-idg/example password/its-idg/example
+ its-idg/password/example properties//accounts properties/its-idg/
+ ssl-keystore/idg/accounts);
+
+# Global variables for the wallet server setup.
+my $ADMIN = 'admin@EXAMPLE.COM';
+my $HOST = 'localhost';
+my @TRACE = ($ADMIN, $HOST);
+
+# Start by testing lots of straightforward naming validity.
+for my $name (@VALID_KEYTABS) {
+ is(verify_name('keytab', $name), undef, "Valid keytab $name");
+}
+for my $name (@INVALID_KEYTABS) {
+ isnt(verify_name('keytab', $name), undef, "Invalid keytab $name");
+}
+for my $name (@VALID_FILES) {
+ is(verify_name('file', $name), undef, "Valid file $name");
+}
+for my $name (@VALID_LEGACY_FILES) {
+ is(verify_name('file', $name), undef, "Valid file $name");
+}
+for my $name (@INVALID_FILES) {
+ isnt(verify_name('file', $name), undef, "Invalid file $name");
+}
+
+# Now we need an actual database. Use Wallet::Admin to set it up.
+db_setup;
+my $setup = eval { Wallet::Admin->new };
+is($@, q{}, 'Database initialization did not die');
+is($setup->reinitialize($ADMIN), 1, 'Database initialization succeeded');
+my $server = eval { Wallet::Server->new(@TRACE) };
+is($@, q{}, 'Server creation did not die');
+
+# Create a host/example.stanford.edu ACL that uses the netdb ACL type.
+is($server->acl_create('host/example.stanford.edu'), 1, 'Created netdb ACL');
+is(
+ $server->acl_add('host/example.stanford.edu', 'netdb',
+ 'example.stanford.edu'),
+ 1,
+ '...with netdb ACL line'
+);
+is(
+ $server->acl_add('host/example.stanford.edu', 'krb5',
+ 'host/example.stanford.edu@stanford.edu'),
+ 1,
+ '...and krb5 ACL line'
+);
+
+# Likewise for host/foo.example.edu with the netdb-root ACL type.
+is($server->acl_create('host/foo.stanford.edu'), 1, 'Created netdb-root ACL');
+is(
+ $server->acl_add('host/foo.stanford.edu', 'netdb-root',
+ 'foo.stanford.edu'),
+ 1,
+ '...with netdb-root ACL line'
+);
+is(
+ $server->acl_add('host/foo.stanford.edu', 'krb5',
+ 'host/foo.stanford.edu@stanford.edu'),
+ 1,
+ '...and krb5 ACL line'
+);
+
+# Create a group/its-idg ACL, which will be used for autocreation of file
+# objects.
+is($server->acl_create('group/its-idg'), 1, 'Created group/its-idg ACL');
+is($server->acl_add('group/its-idg', 'krb5', $ADMIN), 1, '...with member');
+
+# Now we can test default ACLs. First, without a root instance.
+local $ENV{REMOTE_USER} = $ADMIN;
+is_deeply(
+ [default_owner('keytab', 'host/bar.stanford.edu')],
+ [
+ 'host/bar.stanford.edu',
+ ['netdb', 'bar.stanford.edu'],
+ ['krb5', 'host/bar.stanford.edu@stanford.edu']
+ ],
+ 'Correct default owner for host-based keytab'
+);
+is_deeply(
+ [default_owner('keytab', 'HTTP/example.stanford.edu')],
+ [
+ 'host/example.stanford.edu',
+ ['netdb', 'example.stanford.edu'],
+ ['krb5', 'host/example.stanford.edu@stanford.edu']
+ ],
+ '...and when netdb ACL already exists'
+);
+is_deeply(
+ [default_owner('keytab', 'webauth/foo.stanford.edu')],
+ [
+ 'host/foo.stanford.edu',
+ ['netdb-root', 'foo.stanford.edu'],
+ ['krb5', 'host/foo.stanford.edu@stanford.edu']
+ ],
+ '...and when netdb-root ACL already exists'
+);
+
+# Now with a root instance.
+local $ENV{REMOTE_USER} = 'admin/root@stanford.edu';
+is_deeply(
+ [default_owner('keytab', 'host/bar.stanford.edu')],
+ [
+ 'host/bar.stanford.edu',
+ ['netdb-root', 'bar.stanford.edu'],
+ ['krb5', 'host/bar.stanford.edu@stanford.edu']
+ ],
+ 'Correct default owner for host-based keytab for /root'
+);
+is_deeply(
+ [default_owner('keytab', 'HTTP/example.stanford.edu')],
+ [
+ 'host/example.stanford.edu',
+ ['netdb-root', 'example.stanford.edu'],
+ ['krb5', 'host/example.stanford.edu@stanford.edu']
+ ],
+ '...and when netdb ACL already exists'
+);
+is_deeply(
+ [default_owner('keytab', 'webauth/foo.stanford.edu')],
+ [
+ 'host/foo.stanford.edu',
+ ['netdb-root', 'foo.stanford.edu'],
+ ['krb5', 'host/foo.stanford.edu@stanford.edu']
+ ],
+ '...and when netdb-root ACL already exists'
+);
+
+# Check for a type that isn't host-based.
+is(default_owner('keytab', 'service/foo'), undef,
+ 'No default owner for service/foo');
+
+# Check for an unknown object type.
+is(default_owner('unknown', 'foo'), undef,
+ 'No default owner for unknown type');
+
+# Check for autocreation mappings for host-based file objects.
+is_deeply(
+ [default_owner('file', 'ssl-key/example.stanford.edu')],
+ [
+ 'host/example.stanford.edu',
+ ['netdb-root', 'example.stanford.edu'],
+ ['krb5', 'host/example.stanford.edu@stanford.edu']
+ ],
+ 'Default owner for file ssl-key/example.stanford.edu',
+);
+is_deeply(
+ [default_owner('file', 'ssl-key/example.stanford.edu/mysql')],
+ [
+ 'host/example.stanford.edu',
+ ['netdb-root', 'example.stanford.edu'],
+ ['krb5', 'host/example.stanford.edu@stanford.edu']
+ ],
+ 'Default owner for file ssl-key/example.stanford.edu/mysql',
+);
+
+# Check for a file object that isn't host-based.
+is_deeply(
+ [default_owner('file', 'config/its-idg/example/foo')],
+ ['group/its-idg', ['krb5', $ADMIN]],
+ 'Default owner for file config/its-idg/example/foo',
+);
+
+# Check for legacy autocreation mappings for file objects.
+for my $type (qw(htpasswd ssh-rsa ssh-dsa ssl-key tivoli-key)) {
+ my $name = "idg-example-$type";
+ is_deeply(
+ [default_owner('file', $name)],
+ [
+ 'host/example.stanford.edu',
+ ['netdb-root', 'example.stanford.edu'],
+ ['krb5', 'host/example.stanford.edu@stanford.edu']
+ ],
+ "Default owner for file $name",
+ );
+}
+
+# Clean up.
+$setup->destroy;
+unlink 'wallet-db';
diff --git a/perl/t/verifier-ldap-attr.t b/perl/t/verifier-ldap-attr.t
new file mode 100755
index 0000000..41d6737
--- /dev/null
+++ b/perl/t/verifier-ldap-attr.t
@@ -0,0 +1,73 @@
+#!/usr/bin/perl -w
+#
+# Tests for the LDAP attribute ACL verifier.
+#
+# This test can only be run by someone local to Stanford with appropriate
+# access to the LDAP server and will be skipped in all other environments.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+use Test::More;
+
+use lib 't/lib';
+use Util;
+
+# Skip all spelling tests unless the maintainer environment variable is set.
+plan skip_all => 'LDAP verifier tests only run for maintainer'
+ unless $ENV{RRA_MAINTAINER_TESTS};
+
+# Declare a plan.
+plan tests => 10;
+
+require_ok ('Wallet::ACL::LDAP::Attribute');
+
+my $host = 'ldap.stanford.edu';
+my $base = 'cn=people,dc=stanford,dc=edu';
+my $filter = 'uid';
+my $user = 'rra@stanford.edu';
+my $attr = 'suPrivilegeGroup';
+my $value = 'stanford:stanford';
+
+# Remove the realm from principal names.
+package Wallet::Config;
+sub ldap_map_principal {
+ my ($principal) = @_;
+ $principal =~ s/\@.*//;
+ return $principal;
+}
+package main;
+
+# Determine the local principal.
+my $klist = `klist 2>&1` || '';
+SKIP: {
+ skip "tests useful only with Stanford Kerberos tickets", 4
+ unless ($klist =~ /[Pp]rincipal: \S+\@stanford\.edu$/m);
+
+ # Set up our configuration.
+ $Wallet::Config::LDAP_HOST = $host;
+ $Wallet::Config::LDAP_CACHE = $ENV{KRB5CCNAME};
+ $Wallet::Config::LDAP_BASE = $base;
+ $Wallet::Config::LDAP_FILTER_ATTR = $filter;
+
+ # Finally, we can test.
+ my $verifier = eval { Wallet::ACL::LDAP::Attribute->new };
+ isa_ok ($verifier, 'Wallet::ACL::LDAP::Attribute');
+ is ($verifier->check ($user, "$attr=$value"), 1,
+ "Checking $attr=$value succeeds");
+ is ($verifier->error, undef, '...with no error');
+ is ($verifier->check ($user, "$attr=BOGUS"), 0,
+ "Checking $attr=BOGUS fails");
+ is ($verifier->error, undef, '...with no error');
+ is ($verifier->check ($user, "BOGUS=$value"), undef,
+ "Checking BOGUS=$value fails with error");
+ is ($verifier->error,
+ 'cannot check LDAP attribute BOGUS for rra: Undefined attribute type',
+ '...with correct error');
+ is ($verifier->check ('user-does-not-exist', "$attr=$value"), 0,
+ "Checking for nonexistent user fails");
+ is ($verifier->error, undef, '...with no error');
+}
diff --git a/perl/t/verifier-netdb.t b/perl/t/verifier-netdb.t
index 6bd4e73..398cc6a 100755
--- a/perl/t/verifier-netdb.t
+++ b/perl/t/verifier-netdb.t
@@ -7,7 +7,8 @@
# environments.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/perl/t/verifier.t b/perl/t/verifier.t
index f56f5fa..75f1afa 100755
--- a/perl/t/verifier.t
+++ b/perl/t/verifier.t
@@ -3,7 +3,8 @@
# Tests for the basic wallet ACL verifiers.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/perl/t/wa-keyring.t b/perl/t/wa-keyring.t
new file mode 100755
index 0000000..3011d54
--- /dev/null
+++ b/perl/t/wa-keyring.t
@@ -0,0 +1,175 @@
+#!/usr/bin/perl
+#
+# Tests for the WebAuth keyring object implementation.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+use strict;
+use warnings;
+
+use POSIX qw(strftime);
+use Test::More tests => 68;
+use WebAuth 3.06 qw(WA_KEY_AES WA_AES_128);
+use WebAuth::Key 1.01 ();
+use WebAuth::Keyring 1.02 ();
+
+BEGIN {
+ use_ok('Wallet::Admin');
+ use_ok('Wallet::Config');
+ use_ok('Wallet::Object::WAKeyring');
+}
+
+use lib 't/lib';
+use Util;
+
+# Some global defaults to use.
+my $user = 'admin@EXAMPLE.COM';
+my $host = 'localhost';
+my @trace = ($user, $host, time);
+
+# Flush all output immediately.
+$| = 1;
+
+# Use Wallet::Admin to set up the database.
+system ('rm -rf test-keyrings') == 0 or die "cannot remove test-keyrings\n";
+db_setup;
+my $admin = eval { Wallet::Admin->new };
+is ($@, '', 'Database connection succeeded');
+is ($admin->reinitialize ($user), 1, 'Database initialization succeeded');
+my $schema = $admin->schema;
+
+# Create a WebAuth context to use.
+my $wa = WebAuth->new;
+
+# Test error handling in the absence of configuration.
+my $object = eval {
+ Wallet::Object::WAKeyring->create ('wa-keyring', 'test', $schema, @trace)
+ };
+ok (defined ($object), 'Creating a basic WebAuth keyring object succeeds');
+ok ($object->isa ('Wallet::Object::WAKeyring'), ' and is the right class');
+is ($object->get (@trace), undef, ' and get fails');
+is ($object->error, 'WebAuth keyring support not configured',
+ ' with the right error');
+is ($object->store (@trace), undef, ' and store fails');
+is ($object->error, 'WebAuth keyring support not configured',
+ ' with the right error');
+is ($object->destroy (@trace), 1, ' but destroy succeeds');
+
+# Set up our configuration.
+mkdir 'test-keyrings' or die "cannot create test-keyrings: $!\n";
+$Wallet::Config::WAKEYRING_BUCKET = 'test-keyrings';
+
+# Okay, now we can test. First, the basic object without store.
+$object = eval {
+ Wallet::Object::WAKeyring->create ('wa-keyring', 'test', $schema, @trace)
+ };
+ok (defined ($object), 'Creating a basic WebAuth keyring object succeeds');
+ok ($object->isa ('Wallet::Object::WAKeyring'), ' and is the right class');
+my $data = $object->get (@trace);
+ok ($data, ' and get succeeds');
+my $keyring = WebAuth::Keyring->decode ($wa, $data);
+ok ($keyring->isa ('WebAuth::Keyring'), ' and resulting keyring decodes');
+my @entries = $keyring->entries;
+is (scalar (@entries), 3, ' and has three entries');
+is ($entries[0]->creation, 0, 'First has good creation');
+is ($entries[0]->key->type, WA_KEY_AES, ' and key type');
+is ($entries[0]->key->length, WA_AES_128, ' and key length');
+is ($entries[0]->valid_after, 0, ' and validity');
+ok ((time - $entries[1]->creation) < 2, 'Second has good creation');
+is ($entries[1]->key->type, WA_KEY_AES, ' and key type');
+is ($entries[1]->key->length, WA_AES_128, ' and key length');
+ok (($entries[1]->valid_after - time) <= 60 * 60 * 24,
+ ' and validity (upper)');
+ok (($entries[1]->valid_after - time) > 60 * 60 * 24 - 2,
+ ' and validity (lower)');
+ok ((time - $entries[2]->creation) < 2, 'Third has good creation');
+is ($entries[2]->key->type, WA_KEY_AES, ' and key type');
+is ($entries[2]->key->length, WA_AES_128, ' and key length');
+ok (($entries[2]->valid_after - time) <= 2 * 60 * 60 * 24,
+ ' and validity (upper)');
+ok (($entries[2]->valid_after - time) > 2 * 60 * 60 * 24 - 2,
+ ' and validity (lower)');
+my $data2 = $object->get (@trace);
+is ($data2, $data, 'Getting the object again returns the same data');
+is ($object->error, undef, ' with no error');
+is ($object->destroy (@trace), 1, 'Destroying the object succeeds');
+
+# Now store something and be sure that we get something reasonable.
+$object = eval {
+ Wallet::Object::WAKeyring->create ('wa-keyring', 'test', $schema, @trace)
+ };
+ok (defined ($object), 'Recreating the object succeeds');
+my $key = WebAuth::Key->new ($wa, WA_KEY_AES, WA_AES_128);
+$keyring = WebAuth::Keyring->new ($wa, $key);
+$data = $keyring->encode;
+is ($object->store ($data, @trace), 1, ' and storing data in it succeeds');
+ok (-d 'test-keyrings/09', ' and the hash bucket was created');
+ok (-f 'test-keyrings/09/test', ' and the file exists');
+is (contents ('test-keyrings/09/test'), $data, ' with the right contents');
+$data = $object->get (@trace);
+$keyring = WebAuth::Keyring->decode ($wa, $data);
+ok ($keyring->isa ('WebAuth::Keyring'), ' and get returns a valid keyring');
+@entries = $keyring->entries;
+is (scalar (@entries), 2, ' and has three entries');
+is ($entries[0]->creation, 0, 'First has good creation');
+is ($entries[0]->key->type, WA_KEY_AES, ' and key type');
+is ($entries[0]->key->length, WA_AES_128, ' and key length');
+is ($entries[0]->valid_after, 0, ' and validity');
+is ($entries[0]->key->data, $key->data, ' and matches the original key');
+ok ((time - $entries[1]->creation) < 2, 'Second has good creation');
+is ($entries[1]->key->type, WA_KEY_AES, ' and key type');
+is ($entries[1]->key->length, WA_AES_128, ' and key length');
+ok (($entries[1]->valid_after - time) <= 2 * 60 * 60 * 24,
+ ' and validity (upper)');
+ok (($entries[1]->valid_after - time) > 2 * 60 * 60 * 24 - 2,
+ ' and validity (lower)');
+
+# Test pruning. Add another old key and a couple of more current keys to the
+# current keyring.
+$key = WebAuth::Key->new ($wa, WA_KEY_AES, WA_AES_128);
+$keyring->add (0, 0, $key);
+$key = WebAuth::Key->new ($wa, WA_KEY_AES, WA_AES_128);
+$keyring->add (time - 24 * 60 * 60, time - 24 * 60 * 60, $key);
+$key = WebAuth::Key->new ($wa, WA_KEY_AES, WA_AES_128);
+$keyring->add (time, time, $key);
+$data = $keyring->encode;
+is ($object->store ($data, @trace), 1, 'Storing modified keyring succeeds');
+$data = $object->get (@trace);
+$keyring = WebAuth::Keyring->decode ($wa, $data);
+ok ($keyring->isa ('WebAuth::Keyring'), ' and get returns a valid keyring');
+@entries = $keyring->entries;
+is (scalar (@entries), 3, ' and has three entries');
+ok ((time - $entries[0]->creation) < 2, 'First has good creation');
+ok (($entries[0]->valid_after - time) <= 2 * 60 * 60 * 24,
+ ' and validity (upper)');
+ok (($entries[0]->valid_after - time) > 2 * 60 * 60 * 24 - 2,
+ ' and validity (lower)');
+ok ((time - $entries[1]->creation) < 24 * 60 * 60 + 2,
+ 'Second has good creation');
+ok ((time - $entries[1]->valid_after) <= 60 * 60 * 24 + 2,
+ ' and validity');
+ok ((time - $entries[2]->creation) < 2, 'Third has good creation');
+ok ((time - $entries[2]->valid_after) < 2, ' and validity');
+is ($object->destroy (@trace), 1, 'Destroying the object succeeds');
+
+# Test error handling in the file store.
+system ('rm -r test-keyrings') == 0 or die "cannot remove test-keyrings\n";
+$object = eval {
+ Wallet::Object::WAKeyring->create ('wa-keyring', 'test', $schema, @trace)
+ };
+ok (defined ($object), 'Recreating the object succeeds');
+is ($object->get (@trace), undef, ' but retrieving it fails');
+like ($object->error, qr/^cannot create keyring bucket 09: /,
+ ' with the right error');
+is ($object->store ("foo\n", @trace), undef, ' and store fails');
+like ($object->error, qr/^cannot create keyring bucket 09: /,
+ ' with the right error');
+is ($object->destroy (@trace), 1, ' but destroying the object succeeds');
+
+# Clean up.
+$admin->destroy;
+unlink ('wallet-db');
diff --git a/portable/asprintf.c b/portable/asprintf.c
index 4219a19..0093070 100644
--- a/portable/asprintf.c
+++ b/portable/asprintf.c
@@ -4,8 +4,18 @@
* Provides the same functionality as the standard GNU library routines
* asprintf and vasprintf for those platforms that don't have them.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/portable/dummy.c b/portable/dummy.c
index 8a0d54d..50052ec 100644
--- a/portable/dummy.c
+++ b/portable/dummy.c
@@ -5,8 +5,18 @@
* supply, Automake builds an empty library and then calls ar with nonsensical
* arguments. Ensure that libportable always contains at least one symbol.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
/* Prototype to avoid gcc warnings. */
diff --git a/portable/krb5-extra.c b/portable/krb5-extra.c
index 89ccbde..849842c 100644
--- a/portable/krb5-extra.c
+++ b/portable/krb5-extra.c
@@ -6,8 +6,18 @@
* Everything in this file will be protected by #ifndef. If the native
* Kerberos libraries are fully capable, this file will be skipped.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/portable/krb5.h b/portable/krb5.h
index 3b5700b..b418ae7 100644
--- a/portable/krb5.h
+++ b/portable/krb5.h
@@ -16,8 +16,18 @@
* prefers the generic krb5_xfree(). In this case, this header provides
* krb5_free_unparsed_name() for both APIs since it's the most specific call.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#ifndef PORTABLE_KRB5_H
@@ -32,7 +42,11 @@
#endif
#include <portable/macros.h>
-#include <krb5.h>
+#ifdef HAVE_KRB5_H
+# include <krb5.h>
+#else
+# include <krb5/krb5.h>
+#endif
#include <stdlib.h>
BEGIN_DECLS
@@ -75,7 +89,7 @@ krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context,
/* Heimdal-specific. */
#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_DEFAULT_FLAGS
-#define krb5_get_init_creds_opt_set_default_flags(c, p, r, o) /* empty */
+# define krb5_get_init_creds_opt_set_default_flags(c, p, r, o) /* empty */
#endif
/*
diff --git a/portable/macros.h b/portable/macros.h
index 8d5adbd..b33d064 100644
--- a/portable/macros.h
+++ b/portable/macros.h
@@ -1,8 +1,18 @@
/*
* Portability macros used in include files.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#ifndef PORTABLE_MACROS_H
@@ -20,6 +30,29 @@
#endif
/*
+ * We use __alloc_size__, but it was only available in fairly recent versions
+ * of GCC. Suppress warnings about the unknown attribute if GCC is too old.
+ * We know that we're GCC at this point, so we can use the GCC variadic macro
+ * extension, which will still work with versions of GCC too old to have C99
+ * variadic macro support.
+ */
+#if !defined(__attribute__) && !defined(__alloc_size__)
+# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 3)
+# define __alloc_size__(spec, args...) /* empty */
+# endif
+#endif
+
+/*
+ * LLVM and Clang pretend to be GCC but don't support all of the __attribute__
+ * settings that GCC does. For them, suppress warnings about unknown
+ * attributes on declarations. This unfortunately will affect the entire
+ * compilation context, but there's no push and pop available.
+ */
+#if !defined(__attribute__) && (defined(__llvm__) || defined(__clang__))
+# pragma GCC diagnostic ignored "-Wattributes"
+#endif
+
+/*
* BEGIN_DECLS is used at the beginning of declarations so that C++
* compilers don't mangle their names. END_DECLS is used at the end.
*/
diff --git a/portable/mkstemp.c b/portable/mkstemp.c
index dd2a485..8668db1 100644
--- a/portable/mkstemp.c
+++ b/portable/mkstemp.c
@@ -4,8 +4,18 @@
* Provides the same functionality as the library function mkstemp for those
* systems that don't have it.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
@@ -27,7 +37,7 @@ int test_mkstemp(char *);
#endif
/* Pick the longest available integer type. */
-#if HAVE_LONG_LONG
+#if HAVE_LONG_LONG_INT
typedef unsigned long long long_int_type;
#else
typedef unsigned long long_int_type;
diff --git a/portable/setenv.c b/portable/setenv.c
index d66ddcd..fd2b10c 100644
--- a/portable/setenv.c
+++ b/portable/setenv.c
@@ -4,8 +4,18 @@
* Provides the same functionality as the standard library routine setenv for
* those platforms that don't have it.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
@@ -31,10 +41,9 @@ setenv(const char *name, const char *value, int overwrite)
/*
* Allocate memory for the environment string. We intentionally don't use
- * concat here, or the xmalloc family of allocation routines, since the
- * intention is to provide a replacement for the standard library function
- * which sets errno and returns in the event of a memory allocation
- * failure.
+ * the xmalloc family of allocation routines here, since the intention is
+ * to provide a replacement for the standard library function that sets
+ * errno and returns in the event of a memory allocation failure.
*/
size = strlen(name) + 1 + strlen(value) + 1;
envstring = malloc(size);
diff --git a/portable/snprintf.c b/portable/snprintf.c
index ab3121c..91c8491 100644
--- a/portable/snprintf.c
+++ b/portable/snprintf.c
@@ -8,6 +8,9 @@
* Please do not reformat or otherwise change this file more than necessary so
* that later merges with the original source are easy. Bug fixes and
* improvements should be sent back to the original author.
+ *
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*/
/*
diff --git a/portable/stdbool.h b/portable/stdbool.h
index bfbf4c4..045436f 100644
--- a/portable/stdbool.h
+++ b/portable/stdbool.h
@@ -5,13 +5,31 @@
* following the C99 specification, on hosts that don't have stdbool.h. This
* logic is based heavily on the example in the Autoconf manual.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#ifndef PORTABLE_STDBOOL_H
#define PORTABLE_STDBOOL_H 1
+/*
+ * Allow inclusion of config.h to be skipped, since sometimes we have to use a
+ * stripped-down version of config.h with a different name.
+ */
+#ifndef CONFIG_H_INCLUDED
+# include <config.h>
+#endif
+
#if HAVE_STDBOOL_H
# include <stdbool.h>
#else
diff --git a/portable/strlcat.c b/portable/strlcat.c
index f696db3..3bee4ee 100644
--- a/portable/strlcat.c
+++ b/portable/strlcat.c
@@ -9,8 +9,18 @@
* space available in the destination buffer, not just the amount of space
* remaining.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/portable/strlcpy.c b/portable/strlcpy.c
index 596e968..df75fd8 100644
--- a/portable/strlcpy.c
+++ b/portable/strlcpy.c
@@ -8,8 +8,18 @@
* total space required is returned. The destination string is not nul-filled
* like strncpy does, just nul-terminated.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/portable/system.h b/portable/system.h
index 461601b..d1ccc94 100644
--- a/portable/system.h
+++ b/portable/system.h
@@ -13,13 +13,24 @@
* #include <stddef.h>
* #include <stdint.h>
* #include <string.h>
+ * #include <strings.h>
* #include <unistd.h>
*
* Missing functions are provided via #define or prototyped if available from
* the portable helper library. Also provides some standard #defines.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#ifndef PORTABLE_SYSTEM_H
@@ -38,6 +49,9 @@
#include <stdlib.h>
#include <sys/types.h>
#include <string.h>
+#if HAVE_STRINGS_H
+# include <strings.h>
+#endif
#if HAVE_INTTYPES_H
# include <inttypes.h>
#endif
@@ -56,6 +70,38 @@
/* Get the bool type. */
#include <portable/stdbool.h>
+/* Windows provides snprintf under a different name. */
+#ifdef _WIN32
+# define snprintf _snprintf
+#endif
+
+/* Windows does not define ssize_t. */
+#ifndef HAVE_SSIZE_T
+typedef ptrdiff_t ssize_t;
+#endif
+
+/*
+ * POSIX requires that these be defined in <unistd.h>. If one of them has
+ * been defined, all the rest almost certainly have.
+ */
+#ifndef STDIN_FILENO
+# define STDIN_FILENO 0
+# define STDOUT_FILENO 1
+# define STDERR_FILENO 2
+#endif
+
+/*
+ * C99 requires va_copy. Older versions of GCC provide __va_copy. Per the
+ * Autoconf manual, memcpy is a generally portable fallback.
+ */
+#ifndef va_copy
+# ifdef __va_copy
+# define va_copy(d, s) __va_copy((d), (s))
+# else
+# define va_copy(d, s) memcpy(&(d), &(s), sizeof(va_list))
+# endif
+#endif
+
BEGIN_DECLS
/* Default to a hidden visibility for all portability functions. */
@@ -96,31 +142,4 @@ extern size_t strlcpy(char *, const char *, size_t);
END_DECLS
-/* Windows provides snprintf under a different name. */
-#ifdef _WIN32
-# define snprintf _snprintf
-#endif
-
-/*
- * POSIX requires that these be defined in <unistd.h>. If one of them has
- * been defined, all the rest almost certainly have.
- */
-#ifndef STDIN_FILENO
-# define STDIN_FILENO 0
-# define STDOUT_FILENO 1
-# define STDERR_FILENO 2
-#endif
-
-/*
- * C99 requires va_copy. Older versions of GCC provide __va_copy. Per the
- * Autoconf manual, memcpy is a generally portable fallback.
- */
-#ifndef va_copy
-# ifdef __va_copy
-# define va_copy(d, s) __va_copy((d), (s))
-# else
-# define va_copy(d, s) memcpy(&(d), &(s), sizeof(va_list))
-# endif
-#endif
-
#endif /* !PORTABLE_SYSTEM_H */
diff --git a/portable/uio.h b/portable/uio.h
index 3c9e840..3bd1f96 100644
--- a/portable/uio.h
+++ b/portable/uio.h
@@ -5,8 +5,18 @@
* (primarily Windows). Currently, the corresponding readv and writev
* functions are not provided or prototyped here.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#ifndef PORTABLE_UIO_H
diff --git a/server/keytab-backend b/server/keytab-backend
index 7b6adb4..b0116c7 100755
--- a/server/keytab-backend
+++ b/server/keytab-backend
@@ -1,6 +1,6 @@
#!/usr/bin/perl
#
-# keytab-backend -- Extract keytabs from the KDC without changing the key.
+# Extract keytabs from the KDC without changing the key.
#
# This is a remctl backend that extracts existing keys from a KDC database
# using kadmin.local. It requires a patched version of kadmin.local that
@@ -15,12 +15,6 @@
# do any additional authorization checks itself.
#
# The keytab for the extracted principal will be printed to standard output.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2010
-# Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
##############################################################################
# Declarations and site configuration
@@ -158,7 +152,7 @@ __END__
=for stopwords
keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld
-auth Allbery rekeying
+auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense
=head1 NAME
@@ -215,6 +209,33 @@ standard output.
=back
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
=head1 SEE ALSO
kadmin.local(8), remctld(8)
@@ -222,8 +243,4 @@ kadmin.local(8), remctld(8)
This program is part of the wallet system. The current version is
available from L<http://www.eyrie.org/~eagle/software/wallet/>.
-=head1 AUTHOR
-
-Russ Allbery <rra@stanford.edu>
-
=cut
diff --git a/server/keytab-backend.8 b/server/keytab-backend.8
index 2ad3d61..4808d29 100644
--- a/server/keytab-backend.8
+++ b/server/keytab-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "KEYTAB-BACKEND 8"
-.TH KEYTAB-BACKEND 8 "2010-08-25" "0.12" "wallet"
+.TH KEYTAB-BACKEND 8 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,12 +174,34 @@ The temporary directory used for creating keytabs. \fBkeytab-backend\fR will
create the keytab in this directory, make sure that was successful, and
then delete the temporary file after the results have been sent to
standard output.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIkadmin.local\fR\|(8), \fIremctld\fR\|(8)
.PP
This program is part of the wallet system. The current version is
available from <http://www.eyrie.org/~eagle/software/wallet/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
diff --git a/server/wallet-admin b/server/wallet-admin
index f81c195..02982dc 100755
--- a/server/wallet-admin
+++ b/server/wallet-admin
@@ -1,11 +1,6 @@
#!/usr/bin/perl -w
#
-# wallet-admin -- Wallet server administrative commands.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
+# Wallet server administrative commands.
##############################################################################
# Declarations and site configuration
@@ -56,6 +51,9 @@ sub command {
} else {
die "only object or verifier is supported for register\n";
}
+ } elsif ($command eq 'upgrade') {
+ die "too many arguments to upgrade\n" if @args;
+ $admin->upgrade or die $admin->error, "\n";
} else {
die "unknown command $command\n";
}
@@ -67,13 +65,14 @@ __END__
# Documentation
##############################################################################
+=for stopwords
+metadata ACL hostname backend acl acls wildcard SQL Allbery verifier
+MERCHANTABILITY NONINFRINGEMENT sublicense
+
=head1 NAME
wallet-admin - Wallet server administrative commands
-=for stopwords
-metadata ACL hostname backend acl acls wildcard SQL Allbery
-
=head1 SYNOPSIS
B<wallet-admin> I<command> [I<args> ...]
@@ -133,8 +132,40 @@ default as part of database initialization, so this command is used
primarily to register local implementations of additional object types or
ACL schemes.
+=item upgrade
+
+Upgrades the database to the latest schema version, preserving data as
+much as possible.
+
=back
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
=head1 SEE ALSO
Wallet::Admin(3), Wallet::Config(3), wallet-backend(8)
@@ -142,8 +173,4 @@ Wallet::Admin(3), Wallet::Config(3), wallet-backend(8)
This program is part of the wallet system. The current version is
available from L<http://www.eyrie.org/~eagle/software/wallet/>.
-=head1 AUTHOR
-
-Russ Allbery <rra@stanford.edu>
-
=cut
diff --git a/server/wallet-admin.8 b/server/wallet-admin.8
index 295fce2..b03dbcc 100644
--- a/server/wallet-admin.8
+++ b/server/wallet-admin.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET-ADMIN 8"
-.TH WALLET-ADMIN 8 "2010-08-25" "0.12" "wallet"
+.TH WALLET-ADMIN 8 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -182,12 +182,38 @@ All object and \s-1ACL\s0 implementations that come with wallet are registered b
default as part of database initialization, so this command is used
primarily to register local implementations of additional object types or
\&\s-1ACL\s0 schemes.
+.IP "upgrade" 4
+.IX Item "upgrade"
+Upgrades the database to the latest schema version, preserving data as
+much as possible.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIWallet::Admin\fR\|(3), \fIWallet::Config\fR\|(3), \fIwallet\-backend\fR\|(8)
.PP
This program is part of the wallet system. The current version is
available from <http://www.eyrie.org/~eagle/software/wallet/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
diff --git a/server/wallet-backend b/server/wallet-backend
index 52e9857..fc3434e 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -1,11 +1,6 @@
#!/usr/bin/perl
#
-# wallet-backend -- Wallet server for storing and retrieving secure data.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
+# Wallet server for storing and retrieving secure data.
##############################################################################
# Declarations and site configuration
@@ -149,6 +144,14 @@ sub command {
if ($action eq 'add') {
check_args (3, 3, [3], @args);
$server->acl_add (@args) or failure ($server->error, @_);
+ } elsif ($action eq 'check') {
+ check_args (1, 1, [], @args);
+ my $status = $server->acl_check (@args);
+ if (!defined ($status)) {
+ failure ($server->error, @_);
+ } else {
+ print $status ? "yes\n" : "no\n";
+ }
} elsif ($action eq 'create') {
check_args (1, 1, [], @args);
$server->acl_create (@args) or failure ($server->error, @_);
@@ -191,6 +194,20 @@ sub command {
} else {
print $status ? "yes\n" : "no\n";
}
+ } elsif ($command eq 'comment') {
+ check_args (2, 3, [], @args);
+ if (@args > 2) {
+ $server->comment (@args) or failure ($server->error, @_);
+ } else {
+ my $output = $server->comment (@args);
+ if (defined $output) {
+ print $output, "\n";
+ } elsif (not $server->error) {
+ print "No comment set\n";
+ } else {
+ failure ($server->error, @_);
+ }
+ }
} elsif ($command eq 'create') {
check_args (2, 2, [], @args);
$server->create (@args) or failure ($server->error, @_);
@@ -318,7 +335,7 @@ __END__
=for stopwords
wallet-backend backend backend-specific remctld ACL acl timestamp getacl
setacl metadata keytab keytabs enctypes enctype ktadd KDC Allbery
-autocreate
+autocreate MERCHANTABILITY NONINFRINGEMENT sublicense
=head1 NAME
@@ -361,16 +378,17 @@ syslog.
=head1 COMMANDS
Most commands are only available to wallet administrators (users on the
-C<ADMIN> ACL). The exceptions are C<autocreate>, C<get>, C<store>,
-C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>, C<setattr>,
-and C<history>. All of those commands have their own ACLs except
-C<getattr> and C<history>, which use the C<show> ACL, and C<setattr>,
-which uses the C<store> ACL. If the appropriate ACL is set, it alone is
-checked to see if the user has access. Otherwise, C<get>, C<store>,
-C<show>, C<getattr>, C<setattr>, and C<history> access is permitted if the
-user is authorized by the owner ACL of the object. C<autocreate> is
-permitted if the user is listed in the default ACL for an object for that
-name.
+C<ADMIN> ACL). The exceptions are C<acl check>, C<check>, C<get>,
+C<store>, C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>,
+C<setattr>, and C<history>. C<acl check> and C<check> can be run by
+anyone. All of the rest of those commands have their own ACLs except
+C<getattr> and C<history>, which use the C<show> ACL, C<setattr>, which
+uses the C<store> ACL, and C<comment>, which uses the owner or C<show> ACL
+depending on whether one is setting or retrieving the comment. If the
+appropriate ACL is set, it alone is checked to see if the user has access.
+Otherwise, C<destroy>, C<get>, C<store>, C<show>, C<getattr>, C<setattr>,
+C<history>, and C<comment> access is permitted if the user is authorized
+by the owner ACL of the object.
Administrators can run any command on any object or ACL except for C<get>
and C<store>. For C<get> and C<store>, they must still be authorized by
@@ -379,8 +397,8 @@ either the appropriate specific ACL or the owner ACL.
If the locked flag is set on an object, no commands can be run on that
object that change data except the C<flags> commands, nor can the C<get>
command be used on that object. C<show>, C<history>, C<getacl>,
-C<getattr>, and C<owner> or C<expires> without an argument can still be
-used on that object.
+C<getattr>, and C<owner>, C<comment>, or C<expires> without an argument
+can still be used on that object.
For more information on attributes, see L<ATTRIBUTES>.
@@ -388,9 +406,14 @@ For more information on attributes, see L<ATTRIBUTES>.
=item acl add <id> <scheme> <identifier>
-Adds an entry with <scheme> and <identifier> to the ACL <id>. <id> may be
+Add an entry with <scheme> and <identifier> to the ACL <id>. <id> may be
either the name of an ACL or its numeric identifier.
+=item acl check <id>
+
+Check whether an ACL with the ID <id> already exists. If it does, prints
+C<yes>; if not, prints C<no>.
+
=item acl create <name>
Create a new, empty ACL with name <name>. When setting an ACL on an
@@ -437,6 +460,15 @@ object will be created with that default ACL set as the object owner.
Check whether an object of type <type> and name <name> already exists. If
it does, prints C<yes>; if not, prints C<no>.
+=item comment <type> <name> [<comment>]
+
+If <comment> is not given, displays the current comment for the object
+identified by <type> and <name>, or C<No comment set> if none is set.
+
+If <comment> is given, sets the comment on the object identified by
+<type> and <name> to <comment>. If <comment> is the empty string, clears
+the comment.
+
=item create <type> <name>
Create a new object of type <type> with name <name>. With some backends,
@@ -580,6 +612,33 @@ enctypes than those requested by this attribute.
=back
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
+Leland Stanford Junior University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
=head1 SEE ALSO
Wallet::Server(3), remctld(8)
@@ -587,8 +646,4 @@ Wallet::Server(3), remctld(8)
This program is part of the wallet system. The current version is
available from L<http://www.eyrie.org/~eagle/software/wallet/>.
-=head1 AUTHOR
-
-Russ Allbery <rra@stanford.edu>
-
=cut
diff --git a/server/wallet-backend.8 b/server/wallet-backend.8
index 1ecad1a..980455f 100644
--- a/server/wallet-backend.8
+++ b/server/wallet-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET-BACKEND 8"
-.TH WALLET-BACKEND 8 "2010-08-25" "0.12" "wallet"
+.TH WALLET-BACKEND 8 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,16 +161,17 @@ syslog.
.SH "COMMANDS"
.IX Header "COMMANDS"
Most commands are only available to wallet administrators (users on the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0). The exceptions are \f(CW\*(C`autocreate\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR,
-\&\f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
-and \f(CW\*(C`history\*(C'\fR. All of those commands have their own ACLs except
-\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`setattr\*(C'\fR,
-which uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0. If the appropriate \s-1ACL\s0 is set, it alone is
-checked to see if the user has access. Otherwise, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR,
-\&\f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR access is permitted if the
-user is authorized by the owner \s-1ACL\s0 of the object. \f(CW\*(C`autocreate\*(C'\fR is
-permitted if the user is listed in the default \s-1ACL\s0 for an object for that
-name.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0). The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check\*(C'\fR, \f(CW\*(C`get\*(C'\fR,
+\&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
+\&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
+anyone. All of the rest of those commands have their own ACLs except
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+depending on whether one is setting or retrieving the comment. If the
+appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
+Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
+\&\f(CW\*(C`history\*(C'\fR, and \f(CW\*(C`comment\*(C'\fR access is permitted if the user is authorized
+by the owner \s-1ACL\s0 of the object.
.PP
Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
@@ -179,14 +180,18 @@ either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
If the locked flag is set on an object, no commands can be run on that
object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
command be used on that object. \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`history\*(C'\fR, \f(CW\*(C`getacl\*(C'\fR,
-\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR or \f(CW\*(C`expires\*(C'\fR without an argument can still be
-used on that object.
+\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR, \f(CW\*(C`comment\*(C'\fR, or \f(CW\*(C`expires\*(C'\fR without an argument
+can still be used on that object.
.PP
For more information on attributes, see \s-1ATTRIBUTES\s0.
.IP "acl add <id> <scheme> <identifier>" 4
.IX Item "acl add <id> <scheme> <identifier>"
-Adds an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be
+Add an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be
either the name of an \s-1ACL\s0 or its numeric identifier.
+.IP "acl check <id>" 4
+.IX Item "acl check <id>"
+Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists. If it does, prints
+\&\f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR.
.IP "acl create <name>" 4
.IX Item "acl create <name>"
Create a new, empty \s-1ACL\s0 with name <name>. When setting an \s-1ACL\s0 on an
@@ -226,6 +231,14 @@ object will be created with that default \s-1ACL\s0 set as the object owner.
.IX Item "check <type> <name>"
Check whether an object of type <type> and name <name> already exists. If
it does, prints \f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR.
+.IP "comment <type> <name> [<comment>]" 4
+.IX Item "comment <type> <name> [<comment>]"
+If <comment> is not given, displays the current comment for the object
+identified by <type> and <name>, or \f(CW\*(C`No comment set\*(C'\fR if none is set.
+.Sp
+If <comment> is given, sets the comment on the object identified by
+<type> and <name> to <comment>. If <comment> is the empty string, clears
+the comment.
.IP "create <type> <name>" 4
.IX Item "create <type> <name>"
Create a new object of type <type> with name <name>. With some backends,
@@ -346,12 +359,34 @@ This attribute is ignored if the \f(CW\*(C`unchanging\*(C'\fR flag is set on a k
Keytabs retrieved with \f(CW\*(C`unchanging\*(C'\fR set will contain all keys present in
the \s-1KDC\s0 for that Kerberos principal and therefore may contain different
enctypes than those requested by this attribute.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
+Leland Stanford Junior University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8)
.PP
This program is part of the wallet system. The current version is
available from <http://www.eyrie.org/~eagle/software/wallet/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
diff --git a/server/wallet-report b/server/wallet-report
index 98fd07a..87755b8 100755
--- a/server/wallet-report
+++ b/server/wallet-report
@@ -1,11 +1,6 @@
#!/usr/bin/perl -w
#
-# wallet-report -- Wallet server reporting interface.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
-#
-# See LICENSE for licensing terms.
+# Wallet server reporting interface.
##############################################################################
# Declarations and globals
@@ -31,6 +26,7 @@ Wallet reporting help:
objects owner <owner> Objects owned by that owner
objects type <type> Objects of that type
objects unused Objects that have never been stored/gotten
+ owners <type> <name> All ACL entries owning matching objects
EOH
##############################################################################
@@ -112,6 +108,7 @@ wallet-report - Wallet server reporting interface
=for stopwords
metadata ACL hostname backend acl acls wildcard SQL Allbery remctl
+MERCHANTABILITY NONINFRINGEMENT sublicense
=head1 SYNOPSIS
@@ -278,6 +275,33 @@ with duplicates suppressed.
=back
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2008, 2009, 2010, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
=head1 SEE ALSO
Wallet::Config(3), Wallet::Report(3), wallet-backend(8)
@@ -285,8 +309,4 @@ Wallet::Config(3), Wallet::Report(3), wallet-backend(8)
This program is part of the wallet system. The current version is
available from L<http://www.eyrie.org/~eagle/software/wallet/>.
-=head1 AUTHOR
-
-Russ Allbery <rra@stanford.edu>
-
=cut
diff --git a/server/wallet-report.8 b/server/wallet-report.8
index 0600736..003bafb 100644
--- a/server/wallet-report.8
+++ b/server/wallet-report.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET-REPORT 8"
-.TH WALLET-REPORT 8 "2010-08-25" "0.12" "wallet"
+.TH WALLET-REPORT 8 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -291,12 +291,34 @@ The output will be one line per \s-1ACL\s0 line in the form:
.Ve
.Sp
with duplicates suppressed.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2008, 2009, 2010, 2013 The Board of Trustees of the Leland
+Stanford Junior University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIWallet::Config\fR\|(3), \fIWallet::Report\fR\|(3), \fIwallet\-backend\fR\|(8)
.PP
This program is part of the wallet system. The current version is
available from <http://www.eyrie.org/~eagle/software/wallet/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
diff --git a/tests/HOWTO b/tests/HOWTO
new file mode 100644
index 0000000..5d38748
--- /dev/null
+++ b/tests/HOWTO
@@ -0,0 +1,248 @@
+ Writing TAP Tests
+
+Introduction
+
+ This is a guide for users of the C TAP Harness package or similar
+ TAP-based test harnesses explaining how to write tests. If your
+ package uses C TAP Harness as the test suite driver, you may want to
+ copy this document to an appropriate file name in your test suite as
+ documentation for contributors.
+
+About TAP
+
+ TAP is the Test Anything Protocol, a protocol for communication
+ between test cases and a test harness. This is the protocol used by
+ Perl for its internal test suite and for nearly all Perl modules,
+ since it's the format used by the build tools for Perl modules to run
+ tests and report their results.
+
+ A TAP-based test suite works with a somewhat different set of
+ assumptions than an xUnit test suite. In TAP, each test case is a
+ separate program. That program, when run, must produce output in the
+ following format:
+
+ 1..4
+ ok 1 - the first test
+ ok 2
+ # a diagnostic, ignored by the harness
+ not ok 3 - a failing test
+ ok 4 # skip a skipped test
+
+ The output should all go to standard output. The first line specifies
+ the number of tests to be run, and then each test produces output that
+ looks like either "ok <n>" or "not ok <n>" depending on whether the
+ test succeeded or failed. Additional information about the test can
+ be provided after the "ok <n>" or "not ok <n>", but is optional.
+ Additional diagnostics and information can be provided in lines
+ beginning with a "#".
+
+ Processing directives are supported after the "ok <n>" or "not ok <n>"
+ and start with a "#". The main one of interest is "# skip" which says
+ that the test was skipped rather than successful and optionally gives
+ the reason. Also supported is "# todo", which normally annotates a
+ failing test and indicates that test is expected to fail, optionally
+ providing a reason for why.
+
+ There are three more special cases. First, the initial line stating
+ the number of tests to run, called the plan, may appear at the end of
+ the output instead of the beginning. This can be useful if the number
+ of tests to run is not known in advance. Second, a plan in the form:
+
+ 1..0 # skip entire test case skipped
+
+ can be given instead, which indicates that this entire test case has
+ been skipped (generally because it depends on facilities or optional
+ configuration which is not present). Finally, if the test case
+ encounters a fatal error, it should print the text:
+
+ Bail out!
+
+ on standard output, optionally followed by an error message, and then
+ exit. This tells the harness that the test aborted unexpectedly.
+
+ The exit status of a successful test case should always be 0. The
+ harness will report the test as "dubious" if all the tests appeared to
+ succeed but it exited with a non-zero status.
+
+Writing TAP Tests
+
+ Environment
+
+ One of the special features of C TAP Harness is the environment that
+ it sets up for your test cases. If your test program is called under
+ the runtests driver, the environment variables SOURCE and BUILD will
+ be set to the top of the test directory in the source tree and the top
+ of the build tree, respectively. You can use those environment
+ variables to locate additional test data, programs and libraries built
+ as part of your software build, and other supporting information
+ needed by tests.
+
+ The C and shell TAP libraries support a test_file_path() function,
+ which looks for a file under the build tree and then under the source
+ tree, using the BUILD and SOURCE environment variables, and return the
+ full path to the file. This can be used to locate supporting data
+ files.
+
+ Perl
+
+ Since TAP is the native test framework for Perl, writing TAP tests in
+ Perl is very easy and extremely well-supported. If you've never
+ written tests in Perl before, start by reading the documentation for
+ Test::Tutorial and Test::Simple, which walks you through the basics,
+ including the TAP output syntax. Then, the best Perl module to use
+ for serious testing is Test::More, which provides a lot of additional
+ functions over Test::Simple including support for skipping tests,
+ bailing out, and not planning tests in advance. See the documentation
+ of Test::More for all the details and lots of examples.
+
+ C TAP Harness can run Perl test scripts directly and interpret the
+ results correctly, and similarly the Perl Test::Harness module and
+ prove command can run TAP tests written in other languages using, for
+ example, the TAP library that comes with C TAP Harness. You can, if
+ you wish, use the library that comes with C TAP Harness but use prove
+ instead of runtests for running the test suite.
+
+ C
+
+ C TAP Harness provides a basic TAP library that takes away most of the
+ pain of writing TAP test cases in C. A C test case should start with
+ a call to plan(), passing in the number of tests to run. Then, each
+ test should use is_int(), is_string(), is_double(), or is_hex() as
+ appropriate to compare expected and seen values, or ok() to do a
+ simpler boolean test. The is_*() functions take expected and seen
+ values and then a printf-style format string explaining the test
+ (which may be NULL). ok() takes a boolean and then the printf-style
+ string.
+
+ Here's a complete example test program that uses the C TAP library:
+
+ #include <stddef.h>
+ #include <tap/basic.h>
+
+ int
+ main(void)
+ {
+ plan(4);
+
+ ok(1, "the first test");
+ is_int(42, 42, NULL);
+ diag("a diagnostic, ignored by the harness");
+ ok(0, "a failing test");
+ skip("a skipped test");
+
+ return 0;
+ }
+
+ This test program produces the output shown above in the section on
+ TAP and demonstrates most of the functions. The other functions of
+ interest are sysdiag() (like diag() but adds strerror() results),
+ bail() and sysbail() for fatal errors, skip_block() to skip a whole
+ block of tests, and skip_all() which is called instead of plan() to
+ skip an entire test case.
+
+ The C TAP library also provides plan_lazy(), which can be called
+ instead of plan(). If plan_lazy() is called, the library will keep
+ track of how many test results are reported and will print out the
+ plan at the end of execution of the program. This should normally be
+ avoided since the test may appear to be successful even if it exits
+ prematurely, but it can make writing tests easier in some
+ circumstances.
+
+ Complete API documentation for the basic C TAP library that comes with
+ C TAP Harness is available at:
+
+ <http://www.eyrie.org/~eagle/software/c-tap-harness/>
+
+ It's common to need additional test functions and utility functions
+ for your C tests, particularly if you have to set up and tear down a
+ test environment for your test programs, and it's useful to have them
+ all in the libtap library so that you only have to link your test
+ programs with one library. Rather than editing tap/basic.c and
+ tap/basic.h to add those additional functions, add additional *.c and
+ *.h files into the tap directory with the function implementations and
+ prototypes, and then add those additional objects to the library.
+ That way, you can update tap/basic.c and tap/basic.h from subsequent
+ releases of C TAP Harness without having to merge changes with your
+ own code.
+
+ Libraries of additional useful TAP test functions are available in
+ rra-c-util at:
+
+ <http://www.eyrie.org/~eagle/software/rra-c-util/>
+
+ Some of the code there is particularly useful when testing programs
+ that require Kerberos keys.
+
+ If you implement new test functions that compare an expected and seen
+ value, it's best to name them is_<something> and take the expected
+ value, the seen value, and then a printf-style format string and
+ possible arguments to match the calling convention of the functions
+ provided by C TAP Harness.
+
+ Shell
+
+ C TAP Harness provides a library of shell functions to make it easier
+ to write TAP tests in shell. That library includes much of the same
+ functionality as the C TAP library, but takes its parameters in a
+ somewhat different order to make better use of shell features.
+
+ The libtap.sh file should be installed in a directory named tap in
+ your test suite area. It can then be loaded by tests written in shell
+ using the environment set up by runtests with:
+
+ . "$SOURCE"/tap/libtap.sh
+
+ Here is a complete test case written in shell which produces the same
+ output as the TAP sample above:
+
+ #!/bin/sh
+
+ . "$SOURCE"/tap/libtap.sh
+ cd "$BUILD"
+
+ plan 4
+ ok 'the first test' true
+ ok '' [ 42 -eq 42 ]
+ diag a diagnostic, ignored by the harness
+ ok '' false
+ skip 'a skipped test'
+
+ The shell framework doesn't provide the is_* functions, so you'll use
+ the ok function more. It takes a string describing the text and then
+ treats all of its remaining arguments as a condition, evaluated the
+ same way as the arguments to the "if" statement. If that condition
+ evaluates to true, the test passes; otherwise, the test fails.
+
+ The plan, plan_lazy, diag, and bail functions work the same as with
+ the C library. skip takes a string and skips the next test with that
+ explanation. skip_block takes a count and a string and skips that
+ many tests with that explanation. skip_all takes an optional reason
+ and skips the entire test case.
+
+ Since it's common for shell programs to want to test the output of
+ commands, there's an additional function ok_program provided by the
+ shell test library. It takes the test description string, the
+ expected exit status, the expected program output, and then treats the
+ rest of its arguments as the program to run. That program is run with
+ standard error and standard output combined, and then its exit status
+ and output are tested against the provided values.
+
+ A utility function, strip_colon_error, is provided that runs the
+ command given as its arguments and strips text following a colon and a
+ space from the output (unless there is no whitespace on the line
+ before the colon and the space, normally indicating a prefix of the
+ program name). This function can be used to wrap commands that are
+ expected to fail with output that has a system- or locale-specific
+ error message appended, such as the output of strerror().
+
+License
+
+ This file is part of the documentation of C TAP Harness, which can be
+ found at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
+
+ Copyright 2010 Russ Allbery <rra@stanford.edu>
+
+ Copying and distribution of this file, with or without modification,
+ are permitted in any medium without royalty provided the copyright
+ notice and this notice are preserved. This file is offered as-is,
+ without any warranty.
diff --git a/tests/TESTS b/tests/TESTS
index 54b8190..807d944 100644
--- a/tests/TESTS
+++ b/tests/TESTS
@@ -13,7 +13,6 @@ portable/strlcpy
server/admin
server/backend
server/keytab
-util/concat
util/messages
util/messages-krb5
util/xmalloc
diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in
index 11f0bce..836f394 100644
--- a/tests/client/basic-t.in
+++ b/tests/client/basic-t.in
@@ -4,7 +4,7 @@
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2006, 2007, 2008, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/tests/client/full-t.in b/tests/client/full-t.in
index ce2789d..ebdba03 100644
--- a/tests/client/full-t.in
+++ b/tests/client/full-t.in
@@ -3,7 +3,8 @@
# End-to-end tests for the wallet client.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -56,19 +57,19 @@ chdir "$ENV{SOURCE}" or die "Cannot chdir to $ENV{SOURCE}: $!\n";
SKIP: {
skip 'no keytab configuration', $total
- unless -f "$ENV{BUILD}/data/test.keytab";
+ unless -f "$ENV{BUILD}/config/keytab";
my $remctld = '@REMCTLD@';
skip 'remctld not found', $total unless $remctld;
# Spawn remctld and get local tickets. Don't destroy the user's Kerberos
# ticket cache.
unlink ('krb5cc_test', 'test-pid');
- my $principal = contents ("$ENV{BUILD}/data/test.principal");
+ my $principal = contents ("$ENV{BUILD}/config/principal");
remctld_spawn ($remctld, $principal,
- "$ENV{BUILD}/data/test.keytab",
+ "$ENV{BUILD}/config/keytab",
"$ENV{SOURCE}/data/full.conf");
$ENV{KRB5CCNAME} = 'krb5cc_test';
- getcreds ("$ENV{BUILD}/data/test.keytab", $principal);
+ getcreds ("$ENV{BUILD}/config/keytab", $principal);
# Use Wallet::Admin to set up the database.
db_setup;
diff --git a/tests/client/prompt-t.in b/tests/client/prompt-t.in
index 1d8b079..06991cc 100644
--- a/tests/client/prompt-t.in
+++ b/tests/client/prompt-t.in
@@ -3,7 +3,8 @@
# Password prompting tests for the wallet client.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
@@ -21,11 +22,11 @@ chdir "$ENV{SOURCE}" or die "Cannot chdir to $ENV{SOURCE}: $!\n";
SKIP: {
skip 'no password configuration', $total
- unless -f "$ENV{BUILD}/data/test.password";
+ unless -f "$ENV{BUILD}/config/password";
my $remctld = '@REMCTLD@';
skip 'remctld not found', $total unless $remctld;
eval { require Expect };
- skip 'Exepct module not found', $total if $@;
+ skip 'Expect module not found', $total if $@;
# Disable sending of wallet's output to our standard output. Do this
# twice to avoid Perl warnings.
@@ -34,14 +35,14 @@ SKIP: {
# Spawn remctld and set up with a different ticket cache.
unlink ('krb5cc_test', 'test-pid');
- my $principal = contents ("$ENV{BUILD}/data/test.principal");
- remctld_spawn ($remctld, $principal, "$ENV{BUILD}/data/test.keytab",
+ my $principal = contents ("$ENV{BUILD}/config/principal");
+ remctld_spawn ($remctld, $principal, "$ENV{BUILD}/config/keytab",
"$ENV{SOURCE}/data/basic.conf");
$ENV{KRB5CCNAME} = 'krb5cc_test';
# Read in the principal and password.
- open (PASS, '<', "$ENV{BUILD}/data/test.password")
- or die "Cannot open $ENV{BUILD}/data/test.password: $!\n";
+ open (PASS, '<', "$ENV{BUILD}/config/password")
+ or die "Cannot open $ENV{BUILD}/config/password: $!\n";
my $user = <PASS>;
my $password = <PASS>;
close PASS;
diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in
index 390a362..0cfcb5d 100644
--- a/tests/client/rekey-t.in
+++ b/tests/client/rekey-t.in
@@ -4,7 +4,7 @@
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2006, 2007, 2008, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/tests/config/README b/tests/config/README
new file mode 100644
index 0000000..cedaccf
--- /dev/null
+++ b/tests/config/README
@@ -0,0 +1,43 @@
+This directory contains configuration required to run the complete wallet
+test suite. If there is no configuration in this directory, some of the
+tests will be skipped. To enable the full test suite, create the
+following files:
+
+keytab
+
+ A valid Kerberos keytab for a principal, preferrably in your local
+ realm. This will be used to test network interactions that require
+ Kerberos authentication.
+
+principal
+
+ The name of the Kerberos principal whose keys are stored in keytab.
+
+password
+
+ This file should contain two lines. The first line is the
+ fully-qualified principal (including the realm) of a Kerberos
+ principal to use for testing authentication. The second line is
+ the password for that principal. The realm of the principal must
+ be configured in your system krb5.conf file or in DNS configuration
+ picked up by your Kerberos libraries and must be in the same realm as
+ the keytab above or have valid cross-realm trust to it.
+
+If you are building in a different directory tree than the source tree,
+don't put the files in this directory. Instead, after running configure,
+you will have an empty tests/config directory in your build tree. Put the
+keytab and principal files in that directory instead.
+
+If your krb5.conf file is not in /etc or /usr/local/etc, put a copy of
+your krb5.conf file in the tests/data directory. The tests need to
+generate a modified copy in order to test some behavior.
+
+-----
+
+Copyright 2013
+ The Board of Trustees of the Leland Stanford Junior University
+
+Copying and distribution of this file, with or without modification, are
+permitted in any medium without royalty provided the copyright notice and
+this notice are preserved. This file is offered as-is, without any
+warranty.
diff --git a/tests/data/README b/tests/data/README
deleted file mode 100644
index f5ebf07..0000000
--- a/tests/data/README
+++ /dev/null
@@ -1,33 +0,0 @@
-This directory contains data used by wallet's test suite. To enable tests
-that require GSS-API authentication and a working end-to-end Kerberos
-environment, create the K5 keytab that will be used for both the server
-and the client and put it in this directory as test.keytab. Then, create
-a file named test.principal and in it put the principal name corresponding
-to the key in the keytab on a single line ending with a newline.
-
-The presence of these two files will enable the tests that actually do
-GSS-API authentication.
-
-If your krb5.conf file is not in /etc or /usr/local/etc, put a copy of
-your krb5.conf file in this directory. The tests need to generate a
-modified copy in order to test some behavior.
-
-To enable tests of password prompting, create a file named test.password
-that contains two lines. The first line should be a test principal and
-the second line should be the password for that principal. The newline is
-not taken to be part of the password.
-
-To enable tests of kasetkey (assuming that you've configured wallet with
---with-afs), create a K4 srvtab with ADMIN access to an AFS kaserver and
-put it in test.srvtab. Then, put the fully-qualified K4 principal name
-corresponding to that keytab in test.admin. The realm used for AFS
-kaserver testing will be derived from the realm of that principal name.
-
-If you are building in a different directory tree than the source tree,
-don't put the files in this directory. Instead, after running configure,
-you will have an empty tests/data directory in your build tree. Put the
-test.keytab, test.principal, and krb5.conf (if necessary) files in that
-directory instead.
-
-Note that to successfully run much of the test suite, you will need to have
-remctld installed on the system running the tests.
diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake
index add72fc..11791a6 100755
--- a/tests/data/cmd-fake
+++ b/tests/data/cmd-fake
@@ -4,7 +4,9 @@
# the client test suite. It doesn't test any of the wallet server code.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007, 2008, 2010
+# The Board of Trustees of the Leland Stanford Junior University
+#
# See LICENSE for licensing terms.
command="$1"
diff --git a/tests/data/fake-kadmin b/tests/data/fake-kadmin
index 4c0ceac..c073ea5 100755
--- a/tests/data/fake-kadmin
+++ b/tests/data/fake-kadmin
@@ -3,7 +3,8 @@
# Fake kadmin.local used to test the keytab backend.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2007
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/tests/data/perl.conf b/tests/data/perl.conf
new file mode 100644
index 0000000..eaf7443
--- /dev/null
+++ b/tests/data/perl.conf
@@ -0,0 +1,6 @@
+# Configuration for Perl tests. -*- perl -*-
+
+# No special configuration yet.
+
+# File must end with this line.
+1;
diff --git a/tests/data/wallet.conf b/tests/data/wallet.conf
index 877a16f..19c3aeb 100644
--- a/tests/data/wallet.conf
+++ b/tests/data/wallet.conf
@@ -4,6 +4,9 @@
$DB_DRIVER = 'SQLite';
$DB_INFO = 'wallet-db';
+# Point to the schema directory in the distribution.
+$DB_DDL_DIRECTORY = "$ENV{SOURCE}/sql";
+
# Set up a file bucket.
$FILE_BUCKET = 'test-files';
diff --git a/tests/docs/pod-spelling-t b/tests/docs/pod-spelling-t
index eaa7dd6..e1a95cd 100755
--- a/tests/docs/pod-spelling-t
+++ b/tests/docs/pod-spelling-t
@@ -1,80 +1,52 @@
#!/usr/bin/perl
#
-# Check for spelling errors in POD documentation
+# Checks all POD files in the tree for spelling errors using Test::Spelling.
+# This test is disabled unless RRA_MAINTAINER_TESTS is set, since spelling
+# dictionaries vary too much between environments.
#
-# Checks all POD files in the tree for spelling problems using Pod::Spell and
-# either aspell or ispell. aspell is preferred. This test is disabled unless
-# RRA_MAINTAINER_TESTS is set, since spelling dictionaries vary too much
-# between environments.
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
#
-# Copyright 2008, 2009 Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
#
-# See LICENSE for licensing terms.
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+use 5.006;
use strict;
-use Test::More;
+use warnings;
-# Skip all spelling tests unless the maintainer environment variable is set.
-plan skip_all => 'spelling tests only run for maintainer'
- unless $ENV{RRA_MAINTAINER_TESTS};
+use lib "$ENV{SOURCE}/tap/perl";
+
+use Test::More;
+use Test::RRA qw(skip_unless_maintainer use_prereq);
+use Test::RRA::Automake qw(automake_setup perl_dirs);
-# Load required Perl modules.
-eval 'use Test::Pod 1.00';
-plan skip_all => 'Test::Pod 1.00 required for testing POD' if $@;
-eval 'use Pod::Spell';
-plan skip_all => 'Pod::Spell required to test POD spelling' if $@;
+# Only run this test for the maintainer.
+skip_unless_maintainer('Spelling tests');
-# Locate a spell-checker. hunspell is not currently supported due to its lack
-# of support for contractions (at least in the version in Debian).
-my @spell;
-my %options = (aspell => [ qw(-d en_US --home-dir=./ list) ],
- ispell => [ qw(-d american -l -p /dev/null) ]);
-SEARCH: for my $program (qw/aspell ispell/) {
- for my $dir (split ':', $ENV{PATH}) {
- if (-x "$dir/$program") {
- @spell = ("$dir/$program", @{ $options{$program} });
- }
- last SEARCH if @spell;
- }
-}
-plan skip_all => 'aspell or ispell required to test POD spelling'
- unless @spell;
+# Load prerequisite modules.
+use_prereq('Test::Spelling');
-# Prerequisites are satisfied, so we're going to do some testing. Figure out
-# what POD files we have and from that develop our plan.
-$| = 1;
-my @pod = map {
- my $pod = "$ENV{SOURCE}/../" . $_;
- $pod =~ s,[^/.][^/]*/../,,g;
- $pod;
-} qw(client/wallet.pod client/wallet-rekey.pod server/keytab-backend
- server/wallet-admin server/wallet-backend server/wallet-report);
-plan tests => scalar @pod;
+# Set up Automake testing.
+automake_setup();
-# Finally, do the checks.
-for my $pod (@pod) {
- my $child = open (CHILD, '-|');
- if (not defined $child) {
- BAIL_OUT ("cannot fork: $!");
- } elsif ($child == 0) {
- my $pid = open (SPELL, '|-', @spell)
- or BAIL_OUT ("cannot run @spell: $!");
- open (POD, '<', $pod) or BAIL_OUT ("cannot open $pod: $!");
- my $parser = Pod::Spell->new;
- $parser->parse_from_filehandle (\*POD, \*SPELL);
- close POD;
- close SPELL;
- exit ($? >> 8);
- } else {
- my @words = <CHILD>;
- close CHILD;
- SKIP: {
- skip "@spell failed for $pod", 1 unless $? == 0;
- for (@words) {
- s/^\s+//;
- s/\s+$//;
- }
- is ("@words", '', $pod);
- }
- }
-}
+# Run the tests.
+all_pod_files_spelling_ok(perl_dirs());
diff --git a/tests/docs/pod-t b/tests/docs/pod-t
index e25ade2..2743287 100755
--- a/tests/docs/pod-t
+++ b/tests/docs/pod-t
@@ -1,22 +1,48 @@
#!/usr/bin/perl -w
#
-# Test POD formatting for documentation.
+# Check all POD documents in the tree, except for any embedded Perl module
+# distribution, for POD formatting errors.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2012, 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
#
-# See LICENSE for licensing terms.
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+use 5.006;
use strict;
+use warnings;
+
+use lib "$ENV{SOURCE}/tap/perl";
+
use Test::More;
-eval 'use Test::Pod 1.00';
-plan skip_all => 'Test::Pod 1.00 required for testing POD' if $@;
+use Test::RRA qw(use_prereq);
+use Test::RRA::Automake qw(automake_setup perl_dirs);
+
+# Load prerequisite modules.
+use_prereq('Test::Pod');
+
+# Set up Automake testing.
+automake_setup();
-my @files = qw(client/wallet.pod client/wallet-rekey.pod server/keytab-backend
- server/wallet-admin server/wallet-backend
- server/wallet-report);
-my $total = scalar (@files);
-plan tests => $total;
-for my $file (@files) {
- pod_file_ok ("$ENV{SOURCE}/../$file", $file);
-}
+# Run the tests.
+all_pod_files_ok(perl_dirs());
diff --git a/tests/portable/asprintf-t.c b/tests/portable/asprintf-t.c
index 04fbd1b..4513a85 100644
--- a/tests/portable/asprintf-t.c
+++ b/tests/portable/asprintf-t.c
@@ -1,11 +1,18 @@
/*
* asprintf and vasprintf test suite.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2008, 2009
- * Board of Trustees, Leland Stanford Jr. University
*
- * See LICENSE for licensing terms.
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/tests/portable/mkstemp-t.c b/tests/portable/mkstemp-t.c
index 54701f7..98c708e 100644
--- a/tests/portable/mkstemp-t.c
+++ b/tests/portable/mkstemp-t.c
@@ -1,11 +1,18 @@
/*
* mkstemp test suite.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2002, 2004, 2008, 2009
- * Board of Trustees, Leland Stanford Jr. University
*
- * See LICENSE for licensing terms.
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/tests/portable/setenv-t.c b/tests/portable/setenv-t.c
index 5bc59ce..a1aecb5 100644
--- a/tests/portable/setenv-t.c
+++ b/tests/portable/setenv-t.c
@@ -1,14 +1,18 @@
/*
* setenv test suite.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/tests/portable/snprintf-t.c b/tests/portable/snprintf-t.c
index fd4c228..927de96 100644
--- a/tests/portable/snprintf-t.c
+++ b/tests/portable/snprintf-t.c
@@ -1,14 +1,20 @@
/*
* snprintf test suite.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006
+ * Russ Allbery <rra@stanford.edu>
+ * Copyright 2009, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
+ * Copyright 1995 Patrick Powell
+ * Copyright 2001 Hrvoje Niksic
*
- * See LICENSE for licensing terms.
+ * This code is based on code written by Patrick Powell (papowell@astart.com)
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions
*/
#include <config.h>
@@ -110,7 +116,7 @@ test_format(bool trunc, const char *expected, int count,
int
main(void)
{
- int n, i, count;
+ int i, count;
unsigned int j;
long lcount;
char lgbuf[128];
@@ -153,7 +159,6 @@ main(void)
is_int(31, lcount, "correct output from long %%ln");
test_format(true, "(null)", 6, "%s", NULL);
- n = 26;
for (i = 0; fp_formats[i] != NULL; i++)
for (j = 0; j < ARRAY_SIZE(fp_nums); j++) {
count = sprintf(lgbuf, fp_formats[i], fp_nums[j]);
diff --git a/tests/portable/strlcat-t.c b/tests/portable/strlcat-t.c
index e02c277..54d0d40 100644
--- a/tests/portable/strlcat-t.c
+++ b/tests/portable/strlcat-t.c
@@ -1,14 +1,18 @@
/*
* strlcat test suite.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/tests/portable/strlcpy-t.c b/tests/portable/strlcpy-t.c
index ba224ba..26aa8f2 100644
--- a/tests/portable/strlcpy-t.c
+++ b/tests/portable/strlcpy-t.c
@@ -1,14 +1,18 @@
/*
* strlcpy test suite.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#include <config.h>
diff --git a/tests/runtests.c b/tests/runtests.c
index ab77629..4249875 100644
--- a/tests/runtests.c
+++ b/tests/runtests.c
@@ -3,14 +3,15 @@
*
* Usage:
*
- * runtests <test-list>
+ * runtests [-b <build-dir>] [-s <source-dir>] <test-list>
+ * runtests -o [-b <build-dir>] [-s <source-dir>] <test>
*
- * Expects a list of executables located in the given file, one line per
- * executable. For each one, runs it as part of a test suite, reporting
- * results. Test output should start with a line containing the number of
- * tests (numbered from 1 to this number), optionally preceded by "1..",
- * although that line may be given anywhere in the output. Each additional
- * line should be in the following format:
+ * In the first case, expects a list of executables located in the given file,
+ * one line per executable. For each one, runs it as part of a test suite,
+ * reporting results. Test output should start with a line containing the
+ * number of tests (numbered from 1 to this number), optionally preceded by
+ * "1..", although that line may be given anywhere in the output. Each
+ * additional line should be in the following format:
*
* ok <number>
* not ok <number>
@@ -39,10 +40,21 @@
* This is a subset of TAP as documented in Test::Harness::TAP or
* TAP::Parser::Grammar, which comes with Perl.
*
+ * If the -o option is given, instead run a single test and display all of its
+ * output. This is intended for use with failing tests so that the person
+ * running the test suite can get more details about what failed.
+ *
+ * If built with the C preprocessor symbols SOURCE and BUILD defined, C TAP
+ * Harness will export those values in the environment so that tests can find
+ * the source and build directory and will look for tests under both
+ * directories. These paths can also be set with the -b and -s command-line
+ * options, which will override anything set at build time.
+ *
* Any bug reports, bug fixes, and improvements are very much welcome and
- * should be sent to the e-mail address below.
+ * should be sent to the e-mail address below. This program is part of C TAP
+ * Harness <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
*
- * Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010
+ * Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010, 2011
* Russ Allbery <rra@stanford.edu>
*
* Permission is hereby granted, free of charge, to any person obtaining a
@@ -64,6 +76,13 @@
* DEALINGS IN THE SOFTWARE.
*/
+/* Required for fdopen(), getopt(), and putenv(). */
+#if defined(__STRICT_ANSI__) || defined(PEDANTIC)
+# ifndef _XOPEN_SOURCE
+# define _XOPEN_SOURCE 500
+# endif
+#endif
+
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
@@ -71,6 +90,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
@@ -133,10 +153,10 @@ struct testset {
unsigned long skipped; /* Count of skipped tests (passed). */
unsigned long allocated; /* The size of the results table. */
enum test_status *results; /* Table of results by test number. */
- int aborted; /* Whether the set as aborted. */
+ unsigned int aborted; /* Whether the set as aborted. */
int reported; /* Whether the results were reported. */
int status; /* The exit status of the test. */
- int all_skipped; /* Whether all tests were skipped. */
+ unsigned int all_skipped; /* Whether all tests were skipped. */
char *reason; /* Why all tests were skipped. */
};
@@ -147,6 +167,23 @@ struct testlist {
};
/*
+ * Usage message. Should be used as a printf format with two arguments: the
+ * path to runtests, given twice.
+ */
+static const char usage_message[] = "\
+Usage: %s [-b <build-dir>] [-s <source-dir>] <test-list>\n\
+ %s -o [-b <build-dir>] [-s <source-dir>] <test>\n\
+\n\
+Options:\n\
+ -b <build-dir> Set the build directory to <build-dir>\n\
+ -o Run a single test rather than a list of tests\n\
+ -s <source-dir> Set the source directory to <source-dir>\n\
+\n\
+runtests normally runs each test listed in a file whose path is given as\n\
+its command-line argument. With the -o option, it instead runs a single\n\
+test and shows its complete output.\n";
+
+/*
* Header used for test output. %s is replaced by the file name of the list
* of tests.
*/
@@ -367,7 +404,9 @@ test_plan(const char *line, struct testset *ts)
* Get the count, check it for validity, and initialize the struct. If we
* have something of the form "1..0 # skip foo", the whole file was
* skipped; record that. If we do skip the whole file, zero out all of
- * our statistics, since they're no longer relevant.
+ * our statistics, since they're no longer relevant. strtol is called
+ * with a second argument to advance the line pointer past the count to
+ * make it simpler to detect the # skip case.
*/
n = strtol(line, (char **) &line, 10);
if (n == 0) {
@@ -437,6 +476,7 @@ test_checkline(const char *line, struct testset *ts)
char *end;
long number;
unsigned long i, current;
+ int outlen;
/* Before anything, check for a test abort. */
bail = strstr(line, "Bail out!");
@@ -557,7 +597,8 @@ test_checkline(const char *line, struct testset *ts)
ts->results[current - 1] = status;
test_backspace(ts);
if (isatty(STDOUT_FILENO)) {
- ts->length = printf("%lu/%lu", current, ts->count);
+ outlen = printf("%lu/%lu", current, ts->count);
+ ts->length = (outlen >= 0) ? outlen : 0;
fflush(stdout);
}
}
@@ -565,23 +606,20 @@ test_checkline(const char *line, struct testset *ts)
/*
* Print out a range of test numbers, returning the number of characters it
- * took up. Add a comma and a space before the range if chars indicates that
+ * took up. Takes the first number, the last number, the number of characters
+ * already printed on the line, and the limit of number of characters the line
+ * can hold. Add a comma and a space before the range if chars indicates that
* something has already been printed on the line, and print ... instead if
* chars plus the space needed would go over the limit (use a limit of 0 to
- * disable this.
+ * disable this).
*/
static unsigned int
test_print_range(unsigned long first, unsigned long last, unsigned int chars,
unsigned int limit)
{
unsigned int needed = 0;
- unsigned int out = 0;
unsigned long n;
- if (chars > 0) {
- needed += 2;
- if (!limit || chars <= limit) out += printf(", ");
- }
for (n = first; n > 0; n /= 10)
needed++;
if (last > first) {
@@ -589,15 +627,26 @@ test_print_range(unsigned long first, unsigned long last, unsigned int chars,
needed++;
needed++;
}
- if (limit && chars + needed > limit) {
- if (chars <= limit)
- out += printf("...");
+ if (chars > 0)
+ needed += 2;
+ if (limit > 0 && chars + needed > limit) {
+ needed = 0;
+ if (chars <= limit) {
+ if (chars > 0) {
+ printf(", ");
+ needed += 2;
+ }
+ printf("...");
+ needed += 3;
+ }
} else {
+ if (chars > 0)
+ printf(", ");
if (last > first)
- out += printf("%lu-", first);
- out += printf("%lu", last);
+ printf("%lu-", first);
+ printf("%lu", last);
}
- return out;
+ return needed;
}
@@ -825,14 +874,14 @@ test_fail_summary(const struct testlist *fails)
last = i + 1;
else {
if (first != 0)
- chars += test_print_range(first, last, chars, 20);
+ chars += test_print_range(first, last, chars, 19);
first = i + 1;
last = i + 1;
}
}
}
if (first != 0)
- test_print_range(first, last, chars, 20);
+ test_print_range(first, last, chars, 19);
putchar('\n');
free(ts->file);
free(ts->path);
@@ -861,10 +910,17 @@ find_test(const char *name, struct testset *ts, const char *source,
const char *build)
{
char *path;
- const char *bases[] = { ".", build, source, NULL };
+ const char *bases[4];
unsigned int i;
- for (i = 0; bases[i] != NULL; i++) {
+ bases[0] = ".";
+ bases[1] = build;
+ bases[2] = source;
+ bases[3] = NULL;
+
+ for (i = 0; i < 3; i++) {
+ if (bases[i] == NULL)
+ continue;
path = xmalloc(strlen(bases[i]) + strlen(name) + 4);
sprintf(path, "%s/%s-t", bases[i], name);
if (access(path, X_OK) != 0)
@@ -993,6 +1049,7 @@ test_batch(const char *testlist, const char *source, const char *build)
failed += ts.failed;
}
total -= skipped;
+ fclose(tests);
/* Stop the timer and get our child resource statistics. */
gettimeofday(&end, NULL);
@@ -1060,17 +1117,23 @@ int
main(int argc, char *argv[])
{
int option;
+ int status = 0;
int single = 0;
- char *setting;
+ char *source_env = NULL;
+ char *build_env = NULL;
const char *list;
const char *source = SOURCE;
const char *build = BUILD;
- while ((option = getopt(argc, argv, "b:os:")) != EOF) {
+ while ((option = getopt(argc, argv, "b:hos:")) != EOF) {
switch (option) {
case 'b':
build = optarg;
break;
+ case 'h':
+ printf(usage_message, argv[0], argv[0]);
+ exit(0);
+ break;
case 'o':
single = 1;
break;
@@ -1081,36 +1144,46 @@ main(int argc, char *argv[])
exit(1);
}
}
- argc -= optind;
- argv += optind;
- if (argc != 1) {
- fprintf(stderr, "Usage: runtests <test-list>\n");
+ if (argc - optind != 1) {
+ fprintf(stderr, usage_message, argv[0], argv[0]);
exit(1);
}
+ argc -= optind;
+ argv += optind;
if (source != NULL) {
- setting = xmalloc(strlen("SOURCE=") + strlen(source) + 1);
- sprintf(setting, "SOURCE=%s", source);
- if (putenv(setting) != 0)
+ source_env = xmalloc(strlen("SOURCE=") + strlen(source) + 1);
+ sprintf(source_env, "SOURCE=%s", source);
+ if (putenv(source_env) != 0)
sysdie("cannot set SOURCE in the environment");
}
if (build != NULL) {
- setting = xmalloc(strlen("BUILD=") + strlen(build) + 1);
- sprintf(setting, "BUILD=%s", build);
- if (putenv(setting) != 0)
+ build_env = xmalloc(strlen("BUILD=") + strlen(build) + 1);
+ sprintf(build_env, "BUILD=%s", build);
+ if (putenv(build_env) != 0)
sysdie("cannot set BUILD in the environment");
}
- if (single) {
+ if (single)
test_single(argv[0], source, build);
- exit(0);
- } else {
+ else {
list = strrchr(argv[0], '/');
if (list == NULL)
list = argv[0];
else
list++;
printf(banner, list);
- exit(test_batch(argv[0], source, build) ? 0 : 1);
+ status = test_batch(argv[0], source, build) ? 0 : 1;
+ }
+
+ /* For valgrind cleanliness. */
+ if (source_env != NULL) {
+ putenv((char *) "SOURCE=");
+ free(source_env);
+ }
+ if (build_env != NULL) {
+ putenv((char *) "BUILD=");
+ free(build_env);
}
+ exit(status);
}
diff --git a/tests/server/admin-t b/tests/server/admin-t
index 5bde104..6846609 100755
--- a/tests/server/admin-t
+++ b/tests/server/admin-t
@@ -3,12 +3,13 @@
# Tests for the wallet-admin dispatch code.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010, 2011
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
use strict;
-use Test::More tests => 36;
+use Test::More tests => 42;
# Create a dummy class for Wallet::Admin that prints what method was called
# with its arguments and returns data for testing.
@@ -57,6 +58,12 @@ sub register_verifier {
return 1;
}
+sub upgrade {
+ print "upgrade\n";
+ return if $error;
+ return 1;
+}
+
# Back to the main package and the actual test suite. Lie about whether the
# Wallet::Admin package has already been loaded.
package main;
@@ -86,7 +93,8 @@ is ($out, "new\n", ' and nothing ran');
# Check too few and too many arguments for every command.
my %commands = (destroy => [0, 0],
initialize => [1, 1],
- register => [3, 3]);
+ register => [3, 3],
+ upgrade => [0, 0]);
for my $command (sort keys %commands) {
my ($min, $max) = @{ $commands{$command} };
if ($min > 0) {
@@ -150,6 +158,11 @@ is ($err, '', 'Register succeeds for verifier');
is ($out, "new\nregister_verifier foo Foo::Verifier\n",
' and returns the right outout');
+# Test upgrade.
+($out, $err) = run_admin ('upgrade');
+is ($err, '', 'Upgrade succeeds');
+is ($out, "new\nupgrade\n", ' and runs the right code');
+
# Test error handling.
$Wallet::Admin::error = 1;
($out, $err) = run_admin ('destroy');
@@ -169,3 +182,6 @@ is ($out, "new\nregister_object foo Foo::Object\n",
is ($err, "some error\n", 'Error handling succeeds for register verifier');
is ($out, "new\nregister_verifier foo Foo::Verifier\n",
' and calls the right methods');
+($out, $err) = run_admin ('upgrade');
+is ($err, "some error\n", 'Error handling succeeds for initialize');
+is ($out, "new\nupgrade\n", ' and calls the right methods');
diff --git a/tests/server/backend-t b/tests/server/backend-t
index a618391..50131b7 100755
--- a/tests/server/backend-t
+++ b/tests/server/backend-t
@@ -3,13 +3,13 @@
# Tests for the wallet-backend dispatch code.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2009, 2010
-# Board of Trustees, Leland Stanford Jr. University
+# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
use strict;
-use Test::More tests => 1269;
+use Test::More tests => 1314;
# Create a dummy class for Wallet::Server that prints what method was called
# with its arguments and returns data for testing.
@@ -45,6 +45,18 @@ sub acl_remove
sub acl_rename
{ shift; print "acl_rename @_\n"; ($_[0] eq 'error') ? undef : 1 }
+sub acl_check {
+ shift;
+ print "acl_check @_\n";
+ if ($_[0] eq 'error') {
+ return;
+ } elsif ($_[0] eq 'unknown') {
+ return 0;
+ } else {
+ return 1;
+ }
+}
+
sub acl_history {
shift;
print "acl_history @_\n";
@@ -110,6 +122,19 @@ sub check {
}
}
+sub comment {
+ shift;
+ print "comment @_\n";
+ if ($_[0] eq 'error') {
+ return;
+ } elsif ($_[1] eq 'empty') {
+ $okay = 1;
+ return;
+ } else {
+ return 'comment';
+ }
+}
+
sub expires {
shift;
print "expires @_\n";
@@ -216,6 +241,7 @@ is ($out, "$new\n", ' and nothing ran');
# Check too few, too many, and bad arguments for every command.
my %commands = (autocreate => [2, 2],
check => [2, 2],
+ comment => [2, 3],
create => [2, 2],
destroy => [2, 2],
expires => [2, 4],
@@ -229,6 +255,7 @@ my %commands = (autocreate => [2, 2],
show => [2, 2],
store => [2, 3]);
my %acl_commands = (add => [3, 3],
+ check => [1, 1],
create => [1, 1],
destroy => [1, 1],
history => [1, 1],
@@ -363,7 +390,8 @@ for my $command (qw/autocreate create destroy setacl setattr store/) {
' and ran the right method');
$error++;
}
-for my $command (qw/check expires get getacl getattr history owner show/) {
+for my $command (qw/check comment expires get getacl getattr history owner
+ show/) {
my $method = { getacl => 'acl', getattr => 'attr' }->{$command};
$method ||= $command;
my @extra = ('foo') x ($commands{$command}[0] - 2);
@@ -384,7 +412,8 @@ for my $command (qw/check expires get getacl getattr history owner show/) {
is ($out, "$new\n$method type name$extra\n$method$newline",
' and ran the right method with output');
}
- if ($command eq 'expires' or $command eq 'owner') {
+ if ($command eq 'expires' or $command eq 'owner'
+ or $command eq 'comment') {
($out, $err) = run_backend ($command, 'type', 'name', @extra, 'foo');
my $ran = "$command type name" . (@extra ? " @extra" : '') . ' foo';
is ($err, '', "Command $command ran with no errors (setting)");
@@ -393,14 +422,16 @@ for my $command (qw/check expires get getacl getattr history owner show/) {
is ($out, "$new\n$method type name$extra foo\n",
' and ran the right method');
}
- if ($command eq 'expires' or $command eq 'getacl' or $command eq 'owner') {
+ if ($command eq 'expires' or $command eq 'getacl'
+ or $command eq 'owner' or $command eq 'comment') {
($out, $err) = run_backend ($command, 'type', 'empty', @extra);
my $ran = "$command type empty" . (@extra ? " @extra" : '');
is ($err, '', "Command $command ran with no errors (empty)");
is ($OUTPUT, "command $ran from admin (1.2.3.4) succeeded\n",
' and success logged');
my $desc;
- if ($command eq 'expires') { $desc = 'expiration' }
+ if ($command eq 'comment') { $desc = 'comment' }
+ elsif ($command eq 'expires') { $desc = 'expiration' }
elsif ($command eq 'getacl') { $desc = 'ACL' }
elsif ($command eq 'owner') { $desc = 'owner' }
is ($out, "$new\n$method type empty$extra\nNo $desc set\n",
@@ -442,7 +473,9 @@ for my $command (sort keys %acl_commands) {
is ($OUTPUT, "command $ran from admin (1.2.3.4) succeeded\n",
' and success logged');
my $expected;
- if ($command eq 'show') {
+ if ($command eq 'check') {
+ $expected = "$new\nacl_$command name$extra\nyes\n";
+ } elsif ($command eq 'show') {
$expected = "$new\nacl_$command name$extra\nacl_show";
} elsif ($command eq 'history') {
$expected = "$new\nacl_$command name$extra\nacl_history";
@@ -458,6 +491,15 @@ for my $command (sort keys %acl_commands) {
is ($out, "$new\nacl_$command error$extra\n",
' and ran the right method');
$error++;
+ if ($command eq 'check') {
+ ($out, $err) = run_backend ('acl', $command, 'unknown');
+ my $ran = "acl $command unknown";
+ is ($err, '', "Command $command ran with no errors (unknown)");
+ is ($OUTPUT, "command $ran from admin (1.2.3.4) succeeded\n",
+ ' and success logged');
+ is ($out, "$new\nacl_$command unknown\nno\n",
+ ' and ran the right method with output');
+ }
}
for my $command (sort keys %flag_commands) {
my @extra = ('foo') x ($flag_commands{$command}[0] - 2);
diff --git a/tests/server/keytab-t b/tests/server/keytab-t
index 2a0ceed..a9f5450 100755
--- a/tests/server/keytab-t
+++ b/tests/server/keytab-t
@@ -3,7 +3,8 @@
# Tests for the keytab-backend dispatch code.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2006, 2007, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/tests/server/report-t b/tests/server/report-t
index 0771946..43ec9d1 100755
--- a/tests/server/report-t
+++ b/tests/server/report-t
@@ -3,7 +3,8 @@
# Tests for the wallet-report dispatch code.
#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2008, 2009, 2010
+# The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.
diff --git a/tests/tap/basic.c b/tests/tap/basic.c
index 829f91a..e8196fc 100644
--- a/tests/tap/basic.c
+++ b/tests/tap/basic.c
@@ -1,22 +1,38 @@
/*
* Some utility routines for writing tests.
*
- * Herein are a variety of utility routines for writing tests. All routines
- * of the form ok() or is*() take a test number and some number of appropriate
- * arguments, check to be sure the results match the expected output using the
- * arguments, and print out something appropriate for that test number. Other
- * utility routines help in constructing more complex tests, skipping tests,
- * or setting up the TAP output format.
+ * Here are a variety of utility routines for writing tests compatible with
+ * the TAP protocol. All routines of the form ok() or is*() take a test
+ * number and some number of appropriate arguments, check to be sure the
+ * results match the expected output using the arguments, and print out
+ * something appropriate for that test number. Other utility routines help in
+ * constructing more complex tests, skipping tests, reporting errors, setting
+ * up the TAP output format, or finding things in the test environment.
*
- * Copyright 2009, 2010 Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2008
- * Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * This file is part of C TAP Harness. The current version plus supporting
+ * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
*
- * See LICENSE for licensing terms.
+ * Copyright 2009, 2010, 2011, 2012 Russ Allbery <rra@stanford.edu>
+ * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <errno.h>
@@ -24,12 +40,21 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#ifdef _WIN32
+# include <direct.h>
+#else
+# include <sys/stat.h>
+#endif
#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
#include <unistd.h>
-#include <tap/basic.h>
+#include <tests/tap/basic.h>
+
+/* Windows provides mkdir and rmdir under different names. */
+#ifdef _WIN32
+# define mkdir(p, m) _mkdir(p)
+# define rmdir(p) _rmdir(p)
+#endif
/*
* The test count. Always contains the number that will be used for the next
@@ -57,7 +82,9 @@ static int _lazy = 0;
/*
* Our exit handler. Called on completion of the test to report a summary of
- * results provided we're still in the original process.
+ * results provided we're still in the original process. This also handles
+ * printing out the plan if we used plan_lazy(), although that's suppressed if
+ * we never ran a test (due to an early bail, for example).
*/
static void
finish(void)
@@ -66,8 +93,9 @@ finish(void)
if (_planned == 0 && !_lazy)
return;
+ fflush(stderr);
if (_process != 0 && getpid() == _process) {
- if (_lazy) {
+ if (_lazy && highest > 0) {
printf("1..%lu\n", highest);
_planned = highest;
}
@@ -98,6 +126,7 @@ plan(unsigned long count)
if (setvbuf(stdout, NULL, _IOLBF, BUFSIZ) != 0)
fprintf(stderr, "# cannot set stdout to line buffered: %s\n",
strerror(errno));
+ fflush(stderr);
printf("1..%lu\n", count);
testnum = 1;
_planned = count;
@@ -130,6 +159,7 @@ plan_lazy(void)
void
skip_all(const char *format, ...)
{
+ fflush(stderr);
printf("1..0 # skip");
if (format != NULL) {
va_list args;
@@ -162,6 +192,7 @@ print_desc(const char *format, va_list args)
void
ok(int success, const char *format, ...)
{
+ fflush(stderr);
printf("%sok %lu", success ? "" : "not ", testnum++);
if (!success)
_failed++;
@@ -182,6 +213,7 @@ ok(int success, const char *format, ...)
void
okv(int success, const char *format, va_list args)
{
+ fflush(stderr);
printf("%sok %lu", success ? "" : "not ", testnum++);
if (!success)
_failed++;
@@ -197,6 +229,7 @@ okv(int success, const char *format, va_list args)
void
skip(const char *reason, ...)
{
+ fflush(stderr);
printf("ok %lu # skip", testnum++);
if (reason != NULL) {
va_list args;
@@ -218,6 +251,7 @@ ok_block(unsigned long count, int status, const char *format, ...)
{
unsigned long i;
+ fflush(stderr);
for (i = 0; i < count; i++) {
printf("%sok %lu", status ? "" : "not ", testnum++);
if (!status)
@@ -242,6 +276,7 @@ skip_block(unsigned long count, const char *reason, ...)
{
unsigned long i;
+ fflush(stderr);
for (i = 0; i < count; i++) {
printf("ok %lu # skip", testnum++);
if (reason != NULL) {
@@ -264,6 +299,7 @@ skip_block(unsigned long count, const char *reason, ...)
void
is_int(long wanted, long seen, const char *format, ...)
{
+ fflush(stderr);
if (wanted == seen)
printf("ok %lu", testnum++);
else {
@@ -293,6 +329,7 @@ is_string(const char *wanted, const char *seen, const char *format, ...)
wanted = "(null)";
if (seen == NULL)
seen = "(null)";
+ fflush(stderr);
if (strcmp(wanted, seen) == 0)
printf("ok %lu", testnum++);
else {
@@ -312,37 +349,13 @@ is_string(const char *wanted, const char *seen, const char *format, ...)
/*
- * Takes an expected double and a seen double and assumes the test passes if
- * those two numbers match.
- */
-void
-is_double(double wanted, double seen, const char *format, ...)
-{
- if (wanted == seen)
- printf("ok %lu", testnum++);
- else {
- printf("# wanted: %g\n# seen: %g\n", wanted, seen);
- printf("not ok %lu", testnum++);
- _failed++;
- }
- if (format != NULL) {
- va_list args;
-
- va_start(args, format);
- print_desc(format, args);
- va_end(args);
- }
- putchar('\n');
-}
-
-
-/*
* Takes an expected unsigned long and a seen unsigned long and assumes the
* test passes if the two numbers match. Otherwise, reports them in hex.
*/
void
is_hex(unsigned long wanted, unsigned long seen, const char *format, ...)
{
+ fflush(stderr);
if (wanted == seen)
printf("ok %lu", testnum++);
else {
@@ -370,6 +383,7 @@ bail(const char *format, ...)
{
va_list args;
+ fflush(stderr);
fflush(stdout);
printf("Bail out! ");
va_start(args, format);
@@ -389,6 +403,7 @@ sysbail(const char *format, ...)
va_list args;
int oerrno = errno;
+ fflush(stderr);
fflush(stdout);
printf("Bail out! ");
va_start(args, format);
@@ -407,6 +422,7 @@ diag(const char *format, ...)
{
va_list args;
+ fflush(stderr);
fflush(stdout);
printf("# ");
va_start(args, format);
@@ -425,6 +441,7 @@ sysdiag(const char *format, ...)
va_list args;
int oerrno = errno;
+ fflush(stderr);
fflush(stdout);
printf("# ");
va_start(args, format);
@@ -435,6 +452,92 @@ sysdiag(const char *format, ...)
/*
+ * Allocate cleared memory, reporting a fatal error with bail on failure.
+ */
+void *
+bcalloc(size_t n, size_t size)
+{
+ void *p;
+
+ p = calloc(n, size);
+ if (p == NULL)
+ sysbail("failed to calloc %lu", (unsigned long)(n * size));
+ return p;
+}
+
+
+/*
+ * Allocate memory, reporting a fatal error with bail on failure.
+ */
+void *
+bmalloc(size_t size)
+{
+ void *p;
+
+ p = malloc(size);
+ if (p == NULL)
+ sysbail("failed to malloc %lu", (unsigned long) size);
+ return p;
+}
+
+
+/*
+ * Reallocate memory, reporting a fatal error with bail on failure.
+ */
+void *
+brealloc(void *p, size_t size)
+{
+ p = realloc(p, size);
+ if (p == NULL)
+ sysbail("failed to realloc %lu bytes", (unsigned long) size);
+ return p;
+}
+
+
+/*
+ * Copy a string, reporting a fatal error with bail on failure.
+ */
+char *
+bstrdup(const char *s)
+{
+ char *p;
+ size_t len;
+
+ len = strlen(s) + 1;
+ p = malloc(len);
+ if (p == NULL)
+ sysbail("failed to strdup %lu bytes", (unsigned long) len);
+ memcpy(p, s, len);
+ return p;
+}
+
+
+/*
+ * Copy up to n characters of a string, reporting a fatal error with bail on
+ * failure. Don't use the system strndup function, since it may not exist and
+ * the TAP library doesn't assume any portability support.
+ */
+char *
+bstrndup(const char *s, size_t n)
+{
+ const char *p;
+ char *copy;
+ size_t length;
+
+ /* Don't assume that the source string is nul-terminated. */
+ for (p = s; (size_t) (p - s) < n && *p != '\0'; p++)
+ ;
+ length = p - s;
+ copy = malloc(length + 1);
+ if (p == NULL)
+ sysbail("failed to strndup %lu bytes", (unsigned long) length);
+ memcpy(copy, s, length);
+ copy[length] = '\0';
+ return copy;
+}
+
+
+/*
* Locate a test file. Given the partial path to a file, look under BUILD and
* then SOURCE for the file and return the full path to the file. Returns
* NULL if the file doesn't exist. A non-NULL return should be freed with
@@ -458,9 +561,7 @@ test_file_path(const char *file)
if (base == NULL)
continue;
length = strlen(base) + 1 + strlen(file) + 1;
- path = malloc(length);
- if (path == NULL)
- sysbail("cannot allocate memory");
+ path = bmalloc(length);
sprintf(path, "%s/%s", base, file);
if (access(path, R_OK) == 0)
break;
@@ -482,3 +583,47 @@ test_file_path_free(char *path)
if (path != NULL)
free(path);
}
+
+
+/*
+ * Create a temporary directory, tmp, under BUILD if set and the current
+ * directory if it does not. Returns the path to the temporary directory in
+ * newly allocated memory, and calls bail on any failure. The return value
+ * should be freed with test_tmpdir_free.
+ *
+ * This function uses sprintf because it attempts to be independent of all
+ * other portability layers. The use immediately after a memory allocation
+ * should be safe without using snprintf or strlcpy/strlcat.
+ */
+char *
+test_tmpdir(void)
+{
+ const char *build;
+ char *path = NULL;
+ size_t length;
+
+ build = getenv("BUILD");
+ if (build == NULL)
+ build = ".";
+ length = strlen(build) + strlen("/tmp") + 1;
+ path = bmalloc(length);
+ sprintf(path, "%s/tmp", build);
+ if (access(path, X_OK) < 0)
+ if (mkdir(path, 0777) < 0)
+ sysbail("error creating temporary directory %s", path);
+ return path;
+}
+
+
+/*
+ * Free a path returned from test_tmpdir() and attempt to remove the
+ * directory. If we can't delete the directory, don't worry; something else
+ * that hasn't yet cleaned up may still be using it.
+ */
+void
+test_tmpdir_free(char *path)
+{
+ rmdir(path);
+ if (path != NULL)
+ free(path);
+}
diff --git a/tests/tap/basic.h b/tests/tap/basic.h
index 9602db4..fa4adaf 100644
--- a/tests/tap/basic.h
+++ b/tests/tap/basic.h
@@ -1,47 +1,38 @@
/*
* Basic utility routines for the TAP protocol.
*
- * Copyright 2009, 2010 Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2008
- * Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * This file is part of C TAP Harness. The current version plus supporting
+ * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
*
- * See LICENSE for licensing terms.
+ * Copyright 2009, 2010, 2011, 2012 Russ Allbery <rra@stanford.edu>
+ * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#ifndef TAP_BASIC_H
#define TAP_BASIC_H 1
+#include <tests/tap/macros.h>
#include <stdarg.h> /* va_list */
-#include <sys/types.h> /* pid_t */
-
-/*
- * __attribute__ is available in gcc 2.5 and later, but only with gcc 2.7
- * could you use the __format__ form of the attributes, which is what we use
- * (to avoid confusion with other macros).
- */
-#ifndef __attribute__
-# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 7)
-# define __attribute__(spec) /* empty */
-# endif
-#endif
-
-/*
- * BEGIN_DECLS is used at the beginning of declarations so that C++
- * compilers don't mangle their names. END_DECLS is used at the end.
- */
-#undef BEGIN_DECLS
-#undef END_DECLS
-#ifdef __cplusplus
-# define BEGIN_DECLS extern "C" {
-# define END_DECLS }
-#else
-# define BEGIN_DECLS /* empty */
-# define END_DECLS /* empty */
-#endif
+#include <sys/types.h> /* size_t */
/*
* Used for iterating through arrays. ARRAY_SIZE returns the number of
@@ -93,8 +84,6 @@ void skip_block(unsigned long count, const char *reason, ...)
/* Check an expected value against a seen value. */
void is_int(long wanted, long seen, const char *format, ...)
__attribute__((__format__(printf, 3, 4)));
-void is_double(double wanted, double seen, const char *format, ...)
- __attribute__((__format__(printf, 3, 4)));
void is_string(const char *wanted, const char *seen, const char *format, ...)
__attribute__((__format__(printf, 3, 4)));
void is_hex(unsigned long wanted, unsigned long seen, const char *format, ...)
@@ -112,6 +101,18 @@ void diag(const char *format, ...)
void sysdiag(const char *format, ...)
__attribute__((__nonnull__, __format__(printf, 1, 2)));
+/* Allocate memory, reporting a fatal error with bail on failure. */
+void *bcalloc(size_t, size_t)
+ __attribute__((__alloc_size__(1, 2), __malloc__));
+void *bmalloc(size_t)
+ __attribute__((__alloc_size__(1), __malloc__));
+void *brealloc(void *, size_t)
+ __attribute__((__alloc_size__(2), __malloc__));
+char *bstrdup(const char *)
+ __attribute__((__malloc__, __nonnull__));
+char *bstrndup(const char *, size_t)
+ __attribute__((__malloc__, __nonnull__));
+
/*
* Find a test file under BUILD or SOURCE, returning the full path. The
* returned path should be freed with test_file_path_free().
@@ -120,6 +121,14 @@ char *test_file_path(const char *file)
__attribute__((__malloc__, __nonnull__));
void test_file_path_free(char *path);
+/*
+ * Create a temporary directory relative to BUILD and return the path. The
+ * returned path should be freed with test_tmpdir_free.
+ */
+char *test_tmpdir(void)
+ __attribute__((__malloc__));
+void test_tmpdir_free(char *path);
+
END_DECLS
#endif /* TAP_BASIC_H */
diff --git a/tests/tap/kerberos.c b/tests/tap/kerberos.c
index a17d980..474cf4f 100644
--- a/tests/tap/kerberos.c
+++ b/tests/tap/kerberos.c
@@ -1,47 +1,90 @@
/*
* Utility functions for tests that use Kerberos.
*
- * Currently only provides kerberos_setup(), which assumes a particular set of
- * data files in either the SOURCE or BUILD directories and, using those,
- * obtains Kerberos credentials, sets up a ticket cache, and sets the
- * environment variable pointing to the Kerberos keytab to use for testing.
+ * The core function is kerberos_setup, which loads Kerberos test
+ * configuration and returns a struct of information. It also supports
+ * obtaining initial tickets from the configured keytab and setting up
+ * KRB5CCNAME and KRB5_KTNAME if a Kerberos keytab is present. Also included
+ * are utility functions for setting up a krb5.conf file and reporting
+ * Kerberos errors or warnings during testing.
*
- * Copyright 2006, 2007, 2009, 2010
- * Board of Trustees, Leland Stanford Jr. University
+ * Some of the functionality here is only available if the Kerberos libraries
+ * are available.
*
- * See LICENSE for licensing terms.
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Written by Russ Allbery <rra@stanford.edu>
+ * Copyright 2006, 2007, 2009, 2010, 2011, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <config.h>
-#include <portable/krb5.h>
+#ifdef HAVE_KERBEROS
+# include <portable/krb5.h>
+#endif
#include <portable/system.h>
+#include <sys/stat.h>
+
#include <tests/tap/basic.h>
#include <tests/tap/kerberos.h>
-#include <util/concat.h>
-#include <util/xmalloc.h>
+#include <tests/tap/process.h>
+#include <tests/tap/string.h>
+
+/*
+ * Disable the requirement that format strings be literals, since it's easier
+ * to handle the possible patterns for kinit commands as an array.
+ */
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
/*
- * Obtain Kerberos tickets for the principal specified in test.principal using
- * the keytab specified in test.keytab, both of which are presumed to be in
- * tests/data in either the build or the source tree.
- *
- * Returns the contents of test.principal in newly allocated memory or NULL if
- * Kerberos tests are apparently not configured. If Kerberos tests are
- * configured but something else fails, calls bail().
+ * These variables hold the allocated configuration struct, the environment to
+ * point to a different Kerberos ticket cache, keytab, and configuration file,
+ * and the temporary directories used. We store them so that we can free them
+ * on exit for cleaner valgrind output, making it easier to find real memory
+ * leaks in the tested programs.
+ */
+static struct kerberos_config *config = NULL;
+static char *krb5ccname = NULL;
+static char *krb5_ktname = NULL;
+static char *krb5_config = NULL;
+static char *tmpdir_ticket = NULL;
+static char *tmpdir_conf = NULL;
+
+
+/*
+ * Obtain Kerberos tickets and fill in the principal config entry.
*
- * The error handling here is not great. We should have a bail_krb5 that uses
- * the same logic as messages-krb5.c, which hasn't yet been imported into
- * rra-c-util.
+ * There are two implementations of this function, one if we have native
+ * Kerberos libraries available and one if we don't. Uses keytab to obtain
+ * credentials, and fills in the cache member of the provided config struct.
*/
-char *
-kerberos_setup(void)
+#ifdef HAVE_KERBEROS
+
+static void
+kerberos_kinit(void)
{
- char *path, *krbtgt;
- const char *build, *realm;
- FILE *file;
- char principal[BUFSIZ];
+ char *name, *krbtgt;
krb5_error_code code;
krb5_context ctx;
krb5_ccache ccache;
@@ -49,89 +92,397 @@ kerberos_setup(void)
krb5_keytab keytab;
krb5_get_init_creds_opt *opts;
krb5_creds creds;
+ const char *realm;
- /* Read the principal name and find the keytab file. */
- path = test_file_path("data/test.principal");
- if (path == NULL)
- return NULL;
- file = fopen(path, "r");
- if (file == NULL) {
- free(path);
- return NULL;
- }
- if (fgets(principal, sizeof(principal), file) == NULL) {
- fclose(file);
- bail("cannot read %s", path);
- }
- fclose(file);
- if (principal[strlen(principal) - 1] != '\n')
- bail("no newline in %s", path);
- free(path);
- principal[strlen(principal) - 1] = '\0';
- path = test_file_path("data/test.keytab");
- if (path == NULL)
- return NULL;
-
- /* Set the KRB5CCNAME and KRB5_KTNAME environment variables. */
- build = getenv("BUILD");
- if (build == NULL)
- build = ".";
- putenv(concat("KRB5CCNAME=", build, "/data/test.cache", (char *) 0));
- putenv(concat("KRB5_KTNAME=", path, (char *) 0));
-
- /* Now do the Kerberos initialization. */
+ /*
+ * Determine the principal corresponding to that keytab. We copy the
+ * memory to ensure that it's allocated in the right memory domain on
+ * systems where that may matter (like Windows).
+ */
code = krb5_init_context(&ctx);
if (code != 0)
- bail("error initializing Kerberos");
+ bail_krb5(ctx, code, "error initializing Kerberos");
+ kprinc = kerberos_keytab_principal(ctx, config->keytab);
+ code = krb5_unparse_name(ctx, kprinc, &name);
+ if (code != 0)
+ bail_krb5(ctx, code, "error unparsing name");
+ krb5_free_principal(ctx, kprinc);
+ config->principal = bstrdup(name);
+ krb5_free_unparsed_name(ctx, name);
+
+ /* Now do the Kerberos initialization. */
code = krb5_cc_default(ctx, &ccache);
if (code != 0)
- bail("error setting ticket cache");
- code = krb5_parse_name(ctx, principal, &kprinc);
+ bail_krb5(ctx, code, "error setting ticket cache");
+ code = krb5_parse_name(ctx, config->principal, &kprinc);
if (code != 0)
- bail("error parsing principal %s", principal);
+ bail_krb5(ctx, code, "error parsing principal %s", config->principal);
realm = krb5_principal_get_realm(ctx, kprinc);
- krbtgt = concat("krbtgt/", realm, "@", realm, (char *) 0);
- code = krb5_kt_resolve(ctx, path, &keytab);
+ basprintf(&krbtgt, "krbtgt/%s@%s", realm, realm);
+ code = krb5_kt_resolve(ctx, config->keytab, &keytab);
if (code != 0)
- bail("cannot open keytab %s", path);
+ bail_krb5(ctx, code, "cannot open keytab %s", config->keytab);
code = krb5_get_init_creds_opt_alloc(ctx, &opts);
if (code != 0)
- bail("cannot allocate credential options");
+ bail_krb5(ctx, code, "cannot allocate credential options");
krb5_get_init_creds_opt_set_default_flags(ctx, NULL, realm, opts);
krb5_get_init_creds_opt_set_forwardable(opts, 0);
krb5_get_init_creds_opt_set_proxiable(opts, 0);
code = krb5_get_init_creds_keytab(ctx, &creds, kprinc, keytab, 0, krbtgt,
opts);
if (code != 0)
- bail("cannot get Kerberos tickets");
+ bail_krb5(ctx, code, "cannot get Kerberos tickets");
code = krb5_cc_initialize(ctx, ccache, kprinc);
if (code != 0)
- bail("error initializing ticket cache");
+ bail_krb5(ctx, code, "error initializing ticket cache");
code = krb5_cc_store_cred(ctx, ccache, &creds);
if (code != 0)
- bail("error storing credentials");
+ bail_krb5(ctx, code, "error storing credentials");
krb5_cc_close(ctx, ccache);
krb5_free_cred_contents(ctx, &creds);
krb5_kt_close(ctx, keytab);
krb5_free_principal(ctx, kprinc);
+ krb5_get_init_creds_opt_free(ctx, opts);
krb5_free_context(ctx);
free(krbtgt);
- free(path);
+}
- return xstrdup(principal);
+#else /* !HAVE_KERBEROS */
+
+static void
+kerberos_kinit(void)
+{
+ static const char * const format[] = {
+ "kinit --no-afslog -k -t %s %s >/dev/null 2>&1 </dev/null",
+ "kinit -k -t %s %s >/dev/null 2>&1 </dev/null",
+ "kinit -t %s %s >/dev/null 2>&1 </dev/null",
+ "kinit -k -K %s %s >/dev/null 2>&1 </dev/null"
+ };
+ FILE *file;
+ char *path;
+ char principal[BUFSIZ], *command;
+ size_t i;
+ int status;
+
+ /* Read the principal corresponding to the keytab. */
+ path = test_file_path("config/principal");
+ if (path == NULL) {
+ test_file_path_free(config->keytab);
+ config->keytab = NULL;
+ return;
+ }
+ file = fopen(path, "r");
+ if (file == NULL) {
+ test_file_path_free(path);
+ return;
+ }
+ test_file_path_free(path);
+ if (fgets(principal, sizeof(principal), file) == NULL)
+ bail("cannot read %s", path);
+ fclose(file);
+ if (principal[strlen(principal) - 1] != '\n')
+ bail("no newline in %s", path);
+ principal[strlen(principal) - 1] = '\0';
+ config->principal = bstrdup(principal);
+
+ /* Now do the Kerberos initialization. */
+ for (i = 0; i < ARRAY_SIZE(format); i++) {
+ basprintf(&command, format[i], config->keytab, principal);
+ status = system(command);
+ free(command);
+ if (status != -1 && WEXITSTATUS(status) == 0)
+ break;
+ }
+ if (status == -1 || WEXITSTATUS(status) != 0)
+ bail("cannot get Kerberos tickets");
}
+#endif /* !HAVE_KERBEROS */
+
/*
- * Clean up at the end of a test. Currently, all this does is remove the
- * ticket cache.
+ * Clean up at the end of a test. This removes the ticket cache and resets
+ * and frees the memory allocated for the environment variables so that
+ * valgrind output on test suites is cleaner.
*/
void
kerberos_cleanup(void)
{
char *path;
- path = concatpath(getenv("BUILD"), "data/test.cache");
- unlink(path);
- free(path);
+ if (tmpdir_ticket != NULL) {
+ basprintf(&path, "%s/krb5cc_test", tmpdir_ticket);
+ unlink(path);
+ free(path);
+ test_tmpdir_free(tmpdir_ticket);
+ tmpdir_ticket = NULL;
+ }
+ if (config != NULL) {
+ if (config->keytab != NULL) {
+ test_file_path_free(config->keytab);
+ free(config->principal);
+ free(config->cache);
+ }
+ if (config->userprinc != NULL) {
+ free(config->userprinc);
+ free(config->username);
+ free(config->password);
+ }
+ free(config);
+ config = NULL;
+ }
+ if (krb5ccname != NULL) {
+ putenv((char *) "KRB5CCNAME=");
+ free(krb5ccname);
+ krb5ccname = NULL;
+ }
+ if (krb5_ktname != NULL) {
+ putenv((char *) "KRB5_KTNAME=");
+ free(krb5_ktname);
+ krb5_ktname = NULL;
+ }
+}
+
+
+/*
+ * Obtain Kerberos tickets for the principal specified in config/principal
+ * using the keytab specified in config/keytab, both of which are presumed to
+ * be in tests in either the build or the source tree. Also sets KRB5_KTNAME
+ * and KRB5CCNAME.
+ *
+ * Returns the contents of config/principal in newly allocated memory or NULL
+ * if Kerberos tests are apparently not configured. If Kerberos tests are
+ * configured but something else fails, calls bail.
+ */
+struct kerberos_config *
+kerberos_setup(enum kerberos_needs needs)
+{
+ char *path;
+ char buffer[BUFSIZ];
+ FILE *file = NULL;
+
+ /* If we were called before, clean up after the previous run. */
+ if (config != NULL)
+ kerberos_cleanup();
+ config = bcalloc(1, sizeof(struct kerberos_config));
+
+ /*
+ * If we have a config/keytab file, set the KRB5CCNAME and KRB5_KTNAME
+ * environment variables and obtain initial tickets.
+ */
+ config->keytab = test_file_path("config/keytab");
+ if (config->keytab == NULL) {
+ if (needs == TAP_KRB_NEEDS_KEYTAB || needs == TAP_KRB_NEEDS_BOTH)
+ skip_all("Kerberos tests not configured");
+ } else {
+ tmpdir_ticket = test_tmpdir();
+ basprintf(&config->cache, "%s/krb5cc_test", tmpdir_ticket);
+ basprintf(&krb5ccname, "KRB5CCNAME=%s/krb5cc_test", tmpdir_ticket);
+ basprintf(&krb5_ktname, "KRB5_KTNAME=%s", config->keytab);
+ putenv(krb5ccname);
+ putenv(krb5_ktname);
+ kerberos_kinit();
+ }
+
+ /*
+ * If we have a config/password file, read it and fill out the relevant
+ * members of our config struct.
+ */
+ path = test_file_path("config/password");
+ if (path != NULL)
+ file = fopen(path, "r");
+ if (file == NULL) {
+ if (needs == TAP_KRB_NEEDS_PASSWORD || needs == TAP_KRB_NEEDS_BOTH)
+ skip_all("Kerberos tests not configured");
+ } else {
+ if (fgets(buffer, sizeof(buffer), file) == NULL)
+ bail("cannot read %s", path);
+ if (buffer[strlen(buffer) - 1] != '\n')
+ bail("no newline in %s", path);
+ buffer[strlen(buffer) - 1] = '\0';
+ config->userprinc = bstrdup(buffer);
+ if (fgets(buffer, sizeof(buffer), file) == NULL)
+ bail("cannot read password from %s", path);
+ fclose(file);
+ if (buffer[strlen(buffer) - 1] != '\n')
+ bail("password too long in %s", path);
+ buffer[strlen(buffer) - 1] = '\0';
+ config->password = bstrdup(buffer);
+
+ /*
+ * Strip the realm from the principal and set realm and username.
+ * This is not strictly correct; it doesn't cope with escaped @-signs
+ * or enterprise names.
+ */
+ config->username = bstrdup(config->userprinc);
+ config->realm = strchr(config->username, '@');
+ if (config->realm == NULL)
+ bail("test principal has no realm");
+ *config->realm = '\0';
+ config->realm++;
+ }
+ if (path != NULL)
+ test_file_path_free(path);
+
+ /*
+ * Register the cleanup function as an atexit handler so that the caller
+ * doesn't have to worry about cleanup.
+ */
+ if (atexit(kerberos_cleanup) != 0)
+ sysdiag("cannot register cleanup function");
+
+ /* Return the configuration. */
+ return config;
+}
+
+
+/*
+ * Clean up the krb5.conf file generated by kerberos_generate_conf and free
+ * the memory used to set the environment variable. This doesn't fail if the
+ * file and variable are already gone, allowing it to be harmlessly run
+ * multiple times.
+ *
+ * Normally called via an atexit handler.
+ */
+void
+kerberos_cleanup_conf(void)
+{
+ char *path;
+
+ if (tmpdir_conf != NULL) {
+ basprintf(&path, "%s/krb5.conf", tmpdir_conf);
+ unlink(path);
+ free(path);
+ test_tmpdir_free(tmpdir_conf);
+ tmpdir_conf = NULL;
+ }
+ putenv((char *) "KRB5_CONFIG=");
+ if (krb5_config != NULL) {
+ free(krb5_config);
+ krb5_config = NULL;
+ }
}
+
+
+/*
+ * Generate a krb5.conf file for testing and set KRB5_CONFIG to point to it.
+ * The [appdefaults] section will be stripped out and the default realm will
+ * be set to the realm specified, if not NULL. This will use config/krb5.conf
+ * in preference, so users can configure the tests by creating that file if
+ * the system file isn't suitable.
+ *
+ * Depends on data/generate-krb5-conf being present in the test suite.
+ */
+void
+kerberos_generate_conf(const char *realm)
+{
+ char *path;
+ const char *argv[3];
+
+ if (tmpdir_conf != NULL)
+ kerberos_cleanup_conf();
+ path = test_file_path("data/generate-krb5-conf");
+ if (path == NULL)
+ bail("cannot find generate-krb5-conf");
+ argv[0] = path;
+ argv[1] = realm;
+ argv[2] = NULL;
+ run_setup(argv);
+ test_file_path_free(path);
+ tmpdir_conf = test_tmpdir();
+ basprintf(&krb5_config, "KRB5_CONFIG=%s/krb5.conf", tmpdir_conf);
+ putenv(krb5_config);
+ if (atexit(kerberos_cleanup_conf) != 0)
+ sysdiag("cannot register cleanup function");
+}
+
+
+/*
+ * The remaining functions in this file are only available if Kerberos
+ * libraries are available.
+ */
+#ifdef HAVE_KERBEROS
+
+
+/*
+ * Report a Kerberos error and bail out.
+ */
+void
+bail_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...)
+{
+ const char *k5_msg = NULL;
+ char *message;
+ va_list args;
+
+ if (ctx != NULL)
+ k5_msg = krb5_get_error_message(ctx, code);
+ va_start(args, format);
+ bvasprintf(&message, format, args);
+ va_end(args);
+ if (k5_msg == NULL)
+ bail("%s", message);
+ else
+ bail("%s: %s", message, k5_msg);
+}
+
+
+/*
+ * Report a Kerberos error as a diagnostic to stderr.
+ */
+void
+diag_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...)
+{
+ const char *k5_msg = NULL;
+ char *message;
+ va_list args;
+
+ if (ctx != NULL)
+ k5_msg = krb5_get_error_message(ctx, code);
+ va_start(args, format);
+ bvasprintf(&message, format, args);
+ va_end(args);
+ if (k5_msg == NULL)
+ diag("%s", message);
+ else
+ diag("%s: %s", message, k5_msg);
+ free(message);
+ if (k5_msg != NULL)
+ krb5_free_error_message(ctx, k5_msg);
+}
+
+
+/*
+ * Find the principal of the first entry of a keytab and return it. The
+ * caller is responsible for freeing the result with krb5_free_principal.
+ * Exit on error.
+ */
+krb5_principal
+kerberos_keytab_principal(krb5_context ctx, const char *path)
+{
+ krb5_keytab keytab;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry entry;
+ krb5_principal princ;
+ krb5_error_code status;
+
+ status = krb5_kt_resolve(ctx, path, &keytab);
+ if (status != 0)
+ bail_krb5(ctx, status, "error opening %s", path);
+ status = krb5_kt_start_seq_get(ctx, keytab, &cursor);
+ if (status != 0)
+ bail_krb5(ctx, status, "error reading %s", path);
+ status = krb5_kt_next_entry(ctx, keytab, &entry, &cursor);
+ if (status == 0) {
+ status = krb5_copy_principal(ctx, entry.principal, &princ);
+ if (status != 0)
+ bail_krb5(ctx, status, "error copying principal from %s", path);
+ krb5_kt_free_entry(ctx, &entry);
+ }
+ if (status != 0)
+ bail("no principal found in keytab file %s", path);
+ krb5_kt_end_seq_get(ctx, keytab, &cursor);
+ krb5_kt_close(ctx, keytab);
+ return princ;
+}
+
+#endif /* HAVE_KERBEROS */
diff --git a/tests/tap/kerberos.h b/tests/tap/kerberos.h
index 1c64f70..31b6343 100644
--- a/tests/tap/kerberos.h
+++ b/tests/tap/kerberos.h
@@ -1,32 +1,125 @@
/*
* Utility functions for tests that use Kerberos.
*
- * Copyright 2006, 2007, 2009
- * Board of Trustees, Leland Stanford Jr. University
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*
- * See LICENSE for licensing terms.
+ * Written by Russ Allbery <rra@stanford.edu>
+ * Copyright 2006, 2007, 2009, 2011, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#ifndef TAP_KERBEROS_H
#define TAP_KERBEROS_H 1
#include <config.h>
-#include <portable/macros.h>
+#include <tests/tap/macros.h>
+
+#ifdef HAVE_KERBEROS
+# include <portable/krb5.h>
+#endif
+
+/* Holds the information parsed from the Kerberos test configuration. */
+struct kerberos_config {
+ char *keytab; /* Path to the keytab. */
+ char *principal; /* Principal whose keys are in the keytab. */
+ char *cache; /* Path to the Kerberos ticket cache. */
+ char *userprinc; /* The fully-qualified principal. */
+ char *username; /* The local (non-realm) part of principal. */
+ char *realm; /* The realm part of the principal. */
+ char *password; /* The password. */
+};
+
+/*
+ * Whether to skip all tests (by calling skip_all) in kerberos_setup if
+ * certain configuration information isn't available.
+ */
+enum kerberos_needs {
+ TAP_KRB_NEEDS_NONE,
+ TAP_KRB_NEEDS_KEYTAB,
+ TAP_KRB_NEEDS_PASSWORD,
+ TAP_KRB_NEEDS_BOTH
+};
BEGIN_DECLS
/*
- * Set up Kerberos, returning the test principal in newly allocated memory if
- * we were successful. If there is no principal in tests/data/test.principal
- * or no keytab in tests/data/test.keytab, return NULL. Otherwise, on
- * failure, calls bail().
+ * Set up Kerberos, returning the test configuration information. This
+ * obtains Kerberos tickets from config/keytab, if one is present, and stores
+ * them in a Kerberos ticket cache, sets KRB5_KTNAME and KRB5CCNAME. It also
+ * loads the principal and password from config/password, if it exists, and
+ * stores the principal, password, username, and realm in the returned struct.
+ *
+ * If there is no config/keytab file, KRB5_KTNAME and KRB5CCNAME won't be set
+ * and the keytab field will be NULL. If there is no config/password file,
+ * the principal field will be NULL. If the files exist but loading them
+ * fails, or authentication fails, kerberos_setup calls bail.
+ *
+ * kerberos_cleanup will be set up to run from an atexit handler. This means
+ * that any child processes that should not remove the Kerberos ticket cache
+ * should call _exit instead of exit. The principal will be automatically
+ * freed when kerberos_cleanup is called or if kerberos_setup is called again.
+ * The caller doesn't need to worry about it.
*/
-char *kerberos_setup(void)
+struct kerberos_config *kerberos_setup(enum kerberos_needs)
__attribute__((__malloc__));
-
-/* Clean up at the end of a test. */
void kerberos_cleanup(void);
+/*
+ * Generate a krb5.conf file for testing and set KRB5_CONFIG to point to it.
+ * The [appdefaults] section will be stripped out and the default realm will
+ * be set to the realm specified, if not NULL. This will use config/krb5.conf
+ * in preference, so users can configure the tests by creating that file if
+ * the system file isn't suitable.
+ *
+ * Depends on data/generate-krb5-conf being present in the test suite.
+ *
+ * kerberos_cleanup_conf will clean up after this function, but usually
+ * doesn't need to be called directly since it's registered as an atexit
+ * handler.
+ */
+void kerberos_generate_conf(const char *realm);
+void kerberos_cleanup_conf(void);
+
+/* Thes interfaces are only available with native Kerberos support. */
+#ifdef HAVE_KERBEROS
+
+/* Bail out with an error, appending the Kerberos error message. */
+void bail_krb5(krb5_context, krb5_error_code, const char *format, ...)
+ __attribute__((__noreturn__, __nonnull__, __format__(printf, 3, 4)));
+
+/* Report a diagnostic with Kerberos error to stderr prefixed with #. */
+void diag_krb5(krb5_context, krb5_error_code, const char *format, ...)
+ __attribute__((__nonnull__, __format__(printf, 3, 4)));
+
+/*
+ * Given a Kerberos context and the path to a keytab, retrieve the principal
+ * for the first entry in the keytab and return it. Calls bail on failure.
+ * The returned principal should be freed with krb5_free_principal.
+ */
+krb5_principal kerberos_keytab_principal(krb5_context, const char *path)
+ __attribute__((__nonnull__));
+
+#endif /* HAVE_KERBEROS */
+
END_DECLS
#endif /* !TAP_MESSAGES_H */
diff --git a/tests/tap/kerberos.sh b/tests/tap/kerberos.sh
index 904cae5..d2f174d 100644
--- a/tests/tap/kerberos.sh
+++ b/tests/tap/kerberos.sh
@@ -1,30 +1,61 @@
# Shell function library to initialize Kerberos credentials
#
+# Note that while many of the functions in this library could benefit from
+# using "local" to avoid possibly hammering global variables, Solaris /bin/sh
+# doesn't support local and this library aspires to be portable to Solaris
+# Bourne shell. Instead, all private variables are prefixed with "tap_".
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2010, 2011, 2012
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
#
-# See LICENSE for licensing terms.
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+# We use test_tmpdir.
+. "${SOURCE}/tap/libtap.sh"
# Set up Kerberos, including the ticket cache environment variable. Bail out
# if not successful, return 0 if successful, and return 1 if Kerberos is not
# configured. Sets the global principal variable to the principal to use.
kerberos_setup () {
- local keytab
- keytab=`test_file_path data/test.keytab`
- principal=`test_file_path data/test.principal`
+ tap_keytab=`test_file_path config/keytab`
+ principal=`test_file_path config/principal`
principal=`cat "$principal" 2>/dev/null`
- if [ -z "$keytab" ] || [ -z "$principal" ] ; then
+ if [ -z "$tap_keytab" ] || [ -z "$principal" ] ; then
return 1
fi
- KRB5CCNAME="$BUILD/data/test.cache"; export KRB5CCNAME
- kinit -k -t "$keytab" "$principal" >/dev/null </dev/null
+ KRB5CCNAME=`test_tmpdir`/krb5cc_test; export KRB5CCNAME
+ kinit --no-afslog -k -t "$tap_keytab" "$principal" >/dev/null </dev/null
status=$?
if [ $status != 0 ] ; then
- kinit -t "$keytab" "$principal" >/dev/null </dev/null
+ kinit -k -t "$tap_keytab" "$principal" >/dev/null </dev/null
+ status=$?
+ fi
+ if [ $status != 0 ] ; then
+ kinit -t "$tap_keytab" "$principal" >/dev/null </dev/null
status=$?
fi
if [ $status != 0 ] ; then
- kinit -k -K "$keytab" "$principal" >/dev/null </dev/null
+ kinit -k -K "$tap_keytab" "$principal" >/dev/null </dev/null
status=$?
fi
if [ $status != 0 ] ; then
@@ -35,7 +66,8 @@ kerberos_setup () {
# Clean up at the end of a test. Currently only removes the ticket cache.
kerberos_cleanup () {
- rm -f "$BUILD/data/test.cache"
+ tap_tmp=`test_tmpdir`
+ rm -f "$tap_tmp"/krb5cc_test
}
# List the contents of a keytab with enctypes and keys. This adjusts for the
@@ -44,11 +76,13 @@ kerberos_cleanup () {
# may just hang. Takes the keytab to list and the file into which to save the
# output, and strips off the header containing the file name.
ktutil_list () {
- if klist -keK "$1" > ktutil-tmp 2>/dev/null ; then
+ tap_tmp=`test_tmpdir`
+ if klist -keK "$1" > "$tap_tmp"/ktutil-tmp 2>/dev/null ; then
:
else
- ktutil -k "$1" list --keys > ktutil-tmp < /dev/null 2>/dev/null
+ ktutil -k "$1" list --keys > "$tap_tmp"/ktutil-tmp </dev/null \
+ 2>/dev/null
fi
- sed -e '/Keytab name:/d' -e "/^[^ ]*:/d" ktutil-tmp > "$2"
- rm -f ktutil-tmp
+ sed -e '/Keytab name:/d' -e "/^[^ ]*:/d" "$tap_tmp"/ktutil-tmp > "$2"
+ rm -f "$tap_tmp"/ktutil-tmp
}
diff --git a/tests/tap/libtap.sh b/tests/tap/libtap.sh
index a9b46d4..f9347d8 100644
--- a/tests/tap/libtap.sh
+++ b/tests/tap/libtap.sh
@@ -1,10 +1,36 @@
# Shell function library for test cases.
#
+# Note that while many of the functions in this library could benefit from
+# using "local" to avoid possibly hammering global variables, Solaris /bin/sh
+# doesn't support local and this library aspires to be portable to Solaris
+# Bourne shell. Instead, all private variables are prefixed with "tap_".
+#
+# This file provides a TAP-compatible shell function library useful for
+# writing test cases. It is part of C TAP Harness, which can be found at
+# <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
+#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2009, 2010 Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2010, 2011, 2012 Russ Allbery <rra@stanford.edu>
+# Copyright 2006, 2007, 2008
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
#
-# See LICENSE for licensing terms.
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
# Print out the number of test cases we expect to run.
plan () {
@@ -25,33 +51,35 @@ plan_lazy () {
# Report the test status on exit.
finish () {
- local highest looks
- highest=`expr "$count" - 1`
+ tap_highest=`expr "$count" - 1`
if [ "$planned" = 0 ] ; then
- echo "1..$highest"
- planned="$highest"
+ echo "1..$tap_highest"
+ planned="$tap_highest"
fi
- looks='# Looks like you'
+ tap_looks='# Looks like you'
if [ "$planned" -gt 0 ] ; then
- if [ "$planned" -gt "$highest" ] ; then
+ if [ "$planned" -gt "$tap_highest" ] ; then
if [ "$planned" -gt 1 ] ; then
- echo "$looks planned $planned tests but only ran $highest"
+ echo "$tap_looks planned $planned tests but only ran" \
+ "$tap_highest"
else
- echo "$looks planned $planned test but only ran $highest"
+ echo "$tap_looks planned $planned test but only ran" \
+ "$tap_highest"
fi
- elif [ "$planned" -lt "$highest" ] ; then
- local extra
- extra=`expr "$highest" - "$planned"`
+ elif [ "$planned" -lt "$tap_highest" ] ; then
+ tap_extra=`expr "$tap_highest" - "$planned"`
if [ "$planned" -gt 1 ] ; then
- echo "$looks planned $planned tests but ran $extra extra"
+ echo "$tap_looks planned $planned tests but ran" \
+ "$tap_extra extra"
else
- echo "$looks planned $planned test but ran $extra extra"
+ echo "$tap_looks planned $planned test but ran" \
+ "$tap_extra extra"
fi
elif [ "$failed" -gt 0 ] ; then
if [ "$failed" -gt 1 ] ; then
- echo "$looks failed $failed tests of $planned"
+ echo "$tap_looks failed $failed tests of $planned"
else
- echo "$looks failed $failed test of $planned"
+ echo "$tap_looks failed $failed test of $planned"
fi
elif [ "$planned" -gt 1 ] ; then
echo "# All $planned tests successful or skipped"
@@ -63,10 +91,9 @@ finish () {
# Skip the entire test suite. Should be run instead of plan.
skip_all () {
- local desc
- desc="$1"
- if [ -n "$desc" ] ; then
- echo "1..0 # skip $desc"
+ tap_desc="$1"
+ if [ -n "$tap_desc" ] ; then
+ echo "1..0 # skip $tap_desc"
else
echo "1..0 # skip"
fi
@@ -77,16 +104,15 @@ skip_all () {
# command is successful, false otherwise. The count starts at 1 and is
# updated each time ok is printed.
ok () {
- local desc
- desc="$1"
- if [ -n "$desc" ] ; then
- desc=" - $desc"
+ tap_desc="$1"
+ if [ -n "$tap_desc" ] ; then
+ tap_desc=" - $tap_desc"
fi
shift
if "$@" ; then
- echo ok $count$desc
+ echo ok "$count$tap_desc"
else
- echo not ok $count$desc
+ echo not ok "$count$tap_desc"
failed=`expr $failed + 1`
fi
count=`expr $count + 1`
@@ -101,58 +127,80 @@ skip () {
# Report the same status on a whole set of tests. Takes the count of tests,
# the description, and then the command to run to determine the status.
ok_block () {
- local end i desc
- i=$count
- end=`expr $count + $1`
- shift
- desc="$1"
+ tap_i=$count
+ tap_end=`expr $count + $1`
shift
- while [ "$i" -lt "$end" ] ; do
- ok "$desc" "$@"
- i=`expr $i + 1`
+ while [ "$tap_i" -lt "$tap_end" ] ; do
+ ok "$@"
+ tap_i=`expr $tap_i + 1`
done
}
# Skip a whole set of tests. Takes the count and then the reason for skipping
# the test.
skip_block () {
- local i end
- i=$count
- end=`expr $count + $1`
+ tap_i=$count
+ tap_end=`expr $count + $1`
shift
- while [ "$i" -lt "$end" ] ; do
+ while [ "$tap_i" -lt "$tap_end" ] ; do
skip "$@"
- i=`expr $i + 1`
+ tap_i=`expr $tap_i + 1`
done
}
+# Portable variant of printf '%s\n' "$*". In the majority of cases, this
+# function is slower than printf, because the latter is often implemented
+# as a builtin command. The value of the variable IFS is ignored.
+#
+# This macro must not be called via backticks inside double quotes, since this
+# will result in bizarre escaping behavior and lots of extra backslashes on
+# Solaris.
+puts () {
+ cat << EOH
+$@
+EOH
+}
+
# Run a program expected to succeed, and print ok if it does and produces the
# correct output. Takes the description, expected exit status, the expected
-# output, the command to run, and then any arguments for that command. Strip
-# a colon and everything after it off the output if the expected status is
-# non-zero, since this is probably a system-specific error message.
+# output, the command to run, and then any arguments for that command.
+# Standard output and standard error are combined when analyzing the output of
+# the command.
+#
+# If the command may contain system-specific error messages in its output,
+# add strip_colon_error before the command to post-process its output.
ok_program () {
- local desc w_status w_output output status
- desc="$1"
+ tap_desc="$1"
shift
- w_status="$1"
+ tap_w_status="$1"
shift
- w_output="$1"
+ tap_w_output="$1"
shift
- output=`"$@" 2>&1`
- status=$?
- if [ "$w_status" -ne 0 ] ; then
- output=`echo "$output" | sed 's/^\([^:]* [^:]*\):.*/\1/'`
- fi
- if [ $status = $w_status ] && [ x"$output" = x"$w_output" ] ; then
- ok "$desc" true
+ tap_output=`"$@" 2>&1`
+ tap_status=$?
+ if [ $tap_status = $tap_w_status ] \
+ && [ x"$tap_output" = x"$tap_w_output" ] ; then
+ ok "$tap_desc" true
else
- echo "# saw: ($status) $output"
- echo "# not: ($w_status) $w_output"
- ok "$desc" false
+ echo "# saw: ($tap_status) $tap_output"
+ echo "# not: ($tap_w_status) $tap_w_output"
+ ok "$tap_desc" false
fi
}
+# Strip a colon and everything after it off the output of a command, as long
+# as that colon comes after at least one whitespace character. (This is done
+# to avoid stripping the name of the program from the start of an error
+# message.) This is used to remove system-specific error messages (coming
+# from strerror, for example).
+strip_colon_error() {
+ tap_output=`"$@" 2>&1`
+ tap_status=$?
+ tap_output=`puts "$tap_output" | sed 's/^\([^ ]* [^:]*\):.*/\1/'`
+ puts "$tap_output"
+ return $tap_status
+}
+
# Bail out with an error message.
bail () {
echo 'Bail out!' "$@"
@@ -167,12 +215,32 @@ diag () {
# Search for the given file first in $BUILD and then in $SOURCE and echo the
# path where the file was found, or the empty string if the file wasn't
# found.
+#
+# This macro uses puts, so don't run it using backticks inside double quotes
+# or bizarre quoting behavior will happen with Solaris sh.
test_file_path () {
- if [ -f "$BUILD/$1" ] ; then
- echo "$BUILD/$1"
- elif [ -f "$SOURCE/$1" ] ; then
- echo "$SOURCE/$1"
+ if [ -n "$BUILD" ] && [ -f "$BUILD/$1" ] ; then
+ puts "$BUILD/$1"
+ elif [ -n "$SOURCE" ] && [ -f "$SOURCE/$1" ] ; then
+ puts "$SOURCE/$1"
else
echo ''
fi
}
+
+# Create $BUILD/tmp for use by tests for storing temporary files and return
+# the path (via standard output).
+#
+# This macro uses puts, so don't run it using backticks inside double quotes
+# or bizarre quoting behavior will happen with Solaris sh.
+test_tmpdir () {
+ if [ -z "$BUILD" ] ; then
+ tap_tmpdir="./tmp"
+ else
+ tap_tmpdir="$BUILD"/tmp
+ fi
+ if [ ! -d "$tap_tmpdir" ] ; then
+ mkdir "$tap_tmpdir" || bail "Error creating $tap_tmpdir"
+ fi
+ puts "$tap_tmpdir"
+}
diff --git a/tests/tap/macros.h b/tests/tap/macros.h
new file mode 100644
index 0000000..33fee42
--- /dev/null
+++ b/tests/tap/macros.h
@@ -0,0 +1,88 @@
+/*
+ * Helpful macros for TAP header files.
+ *
+ * This is not, strictly speaking, related to TAP, but any TAP add-on is
+ * probably going to need these macros, so define them in one place so that
+ * everyone can pull them in.
+ *
+ * This file is part of C TAP Harness. The current version plus supporting
+ * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
+ *
+ * Copyright 2008, 2012 Russ Allbery <rra@stanford.edu>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef TAP_MACROS_H
+#define TAP_MACROS_H 1
+
+/*
+ * __attribute__ is available in gcc 2.5 and later, but only with gcc 2.7
+ * could you use the __format__ form of the attributes, which is what we use
+ * (to avoid confusion with other macros), and only with gcc 2.96 can you use
+ * the attribute __malloc__. 2.96 is very old, so don't bother trying to get
+ * the other attributes to work with GCC versions between 2.7 and 2.96.
+ */
+#ifndef __attribute__
+# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 96)
+# define __attribute__(spec) /* empty */
+# endif
+#endif
+
+/*
+ * We use __alloc_size__, but it was only available in fairly recent versions
+ * of GCC. Suppress warnings about the unknown attribute if GCC is too old.
+ * We know that we're GCC at this point, so we can use the GCC variadic macro
+ * extension, which will still work with versions of GCC too old to have C99
+ * variadic macro support.
+ */
+#if !defined(__attribute__) && !defined(__alloc_size__)
+# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 3)
+# define __alloc_size__(spec, args...) /* empty */
+# endif
+#endif
+
+/*
+ * LLVM and Clang pretend to be GCC but don't support all of the __attribute__
+ * settings that GCC does. For them, suppress warnings about unknown
+ * attributes on declarations. This unfortunately will affect the entire
+ * compilation context, but there's no push and pop available.
+ */
+#if !defined(__attribute__) && (defined(__llvm__) || defined(__clang__))
+# pragma GCC diagnostic ignored "-Wattributes"
+#endif
+
+/* Used for unused parameters to silence gcc warnings. */
+#define UNUSED __attribute__((__unused__))
+
+/*
+ * BEGIN_DECLS is used at the beginning of declarations so that C++
+ * compilers don't mangle their names. END_DECLS is used at the end.
+ */
+#undef BEGIN_DECLS
+#undef END_DECLS
+#ifdef __cplusplus
+# define BEGIN_DECLS extern "C" {
+# define END_DECLS }
+#else
+# define BEGIN_DECLS /* empty */
+# define END_DECLS /* empty */
+#endif
+
+#endif /* TAP_MACROS_H */
diff --git a/tests/tap/messages.c b/tests/tap/messages.c
index 3bb9a1a..abc2c49 100644
--- a/tests/tap/messages.c
+++ b/tests/tap/messages.c
@@ -5,24 +5,39 @@
* into a buffer that can be inspected later, allowing testing of error
* handling.
*
- * Copyright 2006, 2007, 2009
- * Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*
- * See LICENSE for licensing terms.
+ * Copyright 2002, 2004, 2005 Russ Allbery <rra@stanford.edu>
+ * Copyright 2006, 2007, 2009, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <config.h>
#include <portable/system.h>
+#include <tests/tap/macros.h>
#include <tests/tap/messages.h>
-#include <util/concat.h>
-#include <util/macros.h>
+#include <tests/tap/string.h>
#include <util/messages.h>
-#include <util/xmalloc.h>
/* A global buffer into which message_log_buffer stores error messages. */
char *errors = NULL;
@@ -33,18 +48,18 @@ char *errors = NULL;
* error_capture.
*/
static void
-message_log_buffer(int len, const char *fmt, va_list args, int error UNUSED)
+message_log_buffer(int len UNUSED, const char *fmt, va_list args,
+ int error UNUSED)
{
char *message;
- message = xmalloc(len + 1);
- vsnprintf(message, len + 1, fmt, args);
- if (errors == NULL) {
- errors = concat(message, "\n", (char *) 0);
- } else {
+ bvasprintf(&message, fmt, args);
+ if (errors == NULL)
+ basprintf(&errors, "%s\n", message);
+ else {
char *new_errors;
- new_errors = concat(errors, message, "\n", (char *) 0);
+ basprintf(&new_errors, "%s%s\n", errors, message);
free(errors);
errors = new_errors;
}
diff --git a/tests/tap/messages.h b/tests/tap/messages.h
index 2b9a7db..0544f2d 100644
--- a/tests/tap/messages.h
+++ b/tests/tap/messages.h
@@ -1,21 +1,37 @@
/*
* Utility functions to test message handling.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Copyright 2002 Russ Allbery <rra@stanford.edu>
* Copyright 2006, 2007, 2009
- * Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
*
- * See LICENSE for licensing terms.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#ifndef TAP_MESSAGES_H
#define TAP_MESSAGES_H 1
#include <config.h>
-#include <portable/macros.h>
+#include <tests/tap/macros.h>
/* A global buffer into which errors_capture stores errors. */
extern char *errors;
diff --git a/tests/tap/perl/Test/RRA.pm b/tests/tap/perl/Test/RRA.pm
new file mode 100644
index 0000000..3035c7a
--- /dev/null
+++ b/tests/tap/perl/Test/RRA.pm
@@ -0,0 +1,222 @@
+# Helper functions for test programs written in Perl.
+#
+# This module provides a collection of helper functions used by test programs
+# written in Perl. This is a general collection of functions that can be used
+# by both C packages with Automake and by stand-alone Perl modules. See
+# Test::RRA::Automake for additional functions specifically for C Automake
+# distributions.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+package Test::RRA;
+
+use 5.006;
+use strict;
+use warnings;
+
+use Exporter;
+use Test::More;
+
+# For Perl 5.006 compatibility.
+## no critic (ClassHierarchies::ProhibitExplicitISA)
+
+# Declare variables that should be set in BEGIN for robustness.
+our (@EXPORT_OK, @ISA, $VERSION);
+
+# Set $VERSION and everything export-related in a BEGIN block for robustness
+# against circular module loading (not that we load any modules, but
+# consistency is good).
+BEGIN {
+ @ISA = qw(Exporter);
+ @EXPORT_OK = qw(skip_unless_maintainer use_prereq);
+
+ # This version should match the corresponding rra-c-util release, but with
+ # two digits for the minor version, including a leading zero if necessary,
+ # so that it will sort properly.
+ $VERSION = '4.08';
+}
+
+# Skip this test unless maintainer tests are requested. Takes a short
+# description of what tests this script would perform, which is used in the
+# skip message. Calls plan skip_all, which will terminate the program.
+#
+# $description - Short description of the tests
+#
+# Returns: undef
+sub skip_unless_maintainer {
+ my ($description) = @_;
+ if (!$ENV{RRA_MAINTAINER_TESTS}) {
+ plan skip_all => "$description only run for maintainer";
+ }
+ return;
+}
+
+# Attempt to load a module and skip the test if the module could not be
+# loaded. If the module could be loaded, call its import function manually.
+# If the module could not be loaded, calls plan skip_all, which will terminate
+# the program.
+#
+# The special logic here is based on Test::More and is required to get the
+# imports to happen in the caller's namespace.
+#
+# $module - Name of the module to load
+# @imports - Any arguments to import, possibly including a version
+#
+# Returns: undef
+sub use_prereq {
+ my ($module, @imports) = @_;
+
+ # If the first import looks like a version, pass it as a bare string.
+ my $version = q{};
+ if (@imports >= 1 && $imports[0] =~ m{ \A \d+ (?: [.]\d+ )* \z }xms) {
+ $version = shift(@imports);
+ }
+
+ # Get caller information to put imports in the correct package.
+ my ($package) = caller;
+
+ # Do the import with eval, and try to isolate it from the surrounding
+ # context as much as possible. Based heavily on Test::More::_eval.
+ ## no critic (BuiltinFunctions::ProhibitStringyEval)
+ ## no critic (ValuesAndExpressions::ProhibitImplicitNewlines)
+ my ($result, $error, $sigdie);
+ {
+ local $@ = undef;
+ local $! = undef;
+ local $SIG{__DIE__} = undef;
+ $result = eval qq{
+ package $package;
+ use $module $version \@imports;
+ 1;
+ };
+ $error = $@;
+ $sigdie = $SIG{__DIE__} || undef;
+ }
+
+ # If the use failed for any reason, skip the test.
+ if (!$result || $error) {
+ plan skip_all => "$module required for test";
+ }
+
+ # If the module set $SIG{__DIE__}, we cleared that via local. Restore it.
+ ## no critic (Variables::RequireLocalizedPunctuationVars)
+ if (defined($sigdie)) {
+ $SIG{__DIE__} = $sigdie;
+ }
+ return;
+}
+
+1;
+__END__
+
+=for stopwords
+Allbery Allbery's DESC bareword sublicense MERCHANTABILITY NONINFRINGEMENT
+rra-c-util
+
+=head1 NAME
+
+Test::RRA - Support functions for Perl tests
+
+=head1 SYNOPSIS
+
+ use Test::RRA qw(skip_unless_maintainer use_prereq);
+
+ # Skip this test unless maintainer tests are requested.
+ skip_unless_maintainer('Coding style tests');
+
+ # Load modules, skipping the test if they're not available.
+ use_prereq('File::Slurp');
+ use_prereq('Test::Script::Run', '0.04');
+
+=head1 DESCRIPTION
+
+This module collects utility functions that are useful for Perl test
+scripts. It assumes Russ Allbery's Perl module layout and test
+conventions and will only be useful for other people if they use the
+same conventions.
+
+=head1 FUNCTIONS
+
+None of these functions are imported by default. The ones used by a
+script should be explicitly imported.
+
+=over 4
+
+=item skip_unless_maintainer(DESC)
+
+Checks whether RRA_MAINTAINER_TESTS is set in the environment and skips
+the whole test (by calling C<plan skip_all> from Test::More) if it is not.
+DESC is a description of the tests being skipped. A space and C<only run
+for maintainer> will be appended to it and used as the skip reason.
+
+=item use_prereq(MODULE[, VERSION][, IMPORT ...])
+
+Attempts to load MODULE with the given VERSION and import arguments. If
+this fails for any reason, the test will be skipped (by calling C<plan
+skip_all> from Test::More) with a skip reason saying that MODULE is
+required for the test.
+
+VERSION will be passed to C<use> as a version bareword if it looks like a
+version number. The remaining IMPORT arguments will be passed as the
+value of an array.
+
+=back
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2013 The Board of Trustees of the Leland Stanford Junior
+University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+=head1 SEE ALSO
+
+Test::More(3), Test::RRA::Automake(3), Test::RRA::Config(3)
+
+This module is maintained in the rra-c-util package. The current version
+is available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>.
+
+=cut
diff --git a/tests/tap/perl/Test/RRA/Automake.pm b/tests/tap/perl/Test/RRA/Automake.pm
new file mode 100644
index 0000000..5dde32d
--- /dev/null
+++ b/tests/tap/perl/Test/RRA/Automake.pm
@@ -0,0 +1,362 @@
+# Helper functions for Perl test programs in Automake distributions.
+#
+# This module provides a collection of helper functions used by test programs
+# written in Perl and included in C source distributions that use Automake.
+# They embed knowledge of how I lay out my source trees and test suites with
+# Autoconf and Automake. They may be usable by others, but doing so will
+# require closely following the conventions implemented by the rra-c-util
+# utility collection.
+#
+# All the functions here assume that BUILD and SOURCE are set in the
+# environment. This is normally done via the C TAP Harness runtests wrapper.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <rra@stanford.edu>
+# Copyright 2013
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+package Test::RRA::Automake;
+
+use 5.006;
+use strict;
+use warnings;
+
+# For Perl 5.006 compatibility.
+## no critic (ClassHierarchies::ProhibitExplicitISA)
+
+use Exporter;
+use File::Spec;
+use Test::More;
+use Test::RRA::Config qw($LIBRARY_PATH);
+
+# Used below for use lib calls.
+my ($PERL_BLIB_ARCH, $PERL_BLIB_LIB);
+
+# Determine the path to the build tree of any embedded Perl module package in
+# this source package. We do this in a BEGIN block because we're going to use
+# the results in a use lib command below.
+BEGIN {
+ $PERL_BLIB_ARCH = File::Spec->catdir(qw(perl blib arch));
+ $PERL_BLIB_LIB = File::Spec->catdir(qw(perl blib lib));
+
+ # If BUILD is set, we can come up with better values.
+ if (defined($ENV{BUILD})) {
+ my ($vol, $dirs) = File::Spec->splitpath($ENV{BUILD}, 1);
+ my @dirs = File::Spec->splitdir($dirs);
+ pop(@dirs);
+ $PERL_BLIB_ARCH = File::Spec->catdir(@dirs, qw(perl blib arch));
+ $PERL_BLIB_LIB = File::Spec->catdir(@dirs, qw(perl blib lib));
+ }
+}
+
+# Prefer the modules built as part of our source package. Otherwise, we may
+# not find Perl modules while testing, or find the wrong versions.
+use lib $PERL_BLIB_ARCH;
+use lib $PERL_BLIB_LIB;
+
+# Declare variables that should be set in BEGIN for robustness.
+our (@EXPORT_OK, @ISA, $VERSION);
+
+# Set $VERSION and everything export-related in a BEGIN block for robustness
+# against circular module loading (not that we load any modules, but
+# consistency is good).
+BEGIN {
+ @ISA = qw(Exporter);
+ @EXPORT_OK = qw(automake_setup perl_dirs test_file_path);
+
+ # This version should match the corresponding rra-c-util release, but with
+ # two digits for the minor version, including a leading zero if necessary,
+ # so that it will sort properly.
+ $VERSION = '4.08';
+}
+
+# Perl directories to skip globally for perl_dirs. We ignore the perl
+# directory if it exists since, in my packages, it is treated as a Perl module
+# distribution and has its own standalone test suite.
+my @GLOBAL_SKIP = qw(.git perl);
+
+# Perform initial test setup for running a Perl test in an Automake package.
+# This verifies that BUILD and SOURCE are set and then changes directory to
+# the SOURCE directory by default. Sets LD_LIBRARY_PATH if the $LIBRARY_PATH
+# configuration option is set. Calls BAIL_OUT if BUILD or SOURCE are missing
+# or if anything else fails.
+#
+# $args_ref - Reference to a hash of arguments to configure behavior:
+# chdir_build - If set to a true value, changes to BUILD instead of SOURCE
+#
+# Returns: undef
+sub automake_setup {
+ my ($args_ref) = @_;
+
+ # Bail if BUILD or SOURCE are not set.
+ if (!$ENV{BUILD}) {
+ BAIL_OUT('BUILD not defined (run under runtests)');
+ }
+ if (!$ENV{SOURCE}) {
+ BAIL_OUT('SOURCE not defined (run under runtests)');
+ }
+
+ # BUILD or SOURCE will be the test directory. Change to the parent.
+ my $start = $args_ref->{chdir_build} ? $ENV{BUILD} : $ENV{SOURCE};
+ my ($vol, $dirs) = File::Spec->splitpath($start, 1);
+ my @dirs = File::Spec->splitdir($dirs);
+ pop(@dirs);
+ if ($dirs[-1] eq File::Spec->updir) {
+ pop(@dirs);
+ pop(@dirs);
+ }
+ my $root = File::Spec->catpath($vol, File::Spec->catdir(@dirs), q{});
+ chdir($root) or BAIL_OUT("cannot chdir to $root: $!");
+
+ # If BUILD is a subdirectory of SOURCE, add it to the global ignore list.
+ my ($buildvol, $builddirs) = File::Spec->splitpath($ENV{BUILD}, 1);
+ my @builddirs = File::Spec->splitdir($builddirs);
+ pop(@builddirs);
+ if ($buildvol eq $vol && @builddirs == @dirs + 1) {
+ while (@dirs && $builddirs[0] eq $dirs[0]) {
+ shift(@builddirs);
+ shift(@dirs);
+ }
+ if (@builddirs == 1) {
+ push(@GLOBAL_SKIP, $builddirs[0]);
+ }
+ }
+
+ # Set LD_LIBRARY_PATH if the $LIBRARY_PATH configuration option is set.
+ ## no critic (Variables::RequireLocalizedPunctuationVars)
+ if (defined($LIBRARY_PATH)) {
+ @builddirs = File::Spec->splitdir($builddirs);
+ pop(@builddirs);
+ my $libdir = File::Spec->catdir(@builddirs, $LIBRARY_PATH);
+ my $path = File::Spec->catpath($buildvol, $libdir, q{});
+ if (-d "$path/.libs") {
+ $path .= '/.libs';
+ }
+ if ($ENV{LD_LIBRARY_PATH}) {
+ $ENV{LD_LIBRARY_PATH} .= ":$path";
+ } else {
+ $ENV{LD_LIBRARY_PATH} = $path;
+ }
+ }
+ return;
+}
+
+# Returns a list of directories that may contain Perl scripts and that should
+# be passed to Perl test infrastructure that expects a list of directories to
+# recursively check. The list will be all eligible top-level directories in
+# the package except for the tests directory, which is broken out to one
+# additional level. Calls BAIL_OUT on any problems
+#
+# $args_ref - Reference to a hash of arguments to configure behavior:
+# skip - A reference to an array of directories to skip
+#
+# Returns: List of directories possibly containing Perl scripts to test
+sub perl_dirs {
+ my ($args_ref) = @_;
+
+ # Add the global skip list.
+ my @skip = $args_ref->{skip} ? @{ $args_ref->{skip} } : ();
+ push(@skip, @GLOBAL_SKIP);
+
+ # Separate directories to skip under tests from top-level directories.
+ my @skip_tests = grep { m{ \A tests/ }xms } @skip;
+ @skip = grep { !m{ \A tests }xms } @skip;
+ for my $skip_dir (@skip_tests) {
+ $skip_dir =~ s{ \A tests/ }{}xms;
+ }
+
+ # Convert the skip lists into hashes for convenience.
+ my %skip = map { $_ => 1 } @skip, 'tests';
+ my %skip_tests = map { $_ => 1 } @skip_tests;
+
+ # Build the list of top-level directories to test.
+ opendir(my $rootdir, q{.}) or BAIL_OUT("cannot open .: $!");
+ my @dirs = grep { -d $_ && !$skip{$_} } readdir($rootdir);
+ closedir($rootdir);
+ @dirs = File::Spec->no_upwards(@dirs);
+
+ # Add the list of subdirectories of the tests directory.
+ if (-d 'tests') {
+ opendir(my $testsdir, q{tests}) or BAIL_OUT("cannot open tests: $!");
+
+ # Skip if found in %skip_tests or if not a directory.
+ my $is_skipped = sub {
+ my ($dir) = @_;
+ return 1 if $skip_tests{$dir};
+ $dir = File::Spec->catdir('tests', $dir);
+ return -d $dir ? 0 : 1;
+ };
+
+ # Build the filtered list of subdirectories of tests.
+ my @test_dirs = grep { !$is_skipped->($_) } readdir($testsdir);
+ closedir($testsdir);
+ @test_dirs = File::Spec->no_upwards(@test_dirs);
+
+ # Add the tests directory to the start of the directory name.
+ push(@dirs, map { File::Spec->catdir('tests', $_) } @test_dirs);
+ }
+ return @dirs;
+}
+
+# Find a configuration file for the test suite. Searches relative to BUILD
+# first and then SOURCE and returns whichever is found first. Calls BAIL_OUT
+# if the file could not be found.
+#
+# $file - Partial path to the file
+#
+# Returns: Full path to the file
+sub test_file_path {
+ my ($file) = @_;
+ BASE:
+ for my $base ($ENV{BUILD}, $ENV{SOURCE}) {
+ next if !defined($base);
+ if (-f "$base/$file") {
+ return "$base/$file";
+ }
+ }
+ BAIL_OUT("cannot find $file");
+ return;
+}
+
+1;
+__END__
+
+=for stopwords
+Allbery Automake Automake-aware Automake-based rra-c-util ARGS
+subdirectories sublicense MERCHANTABILITY NONINFRINGEMENT
+
+=head1 NAME
+
+Test::RRA::Automake - Automake-aware support functions for Perl tests
+
+=head1 SYNOPSIS
+
+ use Test::RRA::Automake qw(automake_setup perl_dirs test_file_path);
+ automake_setup({ chdir_build => 1 });
+
+ # Paths to directories that may contain Perl scripts.
+ my @dirs = perl_dirs({ skip => [qw(lib)] });
+
+ # Configuration for Kerberos tests.
+ my $keytab = test_file_path('config/keytab');
+
+=head1 DESCRIPTION
+
+This module collects utility functions that are useful for test scripts
+written in Perl and included in a C Automake-based package. They assume
+the layout of a package that uses rra-c-util and C TAP Harness for the
+test structure.
+
+Loading this module will also add the directories C<perl/blib/arch> and
+C<perl/blib/lib> to the Perl library search path, relative to BUILD if
+that environment variable is set. This is harmless for C Automake
+projects that don't contain an embedded Perl module, and for those
+projects that do, this will allow subsequent C<use> calls to find modules
+that are built as part of the package build process.
+
+The automake_setup() function should be called before calling any other
+functions provided by this module.
+
+=head1 FUNCTIONS
+
+None of these functions are imported by default. The ones used by a
+script should be explicitly imported. On failure, all of these functions
+call BAIL_OUT (from Test::More).
+
+=over 4
+
+=item automake_setup([ARGS])
+
+Verifies that the BUILD and SOURCE environment variables are set and
+then changes directory to the top of the source tree (which is one
+directory up from the SOURCE path, since SOURCE points to the top of
+the tests directory).
+
+If ARGS is given, it should be a reference to a hash of configuration
+options. Only one option is supported: C<chdir_build>. If it is set
+to a true value, automake_setup() changes directories to the top of
+the build tree instead.
+
+=item perl_dirs([ARGS])
+
+Returns a list of directories that may contain Perl scripts that should be
+tested by test scripts that test all Perl in the source tree (such as
+syntax or coding style checks). The paths will be simple directory names
+relative to the current directory or two-part directory names under the
+F<tests> directory. (Directories under F<tests> are broken out separately
+since it's common to want to apply different policies to different
+subdirectories of F<tests>.)
+
+If ARGS is given, it should be a reference to a hash of configuration
+options. Only one option is supported: C<skip>, whose value should be a
+reference to an array of additional top-level directories or directories
+starting with C<tests/> that should be skipped.
+
+=item test_file_path(FILE)
+
+Given FILE, which should be a relative path, locates that file relative to
+the test directory in either the source or build tree. FILE will be
+checked for relative to the environment variable BUILD first, and then
+relative to SOURCE. test_file_path() returns the full path to FILE or
+calls BAIL_OUT if FILE could not be found.
+
+=back
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2013 The Board of Trustees of the Leland Stanford Junior
+University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+=head1 SEE ALSO
+
+Test::More(3), Test::RRA(3), Test::RRA::Config(3)
+
+The C TAP Harness test driver and libraries for TAP-based C testing are
+available from L<http://www.eyrie.org/~eagle/software/c-tap-harness/>.
+
+This module is maintained in the rra-c-util package. The current version
+is available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>.
+
+=cut
diff --git a/tests/tap/perl/Test/RRA/Config.pm b/tests/tap/perl/Test/RRA/Config.pm
new file mode 100644
index 0000000..cfa3ad5
--- /dev/null
+++ b/tests/tap/perl/Test/RRA/Config.pm
@@ -0,0 +1,200 @@
+# Configuration for Perl test cases.
+#
+# In order to reuse the same Perl test cases in multiple packages, I use a
+# configuration file to store some package-specific data. This module loads
+# that configuration and provides the namespace for the configuration
+# settings.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+
+package Test::RRA::Config;
+
+use 5.006;
+use strict;
+use warnings;
+
+# For Perl 5.006 compatibility.
+## no critic (ClassHierarchies::ProhibitExplicitISA)
+
+use Exporter;
+use Test::More;
+
+# Declare variables that should be set in BEGIN for robustness.
+our (@EXPORT_OK, @ISA, $VERSION);
+
+# Set $VERSION and everything export-related in a BEGIN block for robustness
+# against circular module loading (not that we load any modules, but
+# consistency is good).
+BEGIN {
+ @ISA = qw(Exporter);
+ @EXPORT_OK = qw(
+ $COVERAGE_LEVEL @COVERAGE_SKIP_TESTS @CRITIC_IGNORE $LIBRARY_PATH
+ $MINIMUM_VERSION %MINIMUM_VERSION @POD_COVERAGE_EXCLUDE
+ );
+
+ # This version should match the corresponding rra-c-util release, but with
+ # two digits for the minor version, including a leading zero if necessary,
+ # so that it will sort properly.
+ $VERSION = '4.08';
+}
+
+# If BUILD or SOURCE are set in the environment, look for data/perl.conf under
+# those paths for a C Automake package. Otherwise, look in t/data/perl.conf
+# for a standalone Perl module. Don't use Test::RRA::Automake since it may
+# not exist.
+our $PATH;
+for my $base ($ENV{BUILD}, $ENV{SOURCE}, 't') {
+ next if !defined($base);
+ my $path = "$base/data/perl.conf";
+ if (-r $path) {
+ $PATH = $path;
+ last;
+ }
+}
+if (!defined($PATH)) {
+ BAIL_OUT('cannot find data/perl.conf');
+}
+
+# Pre-declare all of our variables and set any defaults.
+our $COVERAGE_LEVEL = 100;
+our @COVERAGE_SKIP_TESTS;
+our @CRITIC_IGNORE;
+our $LIBRARY_PATH;
+our $MINIMUM_VERSION = '5.008';
+our %MINIMUM_VERSION;
+our @POD_COVERAGE_EXCLUDE;
+
+# Load the configuration.
+if (!do($PATH)) {
+ my $error = $@ || $! || 'loading file did not return true';
+ BAIL_OUT("cannot load data/perl.conf: $error");
+}
+
+1;
+__END__
+
+=for stopwords
+Allbery rra-c-util Automake perlcritic .libs namespace sublicense
+MERCHANTABILITY NONINFRINGEMENT
+
+=head1 NAME
+
+Test::RRA::Config - Perl test configuration
+
+=head1 SYNOPSIS
+
+ use Test::RRA::Config qw($MINIMUM_VERSION);
+ print "Required Perl version is $MINIMUM_VERSION\n";
+
+=head1 DESCRIPTION
+
+Test::RRA::Config encapsulates per-package configuration for generic Perl
+test programs that are shared between multiple packages using the
+rra-c-util infrastructure. It handles locating and loading the test
+configuration file for both C Automake packages and stand-alone Perl
+modules.
+
+Test::RRA::Config looks for a file named F<data/perl.conf> relative to the
+root of the test directory. That root is taken from the environment
+variables BUILD or SOURCE (in that order) if set, which will be the case
+for C Automake packages using C TAP Harness. If neither is set, it
+expects the root of the test directory to be a directory named F<t>
+relative to the current directory, which will be the case for stand-alone
+Perl modules.
+
+The following variables are supported:
+
+=over 4
+
+=item $COVERAGE_LEVEL
+
+The coverage level achieved by the test suite for Perl test coverage
+testing using Test::Strict, as a percentage. The test will fail if test
+coverage less than this percentage is achieved. If not given, defaults
+to 100.
+
+=item @COVERAGE_SKIP_TESTS
+
+Directories under F<t> whose tests should be skipped when doing coverage
+testing. This can be tests that won't contribute to coverage or tests
+that don't run properly under Devel::Cover for some reason (such as ones
+that use taint checking). F<docs> and F<style> will always be skipped
+regardless of this setting.
+
+=item @CRITIC_IGNORE
+
+Additional directories to ignore when doing recursive perlcritic testing.
+The contents of this directory must be either top-level directory names or
+directory names starting with F<tests/>.
+
+=item $LIBRARY_PATH
+
+Add this directory (or a .libs subdirectory) relative to the top of the
+source tree to LD_LIBRARY_PATH when checking the syntax of Perl modules.
+This may be required to pick up libraries that are used by in-tree Perl
+modules so that Perl scripts can pass a syntax check.
+
+=item $MINIMUM_VERSION
+
+Default minimum version requirement for included Perl scripts. If not
+given, defaults to 5.008.
+
+=item %MINIMUM_VERSION
+
+Minimum version exceptions for specific directories. The keys should be
+minimum versions of Perl to enforce. The value for each key should be a
+reference to an array of either top-level directory names or directory
+names starting with F<tests/>. All files in those directories will have
+that minimum Perl version constraint imposed instead of $MINIMUM_VERSION.
+
+=item @POD_COVERAGE_EXCLUDE
+
+Regexes that match method names that should be excluded from POD coverage
+testing. Normally, all methods have to be documented in the POD for a
+Perl module, but methods matching any of these regexes will be considered
+private and won't require documentation.
+
+=back
+
+No variables are exported by default, but the variables can be imported
+into the local namespace to avoid long variable names.
+
+=head1 AUTHOR
+
+Russ Allbery <rra@stanford.edu>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2013 The Board of Trustees of the Leland Stanford Junior
+University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+=head1 SEE ALSO
+
+Test::RRA(3), Test::RRA::Automake(3)
+
+This module is maintained in the rra-c-util package. The current version
+is available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>.
+
+The C TAP Harness test driver and libraries for TAP-based C testing are
+available from L<http://www.eyrie.org/~eagle/software/c-tap-harness/>.
+
+=cut
diff --git a/tests/tap/process.c b/tests/tap/process.c
index 16154c7..8ed4cfd 100644
--- a/tests/tap/process.c
+++ b/tests/tap/process.c
@@ -1,18 +1,37 @@
/*
* Utility functions for tests that use subprocesses.
*
- * Provides utility functions for subprocess manipulation. Currently, only
- * one utility function is provided: is_function_output, which runs a function
- * in a subprocess and checks its output and exit status against expected
- * values.
+ * Provides utility functions for subprocess manipulation. Specifically,
+ * provides a function, run_setup, which runs a command and bails if it fails,
+ * using its error message as the bail output, and is_function_output, which
+ * runs a function in a subprocess and checks its output and exit status
+ * against expected values.
*
- * Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*
- * See LICENSE for licensing terms.
+ * Written by Russ Allbery <rra@stanford.edu>
+ * Copyright 2002, 2004, 2005 Russ Allbery <rra@stanford.edu>
+ * Copyright 2009, 2010, 2011
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <config.h>
@@ -22,26 +41,24 @@
#include <tests/tap/basic.h>
#include <tests/tap/process.h>
-#include <util/xmalloc.h>
+#include <tests/tap/string.h>
/*
* Given a function, an expected exit status, and expected output, runs that
* function in a subprocess, capturing stdout and stderr via a pipe, and
- * compare the combination of stdout and stderr with the expected output and
- * the exit status with the expected status. Expects the function to always
- * exit (not die from a signal).
+ * returns the function output in newly allocated memory. Also captures the
+ * process exit status.
*/
-void
-is_function_output(test_function_type function, int status, const char *output,
- const char *format, ...)
+static void
+run_child_function(test_function_type function, void *data, int *status,
+ char **output)
{
int fds[2];
pid_t child;
- char *buf, *msg;
+ char *buf;
ssize_t count, ret, buflen;
int rval;
- va_list args;
/* Flush stdout before we start to avoid odd forking issues. */
fflush(stdout);
@@ -61,7 +78,7 @@ is_function_output(test_function_type function, int status, const char *output,
_exit(255);
/* Now, run the function and exit successfully if it returns. */
- (*function)();
+ (*function)(data);
fflush(stdout);
_exit(0);
} else {
@@ -71,7 +88,7 @@ is_function_output(test_function_type function, int status, const char *output,
*/
close(fds[1]);
buflen = BUFSIZ;
- buf = xmalloc(buflen);
+ buf = bmalloc(buflen);
count = 0;
do {
ret = read(fds[0], buf + count, buflen - count - 1);
@@ -79,18 +96,41 @@ is_function_output(test_function_type function, int status, const char *output,
count += ret;
if (count >= buflen - 1) {
buflen += BUFSIZ;
- buf = xrealloc(buf, buflen);
+ buf = brealloc(buf, buflen);
}
} while (ret > 0);
buf[count < 0 ? 0 : count] = '\0';
if (waitpid(child, &rval, 0) == (pid_t) -1)
sysbail("waitpid failed");
+ close(fds[0]);
}
+ /* Store the output and return. */
+ *status = rval;
+ *output = buf;
+}
+
+
+/*
+ * Given a function, data to pass to that function, an expected exit status,
+ * and expected output, runs that function in a subprocess, capturing stdout
+ * and stderr via a pipe, and compare the combination of stdout and stderr
+ * with the expected output and the exit status with the expected status.
+ * Expects the function to always exit (not die from a signal).
+ */
+void
+is_function_output(test_function_type function, void *data, int status,
+ const char *output, const char *format, ...)
+{
+ char *buf, *msg;
+ int rval;
+ va_list args;
+
+ run_child_function(function, data, &rval, &buf);
+
/* Now, check the results against what we expected. */
va_start(args, format);
- if (xvasprintf(&msg, format, args) < 0)
- bail("cannot format test description");
+ bvasprintf(&msg, format, args);
va_end(args);
ok(WIFEXITED(rval), "%s (exited)", msg);
is_int(status, WEXITSTATUS(rval), "%s (status)", msg);
@@ -98,3 +138,40 @@ is_function_output(test_function_type function, int status, const char *output,
free(buf);
free(msg);
}
+
+
+/*
+ * A helper function for run_setup. This is a function to run an external
+ * command, suitable for passing into run_child_function. The expected
+ * argument must be an argv array, with argv[0] being the command to run.
+ */
+static void
+exec_command(void *data)
+{
+ char *const *argv = data;
+
+ execvp(argv[0], argv);
+}
+
+
+/*
+ * Given a command expressed as an argv struct, with argv[0] the name or path
+ * to the command, run that command. If it exits with a non-zero status, use
+ * the part of its output up to the first newline as the error message when
+ * calling bail.
+ */
+void
+run_setup(const char *const argv[])
+{
+ char *output, *p;
+ int status;
+
+ run_child_function(exec_command, (void *) argv, &status, &output);
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+ p = strchr(output, '\n');
+ if (p != NULL)
+ *p = '\0';
+ bail("%s", output);
+ }
+ free(output);
+}
diff --git a/tests/tap/process.h b/tests/tap/process.h
index b7d3b11..df74b5f 100644
--- a/tests/tap/process.h
+++ b/tests/tap/process.h
@@ -1,36 +1,64 @@
/*
* Utility functions for tests that use subprocesses.
*
- * Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*
- * See LICENSE for licensing terms.
+ * Written by Russ Allbery <rra@stanford.edu>
+ * Copyright 2009, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#ifndef TAP_PROCESS_H
#define TAP_PROCESS_H 1
#include <config.h>
-#include <portable/macros.h>
+#include <tests/tap/macros.h>
BEGIN_DECLS
/*
* Run a function in a subprocess and check the exit status and expected
* output (stdout and stderr combined) against the provided values. Expects
- * the function to always exit (not die from a signal).
+ * the function to always exit (not die from a signal). data is optional data
+ * that's passed into the function as its only argument.
*
* This reports as three separate tests: whether the function exited rather
* than was killed, whether the exit status was correct, and whether the
* output was correct.
*/
-typedef void (*test_function_type)(void);
-void is_function_output(test_function_type, int status, const char *output,
- const char *format, ...)
- __attribute__((__format__(printf, 4, 5)));
+typedef void (*test_function_type)(void *);
+void is_function_output(test_function_type, void *data, int status,
+ const char *output, const char *format, ...)
+ __attribute__((__format__(printf, 5, 6), __nonnull__(1)));
+
+/*
+ * Run a setup program. Takes the program to run and its arguments as an argv
+ * vector, where argv[0] must be either the full path to the program or the
+ * program name if the PATH should be searched. If the program does not exit
+ * successfully, call bail, with the error message being the output from the
+ * program.
+ */
+void run_setup(const char *const argv[])
+ __attribute__((__nonnull__));
END_DECLS
diff --git a/tests/tap/remctl.sh b/tests/tap/remctl.sh
index 9e01bcf..2fd6681 100644
--- a/tests/tap/remctl.sh
+++ b/tests/tap/remctl.sh
@@ -1,40 +1,67 @@
# Shell function library to start and stop remctld
#
+# Note that while many of the functions in this library could benefit from
+# using "local" to avoid possibly hammering global variables, Solaris /bin/sh
+# doesn't support local and this library aspires to be portable to Solaris
+# Bourne shell. Instead, all private variables are prefixed with "tap_".
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2009 Board of Trustees, Leland Stanford Jr. University
+# Copyright 2009, 2012
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
#
-# See LICENSE for licensing terms.
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
# Start remctld. Takes the path to remctld, which may be found via configure,
# and the path to the configuration file.
remctld_start () {
- local keytab principal
- rm -f "$BUILD/data/remctld.pid"
- keytab=`test_file_path data/test.keytab`
- principal=`test_file_path data/test.principal`
- principal=`cat "$principal" 2>/dev/null`
- if [ -z "$keytab" ] || [ -z "$principal" ] ; then
+ tap_pidfile=`test_tmpdir`/remctld.pid
+ rm -f "$tap_pidfile"
+ tap_keytab=`test_file_path config/keytab`
+ tap_principal=`test_file_path config/principal`
+ tap_principal=`cat "$tap_principal" 2>/dev/null`
+ if [ -z "$tap_keytab" ] || [ -z "$tap_principal" ] ; then
return 1
fi
if [ -n "$VALGRIND" ] ; then
( "$VALGRIND" --log-file=valgrind.%p --leak-check=full "$1" -m \
- -p 14373 -s "$principal" -P "$BUILD/data/remctld.pid" -f "$2" -d \
- -S -F -k "$keytab" &)
+ -p 14373 -s "$tap_principal" -P "$tap_pidfile" -f "$2" -d -S -F \
+ -k "$tap_keytab" &)
[ -f "$BUILD/data/remctld.pid" ] || sleep 5
else
- ( "$1" -m -p 14373 -s "$principal" -P "$BUILD/data/remctld.pid" \
- -f "$2" -d -S -F -k "$keytab" &)
+ ( "$1" -m -p 14373 -s "$tap_principal" -P "$tap_pidfile" -f "$2" \
+ -d -S -F -k "$tap_keytab" &)
fi
- [ -f "$BUILD/data/remctld.pid" ] || sleep 1
- if [ ! -f "$BUILD/data/remctld.pid" ] ; then
+ [ -f "$tap_pidfile" ] || sleep 1
+ [ -f "$tap_pidfile" ] || sleep 1
+ if [ ! -f "$tap_pidfile" ] ; then
bail 'remctld did not start'
fi
}
# Stop remctld and clean up.
remctld_stop () {
- if [ -f "$BUILD/data/remctld.pid" ] ; then
- kill -TERM `cat "$BUILD/data/remctld.pid"`
- rm -f "$BUILD/data/remctld.pid"
+ tap_pidfile=`test_tmpdir`/remctld.pid
+ if [ -f "$tap_pidfile" ] ; then
+ kill -TERM `cat "$tap_pidfile"`
+ rm -f "$tap_pidfile"
fi
}
diff --git a/tests/tap/string.c b/tests/tap/string.c
new file mode 100644
index 0000000..f5c965c
--- /dev/null
+++ b/tests/tap/string.c
@@ -0,0 +1,65 @@
+/*
+ * String utilities for the TAP protocol.
+ *
+ * Additional string utilities that can't be included with C TAP Harness
+ * because they rely on additional portability code from rra-c-util.
+ *
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Copyright 2011, 2012 Russ Allbery <rra@stanford.edu>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include <config.h>
+#include <portable/system.h>
+
+#include <tests/tap/basic.h>
+#include <tests/tap/string.h>
+
+
+/*
+ * vsprintf into a newly allocated string, reporting a fatal error with bail
+ * on failure.
+ */
+void
+bvasprintf(char **strp, const char *fmt, va_list args)
+{
+ int status;
+
+ status = vasprintf(strp, fmt, args);
+ if (status < 0)
+ sysbail("failed to allocate memory for vasprintf");
+}
+
+
+/*
+ * sprintf into a newly allocated string, reporting a fatal error with bail on
+ * failure.
+ */
+void
+basprintf(char **strp, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ bvasprintf(strp, fmt, args);
+ va_end(args);
+}
diff --git a/tests/tap/string.h b/tests/tap/string.h
new file mode 100644
index 0000000..2f699e4
--- /dev/null
+++ b/tests/tap/string.h
@@ -0,0 +1,49 @@
+/*
+ * String utilities for the TAP protocol.
+ *
+ * Additional string utilities that can't be included with C TAP Harness
+ * because they rely on additional portability code from rra-c-util.
+ *
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Copyright 2011, 2012 Russ Allbery <rra@stanford.edu>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef TAP_STRING_H
+#define TAP_STRING_H 1
+
+#include <config.h>
+#include <tests/tap/macros.h>
+
+#include <stdarg.h> /* va_list */
+
+BEGIN_DECLS
+
+/* sprintf into an allocated string, calling bail on any failure. */
+void basprintf(char **, const char *, ...)
+ __attribute__((__nonnull__, __format__(printf, 2, 3)));
+void bvasprintf(char **, const char *, va_list)
+ __attribute__((__nonnull__));
+
+END_DECLS
+
+#endif /* !TAP_STRING_H */
diff --git a/tests/util/concat-t.c b/tests/util/concat-t.c
deleted file mode 100644
index ca7de2c..0000000
--- a/tests/util/concat-t.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * concat test suite.
- *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
- *
- * See LICENSE for licensing terms.
- */
-
-#include <config.h>
-#include <portable/system.h>
-
-#include <tests/tap/basic.h>
-#include <util/concat.h>
-
-#define END (char *) 0
-
-/*
- * Memory leaks everywhere! Whoo-hoo!
- */
-int
-main(void)
-{
- plan(13);
-
- is_string("a", concat("a", END), "concat 1");
- is_string("ab", concat("a", "b", END), "concat 2");
- is_string("ab", concat("ab", "", END), "concat 3");
- is_string("ab", concat("", "ab", END), "concat 4");
- is_string("", concat("", END), "concat 5");
- is_string("abcde", concat("ab", "c", "", "de", END), "concat 6");
- is_string("abcde", concat("abc", "de", END, "f", END), "concat 7");
-
- is_string("/foo", concatpath("/bar", "/foo"), "path 1");
- is_string("/foo/bar", concatpath("/foo", "bar"), "path 2");
- is_string("./bar", concatpath("/foo", "./bar"), "path 3");
- is_string("/bar/baz/foo/bar", concatpath("/bar/baz", "foo/bar"), "path 4");
- is_string("./foo", concatpath(NULL, "foo"), "path 5");
- is_string("/foo/bar", concatpath(NULL, "/foo/bar"), "path 6");
-
- return 0;
-}
diff --git a/tests/util/messages-krb5-t.c b/tests/util/messages-krb5-t.c
index 02d8f92..e3ffe75 100644
--- a/tests/util/messages-krb5-t.c
+++ b/tests/util/messages-krb5-t.c
@@ -1,10 +1,30 @@
/*
* Test suite for Kerberos error handling routines.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2010 Board of Trustees, Leland Stanford Jr. University
+ * Copyright 2010, 2011
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
*
- * See LICENSE for licensing terms.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <config.h>
@@ -13,6 +33,7 @@
#include <tests/tap/basic.h>
#include <tests/tap/process.h>
+#include <util/macros.h>
#include <util/messages-krb5.h>
#include <util/messages.h>
#include <util/xmalloc.h>
@@ -22,7 +43,7 @@
* Test functions.
*/
static void
-test_warn(void)
+test_warn(void *data UNUSED)
{
krb5_context ctx;
krb5_error_code code;
@@ -40,7 +61,7 @@ test_warn(void)
}
static void
-test_die(void)
+test_die(void *data UNUSED)
{
krb5_context ctx;
krb5_error_code code;
@@ -80,20 +101,20 @@ main(void)
message = krb5_get_error_message(ctx, code);
xasprintf(&wanted, "principal parse failed: %s\n", message);
- is_function_output(test_warn, 0, wanted, "warn_krb5");
- is_function_output(test_die, 1, wanted, "die_krb5");
+ is_function_output(test_warn, NULL, 0, wanted, "warn_krb5");
+ is_function_output(test_die, NULL, 1, wanted, "die_krb5");
free(wanted);
message_program_name = "msg-test";
xasprintf(&wanted, "msg-test: principal parse failed: %s\n", message);
- is_function_output(test_warn, 0, wanted, "warn_krb5 with name");
- is_function_output(test_die, 1, wanted, "die_krb5 with name");
+ is_function_output(test_warn, NULL, 0, wanted, "warn_krb5 with name");
+ is_function_output(test_die, NULL, 1, wanted, "die_krb5 with name");
free(wanted);
message_handlers_warn(0);
- is_function_output(test_warn, 0, "", "warn_krb5 with no handlers");
+ is_function_output(test_warn, NULL, 0, "", "warn_krb5 with no handlers");
message_handlers_die(0);
- is_function_output(test_die, 1, "", "warn_krb5 with no handlers");
+ is_function_output(test_die, NULL, 1, "", "warn_krb5 with no handlers");
return 0;
}
diff --git a/tests/util/messages-t.c b/tests/util/messages-t.c
index a58f82c..54f1cf1 100644
--- a/tests/util/messages-t.c
+++ b/tests/util/messages-t.c
@@ -1,14 +1,31 @@
/*
* Test suite for error handling routines.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University
- * Copyright (c) 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- * 2002, 2003 by The Internet Software Consortium and Rich Salz
+ * Copyright 2002, 2004, 2005 Russ Allbery <rra@stanford.edu>
+ * Copyright 2009, 2010, 2011, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
*
- * See LICENSE for licensing terms.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <config.h>
@@ -21,7 +38,7 @@
#include <tests/tap/basic.h>
#include <tests/tap/process.h>
-#include <util/concat.h>
+#include <util/macros.h>
#include <util/messages.h>
#include <util/xmalloc.h>
@@ -29,24 +46,27 @@
/*
* Test functions.
*/
-static void test1(void) { warn("warning"); }
-static void test2(void) { die("fatal"); }
-static void test3(void) { errno = EPERM; syswarn("permissions"); }
-static void test4(void) { errno = EACCES; sysdie("fatal access"); }
-static void test5(void) {
+static void test1(void *data UNUSED) { warn("warning"); }
+static void test2(void *data UNUSED) { die("fatal"); }
+static void test3(void *data UNUSED) { errno = EPERM; syswarn("permissions"); }
+static void test4(void *data UNUSED) {
+ errno = EACCES;
+ sysdie("fatal access");
+}
+static void test5(void *data UNUSED) {
message_program_name = "test5";
warn("warning");
}
-static void test6(void) {
+static void test6(void *data UNUSED) {
message_program_name = "test6";
die("fatal");
}
-static void test7(void) {
+static void test7(void *data UNUSED) {
message_program_name = "test7";
errno = EPERM;
syswarn("perms %d", 7);
}
-static void test8(void) {
+static void test8(void *data UNUSED) {
message_program_name = "test8";
errno = EACCES;
sysdie("%st%s", "fa", "al");
@@ -54,17 +74,17 @@ static void test8(void) {
static int return10(void) { return 10; }
-static void test9(void) {
+static void test9(void *data UNUSED) {
message_fatal_cleanup = return10;
die("fatal");
}
-static void test10(void) {
+static void test10(void *data UNUSED) {
message_program_name = 0;
message_fatal_cleanup = return10;
errno = EPERM;
sysdie("fatal perm");
}
-static void test11(void) {
+static void test11(void *data UNUSED) {
message_program_name = "test11";
message_fatal_cleanup = return10;
errno = EPERM;
@@ -72,61 +92,61 @@ static void test11(void) {
sysdie("fatal");
}
-static void log_msg(int len, const char *format, va_list args, int error) {
- fprintf(stderr, "%d %d ", len, error);
+static void log_msg(size_t len, const char *format, va_list args, int error) {
+ fprintf(stderr, "%lu %d ", (unsigned long) len, error);
vfprintf(stderr, format, args);
fprintf(stderr, "\n");
}
-static void test12(void) {
+static void test12(void *data UNUSED) {
message_handlers_warn(1, log_msg);
warn("warning");
}
-static void test13(void) {
+static void test13(void *data UNUSED) {
message_handlers_die(1, log_msg);
die("fatal");
}
-static void test14(void) {
+static void test14(void *data UNUSED) {
message_handlers_warn(2, log_msg, log_msg);
errno = EPERM;
syswarn("warning");
}
-static void test15(void) {
+static void test15(void *data UNUSED) {
message_handlers_die(2, log_msg, log_msg);
message_fatal_cleanup = return10;
errno = EPERM;
sysdie("fatal");
}
-static void test16(void) {
+static void test16(void *data UNUSED) {
message_handlers_warn(2, message_log_stderr, log_msg);
message_program_name = "test16";
errno = EPERM;
syswarn("warning");
}
-static void test17(void) { notice("notice"); }
-static void test18(void) {
+static void test17(void *data UNUSED) { notice("notice"); }
+static void test18(void *data UNUSED) {
message_program_name = "test18";
notice("notice");
}
-static void test19(void) { debug("debug"); }
-static void test20(void) {
+static void test19(void *data UNUSED) { debug("debug"); }
+static void test20(void *data UNUSED) {
message_handlers_notice(1, log_msg);
notice("foo");
}
-static void test21(void) {
+static void test21(void *data UNUSED) {
message_handlers_debug(1, message_log_stdout);
message_program_name = "test23";
debug("baz");
}
-static void test22(void) {
+static void test22(void *data UNUSED) {
message_handlers_die(0);
die("hi mom!");
}
-static void test23(void) {
+static void test23(void *data UNUSED) {
message_handlers_warn(0);
warn("this is a test");
}
-static void test24(void) {
+static void test24(void *data UNUSED) {
notice("first");
message_handlers_notice(0);
notice("second");
@@ -145,9 +165,9 @@ test_strerror(int status, const char *output, int error,
{
char *full_output, *name;
- full_output = concat(output, ": ", strerror(error), "\n", (char *) NULL);
+ xasprintf(&full_output, "%s: %s\n", output, strerror(error));
xasprintf(&name, "strerror %lu", testnum / 3 + 1);
- is_function_output(function, status, full_output, "%s", name);
+ is_function_output(function, NULL, status, full_output, "%s", name);
free(full_output);
free(name);
}
@@ -164,43 +184,43 @@ main(void)
plan(24 * 3);
- is_function_output(test1, 0, "warning\n", "test1");
- is_function_output(test2, 1, "fatal\n", "test2");
+ is_function_output(test1, NULL, 0, "warning\n", "test1");
+ is_function_output(test2, NULL, 1, "fatal\n", "test2");
test_strerror(0, "permissions", EPERM, test3);
test_strerror(1, "fatal access", EACCES, test4);
- is_function_output(test5, 0, "test5: warning\n", "test5");
- is_function_output(test6, 1, "test6: fatal\n", "test6");
+ is_function_output(test5, NULL, 0, "test5: warning\n", "test5");
+ is_function_output(test6, NULL, 1, "test6: fatal\n", "test6");
test_strerror(0, "test7: perms 7", EPERM, test7);
test_strerror(1, "test8: fatal", EACCES, test8);
- is_function_output(test9, 10, "fatal\n", "test9");
+ is_function_output(test9, NULL, 10, "fatal\n", "test9");
test_strerror(10, "fatal perm", EPERM, test10);
test_strerror(10, "1st test11: fatal", EPERM, test11);
- is_function_output(test12, 0, "7 0 warning\n", "test12");
- is_function_output(test13, 1, "5 0 fatal\n", "test13");
+ is_function_output(test12, NULL, 0, "7 0 warning\n", "test12");
+ is_function_output(test13, NULL, 1, "5 0 fatal\n", "test13");
sprintf(buff, "%d", EPERM);
xasprintf(&output, "7 %d warning\n7 %d warning\n", EPERM, EPERM);
- is_function_output(test14, 0, output, "test14");
+ is_function_output(test14, NULL, 0, output, "test14");
free(output);
xasprintf(&output, "5 %d fatal\n5 %d fatal\n", EPERM, EPERM);
- is_function_output(test15, 10, output, "test15");
+ is_function_output(test15, NULL, 10, output, "test15");
free(output);
xasprintf(&output, "test16: warning: %s\n7 %d warning\n", strerror(EPERM),
EPERM);
- is_function_output(test16, 0, output, "test16");
+ is_function_output(test16, NULL, 0, output, "test16");
free(output);
- is_function_output(test17, 0, "notice\n", "test17");
- is_function_output(test18, 0, "test18: notice\n", "test18");
- is_function_output(test19, 0, "", "test19");
- is_function_output(test20, 0, "3 0 foo\n", "test20");
- is_function_output(test21, 0, "test23: baz\n", "test21");
+ is_function_output(test17, NULL, 0, "notice\n", "test17");
+ is_function_output(test18, NULL, 0, "test18: notice\n", "test18");
+ is_function_output(test19, NULL, 0, "", "test19");
+ is_function_output(test20, NULL, 0, "3 0 foo\n", "test20");
+ is_function_output(test21, NULL, 0, "test23: baz\n", "test21");
/* Make sure that it's possible to turn off a message type entirely. */
- is_function_output(test22, 1, "", "test22");
- is_function_output(test23, 0, "", "test23");
- is_function_output(test24, 0, "first\nthird\n", "test24");
+ is_function_output(test22, NULL, 1, "", "test22");
+ is_function_output(test23, NULL, 0, "", "test23");
+ is_function_output(test24, NULL, 0, "first\nthird\n", "test24");
return 0;
}
diff --git a/tests/util/xmalloc-t b/tests/util/xmalloc-t
index 02f54b5..b6c6dfd 100755
--- a/tests/util/xmalloc-t
+++ b/tests/util/xmalloc-t
@@ -2,14 +2,31 @@
#
# Test suite for xmalloc and friends.
#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
-# Copyright 2004, 2005, 2006
-# by Internet Systems Consortium, Inc. ("ISC")
-# Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003 by The Internet Software Consortium and Rich Salz
+# Copyright 2000, 2001, 2006 Russ Allbery <rra@stanford.edu>
+# Copyright 2008, 2009, 2010, 2012
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
#
-# See LICENSE for licensing terms.
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
. "$SOURCE/tap/libtap.sh"
cd "$BUILD/util"
@@ -24,18 +41,16 @@ ok_xmalloc () {
shift
w_output="$1"
shift
- output=`./xmalloc "$@" 2>&1`
+ output=`strip_colon_error ./xmalloc "$@" 2>&1`
status=$?
- if [ "$w_status" -ne 0 ] ; then
- output=`echo "$output" | sed 's/:.*//'`
- fi
if [ $status = $w_status ] && [ x"$output" = x"$w_output" ] ; then
ok "$desc" true
elif [ $status = 2 ] ; then
+ diag "$output"
skip "no data limit support"
else
- echo "# saw: ($status) $output"
- echo "# not: ($w_status) $w_output"
+ diag "saw: ($status) $output"
+ diag "not: ($w_status) $w_output"
ok "$desc" false
fi
}
@@ -53,75 +68,76 @@ plan 36
# First run the tests expected to succeed.
ok_xmalloc "malloc small" 0 "" "m" "21" "0"
-ok_xmalloc "malloc large" 0 "" "m" "3500000" "0"
+ok_xmalloc "malloc large" 0 "" "m" "5500000" "0"
ok_xmalloc "malloc zero" 0 "" "m" "0" "0"
ok_xmalloc "realloc small" 0 "" "r" "21" "0"
-ok_xmalloc "realloc large" 0 "" "r" "3500000" "0"
+ok_xmalloc "realloc large" 0 "" "r" "5500000" "0"
ok_xmalloc "strdup small" 0 "" "s" "21" "0"
-ok_xmalloc "strdup large" 0 "" "s" "3500000" "0"
+ok_xmalloc "strdup large" 0 "" "s" "5500000" "0"
ok_xmalloc "strndup small" 0 "" "n" "21" "0"
-ok_xmalloc "strndup large" 0 "" "n" "3500000" "0"
+ok_xmalloc "strndup large" 0 "" "n" "5500000" "0"
ok_xmalloc "calloc small" 0 "" "c" "24" "0"
-ok_xmalloc "calloc large" 0 "" "c" "3500000" "0"
+ok_xmalloc "calloc large" 0 "" "c" "5500000" "0"
ok_xmalloc "asprintf small" 0 "" "a" "24" "0"
-ok_xmalloc "asprintf large" 0 "" "a" "3500000" "0"
+ok_xmalloc "asprintf large" 0 "" "a" "5500000" "0"
ok_xmalloc "vasprintf small" 0 "" "v" "24" "0"
-ok_xmalloc "vasprintf large" 0 "" "v" "3500000" "0"
+ok_xmalloc "vasprintf large" 0 "" "v" "5500000" "0"
-# Now limit our memory to 3.5MB and then try the large ones again, all of
+# Now limit our memory to 5.5MB and then try the large ones again, all of
# which should fail.
#
# The exact memory limits used here are essentially black magic. They need to
# be large enough to allow the program to be loaded and do small allocations,
# but not so large that we can't reasonably expect to allocate that much
-# memory normally. 3.5MB seems to work reasonably well on both Solaris and
-# Linux.
+# memory normally. The amount of memory required varies a lot based on what
+# shared libraries are loaded, and if it's too small, all memory allocations
+# fail. 5.5MB seems to work reasonably well on both Solaris and Linux.
#
# We assume that there are enough miscellaneous allocations that an allocation
# exactly as large as the limit will always fail.
ok_xmalloc "malloc fail" 1 \
- "failed to malloc 3500000 bytes at xmalloc.c line 38" \
- "m" "3500000" "3500000"
+ "failed to malloc 5500000 bytes at xmalloc.c line 38" \
+ "m" "5500000" "5500000"
ok_xmalloc "realloc fail" 1 \
- "failed to realloc 3500000 bytes at xmalloc.c line 66" \
- "r" "3500000" "3500000"
+ "failed to realloc 5500000 bytes at xmalloc.c line 66" \
+ "r" "5500000" "5500000"
ok_xmalloc "strdup fail" 1 \
- "failed to strdup 3500000 bytes at xmalloc.c line 97" \
- "s" "3500000" "3500000"
+ "failed to strdup 5500000 bytes at xmalloc.c line 97" \
+ "s" "5500000" "5500000"
ok_xmalloc "strndup fail" 1 \
- "failed to strndup 3500000 bytes at xmalloc.c line 124" \
- "n" "3500000" "3500000"
+ "failed to strndup 5500000 bytes at xmalloc.c line 143" \
+ "n" "5500000" "5500000"
ok_xmalloc "calloc fail" 1 \
- "failed to calloc 3500000 bytes at xmalloc.c line 148" \
- "c" "3500000" "3500000"
+ "failed to calloc 5500000 bytes at xmalloc.c line 167" \
+ "c" "5500000" "5500000"
ok_xmalloc "asprintf fail" 1 \
- "failed to asprintf 3500000 bytes at xmalloc.c line 173" \
- "a" "3500000" "3500000"
+ "failed to asprintf 5500000 bytes at xmalloc.c line 191" \
+ "a" "5500000" "5500000"
ok_xmalloc "vasprintf fail" 1 \
- "failed to vasprintf 3500000 bytes at xmalloc.c line 193" \
- "v" "3500000" "3500000"
+ "failed to vasprintf 5500000 bytes at xmalloc.c line 210" \
+ "v" "5500000" "5500000"
# Check our custom error handler.
-ok_xmalloc "malloc custom" 1 "malloc 3500000 xmalloc.c 38" \
- "M" "3500000" "3500000"
-ok_xmalloc "realloc custom" 1 "realloc 3500000 xmalloc.c 66" \
- "R" "3500000" "3500000"
-ok_xmalloc "strdup custom" 1 "strdup 3500000 xmalloc.c 97" \
- "S" "3500000" "3500000"
-ok_xmalloc "strndup custom" 1 "strndup 3500000 xmalloc.c 124" \
- "N" "3500000" "3500000"
-ok_xmalloc "calloc custom" 1 "calloc 3500000 xmalloc.c 148" \
- "C" "3500000" "3500000"
-ok_xmalloc "asprintf custom" 1 "asprintf 3500000 xmalloc.c 173" \
- "A" "3500000" "3500000"
-ok_xmalloc "vasprintf custom" 1 "vasprintf 3500000 xmalloc.c 193" \
- "V" "3500000" "3500000"
+ok_xmalloc "malloc custom" 1 "malloc 5500000 xmalloc.c 38" \
+ "M" "5500000" "5500000"
+ok_xmalloc "realloc custom" 1 "realloc 5500000 xmalloc.c 66" \
+ "R" "5500000" "5500000"
+ok_xmalloc "strdup custom" 1 "strdup 5500000 xmalloc.c 97" \
+ "S" "5500000" "5500000"
+ok_xmalloc "strndup custom" 1 "strndup 5500000 xmalloc.c 143" \
+ "N" "5500000" "5500000"
+ok_xmalloc "calloc custom" 1 "calloc 5500000 xmalloc.c 167" \
+ "C" "5500000" "5500000"
+ok_xmalloc "asprintf custom" 1 "asprintf 5500000 xmalloc.c 191" \
+ "A" "5500000" "5500000"
+ok_xmalloc "vasprintf custom" 1 "vasprintf 5500000 xmalloc.c 210" \
+ "V" "5500000" "5500000"
# Check the smaller ones again just for grins.
-ok_xmalloc "malloc retry" 0 "" "m" "21" "3500000"
-ok_xmalloc "realloc retry" 0 "" "r" "32" "3500000"
-ok_xmalloc "strdup retry" 0 "" "s" "64" "3500000"
-ok_xmalloc "strndup retry" 0 "" "n" "20" "3500000"
-ok_xmalloc "calloc retry" 0 "" "c" "24" "3500000"
-ok_xmalloc "asprintf retry" 0 "" "a" "30" "3500000"
-ok_xmalloc "vasprintf retry" 0 "" "v" "35" "3500000"
+ok_xmalloc "malloc retry" 0 "" "m" "21" "5500000"
+ok_xmalloc "realloc retry" 0 "" "r" "32" "5500000"
+ok_xmalloc "strdup retry" 0 "" "s" "64" "5500000"
+ok_xmalloc "strndup retry" 0 "" "n" "20" "5500000"
+ok_xmalloc "calloc retry" 0 "" "c" "24" "5500000"
+ok_xmalloc "asprintf retry" 0 "" "a" "30" "5500000"
+ok_xmalloc "vasprintf retry" 0 "" "v" "35" "5500000"
diff --git a/tests/util/xmalloc.c b/tests/util/xmalloc.c
index b6f4564..394cab5 100644
--- a/tests/util/xmalloc.c
+++ b/tests/util/xmalloc.c
@@ -1,13 +1,30 @@
/*
* Test suite for xmalloc and family.
*
- * Copyright 2008 Board of Trustees, Leland Stanford Jr. University
- * Copyright 2004, 2005, 2006
- * by Internet Systems Consortium, Inc. ("ISC")
- * Copyright 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
- * 2003 by The Internet Software Consortium and Rich Salz
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
*
- * See LICENSE for licensing terms.
+ * Copyright 2000, 2001, 2006 Russ Allbery <rra@stanford.edu>
+ * Copyright 2008, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#line 1 "xmalloc.c"
@@ -62,9 +79,9 @@ test_malloc(size_t size)
/*
- * Allocate half the memory given, write to it, then reallocate to the desired
- * size, writing to the rest and then checking it all. Returns true on
- * success, false on any failure.
+ * Allocate 10 bytes of memory given, write to it, then reallocate to the
+ * desired size, writing to the rest and then checking it all. Returns true
+ * on success, false on any failure.
*/
static int
test_realloc(size_t size)
@@ -119,15 +136,34 @@ test_strdup(size_t size)
/*
* Generate a string of the size indicated plus some, call xstrndup on it, and
- * then ensure the result matches. Returns true on success, false on any
- * failure.
+ * then ensure the result matches. Also test xstrdup on a string that's
+ * shorter than the specified size and ensure that we don't copy too much, and
+ * on a string that's not nul-terminated. Returns true on success, false on
+ * any failure.
*/
static int
test_strndup(size_t size)
{
char *string, *copy;
- int match, toomuch;
+ int shortmatch, nonulmatch, match, toomuch;
+
+ /* Copy a short string. */
+ string = xmalloc(5);
+ memcpy(string, "test", 5);
+ copy = xstrndup(string, size);
+ shortmatch = strcmp(string, copy);
+ free(string);
+ free(copy);
+ /* Copy a string that's not nul-terminated. */
+ string = xmalloc(4);
+ memcpy(string, "test", 4);
+ copy = xstrndup(string, 4);
+ nonulmatch = strcmp(copy, "test");
+ free(string);
+ free(copy);
+
+ /* Now the test of running out of memory. */
string = xmalloc(size + 1);
if (string == NULL)
return 0;
@@ -141,7 +177,7 @@ test_strndup(size_t size)
toomuch = strcmp(string, copy);
free(string);
free(copy);
- return (match == 0 && toomuch != 0);
+ return (shortmatch == 0 && nonulmatch == 0 && match == 0 && toomuch != 0);
}
@@ -177,13 +213,12 @@ static int
test_asprintf(size_t size)
{
char *copy, *string;
- int status;
size_t i;
string = xmalloc(size);
memset(string, 42, size - 1);
string[size - 1] = '\0';
- status = xasprintf(&copy, "%s", string);
+ xasprintf(&copy, "%s", string);
free(string);
for (i = 0; i < size - 1; i++)
if (copy[i] != 42)
@@ -196,16 +231,14 @@ test_asprintf(size_t size)
/* Wrapper around vasprintf to do the va_list stuff. */
-static int
+static void
xvasprintf_wrapper(char **strp, const char *format, ...)
{
va_list args;
- int status;
va_start(args, format);
- status = xvasprintf(strp, format, args);
+ xvasprintf(strp, format, args);
va_end(args);
- return status;
}
@@ -217,13 +250,12 @@ static int
test_vasprintf(size_t size)
{
char *copy, *string;
- int status;
size_t i;
string = xmalloc(size);
memset(string, 42, size - 1);
string[size - 1] = '\0';
- status = xvasprintf_wrapper(&copy, "%s", string);
+ xvasprintf_wrapper(&copy, "%s", string);
free(string);
for (i = 0; i < size - 1; i++)
if (copy[i] != 42)
@@ -300,8 +332,8 @@ main(int argc, char *argv[])
if (size < limit || code == 'r') {
tmp = malloc(code == 'r' ? 10 : size);
if (tmp == NULL) {
- syswarn("Can't allocate initial memory of %lu",
- (unsigned long) size);
+ syswarn("Can't allocate initial memory of %lu (limit %lu)",
+ (unsigned long) size, (unsigned long) limit);
exit(2);
}
free(tmp);
diff --git a/util/concat.c b/util/concat.c
deleted file mode 100644
index bdbd836..0000000
--- a/util/concat.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Concatenate strings with dynamic memory allocation.
- *
- * Usage:
- *
- * string = concat(string1, string2, ..., (char *) 0);
- * path = concatpath(base, name);
- *
- * Dynamically allocates (using xmalloc) sufficient memory to hold all of the
- * strings given and then concatenates them together into that allocated
- * memory, returning a pointer to it. Caller is responsible for freeing.
- * Assumes xmalloc is available. The last argument must be a null pointer (to
- * a char *, if you actually find a platform where it matters).
- *
- * concatpath is similar, except that it only takes two arguments. If the
- * second argument begins with / or ./, a copy of it is returned; otherwise,
- * the first argument, a slash, and the second argument are concatenated
- * together and returned. This is useful for building file names where names
- * that aren't fully qualified are qualified with some particular directory.
- *
- * Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
- */
-
-#include <config.h>
-#include <portable/system.h>
-
-#include <util/concat.h>
-#include <util/xmalloc.h>
-
-/* Abbreviation for cleaner code. */
-#define VA_NEXT(var, type) ((var) = (type) va_arg(args, type))
-
-
-/*
- * Concatenate all of the arguments into a newly allocated string. ANSI C
- * requires at least one named parameter, but it's not treated any different
- * than the rest.
- */
-char *
-concat(const char *first, ...)
-{
- va_list args;
- char *result, *p;
- const char *string;
- size_t length = 0;
-
- /* Find the total memory required. */
- va_start(args, first);
- for (string = first; string != NULL; VA_NEXT(string, const char *))
- length += strlen(string);
- va_end(args);
- length++;
-
- /*
- * Create the string. Doing the copy ourselves avoids useless string
- * traversals of result, if using strcat, or string, if using strlen to
- * increment a pointer into result, at the cost of losing the native
- * optimization of strcat if any.
- */
- result = xmalloc(length);
- p = result;
- va_start(args, first);
- for (string = first; string != NULL; VA_NEXT(string, const char *))
- while (*string != '\0')
- *p++ = *string++;
- va_end(args);
- *p = '\0';
-
- return result;
-}
-
-
-/*
- * Concatenate name with base, unless name begins with / or ./. Return the
- * new string in newly allocated memory.
- */
-char *
-concatpath(const char *base, const char *name)
-{
- if (name[0] == '/' || (name[0] == '.' && name[1] == '/'))
- return xstrdup(name);
- else
- return concat(base != NULL ? base : ".", "/", name, (char *) 0);
-}
diff --git a/util/concat.h b/util/concat.h
deleted file mode 100644
index ef8b38d..0000000
--- a/util/concat.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Prototypes for string concatenation with dynamic memory allocation.
- *
- * Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
- */
-
-#ifndef UTIL_CONCAT_H
-#define UTIL_CONCAT_H 1
-
-#include <config.h>
-#include <portable/macros.h>
-
-BEGIN_DECLS
-
-/* Default to a hidden visibility for all util functions. */
-#pragma GCC visibility push(hidden)
-
-/* Concatenate NULL-terminated strings into a newly allocated string. */
-char *concat(const char *first, ...)
- __attribute__((__malloc__, __nonnull__(1)));
-
-/*
- * Given a base path and a file name, create a newly allocated path string.
- * The name will be appended to base with a / between them. Exceptionally, if
- * name begins with a slash, it will be strdup'd and returned as-is.
- */
-char *concatpath(const char *base, const char *name)
- __attribute__((__malloc__, __nonnull__(2)));
-
-/* Undo default visibility change. */
-#pragma GCC visibility pop
-
-END_DECLS
-
-#endif /* UTIL_CONCAT_H */
diff --git a/util/macros.h b/util/macros.h
index 0104d9f..54faee5 100644
--- a/util/macros.h
+++ b/util/macros.h
@@ -1,8 +1,18 @@
/*
* Some standard helpful macros.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
- * This work is hereby placed in the public domain by its author.
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
*/
#ifndef UTIL_MACROS_H
@@ -10,6 +20,15 @@
#include <portable/macros.h>
+/*
+ * Used for iterating through arrays. ARRAY_SIZE returns the number of
+ * elements in the array (useful for a < upper bound in a for loop) and
+ * ARRAY_END returns a pointer to the element past the end (ISO C99 makes it
+ * legal to refer to such a pointer as long as it's never dereferenced).
+ */
+#define ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
+#define ARRAY_END(array) (&(array)[ARRAY_SIZE(array)])
+
/* Used for unused parameters to silence gcc warnings. */
#define UNUSED __attribute__((__unused__))
diff --git a/util/messages-krb5.c b/util/messages-krb5.c
index 7f35d29..23fd56a 100644
--- a/util/messages-krb5.c
+++ b/util/messages-krb5.c
@@ -1,15 +1,34 @@
/*
- * Error handling for Kerberos v5.
+ * Error handling for Kerberos.
*
* Provides versions of die and warn that take a Kerberos context and a
* Kerberos error code and append the Kerberos error message to the provided
* formatted message.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
* Copyright 2006, 2007, 2008, 2009, 2010
- * Board of Trustees, Leland Stanford Jr. University
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
*
- * See LICENSE for licensing terms.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#include <config.h>
@@ -32,12 +51,15 @@ die_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...)
char *message;
va_list args;
- k5_msg = krb5_get_error_message(ctx, code);
+ if (ctx != NULL)
+ k5_msg = krb5_get_error_message(ctx, code);
va_start(args, format);
- if (xvasprintf(&message, format, args) < 0)
- die("internal error: unable to format error message");
+ xvasprintf(&message, format, args);
va_end(args);
- die("%s: %s", message, k5_msg);
+ if (k5_msg == NULL)
+ die("%s", message);
+ else
+ die("%s: %s", message, k5_msg);
}
@@ -51,12 +73,16 @@ warn_krb5(krb5_context ctx, krb5_error_code code, const char *format, ...)
char *message;
va_list args;
- k5_msg = krb5_get_error_message(ctx, code);
+ if (ctx != NULL)
+ k5_msg = krb5_get_error_message(ctx, code);
va_start(args, format);
- if (xvasprintf(&message, format, args) < 0)
- die("internal error: unable to format error message");
+ xvasprintf(&message, format, args);
va_end(args);
- warn("%s: %s", message, k5_msg);
+ if (k5_msg == NULL)
+ warn("%s", message);
+ else
+ warn("%s: %s", message, k5_msg);
free(message);
- krb5_free_error_message(ctx, k5_msg);
+ if (k5_msg != NULL)
+ krb5_free_error_message(ctx, k5_msg);
}
diff --git a/util/messages-krb5.h b/util/messages-krb5.h
index 3b763c8..a61d7cd 100644
--- a/util/messages-krb5.h
+++ b/util/messages-krb5.h
@@ -1,11 +1,30 @@
/*
* Prototypes for error handling for Kerberos.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
* Written by Russ Allbery <rra@stanford.edu>
* Copyright 2006, 2007, 2008, 2009, 2010
- * Board of Trustees, Leland Stanford Jr. University
+ * The Board of Trustees of the Leland Stanford Junior University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
*
- * See LICENSE for licensing terms.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
*/
#ifndef UTIL_MESSAGES_KRB5_H
diff --git a/util/messages.c b/util/messages.c
index 3592692..52fcfb7 100644
--- a/util/messages.c
+++ b/util/messages.c
@@ -50,13 +50,31 @@
* generates given the format and arguments), a format, an argument list as a
* va_list, and the applicable errno value (if any).
*
- * Copyright 2008 Board of Trustees, Leland Stanford Jr. University
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Written by Russ Allbery <rra@stanford.edu>
+ * Copyright 2008, 2009, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
* Copyright (c) 2004, 2005, 2006
* by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
* 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * This code is derived from software contributed to the Internet Software
+ * Consortium by Rich Salz.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
*/
#include <config.h>
@@ -189,8 +207,8 @@ message_log_syslog(int pri, size_t len, const char *fmt, va_list args, int err)
buffer = malloc(len + 1);
if (buffer == NULL) {
- fprintf(stderr, "failed to malloc %u bytes at %s line %d: %s",
- len + 1, __FILE__, __LINE__, strerror(errno));
+ fprintf(stderr, "failed to malloc %lu bytes at %s line %d: %s",
+ (unsigned long) len + 1, __FILE__, __LINE__, strerror(errno));
exit(message_fatal_cleanup ? (*message_fatal_cleanup)() : 1);
}
vsnprintf(buffer, len + 1, fmt, args);
diff --git a/util/messages.h b/util/messages.h
index dbdb256..463137c 100644
--- a/util/messages.h
+++ b/util/messages.h
@@ -1,13 +1,30 @@
/*
* Prototypes for message and error reporting (possibly fatal).
*
- * Copyright 2008, 2010 Board of Trustees, Leland Stanford Jr. University
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Copyright 2008, 2010
+ * The Board of Trustees of the Leland Stanford Junior University
* Copyright (c) 2004, 2005, 2006
* by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
* 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * This code is derived from software contributed to the Internet Software
+ * Consortium by Rich Salz.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef UTIL_MESSAGES_H
@@ -60,21 +77,21 @@ void message_handlers_die(unsigned int count, ...);
* argument list, and the errno setting if any.
*/
void message_log_stdout(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_stderr(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_syslog_debug(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_syslog_info(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_syslog_notice(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_syslog_warning(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_syslog_err(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
void message_log_syslog_crit(size_t, const char *, va_list, int)
- __attribute((__nonnull__));
+ __attribute__((__nonnull__));
/* The type of a message handler. */
typedef void (*message_handler_func)(size_t, const char *, va_list, int);
diff --git a/util/xmalloc.c b/util/xmalloc.c
index 4e05f96..a78e31a 100644
--- a/util/xmalloc.c
+++ b/util/xmalloc.c
@@ -55,12 +55,30 @@
* header file defines macros named xmalloc, etc. that pass the file name and
* line number to these functions.
*
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Copyright 2012
+ * The Board of Trustees of the Leland Stanford Junior University
* Copyright (c) 2004, 2005, 2006
* by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
* 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * This code is derived from software contributed to the Internet Software
+ * Consortium by Rich Salz.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
*/
#include <config.h>
@@ -149,23 +167,34 @@ x_strdup(const char *s, const char *file, int line)
}
+/*
+ * Avoid using the system strndup function since it may not exist (on Mac OS
+ * X, for example), and there's no need to introduce another portability
+ * requirement.
+ */
char *
x_strndup(const char *s, size_t size, const char *file, int line)
{
- char *p;
+ const char *p;
+ size_t length;
+ char *copy;
- p = malloc(size + 1);
- while (p == NULL) {
- (*xmalloc_error_handler)("strndup", size + 1, file, line);
- p = malloc(size + 1);
+ /* Don't assume that the source string is nul-terminated. */
+ for (p = s; (size_t) (p - s) < size && *p != '\0'; p++)
+ ;
+ length = p - s;
+ copy = malloc(length + 1);
+ while (copy == NULL) {
+ (*xmalloc_error_handler)("strndup", length + 1, file, line);
+ copy = malloc(length + 1);
}
- memcpy(p, s, size);
- p[size] = '\0';
- return p;
+ memcpy(copy, s, length);
+ copy[length] = '\0';
+ return copy;
}
-int
+void
x_vasprintf(char **strp, const char *fmt, va_list args, const char *file,
int line)
{
@@ -175,7 +204,7 @@ x_vasprintf(char **strp, const char *fmt, va_list args, const char *file,
va_copy(args_copy, args);
status = vasprintf(strp, fmt, args_copy);
va_end(args_copy);
- while (status < 0 && errno == ENOMEM) {
+ while (status < 0) {
va_copy(args_copy, args);
status = vsnprintf(NULL, 0, fmt, args_copy);
va_end(args_copy);
@@ -184,12 +213,11 @@ x_vasprintf(char **strp, const char *fmt, va_list args, const char *file,
status = vasprintf(strp, fmt, args_copy);
va_end(args_copy);
}
- return status;
}
#if HAVE_C99_VAMACROS || HAVE_GNU_VAMACROS
-int
+void
x_asprintf(char **strp, const char *file, int line, const char *fmt, ...)
{
va_list args, args_copy;
@@ -199,7 +227,7 @@ x_asprintf(char **strp, const char *file, int line, const char *fmt, ...)
va_copy(args_copy, args);
status = vasprintf(strp, fmt, args_copy);
va_end(args_copy);
- while (status < 0 && errno == ENOMEM) {
+ while (status < 0) {
va_copy(args_copy, args);
status = vsnprintf(NULL, 0, fmt, args_copy);
va_end(args_copy);
@@ -208,10 +236,9 @@ x_asprintf(char **strp, const char *file, int line, const char *fmt, ...)
status = vasprintf(strp, fmt, args_copy);
va_end(args_copy);
}
- return status;
}
#else /* !(HAVE_C99_VAMACROS || HAVE_GNU_VAMACROS) */
-int
+void
x_asprintf(char **strp, const char *fmt, ...)
{
va_list args, args_copy;
@@ -221,7 +248,7 @@ x_asprintf(char **strp, const char *fmt, ...)
va_copy(args_copy, args);
status = vasprintf(strp, fmt, args_copy);
va_end(args_copy);
- while (status < 0 && errno == ENOMEM) {
+ while (status < 0) {
va_copy(args_copy, args);
status = vsnprintf(NULL, 0, fmt, args_copy);
va_end(args_copy);
@@ -230,6 +257,5 @@ x_asprintf(char **strp, const char *fmt, ...)
status = vasprintf(strp, fmt, args_copy);
va_end(args_copy);
}
- return status;
}
#endif /* !(HAVE_C99_VAMACROS || HAVE_GNU_VAMACROS) */
diff --git a/util/xmalloc.h b/util/xmalloc.h
index 657a6bb..55a0b91 100644
--- a/util/xmalloc.h
+++ b/util/xmalloc.h
@@ -1,13 +1,30 @@
/*
* Prototypes for malloc routines with failure handling.
*
- * Copyright 2010 Board of Trustees, Leland Stanford Jr. University
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Copyright 2010, 2012
+ * The Board of Trustees of the Leland Stanford Junior University
* Copyright (c) 2004, 2005, 2006
* by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
* 2002, 2003 by The Internet Software Consortium and Rich Salz
*
- * See LICENSE for licensing terms.
+ * This code is derived from software contributed to the Internet Software
+ * Consortium by Rich Salz.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef UTIL_XMALLOC_H
@@ -67,15 +84,15 @@ char *x_strdup(const char *, const char *, int)
__attribute__((__malloc__, __nonnull__));
char *x_strndup(const char *, size_t, const char *, int)
__attribute__((__malloc__, __nonnull__));
-int x_vasprintf(char **, const char *, va_list, const char *, int)
+void x_vasprintf(char **, const char *, va_list, const char *, int)
__attribute__((__nonnull__));
/* asprintf special case. */
#if HAVE_C99_VAMACROS || HAVE_GNU_VAMACROS
-int x_asprintf(char **, const char *, int, const char *, ...)
+void x_asprintf(char **, const char *, int, const char *, ...)
__attribute__((__nonnull__, __format__(printf, 4, 5)));
#else
-int x_asprintf(char **, const char *, ...)
+void x_asprintf(char **, const char *, ...)
__attribute__((__nonnull__, __format__(printf, 2, 3)));
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 20:08:03 +0000